From 1c072196a1bcb0d5d6697b7d41f799c9422d1f47 Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 17 Nov 2023 18:01:59 +0000 Subject: [PATCH] chore(schema): update --- samtranslator/schema/schema.json | 178 +++++++------- schema_source/cloudformation-docs.json | 296 ++++++++++++----------- schema_source/cloudformation.schema.json | 178 +++++++------- 3 files changed, 330 insertions(+), 322 deletions(-) diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 37d769ddb..992959354 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -29299,22 +29299,22 @@ "additionalProperties": false, "properties": { "AllowCleartext": { - "markdownDescription": "Indicates whether encrypted tables can contain cleartext data (true) or are to cryptographically process every column (false).", + "markdownDescription": "Indicates whether encrypted tables can contain cleartext data ( `TRUE` ) or are to cryptographically process every column ( `FALSE` ).", "title": "AllowCleartext", "type": "boolean" }, "AllowDuplicates": { - "markdownDescription": "Indicates whether Fingerprint columns can contain duplicate entries (true) or are to contain only non-repeated values (false).", + "markdownDescription": "Indicates whether Fingerprint columns can contain duplicate entries ( `TRUE` ) or are to contain only non-repeated values ( `FALSE` ).", "title": "AllowDuplicates", "type": "boolean" }, "AllowJoinsOnColumnsWithDifferentNames": { - "markdownDescription": "Indicates whether Fingerprint columns can be joined on any other Fingerprint column with a different name (true) or can only be joined on Fingerprint columns of the same name (false).", + "markdownDescription": "Indicates whether Fingerprint columns can be joined on any other Fingerprint column with a different name ( `TRUE` ) or can only be joined on Fingerprint columns of the same name ( `FALSE` ).", "title": "AllowJoinsOnColumnsWithDifferentNames", "type": "boolean" }, "PreserveNulls": { - "markdownDescription": "Indicates whether NULL values are to be copied as NULL to encrypted tables (true) or cryptographically processed (false).", + "markdownDescription": "Indicates whether NULL values are to be copied as NULL to encrypted tables ( `TRUE` ) or cryptographically processed ( `FALSE` ).", "title": "PreserveNulls", "type": "boolean" } @@ -29331,7 +29331,7 @@ "additionalProperties": false, "properties": { "AccountId": { - "markdownDescription": "The identifier used to reference members of the collaboration. Currently only supports ID.", + "markdownDescription": "The identifier used to reference members of the collaboration. Currently only supports AWS account ID.", "title": "AccountId", "type": "string" }, @@ -29615,7 +29615,7 @@ "items": { "type": "string" }, - "markdownDescription": "The accounts that are allowed to query by the custom analysis rule. Required when `allowedAnalyses` is `ANY_QUERY` .", + "markdownDescription": "The AWS accounts that are allowed to query by the custom analysis rule. Required when `allowedAnalyses` is `ANY_QUERY` .", "title": "AllowedAnalysisProviders", "type": "array" } @@ -29872,7 +29872,7 @@ "title": "DefaultResultConfiguration" }, "QueryLogStatus": { - "markdownDescription": "An indicator as to whether query logging has been enabled or disabled for the collaboration.", + "markdownDescription": "An indicator as to whether query logging has been enabled or disabled for the membership.", "title": "QueryLogStatus", "type": "string" }, @@ -29935,7 +29935,7 @@ "title": "OutputConfiguration" }, "RoleArn": { - "markdownDescription": "The unique ARN for an IAM role that is used by to write protected query results to the result location, given by the member who can receive results.", + "markdownDescription": "The unique ARN for an IAM role that is used by AWS Clean Rooms to write protected query results to the result location, given by the member who can receive results.", "title": "RoleArn", "type": "string" } @@ -52024,7 +52024,7 @@ "type": "number" }, "MinCapacityUnits": { - "markdownDescription": "Specifies the minimum value of the AWS DMS capacity units (DCUs) for which a given AWS DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCU as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. So, the minimum DCU value that you can specify for AWS DMS Serverless is 1. You don't have to specify a value for the `MinCapacityUnits` parameter. If you don't set this value, AWS DMS scans the current activity of available source tables to identify an optimum setting for this parameter. If there is no current source activity or AWS DMS can't otherwise identify a more appropriate value, it sets this parameter to the minimum DCU value allowed, 1.", + "markdownDescription": "Specifies the minimum value of the AWS DMS capacity units (DCUs) for which a given AWS DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCU as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. So, the minimum DCU value that you can specify for AWS DMS Serverless is 1. If you don't set this value, AWS DMS sets this parameter to the minimum DCU value allowed, 1. If there is no current source activity, AWS DMS scales down your replication until it reaches the value specified in `MinCapacityUnits` .", "title": "MinCapacityUnits", "type": "number" }, @@ -91748,7 +91748,7 @@ "type": "string" }, "ServerSdkVersion": { - "markdownDescription": "The Amazon GameLift Server SDK version used to develop your game server.", + "markdownDescription": "A server SDK version you used when integrating your game server build with Amazon GameLift. For more information see [Integrate games with custom game servers](https://docs.aws.amazon.com/gamelift/latest/developerguide/integration-custom-intro.html) . By default Amazon GameLift sets this value to `4.0.2` .", "title": "ServerSdkVersion", "type": "string" }, @@ -91789,7 +91789,7 @@ "additionalProperties": false, "properties": { "Bucket": { - "markdownDescription": "An Amazon S3 bucket identifier. Thename of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", + "markdownDescription": "An Amazon S3 bucket identifier. The name of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", "title": "Bucket", "type": "string" }, @@ -91799,12 +91799,12 @@ "type": "string" }, "ObjectVersion": { - "markdownDescription": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", + "markdownDescription": "A version of a stored file to retrieve, if the object versioning feature is turned on for the S3 bucket. Use this parameter to specify a specific version. If this parameter isn't set, Amazon GameLift retrieves the latest version of the file.", "title": "ObjectVersion", "type": "string" }, "RoleArn": { - "markdownDescription": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket.", + "markdownDescription": "The ARNfor an IAM role that allows Amazon GameLift to access the S3 bucket.", "title": "RoleArn", "type": "string" } @@ -91853,12 +91853,10 @@ "properties": { "AnywhereConfiguration": { "$ref": "#/definitions/AWS::GameLift::Fleet.AnywhereConfiguration", - "markdownDescription": "Amazon GameLift Anywhere configuration options for your Anywhere fleets.", + "markdownDescription": "Amazon GameLift Anywhere configuration options.", "title": "AnywhereConfiguration" }, "ApplyCapacity": { - "markdownDescription": "", - "title": "ApplyCapacity", "type": "string" }, "BuildId": { @@ -91872,7 +91870,7 @@ "title": "CertificateConfiguration" }, "ComputeType": { - "markdownDescription": "The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Anywhere or use Amazon EC2 instances with managed Amazon GameLift.", + "markdownDescription": "The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Anywhere or use Amazon EC2 instances with managed Amazon GameLift. By default, this property is set to `EC2` .", "title": "ComputeType", "type": "string" }, @@ -91974,7 +91972,7 @@ "items": { "$ref": "#/definitions/AWS::GameLift::Fleet.ScalingPolicy" }, - "markdownDescription": "", + "markdownDescription": "Rule that controls how a fleet is scaled. Scaling policies are uniquely identified by the combination of name and fleet ID.", "title": "ScalingPolicies", "type": "array" }, @@ -92239,7 +92237,7 @@ "type": "string" }, "Parameters": { - "markdownDescription": "An optional list of parameters to pass to the server executable or Realtime script on launch.", + "markdownDescription": "An optional list of parameters to pass to the server executable or Realtime script on launch.\n\nLength Constraints: Minimum length of 1. Maximum length of 1024.\n\nPattern: [A-Za-z0-9_:.+\\/\\\\\\- =@{},?'\\[\\]\"]+", "title": "Parameters", "type": "string" } @@ -92590,8 +92588,6 @@ "additionalProperties": false, "properties": { "DestinationArn": { - "markdownDescription": "The Amazon Resource Name (ARN) that is assigned to fleet or fleet alias. ARNs, which include a fleet ID or alias ID and a Region name, provide a unique identifier across all Regions.", - "title": "DestinationArn", "type": "string" } }, @@ -92685,7 +92681,7 @@ "additionalProperties": false, "properties": { "LocationName": { - "markdownDescription": "The location's name.", + "markdownDescription": "A descriptive name for the custom location.", "title": "LocationName", "type": "string" }, @@ -92693,7 +92689,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "", + "markdownDescription": "A list of labels to assign to the new matchmaking configuration resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Rareference* .", "title": "Tags", "type": "array" } @@ -106961,7 +106957,7 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::InternetMonitor::Monitor.S3Config", - "markdownDescription": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.", + "markdownDescription": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3.", "title": "S3Config" } }, @@ -106992,17 +106988,17 @@ "additionalProperties": false, "properties": { "BucketName": { - "markdownDescription": "The Amazon S3 bucket name.", + "markdownDescription": "The Amazon S3 bucket name for internet measurements publishing.", "title": "BucketName", "type": "string" }, "BucketPrefix": { - "markdownDescription": "The Amazon S3 bucket prefix.", + "markdownDescription": "An optional Amazon S3 bucket prefix for internet measurements publishing.", "title": "BucketPrefix", "type": "string" }, "LogDeliveryStatus": { - "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket.", + "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise.", "title": "LogDeliveryStatus", "type": "string" } @@ -167085,12 +167081,12 @@ "additionalProperties": false, "properties": { "CodebuildRoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of an service role in the environment account. uses this role to provision infrastructure resources using CodeBuild-based provisioning in the associated environment account.", + "markdownDescription": "The Amazon Resource Name (ARN) of an IAM service role in the environment account. AWS Proton uses this role to provision infrastructure resources using CodeBuild-based provisioning in the associated environment account.", "title": "CodebuildRoleArn", "type": "string" }, "ComponentRoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the service role that uses when provisioning directly defined components in the associated environment account. It determines the scope of infrastructure that a component can provision in the account.\n\nThe environment account connection must have a `componentRoleArn` to allow directly defined components to be associated with any environments running in the account.", + "markdownDescription": "The Amazon Resource Name (ARN) of the IAM service role that AWS Proton uses when provisioning directly defined components in the associated environment account. It determines the scope of infrastructure that a component can provision in the account.\n\nThe environment account connection must have a `componentRoleArn` to allow directly defined components to be associated with any environments running in the account.\n\nFor more information about components, see [AWS Proton components](https://docs.aws.amazon.com/proton/latest/userguide/ag-components.html) in the *AWS Proton User Guide* .", "title": "ComponentRoleArn", "type": "string" }, @@ -167118,7 +167114,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An optional list of metadata items that you can associate with the environment account connection. A tag is a key-value pair.\n\nFor more information, see [resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *User Guide* .", + "markdownDescription": "An optional list of metadata items that you can associate with the AWS Proton environment account connection. A tag is a key-value pair.\n\nFor more information, see [AWS Proton resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *AWS Proton User Guide* .", "title": "Tags", "type": "array" } @@ -167209,7 +167205,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An optional list of metadata items that you can associate with the environment template. A tag is a key-value pair.\n\nFor more information, see [resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *User Guide* .", + "markdownDescription": "An optional list of metadata items that you can associate with the AWS Proton environment template. A tag is a key-value pair.\n\nFor more information, see [AWS Proton resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *AWS Proton User Guide* .", "title": "Tags", "type": "array" } @@ -181951,9 +181947,7 @@ "type": "array" }, "Options": { - "$ref": "#/definitions/AWS::QuickSight::Dashboard.AssetOptions", - "markdownDescription": "", - "title": "Options" + "$ref": "#/definitions/AWS::QuickSight::Dashboard.AssetOptions" }, "Sheets": { "items": { @@ -204659,9 +204653,7 @@ "type": "array" }, "Options": { - "$ref": "#/definitions/AWS::QuickSight::Template.AssetOptions", - "markdownDescription": "", - "title": "Options" + "$ref": "#/definitions/AWS::QuickSight::Template.AssetOptions" }, "Sheets": { "items": { @@ -213195,7 +213187,7 @@ "additionalProperties": false, "properties": { "AppAssessmentSchedule": { - "markdownDescription": "Assessment execution schedule with 'Daily' or 'Disabled' values.", + "markdownDescription": "", "title": "AppAssessmentSchedule", "type": "string" }, @@ -213205,7 +213197,7 @@ "type": "string" }, "Description": { - "markdownDescription": "Optional description for an application.", + "markdownDescription": "", "title": "Description", "type": "string" }, @@ -213213,18 +213205,18 @@ "items": { "$ref": "#/definitions/AWS::ResilienceHub::App.EventSubscription" }, - "markdownDescription": "The list of events you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* and *Scheduled assessment failure* events.", + "markdownDescription": "", "title": "EventSubscriptions", "type": "array" }, "Name": { - "markdownDescription": "Name for the application.", + "markdownDescription": "", "title": "Name", "type": "string" }, "PermissionModel": { "$ref": "#/definitions/AWS::ResilienceHub::App.PermissionModel", - "markdownDescription": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment.", + "markdownDescription": "", "title": "PermissionModel" }, "ResiliencyPolicyArn": { @@ -213284,17 +213276,17 @@ "additionalProperties": false, "properties": { "EventType": { - "markdownDescription": "The type of event you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* ( `DriftDetected` ) and *Scheduled assessment failure* ( `ScheduledAssessmentFailure` ) events.", + "markdownDescription": "", "title": "EventType", "type": "string" }, "Name": { - "markdownDescription": "Unique name to identify an event subscription.", + "markdownDescription": "", "title": "Name", "type": "string" }, "SnsTopicArn": { - "markdownDescription": "Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic. The format for this ARN is: `arn:partition:sns:region:account:topic-name` .", + "markdownDescription": "", "title": "SnsTopicArn", "type": "string" } @@ -213312,17 +213304,17 @@ "items": { "type": "string" }, - "markdownDescription": "Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.\n\n> - These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts.\n> - These roles must have a trust policy with `iam:AssumeRole` permission to the invoker role in the primary account.", + "markdownDescription": "", "title": "CrossAccountRoleArns", "type": "array" }, "InvokerRoleName": { - "markdownDescription": "Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.\n\n> - You must have `iam:passRole` permission for this role while creating or updating the application.\n> - Currently, `invokerRoleName` accepts only `[A-Za-z0-9_+=,.