From b489a339c74b17a4f6aff79f1a129a8e9dcce61b Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 17 Oct 2024 10:41:38 -0400 Subject: [PATCH 1/6] 10/16/2024 CloudFormation schemas in us-east-1; Refresh existing schemas. --- .../AWS_AmplifyUIBuilder_Component.json | 6 +- .../schemas/AWS_AmplifyUIBuilder_Form.json | 13 +- .../schemas/AWS_AmplifyUIBuilder_Theme.json | 6 +- .../schemas/AWS_AppConfig_Application.json | 10 +- .../AWS_AppConfig_ConfigurationProfile.json | 6 +- .../schemas/AWS_AppConfig_Environment.json | 6 +- .../schemas/AWS_AppConfig_Extension.json | 19 +- .../AWS_AppConfig_ExtensionAssociation.json | 19 +- .../schemas/AWS_AppFlow_Connector.json | 2 +- .../AWS_AppIntegrations_Application.json | 6 +- .../AWS_AppIntegrations_DataIntegration.json | 6 +- .../AWS_AppIntegrations_EventIntegration.json | 6 +- .../schemas/AWS_B2BI_Capability.json | 17 +- .../schemas/AWS_B2BI_Partnership.json | 159 +- .../schemas/AWS_B2BI_Profile.json | 7 +- .../schemas/AWS_B2BI_Transformer.json | 160 +- .../schemas/AWS_Cassandra_Keyspace.json | 13 + .../schemas/AWS_Cassandra_Table.json | 13 + .../schemas/AWS_CodePipeline_Pipeline.json | 27 +- .../schemas/AWS_Cognito_UserPool.json | 3 +- .../schemas/AWS_Connect_ContactFlow.json | 7 +- .../AWS_Connect_ContactFlowModule.json | 7 +- .../schemas/AWS_Connect_EvaluationForm.json | 7 +- .../schemas/AWS_ControlTower_LandingZone.json | 5 + .../schemas/AWS_DataBrew_Dataset.json | 13 +- .../schemas/AWS_DataBrew_Job.json | 13 +- .../schemas/AWS_DataBrew_Project.json | 13 +- .../schemas/AWS_DataBrew_Recipe.json | 13 +- .../schemas/AWS_DataBrew_Ruleset.json | 13 +- .../schemas/AWS_DataBrew_Schedule.json | 13 +- .../schemas/AWS_DataSync_StorageSystem.json | 7 +- .../schemas/AWS_EC2_FlowLog.json | 6 +- .../cloudformation/schemas/AWS_EC2_IPAM.json | 6 +- .../schemas/AWS_EC2_IPAMPool.json | 6 +- .../AWS_EC2_IPAMResourceDiscovery.json | 6 +- ..._EC2_IPAMResourceDiscoveryAssociation.json | 6 +- .../schemas/AWS_EC2_IPAMScope.json | 6 +- .../schemas/AWS_EC2_NatGateway.json | 7 +- .../AWS_EC2_TransitGatewayRouteTable.json | 17 +- .../cloudformation/schemas/AWS_EC2_VPC.json | 2 +- ...EC2_VPCEndpointConnectionNotification.json | 104 +- .../schemas/AWS_EC2_VPCEndpointService.json | 6 +- ...AWS_EC2_VPCEndpointServicePermissions.json | 60 +- .../schemas/AWS_EC2_VPNConnection.json | 300 +- .../schemas/AWS_ECS_Cluster.json | 11 +- .../schemas/AWS_ECS_Service.json | 3 + .../schemas/AWS_ECS_TaskSet.json | 290 +- .../schemas/AWS_EKS_Cluster.json | 27 +- .../schemas/AWS_EMR_WALWorkspace.json | 7 +- .../AWS_ElastiCache_ParameterGroup.json | 4 +- .../AWS_ElasticLoadBalancingV2_Listener.json | 18 +- ...S_ElasticLoadBalancingV2_ListenerRule.json | 12 + ...WS_ElasticLoadBalancingV2_TargetGroup.json | 7 +- .../schemas/AWS_Glue_Registry.json | 15 +- .../schemas/AWS_Glue_Schema.json | 16 +- .../schemas/AWS_GuardDuty_Detector.json | 15 +- .../schemas/AWS_GuardDuty_Filter.json | 18 +- .../schemas/AWS_GuardDuty_IPSet.json | 15 +- .../AWS_GuardDuty_MalwareProtectionPlan.json | 8 +- .../schemas/AWS_GuardDuty_ThreatIntelSet.json | 14 +- .../schemas/AWS_IAM_OIDCProvider.json | 8 +- .../cloudformation/schemas/AWS_IAM_Role.json | 4 +- .../schemas/AWS_IAM_SAMLProvider.json | 8 +- .../schemas/AWS_IAM_ServerCertificate.json | 8 +- ...geBuilder_InfrastructureConfiguration.json | 292 +- .../schemas/AWS_IoTEvents_AlarmModel.json | 195 +- .../schemas/AWS_IoTEvents_DetectorModel.json | 214 +- .../schemas/AWS_IoTEvents_Input.json | 32 +- .../AWS_IoTFleetWise_SignalCatalog.json | 7 +- .../AWS_IoTTwinMaker_ComponentType.json | 7 +- .../schemas/AWS_IoTTwinMaker_Entity.json | 7 +- .../schemas/AWS_IoTTwinMaker_Scene.json | 7 +- .../schemas/AWS_IoTTwinMaker_SyncJob.json | 7 +- .../schemas/AWS_IoTTwinMaker_Workspace.json | 7 +- .../schemas/AWS_IoT_DomainConfiguration.json | 33 + .../schemas/AWS_Kinesis_Stream.json | 6 + ...WS_LakeFormation_PrincipalPermissions.json | 5 +- .../schemas/AWS_LakeFormation_Tag.json | 2 +- .../AWS_Lambda_EventSourceMapping.json | 726 ++--- .../schemas/AWS_Lightsail_Bucket.json | 12 +- .../schemas/AWS_Lightsail_Certificate.json | 12 +- .../schemas/AWS_Lightsail_Container.json | 12 +- .../schemas/AWS_Lightsail_Database.json | 12 +- .../schemas/AWS_Lightsail_Disk.json | 12 +- .../schemas/AWS_Lightsail_LoadBalancer.json | 12 +- .../schemas/AWS_Location_PlaceIndex.json | 6 +- .../schemas/AWS_MSK_Cluster.json | 7 +- .../schemas/AWS_MSK_VpcConnection.json | 7 +- .../AWS_MediaPackage_OriginEndpoint.json | 13 +- .../schemas/AWS_MemoryDB_ACL.json | 13 +- .../schemas/AWS_MemoryDB_ParameterGroup.json | 13 +- .../schemas/AWS_MemoryDB_SubnetGroup.json | 13 +- .../schemas/AWS_MemoryDB_User.json | 13 +- .../AWS_NetworkFirewall_FirewallPolicy.json | 509 ++-- .../schemas/AWS_Organizations_Account.json | 7 +- .../AWS_Organizations_OrganizationalUnit.json | 7 +- .../schemas/AWS_Organizations_Policy.json | 12 +- .../AWS_Organizations_ResourcePolicy.json | 7 +- .../schemas/AWS_Pinpoint_InAppTemplate.json | 16 +- .../schemas/AWS_QBusiness_WebExperience.json | 15 + .../schemas/AWS_QLDB_Stream.json | 12 +- .../schemas/AWS_QuickSight_DataSource.json | 1451 ++++----- .../schemas/AWS_RDS_DBCluster.json | 880 +++--- .../schemas/AWS_RDS_DBInstance.json | 2 +- .../schemas/AWS_RDS_DBSubnetGroup.json | 15 +- .../schemas/AWS_RefactorSpaces_Route.json | 20 +- .../AWS_Route53RecoveryReadiness_Cell.json | 13 +- ...ute53RecoveryReadiness_ReadinessCheck.json | 13 +- ...oute53RecoveryReadiness_RecoveryGroup.json | 13 +- ..._Route53RecoveryReadiness_ResourceSet.json | 13 +- .../AWS_Route53Resolver_ResolverRule.json | 16 +- .../AWS_S3Express_DirectoryBucket.json | 212 +- .../cloudformation/schemas/AWS_S3_Bucket.json | 2614 +++++++++-------- .../cloudformation/schemas/AWS_SQS_Queue.json | 12 +- ...WS_SSMQuickSetup_ConfigurationManager.json | 2 +- .../AWS_SecurityHub_AutomationRule.json | 8 +- .../AWS_SecurityHub_FindingAggregator.json | 2 +- .../schemas/AWS_SecurityLake_DataLake.json | 9 +- .../schemas/AWS_SecurityLake_Subscriber.json | 8 +- .../AWS_WorkSpacesThinClient_Environment.json | 7 +- .../AWS_WorkSpacesWeb_BrowserSettings.json | 13 +- .../AWS_WorkSpacesWeb_IdentityProvider.json | 45 +- .../AWS_WorkSpacesWeb_IpAccessSettings.json | 13 +- .../AWS_WorkSpacesWeb_NetworkSettings.json | 7 +- .../schemas/AWS_WorkSpacesWeb_Portal.json | 13 +- .../schemas/AWS_WorkSpacesWeb_TrustStore.json | 7 +- ...rkSpacesWeb_UserAccessLoggingSettings.json | 7 +- .../AWS_WorkSpacesWeb_UserSettings.json | 17 +- 128 files changed, 5487 insertions(+), 3889 deletions(-) diff --git a/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Component.json b/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Component.json index a1391efd9a..375c1ed7bb 100644 --- a/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Component.json +++ b/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Component.json @@ -576,7 +576,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" + ] }, "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplifyuibuilder", "additionalProperties": false diff --git a/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Form.json b/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Form.json index 5c8471a650..4d61106ce5 100644 --- a/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Form.json +++ b/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Form.json @@ -536,15 +536,13 @@ "amplify:GetApp", "amplifyuibuilder:CreateForm", "amplifyuibuilder:GetForm", - "amplifyuibuilder:TagResource", - "amplifyuibuilder:UntagResource" + "amplifyuibuilder:TagResource" ] }, "read": { "permissions": [ "amplify:GetApp", - "amplifyuibuilder:GetForm", - "amplifyuibuilder:TagResource" + "amplifyuibuilder:GetForm" ] }, "update": { @@ -560,7 +558,6 @@ "permissions": [ "amplify:GetApp", "amplifyuibuilder:DeleteForm", - "amplifyuibuilder:TagResource", "amplifyuibuilder:UntagResource" ] }, @@ -590,7 +587,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" + ] }, "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplifyuibuilder", "additionalProperties": false diff --git a/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Theme.json b/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Theme.json index fe6cccc908..66e221641e 100644 --- a/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Theme.json +++ b/internal/service/cloudformation/schemas/AWS_AmplifyUIBuilder_Theme.json @@ -151,7 +151,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" + ] }, "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplifyuibuilder", "additionalProperties": false diff --git a/internal/service/cloudformation/schemas/AWS_AppConfig_Application.json b/internal/service/cloudformation/schemas/AWS_AppConfig_Application.json index aff8a44bbf..46e8f661f5 100644 --- a/internal/service/cloudformation/schemas/AWS_AppConfig_Application.json +++ b/internal/service/cloudformation/schemas/AWS_AppConfig_Application.json @@ -12,8 +12,7 @@ "type": "string", "description": "The key-value string map. The valid character set is [a-zA-Z1-9 +-=._:/-]. The tag key can be up to 128 characters and must not start with aws:.", "minLength": 1, - "maxLength": 128, - "pattern": "" + "maxLength": 128 }, "Value": { "type": "string", @@ -100,6 +99,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_AppConfig_ConfigurationProfile.json b/internal/service/cloudformation/schemas/AWS_AppConfig_ConfigurationProfile.json index c9cb734245..c874b81956 100644 --- a/internal/service/cloudformation/schemas/AWS_AppConfig_ConfigurationProfile.json +++ b/internal/service/cloudformation/schemas/AWS_AppConfig_ConfigurationProfile.json @@ -1,6 +1,11 @@ { "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig", "tagging": { + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], "taggable": true, "tagOnCreate": true, "tagUpdatable": true, @@ -99,7 +104,6 @@ }, "Key": { "minLength": 1, - "pattern": "", "description": "The key-value string map. The tag key can be up to 128 characters and must not start with aws:.", "type": "string", "maxLength": 128 diff --git a/internal/service/cloudformation/schemas/AWS_AppConfig_Environment.json b/internal/service/cloudformation/schemas/AWS_AppConfig_Environment.json index bfd106eaeb..5b936e9497 100644 --- a/internal/service/cloudformation/schemas/AWS_AppConfig_Environment.json +++ b/internal/service/cloudformation/schemas/AWS_AppConfig_Environment.json @@ -1,6 +1,11 @@ { "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig.git", "tagging": { + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], "taggable": true, "tagOnCreate": true, "tagUpdatable": true, @@ -111,7 +116,6 @@ }, "Key": { "minLength": 1, - "pattern": "", "description": "The key-value string map. The valid character set is [a-zA-Z1-9+-=._:/]. The tag key can be up to 128 characters and must not start with aws:.", "type": "string", "maxLength": 128 diff --git a/internal/service/cloudformation/schemas/AWS_AppConfig_Extension.json b/internal/service/cloudformation/schemas/AWS_AppConfig_Extension.json index 50873be984..e9916cdf75 100644 --- a/internal/service/cloudformation/schemas/AWS_AppConfig_Extension.json +++ b/internal/service/cloudformation/schemas/AWS_AppConfig_Extension.json @@ -167,13 +167,6 @@ "primaryIdentifier": [ "/properties/Id" ], - "tagging": { - "taggable": true, - "tagOnCreate": true, - "tagUpdatable": true, - "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" - }, "handlers": { "create": { "permissions": [ @@ -205,5 +198,17 @@ "appconfig:ListExtensions" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_AppConfig_ExtensionAssociation.json b/internal/service/cloudformation/schemas/AWS_AppConfig_ExtensionAssociation.json index da8b4ca01d..3ce1986c49 100644 --- a/internal/service/cloudformation/schemas/AWS_AppConfig_ExtensionAssociation.json +++ b/internal/service/cloudformation/schemas/AWS_AppConfig_ExtensionAssociation.json @@ -93,13 +93,6 @@ "primaryIdentifier": [ "/properties/Id" ], - "tagging": { - "taggable": true, - "tagOnCreate": true, - "tagUpdatable": true, - "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" - }, "handlers": { "create": { "permissions": [ @@ -130,5 +123,17 @@ "appconfig:ListExtensionAssociations" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_AppFlow_Connector.json b/internal/service/cloudformation/schemas/AWS_AppFlow_Connector.json index 9825088184..58db1af811 100644 --- a/internal/service/cloudformation/schemas/AWS_AppFlow_Connector.json +++ b/internal/service/cloudformation/schemas/AWS_AppFlow_Connector.json @@ -13,7 +13,7 @@ "ConnectorArn": { "description": " The arn of the connector. The arn is unique for each ConnectorRegistration in your AWS account.", "type": "string", - "pattern": "arn:*:appflow:.*:[0-9]+:.*", + "pattern": "arn:.*:appflow:.*:[0-9]+:.*", "maxLength": 512 }, "ConnectorProvisioningType": { diff --git a/internal/service/cloudformation/schemas/AWS_AppIntegrations_Application.json b/internal/service/cloudformation/schemas/AWS_AppIntegrations_Application.json index e5dc7002b5..5da5819a79 100644 --- a/internal/service/cloudformation/schemas/AWS_AppIntegrations_Application.json +++ b/internal/service/cloudformation/schemas/AWS_AppIntegrations_Application.json @@ -144,7 +144,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "app-integrations:TagResource", + "app-integrations:UntagResource" + ] }, "readOnlyProperties": [ "/properties/ApplicationArn", diff --git a/internal/service/cloudformation/schemas/AWS_AppIntegrations_DataIntegration.json b/internal/service/cloudformation/schemas/AWS_AppIntegrations_DataIntegration.json index d69cde0f87..316ffec179 100644 --- a/internal/service/cloudformation/schemas/AWS_AppIntegrations_DataIntegration.json +++ b/internal/service/cloudformation/schemas/AWS_AppIntegrations_DataIntegration.json @@ -189,7 +189,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "app-integrations:TagResource", + "app-integrations:UntagResource" + ] }, "additionalProperties": false, "required": [ diff --git a/internal/service/cloudformation/schemas/AWS_AppIntegrations_EventIntegration.json b/internal/service/cloudformation/schemas/AWS_AppIntegrations_EventIntegration.json index d449e6b4b7..af2466311c 100644 --- a/internal/service/cloudformation/schemas/AWS_AppIntegrations_EventIntegration.json +++ b/internal/service/cloudformation/schemas/AWS_AppIntegrations_EventIntegration.json @@ -114,7 +114,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "app-integrations:TagResource", + "app-integrations:UntagResource" + ] }, "additionalProperties": false, "required": [ diff --git a/internal/service/cloudformation/schemas/AWS_B2BI_Capability.json b/internal/service/cloudformation/schemas/AWS_B2BI_Capability.json index b2e2c04899..d4aad174c5 100644 --- a/internal/service/cloudformation/schemas/AWS_B2BI_Capability.json +++ b/internal/service/cloudformation/schemas/AWS_B2BI_Capability.json @@ -19,6 +19,13 @@ } ] }, + "CapabilityDirection": { + "type": "string", + "enum": [ + "INBOUND", + "OUTBOUND" + ] + }, "CapabilityType": { "type": "string", "enum": [ @@ -28,6 +35,9 @@ "EdiConfiguration": { "type": "object", "properties": { + "CapabilityDirection": { + "$ref": "#/definitions/CapabilityDirection" + }, "Type": { "$ref": "#/definitions/EdiType" }, @@ -322,7 +332,12 @@ "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, - "taggable": true + "taggable": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ] }, "additionalProperties": false } diff --git a/internal/service/cloudformation/schemas/AWS_B2BI_Partnership.json b/internal/service/cloudformation/schemas/AWS_B2BI_Partnership.json index 1511abf38d..1c07fba421 100644 --- a/internal/service/cloudformation/schemas/AWS_B2BI_Partnership.json +++ b/internal/service/cloudformation/schemas/AWS_B2BI_Partnership.json @@ -2,6 +2,32 @@ "typeName": "AWS::B2BI::Partnership", "description": "Definition of AWS::B2BI::Partnership Resource Type", "definitions": { + "CapabilityOptions": { + "type": "object", + "properties": { + "OutboundEdi": { + "$ref": "#/definitions/OutboundEdiOptions" + } + }, + "additionalProperties": false + }, + "OutboundEdiOptions": { + "oneOf": [ + { + "type": "object", + "title": "X12", + "properties": { + "X12": { + "$ref": "#/definitions/X12Envelope" + } + }, + "required": [ + "X12" + ], + "additionalProperties": false + } + ] + }, "Tag": { "type": "object", "properties": { @@ -21,6 +47,128 @@ "Value" ], "additionalProperties": false + }, + "X12Delimiters": { + "type": "object", + "properties": { + "ComponentSeparator": { + "type": "string", + "maxLength": 1, + "minLength": 1, + "pattern": "^[!&'()*+,\\-./:;?=%@\\[\\]_{}|<>~^`\"]$" + }, + "DataElementSeparator": { + "type": "string", + "maxLength": 1, + "minLength": 1, + "pattern": "^[!&'()*+,\\-./:;?=%@\\[\\]_{}|<>~^`\"]$" + }, + "SegmentTerminator": { + "type": "string", + "maxLength": 1, + "minLength": 1, + "pattern": "^[!&'()*+,\\-./:;?=%@\\[\\]_{}|<>~^`\"]$" + } + }, + "additionalProperties": false + }, + "X12Envelope": { + "type": "object", + "properties": { + "Common": { + "$ref": "#/definitions/X12OutboundEdiHeaders" + } + }, + "additionalProperties": false + }, + "X12FunctionalGroupHeaders": { + "type": "object", + "properties": { + "ApplicationSenderCode": { + "type": "string", + "maxLength": 15, + "minLength": 2, + "pattern": "^[a-zA-Z0-9]*$" + }, + "ApplicationReceiverCode": { + "type": "string", + "maxLength": 15, + "minLength": 2, + "pattern": "^[a-zA-Z0-9]*$" + }, + "ResponsibleAgencyCode": { + "type": "string", + "maxLength": 2, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]*$" + } + }, + "additionalProperties": false + }, + "X12InterchangeControlHeaders": { + "type": "object", + "properties": { + "SenderIdQualifier": { + "type": "string", + "maxLength": 2, + "minLength": 2, + "pattern": "^[a-zA-Z0-9]*$" + }, + "SenderId": { + "type": "string", + "maxLength": 15, + "minLength": 15, + "pattern": "^[a-zA-Z0-9]*$" + }, + "ReceiverIdQualifier": { + "type": "string", + "maxLength": 2, + "minLength": 2, + "pattern": "^[a-zA-Z0-9]*$" + }, + "ReceiverId": { + "type": "string", + "maxLength": 15, + "minLength": 15, + "pattern": "^[a-zA-Z0-9]*$" + }, + "RepetitionSeparator": { + "type": "string", + "maxLength": 1, + "minLength": 1 + }, + "AcknowledgmentRequestedCode": { + "type": "string", + "maxLength": 1, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]*$" + }, + "UsageIndicatorCode": { + "type": "string", + "maxLength": 1, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]*$" + } + }, + "additionalProperties": false + }, + "X12OutboundEdiHeaders": { + "type": "object", + "properties": { + "InterchangeControlHeaders": { + "$ref": "#/definitions/X12InterchangeControlHeaders" + }, + "FunctionalGroupHeaders": { + "$ref": "#/definitions/X12FunctionalGroupHeaders" + }, + "Delimiters": { + "$ref": "#/definitions/X12Delimiters" + }, + "ValidateEdi": { + "type": "boolean" + } + }, + "additionalProperties": false } }, "properties": { @@ -33,6 +181,9 @@ "pattern": "^[a-zA-Z0-9_-]+$" } }, + "CapabilityOptions": { + "$ref": "#/definitions/CapabilityOptions" + }, "CreatedAt": { "type": "string", "format": "date-time" @@ -91,6 +242,7 @@ } }, "required": [ + "Capabilities", "Email", "Name", "ProfileId" @@ -147,7 +299,12 @@ "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, - "taggable": true + "taggable": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ] }, "additionalProperties": false } diff --git a/internal/service/cloudformation/schemas/AWS_B2BI_Profile.json b/internal/service/cloudformation/schemas/AWS_B2BI_Profile.json index a051f719d4..f27277e21f 100644 --- a/internal/service/cloudformation/schemas/AWS_B2BI_Profile.json +++ b/internal/service/cloudformation/schemas/AWS_B2BI_Profile.json @@ -155,7 +155,12 @@ "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, - "taggable": true + "taggable": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ] }, "additionalProperties": false } diff --git a/internal/service/cloudformation/schemas/AWS_B2BI_Transformer.json b/internal/service/cloudformation/schemas/AWS_B2BI_Transformer.json index 2a0102a8dd..3517b9c807 100644 --- a/internal/service/cloudformation/schemas/AWS_B2BI_Transformer.json +++ b/internal/service/cloudformation/schemas/AWS_B2BI_Transformer.json @@ -23,9 +23,124 @@ "type": "string", "enum": [ "XML", - "JSON" + "JSON", + "NOT_USED" ] }, + "FormatOptions": { + "oneOf": [ + { + "type": "object", + "title": "X12", + "properties": { + "X12": { + "$ref": "#/definitions/X12Details" + } + }, + "required": [ + "X12" + ], + "additionalProperties": false + } + ] + }, + "FromFormat": { + "type": "string", + "enum": [ + "X12" + ] + }, + "InputConversion": { + "type": "object", + "properties": { + "FromFormat": { + "$ref": "#/definitions/FromFormat" + }, + "FormatOptions": { + "$ref": "#/definitions/FormatOptions" + } + }, + "required": [ + "FromFormat" + ], + "additionalProperties": false + }, + "Mapping": { + "type": "object", + "properties": { + "TemplateLanguage": { + "$ref": "#/definitions/MappingTemplateLanguage" + }, + "Template": { + "type": "string", + "maxLength": 350000, + "minLength": 0 + } + }, + "required": [ + "TemplateLanguage" + ], + "additionalProperties": false + }, + "MappingTemplateLanguage": { + "type": "string", + "enum": [ + "XSLT", + "JSONATA" + ] + }, + "OutputConversion": { + "type": "object", + "properties": { + "ToFormat": { + "$ref": "#/definitions/ToFormat" + }, + "FormatOptions": { + "$ref": "#/definitions/FormatOptions" + } + }, + "required": [ + "ToFormat" + ], + "additionalProperties": false + }, + "SampleDocumentKeys": { + "type": "object", + "properties": { + "Input": { + "type": "string", + "maxLength": 1024, + "minLength": 0 + }, + "Output": { + "type": "string", + "maxLength": 1024, + "minLength": 0 + } + }, + "additionalProperties": false + }, + "SampleDocuments": { + "type": "object", + "properties": { + "BucketName": { + "type": "string", + "maxLength": 63, + "minLength": 3 + }, + "Keys": { + "type": "array", + "items": { + "$ref": "#/definitions/SampleDocumentKeys" + } + } + }, + "required": [ + "BucketName", + "Keys" + ], + "additionalProperties": false + }, "Tag": { "type": "object", "properties": { @@ -46,6 +161,12 @@ ], "additionalProperties": false }, + "ToFormat": { + "type": "string", + "enum": [ + "X12" + ] + }, "TransformerStatus": { "type": "string", "enum": [ @@ -166,10 +287,17 @@ "FileFormat": { "$ref": "#/definitions/FileFormat" }, + "InputConversion": { + "$ref": "#/definitions/InputConversion" + }, + "Mapping": { + "$ref": "#/definitions/Mapping" + }, "MappingTemplate": { "type": "string", "maxLength": 350000, - "minLength": 0 + "minLength": 0, + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion." }, "ModifiedAt": { "type": "string", @@ -178,12 +306,20 @@ "Name": { "type": "string", "maxLength": 254, - "minLength": 1 + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]{1,512}$" + }, + "OutputConversion": { + "$ref": "#/definitions/OutputConversion" }, "SampleDocument": { "type": "string", "maxLength": 1024, - "minLength": 0 + "minLength": 0, + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion." + }, + "SampleDocuments": { + "$ref": "#/definitions/SampleDocuments" }, "Status": { "$ref": "#/definitions/TransformerStatus" @@ -209,9 +345,6 @@ } }, "required": [ - "EdiType", - "FileFormat", - "MappingTemplate", "Name", "Status" ], @@ -221,6 +354,12 @@ "/properties/TransformerArn", "/properties/TransformerId" ], + "deprecatedProperties": [ + "/properties/EdiType", + "/properties/FileFormat", + "/properties/MappingTemplate", + "/properties/SampleDocument" + ], "primaryIdentifier": [ "/properties/TransformerId" ], @@ -272,7 +411,12 @@ "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, - "taggable": true + "taggable": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ] }, "additionalProperties": false } diff --git a/internal/service/cloudformation/schemas/AWS_Cassandra_Keyspace.json b/internal/service/cloudformation/schemas/AWS_Cassandra_Keyspace.json index 267c7e1e96..6418835c30 100644 --- a/internal/service/cloudformation/schemas/AWS_Cassandra_Keyspace.json +++ b/internal/service/cloudformation/schemas/AWS_Cassandra_Keyspace.json @@ -108,6 +108,19 @@ "primaryIdentifier": [ "/properties/KeyspaceName" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "cassandra:TagResource", + "cassandra:TagMultiRegionResource", + "cassandra:UntagResource", + "cassandra:UntagMultiRegionResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_Cassandra_Table.json b/internal/service/cloudformation/schemas/AWS_Cassandra_Table.json index 4b4dc0b831..352fc587d6 100644 --- a/internal/service/cloudformation/schemas/AWS_Cassandra_Table.json +++ b/internal/service/cloudformation/schemas/AWS_Cassandra_Table.json @@ -325,6 +325,19 @@ "/properties/KeyspaceName", "/properties/TableName" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "cassandra:TagResource", + "cassandra:TagMultiRegionResource", + "cassandra:UntagResource", + "cassandra:UntagMultiRegionResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_CodePipeline_Pipeline.json b/internal/service/cloudformation/schemas/AWS_CodePipeline_Pipeline.json index 7c63c6febd..cba591c87e 100644 --- a/internal/service/cloudformation/schemas/AWS_CodePipeline_Pipeline.json +++ b/internal/service/cloudformation/schemas/AWS_CodePipeline_Pipeline.json @@ -73,7 +73,8 @@ "Test", "Deploy", "Invoke", - "Approval" + "Approval", + "Compute" ] }, "Version": { @@ -212,6 +213,22 @@ "$ref": "#/definitions/OutputArtifact" } }, + "Commands": { + "description": "The shell commands to run with your compute action in CodePipeline.", + "type": "array", + "uniqueItems": false, + "items": { + "type": "string" + } + }, + "OutputVariables": { + "description": "The list of variables that are to be exported from the compute action.", + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, "Region": { "description": "The action declaration's AWS Region, such as us-east-1.", "type": "string" @@ -463,6 +480,14 @@ "Name": { "description": "The name of the output of an artifact, such as \"My App\".", "type": "string" + }, + "Files": { + "description": "The files that you want to associate with the output artifact that will be exported from the compute action.", + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } } }, "required": [ diff --git a/internal/service/cloudformation/schemas/AWS_Cognito_UserPool.json b/internal/service/cloudformation/schemas/AWS_Cognito_UserPool.json index 94d6342d6a..3bf11e8286 100644 --- a/internal/service/cloudformation/schemas/AWS_Cognito_UserPool.json +++ b/internal/service/cloudformation/schemas/AWS_Cognito_UserPool.json @@ -509,7 +509,8 @@ "cognito-idp:SetUserPoolMfaConfig", "cognito-idp:DescribeUserPool", "kms:CreateGrant", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "cognito-idp:TagResource" ], "timeoutInMinutes": 2 }, diff --git a/internal/service/cloudformation/schemas/AWS_Connect_ContactFlow.json b/internal/service/cloudformation/schemas/AWS_Connect_ContactFlow.json index 71e47bb875..bf97c1fd5e 100644 --- a/internal/service/cloudformation/schemas/AWS_Connect_ContactFlow.json +++ b/internal/service/cloudformation/schemas/AWS_Connect_ContactFlow.json @@ -104,7 +104,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ] }, "handlers": { "create": { diff --git a/internal/service/cloudformation/schemas/AWS_Connect_ContactFlowModule.json b/internal/service/cloudformation/schemas/AWS_Connect_ContactFlowModule.json index f35cc78deb..f921c753fd 100644 --- a/internal/service/cloudformation/schemas/AWS_Connect_ContactFlowModule.json +++ b/internal/service/cloudformation/schemas/AWS_Connect_ContactFlowModule.json @@ -92,7 +92,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ] }, "handlers": { "create": { diff --git a/internal/service/cloudformation/schemas/AWS_Connect_EvaluationForm.json b/internal/service/cloudformation/schemas/AWS_Connect_EvaluationForm.json index bb18e5167e..7047800e7a 100644 --- a/internal/service/cloudformation/schemas/AWS_Connect_EvaluationForm.json +++ b/internal/service/cloudformation/schemas/AWS_Connect_EvaluationForm.json @@ -504,7 +504,12 @@ "tagOnCreate": false, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ] }, "handlers": { "create": { diff --git a/internal/service/cloudformation/schemas/AWS_ControlTower_LandingZone.json b/internal/service/cloudformation/schemas/AWS_ControlTower_LandingZone.json index c379d0932c..26358360e7 100644 --- a/internal/service/cloudformation/schemas/AWS_ControlTower_LandingZone.json +++ b/internal/service/cloudformation/schemas/AWS_ControlTower_LandingZone.json @@ -1,5 +1,10 @@ { "tagging": { + "permissions": [ + "controltower:UntagResource", + "controltower:TagResource", + "controltower:ListTagsForResource" + ], "taggable": true, "tagOnCreate": true, "tagUpdatable": true, diff --git a/internal/service/cloudformation/schemas/AWS_DataBrew_Dataset.json b/internal/service/cloudformation/schemas/AWS_DataBrew_Dataset.json index 9ce7c0d29e..23af249fc5 100644 --- a/internal/service/cloudformation/schemas/AWS_DataBrew_Dataset.json +++ b/internal/service/cloudformation/schemas/AWS_DataBrew_Dataset.json @@ -2,7 +2,6 @@ "typeName": "AWS::DataBrew::Dataset", "description": "Resource schema for AWS::DataBrew::Dataset.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, "properties": { "Name": { "description": "Dataset name", @@ -426,6 +425,18 @@ "/properties/Name", "/properties/Tags" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": false, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_DataBrew_Job.json b/internal/service/cloudformation/schemas/AWS_DataBrew_Job.json index b133f3b0b7..e1595a9c32 100644 --- a/internal/service/cloudformation/schemas/AWS_DataBrew_Job.json +++ b/internal/service/cloudformation/schemas/AWS_DataBrew_Job.json @@ -2,7 +2,6 @@ "typeName": "AWS::DataBrew::Job", "description": "Resource schema for AWS::DataBrew::Job.