From 17000c195d65a41ee830173e7110ad2c36078a7a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 19:15:25 +0000 Subject: [PATCH] chore(schema): update (#3693) Co-authored-by: github-actions --- samtranslator/schema/schema.json | 308 +++--- schema_source/cloudformation-docs.json | 1091 +++++++++++++++++----- schema_source/cloudformation.schema.json | 308 +++--- 3 files changed, 1179 insertions(+), 528 deletions(-) diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 5fbdfbb4d..71a3f4f02 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -5554,7 +5554,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source.", + "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. AWS Certificate Manager is the only supported source.", "title": "CertificateArn", "type": "string" }, @@ -19232,7 +19232,7 @@ "type": "string" }, "Type": { - "markdownDescription": "The type of the data source.\n\n- *AWS_LAMBDA* : The data source is an AWS Lambda function.\n- *AMAZON_DYNAMODB* : The data source is an Amazon DynamoDB table.\n- *AMAZON_ELASTICSEARCH* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_EVENTBRIDGE* : The data source is an Amazon EventBridge event bus.\n- *AMAZON_OPENSEARCH_SERVICE* : The data source is an Amazon OpenSearch Service domain.\n- *NONE* : There is no data source. This type is used when you wish to invoke a GraphQL operation without connecting to a data source, such as performing data transformation with resolvers or triggering a subscription to be invoked from a mutation.\n- *HTTP* : The data source is an HTTP endpoint.\n- *RELATIONAL_DATABASE* : The data source is a relational database.", + "markdownDescription": "The type of the data source.\n\n- *AWS_LAMBDA* : The data source is an AWS Lambda function.\n- *AMAZON_DYNAMODB* : The data source is an Amazon DynamoDB table.\n- *AMAZON_ELASTICSEARCH* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_EVENTBRIDGE* : The data source is an Amazon EventBridge event bus.\n- *AMAZON_OPENSEARCH_SERVICE* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_BEDROCK_RUNTIME* : The data source is the Amazon Bedrock runtime.\n- *NONE* : There is no data source. This type is used when you wish to invoke a GraphQL operation without connecting to a data source, such as performing data transformation with resolvers or triggering a subscription to be invoked from a mutation.\n- *HTTP* : The data source is an HTTP endpoint.\n- *RELATIONAL_DATABASE* : The data source is a relational database.", "title": "Type", "type": "string" } @@ -29052,13 +29052,13 @@ "additionalProperties": false, "properties": { "Payload": { - "markdownDescription": "The JSON or YAML-formatted payload defining the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", + "markdownDescription": "The JSON or YAML-formatted payload defining the OpenAPI schema for the action group.", "title": "Payload", "type": "string" }, "S3": { "$ref": "#/definitions/AWS::Bedrock::Agent.S3Identifier", - "markdownDescription": "Contains details about the S3 object containing the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", + "markdownDescription": "Contains details about the S3 object containing the OpenAPI schema for the action group.", "title": "S3" } }, @@ -29098,11 +29098,11 @@ }, "ApiSchema": { "$ref": "#/definitions/AWS::Bedrock::Agent.APISchema", - "markdownDescription": "Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", + "markdownDescription": "Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com//bedrock/latest/userguide/agents-api-schema.html) .", "title": "ApiSchema" }, "Description": { - "markdownDescription": "The description of the action group.", + "markdownDescription": "A description of the action group.", "title": "Description", "type": "string" }, @@ -29205,7 +29205,7 @@ "type": "string" }, "PromptState": { - "markdownDescription": "Specifies whether to allow the agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` \u2013 `ENABLED`\n- `ORCHESTRATION` \u2013 `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` \u2013 `ENABLED`\n- `POST_PROCESSING` \u2013 `DISABLED`", + "markdownDescription": "Specifies whether to allow the inline agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` \u2013 `ENABLED`\n- `ORCHESTRATION` \u2013 `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` \u2013 `ENABLED`\n- `POST_PROCESSING` \u2013 `DISABLED`", "title": "PromptState", "type": "string" }, @@ -29957,7 +29957,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the knowledge base.", + "markdownDescription": "The description of the knowledge base associated with the inline agent.", "title": "Description", "type": "string" }, @@ -39378,12 +39378,12 @@ "additionalProperties": false, "properties": { "ResourceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel` .", + "markdownDescription": "The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.\n\nExample event data store ARN format: `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`\n\nExample dashboard ARN format: `arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash`\n\nExample channel ARN format: `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`", "title": "ResourceArn", "type": "string" }, "ResourcePolicy": { - "markdownDescription": "A JSON-formatted string for an AWS resource-based policy.\n\nThe following are requirements for the resource policy:\n\n- Contains only one action: cloudtrail-data:PutAuditEvents\n- Contains at least one statement. The policy can have a maximum of 20 statements.\n- Each statement contains at least one principal. A statement can have a maximum of 50 principals.", + "markdownDescription": "A JSON-formatted string for an AWS resource-based policy.\n\nFor example resource-based policies, see [CloudTrail resource-based policy examples](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html) in the *CloudTrail User Guide* .", "title": "ResourcePolicy", "type": "object" } @@ -45969,7 +45969,7 @@ }, "InviteMessageTemplate": { "$ref": "#/definitions/AWS::Cognito::UserPool.InviteMessageTemplate", - "markdownDescription": "The template for the welcome message to new users.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", + "markdownDescription": "The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", "title": "InviteMessageTemplate" }, "UnusedAccountValidityDays": { @@ -46494,7 +46494,7 @@ "type": "string" }, "EnablePropagateAdditionalUserContextData": { - "markdownDescription": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . If you don\u2019t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", + "markdownDescription": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don\u2019t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", "title": "EnablePropagateAdditionalUserContextData", "type": "boolean" }, @@ -46507,7 +46507,7 @@ "items": { "type": "string" }, - "markdownDescription": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n> If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` .", + "markdownDescription": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n> If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` .", "title": "ExplicitAuthFlows", "type": "array" }, @@ -46551,7 +46551,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .", + "markdownDescription": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with the [hosted UI and OAuth 2.0 authorization server](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) .", "title": "SupportedIdentityProviders", "type": "array" }, @@ -46689,7 +46689,7 @@ "properties": { "CustomDomainConfig": { "$ref": "#/definitions/AWS::Cognito::UserPoolDomain.CustomDomainConfigType", - "markdownDescription": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.", + "markdownDescription": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request.", "title": "CustomDomainConfig" }, "Domain": { @@ -47447,7 +47447,7 @@ "items": { "$ref": "#/definitions/AWS::Cognito::UserPoolUser.AttributeType" }, - "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", "title": "UserAttributes", "type": "array" }, @@ -48620,7 +48620,7 @@ }, "RecordingMode": { "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode", - "markdownDescription": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "markdownDescription": "Specifies the default recording frequency for the configuration recorder. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> *Some resource types require continuous recording*\n> \n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", "title": "RecordingMode" }, "RoleARN": { @@ -48710,7 +48710,7 @@ "additionalProperties": false, "properties": { "RecordingFrequency": { - "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording cannot be specified for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", "title": "RecordingFrequency", "type": "string" }, @@ -48745,7 +48745,7 @@ "items": { "type": "string" }, - "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", + "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording cannot be specified for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", "title": "ResourceTypes", "type": "array" } @@ -68437,7 +68437,7 @@ "type": "boolean" }, "EndDate": { - "markdownDescription": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to `expired` when it reaches its end date and time.\n\nYou must provide an `EndDate` value if `EndDateType` is `limited` . Omit `EndDate` if `EndDateType` is `unlimited` .\n\nIf the `EndDateType` is `limited` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.", + "markdownDescription": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to `expired` when it reaches its end date and time.\n\nYou must provide an `EndDate` value if `EndDateType` is `limited` . Omit `EndDate` if `EndDateType` is `unlimited` .\n\nIf the `EndDateType` is `limited` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.\n\nIf you are requesting a future-dated Capacity Reservation, you can't specify an end date and time that is within the commitment duration.", "title": "EndDate", "type": "string" }, @@ -68452,12 +68452,12 @@ "type": "boolean" }, "InstanceCount": { - "markdownDescription": "The number of instances for which to reserve capacity.\n\nValid range: 1 - 1000", + "markdownDescription": "The number of instances for which to reserve capacity.