@-]` characters.", + "markdownDescription": "", "title": "InvokerRoleName", "type": "string" }, "Type": { - "markdownDescription": "Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.", + "markdownDescription": "", "title": "Type", "type": "string" } @@ -213336,22 +213328,22 @@ "additionalProperties": false, "properties": { "AwsAccountId": { - "markdownDescription": "The account that owns the physical resource.", + "markdownDescription": "", "title": "AwsAccountId", "type": "string" }, "AwsRegion": { - "markdownDescription": "The that the physical resource is located in.", + "markdownDescription": "", "title": "AwsRegion", "type": "string" }, "Identifier": { - "markdownDescription": "Identifier of the physical resource.", + "markdownDescription": "", "title": "Identifier", "type": "string" }, "Type": { - "markdownDescription": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) and it can identify the following list of resources:\n\n- `AWS::ECS::Service`\n- `AWS::EFS::FileSystem`\n- `AWS::ElasticLoadBalancingV2::LoadBalancer`\n- `AWS::Lambda::Function`\n- `AWS::SNS::Topic`\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier and it can identify the following list of resources:\n\n- `AWS::ApiGateway::RestApi`\n- `AWS::ApiGatewayV2::Api`\n- `AWS::AutoScaling::AutoScalingGroup`\n- `AWS::DocDB::DBCluster`\n- `AWS::DocDB::DBGlobalCluster`\n- `AWS::DocDB::DBInstance`\n- `AWS::DynamoDB::GlobalTable`\n- `AWS::DynamoDB::Table`\n- `AWS::EC2::EC2Fleet`\n- `AWS::EC2::Instance`\n- `AWS::EC2::NatGateway`\n- `AWS::EC2::Volume`\n- `AWS::ElasticLoadBalancing::LoadBalancer`\n- `AWS::RDS::DBCluster`\n- `AWS::RDS::DBInstance`\n- `AWS::RDS::GlobalCluster`\n- `AWS::Route53::RecordSet`\n- `AWS::S3::Bucket`\n- `AWS::SQS::Queue`", + "markdownDescription": "", "title": "Type", "type": "string" } @@ -213371,27 +213363,27 @@ "type": "string" }, "LogicalStackName": { - "markdownDescription": "The name of the AWS CloudFormation stack this resource is mapped to.", + "markdownDescription": "", "title": "LogicalStackName", "type": "string" }, "MappingType": { - "markdownDescription": "Specifies the type of resource mapping.\n\n- **AppRegistryApp** - The resource is mapped to another application. The name of the application is contained in the `appRegistryAppName` property.\n- **CfnStack** - The resource is mapped to a AWS CloudFormation stack. The name of the AWS CloudFormation stack is contained in the `logicalStackName` property.\n- **Resource** - The resource is mapped to another resource. The name of the resource is contained in the `resourceName` property.\n- **ResourceGroup** - The resource is mapped to AWS Resource Groups . The name of the resource group is contained in the `resourceGroupName` property.", + "markdownDescription": "", "title": "MappingType", "type": "string" }, "PhysicalResourceId": { "$ref": "#/definitions/AWS::ResilienceHub::App.PhysicalResourceId", - "markdownDescription": "Identifier of the physical resource.", + "markdownDescription": "", "title": "PhysicalResourceId" }, "ResourceName": { - "markdownDescription": "Name of the resource that the resource is mapped to.", + "markdownDescription": "", "title": "ResourceName", "type": "string" }, "TerraformSourceName": { - "markdownDescription": "The short name of the Terraform source.", + "markdownDescription": "", "title": "TerraformSourceName", "type": "string" } @@ -213438,13 +213430,13 @@ "additionalProperties": false, "properties": { "DataLocationConstraint": { - "markdownDescription": "Specifies a high-level geographical location constraint for where your resilience policy data can be stored.", + "markdownDescription": "", "title": "DataLocationConstraint", "type": "string" }, "Policy": { "additionalProperties": false, - "markdownDescription": "The resiliency policy.", + "markdownDescription": "", "patternProperties": { "^[a-zA-Z0-9]+$": { "$ref": "#/definitions/AWS::ResilienceHub::ResiliencyPolicy.FailurePolicy" @@ -213454,12 +213446,12 @@ "type": "object" }, "PolicyDescription": { - "markdownDescription": "The description for the policy.", + "markdownDescription": "", "title": "PolicyDescription", "type": "string" }, "PolicyName": { - "markdownDescription": "The name of the policy", + "markdownDescription": "", "title": "PolicyName", "type": "string" }, @@ -213475,7 +213467,7 @@ "type": "object" }, "Tier": { - "markdownDescription": "The tier for this resiliency policy, ranging from the highest severity ( `MissionCritical` ) to lowest ( `NonCritical` ).", + "markdownDescription": "", "title": "Tier", "type": "string" } @@ -213512,12 +213504,12 @@ "additionalProperties": false, "properties": { "RpoInSecs": { - "markdownDescription": "Recovery Point Objective (RPO) in seconds.", + "markdownDescription": "", "title": "RpoInSecs", "type": "number" }, "RtoInSecs": { - "markdownDescription": "Recovery Time Objective (RTO) in seconds.", + "markdownDescription": "", "title": "RtoInSecs", "type": "number" } @@ -214774,12 +214766,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "markdownDescription": "The number of seconds vended session credentials will be valid for", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "Indicates whether the profile is enabled.", + "markdownDescription": "The enabled status of the resource.", "title": "Enabled", "type": "boolean" }, @@ -214787,17 +214779,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The name of the profile.", + "markdownDescription": "The customer specified name of the resource.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -214805,12 +214797,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -214818,7 +214810,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags to attach to the profile.", + "markdownDescription": "A list of Tags.", "title": "Tags", "type": "array" } @@ -214979,11 +214971,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "The data field of the trust anchor depending on its type.", + "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", + "markdownDescription": "The type of the TrustAnchor.", "title": "SourceType", "type": "string" } @@ -219930,7 +219922,7 @@ }, "StorageLensGroupLevel": { "$ref": "#/definitions/AWS::S3::StorageLens.StorageLensGroupLevel", - "markdownDescription": "", + "markdownDescription": "This property determines the scope of Storage Lens group data that is displayed in the Storage Lens dashboard.", "title": "StorageLensGroupLevel" } }, @@ -220259,7 +220251,7 @@ "properties": { "StorageLensGroupSelectionCriteria": { "$ref": "#/definitions/AWS::S3::StorageLens.StorageLensGroupSelectionCriteria", - "markdownDescription": "", + "markdownDescription": "This property indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.", "title": "StorageLensGroupSelectionCriteria" } }, @@ -220272,7 +220264,7 @@ "items": { "type": "string" }, - "markdownDescription": "", + "markdownDescription": "This property indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.", "title": "Exclude", "type": "array" }, @@ -220280,7 +220272,7 @@ "items": { "type": "string" }, - "markdownDescription": "", + "markdownDescription": "This property indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.", "title": "Include", "type": "array" } @@ -243371,16 +243363,16 @@ "properties": { "Configuration": { "$ref": "#/definitions/AWS::VerifiedPermissions::IdentitySource.IdentitySourceConfiguration", - "markdownDescription": "Contains configuration information used when creating a new .\n\n> At this time, the only valid member of this structure is a user pool configuration.\n> \n> You must specify a `userPoolArn` , and optionally, a `ClientId` . \n\nThis data type is used as a request parameter for the [CreateIdentitySource](https://docs.aws.amazon.com/API_CreateIdentitySource.html) operation.", + "markdownDescription": "Contains configuration information used when creating a new identity source.\n\n> At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.\n> \n> You must specify a `userPoolArn` , and optionally, a `ClientId` . \n\nThis data type is used as a request parameter for the [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) operation.", "title": "Configuration" }, "PolicyStoreId": { - "markdownDescription": "Specifies the ID of the in which you want to store this . Only policies and requests made using this can reference identities from the identity provider configured in the new .", + "markdownDescription": "Specifies the ID of the policy store in which you want to store this identity source. Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.", "title": "PolicyStoreId", "type": "string" }, "PrincipalEntityType": { - "markdownDescription": "Specifies the namespace and data type of the principals generated for identities authenticated by the new .", + "markdownDescription": "Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.", "title": "PrincipalEntityType", "type": "string" } @@ -243418,7 +243410,7 @@ "items": { "type": "string" }, - "markdownDescription": "The unique application client IDs that are associated with the specified user pool.\n\nExample: `\"ClientIds\": [\"&ExampleCogClientId;\"]`", + "markdownDescription": "The unique application client IDs that are associated with the specified Amazon Cognito user pool.\n\nExample: `\"ClientIds\": [\"&ExampleCogClientId;\"]`", "title": "ClientIds", "type": "array" }, @@ -243464,7 +243456,7 @@ "type": "string" }, "OpenIdIssuer": { - "markdownDescription": "A string that identifies the type of OIDC service represented by this .\n\nAt this time, the only valid value is `cognito` .", + "markdownDescription": "A string that identifies the type of OIDC service represented by this identity source.\n\nAt this time, the only valid value is `cognito` .", "title": "OpenIdIssuer", "type": "string" }, @@ -243517,7 +243509,7 @@ "title": "Definition" }, "PolicyStoreId": { - "markdownDescription": "Specifies the `PolicyStoreId` of the you want to store the policy in.", + "markdownDescription": "Specifies the `PolicyStoreId` of the policy store you want to store the policy in.", "title": "PolicyStoreId", "type": "string" } @@ -243573,12 +243565,12 @@ "properties": { "Static": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.StaticPolicyDefinition", - "markdownDescription": "A structure that describes . An doesn't use a template or allow placeholders for entities.", + "markdownDescription": "A structure that describes a static policy. An static policy doesn't use a template or allow placeholders for entities.", "title": "Static" }, "TemplateLinked": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.TemplateLinkedPolicyDefinition", - "markdownDescription": "A structure that describes a policy that was instantiated from a template. The template can specify placeholders for `principal` and `resource` . When you use [CreatePolicy](https://docs.aws.amazon.com/API_CreatePolicy.html) to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy.", + "markdownDescription": "A structure that describes a policy that was instantiated from a template. The template can specify placeholders for `principal` and `resource` . When you use [CreatePolicy](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy.", "title": "TemplateLinked" } }, @@ -243588,12 +243580,12 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the .", + "markdownDescription": "The description of the static policy.", "title": "Description", "type": "string" }, "Statement": { - "markdownDescription": "The policy content of the , written in the .", + "markdownDescription": "The policy content of the static policy, written in the Cedar policy language.", "title": "Statement", "type": "string" } @@ -243613,12 +243605,12 @@ }, "Principal": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.EntityIdentifier", - "markdownDescription": "The principal associated with this . substitutes this principal for the `?principal` placeholder in the when it evaluates an authorization request.", + "markdownDescription": "The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the `?principal` placeholder in the policy template when it evaluates an authorization request.", "title": "Principal" }, "Resource": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.EntityIdentifier", - "markdownDescription": "The resource associated with this . substitutes this resource for the `?resource` placeholder in the when it evaluates an authorization request.", + "markdownDescription": "The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the `?resource` placeholder in the policy template when it evaluates an authorization request.", "title": "Resource" } }, @@ -243669,7 +243661,7 @@ }, "ValidationSettings": { "$ref": "#/definitions/AWS::VerifiedPermissions::PolicyStore.ValidationSettings", - "markdownDescription": "Specifies the validation setting for this .\n\nCurrently, the only valid and required value is `Mode` .\n\n> We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on.", + "markdownDescription": "Specifies the validation setting for this policy store.\n\nCurrently, the only valid and required value is `Mode` .\n\n> We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on.", "title": "ValidationSettings" } }, @@ -243703,7 +243695,7 @@ "additionalProperties": false, "properties": { "CedarJson": { - "markdownDescription": "A JSON string representation of the schema supported by applications that use this . For more information, see [Policy store schema](https://docs.aws.amazon.com/schema.html) in the ** .", + "markdownDescription": "A JSON string representation of the schema supported by applications that use this policy store. For more information, see [Policy store schema](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) in the *Amazon Verified Permissions User Guide* .", "title": "CedarJson", "type": "string" } @@ -243770,7 +243762,7 @@ "type": "string" }, "Statement": { - "markdownDescription": "Specifies the content that you want to use for the new , written in the policy language.", + "markdownDescription": "Specifies the content that you want to use for the new policy template, written in the Cedar policy language.", "title": "Statement", "type": "string" } diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 8b9748cee..5e87b1a7c 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -3169,7 +3169,6 @@ "AWS::ApplicationAutoScaling::ScalingPolicy CustomizedMetricSpecification": { "Dimensions": "The dimensions of the metric.\n\nConditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.", "MetricName": "The name of the metric. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that's returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", - "Metrics": "The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions.", "Namespace": "The namespace of the metric.", "Statistic": "The statistic of the metric.", "Unit": "The unit of the metric. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* ." @@ -3194,27 +3193,6 @@ "MinAdjustmentMagnitude": "The minimum value to scale by when the adjustment type is `PercentChangeInCapacity` . For example, suppose that you create a step scaling policy to scale out an Amazon ECS service by 25 percent and you specify a `MinAdjustmentMagnitude` of 2. If the service has 4 tasks and the scaling policy is performed, 25 percent of 4 is 1. However, because you specified a `MinAdjustmentMagnitude` of 2, Application Auto Scaling scales out the service by 2 tasks.", "StepAdjustments": "A set of adjustments that enable you to scale based on the size of the alarm breach.\n\nAt least one step adjustment is required if you are adding a new step scaling policy configuration." }, - "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetric": { - "Dimensions": "The dimensions for the metric. For the list of available dimensions, see the AWS documentation available from the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* .\n\nConditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.", - "MetricName": "The name of the metric.", - "Namespace": "The namespace of the metric. For more information, see the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* ." - }, - "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery": { - "Expression": "The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the `Id` of the other metrics to refer to those metrics, and can also use the `Id` of other expressions to use the result of those expressions.\n\nConditional: Within each `TargetTrackingMetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", - "Id": "A short name that identifies the object's results in the response. This name must be unique among all `MetricDataQuery` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.", - "Label": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.", - "MetricStat": "Information about the metric data to return.\n\nConditional: Within each `MetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", - "ReturnData": "Indicates whether to return the timestamps and raw data values of this metric.\n\nIf you use any math expressions, specify `true` for this value for only the final math expression that the metric specification is based on. You must specify `false` for `ReturnData` for all the other metrics and expressions used in the metric specification.