From f0142811157b11dde2900e589c4e881cf068e127 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 12 Dec 2023 18:02:03 +0000 Subject: [PATCH] chore(schema): update --- samtranslator/schema/schema.json | 525 ++++++++++++++++++++--- schema_source/cloudformation-docs.json | 296 ++++++++++--- schema_source/cloudformation.schema.json | 525 ++++++++++++++++++++--- 3 files changed, 1171 insertions(+), 175 deletions(-) diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 464d7cb65..7cb77f918 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -20353,6 +20353,8 @@ "items": { "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricDataQuery" }, + "markdownDescription": "The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions.", + "title": "Metrics", "type": "array" }, "Namespace": { @@ -20477,12 +20479,18 @@ "items": { "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricDimension" }, + "markdownDescription": "The dimensions for the metric. For the list of available dimensions, see the AWS documentation available from the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* .\n\nConditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.", + "title": "Dimensions", "type": "array" }, "MetricName": { + "markdownDescription": "The name of the metric.", + "title": "MetricName", "type": "string" }, "Namespace": { + "markdownDescription": "The namespace of the metric. For more information, see the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* .", + "title": "Namespace", "type": "string" } }, @@ -20492,18 +20500,28 @@ "additionalProperties": false, "properties": { "Expression": { + "markdownDescription": "The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the `Id` of the other metrics to refer to those metrics, and can also use the `Id` of other expressions to use the result of those expressions.\n\nConditional: Within each `TargetTrackingMetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "title": "Expression", "type": "string" }, "Id": { + "markdownDescription": "A short name that identifies the object's results in the response. This name must be unique among all `MetricDataQuery` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.", + "title": "Id", "type": "string" }, "Label": { + "markdownDescription": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.", + "title": "Label", "type": "string" }, "MetricStat": { - "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricStat" + "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricStat", + "markdownDescription": "Information about the metric data to return.\n\nConditional: Within each `MetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "title": "MetricStat" }, "ReturnData": { + "markdownDescription": "Indicates whether to return the timestamps and raw data values of this metric.\n\nIf you use any math expressions, specify `true` for this value for only the final math expression that the metric specification is based on. You must specify `false` for `ReturnData` for all the other metrics and expressions used in the metric specification.\n\nIf you are only retrieving metrics and not performing any math expressions, do not specify anything for `ReturnData` . This sets it to its default ( `true` ).", + "title": "ReturnData", "type": "boolean" } }, @@ -20513,9 +20531,13 @@ "additionalProperties": false, "properties": { "Name": { + "markdownDescription": "The name of the dimension.", + "title": "Name", "type": "string" }, "Value": { + "markdownDescription": "The value of the dimension.", + "title": "Value", "type": "string" } }, @@ -20525,12 +20547,18 @@ "additionalProperties": false, "properties": { "Metric": { - "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetric" + "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetric", + "markdownDescription": "The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", + "title": "Metric" }, "Stat": { + "markdownDescription": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide* .\n\nThe most commonly used metric for scaling is `Average` .", + "title": "Stat", "type": "string" }, "Unit": { + "markdownDescription": "The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* .", + "title": "Unit", "type": "string" } }, @@ -34010,6 +34038,103 @@ ], "type": "object" }, + "AWS::CloudFront::KeyValueStore": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Comment": { + "markdownDescription": "A comment for the Key Value Store.", + "title": "Comment", + "type": "string" + }, + "ImportSource": { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore.ImportSource", + "markdownDescription": "The import source for the Key Value Store.", + "title": "ImportSource" + }, + "Name": { + "markdownDescription": "The name of the Key Value Store.", + "title": "Name", + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CloudFront::KeyValueStore" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CloudFront::KeyValueStore.ImportSource": { + "additionalProperties": false, + "properties": { + "SourceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the import source for the Key Value Store.", + "title": "SourceArn", + "type": "string" + }, + "SourceType": { + "markdownDescription": "The source type of the import source for the Key Value Store.", + "title": "SourceType", + "type": "string" + } + }, + "required": [ + "SourceArn", + "SourceType" + ], + "type": "object" + }, "AWS::CloudFront::MonitoringSubscription": { "additionalProperties": false, "properties": { @@ -35448,9 +35573,13 @@ "type": "string" }, "FederationEnabled": { + "markdownDescription": "Indicates if [Lake query federation](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html) is enabled. By default, Lake query federation is disabled. You cannot delete an event data store if Lake query federation is enabled.", + "title": "FederationEnabled", "type": "boolean" }, "FederationRoleArn": { + "markdownDescription": "If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.\n\nThe federation role must exist in your account and provide the [required minimum permissions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions-role) .", + "title": "FederationRoleArn", "type": "string" }, "IngestionEnabled": { @@ -36961,7 +37090,7 @@ "type": "string" }, "OutputFormat": { - "markdownDescription": "The output format for the stream. Valid values are `json` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", + "markdownDescription": "The output format for the stream. Valid values are `json` , `opentelemetry1.0` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", "title": "OutputFormat", "type": "string" }, @@ -36974,7 +37103,7 @@ "items": { "$ref": "#/definitions/AWS::CloudWatch::MetricStream.MetricStreamStatisticsConfiguration" }, - "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is `opentelemetry0` .7, you can stream percentile statistics *(p??)* .", + "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is OpenTelemetry, you can stream percentile statistics.", "title": "StatisticsConfigurations", "type": "array" }, @@ -38567,7 +38696,7 @@ }, "ZonalConfig": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.ZonalConfig", - "markdownDescription": "", + "markdownDescription": "Configure the `ZonalConfig` object if you want AWS CodeDeploy to deploy your application to one [Availability Zone](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones) at a time, within an AWS Region.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "ZonalConfig" } }, @@ -38617,12 +38746,12 @@ "additionalProperties": false, "properties": { "Type": { - "markdownDescription": "", + "markdownDescription": "The `type` associated with the `MinimumHealthyHostsPerZone` option.", "title": "Type", "type": "string" }, "Value": { - "markdownDescription": "", + "markdownDescription": "The `value` associated with the `MinimumHealthyHostsPerZone` option.", "title": "Value", "type": "number" } @@ -38701,17 +38830,17 @@ "additionalProperties": false, "properties": { "FirstZoneMonitorDurationInSeconds": { - "markdownDescription": "", + "markdownDescription": "The period of time, in seconds, that CodeDeploy must wait after completing a deployment to the *first* Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the second Availability Zone. You might set this option if you want to allow extra bake time for the first Availability Zone. If you don't specify a value for `firstZoneMonitorDurationInSeconds` , then CodeDeploy uses the `monitorDurationInSeconds` value for the first Availability Zone.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "FirstZoneMonitorDurationInSeconds", "type": "number" }, "MinimumHealthyHostsPerZone": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHostsPerZone", - "markdownDescription": "", + "markdownDescription": "The number or percentage of instances that must remain available per Availability Zone during a deployment. This option works in conjunction with the `MinimumHealthyHosts` option. For more information, see [About the minimum number of healthy hosts per Availability Zone](https://docs.aws.amazon.com//codedeploy/latest/userguide/instances-health.html#minimum-healthy-hosts-az) in the *CodeDeploy User Guide* .\n\nIf you don't specify the `minimumHealthyHostsPerZone` option, then CodeDeploy uses a default value of `0` percent.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "MinimumHealthyHostsPerZone" }, "MonitorDurationInSeconds": { - "markdownDescription": "", + "markdownDescription": "The period of time, in seconds, that CodeDeploy must wait after completing a deployment to an Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the next Availability Zone. Consider adding a monitor duration to give the deployment some time to prove itself (or 'bake') in one Availability Zone before it is released in the next zone. If you don't specify a `monitorDurationInSeconds` , CodeDeploy starts deploying to the next Availability Zone immediately.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "MonitorDurationInSeconds", "type": "number" } @@ -38858,9 +38987,6 @@ "title": "Tags", "type": "array" }, - "TerminationHookEnabled": { - "type": "boolean" - }, "TriggerConfigurations": { "items": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.TriggerConfig" @@ -39855,6 +39981,8 @@ "type": "string" }, "PipelineType": { + "markdownDescription": "CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications.\n\n- V1 type pipelines have a JSON structure that contains standard pipeline, stage, and action-level parameters.\n- V2 type pipelines have the same structure as a V1 type, along with additional parameters for release safety and trigger configuration.\n\n> Including V2 parameters, such as triggers on Git tags, in the pipeline JSON when creating or updating a pipeline will result in the pipeline having the V2 type of pipeline and the associated costs. \n\nFor information about pricing for CodePipeline, see [Pricing](https://docs.aws.amazon.com/https://aws.amazon.com/codepipeline/pricing/) .\n\nFor information about which type of pipeline to choose, see [What type of pipeline is right for me?](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-types-planning.html) .", + "title": "PipelineType", "type": "string" }, "RestartExecutionOnUpdate": { @@ -39887,12 +40015,16 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration" }, + "markdownDescription": "The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline.\n\n> When a trigger configuration is specified, default change detection for repository and branch commits is disabled.", + "title": "Triggers", "type": "array" }, "Variables": { "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.VariableDeclaration" }, + "markdownDescription": "A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match `[A-Za-z0-9@\\-_]+` .", + "title": "Variables", "type": "array" } }, @@ -40108,9 +40240,13 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitPushFilter" }, + "markdownDescription": "The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details.\n\n> Git tags is the only supported event type.", + "title": "Push", "type": "array" }, "SourceActionName": { + "markdownDescription": "The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.\n\n> You can only specify one trigger configuration per source action.", + "title": "SourceActionName", "type": "string" } }, @@ -40123,7 +40259,9 @@ "additionalProperties": false, "properties": { "Tags": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria", + "markdownDescription": "The field that contains the details for the Git tags trigger configuration.", + "title": "Tags" } }, "type": "object" @@ -40135,12 +40273,16 @@ "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.", + "title": "Excludes", "type": "array" }, "Includes": { "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline.", + "title": "Includes", "type": "array" } }, @@ -40178,9 +40320,13 @@ "additionalProperties": false, "properties": { "GitConfiguration": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration", + "markdownDescription": "Provides the filter criteria and the source stage for the repository event that starts the pipeline, such as Git tags.", + "title": "GitConfiguration" }, "ProviderType": { + "markdownDescription": "The source provider for the event, such as connections configured for a repository with Git tags, for the specified trigger configuration.", + "title": "ProviderType", "type": "string" } }, @@ -40244,12 +40390,18 @@ "additionalProperties": false, "properties": { "DefaultValue": { + "markdownDescription": "The value of a pipeline-level variable.", + "title": "DefaultValue", "type": "string" }, "Description": { + "markdownDescription": "The description of a pipeline-level variable. It's used to add additional context about the variable, and not being used at time when pipeline executes.", + "title": "Description", "type": "string" }, "Name": { + "markdownDescription": "The name of a pipeline-level variable.", + "title": "Name", "type": "string" } }, @@ -42180,7 +42332,7 @@ "items": { "type": "string" }, - "markdownDescription": "The allowed OAuth flows.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", + "markdownDescription": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", "title": "AllowedOAuthFlows", "type": "array" }, @@ -43179,7 +43331,7 @@ "items": { "$ref": "#/definitions/AWS::Cognito::UserPoolUser.AttributeType" }, - "markdownDescription": "The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (in [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) or in the *Attributes* tab of the console) must be supplied either by you (in your call to `AdminCreateUser` ) or by the user (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . (You can also do this by calling [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .)\n\n- *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values.", "title": "UserAttributes", "type": "array" }, @@ -44351,7 +44503,9 @@ "title": "RecordingGroup" }, "RecordingMode": { - "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode" + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode", + "markdownDescription": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "title": "RecordingMode" }, "RoleARN": { "markdownDescription": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .", @@ -44440,12 +44594,16 @@ "additionalProperties": false, "properties": { "RecordingFrequency": { + "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "title": "RecordingFrequency", "type": "string" }, "RecordingModeOverrides": { "items": { "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingModeOverride" }, + "markdownDescription": "An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode. The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override.", + "title": "RecordingModeOverrides", "type": "array" } }, @@ -44458,15 +44616,21 @@ "additionalProperties": false, "properties": { "Description": { + "markdownDescription": "A description that you provide for the override.", + "title": "Description", "type": "string" }, "RecordingFrequency": { + "markdownDescription": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", + "title": "RecordingFrequency", "type": "string" }, "ResourceTypes": { "items": { "type": "string" }, + "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", + "title": "ResourceTypes", "type": "array" } }, @@ -46333,6 +46497,14 @@ "markdownDescription": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` .", "title": "InstanceAlias", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The tags of an instance.", + "title": "Tags", + "type": "array" } }, "required": [ @@ -46574,6 +46746,7 @@ } }, "required": [ + "EncryptionConfig", "Prefix", "RetentionPeriodHours" ], @@ -48994,7 +49167,7 @@ "additionalProperties": false, "properties": { "Manifest": { - "markdownDescription": "The landing zone `manifest.yaml` text file that specifies the landing zone configurations.", + "markdownDescription": "The landing zone manifest JSON text file that specifies the landing zone configurations.", "title": "Manifest", "type": "object" }, @@ -51622,27 +51795,41 @@ "additionalProperties": false, "properties": { "DataProviderIdentifier": { + "markdownDescription": "The identifier of the data provider. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "title": "DataProviderIdentifier", "type": "string" }, "DataProviderName": { + "markdownDescription": "The name of the data provider.", + "title": "DataProviderName", "type": "string" }, "Description": { + "markdownDescription": "A description of the data provider. Descriptions can have up to 31 characters. A description can contain only ASCII letters, digits, and hyphens ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter.", + "title": "Description", "type": "string" }, "Engine": { + "markdownDescription": "The type of database engine for the data provider. Valid values include `\"aurora\"` , `\"aurora-postgresql\"` , `\"mysql\"` , `\"oracle\"` , `\"postgres\"` , `\"sqlserver\"` , `redshift` , `mariadb` , `mongodb` , and `docdb` . A value of `\"aurora\"` represents Amazon Aurora MySQL-Compatible Edition.", + "title": "Engine", "type": "string" }, "ExactSettings": { + "markdownDescription": "", + "title": "ExactSettings", "type": "boolean" }, "Settings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.Settings" + "$ref": "#/definitions/AWS::DMS::DataProvider.Settings", + "markdownDescription": "The settings in JSON format for a data provider.", + "title": "Settings" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, + "markdownDescription": "", + "title": "Tags", "type": "array" } }, @@ -51676,18 +51863,28 @@ "additionalProperties": false, "properties": { "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "DatabaseName": { + "markdownDescription": "Database name for the endpoint.", + "title": "DatabaseName", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port.", + "title": "Port", "type": "number" }, "ServerName": { + "markdownDescription": "Fully qualified domain name of the endpoint. For an Amazon RDS SQL Server instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51697,15 +51894,23 @@ "additionalProperties": false, "properties": { "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port.", + "title": "Port", "type": "number" }, "ServerName": { + "markdownDescription": "The host name of the endpoint database.\n\nFor an Amazon RDS MySQL instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.\n\nFor an Aurora MySQL instance, this is the output of [DescribeDBClusters](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) , in the `Endpoint` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51715,33 +51920,53 @@ "additionalProperties": false, "properties": { "AsmServer": { + "markdownDescription": "For an Oracle source endpoint, your ASM server address. You can set this value from the `asm_server` value. You set `asm_server` as part of the extra connection attribute string to access an Oracle server with Binary Reader that uses ASM. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "title": "AsmServer", "type": "string" }, "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "DatabaseName": { + "markdownDescription": "Database name for the endpoint.", + "title": "DatabaseName", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port.", + "title": "Port", "type": "number" }, "SecretsManagerOracleAsmAccessRoleArn": { + "markdownDescription": "Required only if your Oracle endpoint uses Automatic Storage Management (ASM). The full ARN of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the `SecretsManagerOracleAsmSecret` . This `SecretsManagerOracleAsmSecret` has the secret value that allows access to the Oracle ASM of the endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerOracleAsmSecretId` . Or you can specify clear-text values for `AsmUser` , `AsmPassword` , and `AsmServerName` . You can't specify both. For more information on creating this `SecretsManagerOracleAsmSecret` and the `SecretsManagerOracleAsmAccessRoleArn` and `SecretsManagerOracleAsmSecretId` required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", + "title": "SecretsManagerOracleAsmAccessRoleArn", "type": "string" }, "SecretsManagerOracleAsmSecretId": { + "markdownDescription": "Required only if your Oracle endpoint uses Automatic Storage Management (ASM). The full ARN, partial ARN, or friendly name of the `SecretsManagerOracleAsmSecret` that contains the Oracle ASM connection details for the Oracle endpoint.", + "title": "SecretsManagerOracleAsmSecretId", "type": "string" }, "SecretsManagerSecurityDbEncryptionAccessRoleArn": { + "markdownDescription": "", + "title": "SecretsManagerSecurityDbEncryptionAccessRoleArn", "type": "string" }, "SecretsManagerSecurityDbEncryptionSecretId": { + "markdownDescription": "", + "title": "SecretsManagerSecurityDbEncryptionSecretId", "type": "string" }, "ServerName": { + "markdownDescription": "Fully qualified domain name of the endpoint.