\n\n> You can request future-dated Capacity Reservations for an instance count with a minimum of 100 VPUs. For example, if you request a future-dated Capacity Reservation for `m5.xlarge` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ). \n\nValid range: 1 - 1000", "title": "InstanceCount", "type": "number" }, "InstanceMatchCriteria": { - "markdownDescription": "Indicates the type of instance launches that the Capacity Reservation accepts. The options include:\n\n- `open` - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.\n- `targeted` - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.\n\nDefault: `open`", + "markdownDescription": "Indicates the type of instance launches that the Capacity Reservation accepts. The options include:\n\n- `open` - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.\n- `targeted` - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.\n\n> If you are requesting a future-dated Capacity Reservation, you must specify `targeted` . \n\nDefault: `open`", "title": "InstanceMatchCriteria", "type": "string" }, @@ -68467,17 +68467,17 @@ "type": "string" }, "InstanceType": { - "markdownDescription": "The instance type for which to reserve capacity. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .", + "markdownDescription": "The instance type for which to reserve capacity.\n\n> You can request future-dated Capacity Reservations for instance types in the C, M, R, I, and T instance families only. \n\nFor more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .", "title": "InstanceType", "type": "string" }, "OutPostArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.", + "markdownDescription": "> Not supported for future-dated Capacity Reservations. \n\nThe Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.", "title": "OutPostArn", "type": "string" }, "PlacementGroupArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see [Capacity Reservations for cluster placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html) in the *Amazon EC2 User Guide* .", + "markdownDescription": "> Not supported for future-dated Capacity Reservations. \n\nThe Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see [Capacity Reservations for cluster placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html) in the *Amazon EC2 User Guide* .", "title": "PlacementGroupArn", "type": "string" }, @@ -69908,7 +69908,7 @@ "items": { "type": "string" }, - "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "title": "CpuManufacturers", "type": "array" }, @@ -72726,7 +72726,7 @@ "additionalProperties": false, "properties": { "CapacityReservationPreference": { - "markdownDescription": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n\n- `open` - The instance can run in any `open` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).\n- `none` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", + "markdownDescription": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n\n- `capacity-reservations-only` - The instance will only run in a Capacity Reservation or Capacity Reservation group. If capacity isn't available, the instance will fail to launch.\n- `open` - The instance can run in any `open` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone, tenancy).\n- `none` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", "title": "CapacityReservationPreference", "type": "string" }, @@ -73009,7 +73009,7 @@ "items": { "type": "string" }, - "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "title": "CpuManufacturers", "type": "array" }, @@ -77529,7 +77529,7 @@ "items": { "type": "string" }, - "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "title": "CpuManufacturers", "type": "array" }, @@ -83814,12 +83814,12 @@ "title": "DeploymentCircuitBreaker" }, "MaximumPercent": { - "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `maximumPercent` parameter represents an upper limit on the number of your service's tasks that are allowed in the `RUNNING` or `PENDING` state during a deployment, as a percentage of the `desiredCount` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the `REPLICA` service scheduler and has a `desiredCount` of four tasks and a `maximumPercent` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default `maximumPercent` value for a service using the `REPLICA` service scheduler is 200%.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `maximumPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.", + "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `maximumPercent` parameter represents an upper limit on the number of your service's tasks that are allowed in the `RUNNING` or `PENDING` state during a deployment, as a percentage of the `desiredCount` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the `REPLICA` service scheduler and has a `desiredCount` of four tasks and a `maximumPercent` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default `maximumPercent` value for a service using the `REPLICA` service scheduler is 200%.\n\nThe Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `maximumPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.", "title": "MaximumPercent", "type": "number" }, "MinimumHealthyPercent": { - "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", + "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nIf any tasks are unhealthy and if `maximumPercent` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one \u2014 using the `minimumHealthyPercent` as a constraint \u2014 to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", "title": "MinimumHealthyPercent", "type": "number" } @@ -90400,7 +90400,7 @@ "type": "string" }, "IpDiscovery": { - "markdownDescription": "The network type you choose when modifying a cluster, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "The network type you choose when modifying a cluster, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "IpDiscovery", "type": "string" }, @@ -90413,7 +90413,7 @@ "type": "array" }, "NetworkType": { - "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "NetworkType", "type": "string" }, @@ -90972,7 +90972,7 @@ "type": "string" }, "IpDiscovery": { - "markdownDescription": "The network type you choose when creating a replication group, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "The network type you choose when creating a replication group, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "IpDiscovery", "type": "string" }, @@ -90995,7 +90995,7 @@ "type": "boolean" }, "NetworkType": { - "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "NetworkType", "type": "string" }, @@ -91453,7 +91453,7 @@ "title": "CacheUsageLimits" }, "DailySnapshotTime": { - "markdownDescription": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Valkey, Redis OSS, and Serverless Memcached only.", + "markdownDescription": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Valkey, Redis OSS and Serverless Memcached only.", "title": "DailySnapshotTime", "type": "string" }, @@ -91514,7 +91514,7 @@ "type": "array" }, "SnapshotRetentionLimit": { - "markdownDescription": "The current setting for the number of serverless cache snapshots the system will retain. Available for Valkey, Redis OSS, and Serverless Memcached only.", + "markdownDescription": "The current setting for the number of serverless cache snapshots the system will retain. Available for Valkey, Redis OSS and Serverless Memcached only.", "title": "SnapshotRetentionLimit", "type": "number" }, @@ -91774,7 +91774,7 @@ "title": "AuthenticationMode" }, "Engine": { - "markdownDescription": "The current supported value is redis.", + "markdownDescription": "The current supported values are valkey and redis.", "title": "Engine", "type": "string" }, @@ -94119,7 +94119,7 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The name of the attribute.\n\nThe following attributes are supported by all load balancers:\n\n- `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false` . The default is `false` .\n- `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false` . The default for Network Load Balancers and Gateway Load Balancers is `false` . The default for Application Load Balancers is `true` , and can't be changed.\n\nThe following attributes are supported by both Application Load Balancers and Network Load Balancers:\n\n- `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false` . The default is `false` .\n- `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs.\n- `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n\nThe following attributes are supported by only Application Load Balancers:\n\n- `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n- `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n- `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false` . The default is `false` .\n- `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs.\n- `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor` , `defensive` , and `strictest` . The default is `defensive` .\n- `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( `true` ) or routed to targets ( `false` ). The default is `false` .\n- `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers ( `x-amzn-tls-version` and `x-amzn-tls-cipher-suite` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false` . The default is `false` .\n- `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append` , `preserve` , and `remove` . The default is `append` .\n\n- If the value is `append` , the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change.\n- If the value is `remove` , the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- `routing.http2.enabled` - Indicates whether HTTP/2 is enabled. The possible values are `true` and `false` . The default is `true` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n- `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Network Load Balancers:\n\n- `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity.\n- `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false` . The default is `false` .", + "markdownDescription": "The name of the attribute.\n\nThe following attributes are supported by all load balancers:\n\n- `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false` . The default is `false` .\n- `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false` . The default for Network Load Balancers and Gateway Load Balancers is `false` . The default for Application Load Balancers is `true` , and can't be changed.\n\nThe following attributes are supported by both Application Load Balancers and Network Load Balancers:\n\n- `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false` . The default is `false` .