From ef93ac1fcd17eb1357306c5046f956114ac207a9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 10:53:13 -0800 Subject: [PATCH] chore(schema): update (#3467) Co-authored-by: github-actions Co-authored-by: Aayush thapa <84202325+aaythapa@users.noreply.github.com> --- samtranslator/schema/schema.json | 307 ++++++++++++++++++++--- schema_source/cloudformation-docs.json | 138 +++++++--- schema_source/cloudformation.schema.json | 307 ++++++++++++++++++++--- 3 files changed, 644 insertions(+), 108 deletions(-) diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 42755f8a1..226bc57da 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -34038,6 +34038,103 @@ ], "type": "object" }, + "AWS::CloudFront::KeyValueStore": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Comment": { + "markdownDescription": "A comment for the Key Value Store.", + "title": "Comment", + "type": "string" + }, + "ImportSource": { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore.ImportSource", + "markdownDescription": "The import source for the Key Value Store.", + "title": "ImportSource" + }, + "Name": { + "markdownDescription": "The name of the Key Value Store.", + "title": "Name", + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CloudFront::KeyValueStore" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CloudFront::KeyValueStore.ImportSource": { + "additionalProperties": false, + "properties": { + "SourceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the import source for the Key Value Store.", + "title": "SourceArn", + "type": "string" + }, + "SourceType": { + "markdownDescription": "The source type of the import source for the Key Value Store.", + "title": "SourceType", + "type": "string" + } + }, + "required": [ + "SourceArn", + "SourceType" + ], + "type": "object" + }, "AWS::CloudFront::MonitoringSubscription": { "additionalProperties": false, "properties": { @@ -36993,7 +37090,7 @@ "type": "string" }, "OutputFormat": { - "markdownDescription": "The output format for the stream. Valid values are `json` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", + "markdownDescription": "The output format for the stream. Valid values are `json` , `opentelemetry1.0` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", "title": "OutputFormat", "type": "string" }, @@ -37006,7 +37103,7 @@ "items": { "$ref": "#/definitions/AWS::CloudWatch::MetricStream.MetricStreamStatisticsConfiguration" }, - "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is `opentelemetry0` .7, you can stream percentile statistics *(p??)* .", + "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is OpenTelemetry, you can stream percentile statistics.", "title": "StatisticsConfigurations", "type": "array" }, @@ -38890,9 +38987,6 @@ "title": "Tags", "type": "array" }, - "TerminationHookEnabled": { - "type": "boolean" - }, "TriggerConfigurations": { "items": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.TriggerConfig" @@ -39887,6 +39981,8 @@ "type": "string" }, "PipelineType": { + "markdownDescription": "CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications.\n\n- V1 type pipelines have a JSON structure that contains standard pipeline, stage, and action-level parameters.\n- V2 type pipelines have the same structure as a V1 type, along with additional parameters for release safety and trigger configuration.\n\n> Including V2 parameters, such as triggers on Git tags, in the pipeline JSON when creating or updating a pipeline will result in the pipeline having the V2 type of pipeline and the associated costs. \n\nFor information about pricing for CodePipeline, see [Pricing](https://docs.aws.amazon.com/https://aws.amazon.com/codepipeline/pricing/) .\n\nFor information about which type of pipeline to choose, see [What type of pipeline is right for me?](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-types-planning.html) .", + "title": "PipelineType", "type": "string" }, "RestartExecutionOnUpdate": { @@ -39919,12 +40015,16 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration" }, + "markdownDescription": "The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline.\n\n> When a trigger configuration is specified, default change detection for repository and branch commits is disabled.", + "title": "Triggers", "type": "array" }, "Variables": { "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.VariableDeclaration" }, + "markdownDescription": "A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match `[A-Za-z0-9@\\-_]+` .", + "title": "Variables", "type": "array" } }, @@ -40140,9 +40240,13 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitPushFilter" }, + "markdownDescription": "The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details.\n\n> Git tags is the only supported event type.", + "title": "Push", "type": "array" }, "SourceActionName": { + "markdownDescription": "The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.\n\n> You can only specify one trigger configuration per source action.", + "title": "SourceActionName", "type": "string" } }, @@ -40155,7 +40259,9 @@ "additionalProperties": false, "properties": { "Tags": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria", + "markdownDescription": "The field that contains the details for the Git tags trigger configuration.", + "title": "Tags" } }, "type": "object" @@ -40167,12 +40273,16 @@ "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.", + "title": "Excludes", "type": "array" }, "Includes": { "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline.", + "title": "Includes", "type": "array" } }, @@ -40210,9 +40320,13 @@ "additionalProperties": false, "properties": { "GitConfiguration": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration", + "markdownDescription": "Provides the filter criteria and the source stage for the repository event that starts the pipeline, such as Git tags.", + "title": "GitConfiguration" }, "ProviderType": { + "markdownDescription": "The source provider for the event, such as connections configured for a repository with Git tags, for the specified trigger configuration.", + "title": "ProviderType", "type": "string" } }, @@ -40276,12 +40390,18 @@ "additionalProperties": false, "properties": { "DefaultValue": { + "markdownDescription": "The value of a pipeline-level variable.", + "title": "DefaultValue", "type": "string" }, "Description": { + "markdownDescription": "The description of a pipeline-level variable. It's used to add additional context about the variable, and not being used at time when pipeline executes.", + "title": "Description", "type": "string" }, "Name": { + "markdownDescription": "The name of a pipeline-level variable.", + "title": "Name", "type": "string" } }, @@ -42212,7 +42332,7 @@ "items": { "type": "string" }, - "markdownDescription": "The allowed OAuth flows.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", + "markdownDescription": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", "title": "AllowedOAuthFlows", "type": "array" }, @@ -43211,7 +43331,7 @@ "items": { "$ref": "#/definitions/AWS::Cognito::UserPoolUser.AttributeType" }, - "markdownDescription": "The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (in [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) or in the *Attributes* tab of the console) must be supplied either by you (in your call to `AdminCreateUser` ) or by the user (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . (You can also do this by calling [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .)\n\n- *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values.", "title": "UserAttributes", "type": "array" }, @@ -44383,7 +44503,9 @@ "title": "RecordingGroup" }, "RecordingMode": { - "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode" + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode", + "markdownDescription": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "title": "RecordingMode" }, "RoleARN": { "markdownDescription": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .", @@ -44472,12 +44594,16 @@ "additionalProperties": false, "properties": { "RecordingFrequency": { + "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "title": "RecordingFrequency", "type": "string" }, "RecordingModeOverrides": { "items": { "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingModeOverride" }, + "markdownDescription": "An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode. The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override.", + "title": "RecordingModeOverrides", "type": "array" } }, @@ -44490,15 +44616,21 @@ "additionalProperties": false, "properties": { "Description": { + "markdownDescription": "A description that you provide for the override.", + "title": "Description", "type": "string" }, "RecordingFrequency": { + "markdownDescription": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", + "title": "RecordingFrequency", "type": "string" }, "ResourceTypes": { "items": { "type": "string" }, + "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", + "title": "ResourceTypes", "type": "array" } }, @@ -46365,6 +46497,14 @@ "markdownDescription": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` .", "title": "InstanceAlias", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The tags of an instance.", + "title": "Tags", + "type": "array" } }, "required": [ @@ -46606,6 +46746,7 @@ } }, "required": [ + "EncryptionConfig", "Prefix", "RetentionPeriodHours" ], @@ -52257,12 +52398,18 @@ "type": "string" }, "KeepCsvFiles": { + "markdownDescription": "If true, AWS DMS saves any .csv files to the Db2 LUW target that were used to replicate data. DMS uses these files for analysis and troubleshooting.\n\nThe default value is false.", + "title": "KeepCsvFiles", "type": "boolean" }, "LoadTimeout": { + "markdownDescription": "The amount of time (in milliseconds) before AWS DMS times out operations performed by DMS on the Db2 target. The default value is 1200 (20 minutes).", + "title": "LoadTimeout", "type": "number" }, "MaxFileSize": { + "markdownDescription": "Specifies the maximum size (in KB) of .csv files used to transfer data to Db2 LUW.", + "title": "MaxFileSize", "type": "number" }, "MaxKBytesPerRead": { @@ -52286,6 +52433,8 @@ "type": "boolean" }, "WriteBufferSize": { + "markdownDescription": "The size (in KB) of the in-memory file write buffer used when generating .csv files on the local disk on the DMS replication instance. The default value is 1024 (1 MB).", + "title": "WriteBufferSize", "type": "number" } }, @@ -58574,7 +58723,7 @@ "type": "string" }, "OverwriteMode": { - "markdownDescription": "Specifies whether data at the destination location should be overwritten or preserved. If set to `NEVER` , a destination file for example will not be replaced by a source file (even if the destination file differs from the source file). If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.