\n\nFor an Amazon RDS Oracle instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51751,18 +51976,28 @@ "additionalProperties": false, "properties": { "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "DatabaseName": { + "markdownDescription": "Database name for the endpoint.", + "title": "DatabaseName", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port. The default is 5432.", + "title": "Port", "type": "number" }, "ServerName": { + "markdownDescription": "The host name of the endpoint database.\n\nFor an Amazon RDS PostgreSQL instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.\n\nFor an Aurora PostgreSQL instance, this is the output of [DescribeDBClusters](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) , in the `Endpoint` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51772,16 +52007,24 @@ "additionalProperties": false, "properties": { "MicrosoftSqlServerSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.MicrosoftSqlServerSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.MicrosoftSqlServerSettings", + "markdownDescription": "", + "title": "MicrosoftSqlServerSettings" }, "MySqlSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.MySqlSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.MySqlSettings", + "markdownDescription": "", + "title": "MySqlSettings" }, "OracleSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.OracleSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.OracleSettings", + "markdownDescription": "", + "title": "OracleSettings" }, "PostgreSqlSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.PostgreSqlSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.PostgreSqlSettings", + "markdownDescription": "", + "title": "PostgreSqlSettings" } }, "type": "object" @@ -52155,12 +52398,18 @@ "type": "string" }, "KeepCsvFiles": { + "markdownDescription": "If true, AWS DMS saves any .csv files to the Db2 LUW target that were used to replicate data. DMS uses these files for analysis and troubleshooting.\n\nThe default value is false.", + "title": "KeepCsvFiles", "type": "boolean" }, "LoadTimeout": { + "markdownDescription": "The amount of time (in milliseconds) before AWS DMS times out operations performed by DMS on the Db2 target. The default value is 1200 (20 minutes).", + "title": "LoadTimeout", "type": "number" }, "MaxFileSize": { + "markdownDescription": "Specifies the maximum size (in KB) of .csv files used to transfer data to Db2 LUW.", + "title": "MaxFileSize", "type": "number" }, "MaxKBytesPerRead": { @@ -52184,6 +52433,8 @@ "type": "boolean" }, "WriteBufferSize": { + "markdownDescription": "The size (in KB) of the in-memory file write buffer used when generating .csv files on the local disk on the DMS replication instance. The default value is 1024 (1 MB).", + "title": "WriteBufferSize", "type": "number" } }, @@ -53411,39 +53662,59 @@ "additionalProperties": false, "properties": { "AvailabilityZone": { + "markdownDescription": "The Availability Zone where the instance profile runs.", + "title": "AvailabilityZone", "type": "string" }, "Description": { + "markdownDescription": "A description of the instance profile. Descriptions can have up to 31 characters. A description can contain only ASCII letters, digits, and hyphens ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter.", + "title": "Description", "type": "string" }, "InstanceProfileIdentifier": { + "markdownDescription": "The identifier of the instance profile. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "title": "InstanceProfileIdentifier", "type": "string" }, "InstanceProfileName": { + "markdownDescription": "The user-friendly name for the instance profile.", + "title": "InstanceProfileName", "type": "string" }, "KmsKeyArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses your default encryption key.\n\nAWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .", + "title": "KmsKeyArn", "type": "string" }, "NetworkType": { + "markdownDescription": "Specifies the network type for the instance profile. A value of `IPV4` represents an instance profile with IPv4 network type and only supports IPv4 addressing. A value of `IPV6` represents an instance profile with IPv6 network type and only supports IPv6 addressing. A value of `DUAL` represents an instance profile with dual network type that supports IPv4 and IPv6 addressing.", + "title": "NetworkType", "type": "string" }, "PubliclyAccessible": { + "markdownDescription": "Specifies the accessibility options for the instance profile. A value of `true` represents an instance profile with a public IP address. A value of `false` represents an instance profile with a private IP address. The default value is `true` .", + "title": "PubliclyAccessible", "type": "boolean" }, "SubnetGroupIdentifier": { + "markdownDescription": "The identifier of the subnet group that is associated with the instance profile.", + "title": "SubnetGroupIdentifier", "type": "string" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, + "markdownDescription": "", + "title": "Tags", "type": "array" }, "VpcSecurityGroups": { "items": { "type": "string" }, + "markdownDescription": "The VPC security groups that are used with the instance profile. The VPC security group must work with the VPC containing the instance profile.", + "title": "VpcSecurityGroups", "type": "array" } }, @@ -53505,45 +53776,67 @@ "additionalProperties": false, "properties": { "Description": { + "markdownDescription": "A user-friendly description of the migration project.", + "title": "Description", "type": "string" }, "InstanceProfileArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the instance profile for your migration project.", + "title": "InstanceProfileArn", "type": "string" }, "InstanceProfileIdentifier": { + "markdownDescription": "The identifier of the instance profile for your migration project.", + "title": "InstanceProfileIdentifier", "type": "string" }, "InstanceProfileName": { + "markdownDescription": "The name of the associated instance profile.", + "title": "InstanceProfileName", "type": "string" }, "MigrationProjectIdentifier": { + "markdownDescription": "The identifier of the migration project. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "title": "MigrationProjectIdentifier", "type": "string" }, "MigrationProjectName": { + "markdownDescription": "The name of the migration project.", + "title": "MigrationProjectName", "type": "string" }, "SchemaConversionApplicationAttributes": { - "$ref": "#/definitions/AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes" + "$ref": "#/definitions/AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes", + "markdownDescription": "The schema conversion application attributes, including the Amazon S3 bucket name and Amazon S3 role ARN.", + "title": "SchemaConversionApplicationAttributes" }, "SourceDataProviderDescriptors": { "items": { "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" }, + "markdownDescription": "Information about the source data provider, including the name or ARN, and AWS Secrets Manager parameters.", + "title": "SourceDataProviderDescriptors", "type": "array" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, + "markdownDescription": "", + "title": "Tags", "type": "array" }, "TargetDataProviderDescriptors": { "items": { "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" }, + "markdownDescription": "Information about the target data provider, including the name or ARN, and AWS Secrets Manager parameters.", + "title": "TargetDataProviderDescriptors", "type": "array" }, "TransformationRules": { + "markdownDescription": "The settings in JSON format for migration rules. Migration rules make it possible for you to change the object names according to the rules that you specify. For example, you can change an object name to lowercase or uppercase, add or remove a prefix or suffix, or rename objects.", + "title": "TransformationRules", "type": "string" } }, @@ -53573,18 +53866,28 @@ "additionalProperties": false, "properties": { "DataProviderArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the data provider.", + "title": "DataProviderArn", "type": "string" }, "DataProviderIdentifier": { + "markdownDescription": "", + "title": "DataProviderIdentifier", "type": "string" }, "DataProviderName": { + "markdownDescription": "The user-friendly name of the data provider.", + "title": "DataProviderName", "type": "string" }, "SecretsManagerAccessRoleArn": { + "markdownDescription": "The ARN of the role used to access AWS Secrets Manager.", + "title": "SecretsManagerAccessRoleArn", "type": "string" }, "SecretsManagerSecretId": { + "markdownDescription": "The identifier of the AWS Secrets Manager Secret used to store access credentials for the data provider.", + "title": "SecretsManagerSecretId", "type": "string" } }, @@ -53594,9 +53897,13 @@ "additionalProperties": false, "properties": { "S3BucketPath": { + "markdownDescription": "", + "title": "S3BucketPath", "type": "string" }, "S3BucketRoleArn": { + "markdownDescription": "", + "title": "S3BucketRoleArn", "type": "string" } }, @@ -58416,7 +58723,7 @@ "type": "string" }, "OverwriteMode": { - "markdownDescription": "Specifies whether data at the destination location should be overwritten or preserved. If set to `NEVER` , a destination file for example will not be replaced by a source file (even if the destination file differs from the source file). If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.\n\nSome storage classes have specific behaviors that can affect your Amazon S3 storage cost. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .", + "markdownDescription": "Specifies whether DataSync should modify or preserve data at the destination location.\n\n- `ALWAYS` (default) - DataSync modifies data in the destination location when source data (including metadata) has changed.\n\nIf DataSync overwrites objects, you might incur additional charges for certain Amazon S3 storage classes (for example, for retrieval or early deletion). For more information, see [Storage class considerations with Amazon S3 transfers](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .\n- `NEVER` - DataSync doesn't overwrite data in the destination location even if the source data has changed. You can use this option to protect against overwriting changes made to files or objects in the destination.", "title": "OverwriteMode", "type": "string" }, @@ -64806,7 +65113,7 @@ "type": "boolean" }, "AssociatePublicIpAddress": { - "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance. Applies only if creating a network interface when launching an instance. The network interface must be the primary network interface. If launching into a default subnet, the default value is `true` .", + "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance. Applies only if creating a network interface when launching an instance. The network interface must be the primary network interface. If launching into a default subnet, the default value is `true` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "AssociatePublicIpAddress", "type": "boolean" }, @@ -66070,7 +66377,7 @@ "type": "number" }, "HttpTokens": { - "markdownDescription": "IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to `optional` (in other words, set the use of IMDSv2 to `optional` ) or `required` (in other words, set the use of IMDSv2 to `required` ).\n\n- `optional` - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.\n- `required` - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: `optional`", + "markdownDescription": "Indicates whether IMDSv2 is required.\n\n- `optional` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.\n- `required` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: If the value of `ImdsSupport` for the Amazon Machine Image (AMI) for your instance is `v2.0` , the default is `required` .", "title": "HttpTokens", "type": "string" }, @@ -66118,7 +66425,7 @@ "type": "boolean" }, "AssociatePublicIpAddress": { - "markdownDescription": "Associates a public IPv4 address with eth0 for a new network interface.", + "markdownDescription": "Associates a public IPv4 address with eth0 for a new network interface.\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [Amazon VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "AssociatePublicIpAddress", "type": "boolean" }, @@ -69919,7 +70226,7 @@ "additionalProperties": false, "properties": { "AssociatePublicIpAddress": { - "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is `true` .", + "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is `true` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [Amazon VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "AssociatePublicIpAddress", "type": "boolean" }, @@ -70756,7 +71063,7 @@ "type": "number" }, "MapPublicIpOnLaunch": { - "markdownDescription": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .", + "markdownDescription": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "MapPublicIpOnLaunch", "type": "boolean" }, @@ -75411,6 +75718,8 @@ "type": "string" }, "ManagedDraining": { + "markdownDescription": "", + "title": "ManagedDraining", "type": "string" }, "ManagedScaling": { @@ -81359,6 +81668,8 @@ "type": "string" }, "EncryptionKeyArn": { + "markdownDescription": "The AWS KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.", + "title": "EncryptionKeyArn", "type": "string" }, "EngineSecurityGroupId": { @@ -81367,9 +81678,13 @@ "type": "string" }, "IdcInstanceArn": { + "markdownDescription": "The ARN of the IAM Identity Center instance the Studio application belongs to.", + "title": "IdcInstanceArn", "type": "string" }, "IdcUserAssignment": { + "markdownDescription": "Indicates whether the Studio has `REQUIRED` or `OPTIONAL` IAM Identity Center user assignment. If the value is set to `REQUIRED` , users must be explicitly assigned to the Studio application to access the Studio.", + "title": "IdcUserAssignment", "type": "string" }, "IdpAuthUrl": { @@ -81409,6 +81724,8 @@ "type": "array" }, "TrustedIdentityPropagationEnabled": { + "markdownDescription": "Indicates whether the Studio has Trusted identity propagation enabled. The default value is `false` .", + "title": "TrustedIdentityPropagationEnabled", "type": "boolean" }, "UserRole": { @@ -83283,6 +83600,11 @@ "title": "Description", "type": "string" }, + "Endpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "Endpoint" + }, "Engine": { "markdownDescription": "The engine the serverless cache is compatible with.", "title": "Engine", @@ -83303,6 +83625,11 @@ "title": "MajorEngineVersion", "type": "string" }, + "ReaderEndpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "ReaderEndpoint" + }, "SecurityGroupIds": { "items": { "type": "string" @@ -90510,7 +90837,7 @@ "properties": { "CloudWatchLogsConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.CloudWatchLogsConfiguration", - "markdownDescription": "The configuration for experiment logging to Amazon CloudWatch Logs.", + "markdownDescription": "The configuration for experiment logging to CloudWatch Logs .", "title": "CloudWatchLogsConfiguration" }, "LogSchemaVersion": { @@ -90520,7 +90847,7 @@ }, "S3Configuration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.S3Configuration", - "markdownDescription": "The configuration for experiment logging to Amazon S3.", + "markdownDescription": "The configuration for experiment logging to Amazon S3 .", "title": "S3Configuration" } }, @@ -90561,7 +90888,7 @@ }, "Parameters": { "additionalProperties": true, - "markdownDescription": "The resource type parameters.", + "markdownDescription": "The parameters for the resource type.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -112910,12 +113237,12 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "A summary of the package being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the new software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -112923,7 +113250,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package.", + "markdownDescription": "", "title": "Tags", "type": "array" } @@ -112987,7 +113314,7 @@ "properties": { "Attributes": { "additionalProperties": true, - "markdownDescription": "Metadata that can be used to define a package version\u2019s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", + "markdownDescription": "", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -112997,12 +113324,12 @@ "type": "object" }, "Description": { - "markdownDescription": "A summary of the package version being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the associated software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -113010,12 +113337,12 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package version.", + "markdownDescription": "", "title": "Tags", "type": "array" }, "VersionName": { - "markdownDescription": "The name of the new package version.", + "markdownDescription": "", "title": "VersionName", "type": "string" } @@ -147017,9 +147344,13 @@ "additionalProperties": false, "properties": { "CustomEpoch": { + "markdownDescription": "", + "title": "CustomEpoch", "type": "string" }, "JamSyncTime": { + "markdownDescription": "", + "title": "JamSyncTime", "type": "string" } }, @@ -147102,6 +147433,8 @@ "type": "string" }, "OutputStaticImageOverlayScheduleActions": { + "markdownDescription": "", + "title": "OutputStaticImageOverlayScheduleActions", "type": "string" } }, @@ -147248,7 +147581,9 @@ "type": "string" }, "OutputLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings", + "markdownDescription": "", + "title": "OutputLockingSettings" }, "OutputTimingSource": { "markdownDescription": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", @@ -149394,10 +149729,14 @@ "additionalProperties": false, "properties": { "EpochLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings", + "markdownDescription": "", + "title": "EpochLockingSettings" }, "PipelineLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings", + "markdownDescription": "", + "title": "PipelineLockingSettings" } }, "type": "object" @@ -158994,6 +159333,16 @@ "Properties": { "additionalProperties": false, "properties": { + "BufferOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.BufferOptions", + "markdownDescription": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.", + "title": "BufferOptions" + }, + "EncryptionAtRestOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.EncryptionAtRestOptions", + "markdownDescription": "Options to control how OpenSearch encrypts all data-at-rest.", + "title": "EncryptionAtRestOptions" + }, "LogPublishingOptions": { "$ref": "#/definitions/AWS::OSIS::Pipeline.LogPublishingOptions", "markdownDescription": "Key-value pairs that represent log publishing settings.", @@ -159062,6 +159411,20 @@ ], "type": "object" }, + "AWS::OSIS::Pipeline.BufferOptions": { + "additionalProperties": false, + "properties": { + "PersistentBufferEnabled": { + "markdownDescription": "Whether persistent buffering should be enabled.", + "title": "PersistentBufferEnabled", + "type": "boolean" + } + }, + "required": [ + "PersistentBufferEnabled" + ], + "type": "object" + }, "AWS::OSIS::Pipeline.CloudWatchLogDestination": { "additionalProperties": false, "properties": { @@ -159071,6 +159434,23 @@ "type": "string" } }, + "required": [ + "LogGroup" + ], + "type": "object" + }, + "AWS::OSIS::Pipeline.EncryptionAtRestOptions": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "markdownDescription": "The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key.", + "title": "KmsKeyArn", + "type": "string" + } + }, + "required": [ + "KmsKeyArn" + ], "type": "object" }, "AWS::OSIS::Pipeline.LogPublishingOptions": { @@ -159130,6 +159510,9 @@ "type": "array" } }, + "required": [ + "SubnetIds" + ], "type": "object" }, "AWS::Oam::Link": { @@ -160686,6 +161069,9 @@ "title": "EngineVersion", "type": "string" }, + "IPAddressType": { + "type": "string" + }, "LogPublishingOptions": { "additionalProperties": false, "markdownDescription": "An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish. Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .", @@ -218502,12 +218888,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The number of seconds vended session credentials will be valid for", + "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "The enabled status of the resource.", + "markdownDescription": "Indicates whether the profile is enabled.", "title": "Enabled", "type": "boolean" }, @@ -218515,17 +218901,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The customer specified name of the resource.", + "markdownDescription": "The name of the profile.