diff --git a/CHANGELOG.md b/CHANGELOG.md
index 151bec686ea..e207212ee96 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@ CHANGELOG
=========
## HEAD (Unreleased)
-_(none)_
+* Upgrade to v3.67.0 of the AWS Terraform Provider
---
diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json
index 81c797cfc42..76a57d7e5fc 100644
--- a/provider/cmd/pulumi-resource-aws/schema.json
+++ b/provider/cmd/pulumi-resource-aws/schema.json
@@ -11309,10 +11309,7 @@
}
}
},
- "type": "object",
- "required": [
- "instanceRoleArn"
- ]
+ "type": "object"
},
"aws:apprunner/ServiceSourceConfiguration:ServiceSourceConfiguration": {
"properties": {
@@ -12412,6 +12409,15 @@
}
}
},
+ "engineVersion": {
+ "$ref": "#/types/aws:athena/WorkgroupConfigurationEngineVersion:WorkgroupConfigurationEngineVersion",
+ "description": "Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). Documented below.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"publishCloudwatchMetricsEnabled": {
"type": "boolean",
"description": "Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`.\n",
@@ -12442,6 +12448,36 @@
},
"type": "object"
},
+ "aws:athena/WorkgroupConfigurationEngineVersion:WorkgroupConfigurationEngineVersion": {
+ "properties": {
+ "effectiveEngineVersion": {
+ "type": "string",
+ "description": "The engine version on which the query runs. If `selected_engine_version` is set to `AUTO`, the effective engine version is chosen by Athena.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "selectedEngineVersion": {
+ "type": "string",
+ "description": "The requested engine version. Defaults to `AUTO`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "language": {
+ "nodejs": {
+ "requiredOutputs": [
+ "effectiveEngineVersion"
+ ]
+ }
+ }
+ },
"aws:athena/WorkgroupConfigurationResultConfiguration:WorkgroupConfigurationResultConfiguration": {
"properties": {
"encryptionConfiguration": {
@@ -15177,11 +15213,48 @@
},
"type": "object"
},
+ "aws:cfg/RemediationConfigurationExecutionControls:RemediationConfigurationExecutionControls": {
+ "properties": {
+ "ssmControls": {
+ "$ref": "#/types/aws:cfg/RemediationConfigurationExecutionControlsSsmControls:RemediationConfigurationExecutionControlsSsmControls",
+ "description": "Configuration block for SSM controls. See below.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object"
+ },
+ "aws:cfg/RemediationConfigurationExecutionControlsSsmControls:RemediationConfigurationExecutionControlsSsmControls": {
+ "properties": {
+ "concurrentExecutionRatePercentage": {
+ "type": "integer",
+ "description": "Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "errorPercentage": {
+ "type": "integer",
+ "description": "Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object"
+ },
"aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter": {
"properties": {
"name": {
"type": "string",
- "description": "The name of the attribute.\n",
+ "description": "Name of the attribute.\n",
"language": {
"python": {
"mapCase": false
@@ -15190,7 +15263,7 @@
},
"resourceValue": {
"type": "string",
- "description": "The value is dynamic and changes at run-time.\n",
+ "description": "Value is dynamic and changes at run-time.\n",
"language": {
"python": {
"mapCase": false
@@ -15199,7 +15272,7 @@
},
"staticValue": {
"type": "string",
- "description": "The value is static and does not change at run-time.\n",
+ "description": "Value is static and does not change at run-time.\n",
"language": {
"python": {
"mapCase": false
@@ -19188,9 +19261,21 @@
}
}
},
+ "excludeManagementEventSources": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "A set of event sources to exclude. Valid values include: `kms.amazonaws.com` and `rdsdata.amazonaws.com`. `include_management_events` must be set to`true` to allow this.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"includeManagementEvents": {
"type": "boolean",
- "description": "Whether to include management events for your trail.\n",
+ "description": "Whether to include management events for your trail. Defaults to `true`.\n",
"language": {
"python": {
"mapCase": false
@@ -23613,6 +23698,9 @@
"accessanalyzer": {
"type": "string"
},
+ "account": {
+ "type": "string"
+ },
"acm": {
"type": "string"
},
@@ -25191,7 +25279,7 @@
"properties": {
"copyTags": {
"type": "boolean",
- "description": "Copy all user-defined tags on a source volume to snapshots of the volume created by this policy.\n",
+ "description": "Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.\n",
"language": {
"python": {
"mapCase": false
@@ -25207,6 +25295,18 @@
}
}
},
+ "crossRegionCopyRules": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule:LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule"
+ },
+ "description": "See the `cross_region_copy_rule` block. Max of 3 per schedule.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"name": {
"type": "string",
"description": "A name for the schedule.\n",
@@ -25218,7 +25318,7 @@
},
"retainRule": {
"$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetailsScheduleRetainRule:LifecyclePolicyPolicyDetailsScheduleRetainRule",
- "description": "See the `retain_rule` block. Max of 1 per schedule.\n",
+ "description": "The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.\n",
"language": {
"python": {
"mapCase": false
@@ -25259,7 +25359,7 @@
"properties": {
"interval": {
"type": "integer",
- "description": "How often this lifecycle policy should be evaluated. `1`, `2`,`3`,`4`,`6`,`8`,`12` or `24` are valid values.\n",
+ "description": "The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.\n",
"language": {
"python": {
"mapCase": false
@@ -25268,7 +25368,7 @@
},
"intervalUnit": {
"type": "string",
- "description": "The unit for how often the lifecycle policy should be evaluated. `HOURS` is currently the only allowed value and also the default value.\n",
+ "description": "The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.\n",
"language": {
"python": {
"mapCase": false
@@ -25298,6 +25398,123 @@
}
}
},
+ "aws:dlm/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule:LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule": {
+ "properties": {
+ "cmkArn": {
+ "type": "string",
+ "description": "The Amazon Resource Name (ARN) of the AWS KMS customer master key (CMK) to use for EBS encryption. If this argument is not specified, the default KMS key for the account is used.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "copyTags": {
+ "type": "boolean",
+ "description": "Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "deprecateRule": {
+ "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule:LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule",
+ "description": "The AMI deprecation rule for cross-Region AMI copies created by the rule. See the `deprecate_rule` block.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "encrypted": {
+ "type": "boolean",
+ "description": "To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Copies of encrypted snapshots are encrypted, even if this parameter is false or if encryption by default is not enabled.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "retainRule": {
+ "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule:LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule",
+ "description": "The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "target": {
+ "type": "string",
+ "description": "The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "encrypted",
+ "target"
+ ]
+ },
+ "aws:dlm/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule:LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule": {
+ "properties": {
+ "interval": {
+ "type": "integer",
+ "description": "The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "intervalUnit": {
+ "type": "string",
+ "description": "The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "interval",
+ "intervalUnit"
+ ]
+ },
+ "aws:dlm/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule:LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule": {
+ "properties": {
+ "interval": {
+ "type": "integer",
+ "description": "The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "intervalUnit": {
+ "type": "string",
+ "description": "The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "interval",
+ "intervalUnit"
+ ]
+ },
"aws:dlm/LifecyclePolicyPolicyDetailsScheduleRetainRule:LifecyclePolicyPolicyDetailsScheduleRetainRule": {
"properties": {
"count": {
@@ -33717,6 +33934,36 @@
"values"
]
},
+ "aws:ec2/getInstanceTypesFilter:getInstanceTypesFilter": {
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "Name of the filter.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "values": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "List of one or more values for the filter.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "name",
+ "values"
+ ]
+ },
"aws:ec2/getInstancesFilter:getInstancesFilter": {
"properties": {
"name": {
@@ -45483,6 +45730,323 @@
}
}
},
+ "aws:fsx/OntapStorageVirtualMachineActiveDirectoryConfiguration:OntapStorageVirtualMachineActiveDirectoryConfiguration": {
+ "properties": {
+ "netbiosName": {
+ "type": "string",
+ "description": "The NetBIOS name of the Active Directory computer object that will be created for your SVM. This is often the same as the SVM name but can be different. It is limited to 15 characters because of standard NetBIOS naming limits.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "selfManagedActiveDirectoryConfiguration": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfiguration:OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfiguration",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object"
+ },
+ "aws:fsx/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfiguration:OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfiguration": {
+ "properties": {
+ "dnsIps": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "A list of up to three IP addresses of DNS servers or domain controllers in the self-managed AD directory.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "domainName": {
+ "type": "string",
+ "description": "The fully qualified domain name of the self-managed AD directory. For example, `corp.example.com`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "fileSystemAdministratorsGroup": {
+ "type": "string",
+ "description": "The name of the domain group whose members are granted administrative privileges for the SVM. The group that you specify must already exist in your domain. Defaults to `Domain Admins`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "organizationalUnitDistinguidshedName": {
+ "type": "string",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "password": {
+ "type": "string",
+ "description": "The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "username": {
+ "type": "string",
+ "description": "The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "dnsIps",
+ "domainName",
+ "password",
+ "username"
+ ]
+ },
+ "aws:fsx/OntapStorageVirtualMachineEndpoint:OntapStorageVirtualMachineEndpoint": {
+ "properties": {
+ "iscses": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineEndpointIscse:OntapStorageVirtualMachineEndpointIscse"
+ },
+ "description": "An endpoint for accessing data on your storage virtual machine via iSCSI protocol. See Endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "managements": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineEndpointManagement:OntapStorageVirtualMachineEndpointManagement"
+ },
+ "description": "An endpoint for managing your file system using the NetApp ONTAP CLI and NetApp ONTAP API. See Endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "nfs": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineEndpointNf:OntapStorageVirtualMachineEndpointNf"
+ },
+ "description": "An endpoint for accessing data on your storage virtual machine via NFS protocol. See Endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "smbs": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineEndpointSmb:OntapStorageVirtualMachineEndpointSmb"
+ },
+ "description": "An endpoint for accessing data on your storage virtual machine via SMB protocol. This is only set if an active_directory_configuration has been set. See Endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "language": {
+ "nodejs": {
+ "requiredOutputs": [
+ "iscses",
+ "managements",
+ "nfs",
+ "smbs"
+ ]
+ }
+ }
+ },
+ "aws:fsx/OntapStorageVirtualMachineEndpointIscse:OntapStorageVirtualMachineEndpointIscse": {
+ "properties": {
+ "dnsName": {
+ "type": "string",
+ "description": "The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "ipAddresses": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "IP addresses of the storage virtual machine endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "language": {
+ "nodejs": {
+ "requiredOutputs": [
+ "dnsName",
+ "ipAddresses"
+ ]
+ }
+ }
+ },
+ "aws:fsx/OntapStorageVirtualMachineEndpointManagement:OntapStorageVirtualMachineEndpointManagement": {
+ "properties": {
+ "dnsName": {
+ "type": "string",
+ "description": "The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "ipAddresses": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "IP addresses of the storage virtual machine endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "language": {
+ "nodejs": {
+ "requiredOutputs": [
+ "dnsName",
+ "ipAddresses"
+ ]
+ }
+ }
+ },
+ "aws:fsx/OntapStorageVirtualMachineEndpointNf:OntapStorageVirtualMachineEndpointNf": {
+ "properties": {
+ "dnsName": {
+ "type": "string",
+ "description": "The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "ipAddresses": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "IP addresses of the storage virtual machine endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "language": {
+ "nodejs": {
+ "requiredOutputs": [
+ "dnsName",
+ "ipAddresses"
+ ]
+ }
+ }
+ },
+ "aws:fsx/OntapStorageVirtualMachineEndpointSmb:OntapStorageVirtualMachineEndpointSmb": {
+ "properties": {
+ "dnsName": {
+ "type": "string",
+ "description": "The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "ipAddresses": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "IP addresses of the storage virtual machine endpoint.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "language": {
+ "nodejs": {
+ "requiredOutputs": [
+ "dnsName",
+ "ipAddresses"
+ ]
+ }
+ }
+ },
+ "aws:fsx/OntapVolumeTieringPolicy:OntapVolumeTieringPolicy": {
+ "properties": {
+ "coolingPeriod": {
+ "type": "integer",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "name": {
+ "type": "string",
+ "description": "Specifies the tiering policy for the ONTAP volume for moving data to the capacity pool storage. Valid values are `SNAPSHOT_ONLY`, `AUTO`, `ALL`, `NONE`. Default value is `SNAPSHOT_ONLY`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "language": {
+ "nodejs": {
+ "requiredOutputs": [
+ "name"
+ ]
+ }
+ }
+ },
"aws:fsx/WindowsFileSystemAuditLogConfiguration:WindowsFileSystemAuditLogConfiguration": {
"properties": {
"auditLogDestination": {
@@ -50754,6 +51318,36 @@
}
}
},
+ "aws:imagebuilder/getImageRecipesFilter:getImageRecipesFilter": {
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the filter field. Valid values can be found in the [Image Builder ListImageRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageRecipes.html).\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "values": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "name",
+ "values"
+ ]
+ },
"aws:imagebuilder/getInfrastructureConfigurationLogging:getInfrastructureConfigurationLogging": {
"properties": {
"s3Logs": {
@@ -50915,6 +51509,14 @@
}
}
},
+ "account": {
+ "type": "string",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"acm": {
"type": "string",
"language": {
@@ -82393,6 +82995,15 @@
"mapCase": false
}
}
+ },
+ "s3Region": {
+ "type": "string",
+ "description": "The S3 bucket region.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
}
},
"type": "object",
@@ -85093,6 +85704,43 @@
"regexString"
]
},
+ "aws:wafv2/RuleGroupCustomResponseBody:RuleGroupCustomResponseBody": {
+ "properties": {
+ "content": {
+ "type": "string",
+ "description": "The payload of the custom response.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "contentType": {
+ "type": "string",
+ "description": "The type of content in the payload that you are defining in the `content` argument. Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "key": {
+ "type": "string",
+ "description": "A unique key identifying the custom response body. This is referenced by the `custom_response_body_key` argument in the Custom Response block.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "content",
+ "contentType",
+ "key"
+ ]
+ },
"aws:wafv2/RuleGroupRule:RuleGroupRule": {
"properties": {
"action": {
@@ -85122,6 +85770,18 @@
}
}
},
+ "ruleLabels": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleRuleLabel:RuleGroupRuleRuleLabel"
+ },
+ "description": "Labels to apply to web requests that match the rule match statement. See Rule Label below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"statement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatement:RuleGroupRuleStatement",
"description": "The AWS WAF processing statement for the rule, for example `byte_match_statement` or `geo_match_statement`. See Statement below for details.\n",
@@ -85220,7 +85880,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -85259,6 +85919,15 @@
},
"aws:wafv2/RuleGroupRuleActionBlockCustomResponse:RuleGroupRuleActionBlockCustomResponse": {
"properties": {
+ "customResponseBodyKey": {
+ "type": "string",
+ "description": "References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `custom_response_body` block of this resource.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"responseCode": {
"type": "integer",
"description": "The HTTP status code to return to the client.\n",
@@ -85290,7 +85959,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -85351,7 +86020,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -85374,6 +86043,23 @@
"value"
]
},
+ "aws:wafv2/RuleGroupRuleRuleLabel:RuleGroupRuleRuleLabel": {
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The label string.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "name"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatement:RuleGroupRuleStatement": {
"properties": {
"andStatement": {
@@ -85412,6 +86098,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementLabelMatchStatement:RuleGroupRuleStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatement:RuleGroupRuleStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -85527,6 +86222,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatement:RuleGroupRuleStatementAndStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -85633,6 +86337,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -85984,6 +86697,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -87018,6 +87758,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatement:RuleGroupRuleStatementAndStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -87067,6 +87834,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -87418,6 +88194,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -88189,6 +88992,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -88540,6 +89352,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -90296,6 +91135,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementLabelMatchStatement:RuleGroupRuleStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementNotStatement:RuleGroupRuleStatementNotStatement": {
"properties": {
"statements": {
@@ -90354,6 +91220,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatement:RuleGroupRuleStatementNotStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -90460,6 +91335,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -90811,6 +91695,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -91845,6 +92756,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatement:RuleGroupRuleStatementNotStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -91894,6 +92832,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -92245,6 +93192,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -93016,6 +93990,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -93367,6 +94350,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -94869,6 +95879,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatement:RuleGroupRuleStatementOrStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -94975,6 +95994,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -95326,6 +96354,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -96360,6 +97415,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatement:RuleGroupRuleStatementOrStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -96409,6 +97491,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -96760,6 +97851,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -97531,6 +98649,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -97882,6 +99009,33 @@
"position"
]
},
+ "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -100122,6 +101276,43 @@
"sampledRequestsEnabled"
]
},
+ "aws:wafv2/WebAclCustomResponseBody:WebAclCustomResponseBody": {
+ "properties": {
+ "content": {
+ "type": "string",
+ "description": "The payload of the custom response.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "contentType": {
+ "type": "string",
+ "description": "The type of content in the payload that you are defining in the `content` argument. Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "key": {
+ "type": "string",
+ "description": "A unique key identifying the custom response body. This is referenced by the `custom_response_body_key` argument in the Custom Response block.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "content",
+ "contentType",
+ "key"
+ ]
+ },
"aws:wafv2/WebAclDefaultAction:WebAclDefaultAction": {
"properties": {
"allow": {
@@ -100183,7 +101374,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -100222,6 +101413,15 @@
},
"aws:wafv2/WebAclDefaultActionBlockCustomResponse:WebAclDefaultActionBlockCustomResponse": {
"properties": {
+ "customResponseBodyKey": {
+ "type": "string",
+ "description": "References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `custom_response_body` block of this resource.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"responseCode": {
"type": "integer",
"description": "The HTTP status code to return to the client.\n",
@@ -100253,7 +101453,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -100562,6 +101762,18 @@
}
}
},
+ "ruleLabels": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleRuleLabel:WebAclRuleRuleLabel"
+ },
+ "description": "Labels to apply to web requests that match the rule match statement. See Rule Label below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"statement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatement:WebAclRuleStatement",
"description": "The AWS WAF processing statement for the rule, for example `byte_match_statement` or `geo_match_statement`. See Statement below for details.\n",
@@ -100659,7 +101871,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -100698,6 +101910,15 @@
},
"aws:wafv2/WebAclRuleActionBlockCustomResponse:WebAclRuleActionBlockCustomResponse": {
"properties": {
+ "customResponseBodyKey": {
+ "type": "string",
+ "description": "References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `custom_response_body` block of this resource.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"responseCode": {
"type": "integer",
"description": "The HTTP status code to return to the client.\n",
@@ -100729,7 +101950,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -100790,7 +102011,7 @@
"properties": {
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n",
+ "description": "The label string.\n",
"language": {
"python": {
"mapCase": false
@@ -100842,6 +102063,23 @@
"aws:wafv2/WebAclRuleOverrideActionNone:WebAclRuleOverrideActionNone": {
"type": "object"
},
+ "aws:wafv2/WebAclRuleRuleLabel:WebAclRuleRuleLabel": {
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The label string.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "name"
+ ]
+ },
"aws:wafv2/WebAclRuleStatement:WebAclRuleStatement": {
"properties": {
"andStatement": {
@@ -100880,6 +102118,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementLabelMatchStatement:WebAclRuleStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"managedRuleGroupStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatement:WebAclRuleStatementManagedRuleGroupStatement",
"description": "A rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.\n",
@@ -101022,6 +102269,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -101137,6 +102393,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -101243,6 +102508,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -101594,6 +102868,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -102628,6 +103929,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -102677,6 +104005,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -103028,6 +104365,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -103799,6 +105163,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -104150,6 +105523,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -105906,6 +107306,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -105964,6 +107391,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -106070,6 +107506,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -106421,6 +107866,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -107455,6 +108927,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -107504,6 +109003,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -107855,6 +109363,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -108626,6 +110161,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -108977,6 +110521,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -110479,6 +112050,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -110585,6 +112165,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -110936,6 +112525,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -111970,6 +113586,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -112019,6 +113662,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -112370,6 +114022,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -113141,6 +114820,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -113492,6 +115180,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -115970,6 +117685,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementLabelMatchStatement:WebAclRuleStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatement:WebAclRuleStatementManagedRuleGroupStatement": {
"properties": {
"excludedRules": {
@@ -116073,6 +117815,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -116188,6 +117939,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -116294,6 +118054,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -116645,6 +118414,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -117679,6 +119475,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -117728,6 +119551,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -118079,6 +119911,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -118850,6 +120709,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -119201,6 +121069,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -120957,6 +122852,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement": {
"properties": {
"statements": {
@@ -121015,6 +122937,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -121121,6 +123052,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -121472,6 +123412,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -122506,6 +124473,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -122555,6 +124549,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -122906,6 +124909,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -123677,6 +125707,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -124028,6 +126067,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -125530,6 +127596,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -125636,6 +127711,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -125987,6 +128071,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -127021,6 +129132,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -127070,6 +129208,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -127421,6 +129568,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -128192,6 +130366,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -128543,6 +130726,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -130767,6 +132977,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -130882,6 +133101,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -130988,6 +133216,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -131339,6 +133576,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -132373,6 +134637,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -132422,6 +134713,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -132773,6 +135073,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -133544,6 +135871,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -133895,6 +136231,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -135651,6 +138014,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -135709,6 +138099,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -135815,6 +138214,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -136166,6 +138574,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -137200,6 +139635,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -137249,6 +139711,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -137600,6 +140071,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -138371,6 +140869,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -138722,6 +141229,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -140224,6 +142758,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -140330,6 +142873,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -140681,6 +143233,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -141715,6 +144294,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -141764,6 +144370,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -142115,6 +144730,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -142886,6 +145528,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -143237,6 +145888,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -145461,6 +148139,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -145576,6 +148263,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -145682,6 +148378,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -146033,6 +148738,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -147067,6 +149799,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -147116,6 +149875,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -147467,6 +150235,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -148238,6 +151033,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -148589,6 +151393,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -150345,6 +153176,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -150403,6 +153261,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -150509,6 +153376,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -150860,6 +153736,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -151894,6 +154797,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -151943,6 +154873,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -152294,6 +155233,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -153065,6 +156031,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -153416,6 +156391,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -154918,6 +157920,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -155024,6 +158035,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -155375,6 +158395,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -156409,6 +159456,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -156458,6 +159532,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -156809,6 +159892,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -157580,6 +160690,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -157931,6 +161050,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -160206,6 +163352,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -160321,6 +163476,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -160427,6 +163591,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -160778,6 +163951,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -161812,6 +165012,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -161861,6 +165088,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -162212,6 +165448,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -162983,6 +166246,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -163334,6 +166606,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -165090,6 +168389,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement": {
"properties": {
"statements": {
@@ -165148,6 +168474,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -165254,6 +168589,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -165605,6 +168949,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -166639,6 +170010,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -166688,6 +170086,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -167039,6 +170446,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -167810,6 +171244,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -168161,6 +171604,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -169663,6 +173133,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"notStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement",
"description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n",
@@ -169769,6 +173248,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -170120,6 +173608,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -171154,6 +174669,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement": {
"properties": {
"statements": {
@@ -171203,6 +174745,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -171554,6 +175105,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -172325,6 +175903,15 @@
}
}
},
+ "labelMatchStatement": {
+ "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement",
+ "description": "A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
"regexPatternSetReferenceStatement": {
"$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement",
"description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n",
@@ -172676,6 +176263,33 @@
"position"
]
},
+ "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementLabelMatchStatement": {
+ "properties": {
+ "key": {
+ "type": "string",
+ "description": "The string to match against.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ },
+ "scope": {
+ "type": "string",
+ "description": "Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`.\n",
+ "language": {
+ "python": {
+ "mapCase": false
+ }
+ }
+ }
+ },
+ "type": "object",
+ "required": [
+ "key",
+ "scope"
+ ]
+ },
"aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": {
"properties": {
"arn": {
@@ -176668,6 +180282,92 @@
"type": "object"
}
},
+ "aws:account/alternativeContact:AlternativeContact": {
+ "description": "Manages the specified alternate contact attached to an AWS Account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst operations = new aws.account.AlternativeContact(\"operations\", {\n alternateContactType: \"OPERATIONS\",\n emailAddress: \"test@example.com\",\n phoneNumber: \"+1234567890\",\n title: \"Example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noperations = aws.account.AlternativeContact(\"operations\",\n alternate_contact_type=\"OPERATIONS\",\n email_address=\"test@example.com\",\n phone_number=\"+1234567890\",\n title=\"Example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var operations = new Aws.Account.AlternativeContact(\"operations\", new Aws.Account.AlternativeContactArgs\n {\n AlternateContactType = \"OPERATIONS\",\n EmailAddress = \"test@example.com\",\n PhoneNumber = \"+1234567890\",\n Title = \"Example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/account\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := account.NewAlternativeContact(ctx, \"operations\", \u0026account.AlternativeContactArgs{\n\t\t\tAlternateContactType: pulumi.String(\"OPERATIONS\"),\n\t\t\tEmailAddress: pulumi.String(\"test@example.com\"),\n\t\t\tPhoneNumber: pulumi.String(\"+1234567890\"),\n\t\t\tTitle: pulumi.String(\"Example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe current Alternate Contact can be imported using the `alternate_contact_type`, e.g.,\n\n```sh\n $ pulumi import aws:account/alternativeContact:AlternativeContact operations OPERATIONS\n```\n\n ",
+ "properties": {
+ "alternateContactType": {
+ "type": "string",
+ "description": "The type of the alternate contact. Allowed values are: `BILLING`, `OPERATIONS`, `SECURITY`.\n"
+ },
+ "emailAddress": {
+ "type": "string",
+ "description": "An email address for the alternate contact.\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the alternate contact.\n"
+ },
+ "phoneNumber": {
+ "type": "string",
+ "description": "A phone number for the alternate contact.\n"
+ },
+ "title": {
+ "type": "string",
+ "description": "A title for the alternate contact.\n"
+ }
+ },
+ "required": [
+ "alternateContactType",
+ "emailAddress",
+ "name",
+ "phoneNumber",
+ "title"
+ ],
+ "inputProperties": {
+ "alternateContactType": {
+ "type": "string",
+ "description": "The type of the alternate contact. Allowed values are: `BILLING`, `OPERATIONS`, `SECURITY`.\n"
+ },
+ "emailAddress": {
+ "type": "string",
+ "description": "An email address for the alternate contact.\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the alternate contact.\n"
+ },
+ "phoneNumber": {
+ "type": "string",
+ "description": "A phone number for the alternate contact.\n"
+ },
+ "title": {
+ "type": "string",
+ "description": "A title for the alternate contact.\n"
+ }
+ },
+ "requiredInputs": [
+ "alternateContactType",
+ "emailAddress",
+ "phoneNumber",
+ "title"
+ ],
+ "stateInputs": {
+ "description": "Input properties used for looking up and filtering AlternativeContact resources.\n",
+ "properties": {
+ "alternateContactType": {
+ "type": "string",
+ "description": "The type of the alternate contact. Allowed values are: `BILLING`, `OPERATIONS`, `SECURITY`.\n"
+ },
+ "emailAddress": {
+ "type": "string",
+ "description": "An email address for the alternate contact.\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the alternate contact.\n"
+ },
+ "phoneNumber": {
+ "type": "string",