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, "properties": { "DatasetName": { "description": "Dataset name", @@ -592,6 +591,18 @@ "/properties/Type", "/properties/Tags" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": false, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_DataBrew_Project.json b/internal/service/cloudformation/schemas/AWS_DataBrew_Project.json index 16b86bac41..48dc616e09 100644 --- a/internal/service/cloudformation/schemas/AWS_DataBrew_Project.json +++ b/internal/service/cloudformation/schemas/AWS_DataBrew_Project.json @@ -2,7 +2,6 @@ "typeName": "AWS::DataBrew::Project", "description": "Resource schema for AWS::DataBrew::Project.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, "properties": { "DatasetName": { "description": "Dataset name", @@ -99,6 +98,18 @@ "/properties/Name", "/properties/Tags" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": false, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_DataBrew_Recipe.json b/internal/service/cloudformation/schemas/AWS_DataBrew_Recipe.json index 63af7a4ca8..a843e0ac3e 100644 --- a/internal/service/cloudformation/schemas/AWS_DataBrew_Recipe.json +++ b/internal/service/cloudformation/schemas/AWS_DataBrew_Recipe.json @@ -2,7 +2,6 @@ "typeName": "AWS::DataBrew::Recipe", "description": "Resource schema for AWS::DataBrew::Recipe.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, "properties": { "Description": { "description": "Description of the recipe", @@ -552,6 +551,18 @@ "/properties/Name", "/properties/Tags" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": false, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_DataBrew_Ruleset.json b/internal/service/cloudformation/schemas/AWS_DataBrew_Ruleset.json index fbd3b4ee25..f5b26bca18 100644 --- a/internal/service/cloudformation/schemas/AWS_DataBrew_Ruleset.json +++ b/internal/service/cloudformation/schemas/AWS_DataBrew_Ruleset.json @@ -2,7 +2,6 @@ "typeName": "AWS::DataBrew::Ruleset", "description": "Resource schema for AWS::DataBrew::Ruleset.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, "definitions": { "Expression": { "description": "Expression with rule conditions", @@ -214,6 +213,18 @@ "/properties/TargetArn", "/properties/Tags" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": false, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_DataBrew_Schedule.json b/internal/service/cloudformation/schemas/AWS_DataBrew_Schedule.json index 2a5f8b7812..29cd3a1139 100644 --- a/internal/service/cloudformation/schemas/AWS_DataBrew_Schedule.json +++ b/internal/service/cloudformation/schemas/AWS_DataBrew_Schedule.json @@ -2,7 +2,6 @@ "typeName": "AWS::DataBrew::Schedule", "description": "Resource schema for AWS::DataBrew::Schedule.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, "properties": { "JobNames": { "type": "array", @@ -74,6 +73,18 @@ "/properties/Name", "/properties/Tags" ], + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": false, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ] + }, "handlers": { "create": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_DataSync_StorageSystem.json b/internal/service/cloudformation/schemas/AWS_DataSync_StorageSystem.json index 8204c576f9..81173b6a70 100644 --- a/internal/service/cloudformation/schemas/AWS_DataSync_StorageSystem.json +++ b/internal/service/cloudformation/schemas/AWS_DataSync_StorageSystem.json @@ -148,7 +148,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ] }, "additionalProperties": false, "required": [ diff --git a/internal/service/cloudformation/schemas/AWS_EC2_FlowLog.json b/internal/service/cloudformation/schemas/AWS_EC2_FlowLog.json index 195e22bd72..9a0dc07ff7 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_FlowLog.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_FlowLog.json @@ -140,7 +140,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] }, "primaryIdentifier": [ "/properties/Id" diff --git a/internal/service/cloudformation/schemas/AWS_EC2_IPAM.json b/internal/service/cloudformation/schemas/AWS_EC2_IPAM.json index afbcc62ca3..7e12479cc6 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_IPAM.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_IPAM.json @@ -164,6 +164,10 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_EC2_IPAMPool.json b/internal/service/cloudformation/schemas/AWS_EC2_IPAMPool.json index c39dde6d48..a9dfde4af2 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_IPAMPool.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_IPAMPool.json @@ -277,6 +277,10 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscovery.json b/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscovery.json index 4570357cc7..49ed4189d9 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscovery.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscovery.json @@ -141,6 +141,10 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscoveryAssociation.json b/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscoveryAssociation.json index 38008e62fd..137961e1c2 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscoveryAssociation.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_IPAMResourceDiscoveryAssociation.json @@ -138,6 +138,10 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_EC2_IPAMScope.json b/internal/service/cloudformation/schemas/AWS_EC2_IPAMScope.json index 89aa56a2d9..ffb0ec552f 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_IPAMScope.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_IPAMScope.json @@ -130,6 +130,10 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_EC2_NatGateway.json b/internal/service/cloudformation/schemas/AWS_EC2_NatGateway.json index 03d4f28679..df87278f6d 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_NatGateway.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_NatGateway.json @@ -1,8 +1,13 @@ { "tagging": { + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "taggable": true, "tagOnCreate": true, "tagUpdatable": true, + "tagProperty": "/properties/Tags", "cloudFormationSystemTags": true }, "handlers": { @@ -86,7 +91,7 @@ "properties": { "SecondaryAllocationIds": { "uniqueItems": true, - "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*.", + "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html) in the *Amazon VPC User Guide*.", "insertionOrder": true, "type": "array", "items": { diff --git a/internal/service/cloudformation/schemas/AWS_EC2_TransitGatewayRouteTable.json b/internal/service/cloudformation/schemas/AWS_EC2_TransitGatewayRouteTable.json index 28081531fe..eee14ef9d2 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_TransitGatewayRouteTable.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_TransitGatewayRouteTable.json @@ -1,9 +1,14 @@ { "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgateway.git", "tagging": { + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "taggable": true, "tagOnCreate": true, - "tagUpdatable": false, + "tagUpdatable": true, + "tagProperty": "/properties/Tags", "cloudFormationSystemTags": false }, "handlers": { @@ -19,6 +24,13 @@ "ec2:DescribeTransitGatewayRouteTables" ] }, + "update": { + "permissions": [ + "ec2:DescribeTransitGatewayRouteTables", + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, "list": { "permissions": [ "ec2:DescribeTransitGatewayRouteTables" @@ -39,8 +51,7 @@ ], "description": "Resource Type definition for AWS::EC2::TransitGatewayRouteTable", "createOnlyProperties": [ - "/properties/TransitGatewayId", - "/properties/Tags" + "/properties/TransitGatewayId" ], "additionalProperties": false, "primaryIdentifier": [ diff --git a/internal/service/cloudformation/schemas/AWS_EC2_VPC.json b/internal/service/cloudformation/schemas/AWS_EC2_VPC.json index 4646d3c7ec..76c4e11a9b 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_VPC.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_VPC.json @@ -71,7 +71,7 @@ ], "definitions": { "Tag": { - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "additionalProperties": false, "type": "object", "properties": { diff --git a/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointConnectionNotification.json b/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointConnectionNotification.json index c24d5b7732..cebcec475c 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointConnectionNotification.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointConnectionNotification.json @@ -1,69 +1,30 @@ { - "typeName": "AWS::EC2::VPCEndpointConnectionNotification", - "description": "Resource Type definition for AWS::EC2::VPCEndpointConnectionNotification", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-vpc-endpoint", - "additionalProperties": false, - "properties": { - "VPCEndpointConnectionNotificationId": { - "description": "VPC Endpoint Connection ID generated by service", - "type": "string" - }, - "ConnectionEvents": { - "description": "The endpoint events for which to receive notifications.", - "type": "array", - "uniqueItems": false, - "insertionOrder": false, - "items": { - "type": "string" - } - }, - "ConnectionNotificationArn": { - "description": "The ARN of the SNS topic for the notifications.", - "type": "string" - }, - "ServiceId": { - "description": "The ID of the endpoint service.", - "type": "string" - }, - "VPCEndpointId": { - "description": "The ID of the endpoint.", - "type": "string" - } - }, - "required": [ - "ConnectionEvents", - "ConnectionNotificationArn" - ], - "createOnlyProperties": [ - "/properties/ServiceId", - "/properties/VPCEndpointId" - ], "tagging": { "taggable": false, "tagOnCreate": false, "tagUpdatable": false, "cloudFormationSystemTags": false }, - "readOnlyProperties": [ - "/properties/VPCEndpointConnectionNotificationId" - ], - "primaryIdentifier": [ - "/properties/VPCEndpointConnectionNotificationId" - ], "handlers": { + "read": { + "permissions": [ + "ec2:DescribeVpcEndpointConnectionNotifications" + ] + }, "create": { "permissions": [ "ec2:CreateVpcEndpointConnectionNotification" ] }, - "read": { + "update": { "permissions": [ + "ec2:ModifyVpcEndpointConnectionNotification", "ec2:DescribeVpcEndpointConnectionNotifications" ] }, - "update": { + "list": { "permissions": [ - "ec2:ModifyVpcEndpointConnectionNotification", "ec2:DescribeVpcEndpointConnectionNotifications" ] }, @@ -71,11 +32,50 @@ "permissions": [ "ec2:DeleteVpcEndpointConnectionNotifications" ] + } + }, + "typeName": "AWS::EC2::VPCEndpointConnectionNotification", + "readOnlyProperties": [ + "/properties/VPCEndpointConnectionNotificationId" + ], + "description": "Resource Type definition for AWS::EC2::VPCEndpointConnectionNotification", + "createOnlyProperties": [ + "/properties/ServiceId", + "/properties/VPCEndpointId" + ], + "additionalProperties": false, + "primaryIdentifier": [ + "/properties/VPCEndpointConnectionNotificationId" + ], + "properties": { + "ConnectionEvents": { + "uniqueItems": false, + "description": "The endpoint events for which to receive notifications.", + "insertionOrder": false, + "type": "array", + "items": { + "type": "string" + } }, - "list": { - "permissions": [ - "ec2:DescribeVpcEndpointConnectionNotifications" - ] + "VPCEndpointId": { + "description": "The ID of the endpoint.", + "type": "string" + }, + "VPCEndpointConnectionNotificationId": { + "description": "VPC Endpoint Connection ID generated by service", + "type": "string" + }, + "ConnectionNotificationArn": { + "description": "The ARN of the SNS topic for the notifications.", + "type": "string" + }, + "ServiceId": { + "description": "The ID of the endpoint service.", + "type": "string" } - } + }, + "required": [ + "ConnectionEvents", + "ConnectionNotificationArn" + ] } diff --git a/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointService.json b/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointService.json index 822e0007a4..d2d5438008 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointService.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointService.json @@ -7,7 +7,11 @@ "type": "array", "uniqueItems": false, "items": { - "type": "string" + "type": "string", + "relationshipRef": { + "typeName": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "propertyPath": "/properties/LoadBalancerArn" + } } }, "ContributorInsightsEnabled": { diff --git a/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointServicePermissions.json b/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointServicePermissions.json index 0e27a6f29b..7329a31036 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointServicePermissions.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_VPCEndpointServicePermissions.json @@ -1,28 +1,4 @@ { - "typeName": "AWS::EC2::VPCEndpointServicePermissions", - "description": "Resource Type definition for AWS::EC2::VPCEndpointServicePermissions", - "additionalProperties": false, - "properties": { - "AllowedPrincipals": { - "type": "array", - "uniqueItems": false, - "items": { - "type": "string" - } - }, - "ServiceId": { - "type": "string" - } - }, - "required": [ - "ServiceId" - ], - "createOnlyProperties": [ - "/properties/ServiceId" - ], - "primaryIdentifier": [ - "/properties/ServiceId" - ], "tagging": { "taggable": false, "tagOnCreate": false, @@ -30,7 +6,7 @@ "cloudFormationSystemTags": false }, "handlers": { - "create": { + "read": { "permissions": [ "ec2:CreateVpcEndpointServicePermissions", "ec2:ModifyVpcEndpointServicePermissions", @@ -38,7 +14,7 @@ "ec2:DescribeVpcEndpointServicePermissions" ] }, - "update": { + "create": { "permissions": [ "ec2:CreateVpcEndpointServicePermissions", "ec2:ModifyVpcEndpointServicePermissions", @@ -46,7 +22,7 @@ "ec2:DescribeVpcEndpointServicePermissions" ] }, - "read": { + "update": { "permissions": [ "ec2:CreateVpcEndpointServicePermissions", "ec2:ModifyVpcEndpointServicePermissions", @@ -54,7 +30,7 @@ "ec2:DescribeVpcEndpointServicePermissions" ] }, - "delete": { + "list": { "permissions": [ "ec2:CreateVpcEndpointServicePermissions", "ec2:ModifyVpcEndpointServicePermissions", @@ -62,7 +38,7 @@ "ec2:DescribeVpcEndpointServicePermissions" ] }, - "list": { + "delete": { "permissions": [ "ec2:CreateVpcEndpointServicePermissions", "ec2:ModifyVpcEndpointServicePermissions", @@ -70,5 +46,29 @@ "ec2:DescribeVpcEndpointServicePermissions" ] } - } + }, + "typeName": "AWS::EC2::VPCEndpointServicePermissions", + "description": "Resource Type definition for AWS::EC2::VPCEndpointServicePermissions", + "createOnlyProperties": [ + "/properties/ServiceId" + ], + "additionalProperties": false, + "primaryIdentifier": [ + "/properties/ServiceId" + ], + "properties": { + "AllowedPrincipals": { + "uniqueItems": false, + "type": "array", + "items": { + "type": "string" + } + }, + "ServiceId": { + "type": "string" + } + }, + "required": [ + "ServiceId" + ] } diff --git a/internal/service/cloudformation/schemas/AWS_EC2_VPNConnection.json b/internal/service/cloudformation/schemas/AWS_EC2_VPNConnection.json index 178217e58f..bfab0154e2 100644 --- a/internal/service/cloudformation/schemas/AWS_EC2_VPNConnection.json +++ b/internal/service/cloudformation/schemas/AWS_EC2_VPNConnection.json @@ -69,18 +69,266 @@ "/properties/VpnConnectionId" ], "definitions": { + "CloudwatchLogOptionsSpecification": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "LogEnabled": { + "type": "boolean" + }, + "LogOutputFormat": { + "type": "string", + "enum": [ + "json", + "text" + ] + }, + "LogGroupArn": { + "type": "string" + } + } + }, + "Phase1IntegrityAlgorithmsRequestListValue": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "Value": { + "type": "string", + "enum": [ + "SHA1", + "SHA2-256", + "SHA2-384", + "SHA2-512" + ] + } + } + }, + "Phase2EncryptionAlgorithmsRequestListValue": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "Value": { + "type": "string", + "enum": [ + "AES128", + "AES256", + "AES128-GCM-16", + "AES256-GCM-16" + ] + } + } + }, + "Phase2IntegrityAlgorithmsRequestListValue": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "Value": { + "type": "string", + "enum": [ + "SHA1", + "SHA2-256", + "SHA2-384", + "SHA2-512" + ] + } + } + }, + "Phase1DHGroupNumbersRequestListValue": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "Value": { + "type": "integer", + "enum": [ + 2, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24 + ] + } + } + }, "VpnTunnelOptionsSpecification": { "description": "The tunnel options for a single VPN tunnel.", "additionalProperties": false, "type": "object", "properties": { - "PreSharedKey": { - "description": "The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.\n Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).", + "Phase2EncryptionAlgorithms": { + "uniqueItems": false, + "description": "", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/Phase2EncryptionAlgorithmsRequestListValue" + } + }, + "Phase2DHGroupNumbers": { + "uniqueItems": false, + "description": "", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/Phase2DHGroupNumbersRequestListValue" + } + }, + "TunnelInsideIpv6Cidr": { + "description": "", "type": "string" }, + "StartupAction": { + "description": "", + "type": "string", + "enum": [ + "add", + "start" + ] + }, "TunnelInsideCidr": { "description": "The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. \n Constraints: A size /30 CIDR block from the ``169.254.0.0/16`` range. The following CIDR blocks are reserved and cannot be used:\n + ``169.254.0.0/30`` \n + ``169.254.1.0/30`` \n + ``169.254.2.0/30`` \n + ``169.254.3.0/30`` \n + ``169.254.4.0/30`` \n + ``169.254.5.0/30`` \n + ``169.254.169.252/30``", "type": "string" + }, + "IKEVersions": { + "uniqueItems": false, + "description": "", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/IKEVersionsRequestListValue" + } + }, + "LogOptions": { + "description": "", + "$ref": "#/definitions/VpnTunnelLogOptionsSpecification" + }, + "Phase1DHGroupNumbers": { + "uniqueItems": false, + "description": "", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/Phase1DHGroupNumbersRequestListValue" + } + }, + "ReplayWindowSize": { + "description": "", + "maximum": 2048, + "type": "integer", + "minimum": 64 + }, + "EnableTunnelLifecycleControl": { + "description": "", + "type": "boolean" + }, + "RekeyMarginTimeSeconds": { + "description": "", + "type": "integer", + "minimum": 60 + }, + "DPDTimeoutAction": { + "description": "", + "type": "string", + "enum": [ + "clear", + "none", + "restart" + ] + }, + "Phase2LifetimeSeconds": { + "description": "", + "maximum": 3600, + "type": "integer", + "minimum": 900 + }, + "Phase2IntegrityAlgorithms": { + "uniqueItems": false, + "description": "", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/Phase2IntegrityAlgorithmsRequestListValue" + } + }, + "Phase1IntegrityAlgorithms": { + "uniqueItems": false, + "description": "", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/Phase1IntegrityAlgorithmsRequestListValue" + } + }, + "PreSharedKey": { + "description": "The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.\n Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).", + "type": "string" + }, + "Phase1LifetimeSeconds": { + "description": "", + "maximum": 28800, + "type": "integer", + "minimum": 900 + }, + "RekeyFuzzPercentage": { + "description": "", + "maximum": 100, + "type": "integer", + "minimum": 0 + }, + "Phase1EncryptionAlgorithms": { + "uniqueItems": false, + "description": "", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/Phase1EncryptionAlgorithmsRequestListValue" + } + }, + "DPDTimeoutSeconds": { + "description": "", + "type": "integer", + "minimum": 30 + } + } + }, + "Phase1EncryptionAlgorithmsRequestListValue": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "Value": { + "type": "string", + "enum": [ + "AES128", + "AES256", + "AES128-GCM-16", + "AES256-GCM-16" + ] + } + } + }, + "IKEVersionsRequestListValue": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "Value": { + "type": "string", + "enum": [ + "ikev1", + "ikev2" + ] } } }, @@ -102,15 +350,49 @@ "Value", "Key" ] + }, + "VpnTunnelLogOptionsSpecification": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "CloudwatchLogOptions": { + "$ref": "#/definitions/CloudwatchLogOptionsSpecification" + } + } + }, + "Phase2DHGroupNumbersRequestListValue": { + "description": "", + "additionalProperties": false, + "type": "object", + "properties": { + "Value": { + "type": "integer", + "enum": [ + 2, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24 + ] + } + } } }, "properties": { "RemoteIpv6NetworkCidr": { - "description": "", + "description": "The IPv6 CIDR on the AWS side of the VPN connection.\n Default: ``::/0``", "type": "string" }, "RemoteIpv4NetworkCidr": { - "description": "", + "description": "The IPv4 CIDR on the AWS side of the VPN connection.\n Default: ``0.0.0.0/0``", "type": "string" }, "VpnTunnelOptionsSpecifications": { @@ -127,7 +409,7 @@ "type": "string" }, "OutsideIpAddressType": { - "description": "", + "description": "The type of IPv4 address assigned to the outside interface of the customer gateway device.\n Valid values: ``PrivateIpv4`` | ``PublicIpv4`` \n Default: ``PublicIpv4``", "type": "string" }, "StaticRoutesOnly": { @@ -147,7 +429,7 @@ "type": "string" }, "LocalIpv4NetworkCidr": { - "description": "", + "description": "The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``0.0.0.0/0``", "type": "string" }, "VpnGatewayId": { @@ -155,11 +437,11 @@ "type": "string" }, "TransportTransitGatewayAttachmentId": { - "description": "", + "description": "The transit gateway attachment ID to use for the VPN tunnel.\n Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4``.", "type": "string" }, "LocalIpv6NetworkCidr": { - "description": "", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``::/0``", "type": "string" }, "VpnConnectionId": { @@ -167,7 +449,7 @@ "type": "string" }, "TunnelInsideIpVersion": { - "description": "", + "description": "Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.\n Default: ``ipv4``", "type": "string" }, "Tags": { diff --git a/internal/service/cloudformation/schemas/AWS_ECS_Cluster.json b/internal/service/cloudformation/schemas/AWS_ECS_Cluster.json index 54f09f0d66..8ec5b52e72 100644 --- a/internal/service/cloudformation/schemas/AWS_ECS_Cluster.json +++ b/internal/service/cloudformation/schemas/AWS_ECS_Cluster.json @@ -1,6 +1,15 @@ { "tagging": { - "taggable": true + "permissions": [ + "ecs:TagResource", + "ecs:UntagResource", + "ecs:ListTagsForResource" + ], + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "tagProperty": "/properties/Tags", + "cloudFormationSystemTags": true }, "propertyTransform": { "/properties/Configuration/ManagedStorageConfiguration/FargateEphemeralStorageKmsKeyId": "$join([\"arn:aws[-a-z]*:kms:[a-z0-9-]+:[0-9]{12}:key/\", FargateEphemeralStorageKmsKeyId])" diff --git a/internal/service/cloudformation/schemas/AWS_ECS_Service.json b/internal/service/cloudformation/schemas/AWS_ECS_Service.json index 87c2d871c3..5e30af2456 100644 --- a/internal/service/cloudformation/schemas/AWS_ECS_Service.json +++ b/internal/service/cloudformation/schemas/AWS_ECS_Service.json @@ -6,6 +6,9 @@ "tagProperty": "/properties/Tags", "cloudFormationSystemTags": true }, + "propertyTransform": { + "/properties/Role": "Role $OR $join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:iam::[0-9]{12}[:]role/{1}\", Role])" + }, "handlers": { "read": { "permissions": [ diff --git a/internal/service/cloudformation/schemas/AWS_ECS_TaskSet.json b/internal/service/cloudformation/schemas/AWS_ECS_TaskSet.json index 016ad5820f..abbb4f89d2 100644 --- a/internal/service/cloudformation/schemas/AWS_ECS_TaskSet.json +++ b/internal/service/cloudformation/schemas/AWS_ECS_TaskSet.json @@ -1,167 +1,227 @@ { + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecs.git", + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false + }, + "handlers": { + "read": { + "permissions": [ + "ecs:DescribeTaskSets" + ] + }, + "create": { + "permissions": [ + "ecs:CreateTaskSet", + "ecs:DescribeTaskSets", + "ecs:TagResource" + ] + }, + "update": { + "permissions": [ + "ecs:DescribeTaskSets", + "ecs:TagResource", + "ecs:UntagResource", + "ecs:UpdateTaskSet" + ] + }, + "delete": { + "permissions": [ + "ecs:DeleteTaskSet", + "ecs:DescribeTaskSets" + ] + } + }, "typeName": "AWS::ECS::TaskSet", + "readOnlyProperties": [ + "/properties/Id" + ], "description": "Create a task set in the specified cluster and service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.htmlin the Amazon Elastic Container Service Developer Guide.", - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecs.git", + "createOnlyProperties": [ + "/properties/Cluster", + "/properties/ExternalId", + "/properties/LaunchType", + "/properties/LoadBalancers", + "/properties/NetworkConfiguration", + "/properties/PlatformVersion", + "/properties/Service", + "/properties/ServiceRegistries", + "/properties/TaskDefinition", + "/properties/CapacityProviderStrategy" + ], + "additionalProperties": false, + "primaryIdentifier": [ + "/properties/Cluster", + "/properties/Service", + "/properties/Id" + ], "definitions": { - "LoadBalancer": { - "description": "A load balancer object representing the load balancer to use with the task set. The supported load balancer types are either an Application Load Balancer or a Network Load Balancer. ", + "CapacityProviderStrategyItem": { + "additionalProperties": false, "type": "object", "properties": { - "ContainerName": { - "description": "The name of the container (as it appears in a container definition) to associate with the load balancer.", + "CapacityProvider": { "type": "string" }, - "ContainerPort": { - "description": "The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they are launched on must allow ingress traffic on the hostPort of the port mapping.", + "Base": { "type": "integer" }, - "TargetGroupArn": { - "description": "The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set. A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you are using a Classic Load Balancer this should be omitted. For services using the ECS deployment controller, you can specify one or multiple target groups. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html in the Amazon Elastic Container Service Developer Guide. For services using the CODE_DEPLOY deployment controller, you are required to define two target groups for the load balancer. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html in the Amazon Elastic Container Service Developer Guide. If your service's task definition uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance, when creating your target groups because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.", - "type": "string" - } - }, - "additionalProperties": false - }, - "NetworkConfiguration": { - "description": "An object representing the network configuration for a task or service.", - "type": "object", - "properties": { - "AwsVpcConfiguration": { - "$ref": "#/definitions/AwsVpcConfiguration" + "Weight": { + "type": "integer" } - }, - "additionalProperties": false + } }, "AwsVpcConfiguration": { "description": "The VPC subnets and security groups associated with a task. All specified subnets and security groups must be from the same VPC.", + "additionalProperties": false, "type": "object", "properties": { - "AssignPublicIp": { - "description": "Whether the task's elastic network interface receives a public IP address. The default value is DISABLED.", - "type": "string", - "enum": [ - "DISABLED", - "ENABLED" - ] - }, "SecurityGroups": { + "maxItems": 5, "description": "The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. There is a limit of 5 security groups that can be specified per AwsVpcConfiguration.", "type": "array", "items": { "type": "string" - }, - "maxItems": 5 + } }, "Subnets": { + "maxItems": 16, "description": "The subnets associated with the task or service. There is a limit of 16 subnets that can be specified per AwsVpcConfiguration.", "type": "array", "items": { "type": "string" - }, - "maxItems": 16 + } + }, + "AssignPublicIp": { + "description": "Whether the task's elastic network interface receives a public IP address. The default value is DISABLED.", + "type": "string", + "enum": [ + "DISABLED", + "ENABLED" + ] } }, "required": [ "Subnets" - ], - "additionalProperties": false + ] + }, + "LoadBalancer": { + "description": "A load balancer object representing the load balancer to use with the task set. The supported load balancer types are either an Application Load Balancer or a Network Load Balancer. ", + "additionalProperties": false, + "type": "object", + "properties": { + "TargetGroupArn": { + "description": "The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set. A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you are using a Classic Load Balancer this should be omitted. For services using the ECS deployment controller, you can specify one or multiple target groups. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html in the Amazon Elastic Container Service Developer Guide. For services using the CODE_DEPLOY deployment controller, you are required to define two target groups for the load balancer. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html in the Amazon Elastic Container Service Developer Guide. If your service's task definition uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance, when creating your target groups because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.", + "type": "string" + }, + "ContainerName": { + "description": "The name of the container (as it appears in a container definition) to associate with the load balancer.", + "type": "string" + }, + "ContainerPort": { + "description": "The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they are launched on must allow ingress traffic on the hostPort of the port mapping.", + "type": "integer" + } + } + }, + "NetworkConfiguration": { + "description": "An object representing the network configuration for a task or service.", + "additionalProperties": false, + "type": "object", + "properties": { + "AwsVpcConfiguration": { + "$ref": "#/definitions/AwsVpcConfiguration" + } + } }, "Scale": { + "additionalProperties": false, "type": "object", "properties": { + "Value": { + "description": "The value, specified as a percent total of a service's desiredCount, to scale the task set. Accepted values are numbers between 0 and 100.", + "maximum": 100, + "type": "number", + "minimum": 0 + }, "Unit": { "description": "The unit of measure for the scale value.", "type": "string", "enum": [ "PERCENT" ] - }, - "Value": { - "description": "The value, specified as a percent total of a service's desiredCount, to scale the task set. Accepted values are numbers between 0 and 100.", - "type": "number", - "minimum": 0, - "maximum": 100 } - }, - "additionalProperties": false + } }, "ServiceRegistry": { + "additionalProperties": false, "type": "object", "properties": { "ContainerName": { "description": "The container name value, already specified in the task definition, to be used for your service discovery service. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value, but not both.", "type": "string" }, - "ContainerPort": { - "description": "The port value, already specified in the task definition, to be used for your service discovery service. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value, but not both.", - "type": "integer" - }, "Port": { "description": "The port value used if your service discovery service specified an SRV record. This field may be used if both the awsvpc network mode and SRV records are used.", "type": "integer" }, + "ContainerPort": { + "description": "The port value, already specified in the task definition, to be used for your service discovery service. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value, but not both.", + "type": "integer" + }, "RegistryArn": { "description": "The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is AWS Cloud Map. For more information, see https://docs.aws.amazon.com/cloud-map/latest/api/API_CreateService.html", "type": "string" } - }, - "additionalProperties": false + } }, "Tag": { + "additionalProperties": false, "type": "object", "properties": { - "Key": { + "Value": { "type": "string" }, - "Value": { + "Key": { "type": "string" } - }, - "additionalProperties": false + } } }, + "required": [ + "Cluster", + "Service", + "TaskDefinition" + ], "properties": { - "Cluster": { - "description": "The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in.", + "PlatformVersion": { + "description": "The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used by default.", "type": "string" }, "ExternalId": { "description": "An optional non-unique tag that identifies this task set in external systems. If the task set is associated with a service discovery registry, the tasks in this task set will have the ECS_TASK_SET_EXTERNAL_ID AWS Cloud Map attribute set to the provided value. ", "type": "string" }, - "Id": { - "description": "The ID of the task set.", + "Cluster": { + "description": "The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in.", "type": "string" }, - "LaunchType": { - "description": "The launch type that new tasks in the task set will use. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html in the Amazon Elastic Container Service Developer Guide. ", - "type": "string", - "enum": [ - "EC2", - "FARGATE" - ] - }, "LoadBalancers": { "type": "array", "items": { "$ref": "#/definitions/LoadBalancer" } }, - "NetworkConfiguration": { - "$ref": "#/definitions/NetworkConfiguration" - }, - "PlatformVersion": { - "description": "The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used by default.", + "Service": { + "description": "The short name or full Amazon Resource Name (ARN) of the service to create the task set in.", "type": "string" }, "Scale": { "description": "A floating-point percentage of the desired number of tasks to place and keep running in the task set.", "$ref": "#/definitions/Scale" }, - "Service": { - "description": "The short name or full Amazon Resource Name (ARN) of the service to create the task set in.", - "type": "string" - }, "ServiceRegistries": { "description": "The details of the service discovery registries to assign to this task set. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html.", "type": "array", @@ -169,74 +229,36 @@ "$ref": "#/definitions/ServiceRegistry" } }, - "Tags": { + "CapacityProviderStrategy": { "type": "array", "items": { - "$ref": "#/definitions/Tag" + "$ref": "#/definitions/CapacityProviderStrategyItem" } }, + "LaunchType": { + "description": "The launch type that new tasks in the task set will use. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html in the Amazon Elastic Container Service Developer Guide. ", + "type": "string", + "enum": [ + "EC2", + "FARGATE" + ] + }, "TaskDefinition": { "description": "The short name or full Amazon Resource Name (ARN) of the task definition for the tasks in the task set to use.", "type": "string" - } - }, - "required": [ - "Cluster", - "Service", - "TaskDefinition" - ], - "tagging": { - "taggable": true, - "tagOnCreate": true, - "tagUpdatable": true, - "cloudFormationSystemTags": false - }, - "createOnlyProperties": [ - "/properties/Cluster", - "/properties/ExternalId", - "/properties/LaunchType", - "/properties/LoadBalancers", - "/properties/NetworkConfiguration", - "/properties/PlatformVersion", - "/properties/Service", - "/properties/ServiceRegistries", - "/properties/TaskDefinition" - ], - "readOnlyProperties": [ - "/properties/Id" - ], - "primaryIdentifier": [ - "/properties/Cluster", - "/properties/Service", - "/properties/Id" - ], - "handlers": { - "create": { - "permissions": [ - "ecs:CreateTaskSet", - "ecs:DescribeTaskSets", - "ecs:TagResource" - ] }, - "read": { - "permissions": [ - "ecs:DescribeTaskSets" - ] + "NetworkConfiguration": { + "$ref": "#/definitions/NetworkConfiguration" }, - "update": { - "permissions": [ - "ecs:DescribeTaskSets", - "ecs:TagResource", - "ecs:UntagResource", - "ecs:UpdateTaskSet" - ] + "Id": { + "description": "The ID of the task set.", + "type": "string" }, - "delete": { - "permissions": [ - "ecs:DeleteTaskSet", - "ecs:DescribeTaskSets" - ] + "Tags": { + "type": "array", + "items": { + "$ref": "#/definitions/Tag" + } } - }, - "additionalProperties": false + } } diff --git a/internal/service/cloudformation/schemas/AWS_EKS_Cluster.json b/internal/service/cloudformation/schemas/AWS_EKS_Cluster.json index 70e045c703..1aa45d2a80 100644 --- a/internal/service/cloudformation/schemas/AWS_EKS_Cluster.json +++ b/internal/service/cloudformation/schemas/AWS_EKS_Cluster.json @@ -134,6 +134,17 @@ } } }, + "ZonalShiftConfig": { + "description": "The current zonal shift configuration to use for the cluster.", + "additionalProperties": false, + "type": "object", + "properties": { + "Enabled": { + "description": "Set this value to true to enable zonal shift for the cluster.", + "type": "boolean" + } + } + }, "AccessConfig": { "description": "An object representing the Access Config to use for the cluster.", "additionalProperties": false, @@ -253,6 +264,17 @@ "Cidrs" ] }, + "BlockStorage": { + "description": "Todo: add description", + "additionalProperties": false, + "type": "object", + "properties": { + "Enabled": { + "description": "Todo: add description", + "type": "boolean" + } + } + }, "UpgradePolicy": { "description": "An object representing the Upgrade Policy to use for the cluster.", "additionalProperties": false, @@ -397,13 +419,16 @@ "$ref": "#/definitions/Logging" }, "BootstrapSelfManagedAddons": { - "description": "Set this value to false to avoid creating the default networking addons when the cluster is created.", + "description": "Set this value to false to avoid creating the default networking add-ons when the cluster is created.", "type": "boolean" }, "EncryptionConfigKeyArn": { "description": "Amazon Resource Name (ARN) or alias of the customer master key (CMK).", "type": "string" }, + "ZonalShiftConfig": { + "$ref": "#/definitions/ZonalShiftConfig" + }, "AccessConfig": { "$ref": "#/definitions/AccessConfig" }, diff --git a/internal/service/cloudformation/schemas/AWS_EMR_WALWorkspace.json b/internal/service/cloudformation/schemas/AWS_EMR_WALWorkspace.json index 5edd475331..a0bc6d2961 100644 --- a/internal/service/cloudformation/schemas/AWS_EMR_WALWorkspace.json +++ b/internal/service/cloudformation/schemas/AWS_EMR_WALWorkspace.json @@ -51,7 +51,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "emrwal:TagResource", + "emrwal:UntagResource", + "emrwal:ListTagsForResource" + ] }, "primaryIdentifier": [ "/properties/WALWorkspaceName" diff --git a/internal/service/cloudformation/schemas/AWS_ElastiCache_ParameterGroup.json b/internal/service/cloudformation/schemas/AWS_ElastiCache_ParameterGroup.json index 4f1740767b..6e85706bc8 100644 --- a/internal/service/cloudformation/schemas/AWS_ElastiCache_ParameterGroup.json +++ b/internal/service/cloudformation/schemas/AWS_ElastiCache_ParameterGroup.json @@ -79,7 +79,9 @@ "ElastiCache:CreateCacheParameterGroup", "ElastiCache:DescribeCacheParameterGroups", "ElastiCache:AddTagsToResource", - "ElastiCache:ModifyCacheParameterGroup" + "ElastiCache:ModifyCacheParameterGroup", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" ] }, "read": { diff --git a/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_Listener.json b/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_Listener.json index 739706bdfc..a2500cd818 100644 --- a/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_Listener.json +++ b/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_Listener.json @@ -314,14 +314,16 @@ } }, "ListenerAttribute": { - "description": "", + "description": "Information about a listener attribute.", "additionalProperties": false, "type": "object", "properties": { "Value": { + "description": "The value of the attribute.", "type": "string" }, "Key": { + "description": "The name of the attribute.\n The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.\n + ``tcp.idle_timeout.seconds`` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.", "type": "string" } } @@ -346,6 +348,18 @@ } }, "AuthenticateOidcConfig": { + "anyOf": [ + { + "required": [ + "ClientSecret" + ] + }, + { + "required": [ + "UseExistingClientSecret" + ] + } + ], "description": "Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.", "additionalProperties": false, "type": "object", @@ -450,7 +464,7 @@ "ListenerAttributes": { "arrayType": "AttributeList", "uniqueItems": true, - "description": "", + "description": "The listener attributes.", "insertionOrder": false, "type": "array", "items": { diff --git a/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_ListenerRule.json b/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_ListenerRule.json index 5e5f3dbccb..56a76019b3 100644 --- a/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_ListenerRule.json +++ b/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_ListenerRule.json @@ -447,6 +447,18 @@ "ClientId", "AuthorizationEndpoint" ], + "anyOf": [ + { + "required": [ + "ClientSecret" + ] + }, + { + "required": [ + "UseExistingClientSecret" + ] + } + ], "description": "Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users." }, "SourceIpConfig": { diff --git a/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_TargetGroup.json b/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_TargetGroup.json index 9e5f5e09e2..6e1dcfaed8 100644 --- a/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_TargetGroup.json +++ b/internal/service/cloudformation/schemas/AWS_ElasticLoadBalancingV2_TargetGroup.json @@ -209,7 +209,12 @@ "tagOnCreate": false, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:RemoveTags" + ] }, "handlers": { "create": { diff --git a/internal/service/cloudformation/schemas/AWS_Glue_Registry.json b/internal/service/cloudformation/schemas/AWS_Glue_Registry.json index 0f3fae6f20..45cdad3b63 100644 --- a/internal/service/cloudformation/schemas/AWS_Glue_Registry.json +++ b/internal/service/cloudformation/schemas/AWS_Glue_Registry.json @@ -1,6 +1,18 @@ { "typeName": "AWS::Glue::Registry", "description": "This resource creates a Registry for authoring schemas as part of Glue Schema Registry.", + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "glue:GetTags", + "glue:TagResource", + "glue:UntagResource" + ] + }, "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", "definitions": { "Tag": { @@ -72,7 +84,8 @@ "permissions": [ "glue:CreateRegistry", "glue:GetRegistry", - "glue:GetTags" + "glue:GetTags", + "glue:TagResource" ] }, "read": { diff --git a/internal/service/cloudformation/schemas/AWS_Glue_Schema.json b/internal/service/cloudformation/schemas/AWS_Glue_Schema.json index 7b3c3785af..5ffabcd942 100644 --- a/internal/service/cloudformation/schemas/AWS_Glue_Schema.json +++ b/internal/service/cloudformation/schemas/AWS_Glue_Schema.json @@ -1,6 +1,18 @@ { "typeName": "AWS::Glue::Schema", "description": "This resource represents a schema of Glue Schema Registry.", + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "glue:GetTags", + "glue:TagResource", + "glue:UntagResource" + ] + }, "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", "definitions": { "Registry": { @@ -133,7 +145,6 @@ "required": [ "Name", "DataFormat", - "SchemaDefinition", "Compatibility" ], "readOnlyProperties": [ @@ -155,7 +166,8 @@ "handlers": { "create": { "permissions": [ - "glue:CreateSchema" + "glue:CreateSchema", + "glue:TagResource" ] }, "read": { diff --git a/internal/service/cloudformation/schemas/AWS_GuardDuty_Detector.json b/internal/service/cloudformation/schemas/AWS_GuardDuty_Detector.json index 1eea730564..6cb9437754 100644 --- a/internal/service/cloudformation/schemas/AWS_GuardDuty_Detector.json +++ b/internal/service/cloudformation/schemas/AWS_GuardDuty_Detector.json @@ -5,8 +5,9 @@ "tagging": { "taggable": true, "tagOnCreate": true, - "tagUpdatable": false, - "cloudFormationSystemTags": false + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags" }, "properties": { "FindingPublishingFrequency": { @@ -20,6 +21,7 @@ }, "Features": { "type": "array", + "insertionOrder": false, "items": { "$ref": "#/definitions/CFNFeatureConfiguration" } @@ -29,6 +31,7 @@ }, "Tags": { "type": "array", + "insertionOrder": false, "items": { "$ref": "#/definitions/TagItem" } @@ -141,6 +144,7 @@ }, "AdditionalConfiguration": { "type": "array", + "insertionOrder": false, "items": { "$ref": "#/definitions/CFNFeatureAdditionalConfiguration" } @@ -183,7 +187,8 @@ }, "read": { "permissions": [ - "guardduty:GetDetector" + "guardduty:GetDetector", + "guardduty:ListTagsForResource" ] }, "delete": { @@ -199,7 +204,9 @@ "guardduty:GetDetector", "guardduty:ListDetectors", "iam:CreateServiceLinkedRole", - "iam:GetRole" + "iam:GetRole", + "guardduty:TagResource", + "guardduty:UntagResource" ] }, "list": { diff --git a/internal/service/cloudformation/schemas/AWS_GuardDuty_Filter.json b/internal/service/cloudformation/schemas/AWS_GuardDuty_Filter.json index 9ba523907b..18befcdfeb 100644 --- a/internal/service/cloudformation/schemas/AWS_GuardDuty_Filter.json +++ b/internal/service/cloudformation/schemas/AWS_GuardDuty_Filter.json @@ -5,8 +5,14 @@ "tagging": { "taggable": true, "tagOnCreate": true, - "tagUpdatable": false, - "cloudFormationSystemTags": false + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ] }, "properties": { "Action": { @@ -35,6 +41,7 @@ }, "Tags": { "type": "array", + "insertionOrder": false, "items": { "$ref": "#/definitions/TagItem" } @@ -162,7 +169,8 @@ }, "read": { "permissions": [ - "guardduty:GetFilter" + "guardduty:GetFilter", + "guardduty:ListTagsForResource" ] }, "delete": { @@ -177,7 +185,9 @@ "permissions": [ "guardduty:UpdateFilter", "guardduty:GetFilter", - "guardduty:ListFilters" + "guardduty:ListFilters", + "guardduty:TagResource", + "guardduty:UntagResource" ] }, "list": { diff --git a/internal/service/cloudformation/schemas/AWS_GuardDuty_IPSet.json b/internal/service/cloudformation/schemas/AWS_GuardDuty_IPSet.json index dbb8f0e39b..2ba177bd36 100644 --- a/internal/service/cloudformation/schemas/AWS_GuardDuty_IPSet.json +++ b/internal/service/cloudformation/schemas/AWS_GuardDuty_IPSet.json @@ -5,8 +5,14 @@ "tagging": { "taggable": true, "tagOnCreate": true, - "tagUpdatable": false, - "cloudFormationSystemTags": false + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ] }, "properties": { "Id": { @@ -35,6 +41,7 @@ }, "Tags": { "type": "array", + "insertionOrder": false, "items": { "$ref": "#/definitions/TagItem" } @@ -109,7 +116,9 @@ "guardduty:UpdateIPSet", "guardduty:GetIPSet", "guardduty:ListIPSets", - "iam:PutRolePolicy" + "iam:PutRolePolicy", + "guardduty:TagResource", + "guardduty:UntagResource" ] }, "list": { diff --git a/internal/service/cloudformation/schemas/AWS_GuardDuty_MalwareProtectionPlan.json b/internal/service/cloudformation/schemas/AWS_GuardDuty_MalwareProtectionPlan.json index 1881032367..222f2a62e8 100644 --- a/internal/service/cloudformation/schemas/AWS_GuardDuty_MalwareProtectionPlan.json +++ b/internal/service/cloudformation/schemas/AWS_GuardDuty_MalwareProtectionPlan.json @@ -6,7 +6,13 @@ "taggable": true, "tagOnCreate": true, "tagUpdatable": true, - "cloudFormationSystemTags": false + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ] }, "properties": { "MalwareProtectionPlanId": { diff --git a/internal/service/cloudformation/schemas/AWS_GuardDuty_ThreatIntelSet.json b/internal/service/cloudformation/schemas/AWS_GuardDuty_ThreatIntelSet.json index c8e4ea66f4..7cdeb221eb 100644 --- a/internal/service/cloudformation/schemas/AWS_GuardDuty_ThreatIntelSet.json +++ b/internal/service/cloudformation/schemas/AWS_GuardDuty_ThreatIntelSet.json @@ -6,8 +6,14 @@ "tagging": { "taggable": true, "tagOnCreate": true, - "tagUpdatable": false, - "cloudFormationSystemTags": false + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ] }, "properties": { "Id": { @@ -109,7 +115,9 @@ "guardduty:UpdateThreatIntelSet", "guardduty:GetThreatIntelSet", "guardduty:ListThreatIntelSets", - "iam:PutRolePolicy" + "iam:PutRolePolicy", + "guardduty:TagResource", + "guardduty:UntagResource" ] }, "list": { diff --git a/internal/service/cloudformation/schemas/AWS_IAM_OIDCProvider.json b/internal/service/cloudformation/schemas/AWS_IAM_OIDCProvider.json index b73f38d9d7..dd3e546ed4 100644 --- a/internal/service/cloudformation/schemas/AWS_IAM_OIDCProvider.json +++ b/internal/service/cloudformation/schemas/AWS_IAM_OIDCProvider.json @@ -117,6 +117,12 @@ "taggable": true, "tagOnCreate": true, "tagUpdatable": true, - "cloudFormationSystemTags": false + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "iam:TagOpenIDConnectProvider", + "iam:UntagOpenIDConnectProvider", + "iam:ListOpenIDConnectProviderTags" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_IAM_Role.json b/internal/service/cloudformation/schemas/AWS_IAM_Role.json index c13bfa6a0f..4a11bbe86a 100644 --- a/internal/service/cloudformation/schemas/AWS_IAM_Role.json +++ b/internal/service/cloudformation/schemas/AWS_IAM_Role.json @@ -85,7 +85,7 @@ "type": "string" }, "Policies": { - "description": "Adds or updates an inline policy document that is embedded in the specified IAM role.\n When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).\n A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.\n For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.\n If an external policy (such as ``AWS::IAM::Policy`` or", + "description": "Adds or updates an inline policy document that is embedded in the specified IAM role.\n When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).\n A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.\n For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.\n If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy.", "type": "array", "insertionOrder": false, "uniqueItems": false, @@ -98,7 +98,7 @@ "type": "string" }, "RoleName": { - "description": "A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.\n This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.\n If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use", + "description": "A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.\n This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.\n If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).\n Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}``.", "type": "string" }, "Tags": { diff --git a/internal/service/cloudformation/schemas/AWS_IAM_SAMLProvider.json b/internal/service/cloudformation/schemas/AWS_IAM_SAMLProvider.json index 09bc5a5e30..7172938049 100644 --- a/internal/service/cloudformation/schemas/AWS_IAM_SAMLProvider.json +++ b/internal/service/cloudformation/schemas/AWS_IAM_SAMLProvider.json @@ -104,6 +104,12 @@ "taggable": true, "tagOnCreate": true, "tagUpdatable": true, - "cloudFormationSystemTags": false + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "iam:TagSAMLProvider", + "iam:ListSAMLProviderTags", + "iam:UntagSAMLProvider" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_IAM_ServerCertificate.json b/internal/service/cloudformation/schemas/AWS_IAM_ServerCertificate.json index 99654e8c1b..e4f0ed5cfb 100644 --- a/internal/service/cloudformation/schemas/AWS_IAM_ServerCertificate.json +++ b/internal/service/cloudformation/schemas/AWS_IAM_ServerCertificate.json @@ -127,6 +127,12 @@ "taggable": true, "tagOnCreate": true, "tagUpdatable": true, - "cloudFormationSystemTags": false + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "iam:TagServerCertificate", + "iam:UntagServerCertificate", + "iam:ListServerCertificateTags" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_ImageBuilder_InfrastructureConfiguration.json b/internal/service/cloudformation/schemas/AWS_ImageBuilder_InfrastructureConfiguration.json index 0a267200b2..2a15d77f4e 100644 --- a/internal/service/cloudformation/schemas/AWS_ImageBuilder_InfrastructureConfiguration.json +++ b/internal/service/cloudformation/schemas/AWS_ImageBuilder_InfrastructureConfiguration.json @@ -1,109 +1,64 @@ { - "typeName": "AWS::ImageBuilder::InfrastructureConfiguration", - "description": "Resource schema for AWS::ImageBuilder::InfrastructureConfiguration", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", - "properties": { - "Arn": { - "description": "The Amazon Resource Name (ARN) of the infrastructure configuration.", - "type": "string" - }, - "Name": { - "description": "The name of the infrastructure configuration.", - "type": "string" - }, - "Description": { - "description": "The description of the infrastructure configuration.", - "type": "string" - }, - "InstanceTypes": { - "description": "The instance types of the infrastructure configuration.", - "type": "array", - "insertionOrder": true, - "items": { - "type": "string" - } - }, - "SecurityGroupIds": { - "description": "The security group IDs of the infrastructure configuration.", - "type": "array", - "insertionOrder": false, - "items": { - "type": "string" - } - }, - "Logging": { - "description": "The logging configuration of the infrastructure configuration.", - "$ref": "#/definitions/Logging" - }, - "SubnetId": { - "description": "The subnet ID of the infrastructure configuration.", - "type": "string" - }, - "KeyPair": { - "description": "The EC2 key pair of the infrastructure configuration..", - "type": "string" - }, - "TerminateInstanceOnFailure": { - "description": "The terminate instance on failure configuration of the infrastructure configuration.", - "type": "boolean" - }, - "InstanceProfileName": { - "description": "The instance profile of the infrastructure configuration.", - "type": "string" + "tagging": { + "taggable": false + }, + "handlers": { + "read": { + "permissions": [ + "imagebuilder:GetInfrastructureConfiguration" + ] }, - "InstanceMetadataOptions": { - "description": "The instance metadata option settings for the infrastructure configuration.", - "$ref": "#/definitions/InstanceMetadataOptions" + "create": { + "permissions": [ + "iam:PassRole", + "iam:GetRole", + "iam:GetInstanceProfile", + "iam:CreateServiceLinkedRole", + "sns:Publish", + "imagebuilder:TagResource", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:CreateInfrastructureConfiguration" + ] }, - "SnsTopicArn": { - "description": "The SNS Topic Amazon Resource Name (ARN) of the infrastructure configuration.", - "type": "string" + "update": { + "permissions": [ + "iam:PassRole", + "sns:Publish", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:UpdateInfrastructureConfiguration" + ] }, - "ResourceTags": { - "description": "The tags attached to the resource created by Image Builder.", - "type": "object", - "additionalProperties": false, - "patternProperties": { - "": { - "type": "string" - } - } + "list": { + "permissions": [ + "imagebuilder:ListInfrastructureConfigurations" + ] }, - "Tags": { - "description": "The tags associated with the component.", - "type": "object", - "additionalProperties": false, - "patternProperties": { - "": { - "type": "string" - } - } + "delete": { + "permissions": [ + "imagebuilder:UnTagResource", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:DeleteInfrastructureConfiguration" + ] } }, + "typeName": "AWS::ImageBuilder::InfrastructureConfiguration", + "readOnlyProperties": [ + "/properties/Arn" + ], + "description": "Resource schema for AWS::ImageBuilder::InfrastructureConfiguration", + "createOnlyProperties": [ + "/properties/Name" + ], + "additionalProperties": false, + "primaryIdentifier": [ + "/properties/Arn" + ], "definitions": { - "TagMap": { - "description": "TagMap", - "type": "object", - "additionalProperties": false, - "properties": { - "TagKey": { - "description": "TagKey", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "TagValue": { - "description": "TagValue", - "type": "string", - "minLength": 1, - "maxLength": 256 - } - } - }, "Logging": { "description": "The logging configuration of the infrastructure configuration.", - "type": "object", "additionalProperties": false, + "type": "object", "properties": { "S3Logs": { "$ref": "#/definitions/S3Logs" @@ -112,8 +67,8 @@ }, "InstanceMetadataOptions": { "description": "The instance metadata option settings for the infrastructure configuration.", - "type": "object", "additionalProperties": false, + "type": "object", "properties": { "HttpPutResponseHopLimit": { "description": "Limit the number of hops that an instance metadata request can traverse to reach its destination.", @@ -131,16 +86,35 @@ }, "S3Logs": { "description": "The S3 path in which to store the logs.", - "type": "object", "additionalProperties": false, + "type": "object", "properties": { + "S3KeyPrefix": { + "description": "S3KeyPrefix", + "type": "string" + }, "S3BucketName": { "description": "S3BucketName", "type": "string" + } + } + }, + "TagMap": { + "description": "TagMap", + "additionalProperties": false, + "type": "object", + "properties": { + "TagKey": { + "minLength": 1, + "description": "TagKey", + "type": "string", + "maxLength": 128 }, - "S3KeyPrefix": { - "description": "S3KeyPrefix", - "type": "string" + "TagValue": { + "minLength": 1, + "description": "TagValue", + "type": "string", + "maxLength": 256 } } } @@ -149,56 +123,82 @@ "Name", "InstanceProfileName" ], - "primaryIdentifier": [ - "/properties/Arn" - ], - "readOnlyProperties": [ - "/properties/Arn" - ], - "createOnlyProperties": [ - "/properties/Name" - ], - "tagging": { - "taggable": false - }, - "handlers": { - "create": { - "permissions": [ - "iam:PassRole", - "iam:GetRole", - "iam:GetInstanceProfile", - "iam:CreateServiceLinkedRole", - "sns:Publish", - "imagebuilder:TagResource", - "imagebuilder:GetInfrastructureConfiguration", - "imagebuilder:CreateInfrastructureConfiguration" - ] + "properties": { + "Logging": { + "description": "The logging configuration of the infrastructure configuration.", + "$ref": "#/definitions/Logging" }, - "update": { - "permissions": [ - "iam:PassRole", - "sns:Publish", - "imagebuilder:GetInfrastructureConfiguration", - "imagebuilder:UpdateInfrastructureConfiguration" - ] + "KeyPair": { + "description": "The EC2 key pair of the infrastructure configuration..", + "type": "string" }, - "read": { - "permissions": [ - "imagebuilder:GetInfrastructureConfiguration" - ] + "Description": { + "description": "The description of the infrastructure configuration.", + "type": "string" }, - "delete": { - "permissions": [ - "imagebuilder:UnTagResource", - "imagebuilder:GetInfrastructureConfiguration", - "imagebuilder:DeleteInfrastructureConfiguration" - ] + "InstanceProfileName": { + "description": "The instance profile of the infrastructure configuration.", + "type": "string" }, - "list": { - "permissions": [ - "imagebuilder:ListInfrastructureConfigurations" - ] + "ResourceTags": { + "patternProperties": { + "": { + "type": "string" + } + }, + "description": "The tags attached to the resource created by Image Builder.", + "additionalProperties": false, + "type": "object" + }, + "TerminateInstanceOnFailure": { + "description": "The terminate instance on failure configuration of the infrastructure configuration.", + "type": "boolean" + }, + "SubnetId": { + "description": "The subnet ID of the infrastructure configuration.", + "type": "string" + }, + "SecurityGroupIds": { + "description": "The security group IDs of the infrastructure configuration.", + "insertionOrder": false, + "type": "array", + "items": { + "type": "string" + } + }, + "Name": { + "description": "The name of the infrastructure configuration.", + "type": "string" + }, + "InstanceMetadataOptions": { + "description": "The instance metadata option settings for the infrastructure configuration.", + "$ref": "#/definitions/InstanceMetadataOptions" + }, + "InstanceTypes": { + "description": "The instance types of the infrastructure configuration.", + "insertionOrder": true, + "type": "array", + "items": { + "type": "string" + } + }, + "SnsTopicArn": { + "description": "The SNS Topic Amazon Resource Name (ARN) of the infrastructure configuration.", + "type": "string" + }, + "Arn": { + "description": "The Amazon Resource Name (ARN) of the infrastructure configuration.", + "type": "string" + }, + "Tags": { + "patternProperties": { + "": { + "type": "string" + } + }, + "description": "The tags associated with the component.", + "additionalProperties": false, + "type": "object" } - }, - "additionalProperties": false + } } diff --git a/internal/service/cloudformation/schemas/AWS_IoTEvents_AlarmModel.json b/internal/service/cloudformation/schemas/AWS_IoTEvents_AlarmModel.json index 27e71fd2e4..d6daf0dbd5 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTEvents_AlarmModel.json +++ b/internal/service/cloudformation/schemas/AWS_IoTEvents_AlarmModel.json @@ -1,6 +1,6 @@ { "typeName": "AWS::IoTEvents::AlarmModel", - "description": "The AWS::IoTEvents::AlarmModel resource creates a alarm model. AWS IoT Events alarms help you monitor your data for changes. The data can be metrics that you measure for your equipment and processes. You can create alarms that send notifications when a threshold is breached. Alarms help you detect issues, streamline maintenance, and optimize performance of your equipment and processes.