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -218533,12 +218919,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -218546,7 +218932,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A list of Tags.", + "markdownDescription": "The tags to attach to the profile.", "title": "Tags", "type": "array" } @@ -218707,11 +219093,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", + "markdownDescription": "The data field of the trust anchor depending on its type.", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.", + "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", "title": "SourceType", "type": "string" } @@ -222528,6 +222914,9 @@ "type": "boolean" } }, + "required": [ + "EventBridgeEnabled" + ], "type": "object" }, "AWS::S3::Bucket.FilterRule": { @@ -223311,12 +223700,12 @@ "ObjectSizeGreaterThan": { "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeGreaterThan", - "type": "number" + "type": "string" }, "ObjectSizeLessThan": { "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeLessThan", - "type": "number" + "type": "string" }, "Prefix": { "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", @@ -227078,6 +227467,8 @@ "type": "string" }, "ReplayPolicy": { + "markdownDescription": "", + "title": "ReplayPolicy", "type": "object" }, "SubscriptionRoleArn": { @@ -227179,7 +227570,7 @@ "items": { "$ref": "#/definitions/AWS::SNS::Topic.LoggingConfig" }, - "markdownDescription": "", + "markdownDescription": "The `DeliveryStatusLogging` configuration enables you to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols:\n\n- HTTP\n- Amazon Kinesis Data Firehose\n- AWS Lambda\n- Platform application endpoint\n- Amazon Simple Queue Service\n\nOnce configured, log entries are sent to Amazon CloudWatch Logs.", "title": "DeliveryStatusLogging", "type": "array" }, @@ -227256,22 +227647,22 @@ "additionalProperties": false, "properties": { "FailureFeedbackRoleArn": { - "markdownDescription": "", + "markdownDescription": "The IAM role ARN to be used when logging failed message deliveries in Amazon CloudWatch.", "title": "FailureFeedbackRoleArn", "type": "string" }, "Protocol": { - "markdownDescription": "", + "markdownDescription": "Indicates one of the supported protocols for the Amazon SNS topic.\n\n> At least one of the other three `LoggingConfig` properties is recommend along with `Protocol` .", "title": "Protocol", "type": "string" }, "SuccessFeedbackRoleArn": { - "markdownDescription": "", + "markdownDescription": "The IAM role ARN to be used when logging successful message deliveries in Amazon CloudWatch.", "title": "SuccessFeedbackRoleArn", "type": "string" }, "SuccessFeedbackSampleRate": { - "markdownDescription": "", + "markdownDescription": "The percentage of successful message deliveries to be logged in Amazon CloudWatch. Valid percentage values range from 0 to 100.", "title": "SuccessFeedbackSampleRate", "type": "string" } @@ -233421,6 +233812,11 @@ "$ref": "#/definitions/AWS::SageMaker::FeatureGroup.OnlineStoreSecurityConfig", "markdownDescription": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` .", "title": "SecurityConfig" + }, + "StorageType": { + "markdownDescription": "Option for different tiers of low latency storage for real-time data retrieval.\n\n- `Standard` : A managed low latency data store for feature groups.\n- `InMemory` : A managed data store for feature groups that supports very low latency retrieval.", + "title": "StorageType", + "type": "string" } }, "type": "object" @@ -247525,7 +247921,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.\n\n> This property can only be set when `EndpointType` is set to `VPC` and it is only valid in the `UpdateServer` API.", + "markdownDescription": "A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.\n\nAn address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the `allocationId` field from the Amazon EC2 [Address](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Address.html) data type. One way to retrieve this value is by calling the EC2 [DescribeAddresses](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html) API.\n\nThis parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see [Create an internet-facing endpoint for your server](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#create-internet-facing-endpoint) .\n\n> This property can only be set as follows:\n> \n> - `EndpointType` must be set to `VPC`\n> - The Transfer Family server must be offline.\n> - You cannot set this parameter for Transfer Family servers that use the FTP protocol.\n> - The server must already have `SubnetIds` populated ( `SubnetIds` and `AddressAllocationIds` cannot be updated simultaneously).\n> - `AddressAllocationIds` can't contain duplicates, and must be equal in length to `SubnetIds` . For example, if you have three subnet IDs, you must also specify three address allocation IDs.\n> - Call the `UpdateServer` API to set or change this parameter.", "title": "AddressAllocationIds", "type": "array" }, @@ -266075,6 +266471,9 @@ { "$ref": "#/definitions/AWS::CloudFront::KeyGroup" }, + { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore" + }, { "$ref": "#/definitions/AWS::CloudFront::MonitoringSubscription" }, diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 5cfff1012..5430b2f44 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -3184,6 +3184,7 @@ "AWS::ApplicationAutoScaling::ScalingPolicy CustomizedMetricSpecification": { "Dimensions": "The dimensions of the metric.\n\nConditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.", "MetricName": "The name of the metric. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that's returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", + "Metrics": "The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions.", "Namespace": "The namespace of the metric.", "Statistic": "The statistic of the metric.", "Unit": "The unit of the metric. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* ." @@ -3208,6 +3209,27 @@ "MinAdjustmentMagnitude": "The minimum value to scale by when the adjustment type is `PercentChangeInCapacity` . For example, suppose that you create a step scaling policy to scale out an Amazon ECS service by 25 percent and you specify a `MinAdjustmentMagnitude` of 2. If the service has 4 tasks and the scaling policy is performed, 25 percent of 4 is 1. However, because you specified a `MinAdjustmentMagnitude` of 2, Application Auto Scaling scales out the service by 2 tasks.", "StepAdjustments": "A set of adjustments that enable you to scale based on the size of the alarm breach.\n\nAt least one step adjustment is required if you are adding a new step scaling policy configuration." }, + "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetric": { + "Dimensions": "The dimensions for the metric. For the list of available dimensions, see the AWS documentation available from the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* .\n\nConditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.", + "MetricName": "The name of the metric.", + "Namespace": "The namespace of the metric. For more information, see the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* ." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery": { + "Expression": "The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the `Id` of the other metrics to refer to those metrics, and can also use the `Id` of other expressions to use the result of those expressions.\n\nConditional: Within each `TargetTrackingMetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "Id": "A short name that identifies the object's results in the response. This name must be unique among all `MetricDataQuery` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.", + "Label": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.", + "MetricStat": "Information about the metric data to return.\n\nConditional: Within each `MetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "ReturnData": "Indicates whether to return the timestamps and raw data values of this metric.\n\nIf you use any math expressions, specify `true` for this value for only the final math expression that the metric specification is based on. You must specify `false` for `ReturnData` for all the other metrics and expressions used in the metric specification.\n\nIf you are only retrieving metrics and not performing any math expressions, do not specify anything for `ReturnData` . This sets it to its default ( `true` )." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDimension": { + "Name": "The name of the dimension.", + "Value": "The value of the dimension." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricStat": { + "Metric": "The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", + "Stat": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide* .\n\nThe most commonly used metric for scaling is `Average` .", + "Unit": "The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* ." + }, "AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingScalingPolicyConfiguration": { "CustomizedMetricSpecification": "A customized metric. You can specify either a predefined metric or a customized metric.", "DisableScaleIn": "Indicates whether scale in by the target tracking scaling policy is disabled. If the value is `true` , scale in is disabled and the target tracking scaling policy won't remove capacity from the scalable target. Otherwise, scale in is enabled and the target tracking scaling policy can remove capacity from the scalable target. The default value is `false` .", @@ -5229,6 +5251,15 @@ "Items": "A list of the identifiers of the public keys in the key group.", "Name": "A name to identify the key group." }, + "AWS::CloudFront::KeyValueStore": { + "Comment": "A comment for the Key Value Store.", + "ImportSource": "The import source for the Key Value Store.", + "Name": "The name of the Key Value Store." + }, + "AWS::CloudFront::KeyValueStore ImportSource": { + "SourceArn": "The Amazon Resource Name (ARN) of the import source for the Key Value Store.", + "SourceType": "The source type of the import source for the Key Value Store." + }, "AWS::CloudFront::MonitoringSubscription": { "DistributionId": "The ID of the distribution that you are enabling metrics for.", "MonitoringSubscription": "A subscription configuration for additional CloudWatch metrics." @@ -5427,6 +5458,8 @@ "AWS::CloudTrail::EventDataStore": { "AdvancedEventSelectors": "The advanced event selectors to use to select the events for the data store. You can configure up to five advanced event selectors for each event data store.\n\nFor more information about how to use advanced event selectors to log CloudTrail events, see [Log events by using advanced event selectors](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced) in the CloudTrail User Guide.\n\nFor more information about how to use advanced event selectors to include AWS Config configuration items in your event data store, see [Create an event data store for AWS Config configuration items](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-eds-config) in the CloudTrail User Guide.\n\nFor more information about how to use advanced event selectors to include non- AWS events in your event data store, see [Create an integration to log events from outside AWS](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-integration) in the CloudTrail User Guide.", "BillingMode": "The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store.\n\nThe following are the possible values:\n\n- `EXTENDABLE_RETENTION_PRICING` - This billing mode is generally recommended if you want a flexible retention period of up to 3653 days (about 10 years). The default retention period for this billing mode is 366 days.\n- `FIXED_RETENTION_PRICING` - This billing mode is recommended if you expect to ingest more than 25 TB of event data per month and need a retention period of up to 2557 days (about 7 years). The default retention period for this billing mode is 2557 days.\n\nThe default value is `EXTENDABLE_RETENTION_PRICING` .\n\nFor more information about CloudTrail pricing, see [AWS CloudTrail Pricing](https://docs.aws.amazon.com/cloudtrail/pricing/) and [Managing CloudTrail Lake costs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-manage-costs.html) .", + "FederationEnabled": "Indicates if [Lake query federation](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html) is enabled. By default, Lake query federation is disabled. You cannot delete an event data store if Lake query federation is enabled.", + "FederationRoleArn": "If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.\n\nThe federation role must exist in your account and provide the [required minimum permissions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions-role) .", "IngestionEnabled": "Specifies whether the event data store should start ingesting live events. The default is true.", "InsightSelectors": "A JSON string that contains the Insights types you want to log on an event data store. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid Insight types.\n\nThe `ApiCallRateInsight` Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.\n\nThe `ApiErrorRateInsight` Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.", "InsightsDestination": "The ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events. For more information, see [Create an event data store for CloudTrail Insights events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store-insights.html) .", @@ -5635,9 +5668,9 @@ "IncludeFilters": "If you specify this parameter, the stream sends only the metrics from the metric namespaces that you specify here. You cannot specify both `IncludeFilters` and `ExcludeFilters` in the same metric stream.\n\nWhen you modify the `IncludeFilters` or `ExcludeFilters` of an existing metric stream in any way, the metric stream is effectively restarted, so after such a change you will get only the datapoints that have a timestamp after the time of the update.", "IncludeLinkedAccountsMetrics": "If you are creating a metric stream in a monitoring account, specify `true` to include metrics from source accounts that are linked to this monitoring account, in the metric stream. The default is `false` .\n\nFor more information about linking accounts, see [CloudWatch cross-account observability](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)", "Name": "If you are creating a new metric stream, this is the name for the new stream. The name must be different than the names of other metric streams in this account and Region.\n\nIf you are updating a metric stream, specify the name of that stream here.", - "OutputFormat": "The output format for the stream. Valid values are `json` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", + "OutputFormat": "The output format for the stream. Valid values are `json` , `opentelemetry1.0` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", "RoleArn": "The ARN of an IAM role that this metric stream will use to access Amazon Kinesis Firehose resources. This IAM role must already exist and must be in the same account as the metric stream. This IAM role must include the `firehose:PutRecord` and `firehose:PutRecordBatch` permissions.", - "StatisticsConfigurations": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is `opentelemetry0` .7, you can stream percentile statistics *(p??)* .", + "StatisticsConfigurations": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is OpenTelemetry, you can stream percentile statistics.", "Tags": "An array of key-value pairs to apply to the metric stream.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." }, "AWS::CloudWatch::MetricStream MetricStreamFilter": { @@ -5887,15 +5920,15 @@ "DeploymentConfigName": "A name for the deployment configuration. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the deployment configuration name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", "MinimumHealthyHosts": "The minimum number of healthy instances that should be available at any time during the deployment. There are two parameters expected in the input: type and value.\n\nThe type parameter takes either of the following values:\n\n- HOST_COUNT: The value parameter represents the minimum number of healthy instances as an absolute value.\n- FLEET_PERCENT: The value parameter represents the minimum number of healthy instances as a percentage of the total number of instances in the deployment. If you specify FLEET_PERCENT, at the start of the deployment, AWS CodeDeploy converts the percentage to the equivalent number of instance and rounds up fractional instances.\n\nThe value parameter takes an integer.\n\nFor example, to set a minimum of 95% healthy instance, specify a type of FLEET_PERCENT and a value of 95.\n\nFor more information about instance health, see [CodeDeploy Instance Health](https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-health.html) in the AWS CodeDeploy User Guide.", "TrafficRoutingConfig": "The configuration that specifies how the deployment traffic is routed.", - "ZonalConfig": "" + "ZonalConfig": "Configure the `ZonalConfig` object if you want AWS CodeDeploy to deploy your application to one [Availability Zone](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones) at a time, within an AWS Region.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* ." }, "AWS::CodeDeploy::DeploymentConfig MinimumHealthyHosts": { "Type": "The minimum healthy instance type:\n\n- HOST_COUNT: The minimum number of healthy instance as an absolute value.\n- FLEET_PERCENT: The minimum number of healthy instance as a percentage of the total number of instance in the deployment.\n\nIn an example of nine instance, if a HOST_COUNT of six is specified, deploy to up to three instances at a time. The deployment is successful if six or more instances are deployed to successfully. Otherwise, the deployment fails. If a FLEET_PERCENT of 40 is specified, deploy to up to five instance at a time. The deployment is successful if four or more instance are deployed to successfully. Otherwise, the deployment fails.\n\n> In a call to `GetDeploymentConfig` , CodeDeployDefault.OneAtATime returns a minimum healthy instance type of MOST_CONCURRENCY and a value of 1. This means a deployment to only one instance at a time. (You cannot set the type to MOST_CONCURRENCY, only to HOST_COUNT or FLEET_PERCENT.) In addition, with CodeDeployDefault.OneAtATime, AWS CodeDeploy attempts to ensure that all instances but one are kept in a healthy state during the deployment. Although this allows one instance at a time to be taken offline for a new deployment, it also means that if the deployment to the last instance fails, the overall deployment is still successful. \n\nFor more information, see [AWS CodeDeploy Instance Health](https://docs.aws.amazon.com//codedeploy/latest/userguide/instances-health.html) in the *AWS CodeDeploy User Guide* .", "Value": "The minimum healthy instance value." }, "AWS::CodeDeploy::DeploymentConfig MinimumHealthyHostsPerZone": { - "Type": "", - "Value": "" + "Type": "The `type` associated with the `MinimumHealthyHostsPerZone` option.", + "Value": "The `value` associated with the `MinimumHealthyHostsPerZone` option." }, "AWS::CodeDeploy::DeploymentConfig TimeBasedCanary": { "CanaryInterval": "The number of minutes between the first and second traffic shifts of a `TimeBasedCanary` deployment.", @@ -5911,9 +5944,9 @@ "Type": "The type of traffic shifting ( `TimeBasedCanary` or `TimeBasedLinear` ) used by a deployment configuration." }, "AWS::CodeDeploy::DeploymentConfig ZonalConfig": { - "FirstZoneMonitorDurationInSeconds": "", - "MinimumHealthyHostsPerZone": "", - "MonitorDurationInSeconds": "" + "FirstZoneMonitorDurationInSeconds": "The period of time, in seconds, that CodeDeploy must wait after completing a deployment to the *first* Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the second Availability Zone. You might set this option if you want to allow extra bake time for the first Availability Zone. If you don't specify a value for `firstZoneMonitorDurationInSeconds` , then CodeDeploy uses the `monitorDurationInSeconds` value for the first Availability Zone.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", + "MinimumHealthyHostsPerZone": "The number or percentage of instances that must remain available per Availability Zone during a deployment. This option works in conjunction with the `MinimumHealthyHosts` option. For more information, see [About the minimum number of healthy hosts per Availability Zone](https://docs.aws.amazon.com//codedeploy/latest/userguide/instances-health.html#minimum-healthy-hosts-az) in the *CodeDeploy User Guide* .\n\nIf you don't specify the `minimumHealthyHostsPerZone` option, then CodeDeploy uses a default value of `0` percent.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", + "MonitorDurationInSeconds": "The period of time, in seconds, that CodeDeploy must wait after completing a deployment to an Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the next Availability Zone. Consider adding a monitor duration to give the deployment some time to prove itself (or 'bake') in one Availability Zone before it is released in the next zone. If you don't specify a `monitorDurationInSeconds` , CodeDeploy starts deploying to the next Availability Zone immediately.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* ." }, "AWS::CodeDeploy::DeploymentGroup": { "AlarmConfiguration": "Information about the Amazon CloudWatch alarms that are associated with the deployment group.", @@ -5934,6 +5967,7 @@ "OutdatedInstancesStrategy": "Indicates what happens when new Amazon EC2 instances are launched mid-deployment and do not receive the deployed application revision.\n\nIf this option is set to `UPDATE` or is unspecified, CodeDeploy initiates one or more 'auto-update outdated instances' deployments to apply the deployed application revision to the new Amazon EC2 instances.\n\nIf this option is set to `IGNORE` , CodeDeploy does not initiate a deployment to update the new Amazon EC2 instances. This may result in instances having different revisions.", "ServiceRoleArn": "A service role Amazon Resource Name (ARN) that grants CodeDeploy permission to make calls to AWS services on your behalf. For more information, see [Create a Service Role for AWS CodeDeploy](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-service-role.html) in the *AWS CodeDeploy User Guide* .