\n\nSome storage classes have specific behaviors that can affect your Amazon S3 storage cost. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .", + "markdownDescription": "Specifies whether DataSync should modify or preserve data at the destination location.\n\n- `ALWAYS` (default) - DataSync modifies data in the destination location when source data (including metadata) has changed.\n\nIf DataSync overwrites objects, you might incur additional charges for certain Amazon S3 storage classes (for example, for retrieval or early deletion). For more information, see [Storage class considerations with Amazon S3 transfers](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .\n- `NEVER` - DataSync doesn't overwrite data in the destination location even if the source data has changed. You can use this option to protect against overwriting changes made to files or objects in the destination.", "title": "OverwriteMode", "type": "string" }, @@ -66228,7 +66377,7 @@ "type": "number" }, "HttpTokens": { - "markdownDescription": "IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to `optional` (in other words, set the use of IMDSv2 to `optional` ) or `required` (in other words, set the use of IMDSv2 to `required` ).\n\n- `optional` - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.\n- `required` - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: `optional`", + "markdownDescription": "Indicates whether IMDSv2 is required.\n\n- `optional` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.\n- `required` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: If the value of `ImdsSupport` for the Amazon Machine Image (AMI) for your instance is `v2.0` , the default is `required` .", "title": "HttpTokens", "type": "string" }, @@ -83451,6 +83600,11 @@ "title": "Description", "type": "string" }, + "Endpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "Endpoint" + }, "Engine": { "markdownDescription": "The engine the serverless cache is compatible with.", "title": "Engine", @@ -83471,6 +83625,11 @@ "title": "MajorEngineVersion", "type": "string" }, + "ReaderEndpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "ReaderEndpoint" + }, "SecurityGroupIds": { "items": { "type": "string" @@ -90678,7 +90837,7 @@ "properties": { "CloudWatchLogsConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.CloudWatchLogsConfiguration", - "markdownDescription": "The configuration for experiment logging to Amazon CloudWatch Logs.", + "markdownDescription": "The configuration for experiment logging to CloudWatch Logs .", "title": "CloudWatchLogsConfiguration" }, "LogSchemaVersion": { @@ -90688,7 +90847,7 @@ }, "S3Configuration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.S3Configuration", - "markdownDescription": "The configuration for experiment logging to Amazon S3.", + "markdownDescription": "The configuration for experiment logging to Amazon S3 .", "title": "S3Configuration" } }, @@ -90729,7 +90888,7 @@ }, "Parameters": { "additionalProperties": true, - "markdownDescription": "The resource type parameters.", + "markdownDescription": "The parameters for the resource type.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -113078,12 +113237,12 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "A summary of the package being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the new software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -113091,7 +113250,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package.", + "markdownDescription": "", "title": "Tags", "type": "array" } @@ -113155,7 +113314,7 @@ "properties": { "Attributes": { "additionalProperties": true, - "markdownDescription": "Metadata that can be used to define a package version\u2019s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", + "markdownDescription": "", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -113165,12 +113324,12 @@ "type": "object" }, "Description": { - "markdownDescription": "A summary of the package version being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the associated software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -113178,12 +113337,12 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package version.", + "markdownDescription": "", "title": "Tags", "type": "array" }, "VersionName": { - "markdownDescription": "The name of the new package version.", + "markdownDescription": "", "title": "VersionName", "type": "string" } @@ -147185,9 +147344,13 @@ "additionalProperties": false, "properties": { "CustomEpoch": { + "markdownDescription": "", + "title": "CustomEpoch", "type": "string" }, "JamSyncTime": { + "markdownDescription": "", + "title": "JamSyncTime", "type": "string" } }, @@ -147270,6 +147433,8 @@ "type": "string" }, "OutputStaticImageOverlayScheduleActions": { + "markdownDescription": "", + "title": "OutputStaticImageOverlayScheduleActions", "type": "string" } }, @@ -147416,7 +147581,9 @@ "type": "string" }, "OutputLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings", + "markdownDescription": "", + "title": "OutputLockingSettings" }, "OutputTimingSource": { "markdownDescription": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", @@ -149562,10 +149729,14 @@ "additionalProperties": false, "properties": { "EpochLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings", + "markdownDescription": "", + "title": "EpochLockingSettings" }, "PipelineLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings", + "markdownDescription": "", + "title": "PipelineLockingSettings" } }, "type": "object" @@ -159162,6 +159333,16 @@ "Properties": { "additionalProperties": false, "properties": { + "BufferOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.BufferOptions", + "markdownDescription": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.", + "title": "BufferOptions" + }, + "EncryptionAtRestOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.EncryptionAtRestOptions", + "markdownDescription": "Options to control how OpenSearch encrypts all data-at-rest.", + "title": "EncryptionAtRestOptions" + }, "LogPublishingOptions": { "$ref": "#/definitions/AWS::OSIS::Pipeline.LogPublishingOptions", "markdownDescription": "Key-value pairs that represent log publishing settings.", @@ -159230,6 +159411,20 @@ ], "type": "object" }, + "AWS::OSIS::Pipeline.BufferOptions": { + "additionalProperties": false, + "properties": { + "PersistentBufferEnabled": { + "markdownDescription": "Whether persistent buffering should be enabled.", + "title": "PersistentBufferEnabled", + "type": "boolean" + } + }, + "required": [ + "PersistentBufferEnabled" + ], + "type": "object" + }, "AWS::OSIS::Pipeline.CloudWatchLogDestination": { "additionalProperties": false, "properties": { @@ -159239,6 +159434,23 @@ "type": "string" } }, + "required": [ + "LogGroup" + ], + "type": "object" + }, + "AWS::OSIS::Pipeline.EncryptionAtRestOptions": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "markdownDescription": "The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key.", + "title": "KmsKeyArn", + "type": "string" + } + }, + "required": [ + "KmsKeyArn" + ], "type": "object" }, "AWS::OSIS::Pipeline.LogPublishingOptions": { @@ -159298,6 +159510,9 @@ "type": "array" } }, + "required": [ + "SubnetIds" + ], "type": "object" }, "AWS::Oam::Link": { @@ -160854,6 +161069,9 @@ "title": "EngineVersion", "type": "string" }, + "IPAddressType": { + "type": "string" + }, "LogPublishingOptions": { "additionalProperties": false, "markdownDescription": "An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish. Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .", @@ -218670,12 +218888,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The number of seconds vended session credentials will be valid for", + "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "The enabled status of the resource.", + "markdownDescription": "Indicates whether the profile is enabled.", "title": "Enabled", "type": "boolean" }, @@ -218683,17 +218901,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The customer specified name of the resource.", + "markdownDescription": "The name of the profile.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -218701,12 +218919,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -218714,7 +218932,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A list of Tags.", + "markdownDescription": "The tags to attach to the profile.", "title": "Tags", "type": "array" } @@ -218875,11 +219093,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", + "markdownDescription": "The data field of the trust anchor depending on its type.", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.", + "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", "title": "SourceType", "type": "string" } @@ -222696,6 +222914,9 @@ "type": "boolean" } }, + "required": [ + "EventBridgeEnabled" + ], "type": "object" }, "AWS::S3::Bucket.FilterRule": { @@ -223479,12 +223700,12 @@ "ObjectSizeGreaterThan": { "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeGreaterThan", - "type": "number" + "type": "string" }, "ObjectSizeLessThan": { "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeLessThan", - "type": "number" + "type": "string" }, "Prefix": { "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", @@ -227246,6 +227467,8 @@ "type": "string" }, "ReplayPolicy": { + "markdownDescription": "", + "title": "ReplayPolicy", "type": "object" }, "SubscriptionRoleArn": { @@ -233589,6 +233812,11 @@ "$ref": "#/definitions/AWS::SageMaker::FeatureGroup.OnlineStoreSecurityConfig", "markdownDescription": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` .", "title": "SecurityConfig" + }, + "StorageType": { + "markdownDescription": "Option for different tiers of low latency storage for real-time data retrieval.\n\n- `Standard` : A managed low latency data store for feature groups.