\n\nIf you are only retrieving metrics and not performing any math expressions, do not specify anything for `ReturnData` . This sets it to its default ( `true` )." - }, - "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDimension": { - "Name": "The name of the dimension.", - "Value": "The value of the dimension." - }, - "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricStat": { - "Metric": "The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", - "Stat": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide* .\n\nThe most commonly used metric for scaling is `Average` .", - "Unit": "The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* ." - }, "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingScalingPolicyConfiguration": { "CustomizedMetricSpecification": "A customized metric. You can specify either a predefined metric or a customized metric.", "DisableScaleIn": "Indicates whether scale in by the target tracking scaling policy is disabled. If the value is `true` , scale in is disabled and the target tracking scaling policy won't remove capacity from the scalable target. Otherwise, scale in is enabled and the target tracking scaling policy can remove capacity from the scalable target. The default value is `false` .", @@ -3471,6 +3449,7 @@ "HealthCheckGracePeriod": "The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. This is useful if your instances do not immediately pass their health checks after they enter the `InService` state. For more information, see [Set the health check grace period for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/health-check-grace-period.html) in the *Amazon EC2 Auto Scaling User Guide* .\n\nDefault: `0` seconds", "HealthCheckType": "A comma-separated value string of one or more health check types.\n\nThe valid values are `EC2` , `ELB` , and `VPC_LATTICE` . `EC2` is the default health check and cannot be disabled. For more information, see [Health checks for Auto Scaling instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html) in the *Amazon EC2 Auto Scaling User Guide* .\n\nOnly specify `EC2` if you must clear a value that was previously set.", "InstanceId": "The ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide* .\n\nIf you specify `LaunchTemplate` , `MixedInstancesPolicy` , or `LaunchConfigurationName` , don't specify `InstanceId` .", + "InstanceMaintenancePolicy": "An instance maintenance policy. For more information, see [Set instance maintenance policy](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) in the *Amazon EC2 Auto Scaling User Guide* .", "LaunchConfigurationName": "The name of the launch configuration to use to launch instances.\n\nRequired only if you don't specify `LaunchTemplate` , `MixedInstancesPolicy` , or `InstanceId` .", "LaunchTemplate": "Information used to specify the launch template and version to use to launch instances. You can alternatively associate a launch template to the Auto Scaling group by specifying a `MixedInstancesPolicy` . For more information about creating launch templates, see [Create a launch template for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide* .\n\nIf you omit this property, you must specify `MixedInstancesPolicy` , `LaunchConfigurationName` , or `InstanceId` .", "LifecycleHookSpecificationList": "One or more lifecycle hooks to add to the Auto Scaling group before instances are launched.", @@ -3501,6 +3480,10 @@ "Max": "The maximum value in Mbps.", "Min": "The minimum value in Mbps." }, + "AWS::AutoScaling::AutoScalingGroup InstanceMaintenancePolicy": { + "MaxHealthyPercentage": "Specifies the upper threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the maximum percentage of the group that can be in service and healthy, or pending, to support your workload when replacing instances. Value range is 100 to 200. After it's set, a value of `-1` will clear the previously set value.\n\nBoth `MinHealthyPercentage` and `MaxHealthyPercentage` must be specified, and the difference between them cannot be greater than 100. A large range increases the number of instances that can be replaced at the same time.", + "MinHealthyPercentage": "Specifies the lower threshold as a percentage of the desired capacity of the Auto Scaling group. It represents the minimum percentage of the group to keep in service, healthy, and ready to use to support your workload when replacing instances. Value range is 0 to 100. After it's set, a value of `-1` will clear the previously set value." + }, "AWS::AutoScaling::AutoScalingGroup InstanceRequirements": { "AcceleratorCount": "The minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips) for an instance type.\n\nTo exclude accelerator-enabled instance types, set `Max` to `0` .\n\nDefault: No minimum or maximum limits", "AcceleratorManufacturers": "Indicates whether instance types must have accelerators by specific manufacturers.\n\n- For instance types with NVIDIA devices, specify `nvidia` .\n- For instance types with AMD devices, specify `amd` .\n- For instance types with AWS devices, specify `amazon-web-services` .\n- For instance types with Xilinx devices, specify `xilinx` .\n\nDefault: Any manufacturer", @@ -4600,13 +4583,13 @@ "Tags": "An optional label that you can assign to a resource when you create it. Each tag consists of a key and an optional value, both of which you define. When you use tagging, you can also use tag-based access control in IAM policies to control access to this resource." }, "AWS::CleanRooms::Collaboration DataEncryptionMetadata": { - "AllowCleartext": "Indicates whether encrypted tables can contain cleartext data (true) or are to cryptographically process every column (false).", - "AllowDuplicates": "Indicates whether Fingerprint columns can contain duplicate entries (true) or are to contain only non-repeated values (false).", - "AllowJoinsOnColumnsWithDifferentNames": "Indicates whether Fingerprint columns can be joined on any other Fingerprint column with a different name (true) or can only be joined on Fingerprint columns of the same name (false).", - "PreserveNulls": "Indicates whether NULL values are to be copied as NULL to encrypted tables (true) or cryptographically processed (false)." + "AllowCleartext": "Indicates whether encrypted tables can contain cleartext data ( `TRUE` ) or are to cryptographically process every column ( `FALSE` ).", + "AllowDuplicates": "Indicates whether Fingerprint columns can contain duplicate entries ( `TRUE` ) or are to contain only non-repeated values ( `FALSE` ).", + "AllowJoinsOnColumnsWithDifferentNames": "Indicates whether Fingerprint columns can be joined on any other Fingerprint column with a different name ( `TRUE` ) or can only be joined on Fingerprint columns of the same name ( `FALSE` ).", + "PreserveNulls": "Indicates whether NULL values are to be copied as NULL to encrypted tables ( `TRUE` ) or cryptographically processed ( `FALSE` )." }, "AWS::CleanRooms::Collaboration MemberSpecification": { - "AccountId": "The identifier used to reference members of the collaboration. Currently only supports ID.", + "AccountId": "The identifier used to reference members of the collaboration. Currently only supports AWS account ID.", "DisplayName": "The member's display name.", "MemberAbilities": "The abilities granted to the collaboration member.\n\n*Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS`" }, @@ -4647,7 +4630,7 @@ }, "AWS::CleanRooms::ConfiguredTable AnalysisRuleCustom": { "AllowedAnalyses": "The analysis templates that are allowed by the custom analysis rule.", - "AllowedAnalysisProviders": "The accounts that are allowed to query by the custom analysis rule. Required when `allowedAnalyses` is `ANY_QUERY` ." + "AllowedAnalysisProviders": "The AWS accounts that are allowed to query by the custom analysis rule. Required when `allowedAnalyses` is `ANY_QUERY` ." }, "AWS::CleanRooms::ConfiguredTable AnalysisRuleList": { "AllowedJoinOperators": "The logical operators (if any) that are to be used in an INNER JOIN match condition. Default is `AND` .", @@ -4688,7 +4671,7 @@ "AWS::CleanRooms::Membership": { "CollaborationIdentifier": "The unique ID for the associated collaboration.", "DefaultResultConfiguration": "The default protected query result configuration as specified by the member who can receive results.", - "QueryLogStatus": "An indicator as to whether query logging has been enabled or disabled for the collaboration.", + "QueryLogStatus": "An indicator as to whether query logging has been enabled or disabled for the membership.", "Tags": "An optional label that you can assign to a resource when you create it. Each tag consists of a key and an optional value, both of which you define. When you use tagging, you can also use tag-based access control in IAM policies to control access to this resource." }, "AWS::CleanRooms::Membership MembershipProtectedQueryOutputConfiguration": { @@ -4696,7 +4679,7 @@ }, "AWS::CleanRooms::Membership MembershipProtectedQueryResultConfiguration": { "OutputConfiguration": "Configuration for protected query results.", - "RoleArn": "The unique ARN for an IAM role that is used by to write protected query results to the result location, given by the member who can receive results." + "RoleArn": "The unique ARN for an IAM role that is used by AWS Clean Rooms to write protected query results to the result location, given by the member who can receive results." }, "AWS::CleanRooms::Membership ProtectedQueryS3OutputConfiguration": { "Bucket": "The S3 bucket to unload the protected query results.", @@ -8016,7 +7999,7 @@ "DnsNameServers": "A list of custom DNS name servers supported for the AWS DMS Serverless replication to access your source or target database. This list overrides the default name servers supported by the AWS DMS Serverless replication. You can specify a comma-separated list of internet addresses for up to four DNS name servers. For example: `\"1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4\"`", "KmsKeyId": "An AWS Key Management Service ( AWS KMS ) key Amazon Resource Name (ARN) that is used to encrypt the data during AWS DMS Serverless replication.\n\nIf you don't specify a value for the `KmsKeyId` parameter, AWS DMS uses your default encryption key.\n\nAWS KMS creates the default encryption key for your Amazon Web Services account. Your AWS account has a different default encryption key for each AWS Region .", "MaxCapacityUnits": "Specifies the maximum value of the AWS DMS capacity units (DCUs) for which a given AWS DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCU as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. So, the maximum value that you can specify for AWS DMS Serverless is 384. The `MaxCapacityUnits` parameter is the only DCU parameter you are required to specify.", - "MinCapacityUnits": "Specifies the minimum value of the AWS DMS capacity units (DCUs) for which a given AWS DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCU as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. So, the minimum DCU value that you can specify for AWS DMS Serverless is 1. You don't have to specify a value for the `MinCapacityUnits` parameter. If you don't set this value, AWS DMS scans the current activity of available source tables to identify an optimum setting for this parameter. If there is no current source activity or AWS DMS can't otherwise identify a more appropriate value, it sets this parameter to the minimum DCU value allowed, 1.", + "MinCapacityUnits": "Specifies the minimum value of the AWS DMS capacity units (DCUs) for which a given AWS DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCU as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. So, the minimum DCU value that you can specify for AWS DMS Serverless is 1. If you don't set this value, AWS DMS sets this parameter to the minimum DCU value allowed, 1. If there is no current source activity, AWS DMS scales down your replication until it reaches the value specified in `MinCapacityUnits` .", "MultiAZ": "Specifies whether the AWS DMS Serverless replication is a Multi-AZ deployment. You can't set the `AvailabilityZone` parameter if the `MultiAZ` parameter is set to `true` .", "PreferredMaintenanceWindow": "The weekly time range during which system maintenance can occur for the AWS DMS Serverless replication, in Universal Coordinated Time (UTC). The format is `ddd:hh24:mi-ddd:hh24:mi` .\n\nThe default is a 30-minute window selected at random from an 8-hour block of time per AWS Region . This maintenance occurs on a random day of the week. Valid values for days of the week include `Mon` , `Tue` , `Wed` , `Thu` , `Fri` , `Sat` , and `Sun` .\n\nConstraints include a minimum 30-minute window.", "ReplicationSubnetGroupId": "Specifies a subnet group identifier to associate with the AWS DMS Serverless replication.", @@ -9903,6 +9886,13 @@ "AWS::EC2::LaunchTemplate ElasticGpuSpecification": { "Type": "The type of Elastic Graphics accelerator. For more information about the values to specify for `Type` , see [Elastic Graphics Basics](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html#elastic-graphics-basics) , specifically the Elastic Graphics accelerator column, in the *Amazon Elastic Compute Cloud User Guide for Windows Instances* ." }, + "AWS::EC2::LaunchTemplate EnaSrdSpecification": { + "EnaSrdEnabled": "Indicates whether ENA Express is enabled for the network interface.", + "EnaSrdUdpSpecification": "Configures ENA Express for UDP network traffic." + }, + "AWS::EC2::LaunchTemplate EnaSrdUdpSpecification": { + "EnaSrdUdpEnabled": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, you must first enable ENA Express." + }, "AWS::EC2::LaunchTemplate EnclaveOptions": { "Enabled": "If this parameter is set to `true` , the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves." }, @@ -10026,6 +10016,7 @@ "DeleteOnTermination": "Indicates whether the network interface is deleted when the instance is terminated.", "Description": "A description for the network interface.", "DeviceIndex": "The device index for the network interface attachment.", + "EnaSrdSpecification": "", "Groups": "The IDs of one or more security groups.", "InterfaceType": "The type of network interface. To create an Elastic Fabric Adapter (EFA), specify `efa` . For more information, see [Elastic Fabric Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) in the *Amazon Elastic Compute Cloud User Guide* .\n\nIf you are not creating an EFA, specify `interface` or omit this parameter.\n\nValid values: `interface` | `efa`", "Ipv4PrefixCount": "The number of IPv4 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the `Ipv4Prefix` option.", @@ -11237,7 +11228,9 @@ "Value": "A `value` acts as a descriptor within a tag category (key)." }, "AWS::ECR::PullThroughCacheRule": { + "CredentialArn": "", "EcrRepositoryPrefix": "The Amazon ECR repository prefix associated with the pull through cache rule.", + "UpstreamRegistry": "", "UpstreamRegistryUrl": "The upstream registry URL associated with the pull through cache rule." }, "AWS::ECR::RegistryPolicy": { @@ -14185,22 +14178,21 @@ "AWS::GameLift::Build": { "Name": "A descriptive label that is associated with a build. Build names do not need to be unique.", "OperatingSystem": "The operating system that your game server binaries run on. This value determines the type of fleet resources that you use for this build. If your game build contains multiple executables, they all must run on the same operating system. You must specify a valid operating system in this request. There is no default value. You can't change a build's operating system later.\n\n> If you have active fleets using the Windows Server 2012 operating system, you can continue to create new builds using this OS until October 10, 2023, when Microsoft ends its support. All others must use Windows Server 2016 when creating new Windows-based builds.", - "ServerSdkVersion": "The Amazon GameLift Server SDK version used to develop your game server.", + "ServerSdkVersion": "A server SDK version you used when integrating your game server build with Amazon GameLift. For more information see [Integrate games with custom game servers](https://docs.aws.amazon.com/gamelift/latest/developerguide/integration-custom-intro.html) . By default Amazon GameLift sets this value to `4.0.2` .", "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift will report a `SizeOnDisk` of 0.", "Version": "Version information that is associated with this build. Version strings do not need to be unique." }, "AWS::GameLift::Build StorageLocation": { - "Bucket": "An Amazon S3 bucket identifier. Thename of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", + "Bucket": "An Amazon S3 bucket identifier. The name of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", "Key": "The name of the zip file that contains the build files or script files.", - "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." + "ObjectVersion": "A version of a stored file to retrieve, if the object versioning feature is turned on for the S3 bucket. Use this parameter to specify a specific version. If this parameter isn't set, Amazon GameLift retrieves the latest version of the file.", + "RoleArn": "The ARNfor an IAM role that allows Amazon GameLift to access the S3 bucket." }, "AWS::GameLift::Fleet": { - "AnywhereConfiguration": "Amazon GameLift Anywhere configuration options for your Anywhere fleets.", - "ApplyCapacity": "", + "AnywhereConfiguration": "Amazon GameLift Anywhere configuration options.", "BuildId": "A unique identifier for a build to be deployed on the new fleet. If you are deploying the fleet with a custom game build, you must specify this property. The build must have been successfully uploaded to Amazon GameLift and be in a `READY` status. This fleet setting cannot be changed once the fleet is created.", "CertificateConfiguration": "Prompts Amazon GameLift to generate a TLS/SSL certificate for the fleet. Amazon GameLift uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift. By default, the `CertificateConfiguration` is `DISABLED` . You can't change this property after you create the fleet.