diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 1f0e27ae3..05d002285 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -214756,12 +214756,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "markdownDescription": "The number of seconds vended session credentials will be valid for", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "Indicates whether the profile is enabled.", + "markdownDescription": "The enabled status of the resource.", "title": "Enabled", "type": "boolean" }, @@ -214769,17 +214769,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The name of the profile.", + "markdownDescription": "The customer specified name of the resource.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -214787,12 +214787,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -214800,7 +214800,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags to attach to the profile.", + "markdownDescription": "A list of Tags.", "title": "Tags", "type": "array" } @@ -214961,11 +214961,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "The data field of the trust anchor depending on its type.", + "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", + "markdownDescription": "The type of the TrustAnchor.", "title": "SourceType", "type": "string" } @@ -218156,7 +218156,7 @@ }, "ObjectLockConfiguration": { "$ref": "#/definitions/AWS::S3::Bucket.ObjectLockConfiguration", - "markdownDescription": "Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", + "markdownDescription": "> This operation is not supported by directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", "title": "ObjectLockConfiguration" }, "ObjectLockEnabled": { @@ -251188,7 +251188,7 @@ "items": { "type": "string" }, - "markdownDescription": "The fields from the source that are made available to your agents in Wisdom. Optional if ObjectConfiguration is included in the provided DataIntegration.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , you must include at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` .\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , you must include at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` .\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , you must include at least `id` , `title` , `updated_at` , and `draft` .\n\nMake sure to include additional fields. These fields are indexed and used to source recommendations.", + "markdownDescription": "The fields from the source that are made available to your agents in Amazon Q. Optional if ObjectConfiguration is included in the provided DataIntegration.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , you must include at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` .\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , you must include at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` .\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , you must include at least `id` , `title` , `updated_at` , and `draft` .\n\nMake sure to include additional fields. These fields are indexed and used to source recommendations.", "title": "ObjectFields", "type": "array" } @@ -251202,7 +251202,7 @@ "additionalProperties": false, "properties": { "TemplateUri": { - "markdownDescription": "A URI template containing exactly one variable in `${variableName}` format. This can only be set for `EXTERNAL` knowledge bases. For Salesforce, ServiceNow, and Zendesk, the variable must be one of the following:\n\n- Salesforce: `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , or `IsDeleted`\n- ServiceNow: `number` , `short_description` , `sys_mod_count` , `workflow_state` , or `active`\n- Zendesk: `id` , `title` , `updated_at` , or `draft`\n\nThe variable is replaced with the actual value for a piece of content when calling [GetContent](https://docs.aws.amazon.com/wisdom/latest/APIReference/API_GetContent.html) .", + "markdownDescription": "A URI template containing exactly one variable in `${variableName}` format. This can only be set for `EXTERNAL` knowledge bases. For Salesforce, ServiceNow, and Zendesk, the variable must be one of the following:\n\n- Salesforce: `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , or `IsDeleted`\n- ServiceNow: `number` , `short_description` , `sys_mod_count` , `workflow_state` , or `active`\n- Zendesk: `id` , `title` , `updated_at` , or `draft`\n\nThe variable is replaced with the actual value for a piece of content when calling [GetContent](https://docs.aws.amazon.com/amazon-q-connect/latest/APIReference/API_GetContent.html) .", "title": "TemplateUri", "type": "string" } diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 1d7006829..23eabd85f 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -3926,6 +3926,43 @@ "Key": "", "Value": "" }, + "AWS::Backup::RestoreTestingPlan": { + "RecoveryPointSelection": "The specified criteria to assign a set of resources, such as recovery point types or backup vaults.", + "RestoreTestingPlanName": "This is the restore testing plan name.", + "ScheduleExpression": "A CRON expression in specified timezone when a restore testing plan is executed.", + "ScheduleExpressionTimezone": "Optional. This is the timezone in which the schedule expression is set. By default, ScheduleExpressions are in UTC. You can modify this to a specified timezone.", + "StartWindowHours": "Defaults to 24 hours.