\n\n> In some cases, you might need to add a dependency on the service role's policy. For more information, see IAM role policy in [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) .", "Tags": "The metadata that you apply to CodeDeploy deployment groups to help you organize and categorize them. Each tag consists of a key and an optional value, both of which you define.", + "TerminationHookEnabled": "Indicates whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group.\n\nFor more information about the termination hook, see [How Amazon EC2 Auto Scaling works with CodeDeploy](https://docs.aws.amazon.com//codedeploy/latest/userguide/integrations-aws-auto-scaling.html#integrations-aws-auto-scaling-behaviors) in the *AWS CodeDeploy User Guide* .", "TriggerConfigurations": "Information about triggers associated with the deployment group. Duplicates are not allowed" }, "AWS::CodeDeploy::DeploymentGroup Alarm": { @@ -6111,10 +6145,13 @@ "ArtifactStores": "A mapping of `artifactStore` objects and their corresponding AWS Regions. There must be an artifact store for the pipeline Region and for each cross-region action in the pipeline.\n\n> You must include either `artifactStore` or `artifactStores` in your pipeline, but you cannot use both. If you create a cross-region action in your pipeline, you must use `artifactStores` .", "DisableInboundStageTransitions": "Represents the input of a `DisableStageTransition` action.", "Name": "The name of the pipeline.", + "PipelineType": "CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications.\n\n- V1 type pipelines have a JSON structure that contains standard pipeline, stage, and action-level parameters.\n- V2 type pipelines have the same structure as a V1 type, along with additional parameters for release safety and trigger configuration.\n\n> Including V2 parameters, such as triggers on Git tags, in the pipeline JSON when creating or updating a pipeline will result in the pipeline having the V2 type of pipeline and the associated costs. \n\nFor information about pricing for CodePipeline, see [Pricing](https://docs.aws.amazon.com/https://aws.amazon.com/codepipeline/pricing/) .\n\nFor information about which type of pipeline to choose, see [What type of pipeline is right for me?](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-types-planning.html) .", "RestartExecutionOnUpdate": "Indicates whether to rerun the CodePipeline pipeline after you update it.", "RoleArn": "The Amazon Resource Name (ARN) for CodePipeline to use to either perform actions with no `actionRoleArn` , or to use to assume roles for actions with an `actionRoleArn` .", "Stages": "Represents information about a stage and its definition.", - "Tags": "Specifies the tags applied to the pipeline." + "Tags": "Specifies the tags applied to the pipeline.", + "Triggers": "The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline.\n\n> When a trigger configuration is specified, default change detection for repository and branch commits is disabled.", + "Variables": "A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match `[A-Za-z0-9@\\-_]+` ." }, "AWS::CodePipeline::Pipeline ActionDeclaration": { "ActionTypeId": "Specifies the action type and the provider of the action.", @@ -6150,12 +6187,27 @@ "Id": "The ID used to identify the key. For an AWS KMS key, you can use the key ID, the key ARN, or the alias ARN.\n\n> Aliases are recognized only in the account that created the AWS KMS key. For cross-account actions, you can only use the key ID or key ARN to identify the key. Cross-account actions involve using the role from the other account (AccountB), so specifying the key ID will use the key from the other account (AccountB).", "Type": "The type of encryption key, such as an AWS KMS key. When creating or updating a pipeline, the value must be set to 'KMS'." }, + "AWS::CodePipeline::Pipeline GitConfiguration": { + "Push": "The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details.\n\n> Git tags is the only supported event type.", + "SourceActionName": "The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.\n\n> You can only specify one trigger configuration per source action." + }, + "AWS::CodePipeline::Pipeline GitPushFilter": { + "Tags": "The field that contains the details for the Git tags trigger configuration." + }, + "AWS::CodePipeline::Pipeline GitTagFilterCriteria": { + "Excludes": "The list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.", + "Includes": "The list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline." + }, "AWS::CodePipeline::Pipeline InputArtifact": { "Name": "The name of the artifact to be worked on (for example, \"My App\").\n\nArtifacts are the files that are worked on by actions in the pipeline. See the action configuration for each action for details about artifact parameters. For example, the S3 source action input artifact is a file name (or file path), and the files are generally provided as a ZIP file. Example artifact name: SampleApp_Windows.zip\n\nThe input artifact of an action must exactly match the output artifact declared in a preceding action, but the input artifact does not have to be the next action in strict sequence from the action that provided the output artifact. Actions in parallel can declare different output artifacts, which are in turn consumed by different following actions." }, "AWS::CodePipeline::Pipeline OutputArtifact": { "Name": "The name of the output of an artifact, such as \"My App\".\n\nThe output artifact name must exactly match the input artifact declared for a downstream action. However, the downstream action's input artifact does not have to be the next action in strict sequence from the action that provided the output artifact. Actions in parallel can declare different output artifacts, which are in turn consumed by different following actions.\n\nOutput artifact names must be unique within a pipeline." }, + "AWS::CodePipeline::Pipeline PipelineTriggerDeclaration": { + "GitConfiguration": "Provides the filter criteria and the source stage for the repository event that starts the pipeline, such as Git tags.", + "ProviderType": "The source provider for the event, such as connections configured for a repository with Git tags, for the specified trigger configuration." + }, "AWS::CodePipeline::Pipeline StageDeclaration": { "Actions": "The actions included in a stage.", "Blockers": "Reserved for future use.", @@ -6169,6 +6221,11 @@ "Key": "The tag's key.", "Value": "The tag's value." }, + "AWS::CodePipeline::Pipeline VariableDeclaration": { + "DefaultValue": "The value of a pipeline-level variable.", + "Description": "The description of a pipeline-level variable. It's used to add additional context about the variable, and not being used at time when pipeline executes.", + "Name": "The name of a pipeline-level variable." + }, "AWS::CodePipeline::Webhook": { "Authentication": "Supported options are GITHUB_HMAC, IP, and UNAUTHENTICATED.\n\n- For information about the authentication scheme implemented by GITHUB_HMAC, see [Securing your webhooks](https://docs.aws.amazon.com/https://developer.github.com/webhooks/securing/) on the GitHub Developer website.\n- IP rejects webhooks trigger requests unless they originate from an IP address in the IP range whitelisted in the authentication configuration.\n- UNAUTHENTICATED accepts all webhook trigger requests regardless of origin.", "AuthenticationConfiguration": "Properties that configure the authentication applied to incoming webhook trigger requests. The required properties depend on the authentication type. For GITHUB_HMAC, only the `SecretToken` property must be set. For IP, only the `AllowedIPRange` property must be set to a valid CIDR range. For UNAUTHENTICATED, no properties can be set.", @@ -6444,7 +6501,7 @@ }, "AWS::Cognito::UserPoolClient": { "AccessTokenValidity": "The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for `AccessTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `AccessTokenValidity` to `10` and `TokenValidityUnits` to `hours` , your user can authorize access with their access token for 10 hours.\n\nThe default time unit for `AccessTokenValidity` in an API request is hours.", - "AllowedOAuthFlows": "The allowed OAuth flows.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", + "AllowedOAuthFlows": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", "AllowedOAuthFlowsUserPoolClient": "Set to `true` to use OAuth 2.0 features in your user pool app client.\n\n`AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` .", "AllowedOAuthScopes": "The allowed OAuth scopes. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported.", "AnalyticsConfiguration": "The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.\n\n> In AWS Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in AWS Region us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.", @@ -6565,7 +6622,7 @@ "DesiredDeliveryMediums": "Specify `\"EMAIL\"` if email will be used to send the welcome message. Specify `\"SMS\"` if the phone number will be used. The default value is `\"SMS\"` . You can specify more than one value.", "ForceAliasCreation": "This parameter is used only if the `phone_number_verified` or `email_verified` attribute is set to `True` . Otherwise, it is ignored.\n\nIf this parameter is set to `True` and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.\n\nIf this parameter is set to `False` , the API throws an `AliasExistsException` error if the alias already exists. The default value is `False` .", "MessageAction": "Set to `RESEND` to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to `SUPPRESS` to suppress sending the message. You can specify only one value.", - "UserAttributes": "The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (in [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) or in the *Attributes* tab of the console) must be supplied either by you (in your call to `AdminCreateUser` ) or by the user (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . (You can also do this by calling [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .)\n\n- *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "UserAttributes": "An array of name-value pairs that contain user attributes and attribute values.", "UserPoolId": "The user pool ID for the user pool where the user will be created.", "Username": "The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter.\n\n- The username can't be a duplicate of another username in the same user pool.\n- You can't change the value of a username after you create it.\n- You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) .", "ValidationData": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) ." @@ -6738,6 +6795,7 @@ "AWS::Config::ConfigurationRecorder": { "Name": "The name of the configuration recorder. AWS Config automatically assigns the name of \"default\" when creating the configuration recorder.\n\nYou cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.", "RecordingGroup": "Specifies which resource types AWS Config records for configuration changes.\n\n> *High Number of AWS Config Evaluations*\n> \n> You may notice increased activity in your account during your initial month recording with AWS Config when compared to subsequent months. During the initial bootstrapping process, AWS Config runs evaluations on all the resources in your account that you have selected for AWS Config to record.\n> \n> If you are running ephemeral workloads, you may see increased activity from AWS Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud ( Amazon EC2 ) Spot Instances, Amazon EMR jobs, and AWS Auto Scaling . If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with AWS Config turned off to avoid increased configuration recording and rule evaluations.", + "RecordingMode": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", "RoleARN": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* ." }, "AWS::Config::ConfigurationRecorder ExclusionByResourceTypes": { @@ -6750,6 +6808,15 @@ "RecordingStrategy": "An object that specifies the recording strategy for the configuration recorder.\n\n- If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type.\n- If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resources types and the resource exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)", "ResourceTypes": "A comma-separated list that specifies which resource types AWS Config records.\n\nFor a list of valid `resourceTypes` values, see the *Resource Type Value* column in [Supported AWS resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n\n> *Required and optional fields*\n> \n> Optionally, you can set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` .\n> \n> To record all configuration changes, set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` , and either omit this field or don't specify any resource types in this field. If you set the `allSupported` field to `false` and specify values for `resourceTypes` , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. > *Region availability*\n> \n> Before specifying a resource type for AWS Config to track, check [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) to see if the resource type is supported in the AWS Region where you set up AWS Config . If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config , even if the specified resource type is not supported in the AWS Region where you set up AWS Config ." }, + "AWS::Config::ConfigurationRecorder RecordingMode": { + "RecordingFrequency": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "RecordingModeOverrides": "An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode. The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override." + }, + "AWS::Config::ConfigurationRecorder RecordingModeOverride": { + "Description": "A description that you provide for the override.", + "RecordingFrequency": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", + "ResourceTypes": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`" + }, "AWS::Config::ConfigurationRecorder RecordingStrategy": { "UseOnly": "The recording strategy for the configuration recorder.\n\n- If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n- If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)" }, @@ -7007,7 +7074,8 @@ "Attributes": "A toggle for an individual feature at the instance level.", "DirectoryId": "The identifier for the directory.", "IdentityManagementType": "The identity management type.", - "InstanceAlias": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` ." + "InstanceAlias": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` .", + "Tags": "The tags of an instance." }, "AWS::Connect::Instance Attributes": { "AutoResolveBestVoices": "", @@ -7018,6 +7086,10 @@ "OutboundCalls": "", "UseCustomTTSVoices": "" }, + "AWS::Connect::Instance Tag": { + "Key": "", + "Value": "" + }, "AWS::Connect::InstanceStorageConfig": { "InstanceArn": "The Amazon Resource Name (ARN) of the instance.", "KinesisFirehoseConfig": "The configuration of the Kinesis Firehose delivery stream.", @@ -7373,7 +7445,7 @@ "Value": "The value of a key/value pair. It can be of type `array` , `string` , `number` , `object` , or `boolean` . [Note: The *Type* field that follows may show a single type such as Number, which is only one possible type.]" }, "AWS::ControlTower::LandingZone": { - "Manifest": "The landing zone `manifest.yaml` text file that specifies the landing zone configurations.", + "Manifest": "The landing zone manifest JSON text file that specifies the landing zone configurations.", "Tags": "Tags to be applied to the landing zone.", "Version": "The landing zone's current deployed version." }, @@ -7803,6 +7875,57 @@ "CertificatePem": "The contents of a `.pem` file, which contains an X.509 certificate.", "CertificateWallet": "The location of an imported Oracle Wallet certificate for use with SSL. An example is: `filebase64(\"${path.root}/rds-ca-2019-root.sso\")`" }, + "AWS::DMS::DataProvider": { + "DataProviderIdentifier": "The identifier of the data provider. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "DataProviderName": "The name of the data provider.", + "Description": "A description of the data provider. Descriptions can have up to 31 characters. A description can contain only ASCII letters, digits, and hyphens ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter.", + "Engine": "The type of database engine for the data provider. Valid values include `\"aurora\"` , `\"aurora-postgresql\"` , `\"mysql\"` , `\"oracle\"` , `\"postgres\"` , `\"sqlserver\"` , `redshift` , `mariadb` , `mongodb` , and `docdb` . A value of `\"aurora\"` represents Amazon Aurora MySQL-Compatible Edition.", + "ExactSettings": "", + "Settings": "The settings in JSON format for a data provider.", + "Tags": "" + }, + "AWS::DMS::DataProvider MicrosoftSqlServerSettings": { + "CertificateArn": "", + "DatabaseName": "Database name for the endpoint.", + "Port": "Endpoint TCP port.", + "ServerName": "Fully qualified domain name of the endpoint. For an Amazon RDS SQL Server instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.", + "SslMode": "" + }, + "AWS::DMS::DataProvider MySqlSettings": { + "CertificateArn": "", + "Port": "Endpoint TCP port.", + "ServerName": "The host name of the endpoint database.\n\nFor an Amazon RDS MySQL instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.\n\nFor an Aurora MySQL instance, this is the output of [DescribeDBClusters](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) , in the `Endpoint` field.", + "SslMode": "" + }, + "AWS::DMS::DataProvider OracleSettings": { + "AsmServer": "For an Oracle source endpoint, your ASM server address. You can set this value from the `asm_server` value. You set `asm_server` as part of the extra connection attribute string to access an Oracle server with Binary Reader that uses ASM. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "CertificateArn": "", + "DatabaseName": "Database name for the endpoint.", + "Port": "Endpoint TCP port.", + "SecretsManagerOracleAsmAccessRoleArn": "Required only if your Oracle endpoint uses Automatic Storage Management (ASM). The full ARN of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the `SecretsManagerOracleAsmSecret` . This `SecretsManagerOracleAsmSecret` has the secret value that allows access to the Oracle ASM of the endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerOracleAsmSecretId` . Or you can specify clear-text values for `AsmUser` , `AsmPassword` , and `AsmServerName` . You can't specify both. For more information on creating this `SecretsManagerOracleAsmSecret` and the `SecretsManagerOracleAsmAccessRoleArn` and `SecretsManagerOracleAsmSecretId` required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", + "SecretsManagerOracleAsmSecretId": "Required only if your Oracle endpoint uses Automatic Storage Management (ASM). The full ARN, partial ARN, or friendly name of the `SecretsManagerOracleAsmSecret` that contains the Oracle ASM connection details for the Oracle endpoint.", + "SecretsManagerSecurityDbEncryptionAccessRoleArn": "", + "SecretsManagerSecurityDbEncryptionSecretId": "", + "ServerName": "Fully qualified domain name of the endpoint.\n\nFor an Amazon RDS Oracle instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.", + "SslMode": "" + }, + "AWS::DMS::DataProvider PostgreSqlSettings": { + "CertificateArn": "", + "DatabaseName": "Database name for the endpoint.", + "Port": "Endpoint TCP port. The default is 5432.", + "ServerName": "The host name of the endpoint database.\n\nFor an Amazon RDS PostgreSQL instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.\n\nFor an Aurora PostgreSQL instance, this is the output of [DescribeDBClusters](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) , in the `Endpoint` field.", + "SslMode": "" + }, + "AWS::DMS::DataProvider Settings": { + "MicrosoftSqlServerSettings": "", + "MySqlSettings": "", + "OracleSettings": "", + "PostgreSqlSettings": "" + }, + "AWS::DMS::DataProvider Tag": { + "Key": "A key is the required name of the tag. The string value can be 1-128 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\").", + "Value": "A value is the optional value of the tag. The string value can be 1-256 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\")." + }, "AWS::DMS::Endpoint": { "CertificateArn": "The Amazon Resource Name (ARN) for the certificate.", "DatabaseName": "The name of the endpoint database. For a MySQL source or target endpoint, don't specify `DatabaseName` . To migrate to a specific database, use this setting and `targetDbType` .", @@ -7869,10 +7992,14 @@ }, "AWS::DMS::Endpoint IbmDb2Settings": { "CurrentLsn": "For ongoing replication (CDC), use CurrentLSN to specify a log sequence number (LSN) where you want the replication to start.", + "KeepCsvFiles": "If true, AWS DMS saves any .csv files to the Db2 LUW target that were used to replicate data. DMS uses these files for analysis and troubleshooting.