\n\nAWS Certificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.\n\n> ACM isn't available in all AWS regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see [Supported Regions](https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html) in the *AWS Certificate Manager User Guide* .", - "ComputeType": "The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Anywhere or use Amazon EC2 instances with managed Amazon GameLift.", + "ComputeType": "The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Anywhere or use Amazon EC2 instances with managed Amazon GameLift. By default, this property is set to `EC2` .", "Description": "A description for the fleet.", "DesiredEC2Instances": "The number of EC2 instances that you want this fleet to host. When creating a new fleet, GameLift automatically sets this value to \"1\" and initiates a single instance. Once the fleet is active, update this value to trigger GameLift to add or remove instances from the fleet.", "EC2InboundPermissions": "The allowed IP address ranges and port settings that allow inbound traffic to access game sessions on this fleet. If the fleet is hosting a custom game build, this property must be set before players can connect to game sessions. For Realtime Servers fleets, Amazon GameLift automatically sets TCP and UDP ranges.", @@ -14218,7 +14210,7 @@ "PeerVpcId": "A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the [VPC Dashboard](https://docs.aws.amazon.com/vpc/) in the AWS Management Console . Learn more about VPC peering in [VPC Peering with Amazon GameLift Fleets](https://docs.aws.amazon.com/gamelift/latest/developerguide/vpc-peering.html) .", "ResourceCreationLimitPolicy": "A policy that limits the number of game sessions that an individual player can create on instances in this fleet within a specified span of time.", "RuntimeConfiguration": "Instructions for how to launch and maintain server processes on instances in the fleet. The runtime configuration defines one or more server process configurations, each identifying a build executable or Realtime script file and the number of processes of that type to run concurrently.\n\n> The `RuntimeConfiguration` parameter is required unless the fleet is being configured using the older parameters `ServerLaunchPath` and `ServerLaunchParameters` , which are still supported for backward compatibility.", - "ScalingPolicies": "", + "ScalingPolicies": "Rule that controls how a fleet is scaled. Scaling policies are uniquely identified by the combination of name and fleet ID.", "ScriptId": "The unique identifier for a Realtime configuration script to be deployed on fleet instances. You can use either the script ID or ARN. Scripts must be uploaded to Amazon GameLift prior to creating the fleet. This fleet property cannot be changed later.\n\n> You can't use the `!Ref` command to reference a script created with a CloudFormation template for the fleet property `ScriptId` . Instead, use `Fn::GetAtt Script.Arn` or `Fn::GetAtt Script.Id` to retrieve either of these properties as input for `ScriptId` . Alternatively, enter a `ScriptId` string manually." }, "AWS::GameLift::Fleet AnywhereConfiguration": { @@ -14268,7 +14260,7 @@ "AWS::GameLift::Fleet ServerProcess": { "ConcurrentExecutions": "The number of server processes using this configuration that run concurrently on each instance.", "LaunchPath": "The location of a game build executable or Realtime script. Game builds and Realtime scripts are installed on instances at the root:\n\n- Windows (custom game builds only): `C:\\game` . Example: \" `C:\\game\\MyGame\\server.exe` \"\n- Linux: `/local/game` . Examples: \" `/local/game/MyGame/server.exe` \" or \" `/local/game/MyRealtimeScript.js` \"\n\n> Amazon GameLift doesn't support the use of setup scripts that launch the game executable. For custom game builds, this parameter must indicate the executable that calls the server SDK operations `initSDK()` and `ProcessReady()` .", - "Parameters": "An optional list of parameters to pass to the server executable or Realtime script on launch." + "Parameters": "An optional list of parameters to pass to the server executable or Realtime script on launch.\n\nLength Constraints: Minimum length of 1. Maximum length of 1024.\n\nPattern: [A-Za-z0-9_:.+\\/\\\\\\- =@{},?'\\[\\]\"]+" }, "AWS::GameLift::Fleet TargetConfiguration": { "TargetValue": "Desired value to use with a target-based scaling policy. The value must be relevant for whatever metric the scaling policy is using. For example, in a policy using the metric PercentAvailableGameSessions, the target value should be the preferred size of the fleet's buffer (the percent of capacity that should be idle and ready for new game sessions)." @@ -14318,12 +14310,12 @@ "Tags": "A list of labels to assign to the new game session queue resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits.", "TimeoutInSeconds": "The maximum time, in seconds, that a new game session placement request remains in the queue. When a request exceeds this time, the game session placement changes to a `TIMED_OUT` status. By default, this property is set to `600` ." }, - "AWS::GameLift::GameSessionQueue Destination": { - "DestinationArn": "The Amazon Resource Name (ARN) that is assigned to fleet or fleet alias. ARNs, which include a fleet ID or alias ID and a Region name, provide a unique identifier across all Regions." - }, "AWS::GameLift::GameSessionQueue FilterConfiguration": { "AllowedLocations": "A list of locations to allow game session placement in, in the form of AWS Region codes such as `us-west-2` ." }, + "AWS::GameLift::GameSessionQueue GameSessionQueueDestination": { + "DestinationArn": "The Amazon Resource Name (ARN) that is assigned to fleet or fleet alias. ARNs, which include a fleet ID or alias ID and a Region name, provide a unique identifier across all Regions." + }, "AWS::GameLift::GameSessionQueue PlayerLatencyPolicy": { "MaximumIndividualPlayerLatencyMilliseconds": "The maximum latency value that is allowed for any player, in milliseconds. All policies must have a value set for this property.", "PolicyDurationSeconds": "The length of time, in seconds, that the policy is enforced while placing a new game session. A null value for this property means that the policy is enforced until the queue times out." @@ -14337,8 +14329,8 @@ "Value": "The value for a developer-defined key value pair for tagging an AWS resource." }, "AWS::GameLift::Location": { - "LocationName": "The location's name.", - "Tags": "" + "LocationName": "A descriptive name for the custom location.", + "Tags": "A list of labels to assign to the new matchmaking configuration resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Rareference* ." }, "AWS::GameLift::Location Tag": { "Key": "The key for a developer-defined key value pair for tagging an AWS resource.", @@ -14349,6 +14341,7 @@ "AcceptanceTimeoutSeconds": "The length of time (in seconds) to wait for players to accept a proposed match, if acceptance is required.", "AdditionalPlayerCount": "The number of player slots in a match to keep open for future players. For example, if the configuration's rule set specifies a match for a single 10-person team, and the additional player count is set to 2, 10 players will be selected for the match and 2 more player slots will be open for future players. This parameter is not used if `FlexMatchMode` is set to `STANDALONE` .", "BackfillMode": "The method used to backfill game sessions that are created with this matchmaking configuration. Specify `MANUAL` when your game manages backfill requests manually or does not use the match backfill feature. Specify `AUTOMATIC` to have GameLift create a `StartMatchBackfill` request whenever a game session has one or more open slots. Learn more about manual and automatic backfill in [Backfill Existing Games with FlexMatch](https://docs.aws.amazon.com/gamelift/latest/flexmatchguide/match-backfill.html) . Automatic backfill is not available when `FlexMatchMode` is set to `STANDALONE` .", + "CreationTime": "A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example `\"1469498468.057\"` ).", "CustomEventData": "Information to add to all events related to the matchmaking configuration.", "Description": "A description for the matchmaking configuration.", "FlexMatchMode": "Indicates whether this matchmaking configuration is being used with Amazon GameLift hosting or as a standalone matchmaking solution.\n\n- *STANDALONE* - FlexMatch forms matches and returns match information, including players and team assignments, in a [MatchmakingSucceeded](https://docs.aws.amazon.com/gamelift/latest/flexmatchguide/match-events.html#match-events-matchmakingsucceeded) event.\n- *WITH_QUEUE* - FlexMatch forms matches and uses the specified Amazon GameLift queue to start a game session for the match.", @@ -14358,6 +14351,7 @@ "Name": "A unique identifier for the matchmaking configuration. This name is used to identify the configuration associated with a matchmaking request or ticket.", "NotificationTarget": "An SNS topic ARN that is set up to receive matchmaking notifications. See [Setting up notifications for matchmaking](https://docs.aws.amazon.com/gamelift/latest/flexmatchguide/match-notification.html) for more information.", "RequestTimeoutSeconds": "The maximum duration, in seconds, that a matchmaking ticket can remain in process before timing out. Requests that fail due to timing out can be resubmitted as needed.", + "RuleSetArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) associated with the GameLift matchmaking rule set resource that this configuration uses.", "RuleSetName": "A unique identifier for the matchmaking rule set to use with this configuration. You can use either the rule set name or ARN value. A matchmaking configuration can only use rule sets that are defined in the same Region.", "Tags": "A list of labels to assign to the new matchmaking configuration resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits." }, @@ -14966,6 +14960,7 @@ "OrganizationRoleName": "The name of the IAM role that is used to access resources through Organizations .", "OrganizationalUnits": "Specifies the organizational units that this workspace is allowed to use data sources from, if this workspace is in an account that is part of an organization.", "PermissionType": "If this is `SERVICE_MANAGED` , and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use AWS data sources and notification channels.\n\nIf this is `CUSTOMER_MANAGED` , you must manage those roles and permissions yourself.\n\nIf you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other AWS accounts in the organization, this parameter must be set to `CUSTOMER_MANAGED` .\n\nFor more information about converting between customer and service managed, see [Managing permissions for data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html) . For more information about the roles and permissions that must be managed for customer managed workspaces, see [Amazon Managed Grafana permissions and policies for AWS data sources and notification channels](https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html)", + "PluginAdminEnabled": "Whether plugin administration is enabled in the workspace. Setting to `true` allows workspace admins to install, uninstall, and update plugins from within the Grafana workspace.", "RoleArn": "The IAM role that grants permissions to the AWS resources that the workspace will view data from. This role must already exist.", "SamlConfiguration": "If the workspace uses SAML, use this structure to map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the `Admin` and `Editor` roles in the workspace.", "StackSetName": "The name of the AWS CloudFormation stack set that is used to generate IAM roles to be used for this workspace.", @@ -16349,7 +16344,7 @@ "PerformanceScoreThreshold": "The health event threshold percentage set for performance scores. When the overall performance score is at or below this percentage, Internet Monitor creates a health event." }, "AWS::InternetMonitor::Monitor InternetMeasurementsLogDelivery": { - "S3Config": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs." + "S3Config": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3." }, "AWS::InternetMonitor::Monitor LocalHealthEventsConfig": { "HealthScoreThreshold": "The health event threshold percentage set for a local health score.", @@ -16357,9 +16352,9 @@ "Status": "The status of whether Internet Monitor creates a health event based on a threshold percentage set for a local health score. The status can be `ENABLED` or `DISABLED` ." }, "AWS::InternetMonitor::Monitor S3Config": { - "BucketName": "The Amazon S3 bucket name.", - "BucketPrefix": "The Amazon S3 bucket prefix.", - "LogDeliveryStatus": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket." + "BucketName": "The Amazon S3 bucket name for internet measurements publishing.", + "BucketPrefix": "An optional Amazon S3 bucket prefix for internet measurements publishing.", + "LogDeliveryStatus": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise." }, "AWS::InternetMonitor::Monitor Tag": { "Key": "", @@ -16706,6 +16701,7 @@ "AdditionalMetricsToRetainV2": "A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's `behaviors` , but it's also retained for any metric specified here. Can be used with custom metrics; can't be used with dimensions.", "AlertTargets": "Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior.", "Behaviors": "Specifies the behaviors that, when violated by a device (thing), cause an alert.", + "MetricsExportConfig": "", "SecurityProfileDescription": "A description of the security profile.", "SecurityProfileName": "The name you gave to the security profile.", "Tags": "Metadata that can be used to manage the security profile.", @@ -16717,6 +16713,7 @@ }, "AWS::IoT::SecurityProfile Behavior": { "Criteria": "The criteria that determine if a device is behaving normally in regard to the `metric` .\n\n> In the AWS IoT console, you can choose to be sent an alert through Amazon SNS when AWS IoT Device Defender detects that a device is behaving anomalously.", + "ExportMetric": "", "Metric": "What is measured by the behavior.", "MetricDimension": "The dimension of the metric.", "Name": "The name you've given to the behavior.", @@ -16739,6 +16736,7 @@ "Operator": "Operators are constructs that perform logical operations. Valid values are `IN` and `NOT_IN` ." }, "AWS::IoT::SecurityProfile MetricToRetain": { + "ExportMetric": "", "Metric": "A standard of measurement.", "MetricDimension": "The dimension of the metric." }, @@ -16750,6 +16748,10 @@ "Ports": "If the `comparisonOperator` calls for a set of ports, use this to specify that set to be compared with the `metric` .", "Strings": "The string values of a metric." }, + "AWS::IoT::SecurityProfile MetricsExportConfig": { + "MqttTopic": "The MQTT topic that Device Defender Detect should publish messages to for metrics export.", + "RoleArn": "This role ARN has permission to publish MQTT messages, after which Device Defender Detect can assume the role and publish messages on your behalf." + }, "AWS::IoT::SecurityProfile StatisticalThreshold": { "Statistic": "The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( `durationSeconds` ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( `comparisonOperator` ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs." }, @@ -25667,6 +25669,7 @@ "DesiredState": "The state the pipe should be in.", "Enrichment": "The ARN of the enrichment resource.", "EnrichmentParameters": "The parameters required to set up enrichment on your pipe.", + "LogConfiguration": "The logging configuration settings for the pipe.", "Name": "The name of the pipe.", "RoleArn": "The ARN of the role that allows the pipe to send data to the target.", "Source": "The ARN of the source resource.", @@ -25709,6 +25712,9 @@ "CapacityProvider": "The short name of the capacity provider.", "Weight": "The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied." }, + "AWS::Pipes::Pipe CloudwatchLogsLogDestination": { + "LogGroupArn": "The AWS Resource Name (ARN) for the CloudWatch log group to which EventBridge sends the log records." + }, "AWS::Pipes::Pipe DeadLetterConfig": { "Arn": "The ARN of the specified target for the dead-letter queue.