\n- `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs.\n- `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n- `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Application Load Balancers:\n\n- `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n- `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n- `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false` . The default is `false` .\n- `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs.\n- `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor` , `defensive` , and `strictest` . The default is `defensive` .\n- `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( `true` ) or routed to targets ( `false` ). The default is `false` .\n- `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers ( `x-amzn-tls-version` and `x-amzn-tls-cipher-suite` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false` . The default is `false` .\n- `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append` , `preserve` , and `remove` . The default is `append` .\n\n- If the value is `append` , the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change.\n- If the value is `remove` , the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- `routing.http2.enabled` - Indicates whether HTTP/2 is enabled. The possible values are `true` and `false` . The default is `true` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n- `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Network Load Balancers:\n\n- `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity.", "title": "Key", "type": "string" }, @@ -123484,7 +123484,7 @@ "additionalProperties": false, "properties": { "DeprecateThingType": { - "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", + "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type. You cannot update `ThingTypeProperties` if the thing type is deprecated.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", "title": "DeprecateThingType", "type": "boolean" }, @@ -123503,7 +123503,7 @@ }, "ThingTypeProperties": { "$ref": "#/definitions/AWS::IoT::ThingType.ThingTypeProperties", - "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, and a list of searchable thing attribute names. `ThingTypeProperties` can't be updated after the initial creation of the `ThingType` .", + "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration` .", "title": "ThingTypeProperties" } }, @@ -128015,7 +128015,7 @@ "title": "CollectionScheme" }, "Compression": { - "markdownDescription": "(Optional) Whether to compress signals before transmitting data to AWS IoT FleetWise . If you don't want to compress the signals, use `OFF` . If it's not specified, `SNAPPY` is used.\n\nDefault: `SNAPPY`", + "markdownDescription": "Whether to compress signals before transmitting data to AWS IoT FleetWise . If you don't want to compress the signals, use `OFF` . If it's not specified, `SNAPPY` is used.\n\nDefault: `SNAPPY`", "title": "Compression", "type": "string" }, @@ -128023,7 +128023,7 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.DataDestinationConfig" }, - "markdownDescription": "(Optional) The destination where the campaign sends data. You can choose to send data to be stored in Amazon S3 or Amazon Timestream .\n\nAmazon S3 optimizes the cost of data storage and provides additional mechanisms to use vehicle data, such as data lakes, centralized data storage, data processing pipelines, and analytics. AWS IoT FleetWise supports at-least-once file delivery to S3. Your vehicle data is stored on multiple AWS IoT FleetWise servers for redundancy and high availability.\n\nYou can use Amazon Timestream to access and analyze time series data, and Timestream to query vehicle data so that you can identify trends and patterns.", + "markdownDescription": "The destination where the campaign sends data. You can choose to send data to be stored in Amazon S3 or Amazon Timestream .\n\nAmazon S3 optimizes the cost of data storage and provides additional mechanisms to use vehicle data, such as data lakes, centralized data storage, data processing pipelines, and analytics. AWS IoT FleetWise supports at-least-once file delivery to S3. Your vehicle data is stored on multiple AWS IoT FleetWise servers for redundancy and high availability.\n\nYou can use Amazon Timestream to access and analyze time series data, and Timestream to query vehicle data so that you can identify trends and patterns.", "title": "DataDestinationConfigs", "type": "array" }, @@ -128031,22 +128031,22 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of vehicle attributes to associate with a campaign.\n\nEnrich the data with specified vehicle attributes. For example, add `make` and `model` to the campaign, and AWS IoT FleetWise will associate the data with those attributes as dimensions in Amazon Timestream . You can then query the data against `make` and `model` .\n\nDefault: An empty array", + "markdownDescription": "A list of vehicle attributes to associate with a campaign.\n\nEnrich the data with specified vehicle attributes. For example, add `make` and `model` to the campaign, and AWS IoT FleetWise will associate the data with those attributes as dimensions in Amazon Timestream . You can then query the data against `make` and `model` .\n\nDefault: An empty array", "title": "DataExtraDimensions", "type": "array" }, "Description": { - "markdownDescription": "(Optional) The description of the campaign.", + "markdownDescription": "The description of the campaign.", "title": "Description", "type": "string" }, "DiagnosticsMode": { - "markdownDescription": "(Optional) Option for a vehicle to send diagnostic trouble codes to AWS IoT FleetWise . If you want to send diagnostic trouble codes, use `SEND_ACTIVE_DTCS` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "markdownDescription": "Option for a vehicle to send diagnostic trouble codes to AWS IoT FleetWise . If you want to send diagnostic trouble codes, use `SEND_ACTIVE_DTCS` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", "title": "DiagnosticsMode", "type": "string" }, "ExpiryTime": { - "markdownDescription": "(Optional) The time the campaign expires, in seconds since epoch (January 1, 1970 at midnight UTC time). Vehicle data isn't collected after the campaign expires.\n\nDefault: 253402214400 (December 31, 9999, 00:00:00 UTC)", + "markdownDescription": "The time the campaign expires, in seconds since epoch (January 1, 1970 at midnight UTC time). Vehicle data isn't collected after the campaign expires.\n\nDefault: 253402214400 (December 31, 9999, 00:00:00 UTC)", "title": "ExpiryTime", "type": "string" }, @@ -128056,12 +128056,12 @@ "type": "string" }, "PostTriggerCollectionDuration": { - "markdownDescription": "(Optional) How long (in milliseconds) to collect raw data after a triggering event initiates the collection. If it's not specified, `0` is used.\n\nDefault: `0`", + "markdownDescription": "How long (in milliseconds) to collect raw data after a triggering event initiates the collection. If it's not specified, `0` is used.\n\nDefault: `0`", "title": "PostTriggerCollectionDuration", "type": "number" }, "Priority": { - "markdownDescription": "(Optional) A number indicating the priority of one campaign over another campaign for a certain vehicle or fleet. A campaign with the lowest value is deployed to vehicles before any other campaigns. If it's not specified, `0` is used.\n\nDefault: `0`", + "markdownDescription": "A number indicating the priority of one campaign over another campaign for a certain vehicle or fleet. A campaign with the lowest value is deployed to vehicles before any other campaigns. If it's not specified, `0` is used.\n\nDefault: `0`", "title": "Priority", "type": "number" }, @@ -128074,17 +128074,17 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.SignalInformation" }, - "markdownDescription": "(Optional) A list of information about signals to collect.", + "markdownDescription": "A list of information about signals to collect.", "title": "SignalsToCollect", "type": "array" }, "SpoolingMode": { - "markdownDescription": "(Optional) Whether to store collected data after a vehicle lost a connection with the cloud. After a connection is re-established, the data is automatically forwarded to AWS IoT FleetWise . If you want to store collected data when a vehicle loses connection with the cloud, use `TO_DISK` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "markdownDescription": "Whether to store collected data after a vehicle lost a connection with the cloud. After a connection is re-established, the data is automatically forwarded to AWS IoT FleetWise . If you want to store collected data when a vehicle loses connection with the cloud, use `TO_DISK` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", "title": "SpoolingMode", "type": "string" }, "StartTime": { - "markdownDescription": "(Optional) The time, in milliseconds, to deliver a campaign after it was approved. If it's not specified, `0` is used.\n\nDefault: `0`", + "markdownDescription": "The time, in milliseconds, to deliver a campaign after it was approved. If it's not specified, `0` is used.\n\nDefault: `0`", "title": "StartTime", "type": "string" }, @@ -128092,7 +128092,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the campaign.", + "markdownDescription": "Metadata that can be used to manage the campaign.", "title": "Tags", "type": "array" }, @@ -128137,12 +128137,12 @@ "properties": { "ConditionBasedCollectionScheme": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.ConditionBasedCollectionScheme", - "markdownDescription": "(Optional) Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", + "markdownDescription": "Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", "title": "ConditionBasedCollectionScheme" }, "TimeBasedCollectionScheme": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.TimeBasedCollectionScheme", - "markdownDescription": "(Optional) Information about a collection scheme that uses a time period to decide how often to collect data.", + "markdownDescription": "Information about a collection scheme that uses a time period to decide how often to collect data.", "title": "TimeBasedCollectionScheme" } }, @@ -128152,7 +128152,7 @@ "additionalProperties": false, "properties": { "ConditionLanguageVersion": { - "markdownDescription": "(Optional) Specifies the version of the conditional expression language.", + "markdownDescription": "Specifies the version of the conditional expression language.", "title": "ConditionLanguageVersion", "type": "number" }, @@ -128162,12 +128162,12 @@ "type": "string" }, "MinimumTriggerIntervalMs": { - "markdownDescription": "(Optional) The minimum duration of time between two triggering events to collect data, in milliseconds.