\n- `InMemory` : A managed data store for feature groups that supports very low latency retrieval.", + "title": "StorageType", + "type": "string" } }, "type": "object" @@ -266243,6 +266471,9 @@ { "$ref": "#/definitions/AWS::CloudFront::KeyGroup" }, + { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore" + }, { "$ref": "#/definitions/AWS::CloudFront::MonitoringSubscription" }, diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 859b07ba2..abaab6116 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -5251,6 +5251,15 @@ "Items": "A list of the identifiers of the public keys in the key group.", "Name": "A name to identify the key group." }, + "AWS::CloudFront::KeyValueStore": { + "Comment": "A comment for the Key Value Store.", + "ImportSource": "The import source for the Key Value Store.", + "Name": "The name of the Key Value Store." + }, + "AWS::CloudFront::KeyValueStore ImportSource": { + "SourceArn": "The Amazon Resource Name (ARN) of the import source for the Key Value Store.", + "SourceType": "The source type of the import source for the Key Value Store." + }, "AWS::CloudFront::MonitoringSubscription": { "DistributionId": "The ID of the distribution that you are enabling metrics for.", "MonitoringSubscription": "A subscription configuration for additional CloudWatch metrics." @@ -5659,9 +5668,9 @@ "IncludeFilters": "If you specify this parameter, the stream sends only the metrics from the metric namespaces that you specify here. You cannot specify both `IncludeFilters` and `ExcludeFilters` in the same metric stream.\n\nWhen you modify the `IncludeFilters` or `ExcludeFilters` of an existing metric stream in any way, the metric stream is effectively restarted, so after such a change you will get only the datapoints that have a timestamp after the time of the update.", "IncludeLinkedAccountsMetrics": "If you are creating a metric stream in a monitoring account, specify `true` to include metrics from source accounts that are linked to this monitoring account, in the metric stream. The default is `false` .\n\nFor more information about linking accounts, see [CloudWatch cross-account observability](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html)", "Name": "If you are creating a new metric stream, this is the name for the new stream. The name must be different than the names of other metric streams in this account and Region.\n\nIf you are updating a metric stream, specify the name of that stream here.", - "OutputFormat": "The output format for the stream. Valid values are `json` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", + "OutputFormat": "The output format for the stream. Valid values are `json` , `opentelemetry1.0` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", "RoleArn": "The ARN of an IAM role that this metric stream will use to access Amazon Kinesis Firehose resources. This IAM role must already exist and must be in the same account as the metric stream. This IAM role must include the `firehose:PutRecord` and `firehose:PutRecordBatch` permissions.", - "StatisticsConfigurations": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is `opentelemetry0` .7, you can stream percentile statistics *(p??)* .", + "StatisticsConfigurations": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is OpenTelemetry, you can stream percentile statistics.", "Tags": "An array of key-value pairs to apply to the metric stream.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." }, "AWS::CloudWatch::MetricStream MetricStreamFilter": { @@ -5958,6 +5967,7 @@ "OutdatedInstancesStrategy": "Indicates what happens when new Amazon EC2 instances are launched mid-deployment and do not receive the deployed application revision.\n\nIf this option is set to `UPDATE` or is unspecified, CodeDeploy initiates one or more 'auto-update outdated instances' deployments to apply the deployed application revision to the new Amazon EC2 instances.\n\nIf this option is set to `IGNORE` , CodeDeploy does not initiate a deployment to update the new Amazon EC2 instances. This may result in instances having different revisions.", "ServiceRoleArn": "A service role Amazon Resource Name (ARN) that grants CodeDeploy permission to make calls to AWS services on your behalf. For more information, see [Create a Service Role for AWS CodeDeploy](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-service-role.html) in the *AWS CodeDeploy User Guide* .\n\n> In some cases, you might need to add a dependency on the service role's policy. For more information, see IAM role policy in [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) .", "Tags": "The metadata that you apply to CodeDeploy deployment groups to help you organize and categorize them. Each tag consists of a key and an optional value, both of which you define.", + "TerminationHookEnabled": "Indicates whether the deployment group was configured to have CodeDeploy install a termination hook into an Auto Scaling group.\n\nFor more information about the termination hook, see [How Amazon EC2 Auto Scaling works with CodeDeploy](https://docs.aws.amazon.com//codedeploy/latest/userguide/integrations-aws-auto-scaling.html#integrations-aws-auto-scaling-behaviors) in the *AWS CodeDeploy User Guide* .", "TriggerConfigurations": "Information about triggers associated with the deployment group. Duplicates are not allowed" }, "AWS::CodeDeploy::DeploymentGroup Alarm": { @@ -6135,10 +6145,13 @@ "ArtifactStores": "A mapping of `artifactStore` objects and their corresponding AWS Regions. There must be an artifact store for the pipeline Region and for each cross-region action in the pipeline.\n\n> You must include either `artifactStore` or `artifactStores` in your pipeline, but you cannot use both. If you create a cross-region action in your pipeline, you must use `artifactStores` .", "DisableInboundStageTransitions": "Represents the input of a `DisableStageTransition` action.", "Name": "The name of the pipeline.", + "PipelineType": "CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications.\n\n- V1 type pipelines have a JSON structure that contains standard pipeline, stage, and action-level parameters.\n- V2 type pipelines have the same structure as a V1 type, along with additional parameters for release safety and trigger configuration.\n\n> Including V2 parameters, such as triggers on Git tags, in the pipeline JSON when creating or updating a pipeline will result in the pipeline having the V2 type of pipeline and the associated costs. \n\nFor information about pricing for CodePipeline, see [Pricing](https://docs.aws.amazon.com/https://aws.amazon.com/codepipeline/pricing/) .\n\nFor information about which type of pipeline to choose, see [What type of pipeline is right for me?](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-types-planning.html) .", "RestartExecutionOnUpdate": "Indicates whether to rerun the CodePipeline pipeline after you update it.", "RoleArn": "The Amazon Resource Name (ARN) for CodePipeline to use to either perform actions with no `actionRoleArn` , or to use to assume roles for actions with an `actionRoleArn` .", "Stages": "Represents information about a stage and its definition.", - "Tags": "Specifies the tags applied to the pipeline." + "Tags": "Specifies the tags applied to the pipeline.", + "Triggers": "The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline.\n\n> When a trigger configuration is specified, default change detection for repository and branch commits is disabled.", + "Variables": "A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match `[A-Za-z0-9@\\-_]+` ." }, "AWS::CodePipeline::Pipeline ActionDeclaration": { "ActionTypeId": "Specifies the action type and the provider of the action.", @@ -6174,12 +6187,27 @@ "Id": "The ID used to identify the key. For an AWS KMS key, you can use the key ID, the key ARN, or the alias ARN.\n\n> Aliases are recognized only in the account that created the AWS KMS key. For cross-account actions, you can only use the key ID or key ARN to identify the key. Cross-account actions involve using the role from the other account (AccountB), so specifying the key ID will use the key from the other account (AccountB).", "Type": "The type of encryption key, such as an AWS KMS key. When creating or updating a pipeline, the value must be set to 'KMS'." }, + "AWS::CodePipeline::Pipeline GitConfiguration": { + "Push": "The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details.\n\n> Git tags is the only supported event type.", + "SourceActionName": "The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.\n\n> You can only specify one trigger configuration per source action." + }, + "AWS::CodePipeline::Pipeline GitPushFilter": { + "Tags": "The field that contains the details for the Git tags trigger configuration." + }, + "AWS::CodePipeline::Pipeline GitTagFilterCriteria": { + "Excludes": "The list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.", + "Includes": "The list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline." + }, "AWS::CodePipeline::Pipeline InputArtifact": { "Name": "The name of the artifact to be worked on (for example, \"My App\").\n\nArtifacts are the files that are worked on by actions in the pipeline. See the action configuration for each action for details about artifact parameters. For example, the S3 source action input artifact is a file name (or file path), and the files are generally provided as a ZIP file. Example artifact name: SampleApp_Windows.zip\n\nThe input artifact of an action must exactly match the output artifact declared in a preceding action, but the input artifact does not have to be the next action in strict sequence from the action that provided the output artifact. Actions in parallel can declare different output artifacts, which are in turn consumed by different following actions." }, "AWS::CodePipeline::Pipeline OutputArtifact": { "Name": "The name of the output of an artifact, such as \"My App\".\n\nThe output artifact name must exactly match the input artifact declared for a downstream action. However, the downstream action's input artifact does not have to be the next action in strict sequence from the action that provided the output artifact. Actions in parallel can declare different output artifacts, which are in turn consumed by different following actions.