\n\nFor Amazon Kinesis stream and Amazon DynamoDB stream sources, specify either an Amazon SNS topic or Amazon SQS queue ARN." }, @@ -25756,6 +25762,9 @@ "AWS::Pipes::Pipe FilterCriteria": { "Filters": "The event patterns." }, + "AWS::Pipes::Pipe FirehoseLogDestination": { + "DeliveryStreamArn": "The Amazon Resource Name (ARN) of the Kinesis Data Firehose delivery stream to which EventBridge delivers the pipe log records." + }, "AWS::Pipes::Pipe MQBrokerAccessCredentials": { "BasicAuth": "The ARN of the Secrets Manager secret." }, @@ -25775,6 +25784,13 @@ "HttpParameters": "Contains the HTTP parameters to use when the target is a API Gateway REST endpoint or EventBridge ApiDestination.\n\nIf you specify an API Gateway REST API or EventBridge ApiDestination as a target, you can use this parameter to specify headers, path parameters, and query string keys/values as part of your target invoking request. If you're using ApiDestinations, the corresponding Connection can also have these values configured. In case of any conflicting keys, values from the Connection take precedence.", "InputTemplate": "Valid JSON text passed to the enrichment. In this case, nothing from the event itself is passed to the enrichment. For more information, see [The JavaScript Object Notation (JSON) Data Interchange Format](https://docs.aws.amazon.com/http://www.rfc-editor.org/rfc/rfc7159.txt) .\n\nTo remove an input template, specify an empty string." }, + "AWS::Pipes::Pipe PipeLogConfiguration": { + "CloudwatchLogsLogDestination": "The logging configuration settings for the pipe.", + "FirehoseLogDestination": "The Amazon Kinesis Data Firehose logging configuration settings for the pipe.", + "IncludeExecutionData": "Whether the execution data (specifically, the `payload` , `awsRequest` , and `awsResponse` fields) is included in the log messages for this pipe.\n\nThis applies to all log destinations for the pipe.\n\nFor more information, see [Including execution data in logs](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-logs.html#eb-pipes-logs-execution-data) in the *Amazon EventBridge User Guide* .", + "Level": "The level of logging detail to include. This applies to all log destinations for the pipe.", + "S3LogDestination": "The Amazon S3 logging configuration settings for the pipe." + }, "AWS::Pipes::Pipe PipeSourceActiveMQBrokerParameters": { "BatchSize": "The maximum number of records to include in each batch.", "Credentials": "The credentials needed to access the resource.", @@ -25930,6 +25946,12 @@ "Field": "The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone. For the binpack placement strategy, valid values are cpu and memory. For the random placement strategy, this field is not used.", "Type": "The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task)." }, + "AWS::Pipes::Pipe S3LogDestination": { + "BucketName": "The name of the Amazon S3 bucket to which EventBridge delivers the log records for the pipe.", + "BucketOwner": "The AWS account that owns the Amazon S3 bucket to which EventBridge delivers the log records for the pipe.", + "OutputFormat": "The format EventBridge uses for the log records.\n\n- `json` : JSON\n- `plain` : Plain text\n- `w3c` : [W3C extended logging file format](https://docs.aws.amazon.com/https://www.w3.org/TR/WD-logfile)", + "Prefix": "The prefix text with which to begin Amazon S3 log object names.\n\nFor more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* ." + }, "AWS::Pipes::Pipe SageMakerPipelineParameter": { "Name": "Name of parameter to start execution of a SageMaker Model Building Pipeline.", "Value": "Value of parameter to start execution of a SageMaker Model Building Pipeline." @@ -25949,13 +25971,13 @@ "Value": "The value of the key-value pair." }, "AWS::Proton::EnvironmentAccountConnection": { - "CodebuildRoleArn": "The Amazon Resource Name (ARN) of an service role in the environment account. uses this role to provision infrastructure resources using CodeBuild-based provisioning in the associated environment account.", - "ComponentRoleArn": "The Amazon Resource Name (ARN) of the service role that uses when provisioning directly defined components in the associated environment account. It determines the scope of infrastructure that a component can provision in the account.\n\nThe environment account connection must have a `componentRoleArn` to allow directly defined components to be associated with any environments running in the account.", + "CodebuildRoleArn": "The Amazon Resource Name (ARN) of an IAM service role in the environment account. AWS Proton uses this role to provision infrastructure resources using CodeBuild-based provisioning in the associated environment account.", + "ComponentRoleArn": "The Amazon Resource Name (ARN) of the IAM service role that AWS Proton uses when provisioning directly defined components in the associated environment account. It determines the scope of infrastructure that a component can provision in the account.\n\nThe environment account connection must have a `componentRoleArn` to allow directly defined components to be associated with any environments running in the account.\n\nFor more information about components, see [AWS Proton components](https://docs.aws.amazon.com/proton/latest/userguide/ag-components.html) in the *AWS Proton User Guide* .", "EnvironmentAccountId": "The environment account that's connected to the environment account connection.", "EnvironmentName": "The name of the environment that's associated with the environment account connection.", "ManagementAccountId": "The ID of the management account that's connected to the environment account connection.", "RoleArn": "The IAM service role that's associated with the environment account connection.", - "Tags": "An optional list of metadata items that you can associate with the environment account connection. A tag is a key-value pair.\n\nFor more information, see [resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *User Guide* ." + "Tags": "An optional list of metadata items that you can associate with the AWS Proton environment account connection. A tag is a key-value pair.\n\nFor more information, see [AWS Proton resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *AWS Proton User Guide* ." }, "AWS::Proton::EnvironmentAccountConnection Tag": { "Key": "The key of the resource tag.", @@ -25967,7 +25989,7 @@ "EncryptionKey": "The customer provided encryption key for the environment template.", "Name": "The name of the environment template.", "Provisioning": "When included, indicates that the environment template is for customer provisioned and managed infrastructure.", - "Tags": "An optional list of metadata items that you can associate with the environment template. A tag is a key-value pair.\n\nFor more information, see [resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *User Guide* ." + "Tags": "An optional list of metadata items that you can associate with the AWS Proton environment template. A tag is a key-value pair.\n\nFor more information, see [AWS Proton resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *AWS Proton User Guide* ." }, "AWS::Proton::EnvironmentTemplate Tag": { "Key": "The key of the resource tag.", @@ -29010,7 +29032,6 @@ "DataSetArns": "The Amazon Resource Numbers (ARNs) for the datasets that are associated with this version of the dashboard.", "Description": "Description.", "Errors": "Errors associated with this dashboard version.", - "Options": "", "Sheets": "A list of the associated sheets with the unique identifier and name of each sheet.", "SourceEntityArn": "Source entity ARN.", "Status": "The HTTP status of the request.", @@ -31129,7 +31150,8 @@ "AWS::QuickSight::DataSet CastColumnTypeOperation": { "ColumnName": "Column name.", "Format": "When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format.", - "NewColumnType": "New column data type." + "NewColumnType": "New column data type.", + "SubType": "" }, "AWS::QuickSight::DataSet ColumnDescription": { "Text": "The text of a description for a column." @@ -31207,6 +31229,7 @@ }, "AWS::QuickSight::DataSet InputColumn": { "Name": "The name of this column in the underlying data source.", + "SubType": "", "Type": "The data type of the column." }, "AWS::QuickSight::DataSet IntegerDatasetParameter": { @@ -31253,6 +31276,7 @@ "AWS::QuickSight::DataSet OutputColumn": { "Description": "A description for a column.", "Name": "A display name for the dataset.", + "SubType": "", "Type": "The type." }, "AWS::QuickSight::DataSet OverrideDatasetParameterOperation": { @@ -33735,7 +33759,6 @@ "DataSetConfigurations": "Schema of the dataset identified by the placeholder. Any dashboard created from this template should be bound to new datasets matching the same schema described through this API operation.", "Description": "The description of the template.", "Errors": "Errors associated with this template version.", - "Options": "", "Sheets": "A list of the associated sheets with the unique identifier and name of each sheet.", "SourceEntityArn": "The Amazon Resource Name (ARN) of an analysis or template that was used to create this template.", "Status": "The status that is associated with the template.\n\n- `CREATION_IN_PROGRESS`\n- `CREATION_SUCCESSFUL`\n- `CREATION_FAILED`\n- `UPDATE_IN_PROGRESS`\n- `UPDATE_SUCCESSFUL`\n- `UPDATE_FAILED`\n- `DELETED`", @@ -35137,51 +35160,51 @@ "Value": "" }, "AWS::ResilienceHub::App": { - "AppAssessmentSchedule": "Assessment execution schedule with 'Daily' or 'Disabled' values.", + "AppAssessmentSchedule": "", "AppTemplateBody": "A JSON string that provides information about your application structure. To learn more about the `appTemplateBody` template, see the sample template in [Sample appTemplateBody template](https://docs.aws.amazon.com//resilience-hub/latest/APIReference/API_PutDraftAppVersionTemplate.html#API_PutDraftAppVersionTemplate_Examples) .\n\nThe `appTemplateBody` JSON string has the following structure:\n\n- *`resources`*\n\nThe list of logical resources that needs to be included in the AWS Resilience Hub application.\n\nType: Array\n\n> Don't add the resources that you want to exclude. \n\nEach `resources` array item includes the following fields:\n\n- *`logicalResourceId`*\n\nThe logical identifier of the resource.\n\nType: Object\n\nEach `logicalResourceId` object includes the following fields:\n\n- `identifier`\n\nIdentifier of the resource.\n\nType: String\n- `logicalStackName`\n\nName of the AWS CloudFormation stack this resource belongs to.\n\nType: String\n- `resourceGroupName`\n\nName of the resource group this resource belongs to.\n\nType: String\n- `terraformSourceName`\n\nName of the Terraform S3 state file this resource belongs to.\n\nType: String\n- `eksSourceName`\n\nName of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.\n\n> This parameter accepts values in \"eks-cluster/namespace\" format. \n\nType: String\n- *`type`*\n\nThe type of resource.\n\nType: string\n- *`name`*\n\nName of the resource.\n\nType: String\n- `additionalInfo`\n\nAdditional configuration parameters for an AWS Resilience Hub application. If you want to implement `additionalInfo` through the AWS Resilience Hub console rather than using an API call, see [Configure the application configuration parameters](https://docs.aws.amazon.com//resilience-hub/latest/userguide/app-config-param.html) .\n\n> Currently, this parameter accepts a key-value mapping (in a string format) of only one failover region and one associated account.\n> \n> Key: `\"failover-regions\"`\n> \n> Value: `\"[{\"region\":\"\", \"accounts\":[{\"id\":\"\"}]}]\"`\n- *`appComponents`*\n\nThe list of Application Components (AppComponent) that this resource belongs to. If an AppComponent is not part of the AWS Resilience Hub application, it will be added.\n\nType: Array\n\nEach `appComponents` array item includes the following fields:\n\n- `name`\n\nName of the AppComponent.\n\nType: String\n- `type`\n\nThe type of AppComponent. For more information about the types of AppComponent, see [Grouping resources in an AppComponent](https://docs.aws.amazon.com/resilience-hub/latest/userguide/AppComponent.grouping.html) .\n\nType: String\n- `resourceNames`\n\nThe list of included resources that are assigned to the AppComponent.\n\nType: Array of strings\n- `additionalInfo`\n\nAdditional configuration parameters for an AWS Resilience Hub application. If you want to implement `additionalInfo` through the AWS Resilience Hub console rather than using an API call, see [Configure the application configuration parameters](https://docs.aws.amazon.com//resilience-hub/latest/userguide/app-config-param.html) .\n\n> Currently, this parameter accepts a key-value mapping (in a string format) of only one failover region and one associated account.\n> \n> Key: `\"failover-regions\"`\n> \n> Value: `\"[{\"region\":\"\", \"accounts\":[{\"id\":\"\"}]}]\"`\n- *`excludedResources`*\n\nThe list of logical resource identifiers to be excluded from the application.\n\nType: Array\n\n> Don't add the resources that you want to include. \n\nEach `excludedResources` array item includes the following fields:\n\n- *`logicalResourceIds`*\n\nThe logical identifier of the resource.\n\nType: Object\n\n> You can configure only one of the following fields:\n> \n> - `logicalStackName`\n> - `resourceGroupName`\n> - `terraformSourceName`\n> - `eksSourceName` \n\nEach `logicalResourceIds` object includes the following fields:\n\n- `identifier`\n\nThe identifier of the resource.\n\nType: String\n- `logicalStackName`\n\nName of the AWS CloudFormation stack this resource belongs to.\n\nType: String\n- `resourceGroupName`\n\nName of the resource group this resource belongs to.\n\nType: String\n- `terraformSourceName`\n\nName of the Terraform S3 state file this resource belongs to.\n\nType: String\n- `eksSourceName`\n\nName of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.\n\n> This parameter accepts values in \"eks-cluster/namespace\" format. \n\nType: String\n- *`version`*\n\nThe AWS Resilience Hub application version.\n- `additionalInfo`\n\nAdditional configuration parameters for an AWS Resilience Hub application. If you want to implement `additionalInfo` through the AWS Resilience Hub console rather than using an API call, see [Configure the application configuration parameters](https://docs.aws.amazon.com//resilience-hub/latest/userguide/app-config-param.html) .\n\n> Currently, this parameter accepts a key-value mapping (in a string format) of only one failover region and one associated account.\n> \n> Key: `\"failover-regions\"`\n> \n> Value: `\"[{\"region\":\"\", \"accounts\":[{\"id\":\"\"}]}]\"`", - "Description": "Optional description for an application.", - "EventSubscriptions": "The list of events you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* and *Scheduled assessment failure* events.", - "Name": "Name for the application.", - "PermissionModel": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment.", + "Description": "", + "EventSubscriptions": "", + "Name": "", + "PermissionModel": "", "ResiliencyPolicyArn": "The Amazon Resource Name (ARN) of the resiliency policy.", "ResourceMappings": "An array of `ResourceMapping` objects.", "Tags": "" }, "AWS::ResilienceHub::App EventSubscription": { - "EventType": "The type of event you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* ( `DriftDetected` ) and *Scheduled assessment failure* ( `ScheduledAssessmentFailure` ) events.", - "Name": "Unique name to identify an event subscription.", - "SnsTopicArn": "Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic. The format for this ARN is: `arn:partition:sns:region:account:topic-name` ." + "EventType": "", + "Name": "", + "SnsTopicArn": "" }, "AWS::ResilienceHub::App PermissionModel": { - "CrossAccountRoleArns": "Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.\n\n> - These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts.\n> - These roles must have a trust policy with `iam:AssumeRole` permission to the invoker role in the primary account.", - "InvokerRoleName": "Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.\n\n> - You must have `iam:passRole` permission for this role while creating or updating the application.\n> - Currently, `invokerRoleName` accepts only `[A-Za-z0-9_+=,.