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "markdownDescription": "The minimum duration of time between two triggering events to collect data, in milliseconds.\n\n> If a signal changes often, you might want to collect data at a slower rate.", "title": "MinimumTriggerIntervalMs", "type": "number" }, "TriggerMode": { - "markdownDescription": "(Optional) Whether to collect data for all triggering events ( `ALWAYS` ). Specify ( `RISING_EDGE` ), or specify only when the condition first evaluates to false. For example, triggering on \"AirbagDeployed\"; Users aren't interested on triggering when the airbag is already exploded; they only care about the change from not deployed => deployed.", + "markdownDescription": "Whether to collect data for all triggering events ( `ALWAYS` ). Specify ( `RISING_EDGE` ), or specify only when the condition first evaluates to false. For example, triggering on \"AirbagDeployed\"; Users aren't interested on triggering when the airbag is already exploded; they only care about the change from not deployed => deployed.", "title": "TriggerMode", "type": "string" } @@ -128182,12 +128182,12 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.S3Config", - "markdownDescription": "(Optional) The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data.", + "markdownDescription": "The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data.", "title": "S3Config" }, "TimestreamConfig": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.TimestreamConfig", - "markdownDescription": "(Optional) The Amazon Timestream table where the campaign sends data.", + "markdownDescription": "The Amazon Timestream table where the campaign sends data.", "title": "TimestreamConfig" } }, @@ -128202,17 +128202,17 @@ "type": "string" }, "DataFormat": { - "markdownDescription": "(Optional) Specify the format that files are saved in the Amazon S3 bucket. You can save files in an Apache Parquet or JSON format.\n\n- Parquet - Store data in a columnar storage file format. Parquet is optimal for fast data retrieval and can reduce costs. This option is selected by default.\n- JSON - Store data in a standard text-based JSON file format.", + "markdownDescription": "Specify the format that files are saved in the Amazon S3 bucket. You can save files in an Apache Parquet or JSON format.\n\n- Parquet - Store data in a columnar storage file format. Parquet is optimal for fast data retrieval and can reduce costs. This option is selected by default.\n- JSON - Store data in a standard text-based JSON file format.", "title": "DataFormat", "type": "string" }, "Prefix": { - "markdownDescription": "(Optional) Enter an S3 bucket prefix. The prefix is the string of characters after the bucket name and before the object name. You can use the prefix to organize data stored in Amazon S3 buckets. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* .\n\nBy default, AWS IoT FleetWise sets the prefix `processed-data/year=YY/month=MM/date=DD/hour=HH/` (in UTC) to data it delivers to Amazon S3 . You can enter a prefix to append it to this default prefix. For example, if you enter the prefix `vehicles` , the prefix will be `vehicles/processed-data/year=YY/month=MM/date=DD/hour=HH/` .", + "markdownDescription": "Enter an S3 bucket prefix. The prefix is the string of characters after the bucket name and before the object name. You can use the prefix to organize data stored in Amazon S3 buckets. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* .\n\nBy default, AWS IoT FleetWise sets the prefix `processed-data/year=YY/month=MM/date=DD/hour=HH/` (in UTC) to data it delivers to Amazon S3 . You can enter a prefix to append it to this default prefix. For example, if you enter the prefix `vehicles` , the prefix will be `vehicles/processed-data/year=YY/month=MM/date=DD/hour=HH/` .", "title": "Prefix", "type": "string" }, "StorageCompressionFormat": { - "markdownDescription": "(Optional) By default, stored data is compressed as a .gzip file. Compressed files have a reduced file size, which can optimize the cost of data storage.", + "markdownDescription": "By default, stored data is compressed as a .gzip file. Compressed files have a reduced file size, which can optimize the cost of data storage.", "title": "StorageCompressionFormat", "type": "string" } @@ -128226,12 +128226,12 @@ "additionalProperties": false, "properties": { "MaxSampleCount": { - "markdownDescription": "(Optional) The maximum number of samples to collect.", + "markdownDescription": "The maximum number of samples to collect.", "title": "MaxSampleCount", "type": "number" }, "MinimumSamplingIntervalMs": { - "markdownDescription": "(Optional) The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "markdownDescription": "The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", "title": "MinimumSamplingIntervalMs", "type": "number" }, @@ -128316,7 +128316,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the decoder manifest.", + "markdownDescription": "A brief description of the decoder manifest.", "title": "Description", "type": "string" }, @@ -128334,7 +128334,7 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::DecoderManifest.NetworkInterfacesItems" }, - "markdownDescription": "(Optional) A list of information about available network interfaces.", + "markdownDescription": "A list of information about available network interfaces.", "title": "NetworkInterfaces", "type": "array" }, @@ -128342,12 +128342,12 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::DecoderManifest.SignalDecodersItems" }, - "markdownDescription": "(Optional) A list of information about signal decoders.", + "markdownDescription": "A list of information about signal decoders.", "title": "SignalDecoders", "type": "array" }, "Status": { - "markdownDescription": "(Optional) The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", + "markdownDescription": "The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", "title": "Status", "type": "string" }, @@ -128355,7 +128355,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the decoder manifest.", + "markdownDescription": "Metadata that can be used to manage the decoder manifest.", "title": "Tags", "type": "array" } @@ -128396,12 +128396,12 @@ "type": "string" }, "ProtocolName": { - "markdownDescription": "(Optional) The name of the communication protocol for the interface.", + "markdownDescription": "The name of the communication protocol for the interface.", "title": "ProtocolName", "type": "string" }, "ProtocolVersion": { - "markdownDescription": "(Optional) The version of the communication protocol for the interface.", + "markdownDescription": "The version of the communication protocol for the interface.", "title": "ProtocolVersion", "type": "string" } @@ -128440,7 +128440,7 @@ "type": "string" }, "Name": { - "markdownDescription": "(Optional) The name of the signal.", + "markdownDescription": "The name of the signal.", "title": "Name", "type": "string" }, @@ -128492,12 +128492,12 @@ "additionalProperties": false, "properties": { "DtcRequestIntervalSeconds": { - "markdownDescription": "(Optional) The maximum number message requests per diagnostic trouble code per second.", + "markdownDescription": "The maximum number message requests per diagnostic trouble code per second.", "title": "DtcRequestIntervalSeconds", "type": "string" }, "HasTransmissionEcu": { - "markdownDescription": "(Optional) Whether the vehicle has a transmission control module (TCM).", + "markdownDescription": "Whether the vehicle has a transmission control module (TCM).", "title": "HasTransmissionEcu", "type": "string" }, @@ -128507,12 +128507,12 @@ "type": "string" }, "ObdStandard": { - "markdownDescription": "(Optional) The standard OBD II PID.", + "markdownDescription": "The standard OBD II PID.", "title": "ObdStandard", "type": "string" }, "PidRequestIntervalSeconds": { - "markdownDescription": "(Optional) The maximum number message requests per second.", + "markdownDescription": "The maximum number message requests per second.", "title": "PidRequestIntervalSeconds", "type": "string" }, @@ -128522,7 +128522,7 @@ "type": "string" }, "UseExtendedIds": { - "markdownDescription": "(Optional) Whether to use extended IDs in the message.", + "markdownDescription": "Whether to use extended IDs in the message.", "title": "UseExtendedIds", "type": "string" } @@ -128537,12 +128537,12 @@ "additionalProperties": false, "properties": { "BitMaskLength": { - "markdownDescription": "(Optional) The number of bits to mask in a message.", + "markdownDescription": "The number of bits to mask in a message.", "title": "BitMaskLength", "type": "string" }, "BitRightShift": { - "markdownDescription": "(Optional) The number of positions to shift bits in the message.", + "markdownDescription": "The number of positions to shift bits in the message.", "title": "BitRightShift", "type": "string" }, @@ -128655,7 +128655,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the fleet.", + "markdownDescription": "A brief description of the fleet.", "title": "Description", "type": "string" }, @@ -128673,7 +128673,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the fleet.", + "markdownDescription": "Metadata that can be used to manage the fleet.", "title": "Tags", "type": "array" } @@ -128741,7 +128741,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the vehicle model.", + "markdownDescription": "A brief description of the vehicle model.", "title": "Description", "type": "string" }, @@ -128754,7 +128754,7 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of nodes, which are a general abstraction of signals.", + "markdownDescription": "A list of nodes, which are a general abstraction of signals.", "title": "Nodes", "type": "array" }, @@ -128764,7 +128764,7 @@ "type": "string" }, "Status": { - "markdownDescription": "(Optional) The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", + "markdownDescription": "The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", "title": "Status", "type": "string" }, @@ -128772,7 +128772,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the