\n\nOutput artifact names must be unique within a pipeline." }, + "AWS::CodePipeline::Pipeline PipelineTriggerDeclaration": { + "GitConfiguration": "Provides the filter criteria and the source stage for the repository event that starts the pipeline, such as Git tags.", + "ProviderType": "The source provider for the event, such as connections configured for a repository with Git tags, for the specified trigger configuration." + }, "AWS::CodePipeline::Pipeline StageDeclaration": { "Actions": "The actions included in a stage.", "Blockers": "Reserved for future use.", @@ -6193,6 +6221,11 @@ "Key": "The tag's key.", "Value": "The tag's value." }, + "AWS::CodePipeline::Pipeline VariableDeclaration": { + "DefaultValue": "The value of a pipeline-level variable.", + "Description": "The description of a pipeline-level variable. It's used to add additional context about the variable, and not being used at time when pipeline executes.", + "Name": "The name of a pipeline-level variable." + }, "AWS::CodePipeline::Webhook": { "Authentication": "Supported options are GITHUB_HMAC, IP, and UNAUTHENTICATED.\n\n- For information about the authentication scheme implemented by GITHUB_HMAC, see [Securing your webhooks](https://docs.aws.amazon.com/https://developer.github.com/webhooks/securing/) on the GitHub Developer website.\n- IP rejects webhooks trigger requests unless they originate from an IP address in the IP range whitelisted in the authentication configuration.\n- UNAUTHENTICATED accepts all webhook trigger requests regardless of origin.", "AuthenticationConfiguration": "Properties that configure the authentication applied to incoming webhook trigger requests. The required properties depend on the authentication type. For GITHUB_HMAC, only the `SecretToken` property must be set. For IP, only the `AllowedIPRange` property must be set to a valid CIDR range. For UNAUTHENTICATED, no properties can be set.", @@ -6468,7 +6501,7 @@ }, "AWS::Cognito::UserPoolClient": { "AccessTokenValidity": "The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for `AccessTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `AccessTokenValidity` to `10` and `TokenValidityUnits` to `hours` , your user can authorize access with their access token for 10 hours.\n\nThe default time unit for `AccessTokenValidity` in an API request is hours.", - "AllowedOAuthFlows": "The allowed OAuth flows.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", + "AllowedOAuthFlows": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", "AllowedOAuthFlowsUserPoolClient": "Set to `true` to use OAuth 2.0 features in your user pool app client.\n\n`AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` .", "AllowedOAuthScopes": "The allowed OAuth scopes. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported.", "AnalyticsConfiguration": "The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.\n\n> In AWS Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in AWS Region us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.", @@ -6589,7 +6622,7 @@ "DesiredDeliveryMediums": "Specify `\"EMAIL\"` if email will be used to send the welcome message. Specify `\"SMS\"` if the phone number will be used. The default value is `\"SMS\"` . You can specify more than one value.", "ForceAliasCreation": "This parameter is used only if the `phone_number_verified` or `email_verified` attribute is set to `True` . Otherwise, it is ignored.\n\nIf this parameter is set to `True` and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.\n\nIf this parameter is set to `False` , the API throws an `AliasExistsException` error if the alias already exists. The default value is `False` .", "MessageAction": "Set to `RESEND` to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to `SUPPRESS` to suppress sending the message. You can specify only one value.", - "UserAttributes": "The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (in [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) or in the *Attributes* tab of the console) must be supplied either by you (in your call to `AdminCreateUser` ) or by the user (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . (You can also do this by calling [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .)\n\n- *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "UserAttributes": "An array of name-value pairs that contain user attributes and attribute values.", "UserPoolId": "The user pool ID for the user pool where the user will be created.", "Username": "The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter.\n\n- The username can't be a duplicate of another username in the same user pool.\n- You can't change the value of a username after you create it.\n- You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) .", "ValidationData": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) ." @@ -6762,6 +6795,7 @@ "AWS::Config::ConfigurationRecorder": { "Name": "The name of the configuration recorder. AWS Config automatically assigns the name of \"default\" when creating the configuration recorder.\n\nYou cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.", "RecordingGroup": "Specifies which resource types AWS Config records for configuration changes.\n\n> *High Number of AWS Config Evaluations*\n> \n> You may notice increased activity in your account during your initial month recording with AWS Config when compared to subsequent months. During the initial bootstrapping process, AWS Config runs evaluations on all the resources in your account that you have selected for AWS Config to record.\n> \n> If you are running ephemeral workloads, you may see increased activity from AWS Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud ( Amazon EC2 ) Spot Instances, Amazon EMR jobs, and AWS Auto Scaling . If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with AWS Config turned off to avoid increased configuration recording and rule evaluations.", + "RecordingMode": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", "RoleARN": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* ." }, "AWS::Config::ConfigurationRecorder ExclusionByResourceTypes": { @@ -6774,6 +6808,15 @@ "RecordingStrategy": "An object that specifies the recording strategy for the configuration recorder.\n\n- If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type.\n- If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resources types and the resource exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)", "ResourceTypes": "A comma-separated list that specifies which resource types AWS Config records.\n\nFor a list of valid `resourceTypes` values, see the *Resource Type Value* column in [Supported AWS resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n\n> *Required and optional fields*\n> \n> Optionally, you can set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` .\n> \n> To record all configuration changes, set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` , and either omit this field or don't specify any resource types in this field. If you set the `allSupported` field to `false` and specify values for `resourceTypes` , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. > *Region availability*\n> \n> Before specifying a resource type for AWS Config to track, check [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) to see if the resource type is supported in the AWS Region where you set up AWS Config . If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config , even if the specified resource type is not supported in the AWS Region where you set up AWS Config ." }, + "AWS::Config::ConfigurationRecorder RecordingMode": { + "RecordingFrequency": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "RecordingModeOverrides": "An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode. The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override." + }, + "AWS::Config::ConfigurationRecorder RecordingModeOverride": { + "Description": "A description that you provide for the override.", + "RecordingFrequency": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", + "ResourceTypes": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`" + }, "AWS::Config::ConfigurationRecorder RecordingStrategy": { "UseOnly": "The recording strategy for the configuration recorder.\n\n- If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n- If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)" }, @@ -7031,7 +7074,8 @@ "Attributes": "A toggle for an individual feature at the instance level.", "DirectoryId": "The identifier for the directory.", "IdentityManagementType": "The identity management type.", - "InstanceAlias": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` ." + "InstanceAlias": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` .", + "Tags": "The tags of an instance." }, "AWS::Connect::Instance Attributes": { "AutoResolveBestVoices": "", @@ -7042,6 +7086,10 @@ "OutboundCalls": "", "UseCustomTTSVoices": "" }, + "AWS::Connect::Instance Tag": { + "Key": "", + "Value": "" + }, "AWS::Connect::InstanceStorageConfig": { "InstanceArn": "The Amazon Resource Name (ARN) of the instance.", "KinesisFirehoseConfig": "The configuration of the Kinesis Firehose delivery stream.", @@ -7944,10 +7992,14 @@ }, "AWS::DMS::Endpoint IbmDb2Settings": { "CurrentLsn": "For ongoing replication (CDC), use CurrentLSN to specify a log sequence number (LSN) where you want the replication to start.", + "KeepCsvFiles": "If true, AWS DMS saves any .csv files to the Db2 LUW target that were used to replicate data. DMS uses these files for analysis and troubleshooting.\n\nThe default value is false.", + "LoadTimeout": "The amount of time (in milliseconds) before AWS DMS times out operations performed by DMS on the Db2 target. The default value is 1200 (20 minutes).", + "MaxFileSize": "Specifies the maximum size (in KB) of .csv files used to transfer data to Db2 LUW.", "MaxKBytesPerRead": "Maximum number of bytes per read, as a NUMBER value. The default is 64 KB.", "SecretsManagerAccessRoleArn": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` . The role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value ofthe AWS Secrets Manager secret that allows access to the Db2 LUW endpoint.\n\n> You can specify one of two sets of values for these permissions. You can specify the values for this setting and `SecretsManagerSecretId` . Or you can specify clear-text values for `UserName` , `Password` , `ServerName` , and `Port` . You can't specify both.