+ "description": "A phone number for the alternate contact.\n"
+ },
+ "title": {
+ "type": "string",
+ "description": "A title for the alternate contact.\n"
+ }
+ },
+ "type": "object"
+ }
+ },
"aws:acm/certificate:Certificate": {
"description": "The ACM certificate resource allows requesting and management of certificates\nfrom the Amazon Certificate Manager.\n\nIt deals with requesting certificates and managing their attributes and life-cycle.\nThis resource does not deal with validation of a certificate but can provide inputs\nfor other resources implementing the validation. It does not wait for a certificate to be issued.\nUse a `aws.acm.CertificateValidation` resource for this.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.acm.CertificateValidation` to request a DNS validated certificate,\ndeploy the required validation records and wait for validation to complete.\n\nDomain validation through E-Mail is also supported but should be avoided as it requires a manual step outside\nof this provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create Certificate\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cert = new aws.acm.Certificate(\"cert\", {\n domainName: \"example.com\",\n tags: {\n Environment: \"test\",\n },\n validationMethod: \"DNS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.acm.Certificate(\"cert\",\n domain_name=\"example.com\",\n tags={\n \"Environment\": \"test\",\n },\n validation_method=\"DNS\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cert = new Aws.Acm.Certificate(\"cert\", new Aws.Acm.CertificateArgs\n {\n DomainName = \"example.com\",\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n ValidationMethod = \"DNS\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tValidationMethod: pulumi.String(\"DNS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Existing Certificate Body Import\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst examplePrivateKey = new tls.PrivateKey(\"examplePrivateKey\", {algorithm: \"RSA\"});\nconst exampleSelfSignedCert = new tls.SelfSignedCert(\"exampleSelfSignedCert\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: examplePrivateKey.privateKeyPem,\n subjects: [{\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n }],\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\nconst cert = new aws.acm.Certificate(\"cert\", {\n privateKey: examplePrivateKey.privateKeyPem,\n certificateBody: exampleSelfSignedCert.certPem,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nexample_private_key = tls.PrivateKey(\"examplePrivateKey\", algorithm=\"RSA\")\nexample_self_signed_cert = tls.SelfSignedCert(\"exampleSelfSignedCert\",\n key_algorithm=\"RSA\",\n private_key_pem=example_private_key.private_key_pem,\n subjects=[tls.SelfSignedCertSubjectArgs(\n common_name=\"example.com\",\n organization=\"ACME Examples, Inc\",\n )],\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\ncert = aws.acm.Certificate(\"cert\",\n private_key=example_private_key.private_key_pem,\n certificate_body=example_self_signed_cert.cert_pem)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePrivateKey = new Tls.PrivateKey(\"examplePrivateKey\", new Tls.PrivateKeyArgs\n {\n Algorithm = \"RSA\",\n });\n var exampleSelfSignedCert = new Tls.SelfSignedCert(\"exampleSelfSignedCert\", new Tls.SelfSignedCertArgs\n {\n KeyAlgorithm = \"RSA\",\n PrivateKeyPem = examplePrivateKey.PrivateKeyPem,\n Subjects = \n {\n new Tls.Inputs.SelfSignedCertSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n },\n ValidityPeriodHours = 12,\n AllowedUses = \n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n var cert = new Aws.Acm.Certificate(\"cert\", new Aws.Acm.CertificateArgs\n {\n PrivateKey = examplePrivateKey.PrivateKeyPem,\n CertificateBody = exampleSelfSignedCert.CertPem,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePrivateKey, err := tls.NewPrivateKey(ctx, \"examplePrivateKey\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, \"exampleSelfSignedCert\", \u0026tls.SelfSignedCertArgs{\n\t\t\tKeyAlgorithm: pulumi.String(\"RSA\"),\n\t\t\tPrivateKeyPem: examplePrivateKey.PrivateKeyPem,\n\t\t\tSubjects: SelfSignedCertSubjectArray{\n\t\t\t\t\u0026SelfSignedCertSubjectArgs{\n\t\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acm.NewCertificate(ctx, \"cert\", \u0026acm.CertificateArgs{\n\t\t\tPrivateKey: examplePrivateKey.PrivateKeyPem,\n\t\t\tCertificateBody: exampleSelfSignedCert.CertPem,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Referencing domain_validation_options With for_each Based Resources\n\nSee the `aws.acm.CertificateValidation` resource for a full example of performing DNS validation.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example: aws.route53.Record[];\nfor (const range of Object.entries(.reduce((__obj, dvo) =\u003e { ...__obj, [dvo.domainName]: {\n name: dvo.resourceRecordName,\n record: dvo.resourceRecordValue,\n type: dvo.resourceRecordType,\n} })).map(([k, v]) =\u003e {key: k, value: v})) {\n example.push(new aws.route53.Record(`example-${range.key}`, {\n allowOverwrite: true,\n name: range.value.name,\n records: [range.value.record],\n ttl: 60,\n type: range.value.type,\n zoneId: aws_route53_zone.example.zone_id,\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = []\nfor range in [{\"key\": k, \"value\": v} for [k, v] in enumerate({dvo.domainName: {\n name: dvo.resourceRecordName,\n record: dvo.resourceRecordValue,\n type: dvo.resourceRecordType,\n} for dvo in aws_acm_certificate.example.domain_validation_options})]:\n example.append(aws.route53.Record(f\"example-{range['key']}\",\n allow_overwrite=True,\n name=range[\"value\"][\"name\"],\n records=[range[\"value\"][\"record\"]],\n ttl=60,\n type=range[\"value\"][\"type\"],\n zone_id=aws_route53_zone[\"example\"][\"zone_id\"]))\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCertificates can be imported using their ARN, e.g.,\n\n```sh\n $ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a\n```\n\n ",
"properties": {
@@ -177668,6 +181368,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -177688,6 +181392,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -177740,7 +181448,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -177780,6 +181488,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dropInvalidHeaderFields": {
"type": "boolean",
"description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n"
@@ -177796,6 +181508,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -177848,7 +181564,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
}
},
"stateInputs": {
@@ -177870,6 +181586,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -177890,6 +181610,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -177942,7 +181666,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -185734,6 +189458,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -185754,6 +189482,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -185806,7 +189538,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -185846,6 +189578,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dropInvalidHeaderFields": {
"type": "boolean",
"description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n"
@@ -185862,6 +189598,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -185914,7 +189654,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
}
},
"stateInputs": {
@@ -185936,6 +189676,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -185956,6 +189700,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -186008,7 +189756,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -188222,6 +191970,51 @@
"type": "object"
}
},
+ "aws:appstream/fleetStackAssociation:FleetStackAssociation": {
+ "description": "Manages an AppStream Fleet Stack association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleFleet = new aws.appstream.Fleet(\"exampleFleet\", {\n imageName: \"Amazon-AppStream2-Sample-Image-02-04-2019\",\n instanceType: \"stream.standard.small\",\n computeCapacity: {\n desiredInstances: 1,\n },\n});\nconst exampleStack = new aws.appstream.Stack(\"exampleStack\", {});\nconst exampleFleetStackAssociation = new aws.appstream.FleetStackAssociation(\"exampleFleetStackAssociation\", {\n fleetName: exampleFleet.name,\n stackName: exampleStack.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_fleet = aws.appstream.Fleet(\"exampleFleet\",\n image_name=\"Amazon-AppStream2-Sample-Image-02-04-2019\",\n instance_type=\"stream.standard.small\",\n compute_capacity=aws.appstream.FleetComputeCapacityArgs(\n desired_instances=1,\n ))\nexample_stack = aws.appstream.Stack(\"exampleStack\")\nexample_fleet_stack_association = aws.appstream.FleetStackAssociation(\"exampleFleetStackAssociation\",\n fleet_name=example_fleet.name,\n stack_name=example_stack.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleFleet = new Aws.AppStream.Fleet(\"exampleFleet\", new Aws.AppStream.FleetArgs\n {\n ImageName = \"Amazon-AppStream2-Sample-Image-02-04-2019\",\n InstanceType = \"stream.standard.small\",\n ComputeCapacity = new Aws.AppStream.Inputs.FleetComputeCapacityArgs\n {\n DesiredInstances = 1,\n },\n });\n var exampleStack = new Aws.AppStream.Stack(\"exampleStack\", new Aws.AppStream.StackArgs\n {\n });\n var exampleFleetStackAssociation = new Aws.AppStream.FleetStackAssociation(\"exampleFleetStackAssociation\", new Aws.AppStream.FleetStackAssociationArgs\n {\n FleetName = exampleFleet.Name,\n StackName = exampleStack.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appstream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleFleet, err := appstream.NewFleet(ctx, \"exampleFleet\", \u0026appstream.FleetArgs{\n\t\t\tImageName: pulumi.String(\"Amazon-AppStream2-Sample-Image-02-04-2019\"),\n\t\t\tInstanceType: pulumi.String(\"stream.standard.small\"),\n\t\t\tComputeCapacity: \u0026appstream.FleetComputeCapacityArgs{\n\t\t\t\tDesiredInstances: pulumi.Int(1),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStack, err := appstream.NewStack(ctx, \"exampleStack\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appstream.NewFleetStackAssociation(ctx, \"exampleFleetStackAssociation\", \u0026appstream.FleetStackAssociationArgs{\n\t\t\tFleetName: exampleFleet.Name,\n\t\t\tStackName: exampleStack.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppStream Stack Fleet Association can be imported by using the `fleet_name` and `stack_name` separated by a slash (`/`), e.g.,\n\n```sh\n $ pulumi import aws:appstream/fleetStackAssociation:FleetStackAssociation example fleetName/stackName\n```\n\n ",
+ "properties": {
+ "fleetName": {
+ "type": "string",
+ "description": "Name of the fleet.\n"
+ },
+ "stackName": {
+ "type": "string",
+ "description": "Name of the stack.\n"
+ }
+ },
+ "required": [
+ "fleetName",
+ "stackName"
+ ],
+ "inputProperties": {
+ "fleetName": {
+ "type": "string",
+ "description": "Name of the fleet.\n"
+ },
+ "stackName": {
+ "type": "string",
+ "description": "Name of the stack.\n"
+ }
+ },
+ "requiredInputs": [
+ "fleetName",
+ "stackName"
+ ],
+ "stateInputs": {
+ "description": "Input properties used for looking up and filtering FleetStackAssociation resources.\n",
+ "properties": {
+ "fleetName": {
+ "type": "string",
+ "description": "Name of the fleet.\n"
+ },
+ "stackName": {
+ "type": "string",
+ "description": "Name of the stack.\n"
+ }
+ },
+ "type": "object"
+ }
+ },
"aws:appstream/imageBuilder:ImageBuilder": {
"description": "Provides an AppStream image builder.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testFleet = new aws.appstream.ImageBuilder(\"testFleet\", {\n description: \"Description of a ImageBuilder\",\n displayName: \"Display name of a ImageBuilder\",\n enableDefaultInternetAccess: false,\n imageName: \"AppStream-WinServer2012R2-07-19-2021\",\n instanceType: \"stream.standard.large\",\n vpcConfig: {\n subnetIds: [aws_subnet.example.id],\n },\n tags: {\n Name: \"Example Image Builder\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_fleet = aws.appstream.ImageBuilder(\"testFleet\",\n description=\"Description of a ImageBuilder\",\n display_name=\"Display name of a ImageBuilder\",\n enable_default_internet_access=False,\n image_name=\"AppStream-WinServer2012R2-07-19-2021\",\n instance_type=\"stream.standard.large\",\n vpc_config=aws.appstream.ImageBuilderVpcConfigArgs(\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n ),\n tags={\n \"Name\": \"Example Image Builder\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testFleet = new Aws.AppStream.ImageBuilder(\"testFleet\", new Aws.AppStream.ImageBuilderArgs\n {\n Description = \"Description of a ImageBuilder\",\n DisplayName = \"Display name of a ImageBuilder\",\n EnableDefaultInternetAccess = false,\n ImageName = \"AppStream-WinServer2012R2-07-19-2021\",\n InstanceType = \"stream.standard.large\",\n VpcConfig = new Aws.AppStream.Inputs.ImageBuilderVpcConfigArgs\n {\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n },\n Tags = \n {\n { \"Name\", \"Example Image Builder\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appstream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appstream.NewImageBuilder(ctx, \"testFleet\", \u0026appstream.ImageBuilderArgs{\n\t\t\tDescription: pulumi.String(\"Description of a ImageBuilder\"),\n\t\t\tDisplayName: pulumi.String(\"Display name of a ImageBuilder\"),\n\t\t\tEnableDefaultInternetAccess: pulumi.Bool(false),\n\t\t\tImageName: pulumi.String(\"AppStream-WinServer2012R2-07-19-2021\"),\n\t\t\tInstanceType: pulumi.String(\"stream.standard.large\"),\n\t\t\tVpcConfig: \u0026appstream.ImageBuilderVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Example Image Builder\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_appstream_image_builder` can be imported using the `name`, e.g.,\n\n```sh\n $ pulumi import aws:appstream/imageBuilder:ImageBuilder example imageBuilderExample\n```\n\n ",
"properties": {
@@ -188694,6 +192487,188 @@
"type": "object"
}
},
+ "aws:appstream/user:User": {
+ "description": "Provides an AppStream user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appstream.User(\"example\", {\n authenticationType: \"USERPOOL\",\n firstName: \"FIRST NAME\",\n lastName: \"LAST NAME\",\n userName: \"EMAIL ADDRESS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appstream.User(\"example\",\n authentication_type=\"USERPOOL\",\n first_name=\"FIRST NAME\",\n last_name=\"LAST NAME\",\n user_name=\"EMAIL ADDRESS\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppStream.User(\"example\", new Aws.AppStream.UserArgs\n {\n AuthenticationType = \"USERPOOL\",\n FirstName = \"FIRST NAME\",\n LastName = \"LAST NAME\",\n UserName = \"EMAIL ADDRESS\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appstream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appstream.NewUser(ctx, \"example\", \u0026appstream.UserArgs{\n\t\t\tAuthenticationType: pulumi.String(\"USERPOOL\"),\n\t\t\tFirstName: pulumi.String(\"FIRST NAME\"),\n\t\t\tLastName: pulumi.String(\"LAST NAME\"),\n\t\t\tUserName: pulumi.String(\"EMAIL ADDRESS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_appstream_user` can be imported using the `user_name` and `authentication_type` separated by a slash (`/`), e.g.,\n\n```sh\n $ pulumi import aws:appstream/user:User example UserName/AuthenticationType\n```\n\n ",
+ "properties": {
+ "arn": {
+ "type": "string",
+ "description": "ARN of the appstream user.\n"
+ },
+ "authenticationType": {
+ "type": "string",
+ "description": "Authentication type for the user. You must specify USERPOOL. Valid values: `API`, `SAML`, `USERPOOL`\n"
+ },
+ "createdTime": {
+ "type": "string",
+ "description": "Date and time, in UTC and extended RFC 3339 format, when the user was created.\n"
+ },
+ "enabled": {
+ "type": "boolean",
+ "description": "Specifies whether the user in the user pool is enabled.\n"
+ },
+ "firstName": {
+ "type": "string",
+ "description": "First name, or given name, of the user.\n"
+ },
+ "lastName": {
+ "type": "string",
+ "description": "Last name, or surname, of the user.\n"
+ },
+ "sendEmailNotification": {
+ "type": "boolean",
+ "description": "Send an email notification.\n"
+ },
+ "userName": {
+ "type": "string",
+ "description": "Email address of the user.\n"
+ }
+ },
+ "required": [
+ "arn",
+ "authenticationType",
+ "createdTime",
+ "userName"
+ ],
+ "inputProperties": {
+ "authenticationType": {
+ "type": "string",
+ "description": "Authentication type for the user. You must specify USERPOOL. Valid values: `API`, `SAML`, `USERPOOL`\n"
+ },
+ "enabled": {
+ "type": "boolean",
+ "description": "Specifies whether the user in the user pool is enabled.\n"
+ },
+ "firstName": {
+ "type": "string",
+ "description": "First name, or given name, of the user.\n"
+ },
+ "lastName": {
+ "type": "string",
+ "description": "Last name, or surname, of the user.\n"
+ },
+ "sendEmailNotification": {
+ "type": "boolean",
+ "description": "Send an email notification.\n"
+ },
+ "userName": {
+ "type": "string",
+ "description": "Email address of the user.\n"
+ }
+ },
+ "requiredInputs": [
+ "authenticationType",
+ "userName"
+ ],
+ "stateInputs": {
+ "description": "Input properties used for looking up and filtering User resources.\n",
+ "properties": {
+ "arn": {
+ "type": "string",
+ "description": "ARN of the appstream user.\n"
+ },
+ "authenticationType": {
+ "type": "string",
+ "description": "Authentication type for the user. You must specify USERPOOL. Valid values: `API`, `SAML`, `USERPOOL`\n"
+ },
+ "createdTime": {
+ "type": "string",
+ "description": "Date and time, in UTC and extended RFC 3339 format, when the user was created.\n"
+ },
+ "enabled": {
+ "type": "boolean",
+ "description": "Specifies whether the user in the user pool is enabled.\n"
+ },
+ "firstName": {
+ "type": "string",
+ "description": "First name, or given name, of the user.\n"
+ },
+ "lastName": {
+ "type": "string",
+ "description": "Last name, or surname, of the user.\n"
+ },
+ "sendEmailNotification": {
+ "type": "boolean",
+ "description": "Send an email notification.\n"
+ },
+ "userName": {
+ "type": "string",
+ "description": "Email address of the user.\n"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "aws:appstream/userStackAssociation:UserStackAssociation": {
+ "description": "Manages an AppStream User Stack association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStack = new aws.appstream.Stack(\"testStack\", {});\nconst testUser = new aws.appstream.User(\"testUser\", {\n authenticationType: \"USERPOOL\",\n userName: \"EMAIL\",\n});\nconst testUserStackAssociation = new aws.appstream.UserStackAssociation(\"testUserStackAssociation\", {\n authenticationType: testUser.authenticationType,\n stackName: testStack.name,\n userName: testUser.userName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stack = aws.appstream.Stack(\"testStack\")\ntest_user = aws.appstream.User(\"testUser\",\n authentication_type=\"USERPOOL\",\n user_name=\"EMAIL\")\ntest_user_stack_association = aws.appstream.UserStackAssociation(\"testUserStackAssociation\",\n authentication_type=test_user.authentication_type,\n stack_name=test_stack.name,\n user_name=test_user.user_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testStack = new Aws.AppStream.Stack(\"testStack\", new Aws.AppStream.StackArgs\n {\n });\n var testUser = new Aws.AppStream.User(\"testUser\", new Aws.AppStream.UserArgs\n {\n AuthenticationType = \"USERPOOL\",\n UserName = \"EMAIL\",\n });\n var testUserStackAssociation = new Aws.AppStream.UserStackAssociation(\"testUserStackAssociation\", new Aws.AppStream.UserStackAssociationArgs\n {\n AuthenticationType = testUser.AuthenticationType,\n StackName = testStack.Name,\n UserName = testUser.UserName,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appstream\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestStack, err := appstream.NewStack(ctx, \"testStack\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestUser, err := appstream.NewUser(ctx, \"testUser\", \u0026appstream.UserArgs{\n\t\t\tAuthenticationType: pulumi.String(\"USERPOOL\"),\n\t\t\tUserName: pulumi.String(\"EMAIL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appstream.NewUserStackAssociation(ctx, \"testUserStackAssociation\", \u0026appstream.UserStackAssociationArgs{\n\t\t\tAuthenticationType: testUser.AuthenticationType,\n\t\t\tStackName: testStack.Name,\n\t\t\tUserName: testUser.UserName,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppStream User Stack Association can be imported by using the `user_name`, `authentication_type`, and `stack_name`, separated by a slash (`/`), e.g.,\n\n```sh\n $ pulumi import aws:appstream/userStackAssociation:UserStackAssociation example userName/auhtenticationType/stackName\n```\n\n ",
+ "properties": {
+ "authenticationType": {
+ "type": "string",
+ "description": "Authentication type for the user.\n"
+ },
+ "sendEmailNotification": {
+ "type": "boolean",
+ "description": "Specifies whether a welcome email is sent to a user after the user is created in the user pool.\n"
+ },
+ "stackName": {
+ "type": "string",
+ "description": "Name of the stack that is associated with the user.\n"
+ },
+ "userName": {
+ "type": "string",
+ "description": "Email address of the user who is associated with the stack.\n"
+ }
+ },
+ "required": [
+ "authenticationType",
+ "stackName",
+ "userName"
+ ],
+ "inputProperties": {
+ "authenticationType": {
+ "type": "string",
+ "description": "Authentication type for the user.\n"
+ },
+ "sendEmailNotification": {
+ "type": "boolean",
+ "description": "Specifies whether a welcome email is sent to a user after the user is created in the user pool.\n"
+ },
+ "stackName": {
+ "type": "string",
+ "description": "Name of the stack that is associated with the user.\n"
+ },
+ "userName": {
+ "type": "string",
+ "description": "Email address of the user who is associated with the stack.\n"
+ }
+ },
+ "requiredInputs": [
+ "authenticationType",
+ "stackName",
+ "userName"
+ ],
+ "stateInputs": {
+ "description": "Input properties used for looking up and filtering UserStackAssociation resources.\n",
+ "properties": {
+ "authenticationType": {
+ "type": "string",
+ "description": "Authentication type for the user.\n"
+ },
+ "sendEmailNotification": {
+ "type": "boolean",
+ "description": "Specifies whether a welcome email is sent to a user after the user is created in the user pool.\n"
+ },
+ "stackName": {
+ "type": "string",
+ "description": "Name of the stack that is associated with the user.\n"
+ },
+ "userName": {
+ "type": "string",
+ "description": "Email address of the user who is associated with the stack.\n"
+ }
+ },
+ "type": "object"
+ }
+ },
"aws:appsync/apiKey:ApiKey": {
"description": "Provides an AppSync API Key.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"exampleGraphQLApi\", {authenticationType: \"API_KEY\"});\nconst exampleApiKey = new aws.appsync.ApiKey(\"exampleApiKey\", {\n apiId: exampleGraphQLApi.id,\n expires: \"2018-05-03T04:00:00Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"exampleGraphQLApi\", authentication_type=\"API_KEY\")\nexample_api_key = aws.appsync.ApiKey(\"exampleApiKey\",\n api_id=example_graph_ql_api.id,\n expires=\"2018-05-03T04:00:00Z\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"exampleGraphQLApi\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"API_KEY\",\n });\n var exampleApiKey = new Aws.AppSync.ApiKey(\"exampleApiKey\", new Aws.AppSync.ApiKeyArgs\n {\n ApiId = exampleGraphQLApi.Id,\n Expires = \"2018-05-03T04:00:00Z\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"exampleGraphQLApi\", \u0026appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewApiKey(ctx, \"exampleApiKey\", \u0026appsync.ApiKeyArgs{\n\t\t\tApiId: exampleGraphQLApi.ID(),\n\t\t\tExpires: pulumi.String(\"2018-05-03T04:00:00Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_appsync_api_key` can be imported using the AppSync API ID and key separated by `:`, e.g.,\n\n```sh\n $ pulumi import aws:appsync/apiKey:ApiKey example xxxxx:yyyyy\n```\n\n ",
"properties": {
@@ -193399,34 +197374,50 @@
}
},
"aws:cfg/remediationConfiguration:RemediationConfiguration": {
- "description": "Provides an AWS Config Remediation Configuration.\n\n\u003e **Note:** Config Remediation Configuration requires an existing Config Rule to be present.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst thisRule = new aws.cfg.Rule(\"thisRule\", {source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n}});\nconst thisRemediationConfiguration = new aws.cfg.RemediationConfiguration(\"thisRemediationConfiguration\", {\n configRuleName: thisRule.name,\n resourceType: \"AWS::S3::Bucket\",\n targetType: \"SSM_DOCUMENT\",\n targetId: \"AWS-EnableS3BucketEncryption\",\n targetVersion: \"1\",\n parameters: [\n {\n name: \"AutomationAssumeRole\",\n staticValue: \"arn:aws:iam::875924563244:role/security_config\",\n },\n {\n name: \"BucketName\",\n resourceValue: \"RESOURCE_ID\",\n },\n {\n name: \"SSEAlgorithm\",\n staticValue: \"AES256\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis_rule = aws.cfg.Rule(\"thisRule\", source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n))\nthis_remediation_configuration = aws.cfg.RemediationConfiguration(\"thisRemediationConfiguration\",\n config_rule_name=this_rule.name,\n resource_type=\"AWS::S3::Bucket\",\n target_type=\"SSM_DOCUMENT\",\n target_id=\"AWS-EnableS3BucketEncryption\",\n target_version=\"1\",\n parameters=[\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"AutomationAssumeRole\",\n static_value=\"arn:aws:iam::875924563244:role/security_config\",\n ),\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"BucketName\",\n resource_value=\"RESOURCE_ID\",\n ),\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"SSEAlgorithm\",\n static_value=\"AES256\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var thisRule = new Aws.Cfg.Rule(\"thisRule\", new Aws.Cfg.RuleArgs\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n });\n var thisRemediationConfiguration = new Aws.Cfg.RemediationConfiguration(\"thisRemediationConfiguration\", new Aws.Cfg.RemediationConfigurationArgs\n {\n ConfigRuleName = thisRule.Name,\n ResourceType = \"AWS::S3::Bucket\",\n TargetType = \"SSM_DOCUMENT\",\n TargetId = \"AWS-EnableS3BucketEncryption\",\n TargetVersion = \"1\",\n Parameters = \n {\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"AutomationAssumeRole\",\n StaticValue = \"arn:aws:iam::875924563244:role/security_config\",\n },\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"BucketName\",\n ResourceValue = \"RESOURCE_ID\",\n },\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"SSEAlgorithm\",\n StaticValue = \"AES256\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthisRule, err := cfg.NewRule(ctx, \"thisRule\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRemediationConfiguration(ctx, \"thisRemediationConfiguration\", \u0026cfg.RemediationConfigurationArgs{\n\t\t\tConfigRuleName: thisRule.Name,\n\t\t\tResourceType: pulumi.String(\"AWS::S3::Bucket\"),\n\t\t\tTargetType: pulumi.String(\"SSM_DOCUMENT\"),\n\t\t\tTargetId: pulumi.String(\"AWS-EnableS3BucketEncryption\"),\n\t\t\tTargetVersion: pulumi.String(\"1\"),\n\t\t\tParameters: cfg.RemediationConfigurationParameterArray{\n\t\t\t\t\u0026cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"AutomationAssumeRole\"),\n\t\t\t\t\tStaticValue: pulumi.String(\"arn:aws:iam::875924563244:role/security_config\"),\n\t\t\t\t},\n\t\t\t\t\u0026cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"BucketName\"),\n\t\t\t\t\tResourceValue: pulumi.String(\"RESOURCE_ID\"),\n\t\t\t\t},\n\t\t\t\t\u0026cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"SSEAlgorithm\"),\n\t\t\t\t\tStaticValue: pulumi.String(\"AES256\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRemediation Configurations can be imported using the name config_rule_name, e.g.,\n\n```sh\n $ pulumi import aws:cfg/remediationConfiguration:RemediationConfiguration this example\n```\n\n ",
+ "description": "Provides an AWS Config Remediation Configuration.\n\n\u003e **Note:** Config Remediation Configuration requires an existing Config Rule to be present.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst thisRule = new aws.cfg.Rule(\"thisRule\", {source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n}});\nconst thisRemediationConfiguration = new aws.cfg.RemediationConfiguration(\"thisRemediationConfiguration\", {\n configRuleName: thisRule.name,\n resourceType: \"AWS::S3::Bucket\",\n targetType: \"SSM_DOCUMENT\",\n targetId: \"AWS-EnableS3BucketEncryption\",\n targetVersion: \"1\",\n parameters: [\n {\n name: \"AutomationAssumeRole\",\n staticValue: \"arn:aws:iam::875924563244:role/security_config\",\n },\n {\n name: \"BucketName\",\n resourceValue: \"RESOURCE_ID\",\n },\n {\n name: \"SSEAlgorithm\",\n staticValue: \"AES256\",\n },\n ],\n automatic: true,\n maximumAutomaticAttempts: 10,\n retryAttemptSeconds: 600,\n executionControls: {\n ssmControls: {\n concurrentExecutionRatePercentage: 25,\n errorPercentage: 20,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis_rule = aws.cfg.Rule(\"thisRule\", source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n))\nthis_remediation_configuration = aws.cfg.RemediationConfiguration(\"thisRemediationConfiguration\",\n config_rule_name=this_rule.name,\n resource_type=\"AWS::S3::Bucket\",\n target_type=\"SSM_DOCUMENT\",\n target_id=\"AWS-EnableS3BucketEncryption\",\n target_version=\"1\",\n parameters=[\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"AutomationAssumeRole\",\n static_value=\"arn:aws:iam::875924563244:role/security_config\",\n ),\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"BucketName\",\n resource_value=\"RESOURCE_ID\",\n ),\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"SSEAlgorithm\",\n static_value=\"AES256\",\n ),\n ],\n automatic=True,\n maximum_automatic_attempts=10,\n retry_attempt_seconds=600,\n execution_controls=aws.cfg.RemediationConfigurationExecutionControlsArgs(\n ssm_controls=aws.cfg.RemediationConfigurationExecutionControlsSsmControlsArgs(\n concurrent_execution_rate_percentage=25,\n error_percentage=20,\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var thisRule = new Aws.Cfg.Rule(\"thisRule\", new Aws.Cfg.RuleArgs\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n });\n var thisRemediationConfiguration = new Aws.Cfg.RemediationConfiguration(\"thisRemediationConfiguration\", new Aws.Cfg.RemediationConfigurationArgs\n {\n ConfigRuleName = thisRule.Name,\n ResourceType = \"AWS::S3::Bucket\",\n TargetType = \"SSM_DOCUMENT\",\n TargetId = \"AWS-EnableS3BucketEncryption\",\n TargetVersion = \"1\",\n Parameters = \n {\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"AutomationAssumeRole\",\n StaticValue = \"arn:aws:iam::875924563244:role/security_config\",\n },\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"BucketName\",\n ResourceValue = \"RESOURCE_ID\",\n },\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"SSEAlgorithm\",\n StaticValue = \"AES256\",\n },\n },\n Automatic = true,\n MaximumAutomaticAttempts = 10,\n RetryAttemptSeconds = 600,\n ExecutionControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsArgs\n {\n SsmControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsSsmControlsArgs\n {\n ConcurrentExecutionRatePercentage = 25,\n ErrorPercentage = 20,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthisRule, err := cfg.NewRule(ctx, \"thisRule\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRemediationConfiguration(ctx, \"thisRemediationConfiguration\", \u0026cfg.RemediationConfigurationArgs{\n\t\t\tConfigRuleName: thisRule.Name,\n\t\t\tResourceType: pulumi.String(\"AWS::S3::Bucket\"),\n\t\t\tTargetType: pulumi.String(\"SSM_DOCUMENT\"),\n\t\t\tTargetId: pulumi.String(\"AWS-EnableS3BucketEncryption\"),\n\t\t\tTargetVersion: pulumi.String(\"1\"),\n\t\t\tParameters: cfg.RemediationConfigurationParameterArray{\n\t\t\t\t\u0026cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"AutomationAssumeRole\"),\n\t\t\t\t\tStaticValue: pulumi.String(\"arn:aws:iam::875924563244:role/security_config\"),\n\t\t\t\t},\n\t\t\t\t\u0026cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"BucketName\"),\n\t\t\t\t\tResourceValue: pulumi.String(\"RESOURCE_ID\"),\n\t\t\t\t},\n\t\t\t\t\u0026cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"SSEAlgorithm\"),\n\t\t\t\t\tStaticValue: pulumi.String(\"AES256\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutomatic: pulumi.Bool(true),\n\t\t\tMaximumAutomaticAttempts: pulumi.Int(10),\n\t\t\tRetryAttemptSeconds: pulumi.Int(600),\n\t\t\tExecutionControls: \u0026cfg.RemediationConfigurationExecutionControlsArgs{\n\t\t\t\tSsmControls: \u0026cfg.RemediationConfigurationExecutionControlsSsmControlsArgs{\n\t\t\t\t\tConcurrentExecutionRatePercentage: pulumi.Int(25),\n\t\t\t\t\tErrorPercentage: pulumi.Int(20),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRemediation Configurations can be imported using the name config_rule_name, e.g.,\n\n```sh\n $ pulumi import aws:cfg/remediationConfiguration:RemediationConfiguration this example\n```\n\n ",
"properties": {
"arn": {
"type": "string",
- "description": "Amazon Resource Name (ARN) of the Config Remediation Configuration.\n"
+ "description": "ARN of the Config Remediation Configuration.\n"
+ },
+ "automatic": {
+ "type": "boolean",
+ "description": "Remediation is triggered automatically if `true`.\n"
},
"configRuleName": {
"type": "string",
- "description": "The name of the AWS Config rule\n"
+ "description": "Name of the AWS Config rule.\n"
+ },
+ "executionControls": {
+ "$ref": "#/types/aws:cfg/RemediationConfigurationExecutionControls:RemediationConfigurationExecutionControls",
+ "description": "Configuration block for execution controls. See below.\n"
+ },
+ "maximumAutomaticAttempts": {
+ "type": "integer",
+ "description": "Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.\n"
},
"parameters": {
"type": "array",
"items": {
"$ref": "#/types/aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter"
},
- "description": "Can be specified multiple times for each\nparameter. Each parameter block supports fields documented below.\n"
+ "description": "Can be specified multiple times for each parameter. Each parameter block supports arguments below.\n"
},
"resourceType": {
"type": "string",
- "description": "The type of a resource\n"
+ "description": "Type of resource.\n"
+ },
+ "retryAttemptSeconds": {
+ "type": "integer",
+ "description": "Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.\n"
},
"targetId": {
"type": "string",
- "description": "Target ID is the name of the public document\n"
+ "description": "Target ID is the name of the public document.\n"
},
"targetType": {
"type": "string",
- "description": "The type of the target. Target executes remediation. For example, SSM document\n"
+ "description": "Type of the target. Target executes remediation. For example, SSM document.\n"
},
"targetVersion": {
"type": "string",
@@ -193440,28 +197431,44 @@
"targetType"
],
"inputProperties": {
+ "automatic": {
+ "type": "boolean",
+ "description": "Remediation is triggered automatically if `true`.\n"
+ },
"configRuleName": {
"type": "string",
- "description": "The name of the AWS Config rule\n"
+ "description": "Name of the AWS Config rule.\n"
+ },
+ "executionControls": {
+ "$ref": "#/types/aws:cfg/RemediationConfigurationExecutionControls:RemediationConfigurationExecutionControls",
+ "description": "Configuration block for execution controls. See below.\n"
+ },
+ "maximumAutomaticAttempts": {
+ "type": "integer",
+ "description": "Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.\n"
},
"parameters": {
"type": "array",
"items": {
"$ref": "#/types/aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter"
},
- "description": "Can be specified multiple times for each\nparameter. Each parameter block supports fields documented below.\n"
+ "description": "Can be specified multiple times for each parameter. Each parameter block supports arguments below.\n"
},
"resourceType": {
"type": "string",
- "description": "The type of a resource\n"
+ "description": "Type of resource.\n"
+ },
+ "retryAttemptSeconds": {
+ "type": "integer",
+ "description": "Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.\n"
},
"targetId": {
"type": "string",
- "description": "Target ID is the name of the public document\n"
+ "description": "Target ID is the name of the public document.\n"
},
"targetType": {
"type": "string",
- "description": "The type of the target. Target executes remediation. For example, SSM document\n"
+ "description": "Type of the target. Target executes remediation. For example, SSM document.\n"
},
"targetVersion": {
"type": "string",
@@ -193478,30 +197485,46 @@
"properties": {
"arn": {
"type": "string",
- "description": "Amazon Resource Name (ARN) of the Config Remediation Configuration.\n"
+ "description": "ARN of the Config Remediation Configuration.\n"
+ },
+ "automatic": {
+ "type": "boolean",
+ "description": "Remediation is triggered automatically if `true`.\n"
},
"configRuleName": {
"type": "string",
- "description": "The name of the AWS Config rule\n"
+ "description": "Name of the AWS Config rule.\n"
+ },
+ "executionControls": {
+ "$ref": "#/types/aws:cfg/RemediationConfigurationExecutionControls:RemediationConfigurationExecutionControls",
+ "description": "Configuration block for execution controls. See below.\n"
+ },
+ "maximumAutomaticAttempts": {
+ "type": "integer",
+ "description": "Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.\n"
},
"parameters": {
"type": "array",
"items": {
"$ref": "#/types/aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter"
},
- "description": "Can be specified multiple times for each\nparameter. Each parameter block supports fields documented below.\n"
+ "description": "Can be specified multiple times for each parameter. Each parameter block supports arguments below.\n"
},
"resourceType": {
"type": "string",
- "description": "The type of a resource\n"
+ "description": "Type of resource.\n"
+ },
+ "retryAttemptSeconds": {
+ "type": "integer",
+ "description": "Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.\n"
},
"targetId": {
"type": "string",
- "description": "Target ID is the name of the public document\n"
+ "description": "Target ID is the name of the public document.\n"
},
"targetType": {
"type": "string",
- "description": "The type of the target. Target executes remediation. For example, SSM document\n"
+ "description": "Type of the target. Target executes remediation. For example, SSM document.\n"
},
"targetVersion": {
"type": "string",
@@ -208241,7 +212264,7 @@
}
},
"aws:dlm/lifecyclePolicy:LifecyclePolicy": {