\n\nAlarms are instances of alarm models. The alarm model specifies what to detect, when to send notifications, who gets notified, and more. You can also specify one or more supported actions that occur when the alarm state changes. AWS IoT Events routes input attributes derived from your data to the appropriate alarms. If the data that you're monitoring is outside the specified range, the alarm is invoked. You can also acknowledge the alarms or set them to the snooze mode.", + "description": "Represents an alarm model to monitor an ITE input attribute. You can use the alarm to get notified when the value is outside a specified range. For more information, see [Create an alarm model](https://docs.aws.amazon.com/iotevents/latest/developerguide/create-alarms.html) in the *Developer Guide*.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "definitions": { "AlarmRule": { @@ -9,7 +9,8 @@ "additionalProperties": false, "properties": { "SimpleRule": { - "$ref": "#/definitions/SimpleRule" + "$ref": "#/definitions/SimpleRule", + "description": "A rule that compares an input property value to a threshold value with a comparison operator." } } }, @@ -22,7 +23,7 @@ "type": "string", "minLength": 1, "maxLength": 512, - "description": "The value on the left side of the comparison operator. You can specify an AWS IoT Events input attribute as an input property." + "description": "The value on the left side of the comparison operator. You can specify an ITE input attribute as an input property." }, "ComparisonOperator": { "type": "string", @@ -40,7 +41,7 @@ "type": "string", "minLength": 1, "maxLength": 512, - "description": "The value on the right side of the comparison operator. You can enter a number or specify an AWS IoT Events input attribute." + "description": "The value on the right side of the comparison operator. You can enter a number or specify an ITE input attribute." } }, "required": [ @@ -55,20 +56,23 @@ "description": "Contains information about one or more alarm actions.", "properties": { "AlarmActions": { - "$ref": "#/definitions/AlarmActions" + "$ref": "#/definitions/AlarmActions", + "description": "Specifies one or more supported actions to receive notifications when the alarm state changes." } } }, "AlarmCapabilities": { "type": "object", - "description": "Contains the configuration information of alarm state changes", + "description": "Contains the configuration information of alarm state changes.", "additionalProperties": false, "properties": { "InitializationConfiguration": { - "$ref": "#/definitions/InitializationConfiguration" + "$ref": "#/definitions/InitializationConfiguration", + "description": "Specifies the default alarm state. The configuration applies to all alarms that were created based on this alarm model." }, "AcknowledgeFlow": { - "$ref": "#/definitions/AcknowledgeFlow" + "$ref": "#/definitions/AcknowledgeFlow", + "description": "Specifies whether to get notified for alarm state changes." } } }, @@ -84,49 +88,58 @@ "AlarmAction": { "type": "object", "additionalProperties": false, - "description": "The actions to be performed.", + "description": "Specifies one of the following actions to receive notifications when the alarm state changes.", "properties": { "DynamoDB": { - "$ref": "#/definitions/DynamoDB" + "$ref": "#/definitions/DynamoDB", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``.\n + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. \n ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``_raw``." }, "DynamoDBv2": { - "$ref": "#/definitions/DynamoDBv2" + "$ref": "#/definitions/DynamoDBv2", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``.\n + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. \n ``'{\\\"sensorID\\\": \\\"${$input.GreenhouseInput.sensor_id}\\\", \\\"temperature\\\": \\\"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\\\"}'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n The value for the ``type`` parameter in ``Payload`` must be ``JSON``." }, "Firehose": { - "$ref": "#/definitions/Firehose" + "$ref": "#/definitions/Firehose", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream." }, "IotEvents": { - "$ref": "#/definitions/IotEvents" + "$ref": "#/definitions/IotEvents", + "description": "Sends an ITE input, passing in information about the detector model instance and the event that triggered the action." }, "IotSiteWise": { - "$ref": "#/definitions/IotSiteWise" + "$ref": "#/definitions/IotSiteWise", + "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW.\n You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``.\n + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. \n ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` \n \n You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW.\n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*." }, "IotTopicPublish": { - "$ref": "#/definitions/IotTopicPublish" + "$ref": "#/definitions/IotTopicPublish", + "description": "Information required to publish the MQTT message through the IoT message broker." }, "Lambda": { - "$ref": "#/definitions/Lambda" + "$ref": "#/definitions/Lambda", + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action." }, "Sns": { - "$ref": "#/definitions/Sns" + "$ref": "#/definitions/Sns", + "description": "Information required to publish the Amazon SNS message." }, "Sqs": { - "$ref": "#/definitions/Sqs" + "$ref": "#/definitions/Sqs", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue." } } }, "DynamoDB": { "type": "object", "additionalProperties": false, - "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the alarm model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``.\n + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. \n ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``_raw``.", "properties": { "HashKeyField": { "type": "string", - "description": "The name of the hash key (also called the partition key)." + "description": "The name of the hash key (also called the partition key). The ``hashKeyField`` value must match the partition key of the target DynamoDB table." }, "HashKeyType": { "type": "string", - "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n\n* `STRING` - The hash key is a string.\n\n* `NUMBER` - The hash key is a number.\n\nIf you don't specify `hashKeyType`, the default value is `STRING`." + "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n + ``'STRING'`` - The hash key is a string.\n + ``'NUMBER'`` - The hash key is a number.\n \n If you don't specify ``hashKeyType``, the default value is ``'STRING'``." }, "HashKeyValue": { "type": "string", @@ -134,22 +147,23 @@ }, "Operation": { "type": "string", - "description": "The type of operation to perform. You can specify the following values:\n\n* `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n\n* `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\n* `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\nIf you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation." + "description": "The type of operation to perform. You can specify the following values: \n + ``'INSERT'`` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n + ``'UPDATE'`` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n + ``'DELETE'`` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n \n If you don't specify this parameter, ITE triggers the ``'INSERT'`` operation." }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "PayloadField": { "type": "string", - "description": "The name of the DynamoDB column that receives the action payload.\n\nIf you don't specify this parameter, the name of the DynamoDB column is `payload`." + "description": "The name of the DynamoDB column that receives the action payload.\n If you don't specify this parameter, the name of the DynamoDB column is ``payload``." }, "RangeKeyField": { "type": "string", - "description": "The name of the range key (also called the sort key)." + "description": "The name of the range key (also called the sort key). The ``rangeKeyField`` value must match the sort key of the target DynamoDB table." }, "RangeKeyType": { "type": "string", - "description": "The data type for the range key (also called the sort key), You can specify the following values:\n\n* `STRING` - The range key is a string.\n\n* `NUMBER` - The range key is number.\n\nIf you don't specify `rangeKeyField`, the default value is `STRING`." + "description": "The data type for the range key (also called the sort key), You can specify the following values:\n + ``'STRING'`` - The range key is a string.\n + ``'NUMBER'`` - The range key is number.\n \n If you don't specify ``rangeKeyField``, the default value is ``'STRING'``." }, "RangeKeyValue": { "type": "string", @@ -157,7 +171,7 @@ }, "TableName": { "type": "string", - "description": "The name of the DynamoDB table." + "description": "The name of the DynamoDB table. The ``tableName`` value must match the table name of the target DynamoDB table." } }, "required": [ @@ -169,10 +183,11 @@ "DynamoDBv2": { "type": "object", "additionalProperties": false, - "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the alarm model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n\nYou can use expressions for parameters that are strings. For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``.\n + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. \n ``'{\\\"sensorID\\\": \\\"${$input.GreenhouseInput.sensor_id}\\\", \\\"temperature\\\": \\\"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\\\"}'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n The value for the ``type`` parameter in ``Payload`` must be ``JSON``.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "TableName": { "type": "string", @@ -186,14 +201,15 @@ "Firehose": { "type": "object", "additionalProperties": false, - "description": "Sends information about the alarm model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream.", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream.", "properties": { "DeliveryStreamName": { "type": "string", "description": "The name of the Kinesis Data Firehose delivery stream where the data is written." }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon Data Firehose delivery stream." }, "Separator": { "type": "string", @@ -208,17 +224,18 @@ "IotEvents": { "type": "object", "additionalProperties": false, - "description": "Sends an AWS IoT Events input, passing in information about the alarm model instance and the event that triggered the action.", + "description": "Sends an ITE input, passing in information about the detector model instance and the event that triggered the action.", "properties": { "InputName": { "type": "string", - "description": "The name of the AWS IoT Events input where the data is sent.", + "description": "The name of the ITE input where the data is sent.", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an ITE input." } }, "required": [ @@ -228,42 +245,44 @@ "IotSiteWise": { "type": "object", "additionalProperties": false, - "description": "Sends information about the alarm model instance and the event that triggered the action to a specified asset property in AWS IoT SiteWise.", + "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW.\n You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``.\n + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. \n ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` \n \n You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW.\n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "AssetId": { "type": "string", - "description": "The ID of the asset that has the specified property. You can specify an expression." + "description": "The ID of the asset that has the specified property." }, "EntryId": { "type": "string", - "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression." + "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier." }, "PropertyAlias": { "type": "string", - "description": "The alias of the asset property. You can also specify an expression." + "description": "The alias of the asset property." }, "PropertyId": { "type": "string", - "description": "The ID of the asset property. You can specify an expression." + "description": "The ID of the asset property." }, "PropertyValue": { - "$ref": "#/definitions/AssetPropertyValue" + "$ref": "#/definitions/AssetPropertyValue", + "description": "The value to send to the asset property. This value contains timestamp, quality, and value (TQV) information." } } }, "IotTopicPublish": { "type": "object", "additionalProperties": false, - "description": "Information required to publish the MQTT message through the AWS IoT message broker.", + "description": "Information required to publish the MQTT message through the IoT message broker.", "properties": { "MqttTopic": { "type": "string", - "description": "The MQTT topic of the message. You can use a string expression that includes variables (`$variable.`) and input values (`$input..`) as the topic string.", + "description": "The MQTT topic of the message. You can use a string expression that includes variables (``$variable.``) and input values (``$input..``) as the topic string.", "minLength": 1, "maxLength": 128 }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you publish a message to an IoTCore topic." } }, "required": [ @@ -281,12 +300,14 @@ "maxLength": 2048 }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to a Lambda function." } }, "required": [ "FunctionArn" - ] + ], + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action." }, "Sns": { "type": "object", @@ -294,7 +315,8 @@ "description": "Information required to publish the Amazon SNS message.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message as an Amazon SNS push notification." }, "TargetArn": { "type": "string", @@ -312,7 +334,8 @@ "additionalProperties": false, "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon SQS queue." }, "QueueUrl": { "type": "string", @@ -320,26 +343,27 @@ }, "UseBase64": { "type": "boolean", - "description": "Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`." + "description": "Set this to TRUE if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to FALSE." } }, "required": [ "QueueUrl" - ] + ], + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue." }, "Payload": { "type": "object", "additionalProperties": false, - "description": "Information needed to configure the payload.\n\nBy default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the alarm model instance and the event triggered the action. To configure the action payload, you can use `contentExpression`.", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``.", "properties": { "ContentExpression": { "type": "string", - "description": "The content of the payload. You can use a string expression that includes quoted strings (`''`), variables (`$variable.`), input values (`$input..`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB.", + "description": "The content of the payload. You can use a string expression that includes quoted strings (``''``), variables (``$variable.``), input values (``$input..``), string concatenations, and quoted strings that contain ``${}`` as the content. The recommended maximum size of a content expression is 1 KB.", "minLength": 1 }, "Type": { "type": "string", - "description": "The value of the payload type can be either `STRING` or `JSON`." + "description": "The value of the payload type can be either ``STRING`` or ``JSON``." } }, "required": [ @@ -354,7 +378,7 @@ "properties": { "DisabledOnInitialization": { "type": "boolean", - "description": "The value must be TRUE or FALSE. If FALSE, all alarm instances created based on the alarm model are activated. The default value is TRUE.", + "description": "The value must be ``TRUE`` or ``FALSE``. If ``FALSE``, all alarm instances created based on the alarm model are activated. The default value is ``TRUE``.", "default": "true" } }, @@ -369,7 +393,7 @@ "properties": { "Enabled": { "type": "boolean", - "description": "The value must be TRUE or FALSE. If TRUE, you receive a notification when the alarm state changes. You must choose to acknowledge the notification before the alarm state can return to NORMAL. If FALSE, you won't receive notifications. The alarm automatically changes to the NORMAL state when the input property value returns to the specified range.", + "description": "The value must be ``TRUE`` or ``FALSE``. If ``TRUE``, you receive a notification when the alarm state changes. You must choose to acknowledge the notification before the alarm state can return to ``NORMAL``. If ``FALSE``, you won't receive notifications. The alarm automatically changes to the ``NORMAL`` state when the input property value returns to the specified range.", "default": "true" } } @@ -377,17 +401,19 @@ "AssetPropertyValue": { "type": "object", "additionalProperties": false, - "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyValue``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``quality`` parameter can be ``'GOOD'``.\n + For references, you must specify either variables or input values. For example, the value for the ``quality`` parameter can be ``$input.TemperatureInput.sensorData.quality``.\n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "Quality": { "type": "string", - "description": "The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression." + "description": "The quality of the asset property value. The value must be ``'GOOD'``, ``'BAD'``, or ``'UNCERTAIN'``." }, "Timestamp": { - "$ref": "#/definitions/AssetPropertyTimestamp" + "$ref": "#/definitions/AssetPropertyTimestamp", + "description": "The timestamp associated with the asset property value. The default is the current event time." }, "Value": { - "$ref": "#/definitions/AssetPropertyVariant" + "$ref": "#/definitions/AssetPropertyVariant", + "description": "The value to send to an asset property." } }, "required": [ @@ -397,15 +423,15 @@ "AssetPropertyTimestamp": { "type": "object", "additionalProperties": false, - "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyTimestamp``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``timeInSeconds`` parameter can be ``'1586400675'``.\n + For references, you must specify either variables or input values. For example, the value for the ``offsetInNanos`` parameter can be ``$variable.time``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``timeInSeconds`` parameter uses a substitution template.\n ``'${$input.TemperatureInput.sensorData.timestamp / 1000}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "OffsetInNanos": { "type": "string", - "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression." + "description": "The nanosecond offset converted from ``timeInSeconds``. The valid range is between 0-999999999." }, "TimeInSeconds": { "type": "string", - "description": "The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression." + "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between 1-31556889864403199." } }, "required": [ @@ -415,37 +441,37 @@ "AssetPropertyVariant": { "type": "object", "additionalProperties": false, - "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyVariant``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``integerValue`` parameter can be ``'100'``.\n + For references, you must specify either variables or parameters. For example, the value for the ``booleanValue`` parameter can be ``$variable.offline``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. \n In the following example, the value for the ``doubleValue`` parameter uses a substitution template. \n ``'${$input.TemperatureInput.sensorData.temperature * 6 / 5 + 32}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n You must specify one of the following value types, depending on the ``dataType`` of the specified asset property. For more information, see [AssetProperty](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetProperty.html) in the *API Reference*.", "properties": { "BooleanValue": { "type": "string", - "description": "The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value." + "description": "The asset property value is a Boolean value that must be ``'TRUE'`` or ``'FALSE'``. You must use an expression, and the evaluated result should be a Boolean value." }, "DoubleValue": { "type": "string", - "description": "The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double." + "description": "The asset property value is a double. You must use an expression, and the evaluated result should be a double." }, "IntegerValue": { "type": "string", - "description": "The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer." + "description": "The asset property value is an integer. You must use an expression, and the evaluated result should be an integer." }, "StringValue": { "type": "string", - "description": "The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string." + "description": "The asset property value is a string. You must use an expression, and the evaluated result should be a string." } } }, "Tag": { "type": "object", "additionalProperties": false, - "description": "Tags to be applied to Input.", + "description": "Metadata that can be used to manage the resource.", "properties": { "Key": { - "description": "Key of the Tag.", + "description": "The tag's key.", "type": "string" }, "Value": { - "description": "Value of the Tag.", + "description": "The tag's value.", "type": "string" } }, @@ -465,42 +491,45 @@ }, "AlarmModelDescription": { "type": "string", - "description": "A brief description of the alarm model.", + "description": "The description of the alarm model.", "maxLength": 1024 }, "RoleArn": { "type": "string", - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations.", + "description": "The ARN of the IAM role that allows the alarm to perform actions and access AWS resources. For more information, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.", "minLength": 1, "maxLength": 2048 }, "Key": { "type": "string", - "description": "The value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value.", + "description": "An input attribute used as a key to create an alarm. ITE routes [inputs](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Input.html) associated with this key to the alarm.", "minLength": 1, "maxLength": 128, "pattern": "^((`[\\w\\- ]+`)|([\\w\\-]+))(\\.((`[\\w\\- ]+`)|([\\w\\-]+)))*$" }, "Severity": { "type": "integer", - "description": "A non-negative integer that reflects the severity level of the alarm.\n\n", + "description": "A non-negative integer that reflects the severity level of the alarm.", "minimum": 0, "maximum": 2147483647 }, "AlarmRule": { - "$ref": "#/definitions/AlarmRule" + "$ref": "#/definitions/AlarmRule", + "description": "Defines when your alarm is invoked." }, "AlarmEventActions": { - "$ref": "#/definitions/AlarmEventActions" + "$ref": "#/definitions/AlarmEventActions", + "description": "Contains information about one or more alarm actions." }, "AlarmCapabilities": { - "$ref": "#/definitions/AlarmCapabilities" + "$ref": "#/definitions/AlarmCapabilities", + "description": "Contains the configuration information of alarm state changes." }, "Tags": { "type": "array", "uniqueItems": false, "insertionOrder": false, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", + "description": "A list of key-value pairs that contain metadata for the alarm model. The tags help you manage the alarm model. For more information, see [Tagging your resources](https://docs.aws.amazon.com/iotevents/latest/developerguide/tagging-iotevents.html) in the *Developer Guide*.\n You can create up to 50 tags for one alarm model.", "items": { "$ref": "#/definitions/Tag" } @@ -557,5 +586,17 @@ "iotevents:ListAlarmModels" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "iotevents:UntagResource", + "iotevents:TagResource", + "iotevents:ListTagsForResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_IoTEvents_DetectorModel.json b/internal/service/cloudformation/schemas/AWS_IoTEvents_DetectorModel.json index af4a01b037..9892be93d8 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTEvents_DetectorModel.json +++ b/internal/service/cloudformation/schemas/AWS_IoTEvents_DetectorModel.json @@ -1,6 +1,6 @@ { "typeName": "AWS::IoTEvents::DetectorModel", - "description": "The AWS::IoTEvents::DetectorModel resource creates a detector model. You create a *detector model* (a model of your equipment or process) using *states*. For each state, you define conditional (Boolean) logic that evaluates the incoming inputs to detect significant events. When an event is detected, it can change the state or trigger custom-built or predefined actions using other AWS services. You can define additional events that trigger actions when entering or exiting a state and, optionally, when a condition is met. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*.", + "description": "The AWS::IoTEvents::DetectorModel resource creates a detector model. You create a *detector model* (a model of your equipment or process) using *states*. For each state, you define conditional (Boolean) logic that evaluates the incoming inputs to detect significant events. When an event is detected, it can change the state or trigger custom-built or predefined actions using other AWS services. You can define additional events that trigger actions when entering or exiting a state and, optionally, when a condition is met. For more information, see [How to Use](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *Developer Guide*.\n When you successfully update a detector model (using the ITE console, ITE API or CLI commands, or CFN) all detector instances created by the model are reset to their initial states. (The detector's ``state``, and the values of any variables and timers are reset.)\n When you successfully update a detector model (using the ITE console, ITE API or CLI commands, or CFN) the version number of the detector model is incremented. (A detector model with version number 1 before the update has version number 2 after the update succeeds.)\n If you attempt to update a detector model using CFN and the update does not succeed, the system may, in some cases, restore the original detector model. When this occurs, the detector model's version is incremented twice (for example, from version 1 to version 3) and the detector instances are reset.\n Also, be aware that if you attempt to update several detector models at once using CFN, some updates may succeed and others fail. In this case, the effects on each detector model's detector instances and version number depend on whether the update succeeded or failed, with the results as stated.