\n> \n> For more information on creating this `SecretsManagerSecret` , the corresponding `SecretsManagerAccessRoleArn` , and the `SecretsManagerSecretId` that is required to access it, see [Using secrets to access AWS Database Migration Service resources](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager) in the *AWS Database Migration Service User Guide* .", "SecretsManagerSecretId": "The full ARN, partial ARN, or display name of the `SecretsManagerSecret` that contains the IBMDB2 endpoint connection details.", - "SetDataCaptureChanges": "Enables ongoing replication (CDC) as a BOOLEAN value. The default is true." + "SetDataCaptureChanges": "Enables ongoing replication (CDC) as a BOOLEAN value. The default is true.", + "WriteBufferSize": "The size (in KB) of the in-memory file write buffer used when generating .csv files on the local disk on the DMS replication instance. The default value is 1024 (1 MB)." }, "AWS::DMS::Endpoint KafkaSettings": { "Broker": "A comma-separated list of one or more broker locations in your Kafka cluster that host your Kafka instance. Specify each broker location in the form `*broker-hostname-or-ip* : *port*` . For example, `\"ec2-12-345-678-901.compute-1.amazonaws.com:2345\"` . For more information and examples of specifying a list of broker locations, see [Using Apache Kafka as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Kafka.html) in the *AWS Database Migration Service User Guide* .", @@ -9013,7 +9065,7 @@ "LogLevel": "Specifies the type of logs that DataSync publishes to a Amazon CloudWatch Logs log group. To specify the log group, see [CloudWatchLogGroupArn](https://docs.aws.amazon.com/datasync/latest/userguide/API_CreateTask.html#DataSync-CreateTask-request-CloudWatchLogGroupArn) .\n\nIf you set `LogLevel` to `OFF` , no logs are published. `BASIC` publishes logs on errors for individual files transferred. `TRANSFER` publishes logs for every file or object that is transferred and integrity checked.", "Mtime": "A value that indicates the last time that a file was modified (that is, a file was written to) before the PREPARING phase. This option is required for cases when you need to run the same task more than one time.\n\nDefault value: `PRESERVE`\n\n`PRESERVE` : Preserve original `Mtime` (recommended)\n\n`NONE` : Ignore `Mtime` .\n\n> If `Mtime` is set to `PRESERVE` , `Atime` must be set to `BEST_EFFORT` .\n> \n> If `Mtime` is set to `NONE` , `Atime` must also be set to `NONE` .", "ObjectTags": "Specifies whether object tags are preserved when transferring between object storage systems. If you want your DataSync task to ignore object tags, specify the `NONE` value.\n\nDefault Value: `PRESERVE`", - "OverwriteMode": "Specifies whether data at the destination location should be overwritten or preserved. If set to `NEVER` , a destination file for example will not be replaced by a source file (even if the destination file differs from the source file). If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.\n\nSome storage classes have specific behaviors that can affect your Amazon S3 storage cost. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .", + "OverwriteMode": "Specifies whether DataSync should modify or preserve data at the destination location.\n\n- `ALWAYS` (default) - DataSync modifies data in the destination location when source data (including metadata) has changed.\n\nIf DataSync overwrites objects, you might incur additional charges for certain Amazon S3 storage classes (for example, for retrieval or early deletion). For more information, see [Storage class considerations with Amazon S3 transfers](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .\n- `NEVER` - DataSync doesn't overwrite data in the destination location even if the source data has changed. You can use this option to protect against overwriting changes made to files or objects in the destination.", "PosixPermissions": "A value that determines which users or groups can access a file for a specific purpose, such as reading, writing, or execution of the file. This option should be set only for Network File System (NFS), Amazon EFS, and Amazon S3 locations. For more information about what metadata is copied by DataSync, see [Metadata Copied by DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/special-files.html#metadata-copied) .\n\nDefault value: `PRESERVE`\n\n`PRESERVE` : Preserve POSIX-style permissions (recommended).\n\n`NONE` : Ignore permissions.\n\n> AWS DataSync can preserve extant permissions of a source location.", "PreserveDeletedFiles": "A value that specifies whether files in the destination that don't exist in the source file system are preserved. This option can affect your storage costs. If your task deletes objects, you might incur minimum storage duration charges for certain storage classes. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) in the *AWS DataSync User Guide* .\n\nDefault value: `PRESERVE`\n\n`PRESERVE` : Ignore destination files that aren't present in the source (recommended).\n\n`REMOVE` : Delete destination files that aren't present in the source.", "PreserveDevices": "A value that determines whether AWS DataSync should preserve the metadata of block and character devices in the source file system, and re-create the files with that device name and metadata on the destination. DataSync does not copy the contents of such devices, only the name and metadata.\n\n> AWS DataSync can't sync the actual contents of such devices, because they are nonterminal and don't return an end-of-file (EOF) marker. \n\nDefault value: `NONE`\n\n`NONE` : Ignore special devices (recommended).\n\n`PRESERVE` : Preserve character and block device metadata. This option isn't currently supported for Amazon EFS.", @@ -10261,7 +10313,7 @@ "HttpEndpoint": "Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is `enabled` .\n\n> If you specify a value of `disabled` , you will not be able to access your instance metadata.", "HttpProtocolIpv6": "Enables or disables the IPv6 endpoint for the instance metadata service.\n\nDefault: `disabled`", "HttpPutResponseHopLimit": "The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.\n\nDefault: `1`\n\nPossible values: Integers from 1 to 64", - "HttpTokens": "IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to `optional` (in other words, set the use of IMDSv2 to `optional` ) or `required` (in other words, set the use of IMDSv2 to `required` ).\n\n- `optional` - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.\n- `required` - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: `optional`", + "HttpTokens": "Indicates whether IMDSv2 is required.\n\n- `optional` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.\n- `required` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: If the value of `ImdsSupport` for the Amazon Machine Image (AMI) for your instance is `v2.0` , the default is `required` .", "InstanceMetadataTags": "Set to `enabled` to allow access to instance tags from the instance metadata. Set to `disabled` to turn off access to instance tags from the instance metadata. For more information, see [Work with instance tags using the instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS) .\n\nDefault: `disabled`" }, "AWS::EC2::LaunchTemplate Monitoring": { @@ -12835,10 +12887,12 @@ "CacheUsageLimits": "The cache usage limit for the serverless cache.", "DailySnapshotTime": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Redis only.", "Description": "A description of the serverless cache.", + "Endpoint": "Represents the information required for client programs to connect to a cache node.", "Engine": "The engine the serverless cache is compatible with.", "FinalSnapshotName": "The name of the final snapshot taken of a cache before the cache is deleted.", "KmsKeyId": "The ID of the AWS Key Management Service (KMS) key that is used to encrypt data at rest in the serverless cache.", "MajorEngineVersion": "The version number of the engine the serverless cache is compatible with.", + "ReaderEndpoint": "Represents the information required for client programs to connect to a cache node.", "SecurityGroupIds": "The IDs of the EC2 security groups associated with the serverless cache.", "ServerlessCacheName": "The unique identifier of the serverless cache.", "SnapshotArnsToRestore": "The ARN of the snapshot from which to restore data into the new cache.", @@ -13951,9 +14005,9 @@ "EmptyTargetResolutionMode": "The empty target resolution mode for an experiment template." }, "AWS::FIS::ExperimentTemplate ExperimentTemplateLogConfiguration": { - "CloudWatchLogsConfiguration": "The configuration for experiment logging to Amazon CloudWatch Logs.", + "CloudWatchLogsConfiguration": "The configuration for experiment logging to CloudWatch Logs .", "LogSchemaVersion": "The schema version.", - "S3Configuration": "The configuration for experiment logging to Amazon S3." + "S3Configuration": "The configuration for experiment logging to Amazon S3 ." }, "AWS::FIS::ExperimentTemplate ExperimentTemplateStopCondition": { "Source": "The source for the stop condition.", @@ -13961,7 +14015,7 @@ }, "AWS::FIS::ExperimentTemplate ExperimentTemplateTarget": { "Filters": "The filters to apply to identify target resources using specific attributes.", - "Parameters": "The resource type parameters.", + "Parameters": "The parameters for the resource type.", "ResourceArns": "The Amazon Resource Names (ARNs) of the targets.", "ResourceTags": "The tags for the target resources.", "ResourceType": "The resource type.", @@ -17177,20 +17231,20 @@ "Value": "The tag's value." }, "AWS::IoT::SoftwarePackage": { - "Description": "A summary of the package being created. This can be used to outline the package's contents or purpose.", - "PackageName": "The name of the new software package.", - "Tags": "Metadata that can be used to manage the package." + "Description": "", + "PackageName": "", + "Tags": "" }, "AWS::IoT::SoftwarePackage Tag": { "Key": "The tag's key.", "Value": "The tag's value." }, "AWS::IoT::SoftwarePackageVersion": { - "Attributes": "Metadata that can be used to define a package version\u2019s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", - "Description": "A summary of the package version being created. This can be used to outline the package's contents or purpose.", - "PackageName": "The name of the associated software package.", - "Tags": "Metadata that can be used to manage the package version.", - "VersionName": "The name of the new package version." + "Attributes": "", + "Description": "", + "PackageName": "", + "Tags": "", + "VersionName": "" }, "AWS::IoT::SoftwarePackageVersion Tag": { "Key": "The tag's key.", @@ -22693,6 +22747,10 @@ "TimecodeConfig": "Contains settings used to acquire and adjust timecode information from the inputs.", "VideoDescriptions": "The encoding information for output videos." }, + "AWS::MediaLive::Channel EpochLockingSettings": { + "CustomEpoch": "", + "JamSyncTime": "" + }, "AWS::MediaLive::Channel Esam": { "AcquisitionPointId": "", "AdAvailOffset": "", @@ -22710,7 +22768,8 @@ "VideoBlackSettings": "MediaLive will perform a failover if content is considered black for the specified period." }, "AWS::MediaLive::Channel FeatureActivations": { - "InputPrepareScheduleActions": "Enables the Input Prepare feature. You can create Input Prepare actions in the schedule only if this feature is enabled.