\n\nA value in hours after a restore test is scheduled before a job will be canceled if it doesn't start successfully. This value is optional. If this value is included, this parameter has a maximum value of 168 hours (one week).", + "Tags": "" + }, + "AWS::Backup::RestoreTestingPlan RestoreTestingRecoveryPointSelection": { + "Algorithm": "Acceptable values include \"LATEST_WITHIN_WINDOW\" or \"RANDOM_WITHIN_WINDOW\"", + "ExcludeVaults": "Accepted values include specific ARNs or list of selectors. Defaults to empty list if not listed.", + "IncludeVaults": "Accepted values include wildcard [\"*\"] or by specific ARNs or ARN wilcard replacement [\"arn:aws:backup:us-west-2:123456789012:backup-vault:asdf\", ...] [\"arn:aws:backup:*:*:backup-vault:asdf-*\", ...]", + "RecoveryPointTypes": "These are the types of recovery points.", + "SelectionWindowDays": "Accepted values are integers from 1 to 365." + }, + "AWS::Backup::RestoreTestingPlan Tag": { + "Key": "", + "Value": "" + }, + "AWS::Backup::RestoreTestingSelection": { + "IamRoleArn": "The Amazon Resource Name (ARN) of the IAM role that AWS Backup uses to create the target resource; for example: `arn:aws:iam::123456789012:role/S3Access` .", + "ProtectedResourceArns": "You can include specific ARNs, such as `ProtectedResourceArns: [\"arn:aws:...\", \"arn:aws:...\"]` or you can include a wildcard: `ProtectedResourceArns: [\"*\"]` , but not both.", + "ProtectedResourceConditions": "In a resource testing selection, this parameter filters by specific conditions such as `StringEquals` or `StringNotEquals` .", + "ProtectedResourceType": "The type of AWS resource included in a resource testing selection; for example, an Amazon EBS volume or an Amazon RDS database.", + "RestoreMetadataOverrides": "You can override certain restore metadata keys by including the parameter `RestoreMetadataOverrides` in the body of `RestoreTestingSelection` . Key values are not case sensitive.\n\nSee the complete list of [restore testing inferred metadata](https://docs.aws.amazon.com/aws-backup/latest/devguide/restore-testing-inferred-metadata.html) .", + "RestoreTestingPlanName": "The RestoreTestingPlanName is a unique string that is the name of the restore testing plan.", + "RestoreTestingSelectionName": "This is the unique name of the restore testing selection that belongs to the related restore testing plan.", + "ValidationWindowHours": "This is amount of hours (1 to 168) available to run a validation script on the data. The data will be deleted upon the completion of the validation script or the end of the specified retention period, whichever comes first." + }, + "AWS::Backup::RestoreTestingSelection KeyValue": { + "Key": "The tag key (String). The key can't start with `aws:` .\n\nLength Constraints: Minimum length of 1. Maximum length of 128.\n\nPattern: `^(?![aA]{1}[wW]{1}[sS]{1}:)([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+)$`", + "Value": "The value of the key.\n\nLength Constraints: Maximum length of 256.\n\nPattern: `^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$`" + }, + "AWS::Backup::RestoreTestingSelection ProtectedResourceConditions": { + "StringEquals": "Filters the values of your tagged resources for only those resources that you tagged with the same value. Also called \"exact matching.\"", + "StringNotEquals": "Filters the values of your tagged resources for only those resources that you tagged that do not have the same value. Also called \"negated matching.\"" + }, "AWS::BackupGateway::Hypervisor": { "Host": "The server host of the hypervisor. This can be either an IP address or a fully-qualified domain name (FQDN).", "KmsKeyArn": "The Amazon Resource Name (ARN) of the AWS Key Management Service used to encrypt the hypervisor.", @@ -7280,8 +7317,13 @@ }, "AWS::ControlTower::EnabledControl": { "ControlIdentifier": "The ARN of the control. Only *Strongly recommended* and *Elective* controls are permitted, with the exception of the *landing zone Region deny* control. For information on how to find the `controlIdentifier` , see [the overview page](https://docs.aws.amazon.com//controltower/latest/APIReference/Welcome.html) .", + "Parameters": "Array of `EnabledControlParameter` objects.", "TargetIdentifier": "The ARN of the organizational unit. For information on how to find the `targetIdentifier` , see [the overview page](https://docs.aws.amazon.com//controltower/latest/APIReference/Welcome.html) ." }, + "AWS::ControlTower::EnabledControl EnabledControlParameter": { + "Key": "The key of a key/value pair. It is of type `string` .", + "Value": "The value of a key/value pair. It can be of type `array` , `string` , `number` , `object` , or `boolean` . [Note: The *Type* field that follows may show a single type such as Number, which is only one possible type.]" + }, "AWS::ControlTower::LandingZone": { "Manifest": "The landing zone `manifest.yaml` text file that specifies the landing zone configurations.", "Tags": "Tags to be applied to the landing zone.", @@ -11936,6 +11978,17 @@ "MaxUnavailable": "The maximum number of nodes unavailable at once during a version update. Nodes will be updated in parallel. This value or `maxUnavailablePercentage` is required to have a value.The maximum number is 100.", "MaxUnavailablePercentage": "The maximum percentage of nodes unavailable during a version update. This percentage of nodes will be updated in parallel, up to 100 nodes at once. This value or `maxUnavailable` is required to have a value." }, + "AWS::EKS::PodIdentityAssociation": { + "ClusterName": "The name of the cluster that the association is in.", + "Namespace": "The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.", + "RoleArn": "The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.", + "ServiceAccount": "The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.", + "Tags": "The metadata that you apply to a resource to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.