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "definitions": { "DetectorModelDefinition": { @@ -36,13 +36,16 @@ "description": "Information that defines a state of a detector.", "properties": { "OnEnter": { - "$ref": "#/definitions/OnEnter" + "$ref": "#/definitions/OnEnter", + "description": "When entering this state, perform these ``actions`` if the ``condition`` is TRUE." }, "OnExit": { - "$ref": "#/definitions/OnExit" + "$ref": "#/definitions/OnExit", + "description": "When exiting this state, perform these ``actions`` if the specified ``condition`` is ``TRUE``." }, "OnInput": { - "$ref": "#/definitions/OnInput" + "$ref": "#/definitions/OnInput", + "description": "When an input is received and the ``condition`` is TRUE, perform the specified ``actions``." }, "StateName": { "type": "string", @@ -58,13 +61,13 @@ "OnEnter": { "type": "object", "additionalProperties": false, - "description": "When entering this state, perform these `actions` if the `condition` is `TRUE`.", + "description": "When entering this state, perform these ``actions`` if the ``condition`` is TRUE.", "properties": { "Events": { "type": "array", "uniqueItems": false, "insertionOrder": false, - "description": "Specifies the `actions` that are performed when the state is entered and the `condition` is `TRUE`.", + "description": "Specifies the actions that are performed when the state is entered and the ``condition`` is ``TRUE``.", "items": { "$ref": "#/definitions/Event" } @@ -74,13 +77,13 @@ "OnExit": { "type": "object", "additionalProperties": false, - "description": "When exiting this state, perform these `actions` if the specified `condition` is `TRUE`.", + "description": "When exiting this state, perform these ``actions`` if the specified ``condition`` is ``TRUE``.", "properties": { "Events": { "type": "array", "uniqueItems": false, "insertionOrder": false, - "description": "Specifies the `actions` that are performed when the state is exited and the `condition` is `TRUE`.", + "description": "Specifies the ``actions`` that are performed when the state is exited and the ``condition`` is ``TRUE``.", "items": { "$ref": "#/definitions/Event" } @@ -90,13 +93,13 @@ "OnInput": { "type": "object", "additionalProperties": false, - "description": "When an input is received and the `condition` is `TRUE`, perform the specified `actions`.", + "description": "Specifies the actions performed when the ``condition`` evaluates to TRUE.", "properties": { "Events": { "type": "array", "uniqueItems": false, "insertionOrder": false, - "description": "Specifies the `actions` performed when the `condition` evaluates to `TRUE`.", + "description": "Specifies the actions performed when the ``condition`` evaluates to TRUE.", "items": { "$ref": "#/definitions/Event" } @@ -105,7 +108,7 @@ "type": "array", "uniqueItems": false, "insertionOrder": true, - "description": "Specifies the `actions` performed, and the next `state` entered, when a `condition` evaluates to `TRUE`.", + "description": "Specifies the actions performed, and the next state entered, when a ``condition`` evaluates to TRUE.", "items": { "$ref": "#/definitions/TransitionEvent" } @@ -115,7 +118,7 @@ "Event": { "type": "object", "additionalProperties": false, - "description": "Specifies the `actions` to be performed when the `condition` evaluates to `TRUE`.", + "description": "Specifies the ``actions`` to be performed when the ``condition`` evaluates to TRUE.", "properties": { "Actions": { "type": "array", @@ -128,7 +131,7 @@ }, "Condition": { "type": "string", - "description": "The Boolean expression that, when `TRUE`, causes the `actions` to be performed. If not present, the `actions` are performed (=`TRUE`). If the expression result is not a `Boolean` value, the `actions` are not performed (=`FALSE`).", + "description": "Optional. The Boolean expression that, when TRUE, causes the ``actions`` to be performed. If not present, the actions are performed (=TRUE). If the expression result is not a Boolean value, the actions are not performed (=FALSE).", "maxLength": 512 }, "EventName": { @@ -144,7 +147,7 @@ "TransitionEvent": { "type": "object", "additionalProperties": false, - "description": "Specifies the `actions `performed and the next `state` entered when a `condition` evaluates to `TRUE`.", + "description": "Specifies the actions performed and the next state entered when a ``condition`` evaluates to TRUE.", "properties": { "Actions": { "type": "array", @@ -157,12 +160,12 @@ }, "Condition": { "type": "string", - "description": "A Boolean expression that when `TRUE` causes the `actions` to be performed and the `nextState` to be entered.", + "description": "Required. A Boolean expression that when TRUE causes the actions to be performed and the ``nextState`` to be entered.", "maxLength": 512 }, "EventName": { "type": "string", - "description": "The name of the event.", + "description": "The name of the transition event.", "minLength": 1, "maxLength": 128 }, @@ -182,46 +185,59 @@ "Action": { "type": "object", "additionalProperties": false, - "description": "The actions to be performed.", + "description": "An action to be performed when the ``condition`` is TRUE.", "properties": { "ClearTimer": { - "$ref": "#/definitions/ClearTimer" + "$ref": "#/definitions/ClearTimer", + "description": "Information needed to clear the timer." }, "DynamoDB": { - "$ref": "#/definitions/DynamoDB" + "$ref": "#/definitions/DynamoDB", + "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*." }, "DynamoDBv2": { - "$ref": "#/definitions/DynamoDBv2" + "$ref": "#/definitions/DynamoDBv2", + "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*." }, "Firehose": { - "$ref": "#/definitions/Firehose" + "$ref": "#/definitions/Firehose", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream." }, "IotEvents": { - "$ref": "#/definitions/IotEvents" + "$ref": "#/definitions/IotEvents", + "description": "Sends ITE input, which passes information about the detector model instance and the event that triggered the action." }, "IotSiteWise": { - "$ref": "#/definitions/IotSiteWise" + "$ref": "#/definitions/IotSiteWise", + "description": "Sends information about the detector model instance and the event that triggered the action to an asset property in ITSW ." }, "IotTopicPublish": { - "$ref": "#/definitions/IotTopicPublish" + "$ref": "#/definitions/IotTopicPublish", + "description": "Publishes an MQTT message with the given topic to the IoT message broker." }, "Lambda": { - "$ref": "#/definitions/Lambda" + "$ref": "#/definitions/Lambda", + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action." }, "ResetTimer": { - "$ref": "#/definitions/ResetTimer" + "$ref": "#/definitions/ResetTimer", + "description": "Information needed to reset the timer." }, "SetTimer": { - "$ref": "#/definitions/SetTimer" + "$ref": "#/definitions/SetTimer", + "description": "Information needed to set the timer." }, "SetVariable": { - "$ref": "#/definitions/SetVariable" + "$ref": "#/definitions/SetVariable", + "description": "Sets a variable to a specified value." }, "Sns": { - "$ref": "#/definitions/Sns" + "$ref": "#/definitions/Sns", + "description": "Sends an Amazon SNS message." }, "Sqs": { - "$ref": "#/definitions/Sqs" + "$ref": "#/definitions/Sqs", + "description": "Sends an Amazon SNS message." } } }, @@ -233,7 +249,8 @@ "TimerName": { "type": "string", "minLength": 1, - "maxLength": 128 + "maxLength": 128, + "description": "The name of the timer to clear." } }, "required": [ @@ -243,15 +260,15 @@ "DynamoDB": { "type": "object", "additionalProperties": false, - "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``.\n + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. \n ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``_raw``.", "properties": { "HashKeyField": { "type": "string", - "description": "The name of the hash key (also called the partition key)." + "description": "The name of the hash key (also called the partition key). The ``hashKeyField`` value must match the partition key of the target DynamoDB table." }, "HashKeyType": { "type": "string", - "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n\n* `STRING` - The hash key is a string.\n\n* `NUMBER` - The hash key is a number.\n\nIf you don't specify `hashKeyType`, the default value is `STRING`." + "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n + ``'STRING'`` - The hash key is a string.\n + ``'NUMBER'`` - The hash key is a number.\n \n If you don't specify ``hashKeyType``, the default value is ``'STRING'``." }, "HashKeyValue": { "type": "string", @@ -259,22 +276,23 @@ }, "Operation": { "type": "string", - "description": "The type of operation to perform. You can specify the following values:\n\n* `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n\n* `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\n* `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\nIf you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation." + "description": "The type of operation to perform. You can specify the following values: \n + ``'INSERT'`` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n + ``'UPDATE'`` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n + ``'DELETE'`` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n \n If you don't specify this parameter, ITE triggers the ``'INSERT'`` operation." }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "PayloadField": { "type": "string", - "description": "The name of the DynamoDB column that receives the action payload.\n\nIf you don't specify this parameter, the name of the DynamoDB column is `payload`." + "description": "The name of the DynamoDB column that receives the action payload.\n If you don't specify this parameter, the name of the DynamoDB column is ``payload``." }, "RangeKeyField": { "type": "string", - "description": "The name of the range key (also called the sort key)." + "description": "The name of the range key (also called the sort key). The ``rangeKeyField`` value must match the sort key of the target DynamoDB table." }, "RangeKeyType": { "type": "string", - "description": "The data type for the range key (also called the sort key), You can specify the following values:\n\n* `STRING` - The range key is a string.\n\n* `NUMBER` - The range key is number.\n\nIf you don't specify `rangeKeyField`, the default value is `STRING`." + "description": "The data type for the range key (also called the sort key), You can specify the following values:\n + ``'STRING'`` - The range key is a string.\n + ``'NUMBER'`` - The range key is number.\n \n If you don't specify ``rangeKeyField``, the default value is ``'STRING'``." }, "RangeKeyValue": { "type": "string", @@ -282,7 +300,7 @@ }, "TableName": { "type": "string", - "description": "The name of the DynamoDB table." + "description": "The name of the DynamoDB table. The ``tableName`` value must match the table name of the target DynamoDB table." } }, "required": [ @@ -294,10 +312,11 @@ "DynamoDBv2": { "type": "object", "additionalProperties": false, - "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n\nYou can use expressions for parameters that are strings. For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``.\n + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. \n ``'{\\\"sensorID\\\": \\\"${$input.GreenhouseInput.sensor_id}\\\", \\\"temperature\\\": \\\"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\\\"}'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n The value for the ``type`` parameter in ``Payload`` must be ``JSON``.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "TableName": { "type": "string", @@ -318,7 +337,8 @@ "description": "The name of the Kinesis Data Firehose delivery stream where the data is written." }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon Data Firehose delivery stream." }, "Separator": { "type": "string", @@ -333,17 +353,18 @@ "IotEvents": { "type": "object", "additionalProperties": false, - "description": "Sends an AWS IoT Events input, passing in information about the detector model instance and the event that triggered the action.", + "description": "Sends an ITE input, passing in information about the detector model instance and the event that triggered the action.", "properties": { "InputName": { "type": "string", - "description": "The name of the AWS IoT Events input where the data is sent.", + "description": "The name of the ITE input where the data is sent.", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an ITE input." } }, "required": [ @@ -353,26 +374,27 @@ "IotSiteWise": { "type": "object", "additionalProperties": false, - "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in AWS IoT SiteWise.", + "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW.\n You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``.\n + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. \n ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` \n \n You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW.\n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "AssetId": { "type": "string", - "description": "The ID of the asset that has the specified property. You can specify an expression." + "description": "The ID of the asset that has the specified property." }, "EntryId": { "type": "string", - "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression." + "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier." }, "PropertyAlias": { "type": "string", - "description": "The alias of the asset property. You can also specify an expression." + "description": "The alias of the asset property." }, "PropertyId": { "type": "string", - "description": "The ID of the asset property. You can specify an expression." + "description": "The ID of the asset property." }, "PropertyValue": { - "$ref": "#/definitions/AssetPropertyValue" + "$ref": "#/definitions/AssetPropertyValue", + "description": "The value to send to the asset property. This value contains timestamp, quality, and value (TQV) information." } }, "required": [ @@ -382,16 +404,17 @@ "IotTopicPublish": { "type": "object", "additionalProperties": false, - "description": "Information required to publish the MQTT message through the AWS IoT message broker.", + "description": "Information required to publish the MQTT message through the IoT message broker.", "properties": { "MqttTopic": { "type": "string", - "description": "The MQTT topic of the message. You can use a string expression that includes variables (`$variable.`) and input values (`$input..`) as the topic string.", + "description": "The MQTT topic of the message. You can use a string expression that includes variables (``$variable.``) and input values (``$input..``) as the topic string.", "minLength": 1, "maxLength": 128 }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you publish a message to an IoTCore topic." } }, "required": [ @@ -409,12 +432,14 @@ "maxLength": 2048 }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to a Lambda function." } }, "required": [ "FunctionArn" - ] + ], + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action." }, "ResetTimer": { "type": "object", @@ -439,13 +464,13 @@ "properties": { "DurationExpression": { "type": "string", - "description": "The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (`$variable.`), and input values (`$input..`) as the duration. The range of the duration is `1-31622400` seconds. To ensure accuracy, the minimum duration is `60` seconds. The evaluated result of the duration is rounded down to the nearest whole number.", + "description": "The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (``$variable.``), and input values (``$input..``) as the duration. The range of the duration is 1-31622400 seconds. To ensure accuracy, the minimum duration is 60 seconds. The evaluated result of the duration is rounded down to the nearest whole number.", "minLength": 1, "maxLength": 1024 }, "Seconds": { "type": "integer", - "description": "The number of seconds until the timer expires. The minimum value is `60` seconds to ensure accuracy. The maximum value is `31622400` seconds.", + "description": "The number of seconds until the timer expires. The minimum value is 60 seconds to ensure accuracy. The maximum value is 31622400 seconds.", "minimum": 60, "maximum": 31622400 }, @@ -490,7 +515,8 @@ "description": "Information required to publish the Amazon SNS message.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message as an Amazon SNS push notification." }, "TargetArn": { "type": "string", @@ -508,7 +534,8 @@ "additionalProperties": false, "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon SQS queue." }, "QueueUrl": { "type": "string", @@ -516,27 +543,30 @@ }, "UseBase64": { "type": "boolean", - "description": "Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`." + "description": "Set this to TRUE if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to FALSE." } }, "required": [ "QueueUrl" - ] + ], + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue." }, "AssetPropertyValue": { "type": "object", "additionalProperties": false, - "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyValue``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``quality`` parameter can be ``'GOOD'``.\n + For references, you must specify either variables or input values. For example, the value for the ``quality`` parameter can be ``$input.TemperatureInput.sensorData.quality``.\n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "Quality": { "type": "string", - "description": "The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression." + "description": "The quality of the asset property value. The value must be ``'GOOD'``, ``'BAD'``, or ``'UNCERTAIN'``." }, "Timestamp": { - "$ref": "#/definitions/AssetPropertyTimestamp" + "$ref": "#/definitions/AssetPropertyTimestamp", + "description": "The timestamp associated with the asset property value. The default is the current event time." }, "Value": { - "$ref": "#/definitions/AssetPropertyVariant" + "$ref": "#/definitions/AssetPropertyVariant", + "description": "The value to send to an asset property." } }, "required": [ @@ -546,15 +576,15 @@ "AssetPropertyTimestamp": { "type": "object", "additionalProperties": false, - "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyTimestamp``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``timeInSeconds`` parameter can be ``'1586400675'``.\n + For references, you must specify either variables or input values. For example, the value for the ``offsetInNanos`` parameter can be ``$variable.time``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``timeInSeconds`` parameter uses a substitution template.\n ``'${$input.TemperatureInput.sensorData.timestamp / 1000}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "OffsetInNanos": { "type": "string", - "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression." + "description": "The nanosecond offset converted from ``timeInSeconds``. The valid range is between 0-999999999." }, "TimeInSeconds": { "type": "string", - "description": "The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression." + "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between 1-31556889864403199." } }, "required": [ @@ -564,39 +594,39 @@ "AssetPropertyVariant": { "type": "object", "additionalProperties": false, - "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyVariant``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``integerValue`` parameter can be ``'100'``.\n + For references, you must specify either variables or parameters. For example, the value for the ``booleanValue`` parameter can be ``$variable.offline``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. \n In the following example, the value for the ``doubleValue`` parameter uses a substitution template. \n ``'${$input.TemperatureInput.sensorData.temperature * 6 / 5 + 32}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n You must specify one of the following value types, depending on the ``dataType`` of the specified asset property. For more information, see [AssetProperty](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetProperty.html) in the *API Reference*.", "properties": { "BooleanValue": { "type": "string", - "description": "The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value." + "description": "The asset property value is a Boolean value that must be ``'TRUE'`` or ``'FALSE'``. You must use an expression, and the evaluated result should be a Boolean value." }, "DoubleValue": { "type": "string", - "description": "The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double." + "description": "The asset property value is a double. You must use an expression, and the evaluated result should be a double." }, "IntegerValue": { "type": "string", - "description": "The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer." + "description": "The asset property value is an integer. You must use an expression, and the evaluated result should be an integer." }, "StringValue": { "type": "string", - "description": "The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string." + "description": "The asset property value is a string. You must use an expression, and the evaluated result should be a string." } } }, "Payload": { "type": "object", "additionalProperties": false, - "description": "Information needed to configure the payload.\n\nBy default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use `contentExpression`.", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``.", "properties": { "ContentExpression": { "type": "string", - "description": "The content of the payload. You can use a string expression that includes quoted strings (`''`), variables (`$variable.`), input values (`$input..`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB.", + "description": "The content of the payload. You can use a string expression that includes quoted strings (``''``), variables (``$variable.``), input values (``$input..``), string concatenations, and quoted strings that contain ``${}`` as the content. The recommended maximum size of a content expression is 1 KB.", "minLength": 1 }, "Type": { "type": "string", - "description": "The value of the payload type can be either `STRING` or `JSON`." + "description": "The value of the payload type can be either ``STRING`` or ``JSON``." } }, "required": [ @@ -607,14 +637,14 @@ "Tag": { "type": "object", "additionalProperties": false, - "description": "Tags to be applied to Input.", + "description": "Metadata that can be used to manage the resource.", "properties": { "Key": { - "description": "Key of the Tag.", + "description": "The tag's key.", "type": "string" }, "Value": { - "description": "Value of the Tag.", + "description": "The tag's value.", "type": "string" } }, @@ -626,7 +656,8 @@ }, "properties": { "DetectorModelDefinition": { - "$ref": "#/definitions/DetectorModelDefinition" + "$ref": "#/definitions/DetectorModelDefinition", + "description": "Information that defines how a detector operates." }, "DetectorModelDescription": { "type": "string", @@ -650,14 +681,14 @@ }, "Key": { "type": "string", - "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value.", + "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. ITE can continue to route input to its corresponding detector instance based on this identifying information. \n This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value.", "minLength": 1, "maxLength": 128, "pattern": "^((`[\\w\\- ]+`)|([\\w\\-]+))(\\.((`[\\w\\- ]+`)|([\\w\\-]+)))*$" }, "RoleArn": { "type": "string", - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations.", + "description": "The ARN of the role that grants permission to ITE to perform its operations.", "minLength": 1, "maxLength": 2048 }, @@ -665,7 +696,7 @@ "type": "array", "uniqueItems": false, "insertionOrder": false, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "items": { "$ref": "#/definitions/Tag" } @@ -683,7 +714,6 @@ "/properties/DetectorModelName", "/properties/Key" ], - "taggable": true, "handlers": { "create": { "permissions": [ @@ -723,5 +753,17 @@ "iotevents:ListDetectorModels" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "iotevents:UntagResource", + "iotevents:TagResource", + "iotevents:ListTagsForResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_IoTEvents_Input.json b/internal/service/cloudformation/schemas/AWS_IoTEvents_Input.json index f588a9c90f..15fc631bff 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTEvents_Input.json +++ b/internal/service/cloudformation/schemas/AWS_IoTEvents_Input.json @@ -1,6 +1,6 @@ { "typeName": "AWS::IoTEvents::Input", - "description": "The AWS::IoTEvents::Input resource creates an input. To monitor your devices and processes, they must have a way to get telemetry data into AWS IoT Events. This is done by sending messages as *inputs* to AWS IoT Events. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*.", + "description": "The AWS::IoTEvents::Input resource creates an input. To monitor your devices and processes, they must have a way to get telemetry data into ITE. This is done by sending messages as *inputs* to ITE. For more information, see [How to Use](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *Developer Guide*.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iotevents.git", "definitions": { "InputDefinition": { @@ -12,7 +12,7 @@ "type": "array", "uniqueItems": true, "insertionOrder": false, - "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input.", + "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the ITE system using ``BatchPutMessage``. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the ``condition`` expressions used by detectors that monitor this input.", "minItems": 1, "maxItems": 200, "items": { @@ -27,10 +27,10 @@ "Attribute": { "type": "object", "additionalProperties": false, - "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input.", + "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the ITE system using ``BatchPutMessage``. Each such message contains a JSON payload. Those attributes (and their paired values) specified here are available for use in the ``condition`` expressions used by detectors.", "properties": { "JsonPath": { - "description": "An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to AWS IoT Events (`BatchPutMessage`). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the `condition` expressions used by detectors.\n\n_Syntax_: `....`", + "description": "An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to ITE (``BatchPutMessage``). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the ``condition`` expressions used by detectors. \n Syntax: ``....``", "minLength": 1, "maxLength": 128, "pattern": "^((`[a-zA-Z0-9_\\- ]+`)|([a-zA-Z0-9_\\-]+))(\\.((`[a-zA-Z0-9_\\- ]+`)|([a-zA-Z0-9_\\-]+)))*$", @@ -44,14 +44,14 @@ "Tag": { "type": "object", "additionalProperties": false, - "description": "Tags to be applied to Input.", + "description": "Metadata that can be used to manage the resource.", "properties": { "Key": { - "description": "Key of the Tag.", + "description": "The tag's key.", "type": "string" }, "Value": { - "description": "Value of the Tag.", + "description": "The tag's value.", "type": "string" } }, @@ -63,7 +63,8 @@ }, "properties": { "InputDefinition": { - "$ref": "#/definitions/InputDefinition" + "$ref": "#/definitions/InputDefinition", + "description": "The definition of the input." }, "InputDescription": { "description": "A brief description of the input.", @@ -82,7 +83,7 @@ "type": "array", "uniqueItems": false, "insertionOrder": false, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "items": { "$ref": "#/definitions/Tag" } @@ -98,7 +99,6 @@ "createOnlyProperties": [ "/properties/InputName" ], - "taggable": true, "handlers": { "create": { "permissions": [ @@ -134,5 +134,17 @@ "iotevents:ListInputs" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "iotevents:UntagResource", + "iotevents:TagResource", + "iotevents:ListTagsForResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_IoTFleetWise_SignalCatalog.json b/internal/service/cloudformation/schemas/AWS_IoTFleetWise_SignalCatalog.json index 41b044f8e1..78be4b1136 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTFleetWise_SignalCatalog.json +++ b/internal/service/cloudformation/schemas/AWS_IoTFleetWise_SignalCatalog.json @@ -310,7 +310,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "iotfleetwise:UntagResource", + "iotfleetwise:TagResource", + "iotfleetwise:ListTagsForResource" + ] }, "readOnlyProperties": [ "/properties/Arn", diff --git a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_ComponentType.json b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_ComponentType.json index 623ae485cc..6cb84bed6a 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_ComponentType.json +++ b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_ComponentType.json @@ -479,7 +479,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ] }, "required": [ "WorkspaceId", diff --git a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Entity.json b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Entity.json index a777ca93bb..bd434d7dc3 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Entity.json +++ b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Entity.json @@ -512,7 +512,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ] }, "required": [ "WorkspaceId", diff --git a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Scene.json b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Scene.json index 94831655d7..41131c6eb7 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Scene.json +++ b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Scene.json @@ -112,7 +112,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ] }, "required": [ "WorkspaceId", diff --git a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_SyncJob.json b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_SyncJob.json index b410ee1666..cd0eb67794 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_SyncJob.json +++ b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_SyncJob.json @@ -91,7 +91,12 @@ "tagOnCreate": true, "tagUpdatable": false, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ] }, "handlers": { "create": { diff --git a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Workspace.json b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Workspace.json index e8c8e0153c..e0beb0a681 100644 --- a/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Workspace.json +++ b/internal/service/cloudformation/schemas/AWS_IoTTwinMaker_Workspace.json @@ -67,7 +67,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ] }, "required": [ "WorkspaceId", diff --git a/internal/service/cloudformation/schemas/AWS_IoT_DomainConfiguration.json b/internal/service/cloudformation/schemas/AWS_IoT_DomainConfiguration.json index 354eac704f..d057f2f9a0 100644 --- a/internal/service/cloudformation/schemas/AWS_IoT_DomainConfiguration.json +++ b/internal/service/cloudformation/schemas/AWS_IoT_DomainConfiguration.json @@ -59,6 +59,17 @@ }, "additionalProperties": false }, + "ClientCertificateConfig": { + "type": "object", + "properties": { + "ClientCertificateCallbackArn": { + "type": "string", + "minLength": 1, + "maxLength": 170 + } + }, + "additionalProperties": false + }, "Tag": { "type": "object", "properties": { @@ -146,6 +157,28 @@ "TlsConfig": { "$ref": "#/definitions/TlsConfig" }, + "AuthenticationType": { + "type": "string", + "enum": [ + "AWS_X509", + "CUSTOM_AUTH", + "AWS_SIGV4", + "CUSTOM_AUTH_X509", + "DEFAULT" + ] + }, + "ApplicationProtocol": { + "type": "string", + "enum": [ + "SECURE_MQTT", + "MQTT_WSS", + "HTTPS", + "DEFAULT" + ] + }, + "ClientCertificateConfig": { + "$ref": "#/definitions/ClientCertificateConfig" + }, "Tags": { "type": "array", "uniqueItems": true, diff --git a/internal/service/cloudformation/schemas/AWS_Kinesis_Stream.json b/internal/service/cloudformation/schemas/AWS_Kinesis_Stream.json index e8c759752c..ad1c28e796 100644 --- a/internal/service/cloudformation/schemas/AWS_Kinesis_Stream.json +++ b/internal/service/cloudformation/schemas/AWS_Kinesis_Stream.json @@ -1,6 +1,11 @@ { "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kinesis.git", "tagging": { + "permissions": [ + "kinesis:AddTagsToStream", + "kinesis:RemoveTagsFromStream", + "kinesis:ListTagsForStream" + ], "taggable": true, "tagOnCreate": true, "tagUpdatable": true, @@ -63,6 +68,7 @@ "createOnlyProperties": [ "/properties/Name" ], + "$comment": "Do not set SystemTags to true without implementing a fail-open mechanism. It should not fail when adding systemTags for customers without AddTagsToStream Permission. Cloudformation will automatically add system tags even if customer does not have the AddTagsToStream permission. COE: https://www.coe.a2z.com/coe/236297/content", "additionalProperties": false, "primaryIdentifier": [ "/properties/Name" diff --git a/internal/service/cloudformation/schemas/AWS_LakeFormation_PrincipalPermissions.json b/internal/service/cloudformation/schemas/AWS_LakeFormation_PrincipalPermissions.json index 0b47add905..6a8fbe3ba3 100644 --- a/internal/service/cloudformation/schemas/AWS_LakeFormation_PrincipalPermissions.json +++ b/internal/service/cloudformation/schemas/AWS_LakeFormation_PrincipalPermissions.json @@ -355,8 +355,9 @@ "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", - "CREATE_TAG", - "ASSOCIATE" + "CREATE_LF_TAG", + "ASSOCIATE", + "GRANT_WITH_LF_TAG_EXPRESSION" ] }, "LFTagKey": { diff --git a/internal/service/cloudformation/schemas/AWS_LakeFormation_Tag.json b/internal/service/cloudformation/schemas/AWS_LakeFormation_Tag.json index 99cc4e7270..212dbc0259 100644 --- a/internal/service/cloudformation/schemas/AWS_LakeFormation_Tag.json +++ b/internal/service/cloudformation/schemas/AWS_LakeFormation_Tag.json @@ -27,7 +27,7 @@ }, "insertionOrder": false, "minItems": 1, - "maxItems": 50 + "maxItems": 1000 } }, "properties": { diff --git a/internal/service/cloudformation/schemas/AWS_Lambda_EventSourceMapping.json b/internal/service/cloudformation/schemas/AWS_Lambda_EventSourceMapping.json index 934be5e7ad..cfae6a71a8 100644 --- a/internal/service/cloudformation/schemas/AWS_Lambda_EventSourceMapping.json +++ b/internal/service/cloudformation/schemas/AWS_Lambda_EventSourceMapping.json @@ -1,249 +1,112 @@ { - "typeName": "AWS::Lambda::EventSourceMapping", - "description": "The ``AWS::Lambda::EventSourceMapping`` resource creates a mapping between an event source and an LAMlong function. LAM reads items from the event source and triggers the function.