@-]` characters.", - "Type": "Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user." + "CrossAccountRoleArns": "", + "InvokerRoleName": "", + "Type": "" }, "AWS::ResilienceHub::App PhysicalResourceId": { - "AwsAccountId": "The account that owns the physical resource.", - "AwsRegion": "The that the physical resource is located in.", - "Identifier": "Identifier of the physical resource.", - "Type": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) and it can identify the following list of resources:\n\n- `AWS::ECS::Service`\n- `AWS::EFS::FileSystem`\n- `AWS::ElasticLoadBalancingV2::LoadBalancer`\n- `AWS::Lambda::Function`\n- `AWS::SNS::Topic`\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier and it can identify the following list of resources:\n\n- `AWS::ApiGateway::RestApi`\n- `AWS::ApiGatewayV2::Api`\n- `AWS::AutoScaling::AutoScalingGroup`\n- `AWS::DocDB::DBCluster`\n- `AWS::DocDB::DBGlobalCluster`\n- `AWS::DocDB::DBInstance`\n- `AWS::DynamoDB::GlobalTable`\n- `AWS::DynamoDB::Table`\n- `AWS::EC2::EC2Fleet`\n- `AWS::EC2::Instance`\n- `AWS::EC2::NatGateway`\n- `AWS::EC2::Volume`\n- `AWS::ElasticLoadBalancing::LoadBalancer`\n- `AWS::RDS::DBCluster`\n- `AWS::RDS::DBInstance`\n- `AWS::RDS::GlobalCluster`\n- `AWS::Route53::RecordSet`\n- `AWS::S3::Bucket`\n- `AWS::SQS::Queue`" + "AwsAccountId": "", + "AwsRegion": "", + "Identifier": "", + "Type": "" }, "AWS::ResilienceHub::App ResourceMapping": { "EksSourceName": "", - "LogicalStackName": "The name of the AWS CloudFormation stack this resource is mapped to.", - "MappingType": "Specifies the type of resource mapping.\n\n- **AppRegistryApp** - The resource is mapped to another application. The name of the application is contained in the `appRegistryAppName` property.\n- **CfnStack** - The resource is mapped to a AWS CloudFormation stack. The name of the AWS CloudFormation stack is contained in the `logicalStackName` property.\n- **Resource** - The resource is mapped to another resource. The name of the resource is contained in the `resourceName` property.\n- **ResourceGroup** - The resource is mapped to AWS Resource Groups . The name of the resource group is contained in the `resourceGroupName` property.", - "PhysicalResourceId": "Identifier of the physical resource.", - "ResourceName": "Name of the resource that the resource is mapped to.", - "TerraformSourceName": "The short name of the Terraform source." + "LogicalStackName": "", + "MappingType": "", + "PhysicalResourceId": "", + "ResourceName": "", + "TerraformSourceName": "" }, "AWS::ResilienceHub::ResiliencyPolicy": { - "DataLocationConstraint": "Specifies a high-level geographical location constraint for where your resilience policy data can be stored.", - "Policy": "The resiliency policy.", - "PolicyDescription": "The description for the policy.", - "PolicyName": "The name of the policy", + "DataLocationConstraint": "", + "Policy": "", + "PolicyDescription": "", + "PolicyName": "", "Tags": "", - "Tier": "The tier for this resiliency policy, ranging from the highest severity ( `MissionCritical` ) to lowest ( `NonCritical` )." + "Tier": "" }, "AWS::ResilienceHub::ResiliencyPolicy FailurePolicy": { - "RpoInSecs": "Recovery Point Objective (RPO) in seconds.", - "RtoInSecs": "Recovery Time Objective (RTO) in seconds." + "RpoInSecs": "", + "RtoInSecs": "" }, "AWS::ResourceExplorer2::DefaultViewAssociation": { "ViewArn": "The ARN of the view to set as the default for the AWS Region and AWS account in which you call this operation. The specified view must already exist in the specified Region." @@ -35193,6 +35216,7 @@ "AWS::ResourceExplorer2::View": { "Filters": "An array of strings that include search keywords, prefixes, and operators that filter the results that are returned for queries made using this view. When you use this view in a [Search](https://docs.aws.amazon.com/resource-explorer/latest/apireference/API_Search.html) operation, the filter string is combined with the search's `QueryString` parameter using a logical `AND` operator.\n\nFor information about the supported syntax, see [Search query reference for Resource Explorer](https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search-query-syntax.html) in the *AWS Resource Explorer User Guide* .\n\n> This query string in the context of this operation supports only [filter prefixes](https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search-query-syntax.html#query-syntax-filters) with optional [operators](https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search-query-syntax.html#query-syntax-operators) . It doesn't support free-form text. For example, the string `region:us* service:ec2 -tag:stage=prod` includes all Amazon EC2 resources in any AWS Region that begin with the letters `us` and are *not* tagged with a key `Stage` that has the value `prod` .", "IncludedProperties": "A list of fields that provide additional information about the view.", + "Scope": "The root ARN of the account, an organizational unit (OU), or an organization ARN. If left empty, the default is account.", "Tags": "Tag key and value pairs that are attached to the view.", "ViewName": "The name of the new view." }, @@ -35310,14 +35334,14 @@ "Value": "The tag value." }, "AWS::RolesAnywhere::Profile": { - "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", - "Enabled": "Indicates whether the profile is enabled.", - "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", - "Name": "The name of the profile.", - "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", - "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", - "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", - "Tags": "The tags to attach to the profile." + "DurationSeconds": "The number of seconds vended session credentials will be valid for", + "Enabled": "The enabled status of the resource.", + "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "Name": "The customer specified name of the resource.", + "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", + "Tags": "A list of Tags." }, "AWS::RolesAnywhere::Profile Tag": { "Key": "The tag key.", @@ -35337,8 +35361,8 @@ "Threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled." }, "AWS::RolesAnywhere::TrustAnchor Source": { - "SourceData": "The data field of the trust anchor depending on its type.", - "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." + "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", + "SourceType": "The type of the TrustAnchor." }, "AWS::RolesAnywhere::TrustAnchor SourceData": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", @@ -36049,7 +36073,7 @@ "AdvancedDataProtectionMetrics": "This property contains the details of account-level advanced data protection metrics for S3 Storage Lens.", "BucketLevel": "This property contains the details of the account-level bucket-level configurations for Amazon S3 Storage Lens.", "DetailedStatusCodesMetrics": "This property contains the details of account-level detailed status code metrics for S3 Storage Lens.", - "StorageLensGroupLevel": "" + "StorageLensGroupLevel": "This property determines the scope of Storage Lens group data that is displayed in the Storage Lens dashboard." }, "AWS::S3::StorageLens ActivityMetrics": { "IsEnabled": "A property that indicates whether the activity metrics is enabled." @@ -36122,51 +36146,51 @@ "StorageLensArn": "This property contains the details of the ARN of the S3 Storage Lens configuration. This property is read-only." }, "AWS::S3::StorageLens StorageLensGroupLevel": { - "StorageLensGroupSelectionCriteria": "" + "StorageLensGroupSelectionCriteria": "This property indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected." }, "AWS::S3::StorageLens StorageLensGroupSelectionCriteria": { - "Exclude": "", - "Include": "" + "Exclude": "This property indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.", + "Include": "This property indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation." }, "AWS::S3::StorageLens Tag": { "Key": "Name of the object key.", "Value": "Value of the tag." }, "AWS::S3::StorageLensGroup": { - "Filter": "", - "Name": "", - "Tags": "" + "Filter": "This property contains the criteria for the Storage Lens group data that is displayed", + "Name": "This property contains the Storage Lens group name.", + "Tags": "This property contains the AWS resource tags that you're adding to your Storage Lens group. This parameter is optional." }, "AWS::S3::StorageLensGroup And": { - "MatchAnyPrefix": "", - "MatchAnySuffix": "", - "MatchAnyTag": "", - "MatchObjectAge": "", - "MatchObjectSize": "" + "MatchAnyPrefix": "This property contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.", + "MatchAnySuffix": "This property contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.", + "MatchAnyTag": "This property contains the list of object tags. At least one object tag must be specified. Up to 10 object tags are allowed.", + "MatchObjectAge": "This property contains `DaysGreaterThan` and `DaysLessThan` properties to define the object age range (minimum and maximum number of days).", + "MatchObjectSize": "This property contains `BytesGreaterThan` and `BytesLessThan` to define the object size range (minimum and maximum number of Bytes)." }, "AWS::S3::StorageLensGroup Filter": { - "And": "", - "MatchAnyPrefix": "", - "MatchAnySuffix": "", - "MatchAnyTag": "", - "MatchObjectAge": "", - "MatchObjectSize": "", - "Or": "" + "And": "This property contains the `And` logical operator, which allows multiple filter conditions to be joined for more complex comparisons of Storage Lens group data. Objects must match all of the listed filter conditions that are joined by the `And` logical operator. Only one of each filter condition is allowed.", + "MatchAnyPrefix": "This property contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.", + "MatchAnySuffix": "This property contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.", + "MatchAnyTag": "This property contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.", + "MatchObjectAge": "This property contains `DaysGreaterThan` and `DaysLessThan` to define the object age range (minimum and maximum number of days).", + "MatchObjectSize": "This property contains `BytesGreaterThan` and `BytesLessThan` to define the object size range (minimum and maximum number of Bytes).", + "Or": "This property contains the `Or` logical operator, which allows multiple filter conditions to be joined. Objects can match any of the listed filter conditions, which are joined by the `Or` logical operator. Only one of each filter condition is allowed." }, "AWS::S3::StorageLensGroup MatchObjectAge": { - "DaysGreaterThan": "", - "DaysLessThan": "" + "DaysGreaterThan": "This property indicates the minimum object age in days.", + "DaysLessThan": "This property indicates the maximum object age in days." }, "AWS::S3::StorageLensGroup MatchObjectSize": { - "BytesGreaterThan": "", - "BytesLessThan": "" + "BytesGreaterThan": "This property specifies the minimum object size in bytes. The value must be a positive number, greater than 0 and less than 5 TB.", + "BytesLessThan": "This property specifies the maximum object size in bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB." }, "AWS::S3::StorageLensGroup Or": { - "MatchAnyPrefix": "", - "MatchAnySuffix": "", - "MatchAnyTag": "", - "MatchObjectAge": "", - "MatchObjectSize": "" + "MatchAnyPrefix": "This property contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes are allowed.", + "MatchAnySuffix": "This property contains the list of suffixes. At least one suffix must be specified. Up to 10 suffixes are allowed.", + "MatchAnyTag": "This property contains the list of S3 object tags. At least one object tag must be specified. Up to 10 object tags are allowed.", + "MatchObjectAge": "This property filters objects that match the specified object age range.", + "MatchObjectSize": "This property contains the `BytesGreaterThan` and `BytesLessThan` values to define the object size range (minimum and maximum number of Bytes)." }, "AWS::S3::StorageLensGroup Tag": { "Key": "Name of the object key.", @@ -39619,12 +39643,12 @@ "Type": "Currently, the following step types are supported.\n\n- *`COPY`* - Copy the file to another location.\n- *`CUSTOM`* - Perform a custom step with an AWS Lambda function target.\n- *`DECRYPT`* - Decrypt a file that was encrypted before it was uploaded.\n- *`DELETE`* - Delete the file.\n- *`TAG`* - Add a tag to the file." }, "AWS::VerifiedPermissions::IdentitySource": { - "Configuration": "Contains configuration information used when creating a new .\n\n> At this time, the only valid member of this structure is a user pool configuration.\n> \n> You must specify a `userPoolArn` , and optionally, a `ClientId` . \n\nThis data type is used as a request parameter for the [CreateIdentitySource](https://docs.aws.amazon.com/API_CreateIdentitySource.html) operation.", - "PolicyStoreId": "Specifies the ID of the in which you want to store this . Only policies and requests made using this can reference identities from the identity provider configured in the new .", - "PrincipalEntityType": "Specifies the namespace and data type of the principals generated for identities authenticated by the new ." + "Configuration": "Contains configuration information used when creating a new identity source.\n\n> At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.\n> \n> You must specify a `userPoolArn` , and optionally, a `ClientId` . \n\nThis data type is used as a request parameter for the [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) operation.", + "PolicyStoreId": "Specifies the ID of the policy store in which you want to store this identity source. Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.", + "PrincipalEntityType": "Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source." }, "AWS::VerifiedPermissions::IdentitySource CognitoUserPoolConfiguration": { - "ClientIds": "The unique application client IDs that are associated with the specified user pool.\n\nExample: `\"ClientIds\": [\"&ExampleCogClientId;\"]`", + "ClientIds": "The unique application client IDs that are associated with the specified Amazon Cognito user pool.\n\nExample: `\"ClientIds\": [\"&ExampleCogClientId;\"]`", "UserPoolArn": "The [Amazon Resource Name (ARN)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the Amazon Cognito user pool that contains the identities to be authorized." }, "AWS::VerifiedPermissions::IdentitySource IdentitySourceConfiguration": { @@ -39633,36 +39657,36 @@ "AWS::VerifiedPermissions::IdentitySource IdentitySourceDetails": { "ClientIds": "The application client IDs associated with the specified Amazon Cognito user pool that are enabled for this identity source.", "DiscoveryUrl": "The well-known URL that points to this user pool's OIDC discovery endpoint. This is a URL string in the following format. This URL replaces the placeholders for both the AWS Region and the user pool identifier with those appropriate for this user pool.\n\n`https://cognito-idp. ** .amazonaws.com/ ** /.well-known/openid-configuration`", - "OpenIdIssuer": "A string that identifies the type of OIDC service represented by this .\n\nAt this time, the only valid value is `cognito` .", + "OpenIdIssuer": "A string that identifies the type of OIDC service represented by this identity source.\n\nAt this time, the only valid value is `cognito` .", "UserPoolArn": "The [Amazon Resource Name (ARN)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the Amazon Cognito user pool whose identities are accessible to this Verified Permissions policy store." }, "AWS::VerifiedPermissions::Policy": { "Definition": "Specifies the policy type and content to use for the new or updated policy. The definition structure must include either a `Static` or a `TemplateLinked` element.", - "PolicyStoreId": "Specifies the `PolicyStoreId` of the you want to store the policy in." + "PolicyStoreId": "Specifies the `PolicyStoreId` of the policy store you want to store the policy in." }, "AWS::VerifiedPermissions::Policy EntityIdentifier": { "EntityId": "The identifier of an entity.\n\n`\"entityId\":\" *identifier* \"`", "EntityType": "The type of an entity.\n\nExample: `\"entityType\":\" *typeName* \"`" }, "AWS::VerifiedPermissions::Policy PolicyDefinition": { - "Static": "A structure that describes . An doesn't use a template or allow placeholders for entities.", - "TemplateLinked": "A structure that describes a policy that was instantiated from a template. The template can specify placeholders for `principal` and `resource` . When you use [CreatePolicy](https://docs.aws.amazon.com/API_CreatePolicy.html) to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy." + "Static": "A structure that describes a static policy. An static policy doesn't use a template or allow placeholders for entities.", + "TemplateLinked": "A structure that describes a policy that was instantiated from a template. The template can specify placeholders for `principal` and `resource` . When you use [CreatePolicy](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy." }, "AWS::VerifiedPermissions::Policy StaticPolicyDefinition": { - "Description": "The description of the .", - "Statement": "The policy content of the , written in the ." + "Description": "The description of the static policy.", + "Statement": "The policy content of the static policy, written in the Cedar policy language." }, "AWS::VerifiedPermissions::Policy TemplateLinkedPolicyDefinition": { "PolicyTemplateId": "The unique identifier of the policy template used to create this policy.", - "Principal": "The principal associated with this . substitutes this principal for the `?principal` placeholder in the when it evaluates an authorization request.", - "Resource": "The resource associated with this . substitutes this resource for the `?resource` placeholder in the when it evaluates an authorization request." + "Principal": "The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the `?principal` placeholder in the policy template when it evaluates an authorization request.", + "Resource": "The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the `?resource` placeholder in the policy template when it evaluates an authorization request." }, "AWS::VerifiedPermissions::PolicyStore": { "Schema": "Creates or updates the policy schema in a policy store. Cedar can use the schema to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time.", - "ValidationSettings": "Specifies the validation setting for this .