\n\nThe default value is false.", + "LoadTimeout": "The amount of time (in milliseconds) before AWS DMS times out operations performed by DMS on the Db2 target. The default value is 1200 (20 minutes).", + "MaxFileSize": "Specifies the maximum size (in KB) of .csv files used to transfer data to Db2 LUW.", "MaxKBytesPerRead": "Maximum number of bytes per read, as a NUMBER value. The default is 64 KB.", "SecretsManagerAccessRoleArn": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` . The role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value ofthe AWS Secrets Manager secret that allows access to the Db2 LUW endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerSecretId` . Or you can specify clear-text values for `UserName` , `Password` , `ServerName` , and `Port` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerSecret` , the corresponding `SecretsManagerAccessRoleArn` , and the `SecretsManagerSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the IBMDB2 endpoint connection details.", - "SetDataCaptureChanges": "Enables ongoing replication (CDC) as a BOOLEAN value. The default is true." + "SetDataCaptureChanges": "Enables ongoing replication (CDC) as a BOOLEAN value. The default is true.", + "WriteBufferSize": "The size (in KB) of the in-memory file write buffer used when generating .csv files on the local disk on the DMS replication instance. The default value is 1024 (1 MB)." }, "AWS::DMS::Endpoint KafkaSettings": { "Broker": "A comma-separated list of one or more broker locations in your Kafka cluster that host your Kafka instance. Specify each broker location in the form `*broker-hostname-or-ip* : *port*` . For example, `\"ec2-12-345-678-901.compute-1.amazonaws.com:2345\"` . For more information and examples of specifying a list of broker locations, see [Using Apache Kafka as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Kafka.html) in the *AWS Database Migration Service User Guide* .", @@ -8116,6 +8243,50 @@ "Key": "A key is the required name of the tag. The string value can be 1-128 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\").", "Value": "A value is the optional value of the tag. The string value can be 1-256 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\")." }, + "AWS::DMS::InstanceProfile": { + "AvailabilityZone": "The Availability Zone where the instance profile runs.", + "Description": "A description of the instance profile. Descriptions can have up to 31 characters. A description can contain only ASCII letters, digits, and hyphens ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter.", + "InstanceProfileIdentifier": "The identifier of the instance profile. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "InstanceProfileName": "The user-friendly name for the instance profile.", + "KmsKeyArn": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses your default encryption key.\n\nAWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .", + "NetworkType": "Specifies the network type for the instance profile. A value of `IPV4` represents an instance profile with IPv4 network type and only supports IPv4 addressing. A value of `IPV6` represents an instance profile with IPv6 network type and only supports IPv6 addressing. A value of `DUAL` represents an instance profile with dual network type that supports IPv4 and IPv6 addressing.", + "PubliclyAccessible": "Specifies the accessibility options for the instance profile. A value of `true` represents an instance profile with a public IP address. A value of `false` represents an instance profile with a private IP address. The default value is `true` .", + "SubnetGroupIdentifier": "The identifier of the subnet group that is associated with the instance profile.", + "Tags": "", + "VpcSecurityGroups": "The VPC security groups that are used with the instance profile. The VPC security group must work with the VPC containing the instance profile." + }, + "AWS::DMS::InstanceProfile Tag": { + "Key": "A key is the required name of the tag. The string value can be 1-128 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\").", + "Value": "A value is the optional value of the tag. The string value can be 1-256 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\")." + }, + "AWS::DMS::MigrationProject": { + "Description": "A user-friendly description of the migration project.", + "InstanceProfileArn": "The Amazon Resource Name (ARN) of the instance profile for your migration project.", + "InstanceProfileIdentifier": "The identifier of the instance profile for your migration project.", + "InstanceProfileName": "The name of the associated instance profile.", + "MigrationProjectIdentifier": "The identifier of the migration project. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "MigrationProjectName": "The name of the migration project.", + "SchemaConversionApplicationAttributes": "The schema conversion application attributes, including the Amazon S3 bucket name and Amazon S3 role ARN.", + "SourceDataProviderDescriptors": "Information about the source data provider, including the name or ARN, and AWS Secrets Manager parameters.", + "Tags": "", + "TargetDataProviderDescriptors": "Information about the target data provider, including the name or ARN, and AWS Secrets Manager parameters.", + "TransformationRules": "The settings in JSON format for migration rules. Migration rules make it possible for you to change the object names according to the rules that you specify. For example, you can change an object name to lowercase or uppercase, add or remove a prefix or suffix, or rename objects." + }, + "AWS::DMS::MigrationProject DataProviderDescriptor": { + "DataProviderArn": "The Amazon Resource Name (ARN) of the data provider.", + "DataProviderIdentifier": "", + "DataProviderName": "The user-friendly name of the data provider.", + "SecretsManagerAccessRoleArn": "The ARN of the role used to access AWS Secrets Manager.", + "SecretsManagerSecretId": "The identifier of the AWS Secrets Manager Secret used to store access credentials for the data provider." + }, + "AWS::DMS::MigrationProject SchemaConversionApplicationAttributes": { + "S3BucketPath": "", + "S3BucketRoleArn": "" + }, + "AWS::DMS::MigrationProject Tag": { + "Key": "A key is the required name of the tag. The string value can be 1-128 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\").", + "Value": "A value is the optional value of the tag. The string value can be 1-256 Unicode characters in length and can't be prefixed with \"aws:\" or \"dms:\". The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regular expressions: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\")." + }, "AWS::DMS::ReplicationConfig": { "ComputeConfig": "Configuration parameters for provisioning an AWS DMS Serverless replication.", "ReplicationConfigArn": "The Amazon Resource Name (ARN) of this AWS DMS Serverless replication configuration.", @@ -8894,7 +9065,7 @@ "LogLevel": "Specifies the type of logs that DataSync publishes to a Amazon CloudWatch Logs log group. To specify the log group, see [CloudWatchLogGroupArn](https://docs.aws.amazon.com/datasync/latest/userguide/API_CreateTask.html#DataSync-CreateTask-request-CloudWatchLogGroupArn) .\n\nIf you set `LogLevel` to `OFF` , no logs are published. `BASIC` publishes logs on errors for individual files transferred. `TRANSFER` publishes logs for every file or object that is transferred and integrity checked.", "Mtime": "A value that indicates the last time that a file was modified (that is, a file was written to) before the PREPARING phase. This option is required for cases when you need to run the same task more than one time.\n\nDefault value: `PRESERVE`\n\n`PRESERVE` : Preserve original `Mtime` (recommended)\n\n`NONE` : Ignore `Mtime` .\n\n> If `Mtime` is set to `PRESERVE` , `Atime` must be set to `BEST_EFFORT` .\n> \n> If `Mtime` is set to `NONE` , `Atime` must also be set to `NONE` .", "ObjectTags": "Specifies whether object tags are preserved when transferring between object storage systems. If you want your DataSync task to ignore object tags, specify the `NONE` value.\n\nDefault Value: `PRESERVE`", - "OverwriteMode": "Specifies whether data at the destination location should be overwritten or preserved. If set to `NEVER` , a destination file for example will not be replaced by a source file (even if the destination file differs from the source file). If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.\n\nSome storage classes have specific behaviors that can affect your Amazon S3 storage cost. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .", + "OverwriteMode": "Specifies whether DataSync should modify or preserve data at the destination location.\n\n- `ALWAYS` (default) - DataSync modifies data in the destination location when source data (including metadata) has changed.\n\nIf DataSync overwrites objects, you might incur additional charges for certain Amazon S3 storage classes (for example, for retrieval or early deletion). For more information, see [Storage class considerations with Amazon S3 transfers](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .\n- `NEVER` - DataSync doesn't overwrite data in the destination location even if the source data has changed. You can use this option to protect against overwriting changes made to files or objects in the destination.", "PosixPermissions": "A value that determines which users or groups can access a file for a specific purpose, such as reading, writing, or execution of the file. This option should be set only for Network File System (NFS), Amazon EFS, and Amazon S3 locations. For more information about what metadata is copied by DataSync, see [Metadata Copied by DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/special-files.html#metadata-copied) .\n\nDefault value: `PRESERVE`\n\n`PRESERVE` : Preserve POSIX-style permissions (recommended).\n\n`NONE` : Ignore permissions.\n\n> AWS DataSync can preserve extant permissions of a source location.", "PreserveDeletedFiles": "A value that specifies whether files in the destination that don't exist in the source file system are preserved. This option can affect your storage costs. If your task deletes objects, you might incur minimum storage duration charges for certain storage classes. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) in the *AWS DataSync User Guide* .\n\nDefault value: `PRESERVE`\n\n`PRESERVE` : Ignore destination files that aren't present in the source (recommended).\n\n`REMOVE` : Delete destination files that aren't present in the source.", "PreserveDevices": "A value that determines whether AWS DataSync should preserve the metadata of block and character devices in the source file system, and re-create the files with that device name and metadata on the destination. DataSync does not copy the contents of such devices, only the name and metadata.\n\n> AWS DataSync can't sync the actual contents of such devices, because they are nonterminal and don't return an end-of-file (EOF) marker. \n\nDefault value: `NONE`\n\n`NONE` : Ignore special devices (recommended).\n\n`PRESERVE` : Preserve character and block device metadata. This option isn't currently supported for Amazon EFS.", @@ -9907,7 +10078,7 @@ }, "AWS::EC2::Instance NetworkInterface": { "AssociateCarrierIpAddress": "Indicates whether to assign a carrier IP address to the network interface.\n\nYou can only assign a carrier IP address to a network interface that is in a subnet in a Wavelength Zone. For more information about carrier IP addresses, see [Carrier IP address](https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#provider-owned-ip) in the *AWS Wavelength Developer Guide* .", - "AssociatePublicIpAddress": "Indicates whether to assign a public IPv4 address to an instance. Applies only if creating a network interface when launching an instance. The network interface must be the primary network interface. If launching into a default subnet, the default value is `true` .", + "AssociatePublicIpAddress": "Indicates whether to assign a public IPv4 address to an instance. Applies only if creating a network interface when launching an instance. The network interface must be the primary network interface. If launching into a default subnet, the default value is `true` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "DeleteOnTermination": "Indicates whether the network interface is deleted when the instance is terminated. Applies only if creating a network interface when launching an instance.", "Description": "The description of the network interface. Applies only if creating a network interface when launching an instance.", "DeviceIndex": "The position of the network interface in the attachment order. A primary network interface has a device index of 0.\n\nIf you create a network interface when launching an instance, you must specify the device index.", @@ -10142,7 +10313,7 @@ "HttpEndpoint": "Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is `enabled` .\n\n> If you specify a value of `disabled` , you will not be able to access your instance metadata.", "HttpProtocolIpv6": "Enables or disables the IPv6 endpoint for the instance metadata service.\n\nDefault: `disabled`", "HttpPutResponseHopLimit": "The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.\n\nDefault: `1`\n\nPossible values: Integers from 1 to 64", - "HttpTokens": "IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to `optional` (in other words, set the use of IMDSv2 to `optional` ) or `required` (in other words, set the use of IMDSv2 to `required` ).\n\n- `optional` - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.\n- `required` - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: `optional`", + "HttpTokens": "Indicates whether IMDSv2 is required.\n\n- `optional` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.\n- `required` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: If the value of `ImdsSupport` for the Amazon Machine Image (AMI) for your instance is `v2.0` , the default is `required` .", "InstanceMetadataTags": "Set to `enabled` to allow access to instance tags from the instance metadata. Set to `disabled` to turn off access to instance tags from the instance metadata. For more information, see [Work with instance tags using the instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS) .\n\nDefault: `disabled`" }, "AWS::EC2::LaunchTemplate Monitoring": { @@ -10154,7 +10325,7 @@ }, "AWS::EC2::LaunchTemplate NetworkInterface": { "AssociateCarrierIpAddress": "Associates a Carrier IP address with eth0 for a new network interface.\n\nUse this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information about Carrier IP addresses, see [Carrier IP addresses](https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#provider-owned-ip) in the *AWS Wavelength Developer Guide* .", - "AssociatePublicIpAddress": "Associates a public IPv4 address with eth0 for a new network interface.", + "AssociatePublicIpAddress": "Associates a public IPv4 address with eth0 for a new network interface.\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [Amazon VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "ConnectionTrackingSpecification": "A connection tracking specification for the network interface.", "DeleteOnTermination": "Indicates whether the network interface is deleted when the instance is terminated.", "Description": "A description for the network interface.", @@ -10729,7 +10900,7 @@ "Ipv6Address": "The IPv6 address." }, "AWS::EC2::SpotFleet InstanceNetworkInterfaceSpecification": { - "AssociatePublicIpAddress": "Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is `true` .", + "AssociatePublicIpAddress": "Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is `true` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [Amazon VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "DeleteOnTermination": "Indicates whether the network interface is deleted when the instance is terminated.", "Description": "The description of the network interface. Applies only if creating a network interface when launching an instance.", "DeviceIndex": "The position of the network interface in the attachment order. A primary network interface has a device index of 0.\n\nIf you specify a network interface when launching an instance, you must specify the device index.", @@ -10895,7 +11066,7 @@ "Ipv6CidrBlock": "The IPv6 CIDR block.\n\nIf you specify `AssignIpv6AddressOnCreation` , you must also specify `Ipv6CidrBlock` .", "Ipv6Native": "Indicates whether this is an IPv6 only subnet. For more information, see [Subnet basics](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#subnet-basics) in the *Amazon Virtual Private Cloud User Guide* .", "Ipv6NetmaskLength": "An IPv6 netmask length for the subnet.", - "MapPublicIpOnLaunch": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .", + "MapPublicIpOnLaunch": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "OutpostArn": "The Amazon Resource Name (ARN) of the Outpost.", "PrivateDnsNameOptionsOnLaunch": "The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *Amazon Elastic Compute Cloud User Guide* .\n\nAvailable options:\n\n- EnableResourceNameDnsAAAARecord (true | false)\n- EnableResourceNameDnsARecord (true | false)\n- HostnameType (ip-name | resource-name)", "Tags": "Any tags assigned to the subnet.", @@ -11431,6 +11602,7 @@ }, "AWS::ECS::CapacityProvider AutoScalingGroupProvider": { "AutoScalingGroupArn": "The Amazon Resource Name (ARN) that identifies the Auto Scaling group, or the Auto Scaling group name.", + "ManagedDraining": "", "ManagedScaling": "The managed scaling settings for the Auto Scaling group capacity provider.", "ManagedTerminationProtection": "The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection. The default is off.\n\n> When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work. \n\nWhen managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions on as well. For more information, see [Instance Protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) in the *AWS Auto Scaling User Guide* .\n\nWhen managed termination protection is off, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in." }, @@ -12424,13 +12596,17 @@ "AuthMode": "Specifies whether the Studio authenticates users using IAM Identity Center or IAM.", "DefaultS3Location": "The Amazon S3 location to back up EMR Studio Workspaces and notebook files.", "Description": "A detailed description of the Amazon EMR Studio.", + "EncryptionKeyArn": "The AWS KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.", "EngineSecurityGroupId": "The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by `VpcId` .", + "IdcInstanceArn": "The ARN of the IAM Identity Center instance the Studio application belongs to.", + "IdcUserAssignment": "Indicates whether the Studio has `REQUIRED` or `OPTIONAL` IAM Identity Center user assignment. If the value is set to `REQUIRED` , users must be explicitly assigned to the Studio application to access the Studio.", "IdpAuthUrl": "Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL.", "IdpRelayStateParameterName": "The name of your identity provider's `RelayState` parameter.", "Name": "A descriptive name for the Amazon EMR Studio.", "ServiceRole": "The Amazon Resource Name (ARN) of the IAM role that will be assumed by the Amazon EMR Studio. The service role provides a way for Amazon EMR Studio to interoperate with other AWS services.", "SubnetIds": "A list of subnet IDs to associate with the Amazon EMR Studio. A Studio can have a maximum of 5 subnets. The subnets must belong to the VPC specified by `VpcId` . Studio users can create a Workspace in any of the specified subnets.", "Tags": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "TrustedIdentityPropagationEnabled": "Indicates whether the Studio has Trusted identity propagation enabled. The default value is `false` .", "UserRole": "The Amazon Resource Name (ARN) of the IAM user role that will be assumed by users and groups logged in to a Studio. The permissions attached to this IAM role can be scoped down for each user or group using session policies. You only need to specify `UserRole` when you set `AuthMode` to `SSO` .", "VpcId": "The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio.", "WorkspaceSecurityGroupId": "The ID of the Workspace security group associated with the Amazon EMR Studio. The Workspace security group allows outbound network traffic to resources in the Engine security group and to the internet." @@ -12711,10 +12887,12 @@ "CacheUsageLimits": "The cache usage limit for the serverless cache.", "DailySnapshotTime": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Redis only.", "Description": "A description of the serverless cache.", + "Endpoint": "Represents the information required for client programs to connect to a cache node.", "Engine": "The engine the serverless cache is compatible with.", "FinalSnapshotName": "The name of the final snapshot taken of a cache before the cache is deleted.", "KmsKeyId": "The ID of the AWS Key Management Service (KMS) key that is used to encrypt data at rest in the serverless cache.", "MajorEngineVersion": "The version number of the engine the serverless cache is compatible with.", + "ReaderEndpoint": "Represents the information required for client programs to connect to a cache node.", "SecurityGroupIds": "The IDs of the EC2 security groups associated with the serverless cache.", "ServerlessCacheName": "The unique identifier of the serverless cache.", "SnapshotArnsToRestore": "The ARN of the snapshot from which to restore data into the new cache.", @@ -13827,9 +14005,9 @@ "EmptyTargetResolutionMode": "The empty target resolution mode for an experiment template." }, "AWS::FIS::ExperimentTemplate ExperimentTemplateLogConfiguration": { - "CloudWatchLogsConfiguration": "The configuration for experiment logging to Amazon CloudWatch Logs.", + "CloudWatchLogsConfiguration": "The configuration for experiment logging to CloudWatch Logs .", "LogSchemaVersion": "The schema version.", - "S3Configuration": "The configuration for experiment logging to Amazon S3." + "S3Configuration": "The configuration for experiment logging to Amazon S3 ." }, "AWS::FIS::ExperimentTemplate ExperimentTemplateStopCondition": { "Source": "The source for the stop condition.", @@ -13837,7 +14015,7 @@ }, "AWS::FIS::ExperimentTemplate ExperimentTemplateTarget": { "Filters": "The filters to apply to identify target resources using specific attributes.", - "Parameters": "The resource type parameters.", + "Parameters": "The parameters for the resource type.", "ResourceArns": "The Amazon Resource Names (ARNs) of the targets.", "ResourceTags": "The tags for the target resources.", "ResourceType": "The resource type.", @@ -17053,20 +17231,20 @@ "Value": "The tag's value." }, "AWS::IoT::SoftwarePackage": { - "Description": "A summary of the package being created. This can be used to outline the package's contents or purpose.", - "PackageName": "The name of the new software package.", - "Tags": "Metadata that can be used to manage the package." + "Description": "", + "PackageName": "", + "Tags": "" }, "AWS::IoT::SoftwarePackage Tag": { "Key": "The tag's key.", "Value": "The tag's value." }, "AWS::IoT::SoftwarePackageVersion": { - "Attributes": "Metadata that can be used to define a package version\u2019s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", - "Description": "A summary of the package version being created. This can be used to outline the package's contents or purpose.", - "PackageName": "The name of the associated software package.", - "Tags": "Metadata that can be used to manage the package version.", - "VersionName": "The name of the new package version." + "Attributes": "", + "Description": "", + "PackageName": "", + "Tags": "", + "VersionName": "" }, "AWS::IoT::SoftwarePackageVersion Tag": { "Key": "The tag's key.", @@ -22569,6 +22747,10 @@ "TimecodeConfig": "Contains settings used to acquire and adjust timecode information from the inputs.", "VideoDescriptions": "The encoding information for output videos." }, + "AWS::MediaLive::Channel EpochLockingSettings": { + "CustomEpoch": "", + "JamSyncTime": "" + }, "AWS::MediaLive::Channel Esam": { "AcquisitionPointId": "", "AdAvailOffset": "", @@ -22586,7 +22768,8 @@ "VideoBlackSettings": "MediaLive will perform a failover if content is considered black for the specified period." }, "AWS::MediaLive::Channel FeatureActivations": { - "InputPrepareScheduleActions": "Enables the Input Prepare feature. You can create Input Prepare actions in the schedule only if this feature is enabled.