\nIf you disable the feature on an existing schedule, make sure that you first delete all input prepare actions from the schedule." + "InputPrepareScheduleActions": "Enables the Input Prepare feature. You can create Input Prepare actions in the schedule only if this feature is enabled.\nIf you disable the feature on an existing schedule, make sure that you first delete all input prepare actions from the schedule.", + "OutputStaticImageOverlayScheduleActions": "" }, "AWS::MediaLive::Channel FecOutputSettings": { "ColumnDepth": "The parameter D from SMPTE 2022-1. The height of the FEC protection matrix. The number of transport stream packets per column error correction packet. The number must be between 4 and 20, inclusive.", @@ -22745,6 +22804,7 @@ "InputEndAction": "Indicates the action to take when the current input completes (for example, end-of-file). When switchAndLoopInputs is configured, MediaLive restarts at the beginning of the first input. When \"none\" is configured, MediaLive transcodes either black, a solid color, or a user-specified slate images per the \"Input Loss Behavior\" configuration until the next input switch occurs (which is controlled through the Channel Schedule API).", "InputLossBehavior": "The settings for system actions when the input is lost.", "OutputLockingMode": "Indicates how MediaLive pipelines are synchronized. PIPELINELOCKING - MediaLive attempts to synchronize the output of each pipeline to the other. EPOCHLOCKING - MediaLive attempts to synchronize the output of each pipeline to the Unix epoch.", + "OutputLockingSettings": "", "OutputTimingSource": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", "SupportLowFramerateInputs": "Adjusts the video input buffer for streams with very low video frame rates. This is commonly set to enabled for music channels with less than one video frame per second." }, @@ -23202,6 +23262,10 @@ "AWS::MediaLive::Channel OutputLocationRef": { "DestinationRefId": "A reference ID for this destination." }, + "AWS::MediaLive::Channel OutputLockingSettings": { + "EpochLockingSettings": "", + "PipelineLockingSettings": "" + }, "AWS::MediaLive::Channel OutputSettings": { "ArchiveOutputSettings": "The settings for an archive output.", "FrameCaptureOutputSettings": "The settings for a frame capture output.\n\nThe parent of this entity is OutputGroupSettings.", @@ -24700,6 +24764,8 @@ "Script": "The initialization script." }, "AWS::OSIS::Pipeline": { + "BufferOptions": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.", + "EncryptionAtRestOptions": "Options to control how OpenSearch encrypts all data-at-rest.", "LogPublishingOptions": "Key-value pairs that represent log publishing settings.", "MaxUnits": "The maximum pipeline capacity, in Ingestion Compute Units (ICUs).", "MinUnits": "The minimum pipeline capacity, in Ingestion Compute Units (ICUs).", @@ -24708,9 +24774,15 @@ "Tags": "List of tags to add to the pipeline upon creation.", "VpcOptions": "Options that specify the subnets and security groups for an OpenSearch Ingestion VPC endpoint." }, + "AWS::OSIS::Pipeline BufferOptions": { + "PersistentBufferEnabled": "Whether persistent buffering should be enabled." + }, "AWS::OSIS::Pipeline CloudWatchLogDestination": { "LogGroup": "The name of the CloudWatch Logs group to send pipeline logs to. You can specify an existing log group or create a new one. For example, `/aws/OpenSearchService/IngestionService/my-pipeline` ." }, + "AWS::OSIS::Pipeline EncryptionAtRestOptions": { + "KmsKeyArn": "The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key." + }, "AWS::OSIS::Pipeline LogPublishingOptions": { "CloudWatchLogDestination": "The destination for OpenSearch Ingestion logs sent to Amazon CloudWatch Logs. This parameter is required if `IsLoggingEnabled` is set to `true` .", "IsLoggingEnabled": "Whether logs should be published." @@ -35812,14 +35884,14 @@ "Value": "The tag value." }, "AWS::RolesAnywhere::Profile": { - "DurationSeconds": "The number of seconds vended session credentials will be valid for", - "Enabled": "The enabled status of the resource.", - "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", - "Name": "The customer specified name of the resource.", - "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", - "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", - "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", - "Tags": "A list of Tags." + "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "Enabled": "Indicates whether the profile is enabled.", + "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", + "Name": "The name of the profile.", + "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", + "Tags": "The tags to attach to the profile." }, "AWS::RolesAnywhere::Profile Tag": { "Key": "The tag key.", @@ -35839,8 +35911,8 @@ "Threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled." }, "AWS::RolesAnywhere::TrustAnchor Source": { - "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", - "SourceType": "The type of the TrustAnchor." + "SourceData": "The data field of the trust anchor depending on its type.", + "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." }, "AWS::RolesAnywhere::TrustAnchor SourceData": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", @@ -37039,6 +37111,7 @@ "RawMessageDelivery": "When set to `true` , enables raw message delivery. Raw messages don't contain any JSON formatting and can be sent to Amazon SQS and HTTP/S endpoints. For more information, see `[GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html)` in the *Amazon SNS API Reference* .", "RedrivePolicy": "When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing.\n\nFor more information about the redrive policy and dead-letter queues, see [Amazon SQS dead-letter queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) in the *Amazon SQS Developer Guide* .", "Region": "For cross-region subscriptions, the region in which the topic resides.\n\nIf no region is specified, AWS CloudFormation uses the region of the caller as the default.\n\nIf you perform an update operation that only updates the `Region` property of a `AWS::SNS::Subscription` resource, that operation will fail unless you are either:\n\n- Updating the `Region` from `NULL` to the caller region.\n- Updating the `Region` from the caller region to `NULL` .", + "ReplayPolicy": "", "SubscriptionRoleArn": "This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following:\n\n- Permission to write to the Amazon Kinesis Data Firehose delivery stream\n- Amazon SNS listed as a trusted entity\n\nSpecifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see [Fanout to Amazon Kinesis Data Firehose delivery streams](https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html) in the *Amazon SNS Developer Guide.*", "TopicArn": "The ARN of the topic to subscribe to." }, @@ -37981,7 +38054,8 @@ }, "AWS::SageMaker::FeatureGroup OnlineStoreConfig": { "EnableOnlineStore": "Turn `OnlineStore` off by specifying `False` for the `EnableOnlineStore` flag. Turn `OnlineStore` on by specifying `True` for the `EnableOnlineStore` flag.\n\nThe default value is `False` .", - "SecurityConfig": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` ." + "SecurityConfig": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` .", + "StorageType": "Option for different tiers of low latency storage for real-time data retrieval.\n\n- `Standard` : A managed low latency data store for feature groups.\n- `InMemory` : A managed data store for feature groups that supports very low latency retrieval." }, "AWS::SageMaker::FeatureGroup OnlineStoreSecurityConfig": { "KmsKeyId": "The AWS Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.\n\nThe caller (either user or IAM role) of `CreateFeatureGroup` must have below permissions to the `OnlineStore` `KmsKeyId` :\n\n- `\"kms:Encrypt\"`\n- `\"kms:Decrypt\"`\n- `\"kms:DescribeKey\"`\n- `\"kms:CreateGrant\"`\n- `\"kms:RetireGrant\"`\n- `\"kms:ReEncryptFrom\"`\n- `\"kms:ReEncryptTo\"`\n- `\"kms:GenerateDataKey\"`\n- `\"kms:ListAliases\"`\n- `\"kms:ListGrants\"`\n- `\"kms:RevokeGrant\"`\n\nThe caller (either user or IAM role) to all DataPlane operations ( `PutRecord` , `GetRecord` , `DeleteRecord` ) must have the following permissions to the `KmsKeyId` :\n\n- `\"kms:Decrypt\"`" diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index 26b7fecf6..f1d76a1b7 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -34010,6 +34010,103 @@ ], "type": "object" }, + "AWS::CloudFront::KeyValueStore": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Comment": { + "markdownDescription": "A comment for the Key Value Store.", + "title": "Comment", + "type": "string" + }, + "ImportSource": { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore.ImportSource", + "markdownDescription": "The import source for the Key Value Store.", + "title": "ImportSource" + }, + "Name": { + "markdownDescription": "The name of the Key Value Store.", + "title": "Name", + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CloudFront::KeyValueStore" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CloudFront::KeyValueStore.ImportSource": { + "additionalProperties": false, + "properties": { + "SourceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the import source for the Key Value Store.", + "title": "SourceArn", + "type": "string" + }, + "SourceType": { + "markdownDescription": "The source type of the import source for the Key Value Store.", + "title": "SourceType", + "type": "string" + } + }, + "required": [ + "SourceArn", + "SourceType" + ], + "type": "object" + }, "AWS::CloudFront::MonitoringSubscription": { "additionalProperties": false, "properties": { @@ -36965,7 +37062,7 @@ "type": "string" }, "OutputFormat": { - "markdownDescription": "The output format for the stream. Valid values are `json` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", + "markdownDescription": "The output format for the stream. Valid values are `json` , `opentelemetry1.0` and `opentelemetry0.7` For more information about metric stream output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html) .