\n For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source. \n + [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping) \n + [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping) \n + [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource) \n + [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping) \n + [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) \n + [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) \n + [Configuring Amazon DocumentDB as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html)", - "additionalProperties": false, - "properties": { - "Id": { - "description": "", - "type": "string", - "pattern": "[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}", - "minLength": 36, - "maxLength": 36 - }, - "BatchSize": { - "description": "The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).\n + *Amazon Kinesis* ? Default 100. Max 10,000.\n + *Amazon DynamoDB Streams* ? Default 100. Max 10,000.\n + *Amazon Simple Queue Service* ? Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.\n + *Amazon Managed Streaming for Apache Kafka* ? Default 100. Max 10,000.\n + *Self-managed Apache Kafka* ? Default 100. Max 10,000.\n + *Amazon MQ (ActiveMQ and RabbitMQ)* ? Default 100. Max 10,000.\n + *DocumentDB* ? Default 100. Max 10,000.", - "type": "integer", - "minimum": 1, - "maximum": 10000 - }, - "BisectBatchOnFunctionError": { - "description": "(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.", - "type": "boolean" - }, - "DestinationConfig": { - "description": "(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.", - "$ref": "#/definitions/DestinationConfig" - }, - "Enabled": { - "description": "When true, the event source mapping is active. When false, Lambda pauses polling and invocation.\n Default: True", - "type": "boolean" - }, - "EventSourceArn": { - "description": "The Amazon Resource Name (ARN) of the event source.\n + *Amazon Kinesis* ? The ARN of the data stream or a stream consumer.\n + *Amazon DynamoDB Streams* ? The ARN of the stream.\n + *Amazon Simple Queue Service* ? The ARN of the queue.\n + *Amazon Managed Streaming for Apache Kafka* ? The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)).\n + *Amazon MQ* ? The ARN of the broker.\n + *Amazon DocumentDB* ? The ARN of the DocumentDB change stream.", - "type": "string", - "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", - "minLength": 12, - "maxLength": 1024 - }, - "EventSourceMappingArn": { - "description": "", - "type": "string", - "pattern": "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:event-source-mapping:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}", - "minLength": 85, - "maxLength": 120 - }, - "FilterCriteria": { - "description": "An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html).", - "$ref": "#/definitions/FilterCriteria" - }, - "KmsKeyArn": { - "description": "The ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics).", - "type": "string", - "pattern": "(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()", - "minLength": 12, - "maxLength": 2048 - }, - "FunctionName": { - "description": "The name or ARN of the Lambda function.\n **Name formats**\n + *Function name* ? ``MyFunction``.\n + *Function ARN* ? ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``.\n + *Version or Alias ARN* ? ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``.\n + *Partial ARN* ? ``123456789012:function:MyFunction``.\n \n The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.", - "type": "string", - "pattern": "(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?", - "minLength": 1, - "maxLength": 140 - }, - "MaximumBatchingWindowInSeconds": { - "description": "The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.\n *Default (, , event sources)*: 0\n *Default (, Kafka, , event sources)*: 500 ms\n *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1.", - "type": "integer", - "minimum": 0, - "maximum": 300 - }, - "MaximumRecordAgeInSeconds": { - "description": "(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.\n The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed", - "type": "integer", - "minimum": -1, - "maximum": 604800 - }, - "MaximumRetryAttempts": { - "description": "(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.", - "type": "integer", - "minimum": -1, - "maximum": 10000 - }, - "ParallelizationFactor": { - "description": "(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.", - "type": "integer", - "minimum": 1, - "maximum": 10 - }, - "StartingPosition": { - "description": "The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB.\n + *LATEST* - Read only new records.\n + *TRIM_HORIZON* - Process all available records.\n + *AT_TIMESTAMP* - Specify a time from which to start reading records.", - "type": "string", - "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", - "minLength": 6, - "maxLength": 12 - }, - "StartingPositionTimestamp": { - "description": "With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future.", - "type": "number" - }, - "Tags": { - "description": "", - "type": "array", - "uniqueItems": true, - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Tag" - } - }, - "Topics": { - "description": "The name of the Kafka topic.", - "type": "array", - "uniqueItems": true, - "items": { - "type": "string", - "pattern": "^[^.]([a-zA-Z0-9\\-_.]+)", - "minLength": 1, - "maxLength": 249 - }, - "minItems": 1, - "maxItems": 1 - }, - "Queues": { - "description": "(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.", - "type": "array", - "uniqueItems": true, - "items": { - "type": "string", - "pattern": "[\\s\\S]*", - "minLength": 1, - "maxLength": 1000 - }, - "minItems": 1, - "maxItems": 1 - }, - "SourceAccessConfigurations": { - "description": "An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.", - "type": "array", - "uniqueItems": true, - "items": { - "$ref": "#/definitions/SourceAccessConfiguration" - }, - "minItems": 1, - "maxItems": 22 - }, - "TumblingWindowInSeconds": { - "description": "(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.", - "type": "integer", - "minimum": 0, - "maximum": 900 - }, - "FunctionResponseTypes": { - "description": "(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``", - "type": "array", - "uniqueItems": true, - "items": { - "type": "string", - "enum": [ - "ReportBatchItemFailures" - ] - }, - "minLength": 0, - "maxLength": 1 - }, - "SelfManagedEventSource": { - "description": "The self-managed Apache Kafka cluster for your event source.", - "$ref": "#/definitions/SelfManagedEventSource" + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "tagProperty": "/properties/Tags", + "cloudFormationSystemTags": true + }, + "propertyTransform": { + "/properties/StartingPositionTimestamp": "StartingPositionTimestamp * 1000" + }, + "handlers": { + "read": { + "permissions": [ + "lambda:GetEventSourceMapping", + "lambda:ListTags", + "kms:Decrypt" + ] }, - "AmazonManagedKafkaEventSourceConfig": { - "description": "Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.", - "$ref": "#/definitions/AmazonManagedKafkaEventSourceConfig" + "create": { + "permissions": [ + "lambda:CreateEventSourceMapping", + "lambda:GetEventSourceMapping", + "lambda:TagResource", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ] }, - "SelfManagedKafkaEventSourceConfig": { - "description": "Specific configuration settings for a self-managed Apache Kafka event source.", - "$ref": "#/definitions/SelfManagedKafkaEventSourceConfig" + "update": { + "permissions": [ + "lambda:UpdateEventSourceMapping", + "lambda:GetEventSourceMapping", + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ] }, - "ScalingConfig": { - "description": "(Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency).", - "$ref": "#/definitions/ScalingConfig" + "list": { + "permissions": [ + "lambda:ListEventSourceMappings" + ] }, - "DocumentDBEventSourceConfig": { - "description": "Specific configuration settings for a DocumentDB event source.", - "$ref": "#/definitions/DocumentDBEventSourceConfig" + "delete": { + "permissions": [ + "lambda:DeleteEventSourceMapping", + "lambda:GetEventSourceMapping", + "kms:Decrypt" + ] } }, + "typeName": "AWS::Lambda::EventSourceMapping", + "readOnlyProperties": [ + "/properties/Id", + "/properties/EventSourceMappingArn" + ], + "description": "The ``AWS::Lambda::EventSourceMapping`` resource creates a mapping between an event source and an LAMlong function. LAM reads items from the event source and triggers the function.\n For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source. \n + [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping) \n + [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping) \n + [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource) \n + [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping) \n + [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) \n + [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) \n + [Configuring Amazon DocumentDB as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html)", + "createOnlyProperties": [ + "/properties/EventSourceArn", + "/properties/StartingPosition", + "/properties/StartingPositionTimestamp", + "/properties/SelfManagedEventSource", + "/properties/AmazonManagedKafkaEventSourceConfig", + "/properties/SelfManagedKafkaEventSourceConfig" + ], + "additionalProperties": false, + "primaryIdentifier": [ + "/properties/Id" + ], "definitions": { - "DestinationConfig": { - "type": "object", + "ScalingConfig": { + "description": "(Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value.", "additionalProperties": false, - "description": "A configuration object that specifies the destination of an event after Lambda processes it.", - "properties": { - "OnFailure": { - "description": "The destination configuration for failed invocations.", - "$ref": "#/definitions/OnFailure" - } - } - }, - "FilterCriteria": { "type": "object", - "description": "An object that contains the filters for an event source.", - "additionalProperties": false, "properties": { - "Filters": { - "description": "A list of filters.", - "type": "array", - "uniqueItems": true, - "items": { - "$ref": "#/definitions/Filter" - }, - "minItems": 1, - "maxItems": 20 + "MaximumConcurrency": { + "description": "Limits the number of concurrent instances that the SQS event source can invoke.", + "$ref": "#/definitions/MaximumConcurrency" } } }, - "Filter": { - "type": "object", - "description": "A structure within a ``FilterCriteria`` object that defines an event filtering pattern.", + "SelfManagedEventSource": { + "description": "The self-managed Apache Kafka cluster for your event source.", "additionalProperties": false, - "properties": { - "Pattern": { - "type": "string", - "description": "A filter pattern. For more information on the syntax of a filter pattern, see [Filter rule syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax).", - "pattern": ".*", - "minLength": 0, - "maxLength": 4096 - } - } - }, - "OnFailure": { "type": "object", - "description": "A destination for events that failed processing.", - "additionalProperties": false, "properties": { - "Destination": { - "description": "The Amazon Resource Name (ARN) of the destination resource.\n To retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations), you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n To retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations), you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n To retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination), you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", - "type": "string", - "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", - "minLength": 12, - "maxLength": 1024 + "Endpoints": { + "description": "The list of bootstrap servers for your Kafka brokers in the following format: ``\"KafkaBootstrapServers\": [\"abc.xyz.com:xxxx\",\"abc2.xyz.com:xxxx\"]``.", + "$ref": "#/definitions/Endpoints" } } }, + "MaximumConcurrency": { + "description": "The maximum number of concurrent functions that an event source can invoke.", + "maximum": 1000, + "type": "integer", + "minimum": 2 + }, "SourceAccessConfiguration": { - "type": "object", - "additionalProperties": false, "description": "An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.", + "additionalProperties": false, + "type": "object", "properties": { "Type": { - "description": "The type of authentication protocol, VPC components, or virtual host for your event source. For example: ``\"Type\":\"SASL_SCRAM_512_AUTH\"``.\n + ``BASIC_AUTH`` ? (Amazon MQ) The ASMlong secret that stores your broker credentials.\n + ``BASIC_AUTH`` ? (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.\n + ``VPC_SUBNET`` ? (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.\n + ``VPC_SECURITY_GROUP`` ? (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.\n + ``SASL_SCRAM_256_AUTH`` ? (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.\n + ``SASL_SCRAM_512_AUTH`` ? (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.\n + ``VIRTUAL_HOST`` ?- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.\n + ``CLIENT_CERTIFICATE_TLS_AUTH`` ? (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.\n + ``SERVER_ROOT_CA_CERTIFICATE`` ? (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.", + "description": "The type of authentication protocol, VPC components, or virtual host for your event source. For example: ``\"Type\":\"SASL_SCRAM_512_AUTH\"``.\n + ``BASIC_AUTH`` \u2013 (Amazon MQ) The ASMlong secret that stores your broker credentials.\n + ``BASIC_AUTH`` \u2013 (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.\n + ``VPC_SUBNET`` \u2013 (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.\n + ``VPC_SECURITY_GROUP`` \u2013 (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.\n + ``SASL_SCRAM_256_AUTH`` \u2013 (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.\n + ``SASL_SCRAM_512_AUTH`` \u2013 (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.\n + ``VIRTUAL_HOST`` \u2013- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.\n + ``CLIENT_CERTIFICATE_TLS_AUTH`` \u2013 (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.\n + ``SERVER_ROOT_CA_CERTIFICATE`` \u2013 (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.", + "type": "string", "enum": [ "BASIC_AUTH", "VPC_SUBNET", @@ -253,72 +116,129 @@ "VIRTUAL_HOST", "CLIENT_CERTIFICATE_TLS_AUTH", "SERVER_ROOT_CA_CERTIFICATE" - ], - "type": "string" + ] }, "URI": { + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", "description": "The value for your chosen configuration in ``Type``. For example: ``\"URI\": \"arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName\"``.", "type": "string", - "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", - "minLength": 1, "maxLength": 200 } } }, - "SelfManagedEventSource": { - "type": "object", + "FilterCriteria": { + "description": "An object that contains the filters for an event source.", "additionalProperties": false, - "description": "The self-managed Apache Kafka cluster for your event source.", + "type": "object", "properties": { - "Endpoints": { - "description": "The list of bootstrap servers for your Kafka brokers in the following format: ``\"KafkaBootstrapServers\": [\"abc.xyz.com:xxxx\",\"abc2.xyz.com:xxxx\"]``.", - "$ref": "#/definitions/Endpoints" + "Filters": { + "minItems": 1, + "maxItems": 20, + "uniqueItems": true, + "description": "A list of filters.", + "type": "array", + "items": { + "$ref": "#/definitions/Filter" + } } } }, - "Endpoints": { + "SelfManagedKafkaEventSourceConfig": { + "description": "Specific configuration settings for a self-managed Apache Kafka event source.", + "additionalProperties": false, "type": "object", + "properties": { + "ConsumerGroupId": { + "description": "The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id).", + "$ref": "#/definitions/ConsumerGroupId" + } + } + }, + "DocumentDBEventSourceConfig": { + "description": "Specific configuration settings for a DocumentDB event source.", "additionalProperties": false, + "type": "object", + "properties": { + "FullDocument": { + "description": "Determines what DocumentDB sends to your event stream during document update operations. If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes.", + "type": "string", + "enum": [ + "UpdateLookup", + "Default" + ] + }, + "CollectionName": { + "minLength": 1, + "description": "The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections.", + "type": "string", + "maxLength": 57 + }, + "DatabaseName": { + "minLength": 1, + "description": "The name of the database to consume within the DocumentDB cluster.", + "type": "string", + "maxLength": 63 + } + } + }, + "Endpoints": { "description": "The list of bootstrap servers for your Kafka brokers in the following format: ``\"KafkaBootstrapServers\": [\"abc.xyz.com:xxxx\",\"abc2.xyz.com:xxxx\"]``.", + "additionalProperties": false, + "type": "object", "properties": { "KafkaBootstrapServers": { - "type": "array", - "description": "The list of bootstrap servers for your Kafka brokers in the following format: ``\"KafkaBootstrapServers\": [\"abc.xyz.com:xxxx\",\"abc2.xyz.com:xxxx\"]``.", + "minItems": 1, + "maxItems": 10, "uniqueItems": true, + "description": "The list of bootstrap servers for your Kafka brokers in the following format: ``\"KafkaBootstrapServers\": [\"abc.xyz.com:xxxx\",\"abc2.xyz.com:xxxx\"]``.", + "type": "array", "items": { - "type": "string", - "description": "The URL of a Kafka server.", - "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}", "minLength": 1, + "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}", + "description": "The URL of a Kafka server.", + "type": "string", "maxLength": 300 - }, - "minItems": 1, - "maxItems": 10 + } + } + } + }, + "DestinationConfig": { + "description": "A configuration object that specifies the destination of an event after Lambda processes it.", + "additionalProperties": false, + "type": "object", + "properties": { + "OnFailure": { + "description": "The destination configuration for failed invocations.", + "$ref": "#/definitions/OnFailure" } } }, "ConsumerGroupId": { + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", "description": "The identifier for the Kafka Consumer Group to join.", "type": "string", - "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", - "minLength": 1, "maxLength": 200 }, - "AmazonManagedKafkaEventSourceConfig": { - "description": "Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.", - "type": "object", + "Filter": { + "description": "A structure within a ``FilterCriteria`` object that defines an event filtering pattern.", "additionalProperties": false, + "type": "object", "properties": { - "ConsumerGroupId": { - "description": "The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id).", - "$ref": "#/definitions/ConsumerGroupId" + "Pattern": { + "minLength": 0, + "pattern": ".*", + "description": "A filter pattern. For more information on the syntax of a filter pattern, see [Filter rule syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax).", + "type": "string", + "maxLength": 4096 } } }, - "SelfManagedKafkaEventSourceConfig": { - "description": "Specific configuration settings for a self-managed Apache Kafka event source.", - "type": "object", + "AmazonManagedKafkaEventSourceConfig": { + "description": "Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.", "additionalProperties": false, + "type": "object", "properties": { "ConsumerGroupId": { "description": "The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id).", @@ -326,69 +246,39 @@ } } }, - "MaximumConcurrency": { - "description": "The maximum number of concurrent functions that an event source can invoke.", - "type": "integer", - "minimum": 2, - "maximum": 1000 - }, - "ScalingConfig": { - "description": "(Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value.", - "type": "object", - "additionalProperties": false, - "properties": { - "MaximumConcurrency": { - "description": "Limits the number of concurrent instances that the SQS event source can invoke.", - "$ref": "#/definitions/MaximumConcurrency" - } - } - }, "Tag": { - "type": "object", + "description": "A [tag](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the event source mapping.", "additionalProperties": false, + "type": "object", "properties": { - "Key": { - "type": "string", - "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", - "minLength": 1, - "maxLength": 128 - }, "Value": { - "type": "string", - "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "minLength": 0, + "description": "The value for this tag.", + "type": "string", "maxLength": 256 + }, + "Key": { + "minLength": 1, + "description": "The key for this tag.", + "type": "string", + "maxLength": 128 } }, "required": [ "Key" - ], - "description": "" + ] }, - "DocumentDBEventSourceConfig": { - "description": "Specific configuration settings for a DocumentDB event source.", - "type": "object", + "OnFailure": { + "description": "A destination for events that failed processing.", "additionalProperties": false, + "type": "object", "properties": { - "DatabaseName": { - "description": "The name of the database to consume within the DocumentDB cluster.", - "type": "string", - "minLength": 1, - "maxLength": 63 - }, - "CollectionName": { - "description": "The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections.", - "type": "string", - "minLength": 1, - "maxLength": 57 - }, - "FullDocument": { - "description": "Determines what DocumentDB sends to your event stream during document update operations. If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes.", + "Destination": { + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "description": "The Amazon Resource Name (ARN) of the destination resource.\n To retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations), you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n To retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations), you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n To retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination), you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", "type": "string", - "enum": [ - "UpdateLookup", - "Default" - ] + "maxLength": 1024 } } } @@ -396,72 +286,182 @@ "required": [ "FunctionName" ], - "createOnlyProperties": [ - "/properties/EventSourceArn", - "/properties/StartingPosition", - "/properties/StartingPositionTimestamp", - "/properties/SelfManagedEventSource", - "/properties/AmazonManagedKafkaEventSourceConfig", - "/properties/SelfManagedKafkaEventSourceConfig" - ], - "readOnlyProperties": [ - "/properties/Id", - "/properties/EventSourceMappingArn" - ], - "primaryIdentifier": [ - "/properties/Id" - ], - "propertyTransform": { - "/properties/StartingPositionTimestamp": "StartingPositionTimestamp * 1000" - }, - "handlers": { - "create": { - "permissions": [ - "lambda:CreateEventSourceMapping", - "lambda:GetEventSourceMapping", - "lambda:TagResource", - "kms:DescribeKey", - "kms:GenerateDataKey", - "kms:Decrypt" - ] + "properties": { + "StartingPosition": { + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "description": "The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB.\n + *LATEST* - Read only new records.\n + *TRIM_HORIZON* - Process all available records.\n + *AT_TIMESTAMP* - Specify a time from which to start reading records.", + "type": "string", + "maxLength": 12 }, - "delete": { - "permissions": [ - "lambda:DeleteEventSourceMapping", - "lambda:GetEventSourceMapping", - "kms:Decrypt" - ] + "SelfManagedEventSource": { + "description": "The self-managed Apache Kafka cluster for your event source.", + "$ref": "#/definitions/SelfManagedEventSource" }, - "list": { - "permissions": [ - "lambda:ListEventSourceMappings" - ] + "ParallelizationFactor": { + "description": "(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.", + "maximum": 10, + "type": "integer", + "minimum": 1 }, - "read": { - "permissions": [ - "lambda:GetEventSourceMapping", - "lambda:ListTags", - "kms:Decrypt" - ] + "FilterCriteria": { + "description": "An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html).", + "$ref": "#/definitions/FilterCriteria" }, - "update": { - "permissions": [ - "lambda:UpdateEventSourceMapping", - "lambda:GetEventSourceMapping", - "lambda:ListTags", - "lambda:TagResource", - "lambda:UntagResource", - "kms:DescribeKey", - "kms:GenerateDataKey", - "kms:Decrypt" - ] + "FunctionName": { + "minLength": 1, + "pattern": "(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?", + "description": "The name or ARN of the Lambda function.\n **Name formats**\n + *Function name* \u2013 ``MyFunction``.\n + *Function ARN* \u2013 ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``.\n + *Version or Alias ARN* \u2013 ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``.\n + *Partial ARN* \u2013 ``123456789012:function:MyFunction``.\n \n The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.", + "type": "string", + "maxLength": 140 + }, + "DestinationConfig": { + "description": "(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.", + "$ref": "#/definitions/DestinationConfig" + }, + "KmsKeyArn": { + "minLength": 12, + "pattern": "(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()", + "description": "The ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics).", + "type": "string", + "maxLength": 2048 + }, + "AmazonManagedKafkaEventSourceConfig": { + "description": "Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.", + "$ref": "#/definitions/AmazonManagedKafkaEventSourceConfig" + }, + "SourceAccessConfigurations": { + "minItems": 1, + "maxItems": 22, + "uniqueItems": true, + "description": "An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.", + "type": "array", + "items": { + "$ref": "#/definitions/SourceAccessConfiguration" + } + }, + "Tags": { + "uniqueItems": true, + "description": "A list of tags to add to the event source mapping.\n You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.", + "insertionOrder": false, + "type": "array", + "items": { + "$ref": "#/definitions/Tag" + } + }, + "MaximumBatchingWindowInSeconds": { + "description": "The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.\n *Default (, , event sources)*: 0\n *Default (, Kafka, , event sources)*: 500 ms\n *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1.", + "maximum": 300, + "type": "integer", + "minimum": 0 + }, + "BatchSize": { + "description": "The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).\n + *Amazon Kinesis* \u2013 Default 100. Max 10,000.\n + *Amazon DynamoDB Streams* \u2013 Default 100. Max 10,000.\n + *Amazon Simple Queue Service* \u2013 Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.\n + *Amazon Managed Streaming for Apache Kafka* \u2013 Default 100. Max 10,000.\n + *Self-managed Apache Kafka* \u2013 Default 100. Max 10,000.\n + *Amazon MQ (ActiveMQ and RabbitMQ)* \u2013 Default 100. Max 10,000.\n + *DocumentDB* \u2013 Default 100. Max 10,000.", + "maximum": 10000, + "type": "integer", + "minimum": 1 + }, + "MaximumRetryAttempts": { + "description": "(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.", + "maximum": 10000, + "type": "integer", + "minimum": -1 + }, + "Topics": { + "minItems": 1, + "maxItems": 1, + "uniqueItems": true, + "description": "The name of the Kafka topic.", + "type": "array", + "items": { + "minLength": 1, + "pattern": "^[^.]([a-zA-Z0-9\\-_.]+)", + "type": "string", + "maxLength": 249 + } + }, + "ScalingConfig": { + "description": "(Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency).", + "$ref": "#/definitions/ScalingConfig" + }, + "Enabled": { + "description": "When true, the event source mapping is active. When false, Lambda pauses polling and invocation.\n Default: True", + "type": "boolean" + }, + "EventSourceArn": { + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "description": "The Amazon Resource Name (ARN) of the event source.\n + *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n + *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n + *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n + *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)).\n + *Amazon MQ* \u2013 The ARN of the broker.