\nIf you disable the feature on an existing schedule, make sure that you first delete all input prepare actions from the schedule." + "InputPrepareScheduleActions": "Enables the Input Prepare feature. You can create Input Prepare actions in the schedule only if this feature is enabled.\nIf you disable the feature on an existing schedule, make sure that you first delete all input prepare actions from the schedule.", + "OutputStaticImageOverlayScheduleActions": "" }, "AWS::MediaLive::Channel FecOutputSettings": { "ColumnDepth": "The parameter D from SMPTE 2022-1. The height of the FEC protection matrix. The number of transport stream packets per column error correction packet. The number must be between 4 and 20, inclusive.", @@ -22621,6 +22804,7 @@ "InputEndAction": "Indicates the action to take when the current input completes (for example, end-of-file). When switchAndLoopInputs is configured, MediaLive restarts at the beginning of the first input. When \"none\" is configured, MediaLive transcodes either black, a solid color, or a user-specified slate images per the \"Input Loss Behavior\" configuration until the next input switch occurs (which is controlled through the Channel Schedule API).", "InputLossBehavior": "The settings for system actions when the input is lost.", "OutputLockingMode": "Indicates how MediaLive pipelines are synchronized. PIPELINELOCKING - MediaLive attempts to synchronize the output of each pipeline to the other. EPOCHLOCKING - MediaLive attempts to synchronize the output of each pipeline to the Unix epoch.", + "OutputLockingSettings": "", "OutputTimingSource": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", "SupportLowFramerateInputs": "Adjusts the video input buffer for streams with very low video frame rates. This is commonly set to enabled for music channels with less than one video frame per second." }, @@ -23078,6 +23262,10 @@ "AWS::MediaLive::Channel OutputLocationRef": { "DestinationRefId": "A reference ID for this destination." }, + "AWS::MediaLive::Channel OutputLockingSettings": { + "EpochLockingSettings": "", + "PipelineLockingSettings": "" + }, "AWS::MediaLive::Channel OutputSettings": { "ArchiveOutputSettings": "The settings for an archive output.", "FrameCaptureOutputSettings": "The settings for a frame capture output.\n\nThe parent of this entity is OutputGroupSettings.", @@ -24576,6 +24764,8 @@ "Script": "The initialization script." }, "AWS::OSIS::Pipeline": { + "BufferOptions": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.", + "EncryptionAtRestOptions": "Options to control how OpenSearch encrypts all data-at-rest.", "LogPublishingOptions": "Key-value pairs that represent log publishing settings.", "MaxUnits": "The maximum pipeline capacity, in Ingestion Compute Units (ICUs).", "MinUnits": "The minimum pipeline capacity, in Ingestion Compute Units (ICUs).", @@ -24584,9 +24774,15 @@ "Tags": "List of tags to add to the pipeline upon creation.", "VpcOptions": "Options that specify the subnets and security groups for an OpenSearch Ingestion VPC endpoint." }, + "AWS::OSIS::Pipeline BufferOptions": { + "PersistentBufferEnabled": "Whether persistent buffering should be enabled." + }, "AWS::OSIS::Pipeline CloudWatchLogDestination": { "LogGroup": "The name of the CloudWatch Logs group to send pipeline logs to. You can specify an existing log group or create a new one. For example, `/aws/OpenSearchService/IngestionService/my-pipeline` ." }, + "AWS::OSIS::Pipeline EncryptionAtRestOptions": { + "KmsKeyArn": "The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key." + }, "AWS::OSIS::Pipeline LogPublishingOptions": { "CloudWatchLogDestination": "The destination for OpenSearch Ingestion logs sent to Amazon CloudWatch Logs. This parameter is required if `IsLoggingEnabled` is set to `true` .", "IsLoggingEnabled": "Whether logs should be published." @@ -35688,14 +35884,14 @@ "Value": "The tag value." }, "AWS::RolesAnywhere::Profile": { - "DurationSeconds": "The number of seconds vended session credentials will be valid for", - "Enabled": "The enabled status of the resource.", - "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", - "Name": "The customer specified name of the resource.", - "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", - "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", - "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", - "Tags": "A list of Tags." + "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "Enabled": "Indicates whether the profile is enabled.", + "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", + "Name": "The name of the profile.", + "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", + "Tags": "The tags to attach to the profile." }, "AWS::RolesAnywhere::Profile Tag": { "Key": "The tag key.", @@ -35715,8 +35911,8 @@ "Threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled." }, "AWS::RolesAnywhere::TrustAnchor Source": { - "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", - "SourceType": "The type of the TrustAnchor." + "SourceData": "The data field of the trust anchor depending on its type.", + "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." }, "AWS::RolesAnywhere::TrustAnchor SourceData": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", @@ -36915,6 +37111,7 @@ "RawMessageDelivery": "When set to `true` , enables raw message delivery. Raw messages don't contain any JSON formatting and can be sent to Amazon SQS and HTTP/S endpoints. For more information, see `[GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html)` in the *Amazon SNS API Reference* .", "RedrivePolicy": "When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing.\n\nFor more information about the redrive policy and dead-letter queues, see [Amazon SQS dead-letter queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) in the *Amazon SQS Developer Guide* .", "Region": "For cross-region subscriptions, the region in which the topic resides.\n\nIf no region is specified, AWS CloudFormation uses the region of the caller as the default.\n\nIf you perform an update operation that only updates the `Region` property of a `AWS::SNS::Subscription` resource, that operation will fail unless you are either:\n\n- Updating the `Region` from `NULL` to the caller region.\n- Updating the `Region` from the caller region to `NULL` .", + "ReplayPolicy": "", "SubscriptionRoleArn": "This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following:\n\n- Permission to write to the Amazon Kinesis Data Firehose delivery stream\n- Amazon SNS listed as a trusted entity\n\nSpecifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see [Fanout to Amazon Kinesis Data Firehose delivery streams](https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html) in the *Amazon SNS Developer Guide.*", "TopicArn": "The ARN of the topic to subscribe to." }, @@ -36922,7 +37119,7 @@ "ArchivePolicy": "The archive policy determines the number of days Amazon SNS retains messages. You can set a retention period from 1 to 365 days.", "ContentBasedDeduplication": "Enables content-based deduplication for FIFO topics.\n\n- By default, `ContentBasedDeduplication` is set to `false` . If you create a FIFO topic and this attribute is `false` , you must specify a value for the `MessageDeduplicationId` parameter for the [Publish](https://docs.aws.amazon.com/sns/latest/api/API_Publish.html) action.\n- When you set `ContentBasedDeduplication` to `true` , Amazon SNS uses a SHA-256 hash to generate the `MessageDeduplicationId` using the body of the message (but not the attributes of the message).\n\n(Optional) To override the generated value, you can specify a value for the the `MessageDeduplicationId` parameter for the `Publish` action.", "DataProtectionPolicy": "The body of the policy document you want to use for this topic.\n\nYou can only add one policy per topic.\n\nThe policy must be in JSON string format.\n\nLength Constraints: Maximum length of 30,720.", - "DeliveryStatusLogging": "", + "DeliveryStatusLogging": "The `DeliveryStatusLogging` configuration enables you to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols:\n\n- HTTP\n- Amazon Kinesis Data Firehose\n- AWS Lambda\n- Platform application endpoint\n- Amazon Simple Queue Service\n\nOnce configured, log entries are sent to Amazon CloudWatch Logs.", "DisplayName": "The display name to use for an Amazon SNS topic with SMS subscriptions. The display name must be maximum 100 characters long, including hyphens (-), underscores (_), spaces, and tabs.", "FifoTopic": "Set to true to create a FIFO topic.", "KmsMasterKeyId": "The ID of an AWS managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see [Key terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms) . For more examples, see `[KeyId](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters)` in the *AWS Key Management Service API Reference* .\n\nThis property applies only to [server-side-encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html) .", @@ -36933,10 +37130,10 @@ "TracingConfig": "Tracing mode of an Amazon SNS topic. By default `TracingConfig` is set to `PassThrough` , and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to `Active` , Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true." }, "AWS::SNS::Topic LoggingConfig": { - "FailureFeedbackRoleArn": "", - "Protocol": "", - "SuccessFeedbackRoleArn": "", - "SuccessFeedbackSampleRate": "" + "FailureFeedbackRoleArn": "The IAM role ARN to be used when logging failed message deliveries in Amazon CloudWatch.", + "Protocol": "Indicates one of the supported protocols for the Amazon SNS topic.\n\n> At least one of the other three `LoggingConfig` properties is recommend along with `Protocol` .", + "SuccessFeedbackRoleArn": "The IAM role ARN to be used when logging successful message deliveries in Amazon CloudWatch.", + "SuccessFeedbackSampleRate": "The percentage of successful message deliveries to be logged in Amazon CloudWatch. Valid percentage values range from 0 to 100." }, "AWS::SNS::Topic Subscription": { "Endpoint": "The endpoint that receives notifications from the Amazon SNS topic. The endpoint value depends on the protocol that you specify. For more information, see the `Endpoint` parameter of the `[Subscribe](https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html)` action in the *Amazon SNS API Reference* .", @@ -37857,7 +38054,8 @@ }, "AWS::SageMaker::FeatureGroup OnlineStoreConfig": { "EnableOnlineStore": "Turn `OnlineStore` off by specifying `False` for the `EnableOnlineStore` flag. Turn `OnlineStore` on by specifying `True` for the `EnableOnlineStore` flag.\n\nThe default value is `False` .", - "SecurityConfig": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` ." + "SecurityConfig": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` .", + "StorageType": "Option for different tiers of low latency storage for real-time data retrieval.\n\n- `Standard` : A managed low latency data store for feature groups.\n- `InMemory` : A managed data store for feature groups that supports very low latency retrieval." }, "AWS::SageMaker::FeatureGroup OnlineStoreSecurityConfig": { "KmsKeyId": "The AWS Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.\n\nThe caller (either user or IAM role) of `CreateFeatureGroup` must have below permissions to the `OnlineStore` `KmsKeyId` :\n\n- `\"kms:Encrypt\"`\n- `\"kms:Decrypt\"`\n- `\"kms:DescribeKey\"`\n- `\"kms:CreateGrant\"`\n- `\"kms:RetireGrant\"`\n- `\"kms:ReEncryptFrom\"`\n- `\"kms:ReEncryptTo\"`\n- `\"kms:GenerateDataKey\"`\n- `\"kms:ListAliases\"`\n- `\"kms:ListGrants\"`\n- `\"kms:RevokeGrant\"`\n\nThe caller (either user or IAM role) to all DataPlane operations ( `PutRecord` , `GetRecord` , `DeleteRecord` ) must have the following permissions to the `KmsKeyId` :\n\n- `\"kms:Decrypt\"`" @@ -39992,7 +40190,7 @@ "WorkflowDetails": "Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.\n\nIn addition to a workflow to execute when a file is uploaded completely, `WorkflowDetails` can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects." }, "AWS::Transfer::Server EndpointDetails": { - "AddressAllocationIds": "A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.\n\n> This property can only be set when `EndpointType` is set to `VPC` and it is only valid in the `UpdateServer` API.", + "AddressAllocationIds": "A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.\n\nAn address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the `allocationId` field from the Amazon EC2 [Address](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Address.html) data type. One way to retrieve this value is by calling the EC2 [DescribeAddresses](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html) API.\n\nThis parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see [Create an internet-facing endpoint for your server](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#create-internet-facing-endpoint) .\n\n> This property can only be set as follows:\n> \n> - `EndpointType` must be set to `VPC`\n> - The Transfer Family server must be offline.\n> - You cannot set this parameter for Transfer Family servers that use the FTP protocol.\n> - The server must already have `SubnetIds` populated ( `SubnetIds` and `AddressAllocationIds` cannot be updated simultaneously).\n> - `AddressAllocationIds` can't contain duplicates, and must be equal in length to `SubnetIds` . For example, if you have three subnet IDs, you must also specify three address allocation IDs.\n> - Call the `UpdateServer` API to set or change this parameter.", "SecurityGroupIds": "A list of security groups IDs that are available to attach to your server's endpoint.\n\n> This property can only be set when `EndpointType` is set to `VPC` .\n> \n> You can edit the `SecurityGroupIds` property in the [UpdateServer](https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html) API only if you are changing the `EndpointType` from `PUBLIC` or `VPC_ENDPOINT` to `VPC` . To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 [ModifyVpcEndpoint](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html) API.", "SubnetIds": "A list of subnet IDs that are required to host your server endpoint in your VPC.\n\n> This property can only be set when `EndpointType` is set to `VPC` .", "VpcEndpointId": "The ID of the VPC endpoint.\n\n> This property can only be set when `EndpointType` is set to `VPC_ENDPOINT` .", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index 1fce33b7d..06dc3770b 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -20325,6 +20325,8 @@ "items": { "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricDataQuery" }, + "markdownDescription": "The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions.", + "title": "Metrics", "type": "array" }, "Namespace": { @@ -20449,12 +20451,18 @@ "items": { "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricDimension" }, + "markdownDescription": "The dimensions for the metric. For the list of available dimensions, see the AWS documentation available from the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* .\n\nConditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.", + "title": "Dimensions", "type": "array" }, "MetricName": { + "markdownDescription": "The name of the metric.", + "title": "MetricName", "type": "string" }, "Namespace": { + "markdownDescription": "The namespace of the metric. For more information, see the table in [AWS services that publish CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html) in the *Amazon CloudWatch User Guide* .", + "title": "Namespace", "type": "string" } }, @@ -20464,18 +20472,28 @@ "additionalProperties": false, "properties": { "Expression": { + "markdownDescription": "The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the `Id` of the other metrics to refer to those metrics, and can also use the `Id` of other expressions to use the result of those expressions.\n\nConditional: Within each `TargetTrackingMetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "title": "Expression", "type": "string" }, "Id": { + "markdownDescription": "A short name that identifies the object's results in the response. This name must be unique among all `MetricDataQuery` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.", + "title": "Id", "type": "string" }, "Label": { + "markdownDescription": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.", + "title": "Label", "type": "string" }, "MetricStat": { - "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricStat" + "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetricStat", + "markdownDescription": "Information about the metric data to return.\n\nConditional: Within each `MetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "title": "MetricStat" }, "ReturnData": { + "markdownDescription": "Indicates whether to return the timestamps and raw data values of this metric.\n\nIf you use any math expressions, specify `true` for this value for only the final math expression that the metric specification is based on. You must specify `false` for `ReturnData` for all the other metrics and expressions used in the metric specification.\n\nIf you are only retrieving metrics and not performing any math expressions, do not specify anything for `ReturnData` . This sets it to its default ( `true` ).", + "title": "ReturnData", "type": "boolean" } }, @@ -20485,9 +20503,13 @@ "additionalProperties": false, "properties": { "Name": { + "markdownDescription": "The name of the dimension.", + "title": "Name", "type": "string" }, "Value": { + "markdownDescription": "The value of the dimension.", + "title": "Value", "type": "string" } }, @@ -20497,12 +20519,18 @@ "additionalProperties": false, "properties": { "Metric": { - "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetric" + "$ref": "#/definitions/AWS::ApplicationAutoScaling::ScalingPolicy.TargetTrackingMetric", + "markdownDescription": "The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", + "title": "Metric" }, "Stat": { + "markdownDescription": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide* .\n\nThe most commonly used metric for scaling is `Average` .", + "title": "Stat", "type": "string" }, "Unit": { + "markdownDescription": "The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* .", + "title": "Unit", "type": "string" } }, @@ -33982,6 +34010,103 @@ ], "type": "object" }, + "AWS::CloudFront::KeyValueStore": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Comment": { + "markdownDescription": "A comment for the Key Value Store.", + "title": "Comment", + "type": "string" + }, + "ImportSource": { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore.ImportSource", + "markdownDescription": "The import source for the Key Value Store.", + "title": "ImportSource" + }, + "Name": { + "markdownDescription": "The name of the Key Value Store.", + "title": "Name", + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CloudFront::KeyValueStore" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CloudFront::KeyValueStore.ImportSource": { + "additionalProperties": false, + "properties": { + "SourceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the import source for the Key Value Store.", + "title": "SourceArn", + "type": "string" + }, + "SourceType": { + "markdownDescription": "The source type of the import source for the Key Value Store.", + "title": "SourceType", + "type": "string" + } + }, + "required": [ + "SourceArn", + "SourceType" + ], + "type": "object" + }, "AWS::CloudFront::MonitoringSubscription": { "additionalProperties": false, "properties": { @@ -35420,9 +35545,13 @@ "type": "string" }, "FederationEnabled": { + "markdownDescription": "Indicates if [Lake query federation](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html) is enabled. By default, Lake query federation is disabled. You cannot delete an event data store if Lake query federation is enabled.", + "title": "FederationEnabled", "type": "boolean" }, "FederationRoleArn": { + "markdownDescription": "If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.