\n\nThis parameter is required.", "title": "OutputFormat", "type": "string" }, @@ -36978,7 +37075,7 @@ "items": { "$ref": "#/definitions/AWS::CloudWatch::MetricStream.MetricStreamStatisticsConfiguration" }, - "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is `opentelemetry0` .7, you can stream percentile statistics *(p??)* .", + "markdownDescription": "By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT statistics for each metric that is streamed. You can use this parameter to have the metric stream also send additional statistics in the stream. This array can have up to 100 members.\n\nFor each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream's `OutputFormat` . If the `OutputFormat` is `json` , you can stream any additional statistic that is supported by CloudWatch , listed in [CloudWatch statistics definitions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html) . If the `OutputFormat` is OpenTelemetry, you can stream percentile statistics.", "title": "StatisticsConfigurations", "type": "array" }, @@ -38862,9 +38959,6 @@ "title": "Tags", "type": "array" }, - "TerminationHookEnabled": { - "type": "boolean" - }, "TriggerConfigurations": { "items": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.TriggerConfig" @@ -39859,6 +39953,8 @@ "type": "string" }, "PipelineType": { + "markdownDescription": "CodePipeline provides the following pipeline types, which differ in characteristics and price, so that you can tailor your pipeline features and cost to the needs of your applications.\n\n- V1 type pipelines have a JSON structure that contains standard pipeline, stage, and action-level parameters.\n- V2 type pipelines have the same structure as a V1 type, along with additional parameters for release safety and trigger configuration.\n\n> Including V2 parameters, such as triggers on Git tags, in the pipeline JSON when creating or updating a pipeline will result in the pipeline having the V2 type of pipeline and the associated costs. \n\nFor information about pricing for CodePipeline, see [Pricing](https://docs.aws.amazon.com/https://aws.amazon.com/codepipeline/pricing/) .\n\nFor information about which type of pipeline to choose, see [What type of pipeline is right for me?](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipeline-types-planning.html) .", + "title": "PipelineType", "type": "string" }, "RestartExecutionOnUpdate": { @@ -39891,12 +39987,16 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration" }, + "markdownDescription": "The trigger configuration specifying a type of event, such as Git tags, that starts the pipeline.\n\n> When a trigger configuration is specified, default change detection for repository and branch commits is disabled.", + "title": "Triggers", "type": "array" }, "Variables": { "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.VariableDeclaration" }, + "markdownDescription": "A list that defines the pipeline variables for a pipeline resource. Variable names can have alphanumeric and underscore characters, and the values must match `[A-Za-z0-9@\\-_]+` .", + "title": "Variables", "type": "array" } }, @@ -40112,9 +40212,13 @@ "items": { "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitPushFilter" }, + "markdownDescription": "The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details.\n\n> Git tags is the only supported event type.", + "title": "Push", "type": "array" }, "SourceActionName": { + "markdownDescription": "The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.\n\n> You can only specify one trigger configuration per source action.", + "title": "SourceActionName", "type": "string" } }, @@ -40127,7 +40231,9 @@ "additionalProperties": false, "properties": { "Tags": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria", + "markdownDescription": "The field that contains the details for the Git tags trigger configuration.", + "title": "Tags" } }, "type": "object" @@ -40139,12 +40245,16 @@ "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.", + "title": "Excludes", "type": "array" }, "Includes": { "items": { "type": "string" }, + "markdownDescription": "The list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline.", + "title": "Includes", "type": "array" } }, @@ -40182,9 +40292,13 @@ "additionalProperties": false, "properties": { "GitConfiguration": { - "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration" + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration", + "markdownDescription": "Provides the filter criteria and the source stage for the repository event that starts the pipeline, such as Git tags.", + "title": "GitConfiguration" }, "ProviderType": { + "markdownDescription": "The source provider for the event, such as connections configured for a repository with Git tags, for the specified trigger configuration.", + "title": "ProviderType", "type": "string" } }, @@ -40248,12 +40362,18 @@ "additionalProperties": false, "properties": { "DefaultValue": { + "markdownDescription": "The value of a pipeline-level variable.", + "title": "DefaultValue", "type": "string" }, "Description": { + "markdownDescription": "The description of a pipeline-level variable. It's used to add additional context about the variable, and not being used at time when pipeline executes.", + "title": "Description", "type": "string" }, "Name": { + "markdownDescription": "The name of a pipeline-level variable.", + "title": "Name", "type": "string" } }, @@ -42184,7 +42304,7 @@ "items": { "type": "string" }, - "markdownDescription": "The allowed OAuth flows.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", + "markdownDescription": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.", "title": "AllowedOAuthFlows", "type": "array" }, @@ -43183,7 +43303,7 @@ "items": { "$ref": "#/definitions/AWS::Cognito::UserPoolUser.AttributeType" }, - "markdownDescription": "The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (in [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) or in the *Attributes* tab of the console) must be supplied either by you (in your call to `AdminCreateUser` ) or by the user (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . (You can also do this by calling [](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .)\n\n- *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values.", "title": "UserAttributes", "type": "array" }, @@ -44355,7 +44475,9 @@ "title": "RecordingGroup" }, "RecordingMode": { - "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode" + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode", + "markdownDescription": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "title": "RecordingMode" }, "RoleARN": { "markdownDescription": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .", @@ -44444,12 +44566,16 @@ "additionalProperties": false, "properties": { "RecordingFrequency": { + "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "title": "RecordingFrequency", "type": "string" }, "RecordingModeOverrides": { "items": { "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingModeOverride" }, + "markdownDescription": "An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode. The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override.", + "title": "RecordingModeOverrides", "type": "array" } }, @@ -44462,15 +44588,21 @@ "additionalProperties": false, "properties": { "Description": { + "markdownDescription": "A description that you provide for the override.", + "title": "Description", "type": "string" }, "RecordingFrequency": { + "markdownDescription": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", + "title": "RecordingFrequency", "type": "string" }, "ResourceTypes": { "items": { "type": "string" }, + "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", + "title": "ResourceTypes", "type": "array" } }, @@ -46337,6 +46469,14 @@ "markdownDescription": "The alias of instance. `InstanceAlias` is only required when `IdentityManagementType` is `CONNECT_MANAGED` or `SAML` . `InstanceAlias` is not required when `IdentityManagementType` is `EXISTING_DIRECTORY` .", "title": "InstanceAlias", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The tags of an instance.", + "title": "Tags", + "type": "array" } }, "required": [ @@ -46578,6 +46718,7 @@ } }, "required": [ + "EncryptionConfig", "Prefix", "RetentionPeriodHours" ], @@ -52229,12 +52370,18 @@ "type": "string" }, "KeepCsvFiles": { + "markdownDescription": "If true, AWS DMS saves any .csv files to the Db2 LUW target that were used to replicate data. DMS uses these files for analysis and troubleshooting.\n\nThe default value is false.", + "title": "KeepCsvFiles", "type": "boolean" }, "LoadTimeout": { + "markdownDescription": "The amount of time (in milliseconds) before AWS DMS times out operations performed by DMS on the Db2 target. The default value is 1200 (20 minutes).", + "title": "LoadTimeout", "type": "number" }, "MaxFileSize": { + "markdownDescription": "Specifies the maximum size (in KB) of .csv files used to transfer data to Db2 LUW.", + "title": "MaxFileSize", "type": "number" }, "MaxKBytesPerRead": { @@ -52258,6 +52405,8 @@ "type": "boolean" }, "WriteBufferSize": { + "markdownDescription": "The size (in KB) of the in-memory file write buffer used when generating .csv files on the local disk on the DMS replication instance. The default value is 1024 (1 MB).", + "title": "WriteBufferSize", "type": "number" } }, @@ -58546,7 +58695,7 @@ "type": "string" }, "OverwriteMode": { - "markdownDescription": "Specifies whether data at the destination location should be overwritten or preserved. If set to `NEVER` , a destination file for example will not be replaced by a source file (even if the destination file differs from the source file). If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.\n\nSome storage classes have specific behaviors that can affect your Amazon S3 storage cost. For detailed information, see [Considerations when working with Amazon S3 storage classes in DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .", + "markdownDescription": "Specifies whether DataSync should modify or preserve data at the destination location.\n\n- `ALWAYS` (default) - DataSync modifies data in the destination location when source data (including metadata) has changed.