- "description": "Provides a [Data Lifecycle Manager (DLM) lifecycle policy](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html) for managing snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dlmLifecycleRole = new aws.iam.Role(\"dlmLifecycleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"dlm.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst dlmLifecycle = new aws.iam.RolePolicy(\"dlmLifecycle\", {\n role: dlmLifecycleRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*::snapshot/*\"\n }\n ]\n}\n`,\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: dlmLifecycleRole.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: [\"VOLUME\"],\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: [\"23:45\"],\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndlm_lifecycle_role = aws.iam.Role(\"dlmLifecycleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"dlm.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ndlm_lifecycle = aws.iam.RolePolicy(\"dlmLifecycle\",\n role=dlm_lifecycle_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*::snapshot/*\"\n }\n ]\n}\n\"\"\")\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=dlm_lifecycle_role.arn,\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=[\"VOLUME\"],\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=[\"23:45\"],\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dlmLifecycleRole = new Aws.Iam.Role(\"dlmLifecycleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"dlm.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var dlmLifecycle = new Aws.Iam.RolePolicy(\"dlmLifecycle\", new Aws.Iam.RolePolicyArgs\n {\n Role = dlmLifecycleRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateSnapshot\"\",\n \"\"ec2:CreateSnapshots\"\",\n \"\"ec2:DeleteSnapshot\"\",\n \"\"ec2:DescribeInstances\"\",\n \"\"ec2:DescribeVolumes\"\",\n \"\"ec2:DescribeSnapshots\"\"\n ],\n \"\"Resource\"\": \"\"*\"\"\n },\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateTags\"\"\n ],\n \"\"Resource\"\": \"\"arn:aws:ec2:*::snapshot/*\"\"\n }\n ]\n}\n\",\n });\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new Aws.Dlm.LifecyclePolicyArgs\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = dlmLifecycleRole.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \n {\n \"VOLUME\",\n },\n Schedules = \n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \n {\n \"23:45\",\n },\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdlmLifecycleRole, err := iam.NewRole(ctx, \"dlmLifecycleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"dlm.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"dlmLifecycle\", \u0026iam.RolePolicyArgs{\n\t\t\tRole: dlmLifecycleRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateSnapshot\\\",\\n\", \" \\\"ec2:CreateSnapshots\\\",\\n\", \" \\\"ec2:DeleteSnapshot\\\",\\n\", \" \\\"ec2:DescribeInstances\\\",\\n\", \" \\\"ec2:DescribeVolumes\\\",\\n\", \" \\\"ec2:DescribeSnapshots\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateTags\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"arn:aws:ec2:*::snapshot/*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: dlmLifecycleRole.Arn,\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"VOLUME\"),\n\t\t\t\t},\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String{\n\t\t\t\t\t\t\t\t\"23:45\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDLM lifecyle policies can be imported by their policy ID\n\n```sh\n $ pulumi import aws:dlm/lifecyclePolicy:LifecyclePolicy example policy-abcdef12345678901\n```\n\n ",
+ "description": "Provides a [Data Lifecycle Manager (DLM) lifecycle policy](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html) for managing snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dlmLifecycleRole = new aws.iam.Role(\"dlmLifecycleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"dlm.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst dlmLifecycle = new aws.iam.RolePolicy(\"dlmLifecycle\", {\n role: dlmLifecycleRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*::snapshot/*\"\n }\n ]\n}\n`,\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: dlmLifecycleRole.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: [\"VOLUME\"],\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: [\"23:45\"],\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndlm_lifecycle_role = aws.iam.Role(\"dlmLifecycleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"dlm.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ndlm_lifecycle = aws.iam.RolePolicy(\"dlmLifecycle\",\n role=dlm_lifecycle_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*::snapshot/*\"\n }\n ]\n}\n\"\"\")\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=dlm_lifecycle_role.arn,\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=[\"VOLUME\"],\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=[\"23:45\"],\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dlmLifecycleRole = new Aws.Iam.Role(\"dlmLifecycleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"dlm.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var dlmLifecycle = new Aws.Iam.RolePolicy(\"dlmLifecycle\", new Aws.Iam.RolePolicyArgs\n {\n Role = dlmLifecycleRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateSnapshot\"\",\n \"\"ec2:CreateSnapshots\"\",\n \"\"ec2:DeleteSnapshot\"\",\n \"\"ec2:DescribeInstances\"\",\n \"\"ec2:DescribeVolumes\"\",\n \"\"ec2:DescribeSnapshots\"\"\n ],\n \"\"Resource\"\": \"\"*\"\"\n },\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateTags\"\"\n ],\n \"\"Resource\"\": \"\"arn:aws:ec2:*::snapshot/*\"\"\n }\n ]\n}\n\",\n });\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new Aws.Dlm.LifecyclePolicyArgs\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = dlmLifecycleRole.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \n {\n \"VOLUME\",\n },\n Schedules = \n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \n {\n \"23:45\",\n },\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdlmLifecycleRole, err := iam.NewRole(ctx, \"dlmLifecycleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"dlm.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"dlmLifecycle\", \u0026iam.RolePolicyArgs{\n\t\t\tRole: dlmLifecycleRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateSnapshot\\\",\\n\", \" \\\"ec2:CreateSnapshots\\\",\\n\", \" \\\"ec2:DeleteSnapshot\\\",\\n\", \" \\\"ec2:DescribeInstances\\\",\\n\", \" \\\"ec2:DescribeVolumes\\\",\\n\", \" \\\"ec2:DescribeSnapshots\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateTags\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"arn:aws:ec2:*::snapshot/*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: dlmLifecycleRole.Arn,\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"VOLUME\"),\n\t\t\t\t},\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String{\n\t\t\t\t\t\t\t\t\"23:45\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Cross-Region Snapshot Copy Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...other configuration...\nconst dlmCrossRegionCopyCmk = new aws.kms.Key(\"dlmCrossRegionCopyCmk\", {\n description: \"Example Alternate Region KMS Key\",\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Id\": \"dlm-cross-region-copy-cmk\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n}, {\n provider: aws.alternate,\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: aws_iam_role.dlm_lifecycle_role.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: [\"VOLUME\"],\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: [\"23:45\"],\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n crossRegionCopyRules: [{\n target: \"us-west-2\",\n encrypted: true,\n cmkArn: dlmCrossRegionCopyCmk.arn,\n copyTags: true,\n retainRule: {\n interval: 30,\n intervalUnit: \"DAYS\",\n },\n }],\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...other configuration...\ndlm_cross_region_copy_cmk = aws.kms.Key(\"dlmCrossRegionCopyCmk\",\n description=\"Example Alternate Region KMS Key\",\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Id\": \"dlm-cross-region-copy-cmk\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\",\n opts=pulumi.ResourceOptions(provider=aws[\"alternate\"]))\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=aws_iam_role[\"dlm_lifecycle_role\"][\"arn\"],\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=[\"VOLUME\"],\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=[\"23:45\"],\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n cross_region_copy_rules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs(\n target=\"us-west-2\",\n encrypted=True,\n cmk_arn=dlm_cross_region_copy_cmk.arn,\n copy_tags=True,\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs(\n interval=30,\n interval_unit=\"DAYS\",\n ),\n )],\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ...other configuration...\n var dlmCrossRegionCopyCmk = new Aws.Kms.Key(\"dlmCrossRegionCopyCmk\", new Aws.Kms.KeyArgs\n {\n Description = \"Example Alternate Region KMS Key\",\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Id\"\": \"\"dlm-cross-region-copy-cmk\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"Enable IAM User Permissions\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"AWS\"\": \"\"*\"\"\n },\n \"\"Action\"\": \"\"kms:*\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n }, new CustomResourceOptions\n {\n Provider = aws.Alternate,\n });\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new Aws.Dlm.LifecyclePolicyArgs\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = aws_iam_role.Dlm_lifecycle_role.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \n {\n \"VOLUME\",\n },\n Schedules = \n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \n {\n \"23:45\",\n },\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n CrossRegionCopyRules = \n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs\n {\n Target = \"us-west-2\",\n Encrypted = true,\n CmkArn = dlmCrossRegionCopyCmk.Arn,\n CopyTags = true,\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs\n {\n Interval = 30,\n IntervalUnit = \"DAYS\",\n },\n },\n },\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdlmCrossRegionCopyCmk, err := kms.NewKey(ctx, \"dlmCrossRegionCopyCmk\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example Alternate Region KMS Key\"),\n\t\t\tPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Id\\\": \\\"dlm-cross-region-copy-cmk\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"Enable IAM User Permissions\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"*\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"kms:*\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t}, pulumi.Provider(aws.Alternate))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", \u0026dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: pulumi.Any(aws_iam_role.Dlm_lifecycle_role.Arn),\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: \u0026dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"VOLUME\"),\n\t\t\t\t},\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String{\n\t\t\t\t\t\t\t\t\"23:45\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t\tCrossRegionCopyRules: dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArray{\n\t\t\t\t\t\t\t\u0026dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs{\n\t\t\t\t\t\t\t\tTarget: pulumi.String(\"us-west-2\"),\n\t\t\t\t\t\t\t\tEncrypted: pulumi.Bool(true),\n\t\t\t\t\t\t\t\tCmkArn: dlmCrossRegionCopyCmk.Arn,\n\t\t\t\t\t\t\t\tCopyTags: pulumi.Bool(true),\n\t\t\t\t\t\t\t\tRetainRule: \u0026dlm.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs{\n\t\t\t\t\t\t\t\t\tInterval: pulumi.Int(30),\n\t\t\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"DAYS\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDLM lifecycle policies can be imported by their policy ID\n\n```sh\n $ pulumi import aws:dlm/lifecyclePolicy:LifecyclePolicy example policy-abcdef12345678901\n```\n\n ",
"properties": {
"arn": {
"type": "string",
@@ -226237,7 +230260,7 @@
}
},
"aws:ecs/capacityProvider:CapacityProvider": {
- "description": "Provides an ECS cluster capacity provider. More information can be found on the [ECS Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-capacity-providers.html).\n\n\u003e **NOTE:** Associating an ECS Capacity Provider to an Auto Scaling Group will automatically add the `AmazonECSManaged` tag to the Auto Scaling Group. This tag should be included in the `aws.autoscaling.Group` resource configuration to prevent the provider from removing it in subsequent executions as well as ensuring the `AmazonECSManaged` tag is propagated to all EC2 Instances in the Auto Scaling Group if `min_size` is above 0 on creation. Any EC2 Instances in the Auto Scaling Group without this tag must be manually be updated, otherwise they may cause unexpected scaling behavior and metrics.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration, including potentially other tags ...\nconst testGroup = new aws.autoscaling.Group(\"testGroup\", {tags: [{\n key: \"AmazonECSManaged\",\n value: \"\",\n propagateAtLaunch: true,\n}]});\nconst testCapacityProvider = new aws.ecs.CapacityProvider(\"testCapacityProvider\", {autoScalingGroupProvider: {\n autoScalingGroupArn: testGroup.arn,\n managedTerminationProtection: \"ENABLED\",\n managedScaling: {\n maximumScalingStepSize: 1000,\n minimumScalingStepSize: 1,\n status: \"ENABLED\",\n targetCapacity: 10,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration, including potentially other tags ...\ntest_group = aws.autoscaling.Group(\"testGroup\", tags=[aws.autoscaling.GroupTagArgs(\n key=\"AmazonECSManaged\",\n value=\"\",\n propagate_at_launch=True,\n)])\ntest_capacity_provider = aws.ecs.CapacityProvider(\"testCapacityProvider\", auto_scaling_group_provider=aws.ecs.CapacityProviderAutoScalingGroupProviderArgs(\n auto_scaling_group_arn=test_group.arn,\n managed_termination_protection=\"ENABLED\",\n managed_scaling=aws.ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs(\n maximum_scaling_step_size=1000,\n minimum_scaling_step_size=1,\n status=\"ENABLED\",\n target_capacity=10,\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration, including potentially other tags ...\n var testGroup = new Aws.AutoScaling.Group(\"testGroup\", new Aws.AutoScaling.GroupArgs\n {\n Tags = \n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"AmazonECSManaged\",\n Value = \"\",\n PropagateAtLaunch = true,\n },\n },\n });\n var testCapacityProvider = new Aws.Ecs.CapacityProvider(\"testCapacityProvider\", new Aws.Ecs.CapacityProviderArgs\n {\n AutoScalingGroupProvider = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderArgs\n {\n AutoScalingGroupArn = testGroup.Arn,\n ManagedTerminationProtection = \"ENABLED\",\n ManagedScaling = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs\n {\n MaximumScalingStepSize = 1000,\n MinimumScalingStepSize = 1,\n Status = \"ENABLED\",\n TargetCapacity = 10,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestGroup, err := autoscaling.NewGroup(ctx, \"testGroup\", \u0026autoscaling.GroupArgs{\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"AmazonECSManaged\"),\n\t\t\t\t\tValue: pulumi.String(\"\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecs.NewCapacityProvider(ctx, \"testCapacityProvider\", \u0026ecs.CapacityProviderArgs{\n\t\t\tAutoScalingGroupProvider: \u0026ecs.CapacityProviderAutoScalingGroupProviderArgs{\n\t\t\t\tAutoScalingGroupArn: testGroup.Arn,\n\t\t\t\tManagedTerminationProtection: pulumi.String(\"ENABLED\"),\n\t\t\t\tManagedScaling: \u0026ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs{\n\t\t\t\t\tMaximumScalingStepSize: pulumi.Int(1000),\n\t\t\t\t\tMinimumScalingStepSize: pulumi.Int(1),\n\t\t\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t\t\t\tTargetCapacity: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECS Capacity Providers can be imported using the `name`, e.g.,\n\n```sh\n $ pulumi import aws:ecs/capacityProvider:CapacityProvider example example\n```\n\n ",
+ "description": "Provides an ECS cluster capacity provider. More information can be found on the [ECS Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-capacity-providers.html).\n\n\u003e **NOTE:** Associating an ECS Capacity Provider to an Auto Scaling Group will automatically add the `AmazonECSManaged` tag to the Auto Scaling Group. This tag should be included in the `aws.autoscaling.Group` resource configuration to prevent the provider from removing it in subsequent executions as well as ensuring the `AmazonECSManaged` tag is propagated to all EC2 Instances in the Auto Scaling Group if `min_size` is above 0 on creation. Any EC2 Instances in the Auto Scaling Group without this tag must be manually be updated, otherwise they may cause unexpected scaling behavior and metrics.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration, including potentially other tags ...\nconst testGroup = new aws.autoscaling.Group(\"testGroup\", {tags: [{\n key: \"AmazonECSManaged\",\n value: true,\n propagateAtLaunch: true,\n}]});\nconst testCapacityProvider = new aws.ecs.CapacityProvider(\"testCapacityProvider\", {autoScalingGroupProvider: {\n autoScalingGroupArn: testGroup.arn,\n managedTerminationProtection: \"ENABLED\",\n managedScaling: {\n maximumScalingStepSize: 1000,\n minimumScalingStepSize: 1,\n status: \"ENABLED\",\n targetCapacity: 10,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration, including potentially other tags ...\ntest_group = aws.autoscaling.Group(\"testGroup\", tags=[aws.autoscaling.GroupTagArgs(\n key=\"AmazonECSManaged\",\n value=\"true\",\n propagate_at_launch=True,\n)])\ntest_capacity_provider = aws.ecs.CapacityProvider(\"testCapacityProvider\", auto_scaling_group_provider=aws.ecs.CapacityProviderAutoScalingGroupProviderArgs(\n auto_scaling_group_arn=test_group.arn,\n managed_termination_protection=\"ENABLED\",\n managed_scaling=aws.ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs(\n maximum_scaling_step_size=1000,\n minimum_scaling_step_size=1,\n status=\"ENABLED\",\n target_capacity=10,\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration, including potentially other tags ...\n var testGroup = new Aws.AutoScaling.Group(\"testGroup\", new Aws.AutoScaling.GroupArgs\n {\n Tags = \n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"AmazonECSManaged\",\n Value = \"true\",\n PropagateAtLaunch = true,\n },\n },\n });\n var testCapacityProvider = new Aws.Ecs.CapacityProvider(\"testCapacityProvider\", new Aws.Ecs.CapacityProviderArgs\n {\n AutoScalingGroupProvider = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderArgs\n {\n AutoScalingGroupArn = testGroup.Arn,\n ManagedTerminationProtection = \"ENABLED\",\n ManagedScaling = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs\n {\n MaximumScalingStepSize = 1000,\n MinimumScalingStepSize = 1,\n Status = \"ENABLED\",\n TargetCapacity = 10,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestGroup, err := autoscaling.NewGroup(ctx, \"testGroup\", \u0026autoscaling.GroupArgs{\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"AmazonECSManaged\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecs.NewCapacityProvider(ctx, \"testCapacityProvider\", \u0026ecs.CapacityProviderArgs{\n\t\t\tAutoScalingGroupProvider: \u0026ecs.CapacityProviderAutoScalingGroupProviderArgs{\n\t\t\t\tAutoScalingGroupArn: testGroup.Arn,\n\t\t\t\tManagedTerminationProtection: pulumi.String(\"ENABLED\"),\n\t\t\t\tManagedScaling: \u0026ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs{\n\t\t\t\t\tMaximumScalingStepSize: pulumi.Int(1000),\n\t\t\t\t\tMinimumScalingStepSize: pulumi.Int(1),\n\t\t\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t\t\t\tTargetCapacity: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECS Capacity Providers can be imported using the `name`, e.g.,\n\n```sh\n $ pulumi import aws:ecs/capacityProvider:CapacityProvider example example\n```\n\n ",
"properties": {
"arn": {
"type": "string",
@@ -226472,19 +230495,19 @@
"items": {
"$ref": "#/types/aws:ecs/ServiceCapacityProviderStrategy:ServiceCapacityProviderStrategy"
},
- "description": "Capacity provider strategy to use for the service. Can be one or more. Detailed below.\n"
+ "description": "Capacity provider strategies to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if `force_new_deployment = true` and not changing from 0 `capacity_provider_strategy` blocks to greater than 0, or vice versa. See below.\n"
},
"cluster": {
"type": "string",
- "description": "ARN of an ECS cluster\n"
+ "description": "ARN of an ECS cluster.\n"
},
"deploymentCircuitBreaker": {
"$ref": "#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker",
- "description": "Configuration block for deployment circuit breaker. Detailed below.\n"
+ "description": "Configuration block for deployment circuit breaker. See below.\n"
},
"deploymentController": {
"$ref": "#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController",
- "description": "Configuration block for deployment controller configuration. Detailed below.\n"
+ "description": "Configuration block for deployment controller configuration. See below.\n"
},
"deploymentMaximumPercent": {
"type": "integer",
@@ -226527,7 +230550,7 @@
"items": {
"$ref": "#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer"
},
- "description": "Configuration block for load balancers. Detailed below.\n"
+ "description": "Configuration block for load balancers. See below.\n"
},
"name": {
"type": "string",
@@ -226535,21 +230558,21 @@
},
"networkConfiguration": {
"$ref": "#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration",
- "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.\n"
+ "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.\n"
},
"orderedPlacementStrategies": {
"type": "array",
"items": {
"$ref": "#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy"
},
- "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.\n"
+ "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.\n"
},
"placementConstraints": {
"type": "array",
"items": {
"$ref": "#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint"
},
- "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.\n"
+ "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.\n"
},
"platformVersion": {
"type": "string",
@@ -226565,14 +230588,14 @@
},
"serviceRegistries": {
"$ref": "#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries",
- "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.\n"
+ "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.\n"
},
"tags": {
"type": "object",
"additionalProperties": {
"type": "string"
},
- "description": "Key-value map of resource tags.\n"
+ "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -226604,19 +230627,19 @@
"items": {
"$ref": "#/types/aws:ecs/ServiceCapacityProviderStrategy:ServiceCapacityProviderStrategy"
},
- "description": "Capacity provider strategy to use for the service. Can be one or more. Detailed below.\n"
+ "description": "Capacity provider strategies to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if `force_new_deployment = true` and not changing from 0 `capacity_provider_strategy` blocks to greater than 0, or vice versa. See below.\n"
},
"cluster": {
"type": "string",
- "description": "ARN of an ECS cluster\n"
+ "description": "ARN of an ECS cluster.\n"
},
"deploymentCircuitBreaker": {
"$ref": "#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker",
- "description": "Configuration block for deployment circuit breaker. Detailed below.\n"
+ "description": "Configuration block for deployment circuit breaker. See below.\n"
},
"deploymentController": {
"$ref": "#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController",
- "description": "Configuration block for deployment controller configuration. Detailed below.\n"
+ "description": "Configuration block for deployment controller configuration. See below.\n"
},
"deploymentMaximumPercent": {
"type": "integer",
@@ -226659,7 +230682,7 @@
"items": {
"$ref": "#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer"
},
- "description": "Configuration block for load balancers. Detailed below.\n"
+ "description": "Configuration block for load balancers. See below.\n"
},
"name": {
"type": "string",
@@ -226667,21 +230690,21 @@
},
"networkConfiguration": {
"$ref": "#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration",
- "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.\n"
+ "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.\n"
},
"orderedPlacementStrategies": {
"type": "array",
"items": {
"$ref": "#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy"
},
- "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.\n"
+ "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.\n"
},
"placementConstraints": {
"type": "array",
"items": {
"$ref": "#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint"
},
- "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.\n"
+ "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.\n"
},
"platformVersion": {
"type": "string",
@@ -226697,14 +230720,14 @@
},
"serviceRegistries": {
"$ref": "#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries",
- "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.\n"
+ "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.\n"
},
"tags": {
"type": "object",
"additionalProperties": {
"type": "string"
},
- "description": "Key-value map of resource tags.\n"
+ "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"taskDefinition": {
"type": "string",
@@ -226723,19 +230746,19 @@
"items": {
"$ref": "#/types/aws:ecs/ServiceCapacityProviderStrategy:ServiceCapacityProviderStrategy"
},
- "description": "Capacity provider strategy to use for the service. Can be one or more. Detailed below.\n"
+ "description": "Capacity provider strategies to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if `force_new_deployment = true` and not changing from 0 `capacity_provider_strategy` blocks to greater than 0, or vice versa. See below.\n"
},
"cluster": {
"type": "string",
- "description": "ARN of an ECS cluster\n"
+ "description": "ARN of an ECS cluster.\n"
},
"deploymentCircuitBreaker": {
"$ref": "#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker",
- "description": "Configuration block for deployment circuit breaker. Detailed below.\n"
+ "description": "Configuration block for deployment circuit breaker. See below.\n"
},
"deploymentController": {
"$ref": "#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController",
- "description": "Configuration block for deployment controller configuration. Detailed below.\n"
+ "description": "Configuration block for deployment controller configuration. See below.\n"
},
"deploymentMaximumPercent": {
"type": "integer",
@@ -226778,7 +230801,7 @@
"items": {
"$ref": "#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer"
},
- "description": "Configuration block for load balancers. Detailed below.\n"
+ "description": "Configuration block for load balancers. See below.\n"
},
"name": {
"type": "string",
@@ -226786,21 +230809,21 @@
},
"networkConfiguration": {
"$ref": "#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration",
- "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.\n"
+ "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.\n"
},
"orderedPlacementStrategies": {
"type": "array",
"items": {
"$ref": "#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy"
},
- "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.\n"
+ "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.\n"
},
"placementConstraints": {
"type": "array",
"items": {
"$ref": "#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint"
},
- "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.\n"
+ "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.\n"
},
"platformVersion": {
"type": "string",
@@ -226816,14 +230839,14 @@
},
"serviceRegistries": {
"$ref": "#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries",
- "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.\n"
+ "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.\n"
},
"tags": {
"type": "object",
"additionalProperties": {
"type": "string"
},
- "description": "Key-value map of resource tags.\n"
+ "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -231326,6 +235349,10 @@
"type": "boolean",
"description": "Enable cross-zone load balancing. Default: `true`\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the ELB\n"
@@ -231444,6 +235471,10 @@
"type": "boolean",
"description": "Enable cross-zone load balancing. Default: `true`\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"healthCheck": {
"$ref": "#/types/aws:elasticloadbalancing/LoadBalancerHealthCheck:LoadBalancerHealthCheck",
"description": "A health_check block. Health Check documented below.\n"
@@ -231536,6 +235567,10 @@
"type": "boolean",
"description": "Enable cross-zone load balancing. Default: `true`\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the ELB\n"
@@ -232280,6 +236315,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -232300,6 +236339,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -232350,7 +236393,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -232390,6 +236433,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dropInvalidHeaderFields": {
"type": "boolean",
"description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n"
@@ -232406,6 +236453,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -232456,7 +236507,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
}
},
"stateInputs": {
@@ -232478,6 +236529,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -232498,6 +236553,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -232548,7 +236607,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -233861,6 +237920,10 @@
"type": "boolean",
"description": "Enable cross-zone load balancing. Default: `true`\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the ELB\n"
@@ -233979,6 +238042,10 @@
"type": "boolean",
"description": "Enable cross-zone load balancing. Default: `true`\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"healthCheck": {
"$ref": "#/types/aws:elb/LoadBalancerHealthCheck:LoadBalancerHealthCheck",
"description": "A health_check block. Health Check documented below.\n"
@@ -234071,6 +238138,10 @@
"type": "boolean",
"description": "Enable cross-zone load balancing. Default: `true`\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the ELB\n"
@@ -236304,6 +240375,375 @@
"type": "object"
}
},
+ "aws:fsx/ontapStorageVirtualMachine:OntapStorageVirtualMachine": {
+ "description": "Manages a FSx Storage Virtual Machine.\nSee the [FSx ONTAP User Guide](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/managing-svms.html) for more information.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.fsx.OntapStorageVirtualMachine(\"test\", {fileSystemId: aws_fsx_ontap_file_system.test.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.fsx.OntapStorageVirtualMachine(\"test\", file_system_id=aws_fsx_ontap_file_system[\"test\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Fsx.OntapStorageVirtualMachine(\"test\", new Aws.Fsx.OntapStorageVirtualMachineArgs\n {\n FileSystemId = aws_fsx_ontap_file_system.Test.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewOntapStorageVirtualMachine(ctx, \"test\", \u0026fsx.OntapStorageVirtualMachineArgs{\n\t\t\tFileSystemId: pulumi.Any(aws_fsx_ontap_file_system.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using a Self-Managed Microsoft Active Directory\n\nAdditional information for using AWS Directory Service with ONTAP File Systems can be found in the [FSx ONTAP Guide](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/self-managed-AD.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.fsx.OntapStorageVirtualMachine(\"test\", {\n fileSystemId: aws_fsx_ontap_file_system.test.id,\n activeDirectoryConfiguration: {\n netbiosName: \"mysvm\",\n selfManagedActiveDirectoryConfiguration: {\n dnsIps: [\n \"10.0.0.111\",\n \"10.0.0.222\",\n ],\n domainName: \"corp.example.com\",\n password: \"avoid-plaintext-passwords\",\n username: \"Admin\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.fsx.OntapStorageVirtualMachine(\"test\",\n file_system_id=aws_fsx_ontap_file_system[\"test\"][\"id\"],\n active_directory_configuration=aws.fsx.OntapStorageVirtualMachineActiveDirectoryConfigurationArgs(\n netbios_name=\"mysvm\",\n self_managed_active_directory_configuration=aws.fsx.OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs(\n dns_ips=[\n \"10.0.0.111\",\n \"10.0.0.222\",\n ],\n domain_name=\"corp.example.com\",\n password=\"avoid-plaintext-passwords\",\n username=\"Admin\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Fsx.OntapStorageVirtualMachine(\"test\", new Aws.Fsx.OntapStorageVirtualMachineArgs\n {\n FileSystemId = aws_fsx_ontap_file_system.Test.Id,\n ActiveDirectoryConfiguration = new Aws.Fsx.Inputs.OntapStorageVirtualMachineActiveDirectoryConfigurationArgs\n {\n NetbiosName = \"mysvm\",\n SelfManagedActiveDirectoryConfiguration = new Aws.Fsx.Inputs.OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs\n {\n DnsIps = \n {\n \"10.0.0.111\",\n \"10.0.0.222\",\n },\n DomainName = \"corp.example.com\",\n Password = \"avoid-plaintext-passwords\",\n Username = \"Admin\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewOntapStorageVirtualMachine(ctx, \"test\", \u0026fsx.OntapStorageVirtualMachineArgs{\n\t\t\tFileSystemId: pulumi.Any(aws_fsx_ontap_file_system.Test.Id),\n\t\t\tActiveDirectoryConfiguration: \u0026fsx.OntapStorageVirtualMachineActiveDirectoryConfigurationArgs{\n\t\t\t\tNetbiosName: pulumi.String(\"mysvm\"),\n\t\t\t\tSelfManagedActiveDirectoryConfiguration: \u0026fsx.OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs{\n\t\t\t\t\tDnsIps: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"10.0.0.111\"),\n\t\t\t\t\t\tpulumi.String(\"10.0.0.222\"),\n\t\t\t\t\t},\n\t\t\t\t\tDomainName: pulumi.String(\"corp.example.com\"),\n\t\t\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFSx Storage Virtual Machine can be imported using the `id`, e.g.,\n\n```sh\n $ pulumi import aws:fsx/ontapStorageVirtualMachine:OntapStorageVirtualMachine example svm-12345678abcdef123\n```\n\n Certain resource arguments, like `svm_admin_password` and the `self_managed_active_directory` configuation block `password`, do not have a FSx API method for reading the information after creation. If these arguments are set in the Terraform configuration on an imported resource, Terraform will always show a difference. To workaround this behavior, either omit the argument from the Terraform configuration or use [`ignore_changes`](https://www.terraform.io/docs/configuration/meta-arguments/lifecycle.html#ignore_changes) to hide the difference, e.g., terraform resource \"aws_fsx_ontap_storage_virtual_machine\" \"example\" {\n\n # ... other configuration ...\n\n svm_admin_password = \"avoid-plaintext-passwords\"\n\n # There is no FSx API for reading svm_admin_password\n\n lifecycle {\n\n\n\n ignore_changes = [svm_admin_password]\n\n } } ",
+ "properties": {
+ "activeDirectoryConfiguration": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineActiveDirectoryConfiguration:OntapStorageVirtualMachineActiveDirectoryConfiguration",
+ "description": "Configuration block that Amazon FSx uses to join the FSx ONTAP Storage Virtual Machine(SVM) to your Microsoft Active Directory (AD) directory. Detailed below.\n"
+ },
+ "arn": {
+ "type": "string",
+ "description": "Amazon Resource Name of the storage virtual machine.\n"
+ },
+ "endpoints": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineEndpoint:OntapStorageVirtualMachineEndpoint"
+ },
+ "description": "The endpoints that are used to access data or to manage the storage virtual machine using the NetApp ONTAP CLI, REST API, or NetApp SnapMirror. See Endpoints below.\n"
+ },
+ "fileSystemId": {
+ "type": "string",
+ "description": "The ID of the Amazon FSx ONTAP File System that this SVM will be created on.\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the SVM. You can use a maximum of 47 alphanumeric characters, plus the underscore (_) special character.\n"
+ },
+ "rootVolumeSecurityStyle": {
+ "type": "string",
+ "description": "Specifies the root volume security style, Valid values are `UNIX`, `NTFS`, and `MIXED`. All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume. Default value is `UNIX`.\n"
+ },
+ "subtype": {
+ "type": "string",
+ "description": "Describes the SVM's subtype, e.g. `DEFAULT`\n"
+ },
+ "svmAdminPassword": {
+ "type": "string"
+ },
+ "tags": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags to assign to the storage virtual machine. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ },
+ "tagsAll": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n"
+ },
+ "uuid": {
+ "type": "string",
+ "description": "The SVM's UUID (universally unique identifier).\n"
+ }
+ },
+ "required": [
+ "arn",
+ "endpoints",
+ "fileSystemId",
+ "name",
+ "subtype",
+ "tagsAll",
+ "uuid"
+ ],
+ "inputProperties": {
+ "activeDirectoryConfiguration": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineActiveDirectoryConfiguration:OntapStorageVirtualMachineActiveDirectoryConfiguration",
+ "description": "Configuration block that Amazon FSx uses to join the FSx ONTAP Storage Virtual Machine(SVM) to your Microsoft Active Directory (AD) directory. Detailed below.\n"
+ },
+ "fileSystemId": {
+ "type": "string",
+ "description": "The ID of the Amazon FSx ONTAP File System that this SVM will be created on.\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the SVM. You can use a maximum of 47 alphanumeric characters, plus the underscore (_) special character.\n"
+ },
+ "rootVolumeSecurityStyle": {
+ "type": "string",
+ "description": "Specifies the root volume security style, Valid values are `UNIX`, `NTFS`, and `MIXED`. All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume. Default value is `UNIX`.\n"
+ },
+ "svmAdminPassword": {
+ "type": "string"
+ },
+ "tags": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags to assign to the storage virtual machine. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ },
+ "tagsAll": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n"
+ }
+ },
+ "requiredInputs": [
+ "fileSystemId"
+ ],
+ "stateInputs": {
+ "description": "Input properties used for looking up and filtering OntapStorageVirtualMachine resources.\n",
+ "properties": {
+ "activeDirectoryConfiguration": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineActiveDirectoryConfiguration:OntapStorageVirtualMachineActiveDirectoryConfiguration",
+ "description": "Configuration block that Amazon FSx uses to join the FSx ONTAP Storage Virtual Machine(SVM) to your Microsoft Active Directory (AD) directory. Detailed below.\n"
+ },
+ "arn": {
+ "type": "string",
+ "description": "Amazon Resource Name of the storage virtual machine.\n"
+ },