\n + *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", + "type": "string", + "maxLength": 1024 + }, + "SelfManagedKafkaEventSourceConfig": { + "description": "Specific configuration settings for a self-managed Apache Kafka event source.", + "$ref": "#/definitions/SelfManagedKafkaEventSourceConfig" + }, + "DocumentDBEventSourceConfig": { + "description": "Specific configuration settings for a DocumentDB event source.", + "$ref": "#/definitions/DocumentDBEventSourceConfig" + }, + "TumblingWindowInSeconds": { + "description": "(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.", + "maximum": 900, + "type": "integer", + "minimum": 0 + }, + "BisectBatchOnFunctionError": { + "description": "(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.", + "type": "boolean" + }, + "EventSourceMappingArn": { + "minLength": 85, + "pattern": "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:event-source-mapping:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}", + "description": "", + "type": "string", + "maxLength": 120 + }, + "MaximumRecordAgeInSeconds": { + "description": "(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.\n The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed", + "maximum": 604800, + "type": "integer", + "minimum": -1 + }, + "StartingPositionTimestamp": { + "description": "With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future.", + "type": "number" + }, + "Queues": { + "minItems": 1, + "maxItems": 1, + "uniqueItems": true, + "description": "(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.", + "type": "array", + "items": { + "minLength": 1, + "pattern": "[\\s\\S]*", + "type": "string", + "maxLength": 1000 + } + }, + "Id": { + "minLength": 36, + "pattern": "[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}", + "description": "", + "type": "string", + "maxLength": 36 + }, + "FunctionResponseTypes": { + "uniqueItems": true, + "minLength": 0, + "description": "(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``", + "type": "array", + "items": { + "type": "string", + "enum": [ + "ReportBatchItemFailures" + ] + }, + "maxLength": 1 } - }, - "tagging": { - "taggable": true, - "tagOnCreate": true, - "tagUpdatable": true, - "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" } } diff --git a/internal/service/cloudformation/schemas/AWS_Lightsail_Bucket.json b/internal/service/cloudformation/schemas/AWS_Lightsail_Bucket.json index 96d526b22d..f087052deb 100644 --- a/internal/service/cloudformation/schemas/AWS_Lightsail_Bucket.json +++ b/internal/service/cloudformation/schemas/AWS_Lightsail_Bucket.json @@ -109,7 +109,6 @@ "/properties/Url", "/properties/AbleToUpdateBundle" ], - "taggable": true, "primaryIdentifier": [ "/properties/BucketName" ], @@ -157,5 +156,16 @@ ], "timeoutInMinutes": 2160 } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_Lightsail_Certificate.json b/internal/service/cloudformation/schemas/AWS_Lightsail_Certificate.json index 3b7fa6ffc2..8f3d2c49c1 100644 --- a/internal/service/cloudformation/schemas/AWS_Lightsail_Certificate.json +++ b/internal/service/cloudformation/schemas/AWS_Lightsail_Certificate.json @@ -70,7 +70,6 @@ "/properties/CertificateArn", "/properties/Status" ], - "taggable": true, "primaryIdentifier": [ "/properties/CertificateName" ], @@ -111,5 +110,16 @@ "lightsail:GetCertificates" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_Lightsail_Container.json b/internal/service/cloudformation/schemas/AWS_Lightsail_Container.json index c4e02be48b..8866dd755b 100644 --- a/internal/service/cloudformation/schemas/AWS_Lightsail_Container.json +++ b/internal/service/cloudformation/schemas/AWS_Lightsail_Container.json @@ -275,7 +275,6 @@ "/properties/PrincipalArn", "/properties/PrivateRegistryAccess/EcrImagePullerRole/PrincipalArn" ], - "taggable": true, "primaryIdentifier": [ "/properties/ServiceName" ], @@ -319,5 +318,16 @@ ], "timeoutInMinutes": 2160 } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_Lightsail_Database.json b/internal/service/cloudformation/schemas/AWS_Lightsail_Database.json index cb14825443..df0afc797f 100644 --- a/internal/service/cloudformation/schemas/AWS_Lightsail_Database.json +++ b/internal/service/cloudformation/schemas/AWS_Lightsail_Database.json @@ -171,7 +171,6 @@ "/properties/RelationalDatabaseParameters", "/properties/RotateMasterUserPassword" ], - "taggable": true, "primaryIdentifier": [ "/properties/RelationalDatabaseName" ], @@ -227,5 +226,16 @@ "lightsail:GetRelationalDatabases" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_Lightsail_Disk.json b/internal/service/cloudformation/schemas/AWS_Lightsail_Disk.json index 871ba405b4..d18ab34724 100644 --- a/internal/service/cloudformation/schemas/AWS_Lightsail_Disk.json +++ b/internal/service/cloudformation/schemas/AWS_Lightsail_Disk.json @@ -177,7 +177,6 @@ "/properties/SupportCode", "/properties/DiskArn" ], - "taggable": true, "primaryIdentifier": [ "/properties/DiskName" ], @@ -228,5 +227,16 @@ ], "timeoutInMinutes": 2160 } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_Lightsail_LoadBalancer.json b/internal/service/cloudformation/schemas/AWS_Lightsail_LoadBalancer.json index ba2bd91eee..42b5179cb8 100644 --- a/internal/service/cloudformation/schemas/AWS_Lightsail_LoadBalancer.json +++ b/internal/service/cloudformation/schemas/AWS_Lightsail_LoadBalancer.json @@ -86,7 +86,6 @@ "readOnlyProperties": [ "/properties/LoadBalancerArn" ], - "taggable": true, "primaryIdentifier": [ "/properties/LoadBalancerName" ], @@ -139,5 +138,16 @@ "lightsail:GetLoadBalancers" ] } + }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] } } diff --git a/internal/service/cloudformation/schemas/AWS_Location_PlaceIndex.json b/internal/service/cloudformation/schemas/AWS_Location_PlaceIndex.json index 08c51f5579..4691aa751f 100644 --- a/internal/service/cloudformation/schemas/AWS_Location_PlaceIndex.json +++ b/internal/service/cloudformation/schemas/AWS_Location_PlaceIndex.json @@ -174,7 +174,11 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "geo:TagResource", + "geo:UntagResource" + ] }, "additionalProperties": false } diff --git a/internal/service/cloudformation/schemas/AWS_MSK_Cluster.json b/internal/service/cloudformation/schemas/AWS_MSK_Cluster.json index e042119a5e..a7825718d5 100644 --- a/internal/service/cloudformation/schemas/AWS_MSK_Cluster.json +++ b/internal/service/cloudformation/schemas/AWS_MSK_Cluster.json @@ -528,7 +528,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "kafka:TagResource", + "kafka:UntagResource", + "kafka:ListTagsForResource" + ] }, "handlers": { "create": { diff --git a/internal/service/cloudformation/schemas/AWS_MSK_VpcConnection.json b/internal/service/cloudformation/schemas/AWS_MSK_VpcConnection.json index a0b860336d..a17a20734b 100644 --- a/internal/service/cloudformation/schemas/AWS_MSK_VpcConnection.json +++ b/internal/service/cloudformation/schemas/AWS_MSK_VpcConnection.json @@ -97,7 +97,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "kafka:TagResource", + "kafka:UntagResource", + "kafka:ListTagsForResource" + ] }, "handlers": { "create": { diff --git a/internal/service/cloudformation/schemas/AWS_MediaPackage_OriginEndpoint.json b/internal/service/cloudformation/schemas/AWS_MediaPackage_OriginEndpoint.json index 7d9a4b1022..4e7df619a8 100644 --- a/internal/service/cloudformation/schemas/AWS_MediaPackage_OriginEndpoint.json +++ b/internal/service/cloudformation/schemas/AWS_MediaPackage_OriginEndpoint.json @@ -630,9 +630,13 @@ "tagging": { "taggable": true, "tagOnCreate": true, - "tagUpdatable": false, + "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "mediapackage:TagResource", + "mediapackage:UntagResource" + ] }, "additionalProperties": false, "required": [ @@ -675,6 +679,10 @@ "update": { "permissions": [ "mediapackage:UpdateOriginEndpoint", + "mediapackage:TagResource", + "mediapackage:ListTagsForResource", + "mediapackage:UntagResource", + "mediapackage:DescribeOriginEndpoint", "iam:PassRole" ] }, @@ -690,4 +698,3 @@ } } } - diff --git a/internal/service/cloudformation/schemas/AWS_MemoryDB_ACL.json b/internal/service/cloudformation/schemas/AWS_MemoryDB_ACL.json index afaabc854f..5b9286cd89 100644 --- a/internal/service/cloudformation/schemas/AWS_MemoryDB_ACL.json +++ b/internal/service/cloudformation/schemas/AWS_MemoryDB_ACL.json @@ -2,7 +2,6 @@ "typeName": "AWS::MemoryDB::ACL", "description": "Resource Type definition for AWS::MemoryDB::ACL", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, "definitions": { "Tag": { "description": "A key-value pair to associate with a resource.", @@ -64,6 +63,18 @@ } } }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ] + }, "additionalProperties": false, "required": [ "ACLName" diff --git a/internal/service/cloudformation/schemas/AWS_MemoryDB_ParameterGroup.json b/internal/service/cloudformation/schemas/AWS_MemoryDB_ParameterGroup.json index e46be93969..3863a0e073 100644 --- a/internal/service/cloudformation/schemas/AWS_MemoryDB_ParameterGroup.json +++ b/internal/service/cloudformation/schemas/AWS_MemoryDB_ParameterGroup.json @@ -2,7 +2,6 @@ "typeName": "AWS::MemoryDB::ParameterGroup", "description": "The AWS::MemoryDB::ParameterGroup resource creates an Amazon MemoryDB ParameterGroup.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, "definitions": { "Tag": { "description": "A key-value pair to associate with a resource.", @@ -62,6 +61,18 @@ "type": "string" } }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ] + }, "additionalProperties": false, "required": [ "ParameterGroupName", diff --git a/internal/service/cloudformation/schemas/AWS_MemoryDB_SubnetGroup.json b/internal/service/cloudformation/schemas/AWS_MemoryDB_SubnetGroup.json index 4674ed778b..f08a35c7a6 100644 --- a/internal/service/cloudformation/schemas/AWS_MemoryDB_SubnetGroup.json +++ b/internal/service/cloudformation/schemas/AWS_MemoryDB_SubnetGroup.json @@ -2,7 +2,6 @@ "typeName": "AWS::MemoryDB::SubnetGroup", "description": "The AWS::MemoryDB::SubnetGroup resource creates an Amazon MemoryDB Subnet Group.", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, "definitions": { "Tag": { "description": "A key-value pair to associate with a resource.", @@ -64,6 +63,18 @@ "type": "string" } }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ] + }, "additionalProperties": false, "required": [ "SubnetGroupName", diff --git a/internal/service/cloudformation/schemas/AWS_MemoryDB_User.json b/internal/service/cloudformation/schemas/AWS_MemoryDB_User.json index 6e9650984f..ec2bfaf427 100644 --- a/internal/service/cloudformation/schemas/AWS_MemoryDB_User.json +++ b/internal/service/cloudformation/schemas/AWS_MemoryDB_User.json @@ -2,7 +2,6 @@ "typeName": "AWS::MemoryDB::User", "description": "Resource Type definition for AWS::MemoryDB::User", "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, "definitions": { "Tag": { "description": "A key-value pair to associate with a resource.", @@ -84,6 +83,18 @@ } } }, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": true, + "tagProperty": "/properties/Tags", + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ] + }, "additionalProperties": false, "required": [ "UserName" diff --git a/internal/service/cloudformation/schemas/AWS_NetworkFirewall_FirewallPolicy.json b/internal/service/cloudformation/schemas/AWS_NetworkFirewall_FirewallPolicy.json index d010928e25..da44b6d84c 100644 --- a/internal/service/cloudformation/schemas/AWS_NetworkFirewall_FirewallPolicy.json +++ b/internal/service/cloudformation/schemas/AWS_NetworkFirewall_FirewallPolicy.json @@ -1,85 +1,204 @@ { + "tagging": { + "permissions": [ + "network-firewall:TagResource", + "network-firewall:UntagResource", + "network-firewall:ListTagsForResource" + ], + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "tagProperty": "/properties/Tags", + "cloudFormationSystemTags": true + }, "typeName": "AWS::NetworkFirewall::FirewallPolicy", + "readOnlyProperties": [ + "/properties/FirewallPolicyArn", + "/properties/FirewallPolicyId" + ], "description": "Resource type definition for AWS::NetworkFirewall::FirewallPolicy", + "createOnlyProperties": [ + "/properties/FirewallPolicyName" + ], + "primaryIdentifier": [ + "/properties/FirewallPolicyArn" + ], + "required": [ + "FirewallPolicyName", + "FirewallPolicy" + ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", + "handlers": { + "read": { + "permissions": [ + "network-firewall:DescribeFirewallPolicy", + "network-firewall:ListTagsForResources" + ] + }, + "create": { + "permissions": [ + "network-firewall:CreateFirewallPolicy", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:ListTLSInspectionConfigurations", + "network-firewall:TagResource", + "network-firewall:ListRuleGroups" + ] + }, + "update": { + "permissions": [ + "network-firewall:UpdateFirewallPolicy", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:TagResource", + "network-firewall:UntagResource", + "network-firewall:ListRuleGroups", + "network-firewall:ListTLSInspectionConfigurations" + ] + }, + "list": { + "permissions": [ + "network-firewall:ListFirewallPolicies" + ] + }, + "delete": { + "permissions": [ + "network-firewall:DeleteFirewallPolicy", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:UntagResource" + ] + } + }, "additionalProperties": false, "definitions": { - "ResourceArn": { - "description": "A resource ARN.", - "type": "string", - "pattern": "^(arn:aws.*)$", + "VariableDefinition": { "minLength": 1, - "maxLength": 256 + "pattern": "^.*$", + "type": "string" }, - "Tag": { + "CustomAction": { + "additionalProperties": false, "type": "object", "properties": { - "Key": { - "type": "string", + "ActionName": { "minLength": 1, - "maxLength": 128, - "pattern": "^.*$" + "pattern": "^[a-zA-Z0-9]+$", + "type": "string", + "maxLength": 128 + }, + "ActionDefinition": { + "$ref": "#/definitions/ActionDefinition" + } + }, + "required": [ + "ActionName", + "ActionDefinition" + ] + }, + "Priority": { + "maximum": 65535, + "type": "integer", + "minimum": 1 + }, + "StatefulEngineOptions": { + "additionalProperties": false, + "type": "object", + "properties": { + "StreamExceptionPolicy": { + "$ref": "#/definitions/StreamExceptionPolicy" }, + "FlowTimeouts": { + "additionalProperties": false, + "type": "object", + "properties": { + "TcpIdleTimeoutSeconds": { + "maximum": 600, + "type": "integer", + "minimum": 60 + } + } + }, + "RuleOrder": { + "$ref": "#/definitions/RuleOrder" + } + } + }, + "Dimension": { + "additionalProperties": false, + "type": "object", + "properties": { "Value": { + "minLength": 1, + "pattern": "^[a-zA-Z0-9-_ ]+$", "type": "string", - "minLength": 0, - "maxLength": 255, - "pattern": "^.*$" + "maxLength": 128 } }, "required": [ - "Key", "Value" - ], - "additionalProperties": false + ] }, - "FirewallPolicy": { + "OverrideAction": { + "type": "string", + "enum": [ + "DROP_TO_ALERT" + ] + }, + "RuleOrder": { + "type": "string", + "enum": [ + "DEFAULT_ACTION_ORDER", + "STRICT_ORDER" + ] + }, + "PublishMetricAction": { + "additionalProperties": false, "type": "object", "properties": { - "StatelessDefaultActions": { - "type": "array", - "insertionOrder": true, + "Dimensions": { "uniqueItems": false, - "items": { - "type": "string" - } - }, - "StatelessFragmentDefaultActions": { - "type": "array", "insertionOrder": true, - "uniqueItems": false, - "items": { - "type": "string" - } - }, - "StatelessCustomActions": { "type": "array", - "insertionOrder": true, - "uniqueItems": false, "items": { - "$ref": "#/definitions/CustomAction" + "$ref": "#/definitions/Dimension" } - }, + } + }, + "required": [ + "Dimensions" + ] + }, + "ActionDefinition": { + "additionalProperties": false, + "type": "object", + "properties": { + "PublishMetricAction": { + "$ref": "#/definitions/PublishMetricAction" + } + } + }, + "FirewallPolicy": { + "additionalProperties": false, + "type": "object", + "properties": { "StatelessRuleGroupReferences": { - "type": "array", - "insertionOrder": true, "uniqueItems": false, + "insertionOrder": true, + "type": "array", "items": { "$ref": "#/definitions/StatelessRuleGroupReference" } }, "StatefulRuleGroupReferences": { - "type": "array", - "insertionOrder": true, "uniqueItems": false, + "insertionOrder": true, + "type": "array", "items": { "$ref": "#/definitions/StatefulRuleGroupReference" } }, - "StatefulDefaultActions": { - "type": "array", - "insertionOrder": true, + "StatelessDefaultActions": { "uniqueItems": false, + "insertionOrder": true, + "type": "array", "items": { "type": "string" } @@ -87,14 +206,38 @@ "StatefulEngineOptions": { "$ref": "#/definitions/StatefulEngineOptions" }, + "StatelessCustomActions": { + "uniqueItems": false, + "insertionOrder": true, + "type": "array", + "items": { + "$ref": "#/definitions/CustomAction" + } + }, + "StatelessFragmentDefaultActions": { + "uniqueItems": false, + "insertionOrder": true, + "type": "array", + "items": { + "type": "string" + } + }, "PolicyVariables": { + "additionalProperties": false, "type": "object", "properties": { "RuleVariables": { "$ref": "#/definitions/RuleVariables" } - }, - "additionalProperties": false + } + }, + "StatefulDefaultActions": { + "uniqueItems": false, + "insertionOrder": true, + "type": "array", + "items": { + "type": "string" + } }, "TLSInspectionConfigurationArn": { "$ref": "#/definitions/ResourceArn" @@ -103,79 +246,10 @@ "required": [ "StatelessDefaultActions", "StatelessFragmentDefaultActions" - ], - "additionalProperties": false - }, - "RuleVariables": { - "type": "object", - "patternProperties": { - "": { - "$ref": "#/definitions/IPSet" - } - }, - "additionalProperties": false - }, - "CustomAction": { - "type": "object", - "properties": { - "ActionName": { - "type": "string", - "minLength": 1, - "maxLength": 128, - "pattern": "^[a-zA-Z0-9]+$" - }, - "ActionDefinition": { - "$ref": "#/definitions/ActionDefinition" - } - }, - "required": [ - "ActionName", - "ActionDefinition" - ], - "additionalProperties": false - }, - "ActionDefinition": { - "type": "object", - "properties": { - "PublishMetricAction": { - "$ref": "#/definitions/PublishMetricAction" - } - }, - "additionalProperties": false - }, - "PublishMetricAction": { - "type": "object", - "properties": { - "Dimensions": { - "type": "array", - "insertionOrder": true, - "uniqueItems": false, - "items": { - "$ref": "#/definitions/Dimension" - } - } - }, - "required": [ - "Dimensions" - ], - "additionalProperties": false - }, - "Dimension": { - "type": "object", - "properties": { - "Value": { - "type": "string", - "minLength": 1, - "maxLength": 128, - "pattern": "^[a-zA-Z0-9-_ ]+$" - } - }, - "required": [ - "Value" - ], - "additionalProperties": false + ] }, "StatefulRuleGroupReference": { + "additionalProperties": false, "type": "object", "properties": { "ResourceArn": { @@ -190,189 +264,126 @@ }, "required": [ "ResourceArn" - ], - "additionalProperties": false + ] }, - "StatelessRuleGroupReference": { + "StatefulRuleGroupOverride": { + "additionalProperties": false, "type": "object", "properties": { - "ResourceArn": { - "$ref": "#/definitions/ResourceArn" - }, - "Priority": { - "$ref": "#/definitions/Priority" + "Action": { + "$ref": "#/definitions/OverrideAction" } - }, - "required": [ - "ResourceArn", - "Priority" - ], - "additionalProperties": false - }, - "Priority": { - "type": "integer", - "minimum": 1, - "maximum": 65535 + } }, - "VariableDefinition": { - "type": "string", + "ResourceArn": { "minLength": 1, - "pattern": "^.*$" + "pattern": "^(arn:aws.*)$", + "description": "A resource ARN.", + "type": "string", + "maxLength": 256 }, "IPSet": { + "additionalProperties": false, "type": "object", "properties": { "Definition": { - "type": "array", - "insertionOrder": true, "uniqueItems": false, + "insertionOrder": true, + "type": "array", "items": { "$ref": "#/definitions/VariableDefinition" } } - }, - "additionalProperties": false + } }, - "StatefulRuleGroupOverride": { + "StatelessRuleGroupReference": { + "additionalProperties": false, "type": "object", "properties": { - "Action": { - "$ref": "#/definitions/OverrideAction" + "ResourceArn": { + "$ref": "#/definitions/ResourceArn" + }, + "Priority": { + "$ref": "#/definitions/Priority" } }, - "additionalProperties": false + "required": [ + "ResourceArn", + "Priority" + ] }, - "OverrideAction": { + "StreamExceptionPolicy": { "type": "string", "enum": [ - "DROP_TO_ALERT" + "DROP", + "CONTINUE", + "REJECT" ] }, - "StatefulEngineOptions": { + "Tag": { + "additionalProperties": false, "type": "object", "properties": { - "RuleOrder": { - "$ref": "#/definitions/RuleOrder" + "Value": { + "minLength": 0, + "pattern": "^.*$", + "type": "string", + "maxLength": 255 }, - "StreamExceptionPolicy": { - "$ref": "#/definitions/StreamExceptionPolicy" + "Key": { + "minLength": 1, + "pattern": "^.*$", + "type": "string", + "maxLength": 128 } }, - "additionalProperties": false - }, - "RuleOrder": { - "type": "string", - "enum": [ - "DEFAULT_ACTION_ORDER", - "STRICT_ORDER" + "required": [ + "Key", + "Value" ] }, - "StreamExceptionPolicy": { - "type": "string", - "enum": [ - "DROP", - "CONTINUE", - "REJECT" - ] + "RuleVariables": { + "patternProperties": { + "": { + "$ref": "#/definitions/IPSet" + } + }, + "additionalProperties": false, + "type": "object" } }, "properties": { - "FirewallPolicyName": { - "type": "string", - "minLength": 1, - "maxLength": 128, - "pattern": "^[a-zA-Z0-9-]+$" - }, "FirewallPolicyArn": { "$ref": "#/definitions/ResourceArn" }, - "FirewallPolicy": { - "$ref": "#/definitions/FirewallPolicy" + "Description": { + "minLength": 1, + "pattern": "^.*$", + "type": "string", + "maxLength": 512 }, - "FirewallPolicyId": { + "FirewallPolicyName": { + "minLength": 1, + "pattern": "^[a-zA-Z0-9-]+$", "type": "string", - "minLength": 36, - "maxLength": 36, - "pattern": "^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$" + "maxLength": 128 }, - "Description": { + "FirewallPolicyId": { + "minLength": 36, + "pattern": "^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$", "type": "string", - "minLength": 1, - "maxLength": 512, - "pattern": "^.*$" + "maxLength": 36 }, "Tags": { - "type": "array", - "insertionOrder": false, "uniqueItems": true, + "insertionOrder": false, + "type": "array", "items": { "$ref": "#/definitions/Tag" } - } - }, - "tagging": { - "taggable": true, - "tagOnCreate": true, - "tagUpdatable": true, - "cloudFormationSystemTags": true, - "tagProperty": "/properties/Tags", - "permissions": [ - "network-firewall:TagResource", - "network-firewall:UntagResource", - "network-firewall:ListTagsForResource" - ] - }, - "required": [ - "FirewallPolicyName", - "FirewallPolicy" - ], - "readOnlyProperties": [ - "/properties/FirewallPolicyArn", - "/properties/FirewallPolicyId" - ], - "primaryIdentifier": [ - "/properties/FirewallPolicyArn" - ], - "createOnlyProperties": [ - "/properties/FirewallPolicyName" - ], - "handlers": { - "create": { - "permissions": [ - "network-firewall:CreateFirewallPolicy", - "network-firewall:DescribeFirewallPolicy", - "network-firewall:ListTLSInspectionConfigurations", - "network-firewall:TagResource", - "network-firewall:ListRuleGroups" - ] }, - "read": { - "permissions": [ - "network-firewall:DescribeFirewallPolicy", - "network-firewall:ListTagsForResources" - ] - }, - "update": { - "permissions": [ - "network-firewall:UpdateFirewallPolicy", - "network-firewall:DescribeFirewallPolicy", - "network-firewall:TagResource", - "network-firewall:UntagResource", - "network-firewall:ListRuleGroups", - "network-firewall:ListTLSInspectionConfigurations" - ] - }, - "delete": { - "permissions": [ - "network-firewall:DeleteFirewallPolicy", - "network-firewall:DescribeFirewallPolicy", - "network-firewall:UntagResource" - ] - }, - "list": { - "permissions": [ - "network-firewall:ListFirewallPolicies" - ] + "FirewallPolicy": { + "$ref": "#/definitions/FirewallPolicy" } } } diff --git a/internal/service/cloudformation/schemas/AWS_Organizations_Account.json b/internal/service/cloudformation/schemas/AWS_Organizations_Account.json index 0c2b092205..1fb9c56203 100644 --- a/internal/service/cloudformation/schemas/AWS_Organizations_Account.json +++ b/internal/service/cloudformation/schemas/AWS_Organizations_Account.json @@ -109,7 +109,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ] }, "additionalProperties": false, "required": [ diff --git a/internal/service/cloudformation/schemas/AWS_Organizations_OrganizationalUnit.json b/internal/service/cloudformation/schemas/AWS_Organizations_OrganizationalUnit.json index 896e859cee..976065810a 100644 --- a/internal/service/cloudformation/schemas/AWS_Organizations_OrganizationalUnit.json +++ b/internal/service/cloudformation/schemas/AWS_Organizations_OrganizationalUnit.json @@ -115,7 +115,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ] }, "required": [ "Name", diff --git a/internal/service/cloudformation/schemas/AWS_Organizations_Policy.json b/internal/service/cloudformation/schemas/AWS_Organizations_Policy.json index f7e0f08514..0ed6a9ae99 100644 --- a/internal/service/cloudformation/schemas/AWS_Organizations_Policy.json +++ b/internal/service/cloudformation/schemas/AWS_Organizations_Policy.json @@ -11,13 +11,14 @@ "maxLength": 128 }, "Type": { - "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY", + "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, CHATBOT_POLICY", "type": "string", "enum": [ "SERVICE_CONTROL_POLICY", "AISERVICES_OPT_OUT_POLICY", "BACKUP_POLICY", - "TAG_POLICY" + "TAG_POLICY", + "CHATBOT_POLICY" ] }, "Content": { @@ -103,7 +104,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ] }, "required": [ "Name", diff --git a/internal/service/cloudformation/schemas/AWS_Organizations_ResourcePolicy.json b/internal/service/cloudformation/schemas/AWS_Organizations_ResourcePolicy.json index 2ad00c216a..3f2893d58c 100644 --- a/internal/service/cloudformation/schemas/AWS_Organizations_ResourcePolicy.json +++ b/internal/service/cloudformation/schemas/AWS_Organizations_ResourcePolicy.json @@ -99,7 +99,12 @@ "tagOnCreate": true, "tagUpdatable": true, "cloudFormationSystemTags": false, - "tagProperty": "/properties/Tags" + "tagProperty": "/properties/Tags", + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ] }, "required": [ "Content" diff --git a/internal/service/cloudformation/schemas/AWS_Pinpoint_InAppTemplate.json b/internal/service/cloudformation/schemas/AWS_Pinpoint_InAppTemplate.json index 3b7e186278..e670b2a00a 100644 --- a/internal/service/cloudformation/schemas/AWS_Pinpoint_InAppTemplate.json +++ b/internal/service/cloudformation/schemas/AWS_Pinpoint_InAppTemplate.json @@ -159,7 +159,9 @@ "update": { "permissions": [ "mobiletargeting:UpdateInAppTemplate", - "mobiletargeting:GetInAppTemplate" + "mobiletargeting:GetInAppTemplate", + "mobiletargeting:TagResource", + "mobiletargeting:UntagResource" ] } }, @@ -208,6 +210,16 @@ "TemplateName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "taggable": true, + "tagOnCreate": true, + "tagUpdatable": true, + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "permissions": [ + "mobiletargeting:TagResource", + "mobiletargeting:UntagResource" + ] + }, "typeName": "AWS::Pinpoint::InAppTemplate" } diff --git a/internal/service/cloudformation/schemas/AWS_QBusiness_WebExperience.json b/internal/service/cloudformation/schemas/AWS_QBusiness_WebExperience.json index 7327bed412..667bbec00a 100644 --- a/internal/service/cloudformation/schemas/AWS_QBusiness_WebExperience.json +++ b/internal/service/cloudformation/schemas/AWS_QBusiness_WebExperience.json @@ -105,6 +105,12 @@ "FAILED", "PENDING_AUTH_CONFIG" ] + }, + "Origin": { + "type": "string", + "maxLength": 64, + "minLength": 1, + "pattern": "^(http:\\/\\/|https:\\/\\/)[a-zA-Z0-9-_.]+(?::[0-9]{1,5})?$" } }, "properties": { @@ -180,6 +186,15 @@ "type": "string", "maxLength": 300, "minLength": 0 + }, + "Origins": { + "type": "array", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Origin" + }, + "maxItems": 10, + "minItems": 0 } }, "required": [ diff --git a/internal/service/cloudformation/schemas/AWS_QLDB_Stream.json b/internal/service/cloudformation/schemas/AWS_QLDB_Stream.json index bf5dc12d83..703b2ff0ff 100644 --- a/internal/service/cloudformation/schemas/AWS_QLDB_Stream.json +++ b/internal/service/cloudformation/schemas/AWS_QLDB_Stream.json @@ -145,7 +145,17 @@ "list": { "permissions": [ "qldb:listJournalKinesisStreamsForLedger" - ] + ], + "handlerSchema": { + "properties": { + "LedgerName": { + "type": "string" + } + }, + "required": [ + "LedgerName" + ] + } } } } diff --git a/internal/service/cloudformation/schemas/AWS_QuickSight_DataSource.json b/internal/service/cloudformation/schemas/AWS_QuickSight_DataSource.json index 71ea2dfd85..301d98e961 100644 --- a/internal/service/cloudformation/schemas/AWS_QuickSight_DataSource.json +++ b/internal/service/cloudformation/schemas/AWS_QuickSight_DataSource.json @@ -1,268 +1,284 @@ { - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", - "handlers": { - "read": { - "permissions": [ - "quicksight:DescribeDataSource", - "quicksight:DescribeDataSourcePermissions", - "quicksight:ListTagsForResource" - ] - }, - "create": { - "permissions": [ - "quicksight:CreateDataSource", - "quicksight:DescribeDataSource", - "quicksight:DescribeDataSourcePermissions", - "quicksight:TagResource", - "quicksight:ListTagsForResource" - ] - }, - "update": { - "permissions": [ - "quicksight:DescribeDataSource", - "quicksight:DescribeDataSourcePermissions", - "quicksight:UpdateDataSource", - "quicksight:UpdateDataSourcePermissions", - "quicksight:CreateFolderMembership", - "quicksight:DeleteFolderMembership", - "quicksight:ListFoldersForResource", - "quicksight:TagResource", - "quicksight:UntagResource", - "quicksight:ListTagsForResource" - ] - }, - "list": { - "permissions": [ - "quicksight:DescribeDataSource", - "quicksight:ListDataSources" - ] - }, - "delete": { - "permissions": [ - "quicksight:DescribeDataSource", - "quicksight:DescribeDataSourcePermissions", - "quicksight:DeleteDataSource", - "quicksight:ListTagsForResource" - ] - } - }, "typeName": "AWS::QuickSight::DataSource", - "readOnlyProperties": [ - "/properties/Arn", - "/properties/CreatedTime", - "/properties/LastUpdatedTime", - "/properties/Status" - ], "description": "Definition of the AWS::QuickSight::DataSource Resource Type.", - "writeOnlyProperties": [ - "/properties/Credentials" - ], - "createOnlyProperties": [ - "/properties/AwsAccountId", - "/properties/DataSourceId", - "/properties/Type" - ], - "additionalProperties": false, - "primaryIdentifier": [ - "/properties/AwsAccountId", - "/properties/DataSourceId" - ], "definitions": { - "AuroraPostgreSqlParameters": { - "description": "