\n\nCurrently, the only valid and required value is `Mode` .\n\n> We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on." + "ValidationSettings": "Specifies the validation setting for this policy store.\n\nCurrently, the only valid and required value is `Mode` .\n\n> We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on." }, "AWS::VerifiedPermissions::PolicyStore SchemaDefinition": { - "CedarJson": "A JSON string representation of the schema supported by applications that use this . For more information, see [Policy store schema](https://docs.aws.amazon.com/schema.html) in the ** ." + "CedarJson": "A JSON string representation of the schema supported by applications that use this policy store. For more information, see [Policy store schema](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) in the *Amazon Verified Permissions User Guide* ." }, "AWS::VerifiedPermissions::PolicyStore ValidationSettings": { "Mode": "The validation mode currently configured for this policy store. The valid values are:\n\n- *OFF* \u2013 Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.\n- *STRICT* \u2013 Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.\n\n> If `Mode=STRICT` and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.\n> \n> To submit a static policy or policy template without a schema, you must turn off validation." @@ -39670,7 +39694,7 @@ "AWS::VerifiedPermissions::PolicyTemplate": { "Description": "The description to attach to the new or updated policy template.", "PolicyStoreId": "The unique identifier of the policy store that contains the template.", - "Statement": "Specifies the content that you want to use for the new , written in the policy language." + "Statement": "Specifies the content that you want to use for the new policy template, written in the Cedar policy language." }, "AWS::VoiceID::Domain": { "Description": "The description of the domain.", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index df0f65945..daf574ac9 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -29271,22 +29271,22 @@ "additionalProperties": false, "properties": { "AllowCleartext": { - "markdownDescription": "Indicates whether encrypted tables can contain cleartext data (true) or are to cryptographically process every column (false).", + "markdownDescription": "Indicates whether encrypted tables can contain cleartext data ( `TRUE` ) or are to cryptographically process every column ( `FALSE` ).", "title": "AllowCleartext", "type": "boolean" }, "AllowDuplicates": { - "markdownDescription": "Indicates whether Fingerprint columns can contain duplicate entries (true) or are to contain only non-repeated values (false).", + "markdownDescription": "Indicates whether Fingerprint columns can contain duplicate entries ( `TRUE` ) or are to contain only non-repeated values ( `FALSE` ).", "title": "AllowDuplicates", "type": "boolean" }, "AllowJoinsOnColumnsWithDifferentNames": { - "markdownDescription": "Indicates whether Fingerprint columns can be joined on any other Fingerprint column with a different name (true) or can only be joined on Fingerprint columns of the same name (false).", + "markdownDescription": "Indicates whether Fingerprint columns can be joined on any other Fingerprint column with a different name ( `TRUE` ) or can only be joined on Fingerprint columns of the same name ( `FALSE` ).", "title": "AllowJoinsOnColumnsWithDifferentNames", "type": "boolean" }, "PreserveNulls": { - "markdownDescription": "Indicates whether NULL values are to be copied as NULL to encrypted tables (true) or cryptographically processed (false).", + "markdownDescription": "Indicates whether NULL values are to be copied as NULL to encrypted tables ( `TRUE` ) or cryptographically processed ( `FALSE` ).", "title": "PreserveNulls", "type": "boolean" } @@ -29303,7 +29303,7 @@ "additionalProperties": false, "properties": { "AccountId": { - "markdownDescription": "The identifier used to reference members of the collaboration. Currently only supports ID.", + "markdownDescription": "The identifier used to reference members of the collaboration. Currently only supports AWS account ID.", "title": "AccountId", "type": "string" }, @@ -29587,7 +29587,7 @@ "items": { "type": "string" }, - "markdownDescription": "The accounts that are allowed to query by the custom analysis rule. Required when `allowedAnalyses` is `ANY_QUERY` .", + "markdownDescription": "The AWS accounts that are allowed to query by the custom analysis rule. Required when `allowedAnalyses` is `ANY_QUERY` .", "title": "AllowedAnalysisProviders", "type": "array" } @@ -29844,7 +29844,7 @@ "title": "DefaultResultConfiguration" }, "QueryLogStatus": { - "markdownDescription": "An indicator as to whether query logging has been enabled or disabled for the collaboration.", + "markdownDescription": "An indicator as to whether query logging has been enabled or disabled for the membership.", "title": "QueryLogStatus", "type": "string" }, @@ -29907,7 +29907,7 @@ "title": "OutputConfiguration" }, "RoleArn": { - "markdownDescription": "The unique ARN for an IAM role that is used by to write protected query results to the result location, given by the member who can receive results.", + "markdownDescription": "The unique ARN for an IAM role that is used by AWS Clean Rooms to write protected query results to the result location, given by the member who can receive results.", "title": "RoleArn", "type": "string" } @@ -51996,7 +51996,7 @@ "type": "number" }, "MinCapacityUnits": { - "markdownDescription": "Specifies the minimum value of the AWS DMS capacity units (DCUs) for which a given AWS DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCU as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. So, the minimum DCU value that you can specify for AWS DMS Serverless is 1. You don't have to specify a value for the `MinCapacityUnits` parameter. If you don't set this value, AWS DMS scans the current activity of available source tables to identify an optimum setting for this parameter. If there is no current source activity or AWS DMS can't otherwise identify a more appropriate value, it sets this parameter to the minimum DCU value allowed, 1.", + "markdownDescription": "Specifies the minimum value of the AWS DMS capacity units (DCUs) for which a given AWS DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCU as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. So, the minimum DCU value that you can specify for AWS DMS Serverless is 1. If you don't set this value, AWS DMS sets this parameter to the minimum DCU value allowed, 1. If there is no current source activity, AWS DMS scales down your replication until it reaches the value specified in `MinCapacityUnits` .", "title": "MinCapacityUnits", "type": "number" }, @@ -91706,7 +91706,7 @@ "type": "string" }, "ServerSdkVersion": { - "markdownDescription": "The Amazon GameLift Server SDK version used to develop your game server.", + "markdownDescription": "A server SDK version you used when integrating your game server build with Amazon GameLift. For more information see [Integrate games with custom game servers](https://docs.aws.amazon.com/gamelift/latest/developerguide/integration-custom-intro.html) . By default Amazon GameLift sets this value to `4.0.2` .", "title": "ServerSdkVersion", "type": "string" }, @@ -91747,7 +91747,7 @@ "additionalProperties": false, "properties": { "Bucket": { - "markdownDescription": "An Amazon S3 bucket identifier. Thename of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", + "markdownDescription": "An Amazon S3 bucket identifier. The name of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", "title": "Bucket", "type": "string" }, @@ -91757,12 +91757,12 @@ "type": "string" }, "ObjectVersion": { - "markdownDescription": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", + "markdownDescription": "A version of a stored file to retrieve, if the object versioning feature is turned on for the S3 bucket. Use this parameter to specify a specific version. If this parameter isn't set, Amazon GameLift retrieves the latest version of the file.", "title": "ObjectVersion", "type": "string" }, "RoleArn": { - "markdownDescription": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket.", + "markdownDescription": "The ARNfor an IAM role that allows Amazon GameLift to access the S3 bucket.", "title": "RoleArn", "type": "string" } @@ -91811,12 +91811,10 @@ "properties": { "AnywhereConfiguration": { "$ref": "#/definitions/AWS::GameLift::Fleet.AnywhereConfiguration", - "markdownDescription": "Amazon GameLift Anywhere configuration options for your Anywhere fleets.", + "markdownDescription": "Amazon GameLift Anywhere configuration options.", "title": "AnywhereConfiguration" }, "ApplyCapacity": { - "markdownDescription": "", - "title": "ApplyCapacity", "type": "string" }, "BuildId": { @@ -91830,7 +91828,7 @@ "title": "CertificateConfiguration" }, "ComputeType": { - "markdownDescription": "The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Anywhere or use Amazon EC2 instances with managed Amazon GameLift.", + "markdownDescription": "The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Anywhere or use Amazon EC2 instances with managed Amazon GameLift. By default, this property is set to `EC2` .", "title": "ComputeType", "type": "string" }, @@ -91932,7 +91930,7 @@ "items": { "$ref": "#/definitions/AWS::GameLift::Fleet.ScalingPolicy" }, - "markdownDescription": "", + "markdownDescription": "Rule that controls how a fleet is scaled. Scaling policies are uniquely identified by the combination of name and fleet ID.", "title": "ScalingPolicies", "type": "array" }, @@ -92197,7 +92195,7 @@ "type": "string" }, "Parameters": { - "markdownDescription": "An optional list of parameters to pass to the server executable or Realtime script on launch.", + "markdownDescription": "An optional list of parameters to pass to the server executable or Realtime script on launch.\n\nLength Constraints: Minimum length of 1. Maximum length of 1024.\n\nPattern: [A-Za-z0-9_:.+\\/\\\\\\- =@{},?'\\[\\]\"]+", "title": "Parameters", "type": "string" } @@ -92548,8 +92546,6 @@ "additionalProperties": false, "properties": { "DestinationArn": { - "markdownDescription": "The Amazon Resource Name (ARN) that is assigned to fleet or fleet alias. ARNs, which include a fleet ID or alias ID and a Region name, provide a unique identifier across all Regions.", - "title": "DestinationArn", "type": "string" } }, @@ -92643,7 +92639,7 @@ "additionalProperties": false, "properties": { "LocationName": { - "markdownDescription": "The location's name.", + "markdownDescription": "A descriptive name for the custom location.", "title": "LocationName", "type": "string" }, @@ -92651,7 +92647,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "", + "markdownDescription": "A list of labels to assign to the new matchmaking configuration resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Rareference* .", "title": "Tags", "type": "array" } @@ -106919,7 +106915,7 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::InternetMonitor::Monitor.S3Config", - "markdownDescription": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.", + "markdownDescription": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3.", "title": "S3Config" } }, @@ -106950,17 +106946,17 @@ "additionalProperties": false, "properties": { "BucketName": { - "markdownDescription": "The Amazon S3 bucket name.", + "markdownDescription": "The Amazon S3 bucket name for internet measurements publishing.", "title": "BucketName", "type": "string" }, "BucketPrefix": { - "markdownDescription": "The Amazon S3 bucket prefix.", + "markdownDescription": "An optional Amazon S3 bucket prefix for internet measurements publishing.", "title": "BucketPrefix", "type": "string" }, "LogDeliveryStatus": { - "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket.", + "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise.", "title": "LogDeliveryStatus", "type": "string" } @@ -167036,12 +167032,12 @@ "additionalProperties": false, "properties": { "CodebuildRoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of an service role in the environment account. uses this role to provision infrastructure resources using CodeBuild-based provisioning in the associated environment account.", + "markdownDescription": "The Amazon Resource Name (ARN) of an IAM service role in the environment account. AWS Proton uses this role to provision infrastructure resources using CodeBuild-based provisioning in the associated environment account.", "title": "CodebuildRoleArn", "type": "string" }, "ComponentRoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the service role that uses when provisioning directly defined components in the associated environment account. It determines the scope of infrastructure that a component can provision in the account.\n\nThe environment account connection must have a `componentRoleArn` to allow directly defined components to be associated with any environments running in the account.", + "markdownDescription": "The Amazon Resource Name (ARN) of the IAM service role that AWS Proton uses when provisioning directly defined components in the associated environment account. It determines the scope of infrastructure that a component can provision in the account.\n\nThe environment account connection must have a `componentRoleArn` to allow directly defined components to be associated with any environments running in the account.\n\nFor more information about components, see [AWS Proton components](https://docs.aws.amazon.com/proton/latest/userguide/ag-components.html) in the *AWS Proton User Guide* .", "title": "ComponentRoleArn", "type": "string" }, @@ -167069,7 +167065,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An optional list of metadata items that you can associate with the environment account connection. A tag is a key-value pair.\n\nFor more information, see [resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *User Guide* .", + "markdownDescription": "An optional list of metadata items that you can associate with the AWS Proton environment account connection. A tag is a key-value pair.\n\nFor more information, see [AWS Proton resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *AWS Proton User Guide* .", "title": "Tags", "type": "array" } @@ -167160,7 +167156,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An optional list of metadata items that you can associate with the environment template. A tag is a key-value pair.\n\nFor more information, see [resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *User Guide* .", + "markdownDescription": "An optional list of metadata items that you can associate with the AWS Proton environment template. A tag is a key-value pair.