+ "endpoints": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:fsx/OntapStorageVirtualMachineEndpoint:OntapStorageVirtualMachineEndpoint"
+ },
+ "description": "The endpoints that are used to access data or to manage the storage virtual machine using the NetApp ONTAP CLI, REST API, or NetApp SnapMirror. See Endpoints below.\n"
+ },
+ "fileSystemId": {
+ "type": "string",
+ "description": "The ID of the Amazon FSx ONTAP File System that this SVM will be created on.\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "The name of the SVM. You can use a maximum of 47 alphanumeric characters, plus the underscore (_) special character.\n"
+ },
+ "rootVolumeSecurityStyle": {
+ "type": "string",
+ "description": "Specifies the root volume security style, Valid values are `UNIX`, `NTFS`, and `MIXED`. All volumes created under this SVM will inherit the root security style unless the security style is specified on the volume. Default value is `UNIX`.\n"
+ },
+ "subtype": {
+ "type": "string",
+ "description": "Describes the SVM's subtype, e.g. `DEFAULT`\n"
+ },
+ "svmAdminPassword": {
+ "type": "string"
+ },
+ "tags": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags to assign to the storage virtual machine. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ },
+ "tagsAll": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n"
+ },
+ "uuid": {
+ "type": "string",
+ "description": "The SVM's UUID (universally unique identifier).\n"
+ }
+ },
+ "type": "object"
+ }
+ },
+ "aws:fsx/ontapVolume:OntapVolume": {
+ "description": "Manages a FSx ONTAP Volume.\nSee the [FSx ONTAP User Guide](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/managing-volumes.html) for more information.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.fsx.OntapVolume(\"test\", {\n junctionPath: \"/test\",\n sizeInMegabytes: 1024,\n storageEfficiencyEnabled: true,\n storageVirtualMachineId: aws_fsx_ontap_storage_virtual_machine.test.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.fsx.OntapVolume(\"test\",\n junction_path=\"/test\",\n size_in_megabytes=1024,\n storage_efficiency_enabled=True,\n storage_virtual_machine_id=aws_fsx_ontap_storage_virtual_machine[\"test\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Fsx.OntapVolume(\"test\", new Aws.Fsx.OntapVolumeArgs\n {\n JunctionPath = \"/test\",\n SizeInMegabytes = 1024,\n StorageEfficiencyEnabled = true,\n StorageVirtualMachineId = aws_fsx_ontap_storage_virtual_machine.Test.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewOntapVolume(ctx, \"test\", \u0026fsx.OntapVolumeArgs{\n\t\t\tJunctionPath: pulumi.String(\"/test\"),\n\t\t\tSizeInMegabytes: pulumi.Int(1024),\n\t\t\tStorageEfficiencyEnabled: pulumi.Bool(true),\n\t\t\tStorageVirtualMachineId: pulumi.Any(aws_fsx_ontap_storage_virtual_machine.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using Tiering Policy\n\nAdditional information on tiering policy with ONTAP Volumes can be found in the [FSx ONTAP Guide](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/managing-volumes.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.fsx.OntapVolume(\"test\", {\n junctionPath: \"/test\",\n sizeInMegabytes: 1024,\n storageEfficiencyEnabled: true,\n storageVirtualMachineId: aws_fsx_ontap_storage_virtual_machine.test.id,\n tieringPolicy: {\n name: \"AUTO\",\n coolingPeriod: 31,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.fsx.OntapVolume(\"test\",\n junction_path=\"/test\",\n size_in_megabytes=1024,\n storage_efficiency_enabled=True,\n storage_virtual_machine_id=aws_fsx_ontap_storage_virtual_machine[\"test\"][\"id\"],\n tiering_policy=aws.fsx.OntapVolumeTieringPolicyArgs(\n name=\"AUTO\",\n cooling_period=31,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Fsx.OntapVolume(\"test\", new Aws.Fsx.OntapVolumeArgs\n {\n JunctionPath = \"/test\",\n SizeInMegabytes = 1024,\n StorageEfficiencyEnabled = true,\n StorageVirtualMachineId = aws_fsx_ontap_storage_virtual_machine.Test.Id,\n TieringPolicy = new Aws.Fsx.Inputs.OntapVolumeTieringPolicyArgs\n {\n Name = \"AUTO\",\n CoolingPeriod = 31,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewOntapVolume(ctx, \"test\", \u0026fsx.OntapVolumeArgs{\n\t\t\tJunctionPath: pulumi.String(\"/test\"),\n\t\t\tSizeInMegabytes: pulumi.Int(1024),\n\t\t\tStorageEfficiencyEnabled: pulumi.Bool(true),\n\t\t\tStorageVirtualMachineId: pulumi.Any(aws_fsx_ontap_storage_virtual_machine.Test.Id),\n\t\t\tTieringPolicy: \u0026fsx.OntapVolumeTieringPolicyArgs{\n\t\t\t\tName: pulumi.String(\"AUTO\"),\n\t\t\t\tCoolingPeriod: pulumi.Int(31),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFSx ONTAP volume can be imported using the `id`, e.g.,\n\n```sh\n $ pulumi import aws:fsx/ontapVolume:OntapVolume example fsvol-12345678abcdef123\n```\n\n ",
+ "properties": {
+ "arn": {
+ "type": "string",
+ "description": "Amazon Resource Name of the volune.\n"
+ },
+ "fileSystemId": {
+ "type": "string",
+ "description": "Describes the file system for the volume, e.g. `fs-12345679`\n"
+ },
+ "flexcacheEndpointType": {
+ "type": "string",
+ "description": "Specifies the FlexCache endpoint type of the volume, Valid values are `NONE`, `ORIGIN`, `CACHE`. Default value is `NONE`. These can be set by the ONTAP CLI or API and are use with FlexCache feature.\n"
+ },
+ "junctionPath": {
+ "type": "string",
+ "description": "Specifies the location in the storage virtual machine's namespace where the volume is mounted. The junction_path must have a leading forward slash, such as `/vol3`\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "Specifies the tiering policy for the ONTAP volume for moving data to the capacity pool storage. Valid values are `SNAPSHOT_ONLY`, `AUTO`, `ALL`, `NONE`. Default value is `SNAPSHOT_ONLY`.\n"
+ },
+ "ontapVolumeType": {
+ "type": "string",
+ "description": "Specifies the type of volume, Valid values are `RW`, `DP`, and `LS`. Default value is `RW`. These can be set by the ONTAP CLI or API. This setting is used as part of migration and replication [Migrating to Amazon FSx for NetApp ONTAP](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/migrating-fsx-ontap.html)\n"
+ },
+ "securityStyle": {
+ "type": "string",
+ "description": "Specifies the volume security style, Valid values are `UNIX`, `NTFS`, and `MIXED`. Default value is `UNIX`.\n"
+ },
+ "sizeInMegabytes": {
+ "type": "integer",
+ "description": "Specifies the size of the volume, in megabytes (MB), that you are creating.\n"
+ },
+ "storageEfficiencyEnabled": {
+ "type": "boolean",
+ "description": "Set to true to enable deduplication, compression, and compaction storage efficiency features on the volume.\n"
+ },
+ "storageVirtualMachineId": {
+ "type": "string",
+ "description": "Specifies the storage virtual machine in which to create the volume.\n"
+ },
+ "tags": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags to assign to the volume. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ },
+ "tagsAll": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n"
+ },
+ "tieringPolicy": {
+ "$ref": "#/types/aws:fsx/OntapVolumeTieringPolicy:OntapVolumeTieringPolicy"
+ },
+ "uuid": {
+ "type": "string",
+ "description": "The Volume's UUID (universally unique identifier).\n"
+ },
+ "volumeType": {
+ "type": "string",
+ "description": "The type of volume, currently the only valid value is `ONTAP`.\n"
+ }
+ },
+ "required": [
+ "arn",
+ "fileSystemId",
+ "flexcacheEndpointType",
+ "junctionPath",
+ "name",
+ "ontapVolumeType",
+ "sizeInMegabytes",
+ "storageEfficiencyEnabled",
+ "storageVirtualMachineId",
+ "tagsAll",
+ "uuid"
+ ],
+ "inputProperties": {
+ "junctionPath": {
+ "type": "string",
+ "description": "Specifies the location in the storage virtual machine's namespace where the volume is mounted. The junction_path must have a leading forward slash, such as `/vol3`\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "Specifies the tiering policy for the ONTAP volume for moving data to the capacity pool storage. Valid values are `SNAPSHOT_ONLY`, `AUTO`, `ALL`, `NONE`. Default value is `SNAPSHOT_ONLY`.\n"
+ },
+ "securityStyle": {
+ "type": "string",
+ "description": "Specifies the volume security style, Valid values are `UNIX`, `NTFS`, and `MIXED`. Default value is `UNIX`.\n"
+ },
+ "sizeInMegabytes": {
+ "type": "integer",
+ "description": "Specifies the size of the volume, in megabytes (MB), that you are creating.\n"
+ },
+ "storageEfficiencyEnabled": {
+ "type": "boolean",
+ "description": "Set to true to enable deduplication, compression, and compaction storage efficiency features on the volume.\n"
+ },
+ "storageVirtualMachineId": {
+ "type": "string",
+ "description": "Specifies the storage virtual machine in which to create the volume.\n"
+ },
+ "tags": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags to assign to the volume. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ },
+ "tagsAll": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n"
+ },
+ "tieringPolicy": {
+ "$ref": "#/types/aws:fsx/OntapVolumeTieringPolicy:OntapVolumeTieringPolicy"
+ },
+ "volumeType": {
+ "type": "string",
+ "description": "The type of volume, currently the only valid value is `ONTAP`.\n"
+ }
+ },
+ "requiredInputs": [
+ "junctionPath",
+ "sizeInMegabytes",
+ "storageEfficiencyEnabled",
+ "storageVirtualMachineId"
+ ],
+ "stateInputs": {
+ "description": "Input properties used for looking up and filtering OntapVolume resources.\n",
+ "properties": {
+ "arn": {
+ "type": "string",
+ "description": "Amazon Resource Name of the volune.\n"
+ },
+ "fileSystemId": {
+ "type": "string",
+ "description": "Describes the file system for the volume, e.g. `fs-12345679`\n"
+ },
+ "flexcacheEndpointType": {
+ "type": "string",
+ "description": "Specifies the FlexCache endpoint type of the volume, Valid values are `NONE`, `ORIGIN`, `CACHE`. Default value is `NONE`. These can be set by the ONTAP CLI or API and are use with FlexCache feature.\n"
+ },
+ "junctionPath": {
+ "type": "string",
+ "description": "Specifies the location in the storage virtual machine's namespace where the volume is mounted. The junction_path must have a leading forward slash, such as `/vol3`\n"
+ },
+ "name": {
+ "type": "string",
+ "description": "Specifies the tiering policy for the ONTAP volume for moving data to the capacity pool storage. Valid values are `SNAPSHOT_ONLY`, `AUTO`, `ALL`, `NONE`. Default value is `SNAPSHOT_ONLY`.\n"
+ },
+ "ontapVolumeType": {
+ "type": "string",
+ "description": "Specifies the type of volume, Valid values are `RW`, `DP`, and `LS`. Default value is `RW`. These can be set by the ONTAP CLI or API. This setting is used as part of migration and replication [Migrating to Amazon FSx for NetApp ONTAP](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/migrating-fsx-ontap.html)\n"
+ },
+ "securityStyle": {
+ "type": "string",
+ "description": "Specifies the volume security style, Valid values are `UNIX`, `NTFS`, and `MIXED`. Default value is `UNIX`.\n"
+ },
+ "sizeInMegabytes": {
+ "type": "integer",
+ "description": "Specifies the size of the volume, in megabytes (MB), that you are creating.\n"
+ },
+ "storageEfficiencyEnabled": {
+ "type": "boolean",
+ "description": "Set to true to enable deduplication, compression, and compaction storage efficiency features on the volume.\n"
+ },
+ "storageVirtualMachineId": {
+ "type": "string",
+ "description": "Specifies the storage virtual machine in which to create the volume.\n"
+ },
+ "tags": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags to assign to the volume. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ },
+ "tagsAll": {
+ "type": "object",
+ "additionalProperties": {
+ "type": "string"
+ },
+ "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n"
+ },
+ "tieringPolicy": {
+ "$ref": "#/types/aws:fsx/OntapVolumeTieringPolicy:OntapVolumeTieringPolicy"
+ },
+ "uuid": {
+ "type": "string",
+ "description": "The Volume's UUID (universally unique identifier).\n"
+ },
+ "volumeType": {
+ "type": "string",
+ "description": "The type of volume, currently the only valid value is `ONTAP`.\n"
+ }
+ },
+ "type": "object"
+ }
+ },
"aws:fsx/windowsFileSystem:WindowsFileSystem": {
"description": "Manages a FSx Windows File System. See the [FSx Windows Guide](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html) for more information.\n\n\u003e **NOTE:** Either the `active_directory_id` argument or `self_managed_active_directory` configuration block must be specified.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using AWS Directory Service\n\nAdditional information for using AWS Directory Service with Windows File Systems can be found in the [FSx Windows Guide](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/fsx-aws-managed-ad.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.fsx.WindowsFileSystem(\"example\", {\n activeDirectoryId: aws_directory_service_directory.example.id,\n kmsKeyId: aws_kms_key.example.arn,\n storageCapacity: 300,\n subnetIds: [aws_subnet.example.id],\n throughputCapacity: 1024,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.fsx.WindowsFileSystem(\"example\",\n active_directory_id=aws_directory_service_directory[\"example\"][\"id\"],\n kms_key_id=aws_kms_key[\"example\"][\"arn\"],\n storage_capacity=300,\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n throughput_capacity=1024)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Fsx.WindowsFileSystem(\"example\", new Aws.Fsx.WindowsFileSystemArgs\n {\n ActiveDirectoryId = aws_directory_service_directory.Example.Id,\n KmsKeyId = aws_kms_key.Example.Arn,\n StorageCapacity = 300,\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n ThroughputCapacity = 1024,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewWindowsFileSystem(ctx, \"example\", \u0026fsx.WindowsFileSystemArgs{\n\t\t\tActiveDirectoryId: pulumi.Any(aws_directory_service_directory.Example.Id),\n\t\t\tKmsKeyId: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t\tStorageCapacity: pulumi.Int(300),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tThroughputCapacity: pulumi.Int(1024),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using a Self-Managed Microsoft Active Directory\n\nAdditional information for using AWS Directory Service with Windows File Systems can be found in the [FSx Windows Guide](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.fsx.WindowsFileSystem(\"example\", {\n kmsKeyId: aws_kms_key.example.arn,\n storageCapacity: 300,\n subnetIds: [aws_subnet.example.id],\n throughputCapacity: 1024,\n selfManagedActiveDirectory: {\n dnsIps: [\n \"10.0.0.111\",\n \"10.0.0.222\",\n ],\n domainName: \"corp.example.com\",\n password: \"avoid-plaintext-passwords\",\n username: \"Admin\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.fsx.WindowsFileSystem(\"example\",\n kms_key_id=aws_kms_key[\"example\"][\"arn\"],\n storage_capacity=300,\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n throughput_capacity=1024,\n self_managed_active_directory=aws.fsx.WindowsFileSystemSelfManagedActiveDirectoryArgs(\n dns_ips=[\n \"10.0.0.111\",\n \"10.0.0.222\",\n ],\n domain_name=\"corp.example.com\",\n password=\"avoid-plaintext-passwords\",\n username=\"Admin\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Fsx.WindowsFileSystem(\"example\", new Aws.Fsx.WindowsFileSystemArgs\n {\n KmsKeyId = aws_kms_key.Example.Arn,\n StorageCapacity = 300,\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n ThroughputCapacity = 1024,\n SelfManagedActiveDirectory = new Aws.Fsx.Inputs.WindowsFileSystemSelfManagedActiveDirectoryArgs\n {\n DnsIps = \n {\n \"10.0.0.111\",\n \"10.0.0.222\",\n },\n DomainName = \"corp.example.com\",\n Password = \"avoid-plaintext-passwords\",\n Username = \"Admin\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewWindowsFileSystem(ctx, \"example\", \u0026fsx.WindowsFileSystemArgs{\n\t\t\tKmsKeyId: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t\tStorageCapacity: pulumi.Int(300),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tThroughputCapacity: pulumi.Int(1024),\n\t\t\tSelfManagedActiveDirectory: \u0026fsx.WindowsFileSystemSelfManagedActiveDirectoryArgs{\n\t\t\t\tDnsIps: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.111\"),\n\t\t\t\t\tpulumi.String(\"10.0.0.222\"),\n\t\t\t\t},\n\t\t\t\tDomainName: pulumi.String(\"corp.example.com\"),\n\t\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFSx File Systems can be imported using the `id`, e.g.,\n\n```sh\n $ pulumi import aws:fsx/windowsFileSystem:WindowsFileSystem example fs-543ab12b1ca672f33\n```\n\n Certain resource arguments, like `security_group_ids` and the `self_managed_active_directory` configuation block `password`, do not have a FSx API method for reading the information after creation. If these arguments are set in the provider configuration on an imported resource, the povider will always show a difference. To workaround this behavior, either omit the argument from the configuration or use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to hide the difference, e.g. terraform resource \"aws_fsx_windows_file_system\" \"example\" {\n\n # ... other configuration ...\n\n security_group_ids = [aws_security_group.example.id]\n\n # There is no FSx API for reading security_group_ids\n\n lifecycle {\n\n\n\n ignore_changes = [security_group_ids]\n\n } } ",
"properties": {
@@ -250832,6 +255272,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -250852,6 +255296,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -250902,7 +255350,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -250942,6 +255390,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dropInvalidHeaderFields": {
"type": "boolean",
"description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n"
@@ -250958,6 +255410,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -251008,7 +255464,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
}
},
"stateInputs": {
@@ -251030,6 +255486,10 @@
"type": "string",
"description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n"
},
+ "desyncMitigationMode": {
+ "type": "string",
+ "description": "Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.\n"
+ },
"dnsName": {
"type": "string",
"description": "The DNS name of the load balancer.\n"
@@ -251050,6 +255510,10 @@
"type": "boolean",
"description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n"
},
+ "enableWafFailOpen": {
+ "type": "boolean",
+ "description": "Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.\n"
+ },
"idleTimeout": {
"type": "integer",
"description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n"
@@ -251100,7 +255564,7 @@
"additionalProperties": {
"type": "string"
},
- "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
+ "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n"
},
"tagsAll": {
"type": "object",
@@ -265254,11 +269718,11 @@
},
"sessionName": {
"type": "string",
- "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards.\n"
+ "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards. Only valid for registering users using an assumed IAM role. Additionally, if registering multiple users using the same IAM role, each user needs to have a unique session name.\n"
},
"userName": {
"type": "string",
- "description": "The Amazon QuickSight user name that you want to create for the user you are registering.\n"
+ "description": "The Amazon QuickSight user name that you want to create for the user you are registering. Only valid for registering a user with `identity_type` set to `QUICKSIGHT`.\n"
},
"userRole": {
"type": "string",
@@ -265295,11 +269759,11 @@
},
"sessionName": {
"type": "string",
- "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards.\n"
+ "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards. Only valid for registering users using an assumed IAM role. Additionally, if registering multiple users using the same IAM role, each user needs to have a unique session name.\n"
},
"userName": {
"type": "string",
- "description": "The Amazon QuickSight user name that you want to create for the user you are registering.\n"
+ "description": "The Amazon QuickSight user name that you want to create for the user you are registering. Only valid for registering a user with `identity_type` set to `QUICKSIGHT`.\n"
},
"userRole": {
"type": "string",
@@ -265340,11 +269804,11 @@
},
"sessionName": {
"type": "string",
- "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards.\n"
+ "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards. Only valid for registering users using an assumed IAM role. Additionally, if registering multiple users using the same IAM role, each user needs to have a unique session name.\n"
},
"userName": {
"type": "string",
- "description": "The Amazon QuickSight user name that you want to create for the user you are registering.\n"
+ "description": "The Amazon QuickSight user name that you want to create for the user you are registering. Only valid for registering a user with `identity_type` set to `QUICKSIGHT`.\n"
},
"userRole": {
"type": "string",
@@ -294041,6 +298505,13 @@
"type": "integer",
"description": "The web ACL capacity units (WCUs) required for this rule group. See [here](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html#API_CreateRuleGroup_RequestSyntax) for general information and [here](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) for capacity specific information.\n"
},
+ "customResponseBodies": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/RuleGroupCustomResponseBody:RuleGroupCustomResponseBody"
+ },
+ "description": "Defines custom response bodies that can be referenced by `custom_response` actions. See Custom Response Body below for details.\n"
+ },
"description": {
"type": "string",
"description": "A friendly description of the rule group.\n"
@@ -294050,7 +298521,7 @@
},
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n"
+ "description": "The label string.\n"
},
"rules": {
"type": "array",
@@ -294096,13 +298567,20 @@
"type": "integer",
"description": "The web ACL capacity units (WCUs) required for this rule group. See [here](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html#API_CreateRuleGroup_RequestSyntax) for general information and [here](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) for capacity specific information.\n"
},
+ "customResponseBodies": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/RuleGroupCustomResponseBody:RuleGroupCustomResponseBody"
+ },
+ "description": "Defines custom response bodies that can be referenced by `custom_response` actions. See Custom Response Body below for details.\n"
+ },
"description": {
"type": "string",
"description": "A friendly description of the rule group.\n"
},
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n"
+ "description": "The label string.\n"
},
"rules": {
"type": "array",
@@ -294150,6 +298628,13 @@
"type": "integer",
"description": "The web ACL capacity units (WCUs) required for this rule group. See [here](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html#API_CreateRuleGroup_RequestSyntax) for general information and [here](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) for capacity specific information.\n"
},
+ "customResponseBodies": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/RuleGroupCustomResponseBody:RuleGroupCustomResponseBody"
+ },
+ "description": "Defines custom response bodies that can be referenced by `custom_response` actions. See Custom Response Body below for details.\n"
+ },
"description": {
"type": "string",
"description": "A friendly description of the rule group.\n"
@@ -294159,7 +298644,7 @@
},
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n"
+ "description": "The label string.\n"
},
"rules": {
"type": "array",
@@ -294195,7 +298680,7 @@
}
},
"aws:wafv2/webAcl:WebAcl": {
- "description": "Creates a WAFv2 Web ACL resource.\n\n{{% examples %}}\n## Example Usage\n\nThis resource is based on `aws.wafv2.RuleGroup`, check the documentation of the `aws.wafv2.RuleGroup` resource to see examples of the various available statements.\n\n{{% example %}}\n### Managed Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAcl(\"example\", {\n defaultAction: {\n allow: {},\n },\n description: \"Example of a managed rule.\",\n rules: [{\n name: \"rule-1\",\n overrideAction: {\n count: {},\n },\n priority: 1,\n statement: {\n managedRuleGroupStatement: {\n excludedRules: [\n {\n name: \"SizeRestrictions_QUERYSTRING\",\n },\n {\n name: \"NoUserAgent_HEADER\",\n },\n ],\n name: \"AWSManagedRulesCommonRuleSet\",\n scopeDownStatement: {\n geoMatchStatement: {\n countryCodes: [\n \"US\",\n \"NL\",\n ],\n },\n },\n vendorName: \"AWS\",\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n scope: \"REGIONAL\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAcl(\"example\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n allow=aws.wafv2.WebAclDefaultActionAllowArgs(),\n ),\n description=\"Example of a managed rule.\",\n rules=[aws.wafv2.WebAclRuleArgs(\n name=\"rule-1\",\n override_action=aws.wafv2.WebAclRuleOverrideActionArgs(\n count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),\n ),\n priority=1,\n statement=aws.wafv2.WebAclRuleStatementArgs(\n managed_rule_group_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs(\n excluded_rule=[\n {\n \"name\": \"SizeRestrictions_QUERYSTRING\",\n },\n {\n \"name\": \"NoUserAgent_HEADER\",\n },\n ],\n name=\"AWSManagedRulesCommonRuleSet\",\n scope_down_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs(\n geo_match_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs(\n country_codes=[\n \"US\",\n \"NL\",\n ],\n ),\n ),\n vendor_name=\"AWS\",\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n scope=\"REGIONAL\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAcl(\"example\", new Aws.WafV2.WebAclArgs\n {\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Allow = ,\n },\n Description = \"Example of a managed rule.\",\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Name = \"rule-1\",\n OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs\n {\n Count = ,\n },\n Priority = 1,\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n ManagedRuleGroupStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementArgs\n {\n ExcludedRule = \n {\n \n {\n { \"name\", \"SizeRestrictions_QUERYSTRING\" },\n },\n \n {\n { \"name\", \"NoUserAgent_HEADER\" },\n },\n },\n Name = \"AWSManagedRulesCommonRuleSet\",\n ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n \"NL\",\n },\n },\n },\n VendorName = \"AWS\",\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Scope = \"REGIONAL\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAcl(ctx, \"example\", \u0026wafv2.WebAclArgs{\n\t\t\tDefaultAction: \u0026wafv2.WebAclDefaultActionArgs{\n\t\t\t\tAllow: nil,\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Example of a managed rule.\"),\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t\u0026wafv2.WebAclRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tOverrideAction: \u0026wafv2.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tStatement: \u0026wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tManagedRuleGroupStatement: \u0026wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{\n\t\t\t\t\t\t\tExcludedRule: []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"name\": \"SizeRestrictions_QUERYSTRING\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"name\": \"NoUserAgent_HEADER\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tName: pulumi.String(\"AWSManagedRulesCommonRuleSet\"),\n\t\t\t\t\t\t\tScopeDownStatement: \u0026wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs{\n\t\t\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVendorName: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Rate Based\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAcl(\"example\", {\n defaultAction: {\n block: {},\n },\n description: \"Example of a rate based statement.\",\n rules: [{\n action: {\n count: {},\n },\n name: \"rule-1\",\n priority: 1,\n statement: {\n rateBasedStatement: {\n aggregateKeyType: \"IP\",\n limit: 10000,\n scopeDownStatement: {\n geoMatchStatement: {\n countryCodes: [\n \"US\",\n \"NL\",\n ],\n },\n },\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n scope: \"REGIONAL\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAcl(\"example\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n block=aws.wafv2.WebAclDefaultActionBlockArgs(),\n ),\n description=\"Example of a rate based statement.\",\n rules=[aws.wafv2.WebAclRuleArgs(\n action=aws.wafv2.WebAclRuleActionArgs(\n count=aws.wafv2.WebAclRuleActionCountArgs(),\n ),\n name=\"rule-1\",\n priority=1,\n statement=aws.wafv2.WebAclRuleStatementArgs(\n rate_based_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementArgs(\n aggregate_key_type=\"IP\",\n limit=10000,\n scope_down_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs(\n geo_match_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs(\n country_codes=[\n \"US\",\n \"NL\",\n ],\n ),\n ),\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n scope=\"REGIONAL\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAcl(\"example\", new Aws.WafV2.WebAclArgs\n {\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Block = ,\n },\n Description = \"Example of a rate based statement.\",\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs\n {\n Count = ,\n },\n Name = \"rule-1\",\n Priority = 1,\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n RateBasedStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementArgs\n {\n AggregateKeyType = \"IP\",\n Limit = 10000,\n ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n \"NL\",\n },\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Scope = \"REGIONAL\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAcl(ctx, \"example\", \u0026wafv2.WebAclArgs{\n\t\t\tDefaultAction: \u0026wafv2.WebAclDefaultActionArgs{\n\t\t\t\tBlock: nil,\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Example of a rate based statement.\"),\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t\u0026wafv2.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafv2.WebAclRuleActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tStatement: \u0026wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tRateBasedStatement: \u0026wafv2.WebAclRuleStatementRateBasedStatementArgs{\n\t\t\t\t\t\t\tAggregateKeyType: pulumi.String(\"IP\"),\n\t\t\t\t\t\t\tLimit: pulumi.Int(10000),\n\t\t\t\t\t\t\tScopeDownStatement: \u0026wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs{\n\t\t\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Rule Group Reference\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.RuleGroup(\"example\", {\n capacity: 10,\n scope: \"REGIONAL\",\n rules: [\n {\n name: \"rule-1\",\n priority: 1,\n action: {\n count: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"NL\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-to-exclude-a\",\n priority: 10,\n action: {\n allow: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"US\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-to-exclude-b\",\n priority: 15,\n action: {\n allow: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"GB\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n ],\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\nconst test = new aws.wafv2.WebAcl(\"test\", {\n scope: \"REGIONAL\",\n defaultAction: {\n block: {},\n },\n rules: [{\n name: \"rule-1\",\n priority: 1,\n overrideAction: {\n count: {},\n },\n statement: {\n ruleGroupReferenceStatement: {\n arn: example.arn,\n excludedRules: [\n {\n name: \"rule-to-exclude-b\",\n },\n {\n name: \"rule-to-exclude-a\",\n },\n ],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.RuleGroup(\"example\",\n capacity=10,\n scope=\"REGIONAL\",\n rules=[\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-1\",\n priority=1,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n count=aws.wafv2.RuleGroupRuleActionCountArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"NL\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-to-exclude-a\",\n priority=10,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"US\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-to-exclude-b\",\n priority=15,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"GB\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n ],\n visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\ntest = aws.wafv2.WebAcl(\"test\",\n scope=\"REGIONAL\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n block=aws.wafv2.WebAclDefaultActionBlockArgs(),\n ),\n rules=[aws.wafv2.WebAclRuleArgs(\n name=\"rule-1\",\n priority=1,\n override_action=aws.wafv2.WebAclRuleOverrideActionArgs(\n count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),\n ),\n statement=aws.wafv2.WebAclRuleStatementArgs(\n rule_group_reference_statement=aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs(\n arn=example.arn,\n excluded_rules=[\n aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(\n name=\"rule-to-exclude-b\",\n ),\n aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(\n name=\"rule-to-exclude-a\",\n ),\n ],\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.RuleGroup(\"example\", new Aws.WafV2.RuleGroupArgs\n {\n Capacity = 10,\n Scope = \"REGIONAL\",\n Rules = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Count = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"NL\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-to-exclude-a\",\n Priority = 10,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Allow = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-to-exclude-b\",\n Priority = 15,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Allow = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"GB\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n var test = new Aws.WafV2.WebAcl(\"test\", new Aws.WafV2.WebAclArgs\n {\n Scope = \"REGIONAL\",\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Block = ,\n },\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs\n {\n Count = ,\n },\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n RuleGroupReferenceStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementArgs\n {\n Arn = example.Arn,\n ExcludedRules = \n {\n new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs\n {\n Name = \"rule-to-exclude-b\",\n },\n new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs\n {\n Name = \"rule-to-exclude-a\",\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := wafv2.NewRuleGroup(ctx, \"example\", \u0026wafv2.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(10),\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tRules: wafv2.RuleGroupRuleArray{\n\t\t\t\t\u0026wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tAction: \u0026wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-a\"),\n\t\t\t\t\tPriority: pulumi.Int(10),\n\t\t\t\t\tAction: \u0026wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tAllow: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-b\"),\n\t\t\t\t\tPriority: pulumi.Int(15),\n\t\t\t\t\tAction: \u0026wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tAllow: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafv2.NewWebAcl(ctx, \"test\", \u0026wafv2.WebAclArgs{\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tDefaultAction: \u0026wafv2.WebAclDefaultActionArgs{\n\t\t\t\tBlock: nil,\n\t\t\t},\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t\u0026wafv2.WebAclRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tOverrideAction: \u0026wafv2.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tRuleGroupReferenceStatement: \u0026wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs{\n\t\t\t\t\t\t\tArn: example.Arn,\n\t\t\t\t\t\t\tExcludedRules: wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArray{\n\t\t\t\t\t\t\t\t\u0026wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-b\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-a\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAFv2 Web ACLs can be imported using `ID/Name/Scope` e.g.,\n\n```sh\n $ pulumi import aws:wafv2/webAcl:WebAcl example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL\n```\n\n ",