vehicle model.", + "markdownDescription": "Metadata that can be used to manage the vehicle model.", "title": "Tags", "type": "array" } @@ -128840,25 +128840,25 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the signal catalog.", + "markdownDescription": "A brief description of the signal catalog.", "title": "Description", "type": "string" }, "Name": { - "markdownDescription": "(Optional) The name of the signal catalog.", + "markdownDescription": "The name of the signal catalog.", "title": "Name", "type": "string" }, "NodeCounts": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.NodeCounts", - "markdownDescription": "(Optional) Information about the number of nodes and node types in a vehicle network.", + "markdownDescription": "Information about the number of nodes and node types in a vehicle network.", "title": "NodeCounts" }, "Nodes": { "items": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Node" }, - "markdownDescription": "(Optional) A list of information about nodes, which are a general abstraction of signals.", + "markdownDescription": "A list of information about nodes, which are a general abstraction of signals.", "title": "Nodes", "type": "array" }, @@ -128866,7 +128866,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the signal catalog.", + "markdownDescription": "Metadata that can be used to manage the signal catalog.", "title": "Tags", "type": "array" } @@ -128900,12 +128900,12 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of possible values an actuator can take.", + "markdownDescription": "A list of possible values an actuator can take.", "title": "AllowedValues", "type": "array" }, "AssignedValue": { - "markdownDescription": "(Optional) A specified value for the actuator.", + "markdownDescription": "A specified value for the actuator.", "title": "AssignedValue", "type": "string" }, @@ -128915,7 +128915,7 @@ "type": "string" }, "Description": { - "markdownDescription": "(Optional) A brief description of the actuator.", + "markdownDescription": "A brief description of the actuator.", "title": "Description", "type": "string" }, @@ -128925,17 +128925,17 @@ "type": "string" }, "Max": { - "markdownDescription": "(Optional) The specified possible maximum value of an actuator.", + "markdownDescription": "The specified possible maximum value of an actuator.", "title": "Max", "type": "number" }, "Min": { - "markdownDescription": "(Optional) The specified possible minimum value of an actuator.", + "markdownDescription": "The specified possible minimum value of an actuator.", "title": "Min", "type": "number" }, "Unit": { - "markdownDescription": "(Optional) The scientific unit for the actuator.", + "markdownDescription": "The scientific unit for the actuator.", "title": "Unit", "type": "string" } @@ -128953,12 +128953,12 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of possible values an attribute can be assigned.", + "markdownDescription": "A list of possible values an attribute can be assigned.", "title": "AllowedValues", "type": "array" }, "AssignedValue": { - "markdownDescription": "(Optional) A specified value for the attribute.", + "markdownDescription": "A specified value for the attribute.", "title": "AssignedValue", "type": "string" }, @@ -128968,12 +128968,12 @@ "type": "string" }, "DefaultValue": { - "markdownDescription": "(Optional) The default value of the attribute.", + "markdownDescription": "The default value of the attribute.", "title": "DefaultValue", "type": "string" }, "Description": { - "markdownDescription": "(Optional) A brief description of the attribute.", + "markdownDescription": "A brief description of the attribute.", "title": "Description", "type": "string" }, @@ -128983,17 +128983,17 @@ "type": "string" }, "Max": { - "markdownDescription": "(Optional) The specified possible maximum value of the attribute.", + "markdownDescription": "The specified possible maximum value of the attribute.", "title": "Max", "type": "number" }, "Min": { - "markdownDescription": "(Optional) The specified possible minimum value of the attribute.", + "markdownDescription": "The specified possible minimum value of the attribute.", "title": "Min", "type": "number" }, "Unit": { - "markdownDescription": "(Optional) The scientific unit for the attribute.", + "markdownDescription": "The scientific unit for the attribute.", "title": "Unit", "type": "string" } @@ -129008,7 +129008,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the branch.", + "markdownDescription": "A brief description of the branch.", "title": "Description", "type": "string" }, @@ -129028,22 +129028,22 @@ "properties": { "Actuator": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Actuator", - "markdownDescription": "(Optional) Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", + "markdownDescription": "Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", "title": "Actuator" }, "Attribute": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Attribute", - "markdownDescription": "(Optional) Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", + "markdownDescription": "Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", "title": "Attribute" }, "Branch": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Branch", - "markdownDescription": "(Optional) Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", + "markdownDescription": "Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", "title": "Branch" }, "Sensor": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Sensor", - "markdownDescription": "(Optional) An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors.", + "markdownDescription": "An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors.", "title": "Sensor" } }, @@ -129053,27 +129053,27 @@ "additionalProperties": false, "properties": { "TotalActuators": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent actuators.", + "markdownDescription": "The total number of nodes in a vehicle network that represent actuators.", "title": "TotalActuators", "type": "number" }, "TotalAttributes": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent attributes.", + "markdownDescription": "The total number of nodes in a vehicle network that represent attributes.", "title": "TotalAttributes", "type": "number" }, "TotalBranches": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent branches.", + "markdownDescription": "The total number of nodes in a vehicle network that represent branches.", "title": "TotalBranches", "type": "number" }, "TotalNodes": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network.", + "markdownDescription": "The total number of nodes in a vehicle network.", "title": "TotalNodes", "type": "number" }, "TotalSensors": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent sensors.", + "markdownDescription": "The total number of nodes in a vehicle network that represent sensors.", "title": "TotalSensors", "type": "number" } @@ -129087,7 +129087,7 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of possible values a sensor can take.", + "markdownDescription": "A list of possible values a sensor can take.", "title": "AllowedValues", "type": "array" }, @@ -129097,7 +129097,7 @@ "type": "string" }, "Description": { - "markdownDescription": "(Optional) A brief description of a sensor.", + "markdownDescription": "A brief description of a sensor.", "title": "Description", "type": "string" }, @@ -129107,17 +129107,17 @@ "type": "string" }, "Max": { - "markdownDescription": "(Optional) The specified possible maximum value of the sensor.", + "markdownDescription": "The specified possible maximum value of the sensor.", "title": "Max", "type": "number" }, "Min": { - "markdownDescription": "(Optional) The specified possible minimum value of the sensor.", + "markdownDescription": "The specified possible minimum value of the sensor.", "title": "Min", "type": "number" }, "Unit": { - "markdownDescription": "(Optional) The scientific unit of measurement for data collected by the sensor.", + "markdownDescription": "The scientific unit of measurement for data collected by the sensor.", "title": "Unit", "type": "string" } @@ -129164,13 +129164,13 @@ "additionalProperties": false, "properties": { "AssociationBehavior": { - "markdownDescription": "(Optional) An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", + "markdownDescription": "An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", "title": "AssociationBehavior", "type": "string" }, "Attributes": { "additionalProperties": true, - "markdownDescription": "(Optional) Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", + "markdownDescription": "Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -129198,7 +129198,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata which can be used to manage the vehicle.", + "markdownDescription": "Metadata which can be used to manage the vehicle.", "title": "Tags", "type": "array" } @@ -155277,7 +155277,7 @@ "type": "string" }, "Protocol": { - "markdownDescription": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.", + "markdownDescription": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "title": "Protocol", "type": "string" }, @@ -155576,7 +155576,7 @@ "type": "string" }, "MaxLatency": { - "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams.", + "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.", "title": "MaxLatency", "type": "number" }, @@ -155596,7 +155596,7 @@ "type": "number" }, "Protocol": { - "markdownDescription": "The protocol to use for the output.", + "markdownDescription": "The protocol to use for the output.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "title": "Protocol", "type": "string" }, @@ -155760,7 +155760,7 @@ "type": "number" }, "MaxLatency": { - "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams.", + "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.", "title": "MaxLatency", "type": "number" }, @@ -162637,7 +162637,7 @@ "type": "number" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -162699,7 +162699,7 @@ "type": "number" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -163137,7 +163137,7 @@ "type": "string" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -163842,7 +163842,7 @@ "type": "string" }, "PresetSpeke20Video": { - "markdownDescription": "The SPEKE Version 2.0 preset video associated with the encryption contract configuration of the origin endpoint.", + "markdownDescription": "The SPEKE Version 2.0 preset video associated with the encryption contract configuration of the origin endpoint.