\n\nThe federation role must exist in your account and provide the [required minimum permissions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions-role) .", + "title": "FederationRoleArn", "type": "string" }, "IngestionEnabled": { @@ -36933,7 +37062,7 @@ "type": "string" }, "OutputFormat": { - "markdownDescription": "The output format for the stream. Valid values are `json` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", + "markdownDescription": "The output format for the stream. Valid values are `json` , `opentelemetry1.0` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", "title": "OutputFormat", "type": "string" }, @@ -36946,7 +37075,7 @@ "items": { "$ref": "#/definitions/AWS::CloudWatch::MetricStream.MetricStreamStatisticsConfiguration" }, - "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is `opentelemetry0` .7, you can stream percentile statistics *(p??)* .", + "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is OpenTelemetry, you can stream percentile statistics.", "title": "StatisticsConfigurations", "type": "array" }, @@ -38539,7 +38668,7 @@ }, "ZonalConfig": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.ZonalConfig", - "markdownDescription": "", + "markdownDescription": "Configure the `ZonalConfig` object if you want AWS CodeDeploy to deploy your application to one [Availability Zone](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones) at a time, within an AWS Region.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "ZonalConfig" } }, @@ -38589,12 +38718,12 @@ "additionalProperties": false, "properties": { "Type": { - "markdownDescription": "", + "markdownDescription": "The `type` associated with the `MinimumHealthyHostsPerZone` option.", "title": "Type", "type": "string" }, "Value": { - "markdownDescription": "", + "markdownDescription": "The `value` associated with the `MinimumHealthyHostsPerZone` option.", "title": "Value", "type": "number" } @@ -38673,17 +38802,17 @@ "additionalProperties": false, "properties": { "FirstZoneMonitorDurationInSeconds": { - "markdownDescription": "", + "markdownDescription": "The period of time, in seconds, that CodeDeploy must wait after completing a deployment to the *first* Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the second Availability Zone. You might set this option if you want to allow extra bake time for the first Availability Zone. If you don't specify a value for `firstZoneMonitorDurationInSeconds` , then CodeDeploy uses the `monitorDurationInSeconds` value for the first Availability Zone.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "FirstZoneMonitorDurationInSeconds", "type": "number" }, "MinimumHealthyHostsPerZone": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHostsPerZone", - "markdownDescription": "", + "markdownDescription": "The number or percentage of instances that must remain available per Availability Zone during a deployment. This option works in conjunction with the `MinimumHealthyHosts` option. For more information, see [About the minimum number of healthy hosts per Availability Zone](https://docs.aws.amazon.com//codedeploy/latest/userguide/instances-health.html#minimum-healthy-hosts-az) in the *CodeDeploy User Guide* .\n\nIf you don't specify the `minimumHealthyHostsPerZone` option, then CodeDeploy uses a default value of `0` percent.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "MinimumHealthyHostsPerZone" }, "MonitorDurationInSeconds": { - "markdownDescription": "", + "markdownDescription": "The period of time, in seconds, that CodeDeploy must wait after completing a deployment to an Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the next Availability Zone. Consider adding a monitor duration to give the deployment some time to prove itself (or 'bake') in one Availability Zone before it is released in the next zone. If you don't specify a `monitorDurationInSeconds` , CodeDeploy starts deploying to the next Availability Zone immediately.\n\nFor more information about the zonal configuration feature, see [zonal configuration](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations-create.html#zonal-config) in the *CodeDeploy User Guide* .", "title": "MonitorDurationInSeconds", "type": "number" } @@ -38830,9 +38959,6 @@ "title": "Tags", "type": "array" }, - "TerminationHookEnabled": { - "type": "boolean" - }, "TriggerConfigurations": { "items": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.TriggerConfig" @@ -39827,6 +39953,8 @@ "type": "string" }, "PipelineType": { + "markdownDescription": "CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications.\n\n- V1 type pipelines have a JSON structure that contains standard pipeline, stage, and action-level parameters.\n- V2 type pipelines have the same structure as a V1 type, along with additional parameters for release safety and trigger configuration.\n\n> Including V2 parameters, such as triggers on Git tags, in the pipeline JSON when creating or updating a pipeline will result in the pipeline having the V2 type of pipeline and the associated costs. \n\nFor information about pricing for CodePipeline, see [Pricing](https://docs.aws.amazon.com/https://aws.amazon.com/codepipeline/pricing/) .\n\nFor information about which type of pipeline to choose, see [What type of pipeline is right for me?](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-types-planning.html) .", + "title": "PipelineType", "type": "string" }, "RestartExecutionOnUpdate": { @@ -39859,12 +39987,16 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration" }, + "markdownDescription": "The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline.\n\n> When a trigger configuration is specified, default change detection for repository and branch commits is disabled.", + "title": "Triggers", "type": "array" }, "Variables": { "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.VariableDeclaration" }, + "markdownDescription": "A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match `[A-Za-z0-9@\\-_]+` .", + "title": "Variables", "type": "array" } }, @@ -40080,9 +40212,13 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitPushFilter" }, + "markdownDescription": "The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details.\n\n> Git tags is the only supported event type.", + "title": "Push", "type": "array" }, "SourceActionName": { + "markdownDescription": "The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.\n\n> You can only specify one trigger configuration per source action.", + "title": "SourceActionName", "type": "string" } }, @@ -40095,7 +40231,9 @@ "additionalProperties": false, "properties": { "Tags": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria", + "markdownDescription": "The field that contains the details for the Git tags trigger configuration.", + "title": "Tags" } }, "type": "object" @@ -40107,12 +40245,16 @@ "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.", + "title": "Excludes", "type": "array" }, "Includes": { "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline.", + "title": "Includes", "type": "array" } }, @@ -40150,9 +40292,13 @@ "additionalProperties": false, "properties": { "GitConfiguration": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration", + "markdownDescription": "Provides the filter criteria and the source stage for the repository event that starts the pipeline, such as Git tags.", + "title": "GitConfiguration" }, "ProviderType": { + "markdownDescription": "The source provider for the event, such as connections configured for a repository with Git tags, for the specified trigger configuration.", + "title": "ProviderType", "type": "string" } }, @@ -40216,12 +40362,18 @@ "additionalProperties": false, "properties": { "DefaultValue": { + "markdownDescription": "The value of a pipeline-level variable.", + "title": "DefaultValue", "type": "string" }, "Description": { + "markdownDescription": "The description of a pipeline-level variable. It's used to add additional context about the variable, and not being used at time when pipeline executes.", + "title": "Description", "type": "string" }, "Name": { + "markdownDescription": "The name of a pipeline-level variable.", + "title": "Name", "type": "string" } }, @@ -42152,7 +42304,7 @@ "items": { "type": "string" }, - "markdownDescription": "The allowed OAuth flows.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", + "markdownDescription": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", "title": "AllowedOAuthFlows", "type": "array" }, @@ -43151,7 +43303,7 @@ "items": { "$ref": "#/definitions/AWS::Cognito::UserPoolUser.AttributeType" }, - "markdownDescription": "The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (in [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) or in the *Attributes* tab of the console) must be supplied either by you (in your call to `AdminCreateUser` ) or by the user (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . (You can also do this by calling [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .)\n\n- *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values.", "title": "UserAttributes", "type": "array" }, @@ -44323,7 +44475,9 @@ "title": "RecordingGroup" }, "RecordingMode": { - "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode" + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode", + "markdownDescription": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "title": "RecordingMode" }, "RoleARN": { "markdownDescription": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .", @@ -44412,12 +44566,16 @@ "additionalProperties": false, "properties": { "RecordingFrequency": { + "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "title": "RecordingFrequency", "type": "string" }, "RecordingModeOverrides": { "items": { "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingModeOverride" }, + "markdownDescription": "An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode. The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override.", + "title": "RecordingModeOverrides", "type": "array" } }, @@ -44430,15 +44588,21 @@ "additionalProperties": false, "properties": { "Description": { + "markdownDescription": "A description that you provide for the override.", + "title": "Description", "type": "string" }, "RecordingFrequency": { + "markdownDescription": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", + "title": "RecordingFrequency", "type": "string" }, "ResourceTypes": { "items": { "type": "string" }, + "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", + "title": "ResourceTypes", "type": "array" } }, @@ -46305,6 +46469,14 @@ "markdownDescription": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` .", "title": "InstanceAlias", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The tags of an instance.", + "title": "Tags", + "type": "array" } }, "required": [ @@ -46546,6 +46718,7 @@ } }, "required": [ + "EncryptionConfig", "Prefix", "RetentionPeriodHours" ], @@ -48966,7 +49139,7 @@ "additionalProperties": false, "properties": { "Manifest": { - "markdownDescription": "The landing zone `manifest.yaml` text file that specifies the landing zone configurations.", + "markdownDescription": "The landing zone manifest JSON text file that specifies the landing zone configurations.", "title": "Manifest", "type": "object" }, @@ -51594,27 +51767,41 @@ "additionalProperties": false, "properties": { "DataProviderIdentifier": { + "markdownDescription": "The identifier of the data provider. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "title": "DataProviderIdentifier", "type": "string" }, "DataProviderName": { + "markdownDescription": "The name of the data provider.", + "title": "DataProviderName", "type": "string" }, "Description": { + "markdownDescription": "A description of the data provider. Descriptions can have up to 31 characters. A description can contain only ASCII letters, digits, and hyphens ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter.", + "title": "Description", "type": "string" }, "Engine": { + "markdownDescription": "The type of database engine for the data provider. Valid values include `\"aurora\"` , `\"aurora-postgresql\"` , `\"mysql\"` , `\"oracle\"` , `\"postgres\"` , `\"sqlserver\"` , `redshift` , `mariadb` , `mongodb` , and `docdb` . A value of `\"aurora\"` represents Amazon Aurora MySQL-Compatible Edition.", + "title": "Engine", "type": "string" }, "ExactSettings": { + "markdownDescription": "", + "title": "ExactSettings", "type": "boolean" }, "Settings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.Settings" + "$ref": "#/definitions/AWS::DMS::DataProvider.Settings", + "markdownDescription": "The settings in JSON format for a data provider.", + "title": "Settings" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, + "markdownDescription": "", + "title": "Tags", "type": "array" } }, @@ -51648,18 +51835,28 @@ "additionalProperties": false, "properties": { "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "DatabaseName": { + "markdownDescription": "Database name for the endpoint.", + "title": "DatabaseName", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port.", + "title": "Port", "type": "number" }, "ServerName": { + "markdownDescription": "Fully qualified domain name of the endpoint. For an Amazon RDS SQL Server instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51669,15 +51866,23 @@ "additionalProperties": false, "properties": { "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port.", + "title": "Port", "type": "number" }, "ServerName": { + "markdownDescription": "The host name of the endpoint database.\n\nFor an Amazon RDS MySQL instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.\n\nFor an Aurora MySQL instance, this is the output of [DescribeDBClusters](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) , in the `Endpoint` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51687,33 +51892,53 @@ "additionalProperties": false, "properties": { "AsmServer": { + "markdownDescription": "For an Oracle source endpoint, your ASM server address. You can set this value from the `asm_server` value. You set `asm_server` as part of the extra connection attribute string to access an Oracle server with Binary Reader that uses ASM. For more information, see [Configuration for change data capture (CDC) on an Oracle source database](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.CDC.Configuration) .", + "title": "AsmServer", "type": "string" }, "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "DatabaseName": { + "markdownDescription": "Database name for the endpoint.", + "title": "DatabaseName", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port.", + "title": "Port", "type": "number" }, "SecretsManagerOracleAsmAccessRoleArn": { + "markdownDescription": "Required only if your Oracle endpoint uses Automatic Storage Management (ASM). The full ARN of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the `SecretsManagerOracleAsmSecret` . This `SecretsManagerOracleAsmSecret` has the secret value that allows access to the Oracle ASM of the endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerOracleAsmSecretId` . Or you can specify clear-text values for `AsmUser` , `AsmPassword` , and `AsmServerName` . You can't specify both. For more information on creating this `SecretsManagerOracleAsmSecret` and the `SecretsManagerOracleAsmAccessRoleArn` and `SecretsManagerOracleAsmSecretId` required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", + "title": "SecretsManagerOracleAsmAccessRoleArn", "type": "string" }, "SecretsManagerOracleAsmSecretId": { + "markdownDescription": "Required only if your Oracle endpoint uses Automatic Storage Management (ASM). The full ARN, partial ARN, or friendly name of the `SecretsManagerOracleAsmSecret` that contains the Oracle ASM connection details for the Oracle endpoint.", + "title": "SecretsManagerOracleAsmSecretId", "type": "string" }, "SecretsManagerSecurityDbEncryptionAccessRoleArn": { + "markdownDescription": "", + "title": "SecretsManagerSecurityDbEncryptionAccessRoleArn", "type": "string" }, "SecretsManagerSecurityDbEncryptionSecretId": { + "markdownDescription": "", + "title": "SecretsManagerSecurityDbEncryptionSecretId", "type": "string" }, "ServerName": { + "markdownDescription": "Fully qualified domain name of the endpoint.\n\nFor an Amazon RDS Oracle instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51723,18 +51948,28 @@ "additionalProperties": false, "properties": { "CertificateArn": { + "markdownDescription": "", + "title": "CertificateArn", "type": "string" }, "DatabaseName": { + "markdownDescription": "Database name for the endpoint.", + "title": "DatabaseName", "type": "string" }, "Port": { + "markdownDescription": "Endpoint TCP port. The default is 5432.", + "title": "Port", "type": "number" }, "ServerName": { + "markdownDescription": "The host name of the endpoint database.\n\nFor an Amazon RDS PostgreSQL instance, this is the output of [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) , in the `[Endpoint](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Endpoint.html) .Address` field.\n\nFor an Aurora PostgreSQL instance, this is the output of [DescribeDBClusters](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) , in the `Endpoint` field.", + "title": "ServerName", "type": "string" }, "SslMode": { + "markdownDescription": "", + "title": "SslMode", "type": "string" } }, @@ -51744,16 +51979,24 @@ "additionalProperties": false, "properties": { "MicrosoftSqlServerSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.MicrosoftSqlServerSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.MicrosoftSqlServerSettings", + "markdownDescription": "", + "title": "MicrosoftSqlServerSettings" }, "MySqlSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.MySqlSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.MySqlSettings", + "markdownDescription": "", + "title": "MySqlSettings" }, "OracleSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.OracleSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.OracleSettings", + "markdownDescription": "", + "title": "OracleSettings" }, "PostgreSqlSettings": { - "$ref": "#/definitions/AWS::DMS::DataProvider.PostgreSqlSettings" + "$ref": "#/definitions/AWS::DMS::DataProvider.PostgreSqlSettings", + "markdownDescription": "", + "title": "PostgreSqlSettings" } }, "type": "object" @@ -52127,12 +52370,18 @@ "type": "string" }, "KeepCsvFiles": { + "markdownDescription": "If true, AWS DMS saves any .csv files to the Db2 LUW target that were used to replicate data. DMS uses these files for analysis and troubleshooting.\n\nThe default value is false.", + "title": "KeepCsvFiles", "type": "boolean" }, "LoadTimeout": { + "markdownDescription": "The amount of time (in milliseconds) before AWS DMS times out operations performed by DMS on the Db2 target. The default value is 1200 (20 minutes).", + "title": "LoadTimeout", "type": "number" }, "MaxFileSize": { + "markdownDescription": "Specifies the maximum size (in KB) of .csv files used to transfer data to Db2 LUW.", + "title": "MaxFileSize", "type": "number" }, "MaxKBytesPerRead": { @@ -52156,6 +52405,8 @@ "type": "boolean" }, "WriteBufferSize": { + "markdownDescription": "The size (in KB) of the in-memory file write buffer used when generating .csv files on the local disk on the DMS replication instance. The default value is 1024 (1 MB).", + "title": "WriteBufferSize", "type": "number" } }, @@ -53383,39 +53634,59 @@ "additionalProperties": false, "properties": { "AvailabilityZone": { + "markdownDescription": "The Availability Zone where the instance profile runs.", + "title": "AvailabilityZone", "type": "string" }, "Description": { + "markdownDescription": "A description of the instance profile. Descriptions can have up to 31 characters. A description can contain only ASCII letters, digits, and hyphens ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter.", + "title": "Description", "type": "string" }, "InstanceProfileIdentifier": { + "markdownDescription": "The identifier of the instance profile. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "title": "InstanceProfileIdentifier", "type": "string" }, "InstanceProfileName": { + "markdownDescription": "The user-friendly name for the instance profile.", + "title": "InstanceProfileName", "type": "string" }, "KmsKeyArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses your default encryption key.