+ "description": "Creates a WAFv2 Web ACL resource.\n\n{{% examples %}}\n## Example Usage\n\nThis resource is based on `aws.wafv2.RuleGroup`, check the documentation of the `aws.wafv2.RuleGroup` resource to see examples of the various available statements.\n\n{{% example %}}\n### Managed Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAcl(\"example\", {\n defaultAction: {\n allow: {},\n },\n description: \"Example of a managed rule.\",\n rules: [{\n name: \"rule-1\",\n overrideAction: {\n count: {},\n },\n priority: 1,\n statement: {\n managedRuleGroupStatement: {\n excludedRules: [\n {\n name: \"SizeRestrictions_QUERYSTRING\",\n },\n {\n name: \"NoUserAgent_HEADER\",\n },\n ],\n name: \"AWSManagedRulesCommonRuleSet\",\n scopeDownStatement: {\n geoMatchStatement: {\n countryCodes: [\n \"US\",\n \"NL\",\n ],\n },\n },\n vendorName: \"AWS\",\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n scope: \"REGIONAL\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAcl(\"example\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n allow=aws.wafv2.WebAclDefaultActionAllowArgs(),\n ),\n description=\"Example of a managed rule.\",\n rules=[aws.wafv2.WebAclRuleArgs(\n name=\"rule-1\",\n override_action=aws.wafv2.WebAclRuleOverrideActionArgs(\n count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),\n ),\n priority=1,\n statement=aws.wafv2.WebAclRuleStatementArgs(\n managed_rule_group_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs(\n excluded_rule=[\n {\n \"name\": \"SizeRestrictions_QUERYSTRING\",\n },\n {\n \"name\": \"NoUserAgent_HEADER\",\n },\n ],\n name=\"AWSManagedRulesCommonRuleSet\",\n scope_down_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs(\n geo_match_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs(\n country_codes=[\n \"US\",\n \"NL\",\n ],\n ),\n ),\n vendor_name=\"AWS\",\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n scope=\"REGIONAL\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAcl(\"example\", new Aws.WafV2.WebAclArgs\n {\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Allow = ,\n },\n Description = \"Example of a managed rule.\",\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Name = \"rule-1\",\n OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs\n {\n Count = ,\n },\n Priority = 1,\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n ManagedRuleGroupStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementArgs\n {\n ExcludedRule = \n {\n \n {\n { \"name\", \"SizeRestrictions_QUERYSTRING\" },\n },\n \n {\n { \"name\", \"NoUserAgent_HEADER\" },\n },\n },\n Name = \"AWSManagedRulesCommonRuleSet\",\n ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n \"NL\",\n },\n },\n },\n VendorName = \"AWS\",\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Scope = \"REGIONAL\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAcl(ctx, \"example\", \u0026wafv2.WebAclArgs{\n\t\t\tDefaultAction: \u0026wafv2.WebAclDefaultActionArgs{\n\t\t\t\tAllow: nil,\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Example of a managed rule.\"),\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t\u0026wafv2.WebAclRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tOverrideAction: \u0026wafv2.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tStatement: \u0026wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tManagedRuleGroupStatement: \u0026wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{\n\t\t\t\t\t\t\tExcludedRule: []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"name\": \"SizeRestrictions_QUERYSTRING\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"name\": \"NoUserAgent_HEADER\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tName: pulumi.String(\"AWSManagedRulesCommonRuleSet\"),\n\t\t\t\t\t\t\tScopeDownStatement: \u0026wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs{\n\t\t\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVendorName: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Rate Based\nRate-limit US and NL-based clients to 10,000 requests for every 5 minutes.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAcl(\"example\", {\n defaultAction: {\n allow: {},\n },\n description: \"Example of a Cloudfront rate based statement.\",\n rules: [{\n action: {\n block: {},\n },\n name: \"rule-1\",\n priority: 1,\n statement: {\n rateBasedStatement: {\n aggregateKeyType: \"IP\",\n limit: 10000,\n scopeDownStatement: {\n geoMatchStatement: {\n countryCodes: [\n \"US\",\n \"NL\",\n ],\n },\n },\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n scope: \"CLOUDFRONT\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAcl(\"example\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n allow=aws.wafv2.WebAclDefaultActionAllowArgs(),\n ),\n description=\"Example of a Cloudfront rate based statement.\",\n rules=[aws.wafv2.WebAclRuleArgs(\n action=aws.wafv2.WebAclRuleActionArgs(\n block=aws.wafv2.WebAclRuleActionBlockArgs(),\n ),\n name=\"rule-1\",\n priority=1,\n statement=aws.wafv2.WebAclRuleStatementArgs(\n rate_based_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementArgs(\n aggregate_key_type=\"IP\",\n limit=10000,\n scope_down_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs(\n geo_match_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs(\n country_codes=[\n \"US\",\n \"NL\",\n ],\n ),\n ),\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n scope=\"CLOUDFRONT\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAcl(\"example\", new Aws.WafV2.WebAclArgs\n {\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Allow = ,\n },\n Description = \"Example of a Cloudfront rate based statement.\",\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs\n {\n Block = ,\n },\n Name = \"rule-1\",\n Priority = 1,\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n RateBasedStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementArgs\n {\n AggregateKeyType = \"IP\",\n Limit = 10000,\n ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n \"NL\",\n },\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Scope = \"CLOUDFRONT\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAcl(ctx, \"example\", \u0026wafv2.WebAclArgs{\n\t\t\tDefaultAction: \u0026wafv2.WebAclDefaultActionArgs{\n\t\t\t\tAllow: nil,\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Example of a Cloudfront rate based statement.\"),\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t\u0026wafv2.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafv2.WebAclRuleActionArgs{\n\t\t\t\t\t\tBlock: nil,\n\t\t\t\t\t},\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tStatement: \u0026wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tRateBasedStatement: \u0026wafv2.WebAclRuleStatementRateBasedStatementArgs{\n\t\t\t\t\t\t\tAggregateKeyType: pulumi.String(\"IP\"),\n\t\t\t\t\t\t\tLimit: pulumi.Int(10000),\n\t\t\t\t\t\t\tScopeDownStatement: \u0026wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs{\n\t\t\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"CLOUDFRONT\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Rule Group Reference\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.RuleGroup(\"example\", {\n capacity: 10,\n scope: \"REGIONAL\",\n rules: [\n {\n name: \"rule-1\",\n priority: 1,\n action: {\n count: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"NL\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-to-exclude-a\",\n priority: 10,\n action: {\n allow: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"US\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-to-exclude-b\",\n priority: 15,\n action: {\n allow: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"GB\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n ],\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\nconst test = new aws.wafv2.WebAcl(\"test\", {\n scope: \"REGIONAL\",\n defaultAction: {\n block: {},\n },\n rules: [{\n name: \"rule-1\",\n priority: 1,\n overrideAction: {\n count: {},\n },\n statement: {\n ruleGroupReferenceStatement: {\n arn: example.arn,\n excludedRules: [\n {\n name: \"rule-to-exclude-b\",\n },\n {\n name: \"rule-to-exclude-a\",\n },\n ],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.RuleGroup(\"example\",\n capacity=10,\n scope=\"REGIONAL\",\n rules=[\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-1\",\n priority=1,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n count=aws.wafv2.RuleGroupRuleActionCountArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"NL\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-to-exclude-a\",\n priority=10,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"US\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-to-exclude-b\",\n priority=15,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"GB\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n ],\n visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\ntest = aws.wafv2.WebAcl(\"test\",\n scope=\"REGIONAL\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n block=aws.wafv2.WebAclDefaultActionBlockArgs(),\n ),\n rules=[aws.wafv2.WebAclRuleArgs(\n name=\"rule-1\",\n priority=1,\n override_action=aws.wafv2.WebAclRuleOverrideActionArgs(\n count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),\n ),\n statement=aws.wafv2.WebAclRuleStatementArgs(\n rule_group_reference_statement=aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs(\n arn=example.arn,\n excluded_rules=[\n aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(\n name=\"rule-to-exclude-b\",\n ),\n aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(\n name=\"rule-to-exclude-a\",\n ),\n ],\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.RuleGroup(\"example\", new Aws.WafV2.RuleGroupArgs\n {\n Capacity = 10,\n Scope = \"REGIONAL\",\n Rules = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Count = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"NL\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-to-exclude-a\",\n Priority = 10,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Allow = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-to-exclude-b\",\n Priority = 15,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Allow = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"GB\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n var test = new Aws.WafV2.WebAcl(\"test\", new Aws.WafV2.WebAclArgs\n {\n Scope = \"REGIONAL\",\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Block = ,\n },\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs\n {\n Count = ,\n },\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n RuleGroupReferenceStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementArgs\n {\n Arn = example.Arn,\n ExcludedRules = \n {\n new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs\n {\n Name = \"rule-to-exclude-b\",\n },\n new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs\n {\n Name = \"rule-to-exclude-a\",\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := wafv2.NewRuleGroup(ctx, \"example\", \u0026wafv2.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(10),\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tRules: wafv2.RuleGroupRuleArray{\n\t\t\t\t\u0026wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tAction: \u0026wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-a\"),\n\t\t\t\t\tPriority: pulumi.Int(10),\n\t\t\t\t\tAction: \u0026wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tAllow: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-b\"),\n\t\t\t\t\tPriority: pulumi.Int(15),\n\t\t\t\t\tAction: \u0026wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tAllow: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: \u0026wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.RuleGroupVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafv2.NewWebAcl(ctx, \"test\", \u0026wafv2.WebAclArgs{\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tDefaultAction: \u0026wafv2.WebAclDefaultActionArgs{\n\t\t\t\tBlock: nil,\n\t\t\t},\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t\u0026wafv2.WebAclRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tOverrideAction: \u0026wafv2.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: \u0026wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tRuleGroupReferenceStatement: \u0026wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs{\n\t\t\t\t\t\t\tArn: example.Arn,\n\t\t\t\t\t\t\tExcludedRules: wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArray{\n\t\t\t\t\t\t\t\t\u0026wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-b\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-a\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: \u0026wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: \u0026wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAFv2 Web ACLs can be imported using `ID/Name/Scope` e.g.,\n\n```sh\n $ pulumi import aws:wafv2/webAcl:WebAcl example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL\n```\n\n ",
"properties": {
"arn": {
"type": "string",
@@ -294205,6 +298690,13 @@
"type": "integer",
"description": "The web ACL capacity units (WCUs) currently being used by this web ACL.\n"
},
+ "customResponseBodies": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/WebAclCustomResponseBody:WebAclCustomResponseBody"
+ },
+ "description": "Defines custom response bodies that can be referenced by `custom_response` actions. See Custom Response Body below for details.\n"
+ },
"defaultAction": {
"$ref": "#/types/aws:wafv2/WebAclDefaultAction:WebAclDefaultAction",
"description": "The action to perform if none of the `rules` contained in the WebACL match. See Default Action below for details.\n"
@@ -294218,7 +298710,7 @@
},
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n"
+ "description": "The label string.\n"
},
"rules": {
"type": "array",
@@ -294261,6 +298753,13 @@
"visibilityConfig"
],
"inputProperties": {
+ "customResponseBodies": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/WebAclCustomResponseBody:WebAclCustomResponseBody"
+ },
+ "description": "Defines custom response bodies that can be referenced by `custom_response` actions. See Custom Response Body below for details.\n"
+ },
"defaultAction": {
"$ref": "#/types/aws:wafv2/WebAclDefaultAction:WebAclDefaultAction",
"description": "The action to perform if none of the `rules` contained in the WebACL match. See Default Action below for details.\n"
@@ -294271,7 +298770,7 @@
},
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n"
+ "description": "The label string.\n"
},
"rules": {
"type": "array",
@@ -294319,6 +298818,13 @@
"type": "integer",
"description": "The web ACL capacity units (WCUs) currently being used by this web ACL.\n"
},
+ "customResponseBodies": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:wafv2/WebAclCustomResponseBody:WebAclCustomResponseBody"
+ },
+ "description": "Defines custom response bodies that can be referenced by `custom_response` actions. See Custom Response Body below for details.\n"
+ },
"defaultAction": {
"$ref": "#/types/aws:wafv2/WebAclDefaultAction:WebAclDefaultAction",
"description": "The action to perform if none of the `rules` contained in the WebACL match. See Default Action below for details.\n"
@@ -294332,7 +298838,7 @@
},
"name": {
"type": "string",
- "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n"
+ "description": "The label string.\n"
},
"rules": {
"type": "array",
@@ -295943,6 +300449,9 @@
"customerOwnedIpv4Pool": {
"type": "string"
},
+ "desyncMitigationMode": {
+ "type": "string"
+ },
"dnsName": {
"type": "string"
},
@@ -295955,6 +300464,9 @@
"enableHttp2": {
"type": "boolean"
},
+ "enableWafFailOpen": {
+ "type": "boolean"
+ },
"id": {
"type": "string",
"description": "The provider-assigned unique ID for this managed resource.\n"
@@ -296011,10 +300523,12 @@
"arn",
"arnSuffix",
"customerOwnedIpv4Pool",
+ "desyncMitigationMode",
"dnsName",
"dropInvalidHeaderFields",
"enableDeletionProtection",
"enableHttp2",
+ "enableWafFailOpen",
"idleTimeout",
"internal",
"ipAddressType",
@@ -296827,6 +301341,9 @@
"customerOwnedIpv4Pool": {
"type": "string"
},
+ "desyncMitigationMode": {
+ "type": "string"
+ },
"dnsName": {
"type": "string"
},
@@ -296839,6 +301356,9 @@
"enableHttp2": {
"type": "boolean"
},
+ "enableWafFailOpen": {
+ "type": "boolean"
+ },
"id": {
"type": "string",
"description": "The provider-assigned unique ID for this managed resource.\n"
@@ -296895,10 +301415,12 @@
"arn",
"arnSuffix",
"customerOwnedIpv4Pool",
+ "desyncMitigationMode",
"dnsName",
"dropInvalidHeaderFields",
"enableDeletionProtection",
"enableHttp2",
+ "enableWafFailOpen",
"idleTimeout",
"internal",
"ipAddressType",
@@ -301896,6 +306418,49 @@
]
}
},
+ "aws:ec2/getInstanceTypes:getInstanceTypes": {
+ "description": "Information about EC2 Instance Types.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.ec2.getInstanceTypes({\n filters: [\n {\n name: \"auto-recovery-supported\",\n values: [\"true\"],\n },\n {\n name: \"network-info.encryption-in-transit-supported\",\n values: [\"true\"],\n },\n {\n name: \"instance-storage-supported\",\n values: [\"true\"],\n },\n {\n name: \"instance-type\",\n values: [\n \"g5.2xlarge\",\n \"g5.4xlarge\",\n ],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_instance_types(filters=[\n aws.ec2.GetInstanceTypesFilterArgs(\n name=\"auto-recovery-supported\",\n values=[\"true\"],\n ),\n aws.ec2.GetInstanceTypesFilterArgs(\n name=\"network-info.encryption-in-transit-supported\",\n values=[\"true\"],\n ),\n aws.ec2.GetInstanceTypesFilterArgs(\n name=\"instance-storage-supported\",\n values=[\"true\"],\n ),\n aws.ec2.GetInstanceTypesFilterArgs(\n name=\"instance-type\",\n values=[\n \"g5.2xlarge\",\n \"g5.4xlarge\",\n ],\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Ec2.GetInstanceTypes.InvokeAsync(new Aws.Ec2.GetInstanceTypesArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs\n {\n Name = \"auto-recovery-supported\",\n Values = \n {\n \"true\",\n },\n },\n new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs\n {\n Name = \"network-info.encryption-in-transit-supported\",\n Values = \n {\n \"true\",\n },\n },\n new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs\n {\n Name = \"instance-storage-supported\",\n Values = \n {\n \"true\",\n },\n },\n new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs\n {\n Name = \"instance-type\",\n Values = \n {\n \"g5.2xlarge\",\n \"g5.4xlarge\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetInstanceTypes(ctx, \u0026ec2.GetInstanceTypesArgs{\n\t\t\tFilters: []ec2.GetInstanceTypesFilter{\n\t\t\t\tec2.GetInstanceTypesFilter{\n\t\t\t\t\tName: \"auto-recovery-supported\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"true\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetInstanceTypesFilter{\n\t\t\t\t\tName: \"network-info.encryption-in-transit-supported\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"true\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetInstanceTypesFilter{\n\t\t\t\t\tName: \"instance-storage-supported\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"true\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetInstanceTypesFilter{\n\t\t\t\t\tName: \"instance-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"g5.2xlarge\",\n\t\t\t\t\t\t\"g5.4xlarge\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}",
+ "inputs": {
+ "description": "A collection of arguments for invoking getInstanceTypes.\n",
+ "properties": {
+ "filters": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:ec2/getInstanceTypesFilter:getInstanceTypesFilter"
+ },
+ "description": "One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceTypes.html) for supported filters. Detailed below.\n"
+ }
+ },
+ "type": "object"
+ },
+ "outputs": {
+ "description": "A collection of values returned by getInstanceTypes.\n",
+ "properties": {
+ "filters": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:ec2/getInstanceTypesFilter:getInstanceTypesFilter"
+ }
+ },
+ "id": {
+ "type": "string",
+ "description": "The provider-assigned unique ID for this managed resource.\n"
+ },
+ "instanceTypes": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "List of EC2 Instance Types.\n"
+ }
+ },
+ "type": "object",
+ "required": [
+ "instanceTypes",
+ "id"
+ ]
+ }
+ },
"aws:ec2/getInstances:getInstances": {
"description": "Use this data source to get IDs or IPs of Amazon EC2 instances to be referenced elsewhere,\ne.g., to allow easier migration from another management solution\nor to make it easier for an operator to connect through bastion host(s).\n\n\u003e **Note:** It's strongly discouraged to use this data source for querying ephemeral\ninstances (e.g., managed via autoscaling group), as the output may change at any time\nand you'd need to re-run `apply` every time an instance comes up or dies.\n",
"inputs": {
@@ -307565,6 +312130,9 @@
"crossZoneLoadBalancing": {
"type": "boolean"
},
+ "desyncMitigationMode": {
+ "type": "string"
+ },
"dnsName": {
"type": "string"
},
@@ -307632,6 +312200,7 @@
"connectionDraining",
"connectionDrainingTimeout",
"crossZoneLoadBalancing",
+ "desyncMitigationMode",
"dnsName",
"healthCheck",
"idleTimeout",
@@ -307806,6 +312375,9 @@
"customerOwnedIpv4Pool": {
"type": "string"
},
+ "desyncMitigationMode": {
+ "type": "string"
+ },
"dnsName": {
"type": "string"
},
@@ -307818,6 +312390,9 @@
"enableHttp2": {
"type": "boolean"
},
+ "enableWafFailOpen": {
+ "type": "boolean"
+ },
"id": {
"type": "string",
"description": "The provider-assigned unique ID for this managed resource.\n"
@@ -307874,10 +312449,12 @@
"arn",
"arnSuffix",
"customerOwnedIpv4Pool",
+ "desyncMitigationMode",
"dnsName",
"dropInvalidHeaderFields",
"enableDeletionProtection",
"enableHttp2",
+ "enableWafFailOpen",
"idleTimeout",
"internal",
"ipAddressType",
@@ -308248,6 +312825,9 @@
"crossZoneLoadBalancing": {
"type": "boolean"
},
+ "desyncMitigationMode": {
+ "type": "string"
+ },
"dnsName": {
"type": "string"
},
@@ -308315,6 +312895,7 @@
"connectionDraining",
"connectionDrainingTimeout",
"crossZoneLoadBalancing",
+ "desyncMitigationMode",
"dnsName",
"healthCheck",
"idleTimeout",
@@ -310145,6 +314726,64 @@
]
}
},
+ "aws:imagebuilder/getImageRecipes:getImageRecipes": {
+ "description": "Use this data source to get the ARNs and names of Image Builder Image Recipes matching the specified criteria.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getImageRecipes({\n filters: [{\n name: \"platform\",\n values: [\"Linux\"],\n }],\n owner: \"Self\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_image_recipes(filters=[aws.imagebuilder.GetImageRecipesFilterArgs(\n name=\"platform\",\n values=[\"Linux\"],\n )],\n owner=\"Self\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetImageRecipes.InvokeAsync(new Aws.ImageBuilder.GetImageRecipesArgs\n {\n Filters = \n {\n new Aws.ImageBuilder.Inputs.GetImageRecipesFilterArgs\n {\n Name = \"platform\",\n Values = \n {\n \"Linux\",\n },\n },\n },\n Owner = \"Self\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"Self\"\n\t\t_, err := imagebuilder.GetImageRecipes(ctx, \u0026imagebuilder.GetImageRecipesArgs{\n\t\t\tFilters: []imagebuilder.GetImageRecipesFilter{\n\t\t\t\timagebuilder.GetImageRecipesFilter{\n\t\t\t\t\tName: \"platform\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Linux\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwner: \u0026opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}",
+ "inputs": {
+ "description": "A collection of arguments for invoking getImageRecipes.\n",
+ "properties": {
+ "filters": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:imagebuilder/getImageRecipesFilter:getImageRecipesFilter"
+ },
+ "description": "Configuration block(s) for filtering. Detailed below.\n"
+ },
+ "owner": {
+ "type": "string",
+ "description": "The owner of the image recipes. Valid values are `Self`, `Shared` and `Amazon`. Defaults to `Self`.\n"
+ }
+ },
+ "type": "object"
+ },
+ "outputs": {
+ "description": "A collection of values returned by getImageRecipes.\n",
+ "properties": {
+ "arns": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Set of ARNs of the matched Image Builder Image Recipes.\n"
+ },
+ "filters": {
+ "type": "array",
+ "items": {
+ "$ref": "#/types/aws:imagebuilder/getImageRecipesFilter:getImageRecipesFilter"
+ }
+ },
+ "id": {
+ "type": "string",
+ "description": "The provider-assigned unique ID for this managed resource.\n"
+ },
+ "names": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Set of names of the matched Image Builder Image Recipes.\n"
+ },
+ "owner": {
+ "type": "string"
+ }
+ },
+ "type": "object",
+ "required": [
+ "arns",
+ "names",
+ "id"
+ ]
+ }
+ },
"aws:imagebuilder/getInfrastructureConfiguration:getInfrastructureConfiguration": {
"description": "Provides details about an Image Builder Infrastructure Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getInfrastructureConfiguration({\n arn: \"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_infrastructure_configuration(arn=\"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetInfrastructureConfiguration.InvokeAsync(new Aws.ImageBuilder.GetInfrastructureConfigurationArgs\n {\n Arn = \"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.LookupInfrastructureConfiguration(ctx, \u0026imagebuilder.LookupInfrastructureConfigurationArgs{\n\t\t\tArn: \"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}",
"inputs": {
@@ -312450,6 +317089,10 @@
"type": "string",
"description": "The provider-assigned unique ID for this managed resource.\n"
},
+ "imageUri": {
+ "type": "string",
+ "description": "The URI of the container image.\n"
+ },
"invokeArn": {
"type": "string",
"description": "The ARN to be used for invoking Lambda Function from API Gateway.\n"
@@ -312542,6 +317185,7 @@
"fileSystemConfigs",
"functionName",
"handler",
+ "imageUri",
"invokeArn",
"kmsKeyArn",
"lastModified",
@@ -312855,6 +317499,9 @@
"customerOwnedIpv4Pool": {
"type": "string"
},
+ "desyncMitigationMode": {
+ "type": "string"
+ },
"dnsName": {
"type": "string"
},
@@ -312867,6 +317514,9 @@
"enableHttp2": {
"type": "boolean"
},
+ "enableWafFailOpen": {
+ "type": "boolean"
+ },
"id": {
"type": "string",
"description": "The provider-assigned unique ID for this managed resource.\n"
@@ -312923,10 +317573,12 @@
"arn",
"arnSuffix",
"customerOwnedIpv4Pool",
+ "desyncMitigationMode",
"dnsName",
"dropInvalidHeaderFields",
"enableDeletionProtection",
"enableHttp2",
+ "enableWafFailOpen",
"idleTimeout",
"internal",
"ipAddressType",
@@ -319809,6 +324461,7 @@
"compatibility": "tfbridge20",
"namespaces": {
"accessanalyzer": "AccessAnalyzer",
+ "account": "Account",
"acm": "Acm",
"acmpca": "Acmpca",
"alb": "Alb",
diff --git a/provider/go.mod b/provider/go.mod
index 3a7631436ad..1678fee8ab8 100644
--- a/provider/go.mod
+++ b/provider/go.mod
@@ -13,7 +13,7 @@ require (
replace (
github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20210629210550-59d24255d71f
- github.com/hashicorp/terraform-provider-aws => github.com/pulumi/terraform-provider-aws v1.38.1-0.20211119154650-363f3878c1f3
+ github.com/hashicorp/terraform-provider-aws => github.com/pulumi/terraform-provider-aws v1.38.1-0.20211126142250-dc1d1293bc65
github.com/hashicorp/terraform-provider-aws/shim => ./shim
github.com/hashicorp/vault => github.com/hashicorp/vault v1.2.0
)
diff --git a/provider/go.sum b/provider/go.sum
index 9d170afc071..938ef1f1480 100644
--- a/provider/go.sum
+++ b/provider/go.sum
@@ -159,8 +159,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.42.5 h1:0xNoQrGh9InmUsT+9qzZ8QLfBEUsnev5BMeED6t6cKI=
-github.com/aws/aws-sdk-go v1.42.5/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
+github.com/aws/aws-sdk-go v1.42.9 h1:8ptAGgA+uC2TUbdvUeOVSfBocIZvGE2NKiLxkAcn1GA=
+github.com/aws/aws-sdk-go v1.42.9/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -718,8 +718,8 @@ github.com/pulumi/terraform-diff-reader v0.0.0-20201211191010-ad4715e9285e h1:Di
github.com/pulumi/terraform-diff-reader v0.0.0-20201211191010-ad4715e9285e/go.mod h1:sZ9FUzGO+yM41hsQHs/yIcj/Y993qMdBxBU5mpDmAfQ=
github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20210629210550-59d24255d71f h1:YWtQ7xeRQvB9h5Uwtrl9wDKRKkyLTXWBzU7x0c9VOZ4=
github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20210629210550-59d24255d71f/go.mod h1:grseeRo9g3yNkYW09iFlV8LG78jTa1ssBgouogQg/RU=
-github.com/pulumi/terraform-provider-aws v1.38.1-0.20211119154650-363f3878c1f3 h1:fpkTPTWOEMUuAbCDVbpPoIPC6aq5rqWuIlleebGpKbk=
-github.com/pulumi/terraform-provider-aws v1.38.1-0.20211119154650-363f3878c1f3/go.mod h1:cO8zE16eeebXY2wZ+jezVWxSXam0CpzdfS3sUTeP8dg=
+github.com/pulumi/terraform-provider-aws v1.38.1-0.20211126142250-dc1d1293bc65 h1:wW2PMxZ4W5W2LF/iUeFRgySj1MSRUoDfQoc6RDjZG54=
+github.com/pulumi/terraform-provider-aws v1.38.1-0.20211126142250-dc1d1293bc65/go.mod h1:yEpM6MJmGJKSB/WHjMnNbYbRWO9ydLwuaN5OkJExysw=
github.com/rjeczalik/notify v0.9.2 h1:MiTWrPj55mNDHEiIX5YUSKefw/+lCQVoAFmD6oQm5w8=
github.com/rjeczalik/notify v0.9.2/go.mod h1:aErll2f0sUX9PXZnVNyeiObbmTlk5jnMoCa4QEjJeqM=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
diff --git a/provider/resources.go b/provider/resources.go
index 082af73bf69..5fb636870c2 100644
--- a/provider/resources.go
+++ b/provider/resources.go
@@ -43,6 +43,7 @@ const (
awsMod = "index" // the root index.
acmMod = "Acm" // AWS Certificate Manager
acmpcaMod = "Acmpca" // AWS Private Certificate Authority
+ accountMod = "Account" // Account
accessAnalyzerMod = "AccessAnalyzer" // Access Analyzer
ampMod = "Amp" // Amp
amplifyMod = "Amplify" // Amplify
@@ -342,6 +343,8 @@ func Provider() tfbridge.ProviderInfo {
"aws_acmpca_certificate_authority_certificate": {
Tok: awsResource(acmpcaMod, "CertificateAuthorityCertificate"),
},
+ // Account
+ "aws_account_alternate_contact": {Tok: awsResource(accountMod, "AlternativeContact")},
// AppSync
"aws_appsync_api_key": {
Tok: awsResource(appsyncMod, "ApiKey"),
@@ -1475,10 +1478,12 @@ func Provider() tfbridge.ProviderInfo {
"aws_emr_managed_scaling_policy": {Tok: awsResource(emrMod, "ManagedScalingPolicy")},
"aws_emr_instance_fleet": {Tok: awsResource(emrMod, "InstanceFleet")},
// FSX
- "aws_fsx_lustre_file_system": {Tok: awsResource(fsxMod, "LustreFileSystem")},
- "aws_fsx_windows_file_system": {Tok: awsResource(fsxMod, "WindowsFileSystem")},
- "aws_fsx_backup": {Tok: awsResource(fsxMod, "Backup")},
- "aws_fsx_ontap_file_system": {Tok: awsResource(fsxMod, "OntapFileSystem")},
+ "aws_fsx_lustre_file_system": {Tok: awsResource(fsxMod, "LustreFileSystem")},
+ "aws_fsx_windows_file_system": {Tok: awsResource(fsxMod, "WindowsFileSystem")},
+ "aws_fsx_backup": {Tok: awsResource(fsxMod, "Backup")},
+ "aws_fsx_ontap_file_system": {Tok: awsResource(fsxMod, "OntapFileSystem")},
+ "aws_fsx_ontap_storage_virtual_machine": {Tok: awsResource(fsxMod, "OntapStorageVirtualMachine")},
+ "aws_fsx_ontap_volume": {Tok: awsResource(fsxMod, "OntapVolume")},
// GameLift
"aws_gamelift_alias": {Tok: awsResource(gameliftMod, "Alias")},
"aws_gamelift_build": {Tok: awsResource(gameliftMod, "Build")},
@@ -2800,10 +2805,13 @@ func Provider() tfbridge.ProviderInfo {
"aws_appconfig_deployment": {Tok: awsResource(appConfigMod, "Deployment")},
// AppStream
- "aws_appstream_stack": {Tok: awsResource(appStreamMod, "Stack")},
- "aws_appstream_fleet": {Tok: awsResource(appStreamMod, "Fleet")},
- "aws_appstream_image_builder": {Tok: awsResource(appStreamMod, "ImageBuilder")},
- "aws_appstream_directory_config": {Tok: awsResource(appStreamMod, "DirectoryConfig")},
+ "aws_appstream_stack": {Tok: awsResource(appStreamMod, "Stack")},
+ "aws_appstream_fleet": {Tok: awsResource(appStreamMod, "Fleet")},
+ "aws_appstream_image_builder": {Tok: awsResource(appStreamMod, "ImageBuilder")},
+ "aws_appstream_directory_config": {Tok: awsResource(appStreamMod, "DirectoryConfig")},
+ "aws_appstream_fleet_stack_association": {Tok: awsResource(appStreamMod, "FleetStackAssociation")},
+ "aws_appstream_user_stack_association": {Tok: awsResource(appStreamMod, "UserStackAssociation")},
+ "aws_appstream_user": {Tok: awsResource(appStreamMod, "User")},
// mwaa
"aws_mwaa_environment": {Tok: awsResource(mwaaMod, "Environment")},
@@ -3962,6 +3970,7 @@ func Provider() tfbridge.ProviderInfo {
"aws_ec2_host": {Tok: awsDataSource(ec2Mod, "getDedicatedHost")},
"aws_ec2_managed_prefix_list": {Tok: awsDataSource(ec2Mod, "getManagedPrefixList")},
"aws_ec2_transit_gateway_route_tables": {Tok: awsDataSource(ec2Mod, "getTransitGatewayRouteTables")},
+ "aws_ec2_instance_types": {Tok: awsDataSource(ec2Mod, "getInstanceTypes")},
// EC2 Transit Gateway
"aws_ec2_transit_gateway": {Tok: awsDataSource(ec2TransitGatewayMod, "getTransitGateway")},
"aws_ec2_transit_gateway_dx_gateway_attachment": {
@@ -4249,6 +4258,7 @@ func Provider() tfbridge.ProviderInfo {
"aws_imagebuilder_image_pipeline": {Tok: awsDataSource(imageBuilderMod, "getImagePipeline")},
"aws_imagebuilder_image_recipe": {Tok: awsDataSource(imageBuilderMod, "getImageRecipe")},
"aws_imagebuilder_image": {Tok: awsDataSource(imageBuilderMod, "getImage")},
+ "aws_imagebuilder_image_recipes": {Tok: awsDataSource(imageBuilderMod, "getImageRecipes")},
//signer
"aws_signer_signing_job": {Tok: awsDataSource(signerMod, "getSigningJob")},
"aws_signer_signing_profile": {Tok: awsDataSource(signerMod, "getSigningProfile")},
diff --git a/provider/shim/go.mod b/provider/shim/go.mod
index a6a60bc4944..55cc0167ef4 100644
--- a/provider/shim/go.mod
+++ b/provider/shim/go.mod
@@ -7,4 +7,4 @@ require (
github.com/hashicorp/terraform-provider-aws v1.60.1-0.20211105002759-77bad27d9f23
)
-replace github.com/hashicorp/terraform-provider-aws => github.com/pulumi/terraform-provider-aws v1.38.1-0.20211119154650-363f3878c1f3
+replace github.com/hashicorp/terraform-provider-aws => github.com/pulumi/terraform-provider-aws v1.38.1-0.20211126142250-dc1d1293bc65
diff --git a/provider/shim/go.sum b/provider/shim/go.sum
index e05da9e4ed9..97f47632a32 100644
--- a/provider/shim/go.sum
+++ b/provider/shim/go.sum
@@ -66,8 +66,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.42.5 h1:0xNoQrGh9InmUsT+9qzZ8QLfBEUsnev5BMeED6t6cKI=
-github.com/aws/aws-sdk-go v1.42.5/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
+github.com/aws/aws-sdk-go v1.42.9 h1:8ptAGgA+uC2TUbdvUeOVSfBocIZvGE2NKiLxkAcn1GA=
+github.com/aws/aws-sdk-go v1.42.9/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
@@ -307,8 +307,8 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs=
github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/pulumi/terraform-provider-aws v1.38.1-0.20211119154650-363f3878c1f3 h1:fpkTPTWOEMUuAbCDVbpPoIPC6aq5rqWuIlleebGpKbk=
-github.com/pulumi/terraform-provider-aws v1.38.1-0.20211119154650-363f3878c1f3/go.mod h1:cO8zE16eeebXY2wZ+jezVWxSXam0CpzdfS3sUTeP8dg=
+github.com/pulumi/terraform-provider-aws v1.38.1-0.20211126142250-dc1d1293bc65 h1:wW2PMxZ4W5W2LF/iUeFRgySj1MSRUoDfQoc6RDjZG54=
+github.com/pulumi/terraform-provider-aws v1.38.1-0.20211126142250-dc1d1293bc65/go.mod h1:yEpM6MJmGJKSB/WHjMnNbYbRWO9ydLwuaN5OkJExysw=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
diff --git a/sdk/dotnet/Account/AlternativeContact.cs b/sdk/dotnet/Account/AlternativeContact.cs
new file mode 100644
index 00000000000..c62f4fd509f
--- /dev/null
+++ b/sdk/dotnet/Account/AlternativeContact.cs
@@ -0,0 +1,195 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Account
+{
+ ///
+ /// Manages the specified alternate contact attached to an AWS Account.
+ ///
+ /// ## Example Usage
+ ///
+ /// ```csharp
+ /// using Pulumi;
+ /// using Aws = Pulumi.Aws;
+ ///
+ /// class MyStack : Stack
+ /// {
+ /// public MyStack()
+ /// {
+ /// var operations = new Aws.Account.AlternativeContact("operations", new Aws.Account.AlternativeContactArgs
+ /// {
+ /// AlternateContactType = "OPERATIONS",
+ /// EmailAddress = "test@example.com",
+ /// PhoneNumber = "+1234567890",
+ /// Title = "Example",
+ /// });
+ /// }
+ ///
+ /// }
+ /// ```
+ ///
+ /// ## Import
+ ///
+ /// The current Alternate Contact can be imported using the `alternate_contact_type`, e.g.,
+ ///
+ /// ```sh
+ /// $ pulumi import aws:account/alternativeContact:AlternativeContact operations OPERATIONS
+ /// ```
+ ///
+ [AwsResourceType("aws:account/alternativeContact:AlternativeContact")]
+ public partial class AlternativeContact : Pulumi.CustomResource
+ {
+ ///
+ /// The type of the alternate contact. Allowed values are: `BILLING`, `OPERATIONS`, `SECURITY`.
+ ///
+ [Output("alternateContactType")]
+ public Output AlternateContactType { get; private set; } = null!;
+
+ ///
+ /// An email address for the alternate contact.
+ ///
+ [Output("emailAddress")]
+ public Output EmailAddress { get; private set; } = null!;
+
+ ///
+ /// The name of the alternate contact.
+ ///
+ [Output("name")]
+ public Output Name { get; private set; } = null!;
+
+ ///
+ /// A phone number for the alternate contact.
+ ///
+ [Output("phoneNumber")]
+ public Output PhoneNumber { get; private set; } = null!;
+
+ ///
+ /// A title for the alternate contact.
+ ///
+ [Output("title")]
+ public Output Title { get; private set; } = null!;
+
+
+ ///
+ /// Create a AlternativeContact resource with the given unique name, arguments, and options.
+ ///
+ ///
+ /// The unique name of the resource
+ /// The arguments used to populate this resource's properties
+ /// A bag of options that control this resource's behavior
+ public AlternativeContact(string name, AlternativeContactArgs args, CustomResourceOptions? options = null)
+ : base("aws:account/alternativeContact:AlternativeContact", name, args ?? new AlternativeContactArgs(), MakeResourceOptions(options, ""))
+ {
+ }
+
+ private AlternativeContact(string name, Input id, AlternativeContactState? state = null, CustomResourceOptions? options = null)
+ : base("aws:account/alternativeContact:AlternativeContact", name, state, MakeResourceOptions(options, id))
+ {
+ }
+
+ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id)
+ {
+ var defaultOptions = new CustomResourceOptions
+ {
+ Version = Utilities.Version,
+ };
+ var merged = CustomResourceOptions.Merge(defaultOptions, options);
+ // Override the ID if one was specified for consistency with other language SDKs.
+ merged.Id = id ?? merged.Id;
+ return merged;
+ }
+ ///
+ /// Get an existing AlternativeContact resource's state with the given name, ID, and optional extra
+ /// properties used to qualify the lookup.
+ ///
+ ///
+ /// The unique name of the resulting resource.
+ /// The unique provider ID of the resource to lookup.
+ /// Any extra arguments used during the lookup.
+ /// A bag of options that control this resource's behavior
+ public static AlternativeContact Get(string name, Input id, AlternativeContactState? state = null, CustomResourceOptions? options = null)
+ {
+ return new AlternativeContact(name, id, state, options);
+ }
+ }
+
+ public sealed class AlternativeContactArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The type of the alternate contact. Allowed values are: `BILLING`, `OPERATIONS`, `SECURITY`.
+ ///
+ [Input("alternateContactType", required: true)]
+ public Input AlternateContactType { get; set; } = null!;
+
+ ///
+ /// An email address for the alternate contact.
+ ///
+ [Input("emailAddress", required: true)]
+ public Input EmailAddress { get; set; } = null!;
+
+ ///
+ /// The name of the alternate contact.
+ ///
+ [Input("name")]
+ public Input? Name { get; set; }
+
+ ///
+ /// A phone number for the alternate contact.
+ ///
+ [Input("phoneNumber", required: true)]
+ public Input PhoneNumber { get; set; } = null!;
+
+ ///
+ /// A title for the alternate contact.
+ ///
+ [Input("title", required: true)]
+ public Input Title { get; set; } = null!;
+
+ public AlternativeContactArgs()
+ {
+ }
+ }
+
+ public sealed class AlternativeContactState : Pulumi.ResourceArgs
+ {
+ ///
+ /// The type of the alternate contact. Allowed values are: `BILLING`, `OPERATIONS`, `SECURITY`.
+ ///
+ [Input("alternateContactType")]
+ public Input? AlternateContactType { get; set; }
+
+ ///
+ /// An email address for the alternate contact.
+ ///
+ [Input("emailAddress")]
+ public Input? EmailAddress { get; set; }
+
+ ///
+ /// The name of the alternate contact.
+ ///
+ [Input("name")]
+ public Input? Name { get; set; }
+
+ ///
+ /// A phone number for the alternate contact.
+ ///
+ [Input("phoneNumber")]
+ public Input? PhoneNumber { get; set; }
+
+ ///
+ /// A title for the alternate contact.
+ ///
+ [Input("title")]
+ public Input? Title { get; set; }
+
+ public AlternativeContactState()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Account/README.md b/sdk/dotnet/Account/README.md
new file mode 100644
index 00000000000..9d868f18f20
--- /dev/null
+++ b/sdk/dotnet/Account/README.md
@@ -0,0 +1 @@
+A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
diff --git a/sdk/dotnet/Alb/GetLoadBalancer.cs b/sdk/dotnet/Alb/GetLoadBalancer.cs
index 45360ddbb21..e3c5d36ead1 100644
--- a/sdk/dotnet/Alb/GetLoadBalancer.cs
+++ b/sdk/dotnet/Alb/GetLoadBalancer.cs
@@ -162,10 +162,12 @@ public sealed class GetLoadBalancerResult
public readonly string Arn;
public readonly string ArnSuffix;
public readonly string CustomerOwnedIpv4Pool;
+ public readonly string DesyncMitigationMode;
public readonly string DnsName;
public readonly bool DropInvalidHeaderFields;
public readonly bool EnableDeletionProtection;
public readonly bool EnableHttp2;
+ public readonly bool EnableWafFailOpen;
///
/// The provider-assigned unique ID for this managed resource.