\n\nA collection of video encryption presets.\n\nValue description:\n\n- `PRESET-VIDEO-1` - Use one content key to encrypt all of the video tracks in your stream.\n- `PRESET-VIDEO-2` - Use one content key to encrypt all of the SD video tracks and one content key for all HD and higher resolutions video tracks.\n- `PRESET-VIDEO-3` - Use one content key to encrypt all of the SD video tracks, one content key for HD video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-4` - Use one content key to encrypt all of the SD video tracks, one content key for HD video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `PRESET-VIDEO-5` - Use one content key to encrypt all of the SD video tracks, one content key for HD1 video tracks, one content key for HD2 video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `PRESET-VIDEO-6` - Use one content key to encrypt all of the SD video tracks, one content key for HD1 video tracks, one content key for HD2 video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-7` - Use one content key to encrypt all of the SD+HD1 video tracks, one content key for HD2 video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-8` - Use one content key to encrypt all of the SD+HD1 video tracks, one content key for HD2 video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `SHARED` - Use the same content key for all of the video and audio tracks in your stream.\n- `UNENCRYPTED` - Don't encrypt any of the video tracks in your stream.", "title": "PresetSpeke20Video", "type": "string" } @@ -163963,7 +163963,7 @@ "type": "number" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. If you don't enter an interval, `EXT-X-PROGRAM-DATE-TIME` tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. `ID3Timed` metadata messages generate every 5 seconds whenever MediaPackage ingests the content.\n\nIrrespective of this parameter, if any `ID3Timed` metadata is in the HLS input, MediaPackage passes through that metadata to the HLS output.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. If you don't enter an interval, `EXT-X-PROGRAM-DATE-TIME` tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.\n\nIrrespective of this parameter, if any `ID3Timed` metadata is in the HLS input, MediaPackage passes through that metadata to the HLS output.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -230631,12 +230631,12 @@ "items": { "$ref": "#/definitions/AWS::ResourceGroups::Group.ConfigurationParameter" }, - "markdownDescription": "A collection of parameters for this configuration item. For the list of parameters that you can use with each configuration item `Type` , see [Supported resource types and parameters](https://docs.aws.amazon.com/ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", + "markdownDescription": "A collection of parameters for this configuration item. For the list of parameters that you can use with each configuration item `Type` , see [Supported resource types and parameters](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", "title": "Parameters", "type": "array" }, "Type": { - "markdownDescription": "Specifies the type of configuration item. Each item must have a unique value for type. For the list of the types that you can specify for a configuration item, see [Supported resource types and parameters](https://docs.aws.amazon.com/ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", + "markdownDescription": "Specifies the type of configuration item. Each item must have a unique value for type. For the list of the types that you can specify for a configuration item, see [Supported resource types and parameters](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", "title": "Type", "type": "string" } @@ -234175,7 +234175,7 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:\n\n- `ALLOW` - Permit the request to go through.\n- `ALERT` - Permit the request to go through but send an alert to the logs.\n- `BLOCK` - Disallow the request. If this is specified,then `BlockResponse` must also be specified.\n\nif `BlockResponse` is `OVERRIDE` , then all of the following `OVERRIDE` attributes must be specified:\n\n- `BlockOverrideDnsType`\n- `BlockOverrideDomain`\n- `BlockOverrideTtl`", + "markdownDescription": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advvanced rule:\n\n- `ALLOW` - Permit the request to go through. Not available for DNS Firewall Advanced rules.\n- `ALERT` - Permit the request to go through but send an alert to the logs.\n- `BLOCK` - Disallow the request. If this is specified,then `BlockResponse` must also be specified.\n\nif `BlockResponse` is `OVERRIDE` , then all of the following `OVERRIDE` attributes must be specified:\n\n- `BlockOverrideDnsType`\n- `BlockOverrideDomain`\n- `BlockOverrideTtl`", "title": "Action", "type": "string" }, @@ -235559,7 +235559,7 @@ }, "ObjectLockConfiguration": { "$ref": "#/definitions/AWS::S3::Bucket.ObjectLockConfiguration", - "markdownDescription": "> This operation is not supported by directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", + "markdownDescription": "> This operation is not supported for directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", "title": "ObjectLockConfiguration" }, "ObjectLockEnabled": { @@ -247599,7 +247599,7 @@ "properties": { "ComputeResourceRequirements": { "$ref": "#/definitions/AWS::SageMaker::InferenceComponent.InferenceComponentComputeResourceRequirements", - "markdownDescription": "The compute resources allocated to run the model assigned to the inference component.", + "markdownDescription": "The compute resources allocated to run the model, plus any adapter models, that you assign to the inference component.\n\nOmit this parameter if your request is meant to create an adapter inference component. An adapter inference component is loaded by a base inference component, and it uses the compute resources of the base inference component.", "title": "ComputeResourceRequirements" }, "Container": { @@ -254532,7 +254532,7 @@ "properties": { "HostedRotationLambda": { "$ref": "#/definitions/AWS::SecretsManager::RotationSchedule.HostedRotationLambda", - "markdownDescription": "Creates a new Lambda rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) . To use a rotation function that already exists, specify `RotationLambdaARN` instead.\n\nFor Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .\n\nFor Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .", + "markdownDescription": "Creates a new Lambda rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) . To use a rotation function that already exists, specify `RotationLambdaARN` instead.\n\nYou must specify `Transform: AWS::SecretsManager-2024-09-16` at the beginning of the CloudFormation template. Transforms are macros hosted by AWS CloudFormation that help you create and manage complex infrastructure. The `Transform: AWS::SecretsManager-2024-09-16` transform automatically extends the CloudFormation stack to include a nested stack (of type `AWS::CloudFormation::Stack` ), which then creates and updates on your behalf during subsequent stack operations, the appropriate rotation Lambda function for your database or service. For general information on transforms, see the [AWS CloudFormation documentation.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-reference.html)\n\nFor Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .\n\nFor Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .", "title": "HostedRotationLambda" }, "RotateImmediatelyOnUpdate": { @@ -254616,7 +254616,7 @@ "type": "string" }, "Runtime": { - "markdownDescription": "By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7*\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", + "markdownDescription": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.9. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", "title": "Runtime", "type": "string" }, @@ -255165,7 +255165,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when this finding record was created.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when this finding record was created.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "CreatedAt", "type": "array" }, @@ -255189,7 +255189,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "FirstObservedAt", "type": "array" }, @@ -255213,7 +255213,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "LastObservedAt", "type": "array" }, @@ -255229,7 +255229,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "The timestamp of when the note was updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "The timestamp of when the note was updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "NoteUpdatedAt", "type": "array" }, @@ -255365,7 +255365,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the finding record was most recently updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when the finding record was most recently updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "UpdatedAt", "type": "array" }, @@ -255405,12 +255405,12 @@ "title": "DateRange" }, "End": { - "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "End", "type": "string" }, "Start": { - "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "Start", "type": "string" } @@ -255888,7 +255888,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "CreatedAt", "type": "array" }, @@ -255968,7 +255968,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "FirstObservedAt", "type": "array" }, @@ -255992,7 +255992,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "LastObservedAt", "type": "array" }, @@ -256144,7 +256144,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that identifies when the process was launched.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that identifies when the process was launched.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "ProcessLaunchedAt", "type": "array" }, @@ -256184,7 +256184,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that identifies when the process was terminated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that identifies when the process was terminated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "ProcessTerminatedAt", "type": "array" }, @@ -256408,7 +256408,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that identifies when the container was started.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that identifies when the container was started.