\n\nThe following basic restrictions apply to tags:\n\n- Maximum number of tags per resource \u2013 50\n- For each resource, each tag key must be unique, and each tag key can have only one value.\n- Maximum key length \u2013 128 Unicode characters in UTF-8\n- Maximum value length \u2013 256 Unicode characters in UTF-8\n- If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n- Tag keys and values are case-sensitive.\n- Do not use `aws:` , `AWS:` , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit." + }, + "AWS::EKS::PodIdentityAssociation Tag": { + "Key": "One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values.", + "Value": "The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key)." + }, "AWS::EMR::Cluster": { "AdditionalInfo": "A JSON string for selecting additional features.", "Applications": "The applications to install on this cluster, for example, Spark, Flink, Oozie, Zeppelin, and so on.", @@ -35451,14 +35504,14 @@ "Value": "The tag value." }, "AWS::RolesAnywhere::Profile": { - "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", - "Enabled": "Indicates whether the profile is enabled.", - "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", - "Name": "The name of the profile.", - "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", - "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", - "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", - "Tags": "The tags to attach to the profile." + "DurationSeconds": "The number of seconds vended session credentials will be valid for", + "Enabled": "The enabled status of the resource.", + "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "Name": "The customer specified name of the resource.", + "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", + "Tags": "A list of Tags." }, "AWS::RolesAnywhere::Profile Tag": { "Key": "The tag key.", @@ -35478,8 +35531,8 @@ "Threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled." }, "AWS::RolesAnywhere::TrustAnchor Source": { - "SourceData": "The data field of the trust anchor depending on its type.", - "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." + "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", + "SourceType": "The type of the TrustAnchor." }, "AWS::RolesAnywhere::TrustAnchor SourceData": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", @@ -35848,6 +35901,43 @@ "ResolverRuleId": "The ID of the Resolver rule that you associated with the VPC that is specified by `VPCId` .", "VPCId": "The ID of the VPC that you associated the Resolver rule with." }, + "AWS::S3::AccessGrant": { + "AccessGrantsLocationConfiguration": "The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the `S3SubPrefix` field. The grant scope is the result of appending the subprefix to the location scope of the registered location.", + "AccessGrantsLocationId": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID `default` to the default location `s3://` and assigns an auto-generated ID to other locations that you register.", + "ApplicationArn": "The Amazon Resource Name (ARN) of an AWS IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.", + "Grantee": "The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to AWS IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.", + "Permission": "The type of access that you are granting to your S3 data, which can be set to one of the following values:\n\n- `READ` \u2013 Grant read-only access to the S3 data.\n- `WRITE` \u2013 Grant write-only access to the S3 data.\n- `READWRITE` \u2013 Grant both read and write access to the S3 data.", + "S3PrefixType": "The type of `S3SubPrefix` . The only possible value is `Object` . Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.", + "Tags": "The AWS resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources." + }, + "AWS::S3::AccessGrant AccessGrantsLocationConfiguration": { + "S3SubPrefix": "The `S3SubPrefix` is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location `s3://` because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location `s3://` , the `S3SubPrefx` can be a `/*` , so the full grant scope path would be `s3:///*` . Or the `S3SubPrefx` can be `/*` , so the full grant scope path would be `s3:///*` .\n\nIf the `S3SubPrefix` includes a prefix, append the wildcard character `*` after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix." + }, + "AWS::S3::AccessGrant Grantee": { + "GranteeIdentifier": "The unique identifier of the `Grantee` . If the grantee type is `IAM` , the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format `a1b2c3d4-5678-90ab-cdef-EXAMPLE11111` . You can obtain this UUID from your AWS IAM Identity Center instance.", + "GranteeType": "The type of the grantee to which access has been granted. It can be one of the following values:\n\n- `IAM` - An IAM user or role.\n- `DIRECTORY_USER` - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.