\n\nFor more information, see [AWS Proton resources and tagging](https://docs.aws.amazon.com/proton/latest/userguide/resources.html) in the *AWS Proton User Guide* .", "title": "Tags", "type": "array" } @@ -181902,9 +181898,7 @@ "type": "array" }, "Options": { - "$ref": "#/definitions/AWS::QuickSight::Dashboard.AssetOptions", - "markdownDescription": "", - "title": "Options" + "$ref": "#/definitions/AWS::QuickSight::Dashboard.AssetOptions" }, "Sheets": { "items": { @@ -204610,9 +204604,7 @@ "type": "array" }, "Options": { - "$ref": "#/definitions/AWS::QuickSight::Template.AssetOptions", - "markdownDescription": "", - "title": "Options" + "$ref": "#/definitions/AWS::QuickSight::Template.AssetOptions" }, "Sheets": { "items": { @@ -213146,7 +213138,7 @@ "additionalProperties": false, "properties": { "AppAssessmentSchedule": { - "markdownDescription": "Assessment execution schedule with 'Daily' or 'Disabled' values.", + "markdownDescription": "", "title": "AppAssessmentSchedule", "type": "string" }, @@ -213156,7 +213148,7 @@ "type": "string" }, "Description": { - "markdownDescription": "Optional description for an application.", + "markdownDescription": "", "title": "Description", "type": "string" }, @@ -213164,18 +213156,18 @@ "items": { "$ref": "#/definitions/AWS::ResilienceHub::App.EventSubscription" }, - "markdownDescription": "The list of events you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* and *Scheduled assessment failure* events.", + "markdownDescription": "", "title": "EventSubscriptions", "type": "array" }, "Name": { - "markdownDescription": "Name for the application.", + "markdownDescription": "", "title": "Name", "type": "string" }, "PermissionModel": { "$ref": "#/definitions/AWS::ResilienceHub::App.PermissionModel", - "markdownDescription": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment.", + "markdownDescription": "", "title": "PermissionModel" }, "ResiliencyPolicyArn": { @@ -213235,17 +213227,17 @@ "additionalProperties": false, "properties": { "EventType": { - "markdownDescription": "The type of event you would like to subscribe and get notification for. Currently, AWS Resilience Hub supports notifications only for *Drift detected* ( `DriftDetected` ) and *Scheduled assessment failure* ( `ScheduledAssessmentFailure` ) events.", + "markdownDescription": "", "title": "EventType", "type": "string" }, "Name": { - "markdownDescription": "Unique name to identify an event subscription.", + "markdownDescription": "", "title": "Name", "type": "string" }, "SnsTopicArn": { - "markdownDescription": "Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic. The format for this ARN is: `arn:partition:sns:region:account:topic-name` .", + "markdownDescription": "", "title": "SnsTopicArn", "type": "string" } @@ -213263,17 +213255,17 @@ "items": { "type": "string" }, - "markdownDescription": "Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.\n\n> - These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts.\n> - These roles must have a trust policy with `iam:AssumeRole` permission to the invoker role in the primary account.", + "markdownDescription": "", "title": "CrossAccountRoleArns", "type": "array" }, "InvokerRoleName": { - "markdownDescription": "Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.\n\n> - You must have `iam:passRole` permission for this role while creating or updating the application.\n> - Currently, `invokerRoleName` accepts only `[A-Za-z0-9_+=,.@-]` characters.", + "markdownDescription": "", "title": "InvokerRoleName", "type": "string" }, "Type": { - "markdownDescription": "Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.", + "markdownDescription": "", "title": "Type", "type": "string" } @@ -213287,22 +213279,22 @@ "additionalProperties": false, "properties": { "AwsAccountId": { - "markdownDescription": "The account that owns the physical resource.", + "markdownDescription": "", "title": "AwsAccountId", "type": "string" }, "AwsRegion": { - "markdownDescription": "The that the physical resource is located in.", + "markdownDescription": "", "title": "AwsRegion", "type": "string" }, "Identifier": { - "markdownDescription": "Identifier of the physical resource.", + "markdownDescription": "", "title": "Identifier", "type": "string" }, "Type": { - "markdownDescription": "Specifies the type of physical resource identifier.\n\n- **Arn** - The resource identifier is an Amazon Resource Name (ARN) and it can identify the following list of resources:\n\n- `AWS::ECS::Service`\n- `AWS::EFS::FileSystem`\n- `AWS::ElasticLoadBalancingV2::LoadBalancer`\n- `AWS::Lambda::Function`\n- `AWS::SNS::Topic`\n- **Native** - The resource identifier is an AWS Resilience Hub -native identifier and it can identify the following list of resources:\n\n- `AWS::ApiGateway::RestApi`\n- `AWS::ApiGatewayV2::Api`\n- `AWS::AutoScaling::AutoScalingGroup`\n- `AWS::DocDB::DBCluster`\n- `AWS::DocDB::DBGlobalCluster`\n- `AWS::DocDB::DBInstance`\n- `AWS::DynamoDB::GlobalTable`\n- `AWS::DynamoDB::Table`\n- `AWS::EC2::EC2Fleet`\n- `AWS::EC2::Instance`\n- `AWS::EC2::NatGateway`\n- `AWS::EC2::Volume`\n- `AWS::ElasticLoadBalancing::LoadBalancer`\n- `AWS::RDS::DBCluster`\n- `AWS::RDS::DBInstance`\n- `AWS::RDS::GlobalCluster`\n- `AWS::Route53::RecordSet`\n- `AWS::S3::Bucket`\n- `AWS::SQS::Queue`", + "markdownDescription": "", "title": "Type", "type": "string" } @@ -213322,27 +213314,27 @@ "type": "string" }, "LogicalStackName": { - "markdownDescription": "The name of the AWS CloudFormation stack this resource is mapped to.", + "markdownDescription": "", "title": "LogicalStackName", "type": "string" }, "MappingType": { - "markdownDescription": "Specifies the type of resource mapping.\n\n- **AppRegistryApp** - The resource is mapped to another application. The name of the application is contained in the `appRegistryAppName` property.\n- **CfnStack** - The resource is mapped to a AWS CloudFormation stack. The name of the AWS CloudFormation stack is contained in the `logicalStackName` property.\n- **Resource** - The resource is mapped to another resource. The name of the resource is contained in the `resourceName` property.\n- **ResourceGroup** - The resource is mapped to AWS Resource Groups . The name of the resource group is contained in the `resourceGroupName` property.", + "markdownDescription": "", "title": "MappingType", "type": "string" }, "PhysicalResourceId": { "$ref": "#/definitions/AWS::ResilienceHub::App.PhysicalResourceId", - "markdownDescription": "Identifier of the physical resource.", + "markdownDescription": "", "title": "PhysicalResourceId" }, "ResourceName": { - "markdownDescription": "Name of the resource that the resource is mapped to.", + "markdownDescription": "", "title": "ResourceName", "type": "string" }, "TerraformSourceName": { - "markdownDescription": "The short name of the Terraform source.", + "markdownDescription": "", "title": "TerraformSourceName", "type": "string" } @@ -213389,13 +213381,13 @@ "additionalProperties": false, "properties": { "DataLocationConstraint": { - "markdownDescription": "Specifies a high-level geographical location constraint for where your resilience policy data can be stored.", + "markdownDescription": "", "title": "DataLocationConstraint", "type": "string" }, "Policy": { "additionalProperties": false, - "markdownDescription": "The resiliency policy.", + "markdownDescription": "", "patternProperties": { "^[a-zA-Z0-9]+$": { "$ref": "#/definitions/AWS::ResilienceHub::ResiliencyPolicy.FailurePolicy" @@ -213405,12 +213397,12 @@ "type": "object" }, "PolicyDescription": { - "markdownDescription": "The description for the policy.", + "markdownDescription": "", "title": "PolicyDescription", "type": "string" }, "PolicyName": { - "markdownDescription": "The name of the policy", + "markdownDescription": "", "title": "PolicyName", "type": "string" }, @@ -213426,7 +213418,7 @@ "type": "object" }, "Tier": { - "markdownDescription": "The tier for this resiliency policy, ranging from the highest severity ( `MissionCritical` ) to lowest ( `NonCritical` ).", + "markdownDescription": "", "title": "Tier", "type": "string" } @@ -213463,12 +213455,12 @@ "additionalProperties": false, "properties": { "RpoInSecs": { - "markdownDescription": "Recovery Point Objective (RPO) in seconds.", + "markdownDescription": "", "title": "RpoInSecs", "type": "number" }, "RtoInSecs": { - "markdownDescription": "Recovery Time Objective (RTO) in seconds.", + "markdownDescription": "", "title": "RtoInSecs", "type": "number" } @@ -214725,12 +214717,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "markdownDescription": "The number of seconds vended session credentials will be valid for", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "Indicates whether the profile is enabled.", + "markdownDescription": "The enabled status of the resource.", "title": "Enabled", "type": "boolean" }, @@ -214738,17 +214730,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The name of the profile.", + "markdownDescription": "The customer specified name of the resource.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -214756,12 +214748,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -214769,7 +214761,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags to attach to the profile.", + "markdownDescription": "A list of Tags.", "title": "Tags", "type": "array" } @@ -214930,11 +214922,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "The data field of the trust anchor depending on its type.", + "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", + "markdownDescription": "The type of the TrustAnchor.", "title": "SourceType", "type": "string" } @@ -219874,7 +219866,7 @@ }, "StorageLensGroupLevel": { "$ref": "#/definitions/AWS::S3::StorageLens.StorageLensGroupLevel", - "markdownDescription": "", + "markdownDescription": "This property determines the scope of Storage Lens group data that is displayed in the Storage Lens dashboard.", "title": "StorageLensGroupLevel" } }, @@ -220203,7 +220195,7 @@ "properties": { "StorageLensGroupSelectionCriteria": { "$ref": "#/definitions/AWS::S3::StorageLens.StorageLensGroupSelectionCriteria", - "markdownDescription": "", + "markdownDescription": "This property indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group aggregation. If this value is left null, then all Storage Lens groups are selected.", "title": "StorageLensGroupSelectionCriteria" } }, @@ -220216,7 +220208,7 @@ "items": { "type": "string" }, - "markdownDescription": "", + "markdownDescription": "This property indicates which Storage Lens group ARNs to exclude from the Storage Lens group aggregation.", "title": "Exclude", "type": "array" }, @@ -220224,7 +220216,7 @@ "items": { "type": "string" }, - "markdownDescription": "", + "markdownDescription": "This property indicates which Storage Lens group ARNs to include in the Storage Lens group aggregation.", "title": "Include", "type": "array" } @@ -243294,16 +243286,16 @@ "properties": { "Configuration": { "$ref": "#/definitions/AWS::VerifiedPermissions::IdentitySource.IdentitySourceConfiguration", - "markdownDescription": "Contains configuration information used when creating a new .\n\n> At this time, the only valid member of this structure is a user pool configuration.\n> \n> You must specify a `userPoolArn` , and optionally, a `ClientId` . \n\nThis data type is used as a request parameter for the [CreateIdentitySource](https://docs.aws.amazon.com/API_CreateIdentitySource.html) operation.", + "markdownDescription": "Contains configuration information used when creating a new identity source.\n\n> At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.\n> \n> You must specify a `userPoolArn` , and optionally, a `ClientId` . \n\nThis data type is used as a request parameter for the [CreateIdentitySource](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) operation.", "title": "Configuration" }, "PolicyStoreId": { - "markdownDescription": "Specifies the ID of the in which you want to store this . Only policies and requests made using this can reference identities from the identity provider configured in the new .", + "markdownDescription": "Specifies the ID of the policy store in which you want to store this identity source. Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.", "title": "PolicyStoreId", "type": "string" }, "PrincipalEntityType": { - "markdownDescription": "Specifies the namespace and data type of the principals generated for identities authenticated by the new .", + "markdownDescription": "Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.", "title": "PrincipalEntityType", "type": "string" } @@ -243341,7 +243333,7 @@ "items": { "type": "string" }, - "markdownDescription": "The unique application client IDs that are associated with the specified user pool.\n\nExample: `\"ClientIds\": [\"&ExampleCogClientId;\"]`", + "markdownDescription": "The unique application client IDs that are associated with the specified Amazon Cognito user pool.\n\nExample: `\"ClientIds\": [\"&ExampleCogClientId;\"]`", "title": "ClientIds", "type": "array" }, @@ -243387,7 +243379,7 @@ "type": "string" }, "OpenIdIssuer": { - "markdownDescription": "A string that identifies the type of OIDC service represented by this .\n\nAt this time, the only valid value is `cognito` .", + "markdownDescription": "A string that identifies the type of OIDC service represented by this identity source.\n\nAt this time, the only valid value is `cognito` .", "title": "OpenIdIssuer", "type": "string" }, @@ -243440,7 +243432,7 @@ "title": "Definition" }, "PolicyStoreId": { - "markdownDescription": "Specifies the `PolicyStoreId` of the you want to store the policy in.", + "markdownDescription": "Specifies the `PolicyStoreId` of the policy store you want to store the policy in.", "title": "PolicyStoreId", "type": "string" } @@ -243496,12 +243488,12 @@ "properties": { "Static": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.StaticPolicyDefinition", - "markdownDescription": "A structure that describes . An doesn't use a template or allow placeholders for entities.", + "markdownDescription": "A structure that describes a static policy. An static policy doesn't use a template or allow placeholders for entities.", "title": "Static" }, "TemplateLinked": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.TemplateLinkedPolicyDefinition", - "markdownDescription": "A structure that describes a policy that was instantiated from a template. The template can specify placeholders for `principal` and `resource` . When you use [CreatePolicy](https://docs.aws.amazon.com/API_CreatePolicy.html) to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy.", + "markdownDescription": "A structure that describes a policy that was instantiated from a template. The template can specify placeholders for `principal` and `resource` . When you use [CreatePolicy](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy.", "title": "TemplateLinked" } }, @@ -243511,12 +243503,12 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the .", + "markdownDescription": "The description of the static policy.", "title": "Description", "type": "string" }, "Statement": { - "markdownDescription": "The policy content of the , written in the .", + "markdownDescription": "The policy content of the static policy, written in the Cedar policy language.", "title": "Statement", "type": "string" } @@ -243536,12 +243528,12 @@ }, "Principal": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.EntityIdentifier", - "markdownDescription": "The principal associated with this . substitutes this principal for the `?principal` placeholder in the when it evaluates an authorization request.", + "markdownDescription": "The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the `?principal` placeholder in the policy template when it evaluates an authorization request.", "title": "Principal" }, "Resource": { "$ref": "#/definitions/AWS::VerifiedPermissions::Policy.EntityIdentifier", - "markdownDescription": "The resource associated with this . substitutes this resource for the `?resource` placeholder in the when it evaluates an authorization request.", + "markdownDescription": "The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the `?resource` placeholder in the policy template when it evaluates an authorization request.", "title": "Resource" } }, @@ -243592,7 +243584,7 @@ }, "ValidationSettings": { "$ref": "#/definitions/AWS::VerifiedPermissions::PolicyStore.ValidationSettings", - "markdownDescription": "Specifies the validation setting for this .\n\nCurrently, the only valid and required value is `Mode` .\n\n> We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on.", + "markdownDescription": "Specifies the validation setting for this policy store.\n\nCurrently, the only valid and required value is `Mode` .\n\n> We recommend that you turn on `STRICT` mode only after you define a schema. If a schema doesn't exist, then `STRICT` mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) . Then, when you have a schema defined, use [UpdatePolicyStore](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) again to turn validation back on.", "title": "ValidationSettings" } }, @@ -243626,7 +243618,7 @@ "additionalProperties": false, "properties": { "CedarJson": { - "markdownDescription": "A JSON string representation of the schema supported by applications that use this . For more information, see [Policy store schema](https://docs.aws.amazon.com/schema.html) in the ** .", + "markdownDescription": "A JSON string representation of the schema supported by applications that use this policy store. For more information, see [Policy store schema](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) in the *Amazon Verified Permissions User Guide* .", "title": "CedarJson", "type": "string" } @@ -243693,7 +243685,7 @@ "type": "string" }, "Statement": { - "markdownDescription": "Specifies the content that you want to use for the new , written in the policy language.", + "markdownDescription": "Specifies the content that you want to use for the new policy template, written in the Cedar policy language.", "title": "Statement", "type": "string" }