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "ResourceContainerLaunchedAt", "type": "array" }, @@ -256560,7 +256560,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider last updated the finding record.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider last updated the finding record.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "UpdatedAt", "type": "array" }, @@ -256638,12 +256638,12 @@ "title": "DateRange" }, "End": { - "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "End", "type": "string" }, "Start": { - "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "Start", "type": "string" } diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 38de789b2..0d3db6bf4 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -784,6 +784,12 @@ "RestApiId": "The string identifier of the associated RestApi.", "Stage": "The name of the associated stage." }, + "AWS::ApiGateway::BasePathMappingV2": { + "BasePath": "The base path name that callers of the private API must provide as part of the URL after the domain name.", + "DomainNameArn": "The ARN of the domain name for the BasePathMappingV2 resource to be described.", + "RestApiId": "The private API's identifier. This identifier is unique across all of your APIs in API Gateway.", + "Stage": "Represents a unique identifier for a version of a deployed private RestApi that is callable by users. The Stage must depend on the `RestApi` 's stage. To create a dependency, add a DependsOn attribute to the BasePathMappingV2 resource." + }, "AWS::ApiGateway::ClientCertificate": { "Description": "The description of the client certificate.", "Tags": "The collection of tags. Each tag element is associated with a given resource." @@ -868,7 +874,7 @@ "RestApiId": "The string identifier of the associated RestApi." }, "AWS::ApiGateway::DomainName": { - "CertificateArn": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source.", + "CertificateArn": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. AWS Certificate Manager is the only supported source.", "DomainName": "The custom domain name as an API host name, for example, `my-api.example.com` .", "EndpointConfiguration": "The endpoint configuration of this DomainName showing the endpoint types of the domain name.", "MutualTlsAuthentication": "The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API.", @@ -888,6 +894,31 @@ "Key": "A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.", "Value": "The value for the specified tag key." }, + "AWS::ApiGateway::DomainNameAccessAssociation": { + "AccessAssociationSource": "The identifier of the domain name access association source. For a `VPCE` , the value is the VPC endpoint ID.", + "AccessAssociationSourceType": "The type of the domain name access association source. Only `VPCE` is currently supported.", + "DomainNameArn": "The ARN of the domain name.", + "Tags": "The collection of tags. Each tag element is associated with a given resource." + }, + "AWS::ApiGateway::DomainNameAccessAssociation Tag": { + "Key": "A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.", + "Value": "The value for the specified tag key." + }, + "AWS::ApiGateway::DomainNameV2": { + "CertificateArn": "The reference to an AWS -managed certificate that will be used by the private endpoint for this domain name. AWS Certificate Manager is the only supported source.", + "DomainName": "Represents a custom domain name as a user-friendly host name of an API (RestApi).", + "EndpointConfiguration": "The endpoint configuration to indicate the types of endpoints an API (RestApi) or its custom domain name (DomainName) has.", + "Policy": "A stringified JSON policy document that applies to the `execute-api` service for this DomainName regardless of the caller and Method configuration. You can use `Fn::ToJsonString` to enter your `policy` . For more information, see [Fn::ToJsonString](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ToJsonString.html) .", + "SecurityPolicy": "The Transport Layer Security (TLS) version + cipher suite for this DomainName. Only `TLS_1_2` is supported.", + "Tags": "The collection of tags. Each tag element is associated with a given resource." + }, + "AWS::ApiGateway::DomainNameV2 EndpointConfiguration": { + "Types": "A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is `\"EDGE\"` . For a regional API and its custom domain name, the endpoint type is `REGIONAL` . For a private API, the endpoint type is `PRIVATE` ." + }, + "AWS::ApiGateway::DomainNameV2 Tag": { + "Key": "A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.", + "Value": "The value for the specified tag key." + }, "AWS::ApiGateway::GatewayResponse": { "ResponseParameters": "Response parameters (paths, query strings and headers) of the GatewayResponse as a string-to-string map of key-value pairs.", "ResponseTemplates": "Response templates of the GatewayResponse as a string-to-string map of key-value pairs.", @@ -3130,7 +3161,7 @@ "OpenSearchServiceConfig": "AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account.", "RelationalDatabaseConfig": "Relational Database configuration of the relational database data source.", "ServiceRoleArn": "The AWS Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source.\n\nRequired if `Type` is specified as `AWS_LAMBDA` , `AMAZON_DYNAMODB` , `AMAZON_ELASTICSEARCH` , `AMAZON_EVENTBRIDGE` , or `AMAZON_OPENSEARCH_SERVICE` .", - "Type": "The type of the data source.\n\n- *AWS_LAMBDA* : The data source is an AWS Lambda function.\n- *AMAZON_DYNAMODB* : The data source is an Amazon DynamoDB table.\n- *AMAZON_ELASTICSEARCH* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_EVENTBRIDGE* : The data source is an Amazon EventBridge event bus.\n- *AMAZON_OPENSEARCH_SERVICE* : The data source is an Amazon OpenSearch Service domain.\n- *NONE* : There is no data source. This type is used when you wish to invoke a GraphQL operation without connecting to a data source, such as performing data transformation with resolvers or triggering a subscription to be invoked from a mutation.\n- *HTTP* : The data source is an HTTP endpoint.\n- *RELATIONAL_DATABASE* : The data source is a relational database." + "Type": "The type of the data source.\n\n- *AWS_LAMBDA* : The data source is an AWS Lambda function.\n- *AMAZON_DYNAMODB* : The data source is an Amazon DynamoDB table.\n- *AMAZON_ELASTICSEARCH* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_EVENTBRIDGE* : The data source is an Amazon EventBridge event bus.\n- *AMAZON_OPENSEARCH_SERVICE* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_BEDROCK_RUNTIME* : The data source is the Amazon Bedrock runtime.\n- *NONE* : There is no data source. This type is used when you wish to invoke a GraphQL operation without connecting to a data source, such as performing data transformation with resolvers or triggering a subscription to be invoked from a mutation.\n- *HTTP* : The data source is an HTTP endpoint.\n- *RELATIONAL_DATABASE* : The data source is a relational database." }, "AWS::AppSync::DataSource AuthorizationConfig": { "AuthorizationType": "The authorization type that the HTTP endpoint requires.\n\n- *AWS_IAM* : The authorization type is Signature Version 4 (SigV4).", @@ -3466,6 +3497,7 @@ "AWS::ApplicationAutoScaling::ScalingPolicy": { "PolicyName": "The name of the scaling policy.\n\nUpdates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing `AWS::ApplicationAutoScaling::ScalingPolicy` resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name.", "PolicyType": "The scaling policy type.\n\nThe following policy types are supported:\n\n`TargetTrackingScaling` \u2014Not supported for Amazon EMR\n\n`StepScaling` \u2014Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.", + "PredictiveScalingPolicyConfiguration": "The predictive scaling policy configuration.", "ResourceId": "The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.\n\n- ECS service - The resource type is `service` and the unique identifier is the cluster name and service name. Example: `service/my-cluster/my-service` .\n- Spot Fleet - The resource type is `spot-fleet-request` and the unique identifier is the Spot Fleet request ID. Example: `spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE` .\n- EMR cluster - The resource type is `instancegroup` and the unique identifier is the cluster ID and instance group ID. Example: `instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0` .\n- AppStream 2.0 fleet - The resource type is `fleet` and the unique identifier is the fleet name. Example: `fleet/sample-fleet` .\n- DynamoDB table - The resource type is `table` and the unique identifier is the table name. Example: `table/my-table` .\n- DynamoDB global secondary index - The resource type is `index` and the unique identifier is the index name. Example: `table/my-table/index/my-table-index` .\n- Aurora DB cluster - The resource type is `cluster` and the unique identifier is the cluster name. Example: `cluster:my-db-cluster` .\n- SageMaker endpoint variant - The resource type is `variant` and the unique identifier is the resource ID. Example: `endpoint/my-end-point/variant/KMeansClustering` .\n- Custom resources are not supported with a resource type. This parameter must specify the `OutputValue` from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our [GitHub repository](https://docs.aws.amazon.com/https://github.com/aws/aws-auto-scaling-custom-resource) .\n- Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: `arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE` .\n- Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: `arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE` .\n- Lambda provisioned concurrency - The resource type is `function` and the unique identifier is the function name with a function version or alias name suffix that is not `$LATEST` . Example: `function:my-function:prod` or `function:my-function:1` .\n- Amazon Keyspaces table - The resource type is `table` and the unique identifier is the table name. Example: `keyspace/mykeyspace/table/mytable` .\n- Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: `arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5` .\n- Amazon ElastiCache replication group - The resource type is `replication-group` and the unique identifier is the replication group name. Example: `replication-group/mycluster` .\n- Neptune cluster - The resource type is `cluster` and the unique identifier is the cluster name. Example: `cluster:mycluster` .