\n- `DIRECTORY_GROUP` - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance." + }, + "AWS::S3::AccessGrant Tag": { + "Key": "Name of the object key.", + "Value": "Value of the tag." + }, + "AWS::S3::AccessGrantsInstance": { + "IdentityCenterArn": "If you would like to associate your S3 Access Grants instance with an AWS IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the AWS IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center.", + "Tags": "The AWS resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources." + }, + "AWS::S3::AccessGrantsInstance Tag": { + "Key": "Name of the object key.", + "Value": "Value of the tag." + }, + "AWS::S3::AccessGrantsLocation": { + "IamRoleArn": "The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.", + "LocationScope": "The S3 URI path to the location that you are registering. The location scope can be the default S3 location `s3://` , the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the `engineering/` prefix or object key names that start with the `marketing/campaigns/` prefix.", + "Tags": "The AWS resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources." + }, + "AWS::S3::AccessGrantsLocation Tag": { + "Key": "Name of the object key.", + "Value": "Value of the tag." + }, "AWS::S3::AccessPoint": { "Bucket": "The name of the bucket associated with this access point.", "BucketAccountId": "The AWS account ID associated with the S3 bucket associated with this access point.", @@ -35878,7 +35968,7 @@ "LoggingConfiguration": "Settings that define where logs are stored.", "MetricsConfigurations": "Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .", "NotificationConfiguration": "Configuration that defines how Amazon S3 handles bucket notifications.", - "ObjectLockConfiguration": "Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", + "ObjectLockConfiguration": "> This operation is not supported by directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", "ObjectLockEnabled": "Indicates whether this bucket has an Object Lock configuration enabled. Enable `ObjectLockEnabled` when you apply `ObjectLockConfiguration` to a bucket.", "OwnershipControls": "Configuration that defines how Amazon S3 handles Object Ownership rules.", "PublicAccessBlockConfiguration": "Configuration that defines how Amazon S3 handles public access.", @@ -40939,10 +41029,10 @@ }, "AWS::Wisdom::KnowledgeBase AppIntegrationsConfiguration": { "AppIntegrationArn": "The Amazon Resource Name (ARN) of the AppIntegrations DataIntegration to use for ingesting content.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` as source fields.\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` as source fields.\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , your AppIntegrations DataIntegration must have an ObjectConfiguration if `objectFields` is not provided, including at least `id` , `title` , `updated_at` , and `draft` as source fields.\n- For [SharePoint](https://docs.aws.amazon.com/https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index) , your AppIntegrations DataIntegration must have a FileConfiguration, including only file extensions that are among `docx` , `pdf` , `html` , `htm` , and `txt` .\n- For [Amazon S3](https://docs.aws.amazon.com/https://aws.amazon.com/s3/) , the ObjectConfiguration and FileConfiguration of your AppIntegrations DataIntegration must be null. The `SourceURI` of your DataIntegration must use the following format: `s3://your_s3_bucket_name` .\n\n> The bucket policy of the corresponding S3 bucket must allow the AWS principal `app-integrations.amazonaws.com` to perform `s3:ListBucket` , `s3:GetObject` , and `s3:GetBucketLocation` against the bucket.", - "ObjectFields": "The fields from the source that are made available to your agents in Wisdom. Optional if ObjectConfiguration is included in the provided DataIntegration.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , you must include at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` .\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , you must include at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` .\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , you must include at least `id` , `title` , `updated_at` , and `draft` .\n\nMake sure to include additional fields. These fields are indexed and used to source recommendations." + "ObjectFields": "The fields from the source that are made available to your agents in Amazon Q. Optional if ObjectConfiguration is included in the provided DataIntegration.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , you must include at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` .\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , you must include at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` .\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , you must include at least `id` , `title` , `updated_at` , and `draft` .\n\nMake sure to include additional fields. These fields are indexed and used to source recommendations." }, "AWS::Wisdom::KnowledgeBase RenderingConfiguration": { - "TemplateUri": "A URI template containing exactly one variable in `${variableName}` format. This can only be set for `EXTERNAL` knowledge bases. For Salesforce, ServiceNow, and Zendesk, the variable must be one of the following:\n\n- Salesforce: `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , or `IsDeleted`\n- ServiceNow: `number` , `short_description` , `sys_mod_count` , `workflow_state` , or `active`\n- Zendesk: `id` , `title` , `updated_at` , or `draft`\n\nThe variable is replaced with the actual value for a piece of content when calling [GetContent](https://docs.aws.amazon.com/wisdom/latest/APIReference/API_GetContent.html) ." + "TemplateUri": "A URI template containing exactly one variable in `${variableName}` format. This can only be set for `EXTERNAL` knowledge bases. For Salesforce, ServiceNow, and Zendesk, the variable must be one of the following:\n\n- Salesforce: `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , or `IsDeleted`\n- ServiceNow: `number` , `short_description` , `sys_mod_count` , `workflow_state` , or `active`\n- Zendesk: `id` , `title` , `updated_at` , or `draft`\n\nThe variable is replaced with the actual value for a piece of content when calling [GetContent](https://docs.aws.amazon.com/amazon-q-connect/latest/APIReference/API_GetContent.html) ." }, "AWS::Wisdom::KnowledgeBase ServerSideEncryptionConfiguration": { "KmsKeyId": "The customer managed key used for encryption.