///
@@ -192,6 +194,8 @@ private GetLoadBalancerResult(
string customerOwnedIpv4Pool,
+ string desyncMitigationMode,
+
string dnsName,
bool dropInvalidHeaderFields,
@@ -200,6 +204,8 @@ private GetLoadBalancerResult(
bool enableHttp2,
+ bool enableWafFailOpen,
+
string id,
int idleTimeout,
@@ -228,10 +234,12 @@ private GetLoadBalancerResult(
Arn = arn;
ArnSuffix = arnSuffix;
CustomerOwnedIpv4Pool = customerOwnedIpv4Pool;
+ DesyncMitigationMode = desyncMitigationMode;
DnsName = dnsName;
DropInvalidHeaderFields = dropInvalidHeaderFields;
EnableDeletionProtection = enableDeletionProtection;
EnableHttp2 = enableHttp2;
+ EnableWafFailOpen = enableWafFailOpen;
Id = id;
IdleTimeout = idleTimeout;
Internal = @internal;
diff --git a/sdk/dotnet/Alb/LoadBalancer.cs b/sdk/dotnet/Alb/LoadBalancer.cs
index 4a8d42bd3f5..688ee8fde89 100644
--- a/sdk/dotnet/Alb/LoadBalancer.cs
+++ b/sdk/dotnet/Alb/LoadBalancer.cs
@@ -175,6 +175,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("customerOwnedIpv4Pool")]
public Output CustomerOwnedIpv4Pool { get; private set; } = null!;
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Output("desyncMitigationMode")]
+ public Output DesyncMitigationMode { get; private set; } = null!;
+
///
/// The DNS name of the load balancer.
///
@@ -207,6 +213,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("enableHttp2")]
public Output EnableHttp2 { get; private set; } = null!;
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Output("enableWafFailOpen")]
+ public Output EnableWafFailOpen { get; private set; } = null!;
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -266,7 +278,7 @@ public partial class LoadBalancer : Pulumi.CustomResource
public Output> Subnets { get; private set; } = null!;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
[Output("tags")]
public Output?> Tags { get; private set; } = null!;
@@ -349,6 +361,12 @@ public sealed class LoadBalancerArgs : Pulumi.ResourceArgs
[Input("customerOwnedIpv4Pool")]
public Input? CustomerOwnedIpv4Pool { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.
///
@@ -375,6 +393,12 @@ public sealed class LoadBalancerArgs : Pulumi.ResourceArgs
[Input("enableHttp2")]
public Input? EnableHttp2 { get; set; }
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Input("enableWafFailOpen")]
+ public Input? EnableWafFailOpen { get; set; }
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -455,7 +479,7 @@ public InputList Subnets
private InputMap? _tags;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
@@ -494,6 +518,12 @@ public sealed class LoadBalancerState : Pulumi.ResourceArgs
[Input("customerOwnedIpv4Pool")]
public Input? CustomerOwnedIpv4Pool { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// The DNS name of the load balancer.
///
@@ -526,6 +556,12 @@ public sealed class LoadBalancerState : Pulumi.ResourceArgs
[Input("enableHttp2")]
public Input? EnableHttp2 { get; set; }
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Input("enableWafFailOpen")]
+ public Input? EnableWafFailOpen { get; set; }
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -606,7 +642,7 @@ public InputList Subnets
private InputMap? _tags;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
diff --git a/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationArgs.cs b/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationArgs.cs
index ef492422e6a..295e98b611b 100644
--- a/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationArgs.cs
+++ b/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationArgs.cs
@@ -21,8 +21,8 @@ public sealed class ServiceInstanceConfigurationArgs : Pulumi.ResourceArgs
///
/// The Amazon Resource Name (ARN) of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs.
///
- [Input("instanceRoleArn", required: true)]
- public Input InstanceRoleArn { get; set; } = null!;
+ [Input("instanceRoleArn")]
+ public Input? InstanceRoleArn { get; set; }
///
/// The amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to `2048`. Valid values: `2048|3072|4096|(2|3|4) GB`.
diff --git a/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationGetArgs.cs b/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationGetArgs.cs
index 311b2717b85..011d93b882d 100644
--- a/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationGetArgs.cs
+++ b/sdk/dotnet/AppRunner/Inputs/ServiceInstanceConfigurationGetArgs.cs
@@ -21,8 +21,8 @@ public sealed class ServiceInstanceConfigurationGetArgs : Pulumi.ResourceArgs
///
/// The Amazon Resource Name (ARN) of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs.
///
- [Input("instanceRoleArn", required: true)]
- public Input InstanceRoleArn { get; set; } = null!;
+ [Input("instanceRoleArn")]
+ public Input? InstanceRoleArn { get; set; }
///
/// The amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to `2048`. Valid values: `2048|3072|4096|(2|3|4) GB`.
diff --git a/sdk/dotnet/AppRunner/Outputs/ServiceInstanceConfiguration.cs b/sdk/dotnet/AppRunner/Outputs/ServiceInstanceConfiguration.cs
index 2051d3664db..6076dd15cdb 100644
--- a/sdk/dotnet/AppRunner/Outputs/ServiceInstanceConfiguration.cs
+++ b/sdk/dotnet/AppRunner/Outputs/ServiceInstanceConfiguration.cs
@@ -20,7 +20,7 @@ public sealed class ServiceInstanceConfiguration
///
/// The Amazon Resource Name (ARN) of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs.
///
- public readonly string InstanceRoleArn;
+ public readonly string? InstanceRoleArn;
///
/// The amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to `2048`. Valid values: `2048|3072|4096|(2|3|4) GB`.
///
@@ -30,7 +30,7 @@ public sealed class ServiceInstanceConfiguration
private ServiceInstanceConfiguration(
string? cpu,
- string instanceRoleArn,
+ string? instanceRoleArn,
string? memory)
{
diff --git a/sdk/dotnet/AppStream/FleetStackAssociation.cs b/sdk/dotnet/AppStream/FleetStackAssociation.cs
new file mode 100644
index 00000000000..d5ee7354c8b
--- /dev/null
+++ b/sdk/dotnet/AppStream/FleetStackAssociation.cs
@@ -0,0 +1,151 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.AppStream
+{
+ ///
+ /// Manages an AppStream Fleet Stack association.
+ ///
+ /// ## Example Usage
+ ///
+ /// ```csharp
+ /// using Pulumi;
+ /// using Aws = Pulumi.Aws;
+ ///
+ /// class MyStack : Stack
+ /// {
+ /// public MyStack()
+ /// {
+ /// var exampleFleet = new Aws.AppStream.Fleet("exampleFleet", new Aws.AppStream.FleetArgs
+ /// {
+ /// ImageName = "Amazon-AppStream2-Sample-Image-02-04-2019",
+ /// InstanceType = "stream.standard.small",
+ /// ComputeCapacity = new Aws.AppStream.Inputs.FleetComputeCapacityArgs
+ /// {
+ /// DesiredInstances = 1,
+ /// },
+ /// });
+ /// var exampleStack = new Aws.AppStream.Stack("exampleStack", new Aws.AppStream.StackArgs
+ /// {
+ /// });
+ /// var exampleFleetStackAssociation = new Aws.AppStream.FleetStackAssociation("exampleFleetStackAssociation", new Aws.AppStream.FleetStackAssociationArgs
+ /// {
+ /// FleetName = exampleFleet.Name,
+ /// StackName = exampleStack.Name,
+ /// });
+ /// }
+ ///
+ /// }
+ /// ```
+ ///
+ /// ## Import
+ ///
+ /// AppStream Stack Fleet Association can be imported by using the `fleet_name` and `stack_name` separated by a slash (`/`), e.g.,
+ ///
+ /// ```sh
+ /// $ pulumi import aws:appstream/fleetStackAssociation:FleetStackAssociation example fleetName/stackName
+ /// ```
+ ///
+ [AwsResourceType("aws:appstream/fleetStackAssociation:FleetStackAssociation")]
+ public partial class FleetStackAssociation : Pulumi.CustomResource
+ {
+ ///
+ /// Name of the fleet.
+ ///
+ [Output("fleetName")]
+ public Output FleetName { get; private set; } = null!;
+
+ ///
+ /// Name of the stack.
+ ///
+ [Output("stackName")]
+ public Output StackName { get; private set; } = null!;
+
+
+ ///
+ /// Create a FleetStackAssociation resource with the given unique name, arguments, and options.
+ ///
+ ///
+ /// The unique name of the resource
+ /// The arguments used to populate this resource's properties
+ /// A bag of options that control this resource's behavior
+ public FleetStackAssociation(string name, FleetStackAssociationArgs args, CustomResourceOptions? options = null)
+ : base("aws:appstream/fleetStackAssociation:FleetStackAssociation", name, args ?? new FleetStackAssociationArgs(), MakeResourceOptions(options, ""))
+ {
+ }
+
+ private FleetStackAssociation(string name, Input id, FleetStackAssociationState? state = null, CustomResourceOptions? options = null)
+ : base("aws:appstream/fleetStackAssociation:FleetStackAssociation", name, state, MakeResourceOptions(options, id))
+ {
+ }
+
+ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id)
+ {
+ var defaultOptions = new CustomResourceOptions
+ {
+ Version = Utilities.Version,
+ };
+ var merged = CustomResourceOptions.Merge(defaultOptions, options);
+ // Override the ID if one was specified for consistency with other language SDKs.
+ merged.Id = id ?? merged.Id;
+ return merged;
+ }
+ ///
+ /// Get an existing FleetStackAssociation resource's state with the given name, ID, and optional extra
+ /// properties used to qualify the lookup.
+ ///
+ ///
+ /// The unique name of the resulting resource.
+ /// The unique provider ID of the resource to lookup.
+ /// Any extra arguments used during the lookup.
+ /// A bag of options that control this resource's behavior
+ public static FleetStackAssociation Get(string name, Input id, FleetStackAssociationState? state = null, CustomResourceOptions? options = null)
+ {
+ return new FleetStackAssociation(name, id, state, options);
+ }
+ }
+
+ public sealed class FleetStackAssociationArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Name of the fleet.
+ ///
+ [Input("fleetName", required: true)]
+ public Input FleetName { get; set; } = null!;
+
+ ///
+ /// Name of the stack.
+ ///
+ [Input("stackName", required: true)]
+ public Input StackName { get; set; } = null!;
+
+ public FleetStackAssociationArgs()
+ {
+ }
+ }
+
+ public sealed class FleetStackAssociationState : Pulumi.ResourceArgs
+ {
+ ///
+ /// Name of the fleet.
+ ///
+ [Input("fleetName")]
+ public Input? FleetName { get; set; }
+
+ ///
+ /// Name of the stack.
+ ///
+ [Input("stackName")]
+ public Input? StackName { get; set; }
+
+ public FleetStackAssociationState()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/AppStream/User.cs b/sdk/dotnet/AppStream/User.cs
new file mode 100644
index 00000000000..19819316bee
--- /dev/null
+++ b/sdk/dotnet/AppStream/User.cs
@@ -0,0 +1,237 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.AppStream
+{
+ ///
+ /// Provides an AppStream user.
+ ///
+ /// ## Example Usage
+ ///
+ /// ```csharp
+ /// using Pulumi;
+ /// using Aws = Pulumi.Aws;
+ ///
+ /// class MyStack : Stack
+ /// {
+ /// public MyStack()
+ /// {
+ /// var example = new Aws.AppStream.User("example", new Aws.AppStream.UserArgs
+ /// {
+ /// AuthenticationType = "USERPOOL",
+ /// FirstName = "FIRST NAME",
+ /// LastName = "LAST NAME",
+ /// UserName = "EMAIL ADDRESS",
+ /// });
+ /// }
+ ///
+ /// }
+ /// ```
+ ///
+ /// ## Import
+ ///
+ /// `aws_appstream_user` can be imported using the `user_name` and `authentication_type` separated by a slash (`/`), e.g.,
+ ///
+ /// ```sh
+ /// $ pulumi import aws:appstream/user:User example UserName/AuthenticationType
+ /// ```
+ ///
+ [AwsResourceType("aws:appstream/user:User")]
+ public partial class User : Pulumi.CustomResource
+ {
+ ///
+ /// ARN of the appstream user.
+ ///
+ [Output("arn")]
+ public Output Arn { get; private set; } = null!;
+
+ ///
+ /// Authentication type for the user. You must specify USERPOOL. Valid values: `API`, `SAML`, `USERPOOL`
+ ///
+ [Output("authenticationType")]
+ public Output AuthenticationType { get; private set; } = null!;
+
+ ///
+ /// Date and time, in UTC and extended RFC 3339 format, when the user was created.
+ ///
+ [Output("createdTime")]
+ public Output CreatedTime { get; private set; } = null!;
+
+ ///
+ /// Specifies whether the user in the user pool is enabled.
+ ///
+ [Output("enabled")]
+ public Output Enabled { get; private set; } = null!;
+
+ ///
+ /// First name, or given name, of the user.
+ ///
+ [Output("firstName")]
+ public Output FirstName { get; private set; } = null!;
+
+ ///
+ /// Last name, or surname, of the user.
+ ///
+ [Output("lastName")]
+ public Output LastName { get; private set; } = null!;
+
+ ///
+ /// Send an email notification.
+ ///
+ [Output("sendEmailNotification")]
+ public Output SendEmailNotification { get; private set; } = null!;
+
+ ///
+ /// Email address of the user.
+ ///
+ [Output("userName")]
+ public Output UserName { get; private set; } = null!;
+
+
+ ///
+ /// Create a User resource with the given unique name, arguments, and options.
+ ///
+ ///
+ /// The unique name of the resource
+ /// The arguments used to populate this resource's properties
+ /// A bag of options that control this resource's behavior
+ public User(string name, UserArgs args, CustomResourceOptions? options = null)
+ : base("aws:appstream/user:User", name, args ?? new UserArgs(), MakeResourceOptions(options, ""))
+ {
+ }
+
+ private User(string name, Input id, UserState? state = null, CustomResourceOptions? options = null)
+ : base("aws:appstream/user:User", name, state, MakeResourceOptions(options, id))
+ {
+ }
+
+ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id)
+ {
+ var defaultOptions = new CustomResourceOptions
+ {
+ Version = Utilities.Version,
+ };
+ var merged = CustomResourceOptions.Merge(defaultOptions, options);
+ // Override the ID if one was specified for consistency with other language SDKs.
+ merged.Id = id ?? merged.Id;
+ return merged;
+ }
+ ///
+ /// Get an existing User resource's state with the given name, ID, and optional extra
+ /// properties used to qualify the lookup.
+ ///
+ ///
+ /// The unique name of the resulting resource.
+ /// The unique provider ID of the resource to lookup.
+ /// Any extra arguments used during the lookup.
+ /// A bag of options that control this resource's behavior
+ public static User Get(string name, Input id, UserState? state = null, CustomResourceOptions? options = null)
+ {
+ return new User(name, id, state, options);
+ }
+ }
+
+ public sealed class UserArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Authentication type for the user. You must specify USERPOOL. Valid values: `API`, `SAML`, `USERPOOL`
+ ///
+ [Input("authenticationType", required: true)]
+ public Input AuthenticationType { get; set; } = null!;
+
+ ///
+ /// Specifies whether the user in the user pool is enabled.
+ ///
+ [Input("enabled")]
+ public Input? Enabled { get; set; }
+
+ ///
+ /// First name, or given name, of the user.
+ ///
+ [Input("firstName")]
+ public Input? FirstName { get; set; }
+
+ ///
+ /// Last name, or surname, of the user.
+ ///
+ [Input("lastName")]
+ public Input? LastName { get; set; }
+
+ ///
+ /// Send an email notification.
+ ///
+ [Input("sendEmailNotification")]
+ public Input? SendEmailNotification { get; set; }
+
+ ///
+ /// Email address of the user.
+ ///
+ [Input("userName", required: true)]
+ public Input UserName { get; set; } = null!;
+
+ public UserArgs()
+ {
+ }
+ }
+
+ public sealed class UserState : Pulumi.ResourceArgs
+ {
+ ///
+ /// ARN of the appstream user.
+ ///
+ [Input("arn")]
+ public Input? Arn { get; set; }
+
+ ///
+ /// Authentication type for the user. You must specify USERPOOL. Valid values: `API`, `SAML`, `USERPOOL`
+ ///
+ [Input("authenticationType")]
+ public Input? AuthenticationType { get; set; }
+
+ ///
+ /// Date and time, in UTC and extended RFC 3339 format, when the user was created.
+ ///
+ [Input("createdTime")]
+ public Input? CreatedTime { get; set; }
+
+ ///
+ /// Specifies whether the user in the user pool is enabled.
+ ///
+ [Input("enabled")]
+ public Input? Enabled { get; set; }
+
+ ///
+ /// First name, or given name, of the user.
+ ///
+ [Input("firstName")]
+ public Input? FirstName { get; set; }
+
+ ///
+ /// Last name, or surname, of the user.
+ ///
+ [Input("lastName")]
+ public Input? LastName { get; set; }
+
+ ///
+ /// Send an email notification.
+ ///
+ [Input("sendEmailNotification")]
+ public Input? SendEmailNotification { get; set; }
+
+ ///
+ /// Email address of the user.
+ ///
+ [Input("userName")]
+ public Input? UserName { get; set; }
+
+ public UserState()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/AppStream/UserStackAssociation.cs b/sdk/dotnet/AppStream/UserStackAssociation.cs
new file mode 100644
index 00000000000..977bcff2d30
--- /dev/null
+++ b/sdk/dotnet/AppStream/UserStackAssociation.cs
@@ -0,0 +1,184 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.AppStream
+{
+ ///
+ /// Manages an AppStream User Stack association.
+ ///
+ /// ## Example Usage
+ ///
+ /// ```csharp
+ /// using Pulumi;
+ /// using Aws = Pulumi.Aws;
+ ///
+ /// class MyStack : Stack
+ /// {
+ /// public MyStack()
+ /// {
+ /// var testStack = new Aws.AppStream.Stack("testStack", new Aws.AppStream.StackArgs
+ /// {
+ /// });
+ /// var testUser = new Aws.AppStream.User("testUser", new Aws.AppStream.UserArgs
+ /// {
+ /// AuthenticationType = "USERPOOL",
+ /// UserName = "EMAIL",
+ /// });
+ /// var testUserStackAssociation = new Aws.AppStream.UserStackAssociation("testUserStackAssociation", new Aws.AppStream.UserStackAssociationArgs
+ /// {
+ /// AuthenticationType = testUser.AuthenticationType,
+ /// StackName = testStack.Name,
+ /// UserName = testUser.UserName,
+ /// });
+ /// }
+ ///
+ /// }
+ /// ```
+ ///
+ /// ## Import
+ ///
+ /// AppStream User Stack Association can be imported by using the `user_name`, `authentication_type`, and `stack_name`, separated by a slash (`/`), e.g.,
+ ///
+ /// ```sh
+ /// $ pulumi import aws:appstream/userStackAssociation:UserStackAssociation example userName/auhtenticationType/stackName
+ /// ```
+ ///
+ [AwsResourceType("aws:appstream/userStackAssociation:UserStackAssociation")]
+ public partial class UserStackAssociation : Pulumi.CustomResource
+ {
+ ///
+ /// Authentication type for the user.
+ ///
+ [Output("authenticationType")]
+ public Output AuthenticationType { get; private set; } = null!;
+
+ ///
+ /// Specifies whether a welcome email is sent to a user after the user is created in the user pool.
+ ///
+ [Output("sendEmailNotification")]
+ public Output SendEmailNotification { get; private set; } = null!;
+
+ ///
+ /// Name of the stack that is associated with the user.
+ ///
+ [Output("stackName")]
+ public Output StackName { get; private set; } = null!;
+
+ ///
+ /// Email address of the user who is associated with the stack.
+ ///
+ [Output("userName")]
+ public Output UserName { get; private set; } = null!;
+
+
+ ///
+ /// Create a UserStackAssociation resource with the given unique name, arguments, and options.
+ ///
+ ///
+ /// The unique name of the resource
+ /// The arguments used to populate this resource's properties
+ /// A bag of options that control this resource's behavior
+ public UserStackAssociation(string name, UserStackAssociationArgs args, CustomResourceOptions? options = null)
+ : base("aws:appstream/userStackAssociation:UserStackAssociation", name, args ?? new UserStackAssociationArgs(), MakeResourceOptions(options, ""))
+ {
+ }
+
+ private UserStackAssociation(string name, Input id, UserStackAssociationState? state = null, CustomResourceOptions? options = null)
+ : base("aws:appstream/userStackAssociation:UserStackAssociation", name, state, MakeResourceOptions(options, id))
+ {
+ }
+
+ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id)
+ {
+ var defaultOptions = new CustomResourceOptions
+ {
+ Version = Utilities.Version,
+ };
+ var merged = CustomResourceOptions.Merge(defaultOptions, options);
+ // Override the ID if one was specified for consistency with other language SDKs.
+ merged.Id = id ?? merged.Id;
+ return merged;
+ }
+ ///
+ /// Get an existing UserStackAssociation resource's state with the given name, ID, and optional extra
+ /// properties used to qualify the lookup.
+ ///
+ ///
+ /// The unique name of the resulting resource.
+ /// The unique provider ID of the resource to lookup.
+ /// Any extra arguments used during the lookup.
+ /// A bag of options that control this resource's behavior
+ public static UserStackAssociation Get(string name, Input id, UserStackAssociationState? state = null, CustomResourceOptions? options = null)
+ {
+ return new UserStackAssociation(name, id, state, options);
+ }
+ }
+
+ public sealed class UserStackAssociationArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Authentication type for the user.
+ ///
+ [Input("authenticationType", required: true)]
+ public Input AuthenticationType { get; set; } = null!;
+
+ ///
+ /// Specifies whether a welcome email is sent to a user after the user is created in the user pool.
+ ///
+ [Input("sendEmailNotification")]
+ public Input? SendEmailNotification { get; set; }
+
+ ///
+ /// Name of the stack that is associated with the user.
+ ///
+ [Input("stackName", required: true)]
+ public Input StackName { get; set; } = null!;
+
+ ///
+ /// Email address of the user who is associated with the stack.
+ ///
+ [Input("userName", required: true)]
+ public Input UserName { get; set; } = null!;
+
+ public UserStackAssociationArgs()
+ {
+ }
+ }
+
+ public sealed class UserStackAssociationState : Pulumi.ResourceArgs
+ {
+ ///
+ /// Authentication type for the user.
+ ///
+ [Input("authenticationType")]
+ public Input? AuthenticationType { get; set; }
+
+ ///
+ /// Specifies whether a welcome email is sent to a user after the user is created in the user pool.
+ ///
+ [Input("sendEmailNotification")]
+ public Input? SendEmailNotification { get; set; }
+
+ ///
+ /// Name of the stack that is associated with the user.
+ ///
+ [Input("stackName")]
+ public Input? StackName { get; set; }
+
+ ///
+ /// Email address of the user who is associated with the stack.
+ ///
+ [Input("userName")]
+ public Input? UserName { get; set; }
+
+ public UserStackAssociationState()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/ApplicationLoadBalancing/GetLoadBalancer.cs b/sdk/dotnet/ApplicationLoadBalancing/GetLoadBalancer.cs
index f65774bd4e5..da443002e54 100644
--- a/sdk/dotnet/ApplicationLoadBalancing/GetLoadBalancer.cs
+++ b/sdk/dotnet/ApplicationLoadBalancing/GetLoadBalancer.cs
@@ -163,10 +163,12 @@ public sealed class GetLoadBalancerResult
public readonly string Arn;
public readonly string ArnSuffix;
public readonly string CustomerOwnedIpv4Pool;
+ public readonly string DesyncMitigationMode;
public readonly string DnsName;
public readonly bool DropInvalidHeaderFields;
public readonly bool EnableDeletionProtection;
public readonly bool EnableHttp2;
+ public readonly bool EnableWafFailOpen;
///
/// The provider-assigned unique ID for this managed resource.
///
@@ -193,6 +195,8 @@ private GetLoadBalancerResult(
string customerOwnedIpv4Pool,
+ string desyncMitigationMode,
+
string dnsName,
bool dropInvalidHeaderFields,
@@ -201,6 +205,8 @@ private GetLoadBalancerResult(
bool enableHttp2,
+ bool enableWafFailOpen,
+
string id,
int idleTimeout,
@@ -229,10 +235,12 @@ private GetLoadBalancerResult(
Arn = arn;
ArnSuffix = arnSuffix;
CustomerOwnedIpv4Pool = customerOwnedIpv4Pool;
+ DesyncMitigationMode = desyncMitigationMode;
DnsName = dnsName;
DropInvalidHeaderFields = dropInvalidHeaderFields;
EnableDeletionProtection = enableDeletionProtection;
EnableHttp2 = enableHttp2;
+ EnableWafFailOpen = enableWafFailOpen;
Id = id;
IdleTimeout = idleTimeout;
Internal = @internal;
diff --git a/sdk/dotnet/ApplicationLoadBalancing/LoadBalancer.cs b/sdk/dotnet/ApplicationLoadBalancing/LoadBalancer.cs
index 720c96535f1..6ae526c7eb0 100644
--- a/sdk/dotnet/ApplicationLoadBalancing/LoadBalancer.cs
+++ b/sdk/dotnet/ApplicationLoadBalancing/LoadBalancer.cs
@@ -176,6 +176,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("customerOwnedIpv4Pool")]
public Output CustomerOwnedIpv4Pool { get; private set; } = null!;
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Output("desyncMitigationMode")]
+ public Output DesyncMitigationMode { get; private set; } = null!;
+
///
/// The DNS name of the load balancer.
///
@@ -208,6 +214,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("enableHttp2")]
public Output EnableHttp2 { get; private set; } = null!;
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Output("enableWafFailOpen")]
+ public Output EnableWafFailOpen { get; private set; } = null!;
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -267,7 +279,7 @@ public partial class LoadBalancer : Pulumi.CustomResource
public Output> Subnets { get; private set; } = null!;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
[Output("tags")]
public Output?> Tags { get; private set; } = null!;
@@ -346,6 +358,12 @@ public sealed class LoadBalancerArgs : Pulumi.ResourceArgs
[Input("customerOwnedIpv4Pool")]
public Input? CustomerOwnedIpv4Pool { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.
///
@@ -372,6 +390,12 @@ public sealed class LoadBalancerArgs : Pulumi.ResourceArgs
[Input("enableHttp2")]
public Input? EnableHttp2 { get; set; }
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Input("enableWafFailOpen")]
+ public Input? EnableWafFailOpen { get; set; }
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -452,7 +476,7 @@ public InputList Subnets
private InputMap? _tags;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
@@ -491,6 +515,12 @@ public sealed class LoadBalancerState : Pulumi.ResourceArgs
[Input("customerOwnedIpv4Pool")]
public Input? CustomerOwnedIpv4Pool { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// The DNS name of the load balancer.
///
@@ -523,6 +553,12 @@ public sealed class LoadBalancerState : Pulumi.ResourceArgs
[Input("enableHttp2")]
public Input? EnableHttp2 { get; set; }
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Input("enableWafFailOpen")]
+ public Input? EnableWafFailOpen { get; set; }
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -603,7 +639,7 @@ public InputList Subnets
private InputMap? _tags;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
diff --git a/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationArgs.cs b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationArgs.cs
index fa43d6638e7..7356cb09f20 100644
--- a/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationArgs.cs
+++ b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationArgs.cs
@@ -24,6 +24,12 @@ public sealed class WorkgroupConfigurationArgs : Pulumi.ResourceArgs
[Input("enforceWorkgroupConfiguration")]
public Input? EnforceWorkgroupConfiguration { get; set; }
+ ///
+ /// Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). Documented below.
+ ///
+ [Input("engineVersion")]
+ public Input? EngineVersion { get; set; }
+
///
/// Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`.
///
diff --git a/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationEngineVersionArgs.cs b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationEngineVersionArgs.cs
new file mode 100644
index 00000000000..cee16b3cbc0
--- /dev/null
+++ b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationEngineVersionArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Athena.Inputs
+{
+
+ public sealed class WorkgroupConfigurationEngineVersionArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The engine version on which the query runs. If `selected_engine_version` is set to `AUTO`, the effective engine version is chosen by Athena.
+ ///
+ [Input("effectiveEngineVersion")]
+ public Input? EffectiveEngineVersion { get; set; }
+
+ ///
+ /// The requested engine version. Defaults to `AUTO`.
+ ///
+ [Input("selectedEngineVersion")]
+ public Input? SelectedEngineVersion { get; set; }
+
+ public WorkgroupConfigurationEngineVersionArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationEngineVersionGetArgs.cs b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationEngineVersionGetArgs.cs
new file mode 100644
index 00000000000..3a08c1f9d76
--- /dev/null
+++ b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationEngineVersionGetArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Athena.Inputs
+{
+
+ public sealed class WorkgroupConfigurationEngineVersionGetArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The engine version on which the query runs. If `selected_engine_version` is set to `AUTO`, the effective engine version is chosen by Athena.
+ ///
+ [Input("effectiveEngineVersion")]
+ public Input? EffectiveEngineVersion { get; set; }
+
+ ///
+ /// The requested engine version. Defaults to `AUTO`.
+ ///
+ [Input("selectedEngineVersion")]
+ public Input? SelectedEngineVersion { get; set; }
+
+ public WorkgroupConfigurationEngineVersionGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationGetArgs.cs b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationGetArgs.cs
index 1be90bf3568..4d0cbe8d75f 100644
--- a/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationGetArgs.cs
+++ b/sdk/dotnet/Athena/Inputs/WorkgroupConfigurationGetArgs.cs
@@ -24,6 +24,12 @@ public sealed class WorkgroupConfigurationGetArgs : Pulumi.ResourceArgs
[Input("enforceWorkgroupConfiguration")]
public Input? EnforceWorkgroupConfiguration { get; set; }
+ ///
+ /// Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). Documented below.
+ ///
+ [Input("engineVersion")]
+ public Input? EngineVersion { get; set; }
+
///
/// Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`.
///
diff --git a/sdk/dotnet/Athena/Outputs/WorkgroupConfiguration.cs b/sdk/dotnet/Athena/Outputs/WorkgroupConfiguration.cs
index 6d33166e5a7..e4903c9c190 100644
--- a/sdk/dotnet/Athena/Outputs/WorkgroupConfiguration.cs
+++ b/sdk/dotnet/Athena/Outputs/WorkgroupConfiguration.cs
@@ -22,6 +22,10 @@ public sealed class WorkgroupConfiguration
///
public readonly bool? EnforceWorkgroupConfiguration;
///
+ /// Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). Documented below.
+ ///
+ public readonly Outputs.WorkgroupConfigurationEngineVersion? EngineVersion;
+ ///
/// Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`.
///
public readonly bool? PublishCloudwatchMetricsEnabled;
@@ -40,6 +44,8 @@ private WorkgroupConfiguration(
bool? enforceWorkgroupConfiguration,
+ Outputs.WorkgroupConfigurationEngineVersion? engineVersion,
+
bool? publishCloudwatchMetricsEnabled,
bool? requesterPaysEnabled,
@@ -48,6 +54,7 @@ private WorkgroupConfiguration(
{
BytesScannedCutoffPerQuery = bytesScannedCutoffPerQuery;
EnforceWorkgroupConfiguration = enforceWorkgroupConfiguration;
+ EngineVersion = engineVersion;
PublishCloudwatchMetricsEnabled = publishCloudwatchMetricsEnabled;
RequesterPaysEnabled = requesterPaysEnabled;
ResultConfiguration = resultConfiguration;
diff --git a/sdk/dotnet/Athena/Outputs/WorkgroupConfigurationEngineVersion.cs b/sdk/dotnet/Athena/Outputs/WorkgroupConfigurationEngineVersion.cs
new file mode 100644
index 00000000000..91a3f68822a
--- /dev/null
+++ b/sdk/dotnet/Athena/Outputs/WorkgroupConfigurationEngineVersion.cs
@@ -0,0 +1,35 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Athena.Outputs
+{
+
+ [OutputType]
+ public sealed class WorkgroupConfigurationEngineVersion
+ {
+ ///
+ /// The engine version on which the query runs. If `selected_engine_version` is set to `AUTO`, the effective engine version is chosen by Athena.
+ ///
+ public readonly string? EffectiveEngineVersion;
+ ///
+ /// The requested engine version. Defaults to `AUTO`.
+ ///
+ public readonly string? SelectedEngineVersion;
+
+ [OutputConstructor]
+ private WorkgroupConfigurationEngineVersion(
+ string? effectiveEngineVersion,
+
+ string? selectedEngineVersion)
+ {
+ EffectiveEngineVersion = effectiveEngineVersion;
+ SelectedEngineVersion = selectedEngineVersion;
+ }
+ }
+}
diff --git a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsArgs.cs b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsArgs.cs
new file mode 100644
index 00000000000..535885a38c0
--- /dev/null
+++ b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsArgs.cs
@@ -0,0 +1,25 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Cfg.Inputs
+{
+
+ public sealed class RemediationConfigurationExecutionControlsArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Configuration block for SSM controls. See below.
+ ///
+ [Input("ssmControls")]
+ public Input? SsmControls { get; set; }
+
+ public RemediationConfigurationExecutionControlsArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsGetArgs.cs b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsGetArgs.cs
new file mode 100644
index 00000000000..caea162cb7c
--- /dev/null
+++ b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsGetArgs.cs
@@ -0,0 +1,25 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Cfg.Inputs
+{
+
+ public sealed class RemediationConfigurationExecutionControlsGetArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Configuration block for SSM controls. See below.