\n\nAWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .", + "title": "KmsKeyArn", "type": "string" }, "NetworkType": { + "markdownDescription": "Specifies the network type for the instance profile. A value of `IPV4` represents an instance profile with IPv4 network type and only supports IPv4 addressing. A value of `IPV6` represents an instance profile with IPv6 network type and only supports IPv6 addressing. A value of `DUAL` represents an instance profile with dual network type that supports IPv4 and IPv6 addressing.", + "title": "NetworkType", "type": "string" }, "PubliclyAccessible": { + "markdownDescription": "Specifies the accessibility options for the instance profile. A value of `true` represents an instance profile with a public IP address. A value of `false` represents an instance profile with a private IP address. The default value is `true` .", + "title": "PubliclyAccessible", "type": "boolean" }, "SubnetGroupIdentifier": { + "markdownDescription": "The identifier of the subnet group that is associated with the instance profile.", + "title": "SubnetGroupIdentifier", "type": "string" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, + "markdownDescription": "", + "title": "Tags", "type": "array" }, "VpcSecurityGroups": { "items": { "type": "string" }, + "markdownDescription": "The VPC security groups that are used with the instance profile. The VPC security group must work with the VPC containing the instance profile.", + "title": "VpcSecurityGroups", "type": "array" } }, @@ -53477,45 +53748,67 @@ "additionalProperties": false, "properties": { "Description": { + "markdownDescription": "A user-friendly description of the migration project.", + "title": "Description", "type": "string" }, "InstanceProfileArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the instance profile for your migration project.", + "title": "InstanceProfileArn", "type": "string" }, "InstanceProfileIdentifier": { + "markdownDescription": "The identifier of the instance profile for your migration project.", + "title": "InstanceProfileIdentifier", "type": "string" }, "InstanceProfileName": { + "markdownDescription": "The name of the associated instance profile.", + "title": "InstanceProfileName", "type": "string" }, "MigrationProjectIdentifier": { + "markdownDescription": "The identifier of the migration project. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", + "title": "MigrationProjectIdentifier", "type": "string" }, "MigrationProjectName": { + "markdownDescription": "The name of the migration project.", + "title": "MigrationProjectName", "type": "string" }, "SchemaConversionApplicationAttributes": { - "$ref": "#/definitions/AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes" + "$ref": "#/definitions/AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes", + "markdownDescription": "The schema conversion application attributes, including the Amazon S3 bucket name and Amazon S3 role ARN.", + "title": "SchemaConversionApplicationAttributes" }, "SourceDataProviderDescriptors": { "items": { "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" }, + "markdownDescription": "Information about the source data provider, including the name or ARN, and AWS Secrets Manager parameters.", + "title": "SourceDataProviderDescriptors", "type": "array" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, + "markdownDescription": "", + "title": "Tags", "type": "array" }, "TargetDataProviderDescriptors": { "items": { "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" }, + "markdownDescription": "Information about the target data provider, including the name or ARN, and AWS Secrets Manager parameters.", + "title": "TargetDataProviderDescriptors", "type": "array" }, "TransformationRules": { + "markdownDescription": "The settings in JSON format for migration rules. Migration rules make it possible for you to change the object names according to the rules that you specify. For example, you can change an object name to lowercase or uppercase, add or remove a prefix or suffix, or rename objects.", + "title": "TransformationRules", "type": "string" } }, @@ -53545,18 +53838,28 @@ "additionalProperties": false, "properties": { "DataProviderArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the data provider.", + "title": "DataProviderArn", "type": "string" }, "DataProviderIdentifier": { + "markdownDescription": "", + "title": "DataProviderIdentifier", "type": "string" }, "DataProviderName": { + "markdownDescription": "The user-friendly name of the data provider.", + "title": "DataProviderName", "type": "string" }, "SecretsManagerAccessRoleArn": { + "markdownDescription": "The ARN of the role used to access AWS Secrets Manager.", + "title": "SecretsManagerAccessRoleArn", "type": "string" }, "SecretsManagerSecretId": { + "markdownDescription": "The identifier of the AWS Secrets Manager Secret used to store access credentials for the data provider.", + "title": "SecretsManagerSecretId", "type": "string" } }, @@ -53566,9 +53869,13 @@ "additionalProperties": false, "properties": { "S3BucketPath": { + "markdownDescription": "", + "title": "S3BucketPath", "type": "string" }, "S3BucketRoleArn": { + "markdownDescription": "", + "title": "S3BucketRoleArn", "type": "string" } }, @@ -58388,7 +58695,7 @@ "type": "string" }, "OverwriteMode": { - "markdownDescription": "Specifies whether data at the destination location should be overwritten or preserved. If set to `NEVER` , a destination file for example will not be replaced by a source file (even if the destination file differs from the source file). If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.\n\nSome storage classes have specific behaviors that can affect your Amazon S3 storage cost. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .", + "markdownDescription": "Specifies whether DataSync should modify or preserve data at the destination location.\n\n- `ALWAYS` (default) - DataSync modifies data in the destination location when source data (including metadata) has changed.\n\nIf DataSync overwrites objects, you might incur additional charges for certain Amazon S3 storage classes (for example, for retrieval or early deletion). For more information, see [Storage class considerations with Amazon S3 transfers](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .\n- `NEVER` - DataSync doesn't overwrite data in the destination location even if the source data has changed. You can use this option to protect against overwriting changes made to files or objects in the destination.", "title": "OverwriteMode", "type": "string" }, @@ -64771,7 +65078,7 @@ "type": "boolean" }, "AssociatePublicIpAddress": { - "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance. Applies only if creating a network interface when launching an instance. The network interface must be the primary network interface. If launching into a default subnet, the default value is `true` .", + "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance. Applies only if creating a network interface when launching an instance. The network interface must be the primary network interface. If launching into a default subnet, the default value is `true` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "AssociatePublicIpAddress", "type": "boolean" }, @@ -66035,7 +66342,7 @@ "type": "number" }, "HttpTokens": { - "markdownDescription": "IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to `optional` (in other words, set the use of IMDSv2 to `optional` ) or `required` (in other words, set the use of IMDSv2 to `required` ).\n\n- `optional` - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.\n- `required` - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: `optional`", + "markdownDescription": "Indicates whether IMDSv2 is required.\n\n- `optional` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.\n- `required` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: If the value of `ImdsSupport` for the Amazon Machine Image (AMI) for your instance is `v2.0` , the default is `required` .", "title": "HttpTokens", "type": "string" }, @@ -66083,7 +66390,7 @@ "type": "boolean" }, "AssociatePublicIpAddress": { - "markdownDescription": "Associates a public IPv4 address with eth0 for a new network interface.", + "markdownDescription": "Associates a public IPv4 address with eth0 for a new network interface.\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [Amazon VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "AssociatePublicIpAddress", "type": "boolean" }, @@ -69884,7 +70191,7 @@ "additionalProperties": false, "properties": { "AssociatePublicIpAddress": { - "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is `true` .", + "markdownDescription": "Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is `true` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [Amazon VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "AssociatePublicIpAddress", "type": "boolean" }, @@ -70721,7 +71028,7 @@ "type": "number" }, "MapPublicIpOnLaunch": { - "markdownDescription": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .", + "markdownDescription": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is `false` .\n\nStarting on February 1, 2024, AWS will charge for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/) .", "title": "MapPublicIpOnLaunch", "type": "boolean" }, @@ -75376,6 +75683,8 @@ "type": "string" }, "ManagedDraining": { + "markdownDescription": "", + "title": "ManagedDraining", "type": "string" }, "ManagedScaling": { @@ -81324,6 +81633,8 @@ "type": "string" }, "EncryptionKeyArn": { + "markdownDescription": "The AWS KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.", + "title": "EncryptionKeyArn", "type": "string" }, "EngineSecurityGroupId": { @@ -81332,9 +81643,13 @@ "type": "string" }, "IdcInstanceArn": { + "markdownDescription": "The ARN of the IAM Identity Center instance the Studio application belongs to.", + "title": "IdcInstanceArn", "type": "string" }, "IdcUserAssignment": { + "markdownDescription": "Indicates whether the Studio has `REQUIRED` or `OPTIONAL` IAM Identity Center user assignment. If the value is set to `REQUIRED` , users must be explicitly assigned to the Studio application to access the Studio.", + "title": "IdcUserAssignment", "type": "string" }, "IdpAuthUrl": { @@ -81374,6 +81689,8 @@ "type": "array" }, "TrustedIdentityPropagationEnabled": { + "markdownDescription": "Indicates whether the Studio has Trusted identity propagation enabled. The default value is `false` .", + "title": "TrustedIdentityPropagationEnabled", "type": "boolean" }, "UserRole": { @@ -83248,6 +83565,11 @@ "title": "Description", "type": "string" }, + "Endpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "Endpoint" + }, "Engine": { "markdownDescription": "The engine the serverless cache is compatible with.", "title": "Engine", @@ -83268,6 +83590,11 @@ "title": "MajorEngineVersion", "type": "string" }, + "ReaderEndpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "ReaderEndpoint" + }, "SecurityGroupIds": { "items": { "type": "string" @@ -90468,7 +90795,7 @@ "properties": { "CloudWatchLogsConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.CloudWatchLogsConfiguration", - "markdownDescription": "The configuration for experiment logging to Amazon CloudWatch Logs.", + "markdownDescription": "The configuration for experiment logging to CloudWatch Logs .", "title": "CloudWatchLogsConfiguration" }, "LogSchemaVersion": { @@ -90478,7 +90805,7 @@ }, "S3Configuration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.S3Configuration", - "markdownDescription": "The configuration for experiment logging to Amazon S3.", + "markdownDescription": "The configuration for experiment logging to Amazon S3 .", "title": "S3Configuration" } }, @@ -90519,7 +90846,7 @@ }, "Parameters": { "additionalProperties": true, - "markdownDescription": "The resource type parameters.", + "markdownDescription": "The parameters for the resource type.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -112868,12 +113195,12 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "A summary of the package being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the new software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -112881,7 +113208,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package.", + "markdownDescription": "", "title": "Tags", "type": "array" } @@ -112945,7 +113272,7 @@ "properties": { "Attributes": { "additionalProperties": true, - "markdownDescription": "Metadata that can be used to define a package version\u2019s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", + "markdownDescription": "", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -112955,12 +113282,12 @@ "type": "object" }, "Description": { - "markdownDescription": "A summary of the package version being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the associated software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -112968,12 +113295,12 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package version.", + "markdownDescription": "", "title": "Tags", "type": "array" }, "VersionName": { - "markdownDescription": "The name of the new package version.", + "markdownDescription": "", "title": "VersionName", "type": "string" } @@ -146968,9 +147295,13 @@ "additionalProperties": false, "properties": { "CustomEpoch": { + "markdownDescription": "", + "title": "CustomEpoch", "type": "string" }, "JamSyncTime": { + "markdownDescription": "", + "title": "JamSyncTime", "type": "string" } }, @@ -147053,6 +147384,8 @@ "type": "string" }, "OutputStaticImageOverlayScheduleActions": { + "markdownDescription": "", + "title": "OutputStaticImageOverlayScheduleActions", "type": "string" } }, @@ -147199,7 +147532,9 @@ "type": "string" }, "OutputLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings", + "markdownDescription": "", + "title": "OutputLockingSettings" }, "OutputTimingSource": { "markdownDescription": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", @@ -149345,10 +149680,14 @@ "additionalProperties": false, "properties": { "EpochLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings", + "markdownDescription": "", + "title": "EpochLockingSettings" }, "PipelineLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings", + "markdownDescription": "", + "title": "PipelineLockingSettings" } }, "type": "object" @@ -158945,6 +159284,16 @@ "Properties": { "additionalProperties": false, "properties": { + "BufferOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.BufferOptions", + "markdownDescription": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.", + "title": "BufferOptions" + }, + "EncryptionAtRestOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.EncryptionAtRestOptions", + "markdownDescription": "Options to control how OpenSearch encrypts all data-at-rest.", + "title": "EncryptionAtRestOptions" + }, "LogPublishingOptions": { "$ref": "#/definitions/AWS::OSIS::Pipeline.LogPublishingOptions", "markdownDescription": "Key-value pairs that represent log publishing settings.", @@ -159013,6 +159362,20 @@ ], "type": "object" }, + "AWS::OSIS::Pipeline.BufferOptions": { + "additionalProperties": false, + "properties": { + "PersistentBufferEnabled": { + "markdownDescription": "Whether persistent buffering should be enabled.", + "title": "PersistentBufferEnabled", + "type": "boolean" + } + }, + "required": [ + "PersistentBufferEnabled" + ], + "type": "object" + }, "AWS::OSIS::Pipeline.CloudWatchLogDestination": { "additionalProperties": false, "properties": { @@ -159022,6 +159385,23 @@ "type": "string" } }, + "required": [ + "LogGroup" + ], + "type": "object" + }, + "AWS::OSIS::Pipeline.EncryptionAtRestOptions": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "markdownDescription": "The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key.", + "title": "KmsKeyArn", + "type": "string" + } + }, + "required": [ + "KmsKeyArn" + ], "type": "object" }, "AWS::OSIS::Pipeline.LogPublishingOptions": { @@ -159081,6 +159461,9 @@ "type": "array" } }, + "required": [ + "SubnetIds" + ], "type": "object" }, "AWS::Oam::Link": { @@ -160637,6 +161020,9 @@ "title": "EngineVersion", "type": "string" }, + "IPAddressType": { + "type": "string" + }, "LogPublishingOptions": { "additionalProperties": false, "markdownDescription": "An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish. Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .", @@ -218453,12 +218839,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The number of seconds vended session credentials will be valid for", + "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "The enabled status of the resource.", + "markdownDescription": "Indicates whether the profile is enabled.", "title": "Enabled", "type": "boolean" }, @@ -218466,17 +218852,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The customer specified name of the resource.", + "markdownDescription": "The name of the profile.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -218484,12 +218870,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -218497,7 +218883,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A list of Tags.", + "markdownDescription": "The tags to attach to the profile.", "title": "Tags", "type": "array" } @@ -218658,11 +219044,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", + "markdownDescription": "The data field of the trust anchor depending on its type.", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.", + "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", "title": "SourceType", "type": "string" } @@ -222472,6 +222858,9 @@ "type": "boolean" } }, + "required": [ + "EventBridgeEnabled" + ], "type": "object" }, "AWS::S3::Bucket.FilterRule": { @@ -223255,12 +223644,12 @@ "ObjectSizeGreaterThan": { "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeGreaterThan", - "type": "number" + "type": "string" }, "ObjectSizeLessThan": { "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeLessThan", - "type": "number" + "type": "string" }, "Prefix": { "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", @@ -227022,6 +227411,8 @@ "type": "string" }, "ReplayPolicy": { + "markdownDescription": "", + "title": "ReplayPolicy", "type": "object" }, "SubscriptionRoleArn": { @@ -227116,7 +227507,7 @@ "items": { "$ref": "#/definitions/AWS::SNS::Topic.LoggingConfig" }, - "markdownDescription": "", + "markdownDescription": "The `DeliveryStatusLogging` configuration enables you to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols:\n\n- HTTP\n- Amazon Kinesis Data Firehose\n- AWS Lambda\n- Platform application endpoint\n- Amazon Simple Queue Service\n\nOnce configured, log entries are sent to Amazon CloudWatch Logs.", "title": "DeliveryStatusLogging", "type": "array" }, @@ -227193,22 +227584,22 @@ "additionalProperties": false, "properties": { "FailureFeedbackRoleArn": { - "markdownDescription": "", + "markdownDescription": "The IAM role ARN to be used when logging failed message deliveries in Amazon CloudWatch.", "title": "FailureFeedbackRoleArn", "type": "string" }, "Protocol": { - "markdownDescription": "", + "markdownDescription": "Indicates one of the supported protocols for the Amazon SNS topic.\n\n> At least one of the other three `LoggingConfig` properties is recommend along with `Protocol` .", "title": "Protocol", "type": "string" }, "SuccessFeedbackRoleArn": { - "markdownDescription": "", + "markdownDescription": "The IAM role ARN to be used when logging successful message deliveries in Amazon CloudWatch.", "title": "SuccessFeedbackRoleArn", "type": "string" }, "SuccessFeedbackSampleRate": { - "markdownDescription": "", + "markdownDescription": "The percentage of successful message deliveries to be logged in Amazon CloudWatch. Valid percentage values range from 0 to 100.", "title": "SuccessFeedbackSampleRate", "type": "string" } @@ -233351,6 +233742,11 @@ "$ref": "#/definitions/AWS::SageMaker::FeatureGroup.OnlineStoreSecurityConfig", "markdownDescription": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` .", "title": "SecurityConfig" + }, + "StorageType": { + "markdownDescription": "Option for different tiers of low latency storage for real-time data retrieval.\n\n- `Standard` : A managed low latency data store for feature groups.\n- `InMemory` : A managed data store for feature groups that supports very low latency retrieval.", + "title": "StorageType", + "type": "string" } }, "type": "object" @@ -247448,7 +247844,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.\n\n> This property can only be set when `EndpointType` is set to `VPC` and it is only valid in the `UpdateServer` API.", + "markdownDescription": "A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.\n\nAn address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the `allocationId` field from the Amazon EC2 [Address](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Address.html) data type. One way to retrieve this value is by calling the EC2 [DescribeAddresses](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html) API.\n\nThis parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see [Create an internet-facing endpoint for your server](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#create-internet-facing-endpoint) .\n\n> This property can only be set as follows:\n> \n> - `EndpointType` must be set to `VPC`\n> - The Transfer Family server must be offline.\n> - You cannot set this parameter for Transfer Family servers that use the FTP protocol.\n> - The server must already have `SubnetIds` populated ( `SubnetIds` and `AddressAllocationIds` cannot be updated simultaneously).\n> - `AddressAllocationIds` can't contain duplicates, and must be equal in length to `SubnetIds` . For example, if you have three subnet IDs, you must also specify three address allocation IDs.\n> - Call the `UpdateServer` API to set or change this parameter.", "title": "AddressAllocationIds", "type": "array" }, @@ -258462,6 +258858,9 @@ { "$ref": "#/definitions/AWS::CloudFront::KeyGroup" }, + { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore" + }, { "$ref": "#/definitions/AWS::CloudFront::MonitoringSubscription" },