\n\nThis customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom.\n\nFor more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) ." diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index 739d4bcb4..4f0ff8fc0 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -214707,12 +214707,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "markdownDescription": "The number of seconds vended session credentials will be valid for", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "Indicates whether the profile is enabled.", + "markdownDescription": "The enabled status of the resource.", "title": "Enabled", "type": "boolean" }, @@ -214720,17 +214720,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The name of the profile.", + "markdownDescription": "The customer specified name of the resource.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -214738,12 +214738,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -214751,7 +214751,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags to attach to the profile.", + "markdownDescription": "A list of Tags.", "title": "Tags", "type": "array" } @@ -214912,11 +214912,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "The data field of the trust anchor depending on its type.", + "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", + "markdownDescription": "The type of the TrustAnchor.", "title": "SourceType", "type": "string" } @@ -218100,7 +218100,7 @@ }, "ObjectLockConfiguration": { "$ref": "#/definitions/AWS::S3::Bucket.ObjectLockConfiguration", - "markdownDescription": "Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", + "markdownDescription": "> This operation is not supported by directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", "title": "ObjectLockConfiguration" }, "ObjectLockEnabled": { @@ -251111,7 +251111,7 @@ "items": { "type": "string" }, - "markdownDescription": "The fields from the source that are made available to your agents in Wisdom. Optional if ObjectConfiguration is included in the provided DataIntegration.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , you must include at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` .\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , you must include at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` .\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , you must include at least `id` , `title` , `updated_at` , and `draft` .\n\nMake sure to include additional fields. These fields are indexed and used to source recommendations.", + "markdownDescription": "The fields from the source that are made available to your agents in Amazon Q. Optional if ObjectConfiguration is included in the provided DataIntegration.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , you must include at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` .\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , you must include at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` .\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , you must include at least `id` , `title` , `updated_at` , and `draft` .\n\nMake sure to include additional fields. These fields are indexed and used to source recommendations.", "title": "ObjectFields", "type": "array" } @@ -251125,7 +251125,7 @@ "additionalProperties": false, "properties": { "TemplateUri": { - "markdownDescription": "A URI template containing exactly one variable in `${variableName}` format. This can only be set for `EXTERNAL` knowledge bases. For Salesforce, ServiceNow, and Zendesk, the variable must be one of the following:\n\n- Salesforce: `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , or `IsDeleted`\n- ServiceNow: `number` , `short_description` , `sys_mod_count` , `workflow_state` , or `active`\n- Zendesk: `id` , `title` , `updated_at` , or `draft`\n\nThe variable is replaced with the actual value for a piece of content when calling [GetContent](https://docs.aws.amazon.com/wisdom/latest/APIReference/API_GetContent.html) .", + "markdownDescription": "A URI template containing exactly one variable in `${variableName}` format. This can only be set for `EXTERNAL` knowledge bases. For Salesforce, ServiceNow, and Zendesk, the variable must be one of the following:\n\n- Salesforce: `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , or `IsDeleted`\n- ServiceNow: `number` , `short_description` , `sys_mod_count` , `workflow_state` , or `active`\n- Zendesk: `id` , `title` , `updated_at` , or `draft`\n\nThe variable is replaced with the actual value for a piece of content when calling [GetContent](https://docs.aws.amazon.com/amazon-q-connect/latest/APIReference/API_GetContent.html) .", "title": "TemplateUri", "type": "string" }