+ ///
+ [Input("ssmControls")]
+ public Input? SsmControls { get; set; }
+
+ public RemediationConfigurationExecutionControlsGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsSsmControlsArgs.cs b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsSsmControlsArgs.cs
new file mode 100644
index 00000000000..df4b5e9dea3
--- /dev/null
+++ b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsSsmControlsArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Cfg.Inputs
+{
+
+ public sealed class RemediationConfigurationExecutionControlsSsmControlsArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
+ ///
+ [Input("concurrentExecutionRatePercentage")]
+ public Input? ConcurrentExecutionRatePercentage { get; set; }
+
+ ///
+ /// Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
+ ///
+ [Input("errorPercentage")]
+ public Input? ErrorPercentage { get; set; }
+
+ public RemediationConfigurationExecutionControlsSsmControlsArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsSsmControlsGetArgs.cs b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsSsmControlsGetArgs.cs
new file mode 100644
index 00000000000..9210d134d85
--- /dev/null
+++ b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationExecutionControlsSsmControlsGetArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Cfg.Inputs
+{
+
+ public sealed class RemediationConfigurationExecutionControlsSsmControlsGetArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
+ ///
+ [Input("concurrentExecutionRatePercentage")]
+ public Input? ConcurrentExecutionRatePercentage { get; set; }
+
+ ///
+ /// Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
+ ///
+ [Input("errorPercentage")]
+ public Input? ErrorPercentage { get; set; }
+
+ public RemediationConfigurationExecutionControlsSsmControlsGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterArgs.cs b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterArgs.cs
index 688ef5eb090..e31a5258116 100644
--- a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterArgs.cs
+++ b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterArgs.cs
@@ -13,19 +13,19 @@ namespace Pulumi.Aws.Cfg.Inputs
public sealed class RemediationConfigurationParameterArgs : Pulumi.ResourceArgs
{
///
- /// The name of the attribute.
+ /// Name of the attribute.
///
[Input("name", required: true)]
public Input Name { get; set; } = null!;
///
- /// The value is dynamic and changes at run-time.
+ /// Value is dynamic and changes at run-time.
///
[Input("resourceValue")]
public Input? ResourceValue { get; set; }
///
- /// The value is static and does not change at run-time.
+ /// Value is static and does not change at run-time.
///
[Input("staticValue")]
public Input? StaticValue { get; set; }
diff --git a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterGetArgs.cs b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterGetArgs.cs
index b91d2ddb6a5..5a4b83ab13b 100644
--- a/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterGetArgs.cs
+++ b/sdk/dotnet/Cfg/Inputs/RemediationConfigurationParameterGetArgs.cs
@@ -13,19 +13,19 @@ namespace Pulumi.Aws.Cfg.Inputs
public sealed class RemediationConfigurationParameterGetArgs : Pulumi.ResourceArgs
{
///
- /// The name of the attribute.
+ /// Name of the attribute.
///
[Input("name", required: true)]
public Input Name { get; set; } = null!;
///
- /// The value is dynamic and changes at run-time.
+ /// Value is dynamic and changes at run-time.
///
[Input("resourceValue")]
public Input? ResourceValue { get; set; }
///
- /// The value is static and does not change at run-time.
+ /// Value is static and does not change at run-time.
///
[Input("staticValue")]
public Input? StaticValue { get; set; }
diff --git a/sdk/dotnet/Cfg/Outputs/RemediationConfigurationExecutionControls.cs b/sdk/dotnet/Cfg/Outputs/RemediationConfigurationExecutionControls.cs
new file mode 100644
index 00000000000..3e7da00bd34
--- /dev/null
+++ b/sdk/dotnet/Cfg/Outputs/RemediationConfigurationExecutionControls.cs
@@ -0,0 +1,27 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Cfg.Outputs
+{
+
+ [OutputType]
+ public sealed class RemediationConfigurationExecutionControls
+ {
+ ///
+ /// Configuration block for SSM controls. See below.
+ ///
+ public readonly Outputs.RemediationConfigurationExecutionControlsSsmControls? SsmControls;
+
+ [OutputConstructor]
+ private RemediationConfigurationExecutionControls(Outputs.RemediationConfigurationExecutionControlsSsmControls? ssmControls)
+ {
+ SsmControls = ssmControls;
+ }
+ }
+}
diff --git a/sdk/dotnet/Cfg/Outputs/RemediationConfigurationExecutionControlsSsmControls.cs b/sdk/dotnet/Cfg/Outputs/RemediationConfigurationExecutionControlsSsmControls.cs
new file mode 100644
index 00000000000..f9bfd737982
--- /dev/null
+++ b/sdk/dotnet/Cfg/Outputs/RemediationConfigurationExecutionControlsSsmControls.cs
@@ -0,0 +1,35 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Cfg.Outputs
+{
+
+ [OutputType]
+ public sealed class RemediationConfigurationExecutionControlsSsmControls
+ {
+ ///
+ /// Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
+ ///
+ public readonly int? ConcurrentExecutionRatePercentage;
+ ///
+ /// Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
+ ///
+ public readonly int? ErrorPercentage;
+
+ [OutputConstructor]
+ private RemediationConfigurationExecutionControlsSsmControls(
+ int? concurrentExecutionRatePercentage,
+
+ int? errorPercentage)
+ {
+ ConcurrentExecutionRatePercentage = concurrentExecutionRatePercentage;
+ ErrorPercentage = errorPercentage;
+ }
+ }
+}
diff --git a/sdk/dotnet/Cfg/Outputs/RemediationConfigurationParameter.cs b/sdk/dotnet/Cfg/Outputs/RemediationConfigurationParameter.cs
index 0a7816b134e..f0650f884ac 100644
--- a/sdk/dotnet/Cfg/Outputs/RemediationConfigurationParameter.cs
+++ b/sdk/dotnet/Cfg/Outputs/RemediationConfigurationParameter.cs
@@ -14,15 +14,15 @@ namespace Pulumi.Aws.Cfg.Outputs
public sealed class RemediationConfigurationParameter
{
///
- /// The name of the attribute.
+ /// Name of the attribute.
///
public readonly string Name;
///
- /// The value is dynamic and changes at run-time.
+ /// Value is dynamic and changes at run-time.
///
public readonly string? ResourceValue;
///
- /// The value is static and does not change at run-time.
+ /// Value is static and does not change at run-time.
///
public readonly string? StaticValue;
diff --git a/sdk/dotnet/Cfg/RemediationConfiguration.cs b/sdk/dotnet/Cfg/RemediationConfiguration.cs
index 219dfca33d0..1e4320f3714 100644
--- a/sdk/dotnet/Cfg/RemediationConfiguration.cs
+++ b/sdk/dotnet/Cfg/RemediationConfiguration.cs
@@ -59,6 +59,17 @@ namespace Pulumi.Aws.Cfg
/// StaticValue = "AES256",
/// },
/// },
+ /// Automatic = true,
+ /// MaximumAutomaticAttempts = 10,
+ /// RetryAttemptSeconds = 600,
+ /// ExecutionControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsArgs
+ /// {
+ /// SsmControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsSsmControlsArgs
+ /// {
+ /// ConcurrentExecutionRatePercentage = 25,
+ /// ErrorPercentage = 20,
+ /// },
+ /// },
/// });
/// }
///
@@ -77,38 +88,61 @@ namespace Pulumi.Aws.Cfg
public partial class RemediationConfiguration : Pulumi.CustomResource
{
///
- /// Amazon Resource Name (ARN) of the Config Remediation Configuration.
+ /// ARN of the Config Remediation Configuration.
///
[Output("arn")]
public Output Arn { get; private set; } = null!;
///
- /// The name of the AWS Config rule
+ /// Remediation is triggered automatically if `true`.
+ ///
+ [Output("automatic")]
+ public Output Automatic { get; private set; } = null!;
+
+ ///
+ /// Name of the AWS Config rule.
///
[Output("configRuleName")]
public Output ConfigRuleName { get; private set; } = null!;
///
- /// Can be specified multiple times for each
- /// parameter. Each parameter block supports fields documented below.
+ /// Configuration block for execution controls. See below.
+ ///
+ [Output("executionControls")]
+ public Output ExecutionControls { get; private set; } = null!;
+
+ ///
+ /// Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
+ ///
+ [Output("maximumAutomaticAttempts")]
+ public Output MaximumAutomaticAttempts { get; private set; } = null!;
+
+ ///
+ /// Can be specified multiple times for each parameter. Each parameter block supports arguments below.
///
[Output("parameters")]
public Output> Parameters { get; private set; } = null!;
///
- /// The type of a resource
+ /// Type of resource.
///
[Output("resourceType")]
public Output ResourceType { get; private set; } = null!;
///
- /// Target ID is the name of the public document
+ /// Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
+ ///
+ [Output("retryAttemptSeconds")]
+ public Output RetryAttemptSeconds { get; private set; } = null!;
+
+ ///
+ /// Target ID is the name of the public document.
///
[Output("targetId")]
public Output TargetId { get; private set; } = null!;
///
- /// The type of the target. Target executes remediation. For example, SSM document
+ /// Type of the target. Target executes remediation. For example, SSM document.
///
[Output("targetType")]
public Output TargetType { get; private set; } = null!;
@@ -166,17 +200,34 @@ public static RemediationConfiguration Get(string name, Input id, Remedi
public sealed class RemediationConfigurationArgs : Pulumi.ResourceArgs
{
///
- /// The name of the AWS Config rule
+ /// Remediation is triggered automatically if `true`.
+ ///
+ [Input("automatic")]
+ public Input? Automatic { get; set; }
+
+ ///
+ /// Name of the AWS Config rule.
///
[Input("configRuleName", required: true)]
public Input ConfigRuleName { get; set; } = null!;
+ ///
+ /// Configuration block for execution controls. See below.
+ ///
+ [Input("executionControls")]
+ public Input? ExecutionControls { get; set; }
+
+ ///
+ /// Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
+ ///
+ [Input("maximumAutomaticAttempts")]
+ public Input? MaximumAutomaticAttempts { get; set; }
+
[Input("parameters")]
private InputList? _parameters;
///
- /// Can be specified multiple times for each
- /// parameter. Each parameter block supports fields documented below.
+ /// Can be specified multiple times for each parameter. Each parameter block supports arguments below.
///
public InputList Parameters
{
@@ -185,19 +236,25 @@ public InputList Parameters
}
///
- /// The type of a resource
+ /// Type of resource.
///
[Input("resourceType")]
public Input? ResourceType { get; set; }
///
- /// Target ID is the name of the public document
+ /// Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
+ ///
+ [Input("retryAttemptSeconds")]
+ public Input? RetryAttemptSeconds { get; set; }
+
+ ///
+ /// Target ID is the name of the public document.
///
[Input("targetId", required: true)]
public Input TargetId { get; set; } = null!;
///
- /// The type of the target. Target executes remediation. For example, SSM document
+ /// Type of the target. Target executes remediation. For example, SSM document.
///
[Input("targetType", required: true)]
public Input TargetType { get; set; } = null!;
@@ -216,23 +273,40 @@ public RemediationConfigurationArgs()
public sealed class RemediationConfigurationState : Pulumi.ResourceArgs
{
///
- /// Amazon Resource Name (ARN) of the Config Remediation Configuration.
+ /// ARN of the Config Remediation Configuration.
///
[Input("arn")]
public Input? Arn { get; set; }
///
- /// The name of the AWS Config rule
+ /// Remediation is triggered automatically if `true`.
+ ///
+ [Input("automatic")]
+ public Input? Automatic { get; set; }
+
+ ///
+ /// Name of the AWS Config rule.
///
[Input("configRuleName")]
public Input? ConfigRuleName { get; set; }
+ ///
+ /// Configuration block for execution controls. See below.
+ ///
+ [Input("executionControls")]
+ public Input? ExecutionControls { get; set; }
+
+ ///
+ /// Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
+ ///
+ [Input("maximumAutomaticAttempts")]
+ public Input? MaximumAutomaticAttempts { get; set; }
+
[Input("parameters")]
private InputList? _parameters;
///
- /// Can be specified multiple times for each
- /// parameter. Each parameter block supports fields documented below.
+ /// Can be specified multiple times for each parameter. Each parameter block supports arguments below.
///
public InputList Parameters
{
@@ -241,19 +315,25 @@ public InputList Parameters
}
///
- /// The type of a resource
+ /// Type of resource.
///
[Input("resourceType")]
public Input? ResourceType { get; set; }
///
- /// Target ID is the name of the public document
+ /// Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
+ ///
+ [Input("retryAttemptSeconds")]
+ public Input? RetryAttemptSeconds { get; set; }
+
+ ///
+ /// Target ID is the name of the public document.
///
[Input("targetId")]
public Input? TargetId { get; set; }
///
- /// The type of the target. Target executes remediation. For example, SSM document
+ /// Type of the target. Target executes remediation. For example, SSM document.
///
[Input("targetType")]
public Input? TargetType { get; set; }
diff --git a/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorArgs.cs b/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorArgs.cs
index fba3a18b082..ae67402bbaf 100644
--- a/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorArgs.cs
+++ b/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorArgs.cs
@@ -24,8 +24,20 @@ public InputList DataResources
set => _dataResources = value;
}
+ [Input("excludeManagementEventSources")]
+ private InputList? _excludeManagementEventSources;
+
+ ///
+ /// A set of event sources to exclude. Valid values include: `kms.amazonaws.com` and `rdsdata.amazonaws.com`. `include_management_events` must be set to`true` to allow this.
+ ///
+ public InputList ExcludeManagementEventSources
+ {
+ get => _excludeManagementEventSources ?? (_excludeManagementEventSources = new InputList());
+ set => _excludeManagementEventSources = value;
+ }
+
///
- /// Whether to include management events for your trail.
+ /// Whether to include management events for your trail. Defaults to `true`.
///
[Input("includeManagementEvents")]
public Input? IncludeManagementEvents { get; set; }
diff --git a/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorGetArgs.cs b/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorGetArgs.cs
index 711277fa546..9457e28a0d2 100644
--- a/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorGetArgs.cs
+++ b/sdk/dotnet/CloudTrail/Inputs/TrailEventSelectorGetArgs.cs
@@ -24,8 +24,20 @@ public InputList DataResources
set => _dataResources = value;
}
+ [Input("excludeManagementEventSources")]
+ private InputList? _excludeManagementEventSources;
+
+ ///
+ /// A set of event sources to exclude. Valid values include: `kms.amazonaws.com` and `rdsdata.amazonaws.com`. `include_management_events` must be set to`true` to allow this.
+ ///
+ public InputList ExcludeManagementEventSources
+ {
+ get => _excludeManagementEventSources ?? (_excludeManagementEventSources = new InputList());
+ set => _excludeManagementEventSources = value;
+ }
+
///
- /// Whether to include management events for your trail.
+ /// Whether to include management events for your trail. Defaults to `true`.
///
[Input("includeManagementEvents")]
public Input? IncludeManagementEvents { get; set; }
diff --git a/sdk/dotnet/CloudTrail/Outputs/TrailEventSelector.cs b/sdk/dotnet/CloudTrail/Outputs/TrailEventSelector.cs
index efdc08bc97d..cb9323760dd 100644
--- a/sdk/dotnet/CloudTrail/Outputs/TrailEventSelector.cs
+++ b/sdk/dotnet/CloudTrail/Outputs/TrailEventSelector.cs
@@ -18,7 +18,11 @@ public sealed class TrailEventSelector
///
public readonly ImmutableArray DataResources;
///
- /// Whether to include management events for your trail.
+ /// A set of event sources to exclude. Valid values include: `kms.amazonaws.com` and `rdsdata.amazonaws.com`. `include_management_events` must be set to`true` to allow this.
+ ///
+ public readonly ImmutableArray ExcludeManagementEventSources;
+ ///
+ /// Whether to include management events for your trail. Defaults to `true`.
///
public readonly bool? IncludeManagementEvents;
///
@@ -30,11 +34,14 @@ public sealed class TrailEventSelector
private TrailEventSelector(
ImmutableArray dataResources,
+ ImmutableArray excludeManagementEventSources,
+
bool? includeManagementEvents,
string? readWriteType)
{
DataResources = dataResources;
+ ExcludeManagementEventSources = excludeManagementEventSources;
IncludeManagementEvents = includeManagementEvents;
ReadWriteType = readWriteType;
}
diff --git a/sdk/dotnet/Config/Config.cs b/sdk/dotnet/Config/Config.cs
index 3791a1f9dc3..7561ccf1df8 100644
--- a/sdk/dotnet/Config/Config.cs
+++ b/sdk/dotnet/Config/Config.cs
@@ -255,6 +255,7 @@ public class DefaultTags
public class Endpoints
{
public string? Accessanalyzer { get; set; } = null!;
+ public string? Account { get; set; } = null!;
public string? Acm { get; set; } = null!;
public string? Acmpca { get; set; } = null!;
public string? Alexaforbusiness { get; set; } = null!;
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleArgs.cs
index a6eaeaa0f7e..f761ae68a9d 100644
--- a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleArgs.cs
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleArgs.cs
@@ -13,7 +13,7 @@ namespace Pulumi.Aws.Dlm.Inputs
public sealed class LifecyclePolicyPolicyDetailsScheduleArgs : Pulumi.ResourceArgs
{
///
- /// Copy all user-defined tags on a source volume to snapshots of the volume created by this policy.
+ /// Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.
///
[Input("copyTags")]
public Input? CopyTags { get; set; }
@@ -24,6 +24,18 @@ public sealed class LifecyclePolicyPolicyDetailsScheduleArgs : Pulumi.ResourceAr
[Input("createRule", required: true)]
public Input CreateRule { get; set; } = null!;
+ [Input("crossRegionCopyRules")]
+ private InputList? _crossRegionCopyRules;
+
+ ///
+ /// See the `cross_region_copy_rule` block. Max of 3 per schedule.
+ ///
+ public InputList CrossRegionCopyRules
+ {
+ get => _crossRegionCopyRules ?? (_crossRegionCopyRules = new InputList());
+ set => _crossRegionCopyRules = value;
+ }
+
///
/// A name for the schedule.
///
@@ -31,7 +43,7 @@ public sealed class LifecyclePolicyPolicyDetailsScheduleArgs : Pulumi.ResourceAr
public Input Name { get; set; } = null!;
///
- /// See the `retain_rule` block. Max of 1 per schedule.
+ /// The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.
///
[Input("retainRule", required: true)]
public Input RetainRule { get; set; } = null!;
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.cs
index 1741a32fd2f..bb9056fc419 100644
--- a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.cs
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs.cs
@@ -13,13 +13,13 @@ namespace Pulumi.Aws.Dlm.Inputs
public sealed class LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs : Pulumi.ResourceArgs
{
///
- /// How often this lifecycle policy should be evaluated. `1`, `2`,`3`,`4`,`6`,`8`,`12` or `24` are valid values.
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
///
[Input("interval", required: true)]
public Input Interval { get; set; } = null!;
///
- /// The unit for how often the lifecycle policy should be evaluated. `HOURS` is currently the only allowed value and also the default value.
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
///
[Input("intervalUnit")]
public Input? IntervalUnit { get; set; }
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleGetArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleGetArgs.cs
index d538c29eb59..2b5c920d348 100644
--- a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleGetArgs.cs
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCreateRuleGetArgs.cs
@@ -13,13 +13,13 @@ namespace Pulumi.Aws.Dlm.Inputs
public sealed class LifecyclePolicyPolicyDetailsScheduleCreateRuleGetArgs : Pulumi.ResourceArgs
{
///
- /// How often this lifecycle policy should be evaluated. `1`, `2`,`3`,`4`,`6`,`8`,`12` or `24` are valid values.
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
///
[Input("interval", required: true)]
public Input Interval { get; set; } = null!;
///
- /// The unit for how often the lifecycle policy should be evaluated. `HOURS` is currently the only allowed value and also the default value.
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
///
[Input("intervalUnit")]
public Input? IntervalUnit { get; set; }
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs.cs
new file mode 100644
index 00000000000..f87cc39032d
--- /dev/null
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs.cs
@@ -0,0 +1,55 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Inputs
+{
+
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The Amazon Resource Name (ARN) of the AWS KMS customer master key (CMK) to use for EBS encryption. If this argument is not specified, the default KMS key for the account is used.
+ ///
+ [Input("cmkArn")]
+ public Input? CmkArn { get; set; }
+
+ ///
+ /// Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.
+ ///
+ [Input("copyTags")]
+ public Input? CopyTags { get; set; }
+
+ ///
+ /// The AMI deprecation rule for cross-Region AMI copies created by the rule. See the `deprecate_rule` block.
+ ///
+ [Input("deprecateRule")]
+ public Input? DeprecateRule { get; set; }
+
+ ///
+ /// To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Copies of encrypted snapshots are encrypted, even if this parameter is false or if encryption by default is not enabled.
+ ///
+ [Input("encrypted", required: true)]
+ public Input Encrypted { get; set; } = null!;
+
+ ///
+ /// The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.
+ ///
+ [Input("retainRule")]
+ public Input? RetainRule { get; set; }
+
+ ///
+ /// The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.
+ ///
+ [Input("target", required: true)]
+ public Input Target { get; set; } = null!;
+
+ public LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleArgs.cs
new file mode 100644
index 00000000000..c3879c74f1f
--- /dev/null
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Inputs
+{
+
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
+ ///
+ [Input("interval", required: true)]
+ public Input Interval { get; set; } = null!;
+
+ ///
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
+ ///
+ [Input("intervalUnit", required: true)]
+ public Input IntervalUnit { get; set; } = null!;
+
+ public LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleGetArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleGetArgs.cs
new file mode 100644
index 00000000000..d3d1ae51367
--- /dev/null
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleGetArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Inputs
+{
+
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleGetArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
+ ///
+ [Input("interval", required: true)]
+ public Input Interval { get; set; } = null!;
+
+ ///
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
+ ///
+ [Input("intervalUnit", required: true)]
+ public Input IntervalUnit { get; set; } = null!;
+
+ public LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRuleGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleGetArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleGetArgs.cs
new file mode 100644
index 00000000000..80bbb55d1b4
--- /dev/null
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleGetArgs.cs
@@ -0,0 +1,55 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Inputs
+{
+
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleGetArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The Amazon Resource Name (ARN) of the AWS KMS customer master key (CMK) to use for EBS encryption. If this argument is not specified, the default KMS key for the account is used.
+ ///
+ [Input("cmkArn")]
+ public Input? CmkArn { get; set; }
+
+ ///
+ /// Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.
+ ///
+ [Input("copyTags")]
+ public Input? CopyTags { get; set; }
+
+ ///
+ /// The AMI deprecation rule for cross-Region AMI copies created by the rule. See the `deprecate_rule` block.
+ ///
+ [Input("deprecateRule")]
+ public Input? DeprecateRule { get; set; }
+
+ ///
+ /// To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Copies of encrypted snapshots are encrypted, even if this parameter is false or if encryption by default is not enabled.
+ ///
+ [Input("encrypted", required: true)]
+ public Input Encrypted { get; set; } = null!;
+
+ ///
+ /// The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.
+ ///
+ [Input("retainRule")]
+ public Input? RetainRule { get; set; }
+
+ ///
+ /// The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.
+ ///
+ [Input("target", required: true)]
+ public Input Target { get; set; } = null!;
+
+ public LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs.cs
new file mode 100644
index 00000000000..f4e2125722f
--- /dev/null
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Inputs
+{
+
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
+ ///
+ [Input("interval", required: true)]
+ public Input Interval { get; set; } = null!;
+
+ ///
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
+ ///
+ [Input("intervalUnit", required: true)]
+ public Input IntervalUnit { get; set; } = null!;
+
+ public LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleGetArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleGetArgs.cs
new file mode 100644
index 00000000000..5fb41171bbd
--- /dev/null
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleGetArgs.cs
@@ -0,0 +1,31 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Inputs
+{
+
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleGetArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
+ ///
+ [Input("interval", required: true)]
+ public Input Interval { get; set; } = null!;
+
+ ///
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
+ ///
+ [Input("intervalUnit", required: true)]
+ public Input IntervalUnit { get; set; } = null!;
+
+ public LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleGetArgs.cs b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleGetArgs.cs
index 02a4e7e11fd..f9ca905f133 100644
--- a/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleGetArgs.cs
+++ b/sdk/dotnet/Dlm/Inputs/LifecyclePolicyPolicyDetailsScheduleGetArgs.cs
@@ -13,7 +13,7 @@ namespace Pulumi.Aws.Dlm.Inputs
public sealed class LifecyclePolicyPolicyDetailsScheduleGetArgs : Pulumi.ResourceArgs
{
///
- /// Copy all user-defined tags on a source volume to snapshots of the volume created by this policy.
+ /// Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.
///
[Input("copyTags")]
public Input? CopyTags { get; set; }
@@ -24,6 +24,18 @@ public sealed class LifecyclePolicyPolicyDetailsScheduleGetArgs : Pulumi.Resourc
[Input("createRule", required: true)]
public Input CreateRule { get; set; } = null!;
+ [Input("crossRegionCopyRules")]
+ private InputList? _crossRegionCopyRules;
+
+ ///
+ /// See the `cross_region_copy_rule` block. Max of 3 per schedule.
+ ///
+ public InputList CrossRegionCopyRules
+ {
+ get => _crossRegionCopyRules ?? (_crossRegionCopyRules = new InputList());
+ set => _crossRegionCopyRules = value;
+ }
+
///
/// A name for the schedule.
///
@@ -31,7 +43,7 @@ public sealed class LifecyclePolicyPolicyDetailsScheduleGetArgs : Pulumi.Resourc
public Input Name { get; set; } = null!;
///
- /// See the `retain_rule` block. Max of 1 per schedule.
+ /// The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.
///
[Input("retainRule", required: true)]
public Input RetainRule { get; set; } = null!;
diff --git a/sdk/dotnet/Dlm/LifecyclePolicy.cs b/sdk/dotnet/Dlm/LifecyclePolicy.cs
index d1f0394f67b..b5ccd2d7838 100644
--- a/sdk/dotnet/Dlm/LifecyclePolicy.cs
+++ b/sdk/dotnet/Dlm/LifecyclePolicy.cs
@@ -13,6 +13,7 @@ namespace Pulumi.Aws.Dlm
/// Provides a [Data Lifecycle Manager (DLM) lifecycle policy](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html) for managing snapshots.
///
/// ## Example Usage
+ /// ### Basic
///
/// ```csharp
/// using Pulumi;
@@ -114,10 +115,105 @@ namespace Pulumi.Aws.Dlm
///
/// }
/// ```
+ /// ### Example Cross-Region Snapshot Copy Usage
+ ///
+ /// ```csharp
+ /// using Pulumi;
+ /// using Aws = Pulumi.Aws;
+ ///
+ /// class MyStack : Stack
+ /// {
+ /// public MyStack()
+ /// {
+ /// // ...other configuration...
+ /// var dlmCrossRegionCopyCmk = new Aws.Kms.Key("dlmCrossRegionCopyCmk", new Aws.Kms.KeyArgs
+ /// {
+ /// Description = "Example Alternate Region KMS Key",
+ /// Policy = @"{
+ /// ""Version"": ""2012-10-17"",
+ /// ""Id"": ""dlm-cross-region-copy-cmk"",
+ /// ""Statement"": [
+ /// {
+ /// ""Sid"": ""Enable IAM User Permissions"",
+ /// ""Effect"": ""Allow"",
+ /// ""Principal"": {
+ /// ""AWS"": ""*""
+ /// },
+ /// ""Action"": ""kms:*"",
+ /// ""Resource"": ""*""
+ /// }
+ /// ]
+ /// }
+ /// ",
+ /// }, new CustomResourceOptions
+ /// {
+ /// Provider = aws.Alternate,
+ /// });
+ /// var example = new Aws.Dlm.LifecyclePolicy("example", new Aws.Dlm.LifecyclePolicyArgs
+ /// {
+ /// Description = "example DLM lifecycle policy",
+ /// ExecutionRoleArn = aws_iam_role.Dlm_lifecycle_role.Arn,
+ /// State = "ENABLED",
+ /// PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs
+ /// {
+ /// ResourceTypes =
+ /// {
+ /// "VOLUME",
+ /// },
+ /// Schedules =
+ /// {
+ /// new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs
+ /// {
+ /// Name = "2 weeks of daily snapshots",
+ /// CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs
+ /// {
+ /// Interval = 24,
+ /// IntervalUnit = "HOURS",
+ /// Times =
+ /// {
+ /// "23:45",
+ /// },
+ /// },
+ /// RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs
+ /// {
+ /// Count = 14,
+ /// },
+ /// TagsToAdd =
+ /// {
+ /// { "SnapshotCreator", "DLM" },
+ /// },
+ /// CopyTags = false,
+ /// CrossRegionCopyRules =
+ /// {
+ /// new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleArgs
+ /// {
+ /// Target = "us-west-2",
+ /// Encrypted = true,
+ /// CmkArn = dlmCrossRegionCopyCmk.Arn,
+ /// CopyTags = true,
+ /// RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRuleArgs
+ /// {
+ /// Interval = 30,
+ /// IntervalUnit = "DAYS",
+ /// },
+ /// },
+ /// },
+ /// },
+ /// },
+ /// TargetTags =
+ /// {
+ /// { "Snapshot", "true" },
+ /// },
+ /// },
+ /// });
+ /// }
+ ///
+ /// }
+ /// ```
///
/// ## Import
///
- /// DLM lifecyle policies can be imported by their policy ID
+ /// DLM lifecycle policies can be imported by their policy ID
///
/// ```sh
/// $ pulumi import aws:dlm/lifecyclePolicy:LifecyclePolicy example policy-abcdef12345678901
diff --git a/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsSchedule.cs b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsSchedule.cs
index cc185a2e9b4..29c9c881c93 100644
--- a/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsSchedule.cs
+++ b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsSchedule.cs
@@ -14,7 +14,7 @@ namespace Pulumi.Aws.Dlm.Outputs
public sealed class LifecyclePolicyPolicyDetailsSchedule
{
///
- /// Copy all user-defined tags on a source volume to snapshots of the volume created by this policy.
+ /// Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.
///
public readonly bool? CopyTags;
///
@@ -22,11 +22,15 @@ public sealed class LifecyclePolicyPolicyDetailsSchedule
///
public readonly Outputs.LifecyclePolicyPolicyDetailsScheduleCreateRule CreateRule;
///
+ /// See the `cross_region_copy_rule` block. Max of 3 per schedule.
+ ///
+ public readonly ImmutableArray CrossRegionCopyRules;
+ ///
/// A name for the schedule.
///
public readonly string Name;
///
- /// See the `retain_rule` block. Max of 1 per schedule.
+ /// The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.
///
public readonly Outputs.LifecyclePolicyPolicyDetailsScheduleRetainRule RetainRule;
///
@@ -40,6 +44,8 @@ private LifecyclePolicyPolicyDetailsSchedule(
Outputs.LifecyclePolicyPolicyDetailsScheduleCreateRule createRule,
+ ImmutableArray crossRegionCopyRules,
+
string name,
Outputs.LifecyclePolicyPolicyDetailsScheduleRetainRule retainRule,
@@ -48,6 +54,7 @@ private LifecyclePolicyPolicyDetailsSchedule(
{
CopyTags = copyTags;
CreateRule = createRule;
+ CrossRegionCopyRules = crossRegionCopyRules;
Name = name;
RetainRule = retainRule;
TagsToAdd = tagsToAdd;
diff --git a/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCreateRule.cs b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCreateRule.cs
index f8806ff1e45..fa55412d26f 100644
--- a/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCreateRule.cs
+++ b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCreateRule.cs
@@ -14,11 +14,11 @@ namespace Pulumi.Aws.Dlm.Outputs
public sealed class LifecyclePolicyPolicyDetailsScheduleCreateRule
{
///
- /// How often this lifecycle policy should be evaluated. `1`, `2`,`3`,`4`,`6`,`8`,`12` or `24` are valid values.
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
///
public readonly int Interval;
///
- /// The unit for how often the lifecycle policy should be evaluated. `HOURS` is currently the only allowed value and also the default value.
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
///
public readonly string? IntervalUnit;
///
diff --git a/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule.cs b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule.cs
new file mode 100644
index 00000000000..914c98b9031
--- /dev/null
+++ b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule.cs
@@ -0,0 +1,63 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Outputs
+{
+
+ [OutputType]
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule
+ {
+ ///
+ /// The Amazon Resource Name (ARN) of the AWS KMS customer master key (CMK) to use for EBS encryption. If this argument is not specified, the default KMS key for the account is used.
+ ///
+ public readonly string? CmkArn;
+ ///
+ /// Whether to copy all user-defined tags from the source snapshot to the cross-region snapshot copy.
+ ///
+ public readonly bool? CopyTags;
+ ///
+ /// The AMI deprecation rule for cross-Region AMI copies created by the rule. See the `deprecate_rule` block.
+ ///
+ public readonly Outputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule? DeprecateRule;
+ ///
+ /// To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Copies of encrypted snapshots are encrypted, even if this parameter is false or if encryption by default is not enabled.
+ ///
+ public readonly bool Encrypted;
+ ///
+ /// The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the `retain_rule` block. Max of 1 per schedule.
+ ///
+ public readonly Outputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule? RetainRule;
+ ///
+ /// The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.
+ ///
+ public readonly string Target;
+
+ [OutputConstructor]
+ private LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule(
+ string? cmkArn,
+
+ bool? copyTags,
+
+ Outputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule? deprecateRule,
+
+ bool encrypted,
+
+ Outputs.LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule? retainRule,
+
+ string target)
+ {
+ CmkArn = cmkArn;
+ CopyTags = copyTags;
+ DeprecateRule = deprecateRule;
+ Encrypted = encrypted;
+ RetainRule = retainRule;
+ Target = target;
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule.cs b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule.cs
new file mode 100644
index 00000000000..cf914c202b4
--- /dev/null
+++ b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule.cs
@@ -0,0 +1,35 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Outputs
+{
+
+ [OutputType]
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule
+ {
+ ///
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
+ ///
+ public readonly int Interval;
+ ///
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
+ ///
+ public readonly string IntervalUnit;
+
+ [OutputConstructor]
+ private LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule(
+ int interval,
+
+ string intervalUnit)
+ {
+ Interval = interval;
+ IntervalUnit = intervalUnit;
+ }
+ }
+}
diff --git a/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule.cs b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule.cs
new file mode 100644
index 00000000000..fcbcbd71629
--- /dev/null
+++ b/sdk/dotnet/Dlm/Outputs/LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule.cs
@@ -0,0 +1,35 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Dlm.Outputs
+{
+
+ [OutputType]
+ public sealed class LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule
+ {
+ ///
+ /// The amount of time to retain each snapshot. The maximum is 100 years. This is equivalent to 1200 months, 5200 weeks, or 36500 days.
+ ///
+ public readonly int Interval;
+ ///
+ /// The unit of time for time-based retention. Valid values: `DAYS`, `WEEKS`, `MONTHS`, or `YEARS`.