Parameters for Amazon Aurora PostgreSQL-Compatible Edition.<\/p>", - "additionalProperties": false, + "AmazonElasticsearchParameters": { "type": "object", + "description": "

The parameters for OpenSearch.

", "properties": { - "Port": { - "default": 0, - "maximum": 65535, - "description": "

The port that Amazon Aurora PostgreSQL is listening on.<\/p>", - "type": "number", - "minimum": 1 - }, - "Database": { - "minLength": 1, - "description": "

The Amazon Aurora PostgreSQL database to connect to.<\/p>", + "Domain": { "type": "string", - "maxLength": 128 - }, - "Host": { + "maxLength": 64, "minLength": 1, - "description": "

The Amazon Aurora PostgreSQL-Compatible host to connect to.<\/p>", - "type": "string", - "maxLength": 256 + "description": "

The OpenSearch domain.

" } }, "required": [ - "Database", - "Host", - "Port" - ] + "Domain" + ], + "additionalProperties": false }, - "DataSourceCredentials": { - "description": "

Data source credentials. This is a variant type structure. For this structure to be\n valid, only one of the attributes can be non-null.<\/p>", - "additionalProperties": false, + "AmazonOpenSearchParameters": { "type": "object", + "description": "

The parameters for OpenSearch.

", "properties": { - "SecretArn": { - "minLength": 1, - "pattern": "^arn:[-a-z0-9]*:secretsmanager:[-a-z0-9]*:[0-9]{12}:secret:.+$", - "description": "

The Amazon Resource Name (ARN) of the secret associated with the data source in Amazon Secrets Manager.<\/p>", + "Domain": { "type": "string", - "maxLength": 2048 - }, - "CopySourceArn": { - "pattern": "^arn:[-a-z0-9]*:quicksight:[-a-z0-9]*:[0-9]{12}:datasource/.+$", - "description": "

The Amazon Resource Name (ARN) of a data source that has the credential pair that you\n want to use. When CopySourceArn<\/code> is not null, the credential pair from the\n data source in the ARN is used as the credentials for the\n DataSourceCredentials<\/code> structure.<\/p>", - "type": "string" - }, - "CredentialPair": { - "$ref": "#/definitions/CredentialPair" + "maxLength": 64, + "minLength": 1, + "description": "

The OpenSearch domain.

" } - } + }, + "required": [ + "Domain" + ], + "additionalProperties": false }, - "ManifestFileLocation": { - "description": "

Amazon S3 manifest file location.<\/p>", - "additionalProperties": false, + "AthenaParameters": { "type": "object", + "description": "

Parameters for Amazon Athena.

", "properties": { - "Bucket": { - "minLength": 1, - "description": "

Amazon S3 bucket.<\/p>", + "WorkGroup": { "type": "string", - "maxLength": 1024 - }, - "Key": { + "maxLength": 128, "minLength": 1, - "description": "

Amazon S3 key that identifies an object.<\/p>", + "description": "

The workgroup that Amazon Athena uses.

" + }, + "RoleArn": { "type": "string", - "maxLength": 1024 + "maxLength": 2048, + "minLength": 20, + "description": "

Use the RoleArn structure to override an account-wide role for a specific Athena data source. For example, say an account administrator has turned off all Athena access with an account-wide role. The administrator can then use RoleArn to bypass the account-wide role and allow Athena access for the single Athena data source that is specified in the structure, even if the account-wide role forbidding Athena access is still active.

" } }, - "required": [ - "Bucket", - "Key" - ] + "additionalProperties": false }, - "StarburstParameters": { - "description": "

The parameters that are required to connect to a Starburst data source.<\/p>", - "additionalProperties": false, + "AuroraParameters": { "type": "object", + "description": "

Parameters for Amazon Aurora.

", "properties": { + "Host": { + "type": "string", + "maxLength": 256, + "minLength": 1, + "description": "

Host.

" + }, "Port": { + "type": "number", "default": 0, "maximum": 65535, - "description": "

The port for the Starburst data source.<\/p>", - "type": "number", - "minimum": 1 + "minimum": 1, + "description": "

Port.

" }, - "ProductType": { - "$ref": "#/definitions/StarburstProductType" - }, - "Host": { - "minLength": 1, - "description": "

The host name of the Starburst data source.<\/p>", - "type": "string", - "maxLength": 256 - }, - "Catalog": { - "minLength": 0, - "description": "

The catalog name for the Starburst data source.<\/p>", + "Database": { "type": "string", - "maxLength": 128 + "maxLength": 128, + "minLength": 1, + "description": "

Database.

" } }, "required": [ - "Catalog", + "Database", "Host", "Port" - ] + ], + "additionalProperties": false }, - "RedshiftParameters": { - "description": "

The parameters for Amazon Redshift. The ClusterId<\/code> field can be blank if\n Host<\/code> and Port<\/code> are both set. The Host<\/code> and Port<\/code> fields can be blank if the ClusterId<\/code> field is set.<\/p>", - "additionalProperties": false, + "AuroraPostgreSqlParameters": { "type": "object", + "description": "

Parameters for Amazon Aurora PostgreSQL-Compatible Edition.

", "properties": { - "IAMParameters": { - "$ref": "#/definitions/RedshiftIAMParameters" - }, - "ClusterId": { - "minLength": 1, - "description": "

Cluster ID. This field can be blank if the Host<\/code> and Port<\/code> are\n provided.<\/p>", + "Host": { "type": "string", - "maxLength": 64 + "maxLength": 256, + "minLength": 1, + "description": "

The Amazon Aurora PostgreSQL-Compatible host to connect to.

" }, "Port": { + "type": "number", "default": 0, "maximum": 65535, - "description": "

Port. This field can be blank if the ClusterId<\/code> is provided.<\/p>", - "type": "number", - "minimum": 0 + "minimum": 1, + "description": "

The port that Amazon Aurora PostgreSQL is listening on.

" }, "Database": { - "minLength": 1, - "description": "

Database.<\/p>", "type": "string", - "maxLength": 128 - }, - "Host": { + "maxLength": 128, "minLength": 1, - "description": "

Host. This field can be blank if ClusterId<\/code> is provided.<\/p>", - "type": "string", - "maxLength": 256 - }, - "IdentityCenterConfiguration": { - "$ref": "#/definitions/IdentityCenterConfiguration" + "description": "

The Amazon Aurora PostgreSQL database to connect to.

" } }, "required": [ - "Database" - ] + "Database", + "Host", + "Port" + ], + "additionalProperties": false }, - "VpcConnectionProperties": { - "description": "

VPC connection properties.<\/p>", - "additionalProperties": false, + "AwsIotAnalyticsParameters": { "type": "object", + "description": "

The parameters for IoT Analytics.

", "properties": { - "VpcConnectionArn": { - "description": "

The Amazon Resource Name (ARN) for the VPC connection.<\/p>", - "type": "string" + "DataSetName": { + "type": "string", + "maxLength": 128, + "minLength": 1, + "description": "

Dataset name.

" } }, "required": [ - "VpcConnectionArn" - ] + "DataSetName" + ], + "additionalProperties": false }, - "SnowflakeParameters": { - "description": "

The parameters for Snowflake.<\/p>", - "additionalProperties": false, + "CredentialPair": { "type": "object", + "description": "

The combination of user name and password that are used as credentials.

", "properties": { - "Warehouse": { - "minLength": 0, - "description": "

Warehouse.<\/p>", + "Username": { "type": "string", - "maxLength": 128 + "maxLength": 64, + "minLength": 1, + "description": "

User name.

" }, - "Database": { + "Password": { + "type": "string", + "maxLength": 1024, "minLength": 1, - "description": "

Database.<\/p>", + "description": "

Password.

" + }, + "AlternateDataSourceParameters": { + "type": "array", + "items": { + "$ref": "#/definitions/DataSourceParameters" + }, + "maxItems": 50, + "minItems": 1, + "description": "

A set of alternate data source parameters that you want to share for these\n credentials. The credentials are applied in tandem with the data source parameters when\n you copy a data source by using a create or update request. The API operation compares\n the DataSourceParameters structure that's in the request with the\n structures in the AlternateDataSourceParameters allow list. If the\n structures are an exact match, the request is allowed to use the new data source with\n the existing credentials. If the AlternateDataSourceParameters list is\n null, the DataSourceParameters originally used with these\n Credentials is automatically allowed.

" + } + }, + "required": [ + "Password", + "Username" + ], + "additionalProperties": false + }, + "DataSourceCredentials": { + "type": "object", + "description": "

Data source credentials. This is a variant type structure. For this structure to be\n valid, only one of the attributes can be non-null.

", + "properties": { + "CredentialPair": { + "$ref": "#/definitions/CredentialPair" + }, + "CopySourceArn": { "type": "string", - "maxLength": 128 + "pattern": "^arn:[-a-z0-9]*:quicksight:[-a-z0-9]*:[0-9]{12}:datasource/.+$", + "description": "

The Amazon Resource Name (ARN) of a data source that has the credential pair that you\n want to use. When CopySourceArn is not null, the credential pair from the\n data source in the ARN is used as the credentials for the\n DataSourceCredentials structure.

" }, - "Host": { + "SecretArn": { + "type": "string", + "maxLength": 2048, "minLength": 1, - "description": "

Host.<\/p>", + "pattern": "^arn:[-a-z0-9]*:secretsmanager:[-a-z0-9]*:[0-9]{12}:secret:.+$", + "description": "

The Amazon Resource Name (ARN) of the secret associated with the data source in Amazon Secrets Manager.

" + } + }, + "additionalProperties": false + }, + "DataSourceErrorInfo": { + "type": "object", + "description": "

Error information for the data source creation or update.

", + "properties": { + "Type": { + "$ref": "#/definitions/DataSourceErrorInfoType" + }, + "Message": { "type": "string", - "maxLength": 256 + "description": "

Error message.

" } }, - "required": [ - "Database", - "Host", - "Warehouse" + "additionalProperties": false + }, + "DataSourceErrorInfoType": { + "type": "string", + "enum": [ + "ACCESS_DENIED", + "COPY_SOURCE_NOT_FOUND", + "TIMEOUT", + "ENGINE_VERSION_NOT_SUPPORTED", + "UNKNOWN_HOST", + "GENERIC_SQL_FAILURE", + "CONFLICT", + "UNKNOWN" ] }, + "DataSourceParameters": { + "type": "object", + "description": "

The parameters that Amazon QuickSight uses to connect to your underlying data source.\n This is a variant type structure. For this structure to be valid, only one of the\n attributes can be non-null.

", + "properties": { + "AmazonElasticsearchParameters": { + "$ref": "#/definitions/AmazonElasticsearchParameters" + }, + "AthenaParameters": { + "$ref": "#/definitions/AthenaParameters" + }, + "AuroraParameters": { + "$ref": "#/definitions/AuroraParameters" + }, + "AuroraPostgreSqlParameters": { + "$ref": "#/definitions/AuroraPostgreSqlParameters" + }, + "MariaDbParameters": { + "$ref": "#/definitions/MariaDbParameters" + }, + "MySqlParameters": { + "$ref": "#/definitions/MySqlParameters" + }, + "OracleParameters": { + "$ref": "#/definitions/OracleParameters" + }, + "PostgreSqlParameters": { + "$ref": "#/definitions/PostgreSqlParameters" + }, + "PrestoParameters": { + "$ref": "#/definitions/PrestoParameters" + }, + "RdsParameters": { + "$ref": "#/definitions/RdsParameters" + }, + "RedshiftParameters": { + "$ref": "#/definitions/RedshiftParameters" + }, + "S3Parameters": { + "$ref": "#/definitions/S3Parameters" + }, + "SnowflakeParameters": { + "$ref": "#/definitions/SnowflakeParameters" + }, + "SparkParameters": { + "$ref": "#/definitions/SparkParameters" + }, + "SqlServerParameters": { + "$ref": "#/definitions/SqlServerParameters" + }, + "TeradataParameters": { + "$ref": "#/definitions/TeradataParameters" + }, + "AmazonOpenSearchParameters": { + "$ref": "#/definitions/AmazonOpenSearchParameters" + }, + "DatabricksParameters": { + "$ref": "#/definitions/DatabricksParameters" + }, + "StarburstParameters": { + "$ref": "#/definitions/StarburstParameters" + }, + "TrinoParameters": { + "$ref": "#/definitions/TrinoParameters" + } + }, + "additionalProperties": false + }, "DataSourceType": { "type": "string", "enum": [ @@ -290,6 +306,7 @@ "PRESTO", "REDSHIFT", "S3", + "S3_TABLES", "SALESFORCE", "SERVICENOW", "SNOWFLAKE", @@ -310,787 +327,783 @@ "GLUE" ] }, - "AmazonElasticsearchParameters": { - "description": "

The parameters for OpenSearch.<\/p>", - "additionalProperties": false, + "DatabricksParameters": { "type": "object", + "description": "

The parameters that are required to connect to a Databricks data source.

", "properties": { - "Domain": { - "minLength": 1, - "description": "

The OpenSearch domain.<\/p>", + "Host": { "type": "string", - "maxLength": 64 - } - }, - "required": [ - "Domain" - ] - }, - "AmazonOpenSearchParameters": { - "description": "

The parameters for OpenSearch.<\/p>", - "additionalProperties": false, - "type": "object", - "properties": { - "Domain": { + "maxLength": 256, "minLength": 1, - "description": "

The OpenSearch domain.<\/p>", - "type": "string", - "maxLength": 64 - } - }, - "required": [ - "Domain" - ] - }, - "ResourceStatus": { - "type": "string", - "enum": [ - "CREATION_IN_PROGRESS", - "CREATION_SUCCESSFUL", - "CREATION_FAILED", - "UPDATE_IN_PROGRESS", - "UPDATE_SUCCESSFUL", - "UPDATE_FAILED", - "DELETED" - ] - }, - "AuroraParameters": { - "description": "

Parameters for Amazon Aurora.<\/p>", - "additionalProperties": false, - "type": "object", - "properties": { + "description": "

The host name of the Databricks data source.

" + }, "Port": { + "type": "number", "default": 0, "maximum": 65535, - "description": "

Port.<\/p>", - "type": "number", - "minimum": 1 + "minimum": 1, + "description": "

The port for the Databricks data source.

" }, - "Database": { - "minLength": 1, - "description": "

Database.<\/p>", + "SqlEndpointPath": { "type": "string", - "maxLength": 128 - }, - "Host": { + "maxLength": 4096, "minLength": 1, - "description": "

Host.<\/p>", - "type": "string", - "maxLength": 256 + "description": "

The HTTP path of the Databricks data source.

" } }, "required": [ - "Database", "Host", - "Port" - ] - }, - "S3Parameters": { - "description": "

The parameters for S3.<\/p>", - "additionalProperties": false, - "type": "object", - "properties": { - "ManifestFileLocation": { - "$ref": "#/definitions/ManifestFileLocation" - }, - "RoleArn": { - "minLength": 20, - "description": "

Use the RoleArn<\/code> structure to override an account-wide role for a specific S3 data source. For example, say an account administrator has turned off all S3 access with an account-wide role. The administrator can then use RoleArn<\/code> to bypass the account-wide role and allow S3 access for the single S3 data source that is specified in the structure, even if the account-wide role forbidding S3 access is still active.<\/p>", - "type": "string", - "maxLength": 2048 - } - }, - "required": [ - "ManifestFileLocation" - ] + "Port", + "SqlEndpointPath" + ], + "additionalProperties": false }, "IdentityCenterConfiguration": { - "description": "

The parameters for an IAM Identity Center configuration.<\/p>", - "additionalProperties": false, "type": "object", + "description": "

The parameters for an IAM Identity Center configuration.

", "properties": { "EnableIdentityPropagation": { + "type": "boolean", "default": null, - "description": "

A Boolean option that controls whether Trusted Identity Propagation should be used.<\/p>", - "type": "boolean" - } - } - }, - "SslProperties": { - "description": "

Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your\n underlying data source.<\/p>", - "additionalProperties": false, - "type": "object", - "properties": { - "DisableSsl": { - "default": false, - "description": "

A Boolean option to control whether SSL should be disabled.<\/p>", - "type": "boolean" + "description": "

A Boolean option that controls whether Trusted Identity Propagation should be used.

" } - } - }, - "DataSourceErrorInfoType": { - "type": "string", - "enum": [ - "ACCESS_DENIED", - "COPY_SOURCE_NOT_FOUND", - "TIMEOUT", - "ENGINE_VERSION_NOT_SUPPORTED", - "UNKNOWN_HOST", - "GENERIC_SQL_FAILURE", - "CONFLICT", - "UNKNOWN" - ] + }, + "additionalProperties": false }, - "ResourcePermission": { - "description": "

Permission for the resource.<\/p>", - "additionalProperties": false, + "ManifestFileLocation": { "type": "object", + "description": "

Amazon S3 manifest file location.

", "properties": { - "Actions": { - "minItems": 1, - "maxItems": 20, - "description": "

The IAM action to grant or revoke permissions on.<\/p>", - "type": "array", - "items": { - "type": "string" - } - }, - "Resource": { - "type": "string" - }, - "Principal": { + "Bucket": { + "type": "string", + "maxLength": 1024, "minLength": 1, - "description": "

The Amazon Resource Name (ARN) of the principal. This can be one of the\n following:<\/p>\n