\n\nIf DataSync overwrites objects, you might incur additional charges for certain Amazon S3 storage classes (for example, for retrieval or early deletion). For more information, see [Storage class considerations with Amazon S3 transfers](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes) .\n- `NEVER` - DataSync doesn't overwrite data in the destination location even if the source data has changed. You can use this option to protect against overwriting changes made to files or objects in the destination.", "title": "OverwriteMode", "type": "string" }, @@ -66193,7 +66342,7 @@ "type": "number" }, "HttpTokens": { - "markdownDescription": "IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to `optional` (in other words, set the use of IMDSv2 to `optional` ) or `required` (in other words, set the use of IMDSv2 to `required` ).\n\n- `optional` - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.\n- `required` - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: `optional`", + "markdownDescription": "Indicates whether IMDSv2 is required.\n\n- `optional` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.\n- `required` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.\n\nDefault: If the value of `ImdsSupport` for the Amazon Machine Image (AMI) for your instance is `v2.0` , the default is `required` .", "title": "HttpTokens", "type": "string" }, @@ -83416,6 +83565,11 @@ "title": "Description", "type": "string" }, + "Endpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "Endpoint" + }, "Engine": { "markdownDescription": "The engine the serverless cache is compatible with.", "title": "Engine", @@ -83436,6 +83590,11 @@ "title": "MajorEngineVersion", "type": "string" }, + "ReaderEndpoint": { + "$ref": "#/definitions/AWS::ElastiCache::ServerlessCache.Endpoint", + "markdownDescription": "Represents the information required for client programs to connect to a cache node.", + "title": "ReaderEndpoint" + }, "SecurityGroupIds": { "items": { "type": "string" @@ -90636,7 +90795,7 @@ "properties": { "CloudWatchLogsConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.CloudWatchLogsConfiguration", - "markdownDescription": "The configuration for experiment logging to Amazon CloudWatch Logs.", + "markdownDescription": "The configuration for experiment logging to CloudWatch Logs .", "title": "CloudWatchLogsConfiguration" }, "LogSchemaVersion": { @@ -90646,7 +90805,7 @@ }, "S3Configuration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.S3Configuration", - "markdownDescription": "The configuration for experiment logging to Amazon S3.", + "markdownDescription": "The configuration for experiment logging to Amazon S3 .", "title": "S3Configuration" } }, @@ -90687,7 +90846,7 @@ }, "Parameters": { "additionalProperties": true, - "markdownDescription": "The resource type parameters.", + "markdownDescription": "The parameters for the resource type.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -113036,12 +113195,12 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "A summary of the package being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the new software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -113049,7 +113208,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package.", + "markdownDescription": "", "title": "Tags", "type": "array" } @@ -113113,7 +113272,7 @@ "properties": { "Attributes": { "additionalProperties": true, - "markdownDescription": "Metadata that can be used to define a package version\u2019s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", + "markdownDescription": "", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -113123,12 +113282,12 @@ "type": "object" }, "Description": { - "markdownDescription": "A summary of the package version being created. This can be used to outline the package's contents or purpose.", + "markdownDescription": "", "title": "Description", "type": "string" }, "PackageName": { - "markdownDescription": "The name of the associated software package.", + "markdownDescription": "", "title": "PackageName", "type": "string" }, @@ -113136,12 +113295,12 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that can be used to manage the package version.", + "markdownDescription": "", "title": "Tags", "type": "array" }, "VersionName": { - "markdownDescription": "The name of the new package version.", + "markdownDescription": "", "title": "VersionName", "type": "string" } @@ -147136,9 +147295,13 @@ "additionalProperties": false, "properties": { "CustomEpoch": { + "markdownDescription": "", + "title": "CustomEpoch", "type": "string" }, "JamSyncTime": { + "markdownDescription": "", + "title": "JamSyncTime", "type": "string" } }, @@ -147221,6 +147384,8 @@ "type": "string" }, "OutputStaticImageOverlayScheduleActions": { + "markdownDescription": "", + "title": "OutputStaticImageOverlayScheduleActions", "type": "string" } }, @@ -147367,7 +147532,9 @@ "type": "string" }, "OutputLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings", + "markdownDescription": "", + "title": "OutputLockingSettings" }, "OutputTimingSource": { "markdownDescription": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", @@ -149513,10 +149680,14 @@ "additionalProperties": false, "properties": { "EpochLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings", + "markdownDescription": "", + "title": "EpochLockingSettings" }, "PipelineLockingSettings": { - "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings" + "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings", + "markdownDescription": "", + "title": "PipelineLockingSettings" } }, "type": "object" @@ -159113,6 +159284,16 @@ "Properties": { "additionalProperties": false, "properties": { + "BufferOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.BufferOptions", + "markdownDescription": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.", + "title": "BufferOptions" + }, + "EncryptionAtRestOptions": { + "$ref": "#/definitions/AWS::OSIS::Pipeline.EncryptionAtRestOptions", + "markdownDescription": "Options to control how OpenSearch encrypts all data-at-rest.", + "title": "EncryptionAtRestOptions" + }, "LogPublishingOptions": { "$ref": "#/definitions/AWS::OSIS::Pipeline.LogPublishingOptions", "markdownDescription": "Key-value pairs that represent log publishing settings.", @@ -159181,6 +159362,20 @@ ], "type": "object" }, + "AWS::OSIS::Pipeline.BufferOptions": { + "additionalProperties": false, + "properties": { + "PersistentBufferEnabled": { + "markdownDescription": "Whether persistent buffering should be enabled.", + "title": "PersistentBufferEnabled", + "type": "boolean" + } + }, + "required": [ + "PersistentBufferEnabled" + ], + "type": "object" + }, "AWS::OSIS::Pipeline.CloudWatchLogDestination": { "additionalProperties": false, "properties": { @@ -159190,6 +159385,23 @@ "type": "string" } }, + "required": [ + "LogGroup" + ], + "type": "object" + }, + "AWS::OSIS::Pipeline.EncryptionAtRestOptions": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "markdownDescription": "The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key.", + "title": "KmsKeyArn", + "type": "string" + } + }, + "required": [ + "KmsKeyArn" + ], "type": "object" }, "AWS::OSIS::Pipeline.LogPublishingOptions": { @@ -159249,6 +159461,9 @@ "type": "array" } }, + "required": [ + "SubnetIds" + ], "type": "object" }, "AWS::Oam::Link": { @@ -160805,6 +161020,9 @@ "title": "EngineVersion", "type": "string" }, + "IPAddressType": { + "type": "string" + }, "LogPublishingOptions": { "additionalProperties": false, "markdownDescription": "An object with one or more of the following keys: `SEARCH_SLOW_LOGS` , `ES_APPLICATION_LOGS` , `INDEX_SLOW_LOGS` , `AUDIT_LOGS` , depending on the types of logs you want to publish. Each key needs a valid `LogPublishingOption` value. For the full syntax, see the [examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opensearchservice-domain.html#aws-resource-opensearchservice-domain--examples) .", @@ -218621,12 +218839,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The number of seconds vended session credentials will be valid for", + "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "The enabled status of the resource.", + "markdownDescription": "Indicates whether the profile is enabled.", "title": "Enabled", "type": "boolean" }, @@ -218634,17 +218852,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The customer specified name of the resource.", + "markdownDescription": "The name of the profile.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -218652,12 +218870,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -218665,7 +218883,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A list of Tags.", + "markdownDescription": "The tags to attach to the profile.", "title": "Tags", "type": "array" } @@ -218826,11 +219044,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", + "markdownDescription": "The data field of the trust anchor depending on its type.", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.", + "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", "title": "SourceType", "type": "string" } @@ -222640,6 +222858,9 @@ "type": "boolean" } }, + "required": [ + "EventBridgeEnabled" + ], "type": "object" }, "AWS::S3::Bucket.FilterRule": { @@ -223423,12 +223644,12 @@ "ObjectSizeGreaterThan": { "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeGreaterThan", - "type": "number" + "type": "string" }, "ObjectSizeLessThan": { "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "title": "ObjectSizeLessThan", - "type": "number" + "type": "string" }, "Prefix": { "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", @@ -227190,6 +227411,8 @@ "type": "string" }, "ReplayPolicy": { + "markdownDescription": "", + "title": "ReplayPolicy", "type": "object" }, "SubscriptionRoleArn": { @@ -233519,6 +233742,11 @@ "$ref": "#/definitions/AWS::SageMaker::FeatureGroup.OnlineStoreSecurityConfig", "markdownDescription": "Use to specify KMS Key ID ( `KMSKeyId` ) for at-rest encryption of your `OnlineStore` .", "title": "SecurityConfig" + }, + "StorageType": { + "markdownDescription": "Option for different tiers of low latency storage for real-time data retrieval.\n\n- `Standard` : A managed low latency data store for feature groups.\n- `InMemory` : A managed data store for feature groups that supports very low latency retrieval.", + "title": "StorageType", + "type": "string" } }, "type": "object" @@ -258630,6 +258858,9 @@ { "$ref": "#/definitions/AWS::CloudFront::KeyGroup" }, + { + "$ref": "#/definitions/AWS::CloudFront::KeyValueStore" + }, { "$ref": "#/definitions/AWS::CloudFront::MonitoringSubscription" },