+ ///
+ public readonly string IntervalUnit;
+
+ [OutputConstructor]
+ private LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule(
+ int interval,
+
+ string intervalUnit)
+ {
+ Interval = interval;
+ IntervalUnit = intervalUnit;
+ }
+ }
+}
diff --git a/sdk/dotnet/Ec2/GetInstanceTypes.cs b/sdk/dotnet/Ec2/GetInstanceTypes.cs
new file mode 100644
index 00000000000..8d948fbfa10
--- /dev/null
+++ b/sdk/dotnet/Ec2/GetInstanceTypes.cs
@@ -0,0 +1,210 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+using Pulumi.Utilities;
+
+namespace Pulumi.Aws.Ec2
+{
+ public static class GetInstanceTypes
+ {
+ ///
+ /// Information about EC2 Instance Types.
+ ///
+ /// {{% examples %}}
+ /// ## Example Usage
+ /// {{% example %}}
+ ///
+ /// ```csharp
+ /// using Pulumi;
+ /// using Aws = Pulumi.Aws;
+ ///
+ /// class MyStack : Stack
+ /// {
+ /// public MyStack()
+ /// {
+ /// var test = Output.Create(Aws.Ec2.GetInstanceTypes.InvokeAsync(new Aws.Ec2.GetInstanceTypesArgs
+ /// {
+ /// Filters =
+ /// {
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "auto-recovery-supported",
+ /// Values =
+ /// {
+ /// "true",
+ /// },
+ /// },
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "network-info.encryption-in-transit-supported",
+ /// Values =
+ /// {
+ /// "true",
+ /// },
+ /// },
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "instance-storage-supported",
+ /// Values =
+ /// {
+ /// "true",
+ /// },
+ /// },
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "instance-type",
+ /// Values =
+ /// {
+ /// "g5.2xlarge",
+ /// "g5.4xlarge",
+ /// },
+ /// },
+ /// },
+ /// }));
+ /// }
+ ///
+ /// }
+ /// ```
+ /// {{% /example %}}
+ /// {{% /examples %}}
+ ///
+ public static Task InvokeAsync(GetInstanceTypesArgs? args = null, InvokeOptions? options = null)
+ => Pulumi.Deployment.Instance.InvokeAsync("aws:ec2/getInstanceTypes:getInstanceTypes", args ?? new GetInstanceTypesArgs(), options.WithVersion());
+
+ ///
+ /// Information about EC2 Instance Types.
+ ///
+ /// {{% examples %}}
+ /// ## Example Usage
+ /// {{% example %}}
+ ///
+ /// ```csharp
+ /// using Pulumi;
+ /// using Aws = Pulumi.Aws;
+ ///
+ /// class MyStack : Stack
+ /// {
+ /// public MyStack()
+ /// {
+ /// var test = Output.Create(Aws.Ec2.GetInstanceTypes.InvokeAsync(new Aws.Ec2.GetInstanceTypesArgs
+ /// {
+ /// Filters =
+ /// {
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "auto-recovery-supported",
+ /// Values =
+ /// {
+ /// "true",
+ /// },
+ /// },
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "network-info.encryption-in-transit-supported",
+ /// Values =
+ /// {
+ /// "true",
+ /// },
+ /// },
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "instance-storage-supported",
+ /// Values =
+ /// {
+ /// "true",
+ /// },
+ /// },
+ /// new Aws.Ec2.Inputs.GetInstanceTypesFilterArgs
+ /// {
+ /// Name = "instance-type",
+ /// Values =
+ /// {
+ /// "g5.2xlarge",
+ /// "g5.4xlarge",
+ /// },
+ /// },
+ /// },
+ /// }));
+ /// }
+ ///
+ /// }
+ /// ```
+ /// {{% /example %}}
+ /// {{% /examples %}}
+ ///
+ public static Output Invoke(GetInstanceTypesInvokeArgs? args = null, InvokeOptions? options = null)
+ => Pulumi.Deployment.Instance.Invoke("aws:ec2/getInstanceTypes:getInstanceTypes", args ?? new GetInstanceTypesInvokeArgs(), options.WithVersion());
+ }
+
+
+ public sealed class GetInstanceTypesArgs : Pulumi.InvokeArgs
+ {
+ [Input("filters")]
+ private List? _filters;
+
+ ///
+ /// One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceTypes.html) for supported filters. Detailed below.
+ ///
+ public List Filters
+ {
+ get => _filters ?? (_filters = new List());
+ set => _filters = value;
+ }
+
+ public GetInstanceTypesArgs()
+ {
+ }
+ }
+
+ public sealed class GetInstanceTypesInvokeArgs : Pulumi.InvokeArgs
+ {
+ [Input("filters")]
+ private InputList? _filters;
+
+ ///
+ /// One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceTypes.html) for supported filters. Detailed below.
+ ///
+ public InputList Filters
+ {
+ get => _filters ?? (_filters = new InputList());
+ set => _filters = value;
+ }
+
+ public GetInstanceTypesInvokeArgs()
+ {
+ }
+ }
+
+
+ [OutputType]
+ public sealed class GetInstanceTypesResult
+ {
+ public readonly ImmutableArray Filters;
+ ///
+ /// The provider-assigned unique ID for this managed resource.
+ ///
+ public readonly string Id;
+ ///
+ /// List of EC2 Instance Types.
+ ///
+ public readonly ImmutableArray InstanceTypes;
+
+ [OutputConstructor]
+ private GetInstanceTypesResult(
+ ImmutableArray filters,
+
+ string id,
+
+ ImmutableArray instanceTypes)
+ {
+ Filters = filters;
+ Id = id;
+ InstanceTypes = instanceTypes;
+ }
+ }
+}
diff --git a/sdk/dotnet/Ec2/Inputs/GetInstanceTypesFilter.cs b/sdk/dotnet/Ec2/Inputs/GetInstanceTypesFilter.cs
new file mode 100644
index 00000000000..63b7d59ada5
--- /dev/null
+++ b/sdk/dotnet/Ec2/Inputs/GetInstanceTypesFilter.cs
@@ -0,0 +1,37 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Ec2.Inputs
+{
+
+ public sealed class GetInstanceTypesFilterArgs : Pulumi.InvokeArgs
+ {
+ ///
+ /// Name of the filter.
+ ///
+ [Input("name", required: true)]
+ public string Name { get; set; } = null!;
+
+ [Input("values", required: true)]
+ private List? _values;
+
+ ///
+ /// List of one or more values for the filter.
+ ///
+ public List Values
+ {
+ get => _values ?? (_values = new List());
+ set => _values = value;
+ }
+
+ public GetInstanceTypesFilterArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Ec2/Inputs/GetInstanceTypesFilterArgs.cs b/sdk/dotnet/Ec2/Inputs/GetInstanceTypesFilterArgs.cs
new file mode 100644
index 00000000000..614c927083d
--- /dev/null
+++ b/sdk/dotnet/Ec2/Inputs/GetInstanceTypesFilterArgs.cs
@@ -0,0 +1,37 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Ec2.Inputs
+{
+
+ public sealed class GetInstanceTypesFilterInputArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// Name of the filter.
+ ///
+ [Input("name", required: true)]
+ public Input Name { get; set; } = null!;
+
+ [Input("values", required: true)]
+ private InputList? _values;
+
+ ///
+ /// List of one or more values for the filter.
+ ///
+ public InputList Values
+ {
+ get => _values ?? (_values = new InputList());
+ set => _values = value;
+ }
+
+ public GetInstanceTypesFilterInputArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Ec2/Outputs/GetInstanceTypesFilterResult.cs b/sdk/dotnet/Ec2/Outputs/GetInstanceTypesFilterResult.cs
new file mode 100644
index 00000000000..a416f4aea6e
--- /dev/null
+++ b/sdk/dotnet/Ec2/Outputs/GetInstanceTypesFilterResult.cs
@@ -0,0 +1,35 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Ec2.Outputs
+{
+
+ [OutputType]
+ public sealed class GetInstanceTypesFilterResult
+ {
+ ///
+ /// Name of the filter.
+ ///
+ public readonly string Name;
+ ///
+ /// List of one or more values for the filter.
+ ///
+ public readonly ImmutableArray Values;
+
+ [OutputConstructor]
+ private GetInstanceTypesFilterResult(
+ string name,
+
+ ImmutableArray values)
+ {
+ Name = name;
+ Values = values;
+ }
+ }
+}
diff --git a/sdk/dotnet/Ecs/CapacityProvider.cs b/sdk/dotnet/Ecs/CapacityProvider.cs
index 08e1145ac5a..96526e5ce79 100644
--- a/sdk/dotnet/Ecs/CapacityProvider.cs
+++ b/sdk/dotnet/Ecs/CapacityProvider.cs
@@ -32,7 +32,7 @@ namespace Pulumi.Aws.Ecs
/// new Aws.AutoScaling.Inputs.GroupTagArgs
/// {
/// Key = "AmazonECSManaged",
- /// Value = "",
+ /// Value = "true",
/// PropagateAtLaunch = true,
/// },
/// },
diff --git a/sdk/dotnet/Ecs/Service.cs b/sdk/dotnet/Ecs/Service.cs
index aba82e2ce41..5b801aa9d96 100644
--- a/sdk/dotnet/Ecs/Service.cs
+++ b/sdk/dotnet/Ecs/Service.cs
@@ -144,25 +144,25 @@ namespace Pulumi.Aws.Ecs
public partial class Service : Pulumi.CustomResource
{
///
- /// Capacity provider strategy to use for the service. Can be one or more. Detailed below.
+ /// Capacity provider strategies to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if `force_new_deployment = true` and not changing from 0 `capacity_provider_strategy` blocks to greater than 0, or vice versa. See below.
///
[Output("capacityProviderStrategies")]
public Output> CapacityProviderStrategies { get; private set; } = null!;
///
- /// ARN of an ECS cluster
+ /// ARN of an ECS cluster.
///
[Output("cluster")]
public Output Cluster { get; private set; } = null!;
///
- /// Configuration block for deployment circuit breaker. Detailed below.
+ /// Configuration block for deployment circuit breaker. See below.
///
[Output("deploymentCircuitBreaker")]
public Output DeploymentCircuitBreaker { get; private set; } = null!;
///
- /// Configuration block for deployment controller configuration. Detailed below.
+ /// Configuration block for deployment controller configuration. See below.
///
[Output("deploymentController")]
public Output DeploymentController { get; private set; } = null!;
@@ -222,7 +222,7 @@ public partial class Service : Pulumi.CustomResource
public Output LaunchType { get; private set; } = null!;
///
- /// Configuration block for load balancers. Detailed below.
+ /// Configuration block for load balancers. See below.
///
[Output("loadBalancers")]
public Output> LoadBalancers { get; private set; } = null!;
@@ -234,19 +234,19 @@ public partial class Service : Pulumi.CustomResource
public Output Name { get; private set; } = null!;
///
- /// Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.
+ /// Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.
///
[Output("networkConfiguration")]
public Output NetworkConfiguration { get; private set; } = null!;
///
- /// Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.
+ /// Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.
///
[Output("orderedPlacementStrategies")]
public Output> OrderedPlacementStrategies { get; private set; } = null!;
///
- /// Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.
+ /// Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.
///
[Output("placementConstraints")]
public Output> PlacementConstraints { get; private set; } = null!;
@@ -270,13 +270,13 @@ public partial class Service : Pulumi.CustomResource
public Output SchedulingStrategy { get; private set; } = null!;
///
- /// Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.
+ /// Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.
///
[Output("serviceRegistries")]
public Output ServiceRegistries { get; private set; } = null!;
///
- /// Key-value map of resource tags.
+ /// Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
[Output("tags")]
public Output?> Tags { get; private set; } = null!;
@@ -349,7 +349,7 @@ public sealed class ServiceArgs : Pulumi.ResourceArgs
private InputList? _capacityProviderStrategies;
///
- /// Capacity provider strategy to use for the service. Can be one or more. Detailed below.
+ /// Capacity provider strategies to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if `force_new_deployment = true` and not changing from 0 `capacity_provider_strategy` blocks to greater than 0, or vice versa. See below.
///
public InputList CapacityProviderStrategies
{
@@ -358,19 +358,19 @@ public InputList CapacityProviderStr
}
///
- /// ARN of an ECS cluster
+ /// ARN of an ECS cluster.
///
[Input("cluster")]
public Input? Cluster { get; set; }
///
- /// Configuration block for deployment circuit breaker. Detailed below.
+ /// Configuration block for deployment circuit breaker. See below.
///
[Input("deploymentCircuitBreaker")]
public Input? DeploymentCircuitBreaker { get; set; }
///
- /// Configuration block for deployment controller configuration. Detailed below.
+ /// Configuration block for deployment controller configuration. See below.
///
[Input("deploymentController")]
public Input? DeploymentController { get; set; }
@@ -433,7 +433,7 @@ public InputList CapacityProviderStr
private InputList? _loadBalancers;
///
- /// Configuration block for load balancers. Detailed below.
+ /// Configuration block for load balancers. See below.
///
public InputList LoadBalancers
{
@@ -448,7 +448,7 @@ public InputList LoadBalancers
public Input? Name { get; set; }
///
- /// Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.
+ /// Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.
///
[Input("networkConfiguration")]
public Input? NetworkConfiguration { get; set; }
@@ -457,7 +457,7 @@ public InputList LoadBalancers
private InputList? _orderedPlacementStrategies;
///
- /// Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.
+ /// Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.
///
public InputList OrderedPlacementStrategies
{
@@ -469,7 +469,7 @@ public InputList OrderedPlacementStr
private InputList? _placementConstraints;
///
- /// Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.
+ /// Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.
///
public InputList PlacementConstraints
{
@@ -496,7 +496,7 @@ public InputList PlacementConstraints
public Input? SchedulingStrategy { get; set; }
///
- /// Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.
+ /// Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.
///
[Input("serviceRegistries")]
public Input? ServiceRegistries { get; set; }
@@ -505,7 +505,7 @@ public InputList PlacementConstraints
private InputMap? _tags;
///
- /// Key-value map of resource tags.
+ /// Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
@@ -536,7 +536,7 @@ public sealed class ServiceState : Pulumi.ResourceArgs
private InputList? _capacityProviderStrategies;
///
- /// Capacity provider strategy to use for the service. Can be one or more. Detailed below.
+ /// Capacity provider strategies to use for the service. Can be one or more. These can be updated without destroying and recreating the service only if `force_new_deployment = true` and not changing from 0 `capacity_provider_strategy` blocks to greater than 0, or vice versa. See below.
///
public InputList CapacityProviderStrategies
{
@@ -545,19 +545,19 @@ public InputList CapacityProvider
}
///
- /// ARN of an ECS cluster
+ /// ARN of an ECS cluster.
///
[Input("cluster")]
public Input? Cluster { get; set; }
///
- /// Configuration block for deployment circuit breaker. Detailed below.
+ /// Configuration block for deployment circuit breaker. See below.
///
[Input("deploymentCircuitBreaker")]
public Input? DeploymentCircuitBreaker { get; set; }
///
- /// Configuration block for deployment controller configuration. Detailed below.
+ /// Configuration block for deployment controller configuration. See below.
///
[Input("deploymentController")]
public Input? DeploymentController { get; set; }
@@ -620,7 +620,7 @@ public InputList CapacityProvider
private InputList? _loadBalancers;
///
- /// Configuration block for load balancers. Detailed below.
+ /// Configuration block for load balancers. See below.
///
public InputList LoadBalancers
{
@@ -635,7 +635,7 @@ public InputList LoadBalancers
public Input? Name { get; set; }
///
- /// Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.
+ /// Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.
///
[Input("networkConfiguration")]
public Input? NetworkConfiguration { get; set; }
@@ -644,7 +644,7 @@ public InputList LoadBalancers
private InputList? _orderedPlacementStrategies;
///
- /// Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.
+ /// Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.
///
public InputList OrderedPlacementStrategies
{
@@ -656,7 +656,7 @@ public InputList OrderedPlacement
private InputList? _placementConstraints;
///
- /// Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.
+ /// Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.
///
public InputList PlacementConstraints
{
@@ -683,7 +683,7 @@ public InputList PlacementConstraints
public Input? SchedulingStrategy { get; set; }
///
- /// Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.
+ /// Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.
///
[Input("serviceRegistries")]
public Input? ServiceRegistries { get; set; }
@@ -692,7 +692,7 @@ public InputList PlacementConstraints
private InputMap? _tags;
///
- /// Key-value map of resource tags.
+ /// Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
diff --git a/sdk/dotnet/ElasticLoadBalancing/GetLoadBalancer.cs b/sdk/dotnet/ElasticLoadBalancing/GetLoadBalancer.cs
index dbfd3722339..ae827fb24f1 100644
--- a/sdk/dotnet/ElasticLoadBalancing/GetLoadBalancer.cs
+++ b/sdk/dotnet/ElasticLoadBalancing/GetLoadBalancer.cs
@@ -141,6 +141,7 @@ public sealed class GetLoadBalancerResult
public readonly bool ConnectionDraining;
public readonly int ConnectionDrainingTimeout;
public readonly bool CrossZoneLoadBalancing;
+ public readonly string DesyncMitigationMode;
public readonly string DnsName;
public readonly Outputs.GetLoadBalancerHealthCheckResult HealthCheck;
///
@@ -173,6 +174,8 @@ private GetLoadBalancerResult(
bool crossZoneLoadBalancing,
+ string desyncMitigationMode,
+
string dnsName,
Outputs.GetLoadBalancerHealthCheckResult healthCheck,
@@ -207,6 +210,7 @@ private GetLoadBalancerResult(
ConnectionDraining = connectionDraining;
ConnectionDrainingTimeout = connectionDrainingTimeout;
CrossZoneLoadBalancing = crossZoneLoadBalancing;
+ DesyncMitigationMode = desyncMitigationMode;
DnsName = dnsName;
HealthCheck = healthCheck;
Id = id;
diff --git a/sdk/dotnet/ElasticLoadBalancing/LoadBalancer.cs b/sdk/dotnet/ElasticLoadBalancing/LoadBalancer.cs
index 3d5981e4d0a..f369a0ca723 100644
--- a/sdk/dotnet/ElasticLoadBalancing/LoadBalancer.cs
+++ b/sdk/dotnet/ElasticLoadBalancing/LoadBalancer.cs
@@ -145,6 +145,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("crossZoneLoadBalancing")]
public Output CrossZoneLoadBalancing { get; private set; } = null!;
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Output("desyncMitigationMode")]
+ public Output DesyncMitigationMode { get; private set; } = null!;
+
///
/// The DNS name of the ELB
///
@@ -320,6 +326,12 @@ public InputList AvailabilityZones
[Input("crossZoneLoadBalancing")]
public Input? CrossZoneLoadBalancing { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// A health_check block. Health Check documented below.
///
@@ -465,6 +477,12 @@ public InputList AvailabilityZones
[Input("crossZoneLoadBalancing")]
public Input? CrossZoneLoadBalancing { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// The DNS name of the ELB
///
diff --git a/sdk/dotnet/ElasticLoadBalancingV2/GetLoadBalancer.cs b/sdk/dotnet/ElasticLoadBalancingV2/GetLoadBalancer.cs
index 4501869123e..b1b8528f49e 100644
--- a/sdk/dotnet/ElasticLoadBalancingV2/GetLoadBalancer.cs
+++ b/sdk/dotnet/ElasticLoadBalancingV2/GetLoadBalancer.cs
@@ -163,10 +163,12 @@ public sealed class GetLoadBalancerResult
public readonly string Arn;
public readonly string ArnSuffix;
public readonly string CustomerOwnedIpv4Pool;
+ public readonly string DesyncMitigationMode;
public readonly string DnsName;
public readonly bool DropInvalidHeaderFields;
public readonly bool EnableDeletionProtection;
public readonly bool EnableHttp2;
+ public readonly bool EnableWafFailOpen;
///
/// The provider-assigned unique ID for this managed resource.
///
@@ -193,6 +195,8 @@ private GetLoadBalancerResult(
string customerOwnedIpv4Pool,
+ string desyncMitigationMode,
+
string dnsName,
bool dropInvalidHeaderFields,
@@ -201,6 +205,8 @@ private GetLoadBalancerResult(
bool enableHttp2,
+ bool enableWafFailOpen,
+
string id,
int idleTimeout,
@@ -229,10 +235,12 @@ private GetLoadBalancerResult(
Arn = arn;
ArnSuffix = arnSuffix;
CustomerOwnedIpv4Pool = customerOwnedIpv4Pool;
+ DesyncMitigationMode = desyncMitigationMode;
DnsName = dnsName;
DropInvalidHeaderFields = dropInvalidHeaderFields;
EnableDeletionProtection = enableDeletionProtection;
EnableHttp2 = enableHttp2;
+ EnableWafFailOpen = enableWafFailOpen;
Id = id;
IdleTimeout = idleTimeout;
Internal = @internal;
diff --git a/sdk/dotnet/ElasticLoadBalancingV2/LoadBalancer.cs b/sdk/dotnet/ElasticLoadBalancingV2/LoadBalancer.cs
index 1c8a01c7e71..b37ed00c729 100644
--- a/sdk/dotnet/ElasticLoadBalancingV2/LoadBalancer.cs
+++ b/sdk/dotnet/ElasticLoadBalancingV2/LoadBalancer.cs
@@ -176,6 +176,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("customerOwnedIpv4Pool")]
public Output CustomerOwnedIpv4Pool { get; private set; } = null!;
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Output("desyncMitigationMode")]
+ public Output DesyncMitigationMode { get; private set; } = null!;
+
///
/// The DNS name of the load balancer.
///
@@ -208,6 +214,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("enableHttp2")]
public Output EnableHttp2 { get; private set; } = null!;
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Output("enableWafFailOpen")]
+ public Output EnableWafFailOpen { get; private set; } = null!;
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -267,7 +279,7 @@ public partial class LoadBalancer : Pulumi.CustomResource
public Output> Subnets { get; private set; } = null!;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
[Output("tags")]
public Output?> Tags { get; private set; } = null!;
@@ -346,6 +358,12 @@ public sealed class LoadBalancerArgs : Pulumi.ResourceArgs
[Input("customerOwnedIpv4Pool")]
public Input? CustomerOwnedIpv4Pool { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.
///
@@ -372,6 +390,12 @@ public sealed class LoadBalancerArgs : Pulumi.ResourceArgs
[Input("enableHttp2")]
public Input? EnableHttp2 { get; set; }
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Input("enableWafFailOpen")]
+ public Input? EnableWafFailOpen { get; set; }
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -452,7 +476,7 @@ public InputList Subnets
private InputMap? _tags;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
@@ -491,6 +515,12 @@ public sealed class LoadBalancerState : Pulumi.ResourceArgs
[Input("customerOwnedIpv4Pool")]
public Input? CustomerOwnedIpv4Pool { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// The DNS name of the load balancer.
///
@@ -523,6 +553,12 @@ public sealed class LoadBalancerState : Pulumi.ResourceArgs
[Input("enableHttp2")]
public Input? EnableHttp2 { get; set; }
+ ///
+ /// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false`.
+ ///
+ [Input("enableWafFailOpen")]
+ public Input? EnableWafFailOpen { get; set; }
+
///
/// The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.
///
@@ -603,7 +639,7 @@ public InputList Subnets
private InputMap? _tags;
///
- /// A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
+ /// A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
///
public InputMap Tags
{
diff --git a/sdk/dotnet/Elb/GetLoadBalancer.cs b/sdk/dotnet/Elb/GetLoadBalancer.cs
index d1120dff4d1..7074f2d36f3 100644
--- a/sdk/dotnet/Elb/GetLoadBalancer.cs
+++ b/sdk/dotnet/Elb/GetLoadBalancer.cs
@@ -140,6 +140,7 @@ public sealed class GetLoadBalancerResult
public readonly bool ConnectionDraining;
public readonly int ConnectionDrainingTimeout;
public readonly bool CrossZoneLoadBalancing;
+ public readonly string DesyncMitigationMode;
public readonly string DnsName;
public readonly Outputs.GetLoadBalancerHealthCheckResult HealthCheck;
///
@@ -172,6 +173,8 @@ private GetLoadBalancerResult(
bool crossZoneLoadBalancing,
+ string desyncMitigationMode,
+
string dnsName,
Outputs.GetLoadBalancerHealthCheckResult healthCheck,
@@ -206,6 +209,7 @@ private GetLoadBalancerResult(
ConnectionDraining = connectionDraining;
ConnectionDrainingTimeout = connectionDrainingTimeout;
CrossZoneLoadBalancing = crossZoneLoadBalancing;
+ DesyncMitigationMode = desyncMitigationMode;
DnsName = dnsName;
HealthCheck = healthCheck;
Id = id;
diff --git a/sdk/dotnet/Elb/LoadBalancer.cs b/sdk/dotnet/Elb/LoadBalancer.cs
index d649eb637cd..4d578291e83 100644
--- a/sdk/dotnet/Elb/LoadBalancer.cs
+++ b/sdk/dotnet/Elb/LoadBalancer.cs
@@ -144,6 +144,12 @@ public partial class LoadBalancer : Pulumi.CustomResource
[Output("crossZoneLoadBalancing")]
public Output CrossZoneLoadBalancing { get; private set; } = null!;
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Output("desyncMitigationMode")]
+ public Output DesyncMitigationMode { get; private set; } = null!;
+
///
/// The DNS name of the ELB
///
@@ -323,6 +329,12 @@ public InputList AvailabilityZones
[Input("crossZoneLoadBalancing")]
public Input? CrossZoneLoadBalancing { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// A health_check block. Health Check documented below.
///
@@ -468,6 +480,12 @@ public InputList AvailabilityZones
[Input("crossZoneLoadBalancing")]
public Input? CrossZoneLoadBalancing { get; set; }
+ ///
+ /// Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are `monitor`, `defensive` (default), `strictest`.
+ ///
+ [Input("desyncMitigationMode")]
+ public Input? DesyncMitigationMode { get; set; }
+
///
/// The DNS name of the ELB
///
diff --git a/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationArgs.cs b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationArgs.cs
new file mode 100644
index 00000000000..6d3b7ea8c31
--- /dev/null
+++ b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationArgs.cs
@@ -0,0 +1,28 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Fsx.Inputs
+{
+
+ public sealed class OntapStorageVirtualMachineActiveDirectoryConfigurationArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The NetBIOS name of the Active Directory computer object that will be created for your SVM. This is often the same as the SVM name but can be different. It is limited to 15 characters because of standard NetBIOS naming limits.
+ ///
+ [Input("netbiosName")]
+ public Input? NetbiosName { get; set; }
+
+ [Input("selfManagedActiveDirectoryConfiguration")]
+ public Input? SelfManagedActiveDirectoryConfiguration { get; set; }
+
+ public OntapStorageVirtualMachineActiveDirectoryConfigurationArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationGetArgs.cs b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationGetArgs.cs
new file mode 100644
index 00000000000..b8c2d4fd480
--- /dev/null
+++ b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationGetArgs.cs
@@ -0,0 +1,28 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Fsx.Inputs
+{
+
+ public sealed class OntapStorageVirtualMachineActiveDirectoryConfigurationGetArgs : Pulumi.ResourceArgs
+ {
+ ///
+ /// The NetBIOS name of the Active Directory computer object that will be created for your SVM. This is often the same as the SVM name but can be different. It is limited to 15 characters because of standard NetBIOS naming limits.
+ ///
+ [Input("netbiosName")]
+ public Input? NetbiosName { get; set; }
+
+ [Input("selfManagedActiveDirectoryConfiguration")]
+ public Input? SelfManagedActiveDirectoryConfiguration { get; set; }
+
+ public OntapStorageVirtualMachineActiveDirectoryConfigurationGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs.cs b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs.cs
new file mode 100644
index 00000000000..9380eab801d
--- /dev/null
+++ b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs.cs
@@ -0,0 +1,58 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Fsx.Inputs
+{
+
+ public sealed class OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs : Pulumi.ResourceArgs
+ {
+ [Input("dnsIps", required: true)]
+ private InputList? _dnsIps;
+
+ ///
+ /// A list of up to three IP addresses of DNS servers or domain controllers in the self-managed AD directory.
+ ///
+ public InputList DnsIps
+ {
+ get => _dnsIps ?? (_dnsIps = new InputList());
+ set => _dnsIps = value;
+ }
+
+ ///
+ /// The fully qualified domain name of the self-managed AD directory. For example, `corp.example.com`.
+ ///
+ [Input("domainName", required: true)]
+ public Input DomainName { get; set; } = null!;
+
+ ///
+ /// The name of the domain group whose members are granted administrative privileges for the SVM. The group that you specify must already exist in your domain. Defaults to `Domain Admins`.
+ ///
+ [Input("fileSystemAdministratorsGroup")]
+ public Input? FileSystemAdministratorsGroup { get; set; }
+
+ [Input("organizationalUnitDistinguidshedName")]
+ public Input? OrganizationalUnitDistinguidshedName { get; set; }
+
+ ///
+ /// The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.
+ ///
+ [Input("password", required: true)]
+ public Input Password { get; set; } = null!;
+
+ ///
+ /// The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.
+ ///
+ [Input("username", required: true)]
+ public Input Username { get; set; } = null!;
+
+ public OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationGetArgs.cs b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationGetArgs.cs
new file mode 100644
index 00000000000..72df8ad9ada
--- /dev/null
+++ b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationGetArgs.cs
@@ -0,0 +1,58 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Fsx.Inputs
+{
+
+ public sealed class OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationGetArgs : Pulumi.ResourceArgs
+ {
+ [Input("dnsIps", required: true)]
+ private InputList? _dnsIps;
+
+ ///
+ /// A list of up to three IP addresses of DNS servers or domain controllers in the self-managed AD directory.
+ ///
+ public InputList DnsIps
+ {
+ get => _dnsIps ?? (_dnsIps = new InputList());
+ set => _dnsIps = value;
+ }
+
+ ///
+ /// The fully qualified domain name of the self-managed AD directory. For example, `corp.example.com`.
+ ///
+ [Input("domainName", required: true)]
+ public Input DomainName { get; set; } = null!;
+
+ ///
+ /// The name of the domain group whose members are granted administrative privileges for the SVM. The group that you specify must already exist in your domain. Defaults to `Domain Admins`.
+ ///
+ [Input("fileSystemAdministratorsGroup")]
+ public Input? FileSystemAdministratorsGroup { get; set; }
+
+ [Input("organizationalUnitDistinguidshedName")]
+ public Input? OrganizationalUnitDistinguidshedName { get; set; }
+
+ ///
+ /// The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.
+ ///
+ [Input("password", required: true)]
+ public Input Password { get; set; } = null!;
+
+ ///
+ /// The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.
+ ///
+ [Input("username", required: true)]
+ public Input Username { get; set; } = null!;
+
+ public OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfigurationGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointArgs.cs b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointArgs.cs
new file mode 100644
index 00000000000..7aed07209c2
--- /dev/null
+++ b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointArgs.cs
@@ -0,0 +1,67 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Fsx.Inputs
+{
+
+ public sealed class OntapStorageVirtualMachineEndpointArgs : Pulumi.ResourceArgs
+ {
+ [Input("iscses")]
+ private InputList? _iscses;
+
+ ///
+ /// An endpoint for accessing data on your storage virtual machine via iSCSI protocol. See Endpoint.
+ ///
+ public InputList Iscses
+ {
+ get => _iscses ?? (_iscses = new InputList());
+ set => _iscses = value;
+ }
+
+ [Input("managements")]
+ private InputList? _managements;
+
+ ///
+ /// An endpoint for managing your file system using the NetApp ONTAP CLI and NetApp ONTAP API. See Endpoint.
+ ///
+ public InputList Managements
+ {
+ get => _managements ?? (_managements = new InputList());
+ set => _managements = value;
+ }
+
+ [Input("nfs")]
+ private InputList? _nfs;
+
+ ///
+ /// An endpoint for accessing data on your storage virtual machine via NFS protocol. See Endpoint.
+ ///
+ public InputList Nfs
+ {
+ get => _nfs ?? (_nfs = new InputList());
+ set => _nfs = value;
+ }
+
+ [Input("smbs")]
+ private InputList? _smbs;
+
+ ///
+ /// An endpoint for accessing data on your storage virtual machine via SMB protocol. This is only set if an active_directory_configuration has been set. See Endpoint.
+ ///
+ public InputList Smbs
+ {
+ get => _smbs ?? (_smbs = new InputList());
+ set => _smbs = value;
+ }
+
+ public OntapStorageVirtualMachineEndpointArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointGetArgs.cs b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointGetArgs.cs
new file mode 100644
index 00000000000..db91f4de543
--- /dev/null
+++ b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointGetArgs.cs
@@ -0,0 +1,67 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Fsx.Inputs
+{
+
+ public sealed class OntapStorageVirtualMachineEndpointGetArgs : Pulumi.ResourceArgs
+ {
+ [Input("iscses")]
+ private InputList? _iscses;
+
+ ///
+ /// An endpoint for accessing data on your storage virtual machine via iSCSI protocol. See Endpoint.
+ ///
+ public InputList Iscses
+ {
+ get => _iscses ?? (_iscses = new InputList());
+ set => _iscses = value;
+ }
+
+ [Input("managements")]
+ private InputList? _managements;
+
+ ///
+ /// An endpoint for managing your file system using the NetApp ONTAP CLI and NetApp ONTAP API. See Endpoint.
+ ///
+ public InputList Managements
+ {
+ get => _managements ?? (_managements = new InputList());
+ set => _managements = value;
+ }
+
+ [Input("nfs")]
+ private InputList? _nfs;
+
+ ///
+ /// An endpoint for accessing data on your storage virtual machine via NFS protocol. See Endpoint.
+ ///
+ public InputList Nfs
+ {
+ get => _nfs ?? (_nfs = new InputList());
+ set => _nfs = value;
+ }
+
+ [Input("smbs")]
+ private InputList? _smbs;
+
+ ///
+ /// An endpoint for accessing data on your storage virtual machine via SMB protocol. This is only set if an active_directory_configuration has been set. See Endpoint.
+ ///
+ public InputList Smbs
+ {
+ get => _smbs ?? (_smbs = new InputList());
+ set => _smbs = value;
+ }
+
+ public OntapStorageVirtualMachineEndpointGetArgs()
+ {
+ }
+ }
+}
diff --git a/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointIscseArgs.cs b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointIscseArgs.cs
new file mode 100644
index 00000000000..f14850299e0
--- /dev/null
+++ b/sdk/dotnet/Fsx/Inputs/OntapStorageVirtualMachineEndpointIscseArgs.cs
@@ -0,0 +1,37 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Aws.Fsx.Inputs
+{
+
+ public sealed class OntapStorageVirtualMachineEndpointIscseArgs : Pulumi.ResourceArgs
+ {
+ ///