\n- SageMaker serverless endpoint - The resource type is `variant` and the unique identifier is the resource ID. Example: `endpoint/my-end-point/variant/KMeansClustering` .\n- SageMaker inference component - The resource type is `inference-component` and the unique identifier is the resource ID. Example: `inference-component/my-inference-component` .\n- Pool of WorkSpaces - The resource type is `workspacespool` and the unique identifier is the pool ID. Example: `workspacespool/wspool-123456` .", "ScalableDimension": "The scalable dimension. This string consists of the service namespace, resource type, and scaling property.\n\n- `ecs:service:DesiredCount` - The task count of an ECS service.\n- `elasticmapreduce:instancegroup:InstanceCount` - The instance count of an EMR Instance Group.\n- `ec2:spot-fleet-request:TargetCapacity` - The target capacity of a Spot Fleet.\n- `appstream:fleet:DesiredCapacity` - The capacity of an AppStream 2.0 fleet.\n- `dynamodb:table:ReadCapacityUnits` - The provisioned read capacity for a DynamoDB table.\n- `dynamodb:table:WriteCapacityUnits` - The provisioned write capacity for a DynamoDB table.\n- `dynamodb:index:ReadCapacityUnits` - The provisioned read capacity for a DynamoDB global secondary index.\n- `dynamodb:index:WriteCapacityUnits` - The provisioned write capacity for a DynamoDB global secondary index.\n- `rds:cluster:ReadReplicaCount` - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.\n- `sagemaker:variant:DesiredInstanceCount` - The number of EC2 instances for a SageMaker model endpoint variant.\n- `custom-resource:ResourceType:Property` - The scalable dimension for a custom resource provided by your own application or service.\n- `comprehend:document-classifier-endpoint:DesiredInferenceUnits` - The number of inference units for an Amazon Comprehend document classification endpoint.\n- `comprehend:entity-recognizer-endpoint:DesiredInferenceUnits` - The number of inference units for an Amazon Comprehend entity recognizer endpoint.\n- `lambda:function:ProvisionedConcurrency` - The provisioned concurrency for a Lambda function.\n- `cassandra:table:ReadCapacityUnits` - The provisioned read capacity for an Amazon Keyspaces table.\n- `cassandra:table:WriteCapacityUnits` - The provisioned write capacity for an Amazon Keyspaces table.\n- `kafka:broker-storage:VolumeSize` - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.\n- `elasticache:replication-group:NodeGroups` - The number of node groups for an Amazon ElastiCache replication group.\n- `elasticache:replication-group:Replicas` - The number of replicas per node group for an Amazon ElastiCache replication group.\n- `neptune:cluster:ReadReplicaCount` - The count of read replicas in an Amazon Neptune DB cluster.\n- `sagemaker:variant:DesiredProvisionedConcurrency` - The provisioned concurrency for a SageMaker serverless endpoint.\n- `sagemaker:inference-component:DesiredCopyCount` - The number of copies across an endpoint for a SageMaker inference component.\n- `workspaces:workspacespool:DesiredUserSessions` - The number of user sessions for the WorkSpaces in the pool.", "ScalingTargetId": "The CloudFormation-generated ID of an Application Auto Scaling scalable target. For more information about the ID, see the Return Value section of the `AWS::ApplicationAutoScaling::ScalableTarget` resource.\n\n> You must specify either the `ScalingTargetId` property, or the `ResourceId` , `ScalableDimension` , and `ServiceNamespace` properties, but not both.", @@ -3489,6 +3521,64 @@ "PredefinedMetricType": "The metric type. The `ALBRequestCountPerTarget` metric type applies only to Spot fleet requests and ECS services.", "ResourceLabel": "Identifies the resource associated with the metric type. You can't specify a resource label unless the metric type is `ALBRequestCountPerTarget` and there is a target group attached to the Spot Fleet or ECS service.\n\nYou create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). The format of the resource label is:\n\n`app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff` .\n\nWhere:\n\n- app// is the final portion of the load balancer ARN\n- targetgroup// is the final portion of the target group ARN.\n\nTo find the ARN for an Application Load Balancer, use the [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) API operation. To find the ARN for the target group, use the [DescribeTargetGroups](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) API operation." }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingCustomizedCapacityMetric": { + "MetricDataQueries": "One or more metric data queries to provide data points for a metric specification." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingCustomizedLoadMetric": { + "MetricDataQueries": "" + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingCustomizedScalingMetric": { + "MetricDataQueries": "One or more metric data queries to provide data points for a metric specification." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingMetric": { + "Dimensions": "Describes the dimensions of the metric.", + "MetricName": "The name of the metric.", + "Namespace": "The namespace of the metric." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingMetricDataQuery": { + "Expression": "The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the `Id` of the other metrics to refer to those metrics, and can also use the `Id` of other expressions to use the result of those expressions.\n\nConditional: Within each `MetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "Id": "A short name that identifies the object's results in the response. This name must be unique among all `MetricDataQuery` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.", + "Label": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.", + "MetricStat": "Information about the metric data to return.\n\nConditional: Within each `MetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "ReturnData": "Indicates whether to return the timestamps and raw data values of this metric.\n\nIf you use any math expressions, specify `true` for this value for only the final math expression that the metric specification is based on. You must specify `false` for `ReturnData` for all the other metrics and expressions used in the metric specification.\n\nIf you are only retrieving metrics and not performing any math expressions, do not specify anything for `ReturnData` . This sets it to its default ( `true` )." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingMetricDimension": { + "Name": "The name of the dimension.", + "Value": "The value of the dimension." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingMetricSpecification": { + "CustomizedCapacityMetricSpecification": "The customized capacity metric specification.", + "CustomizedLoadMetricSpecification": "The customized load metric specification.", + "CustomizedScalingMetricSpecification": "The customized scaling metric specification.", + "PredefinedLoadMetricSpecification": "The predefined load metric specification.", + "PredefinedMetricPairSpecification": "The predefined metric pair specification that determines the appropriate scaling metric and load metric to use.", + "PredefinedScalingMetricSpecification": "The predefined scaling metric specification.", + "TargetValue": "Specifies the target utilization." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingMetricStat": { + "Metric": "The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", + "Stat": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide* .\n\nThe most commonly used metrics for predictive scaling are `Average` and `Sum` .", + "Unit": "The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* ." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingPolicyConfiguration": { + "MaxCapacityBreachBehavior": "Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity. Defaults to `HonorMaxCapacity` if not specified.", + "MaxCapacityBuffer": "The size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. The value is specified as a percentage relative to the forecast capacity. For example, if the buffer is 10, this means a 10 percent buffer, such that if the forecast capacity is 50, and the maximum capacity is 40, then the effective maximum capacity is 55.\n\nRequired if the `MaxCapacityBreachBehavior` property is set to `IncreaseMaxCapacity` , and cannot be used otherwise.", + "MetricSpecifications": "This structure includes the metrics and target utilization to use for predictive scaling.\n\nThis is an array, but we currently only support a single metric specification. That is, you can specify a target value and a single metric pair, or a target value and one scaling metric and one load metric.", + "Mode": "The predictive scaling mode. Defaults to `ForecastOnly` if not specified.", + "SchedulingBufferTime": "The amount of time, in seconds, that the start time can be advanced.\n\nThe value must be less than the forecast interval duration of 3600 seconds (60 minutes). Defaults to 300 seconds if not specified." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingPredefinedLoadMetric": { + "PredefinedMetricType": "The metric type.", + "ResourceLabel": "A label that uniquely identifies a target group." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingPredefinedMetricPair": { + "PredefinedMetricType": "Indicates which metrics to use. There are two different types of metrics for each metric type: one is a load metric and one is a scaling metric.", + "ResourceLabel": "A label that uniquely identifies a specific target group from which to determine the total and average request count." + }, + "AWS::ApplicationAutoScaling::ScalingPolicy PredictiveScalingPredefinedScalingMetric": { + "PredefinedMetricType": "The metric type.", + "ResourceLabel": "A label that uniquely identifies a specific target group from which to determine the average request count." + }, "AWS::ApplicationAutoScaling::ScalingPolicy StepAdjustment": { "MetricIntervalLowerBound": "The lower bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the lower bound is inclusive (the metric must be greater than or equal to the threshold plus the lower bound). Otherwise, it is exclusive (the metric must be greater than the threshold plus the lower bound). A null value indicates negative infinity.\n\nYou must specify at least one upper or lower bound.", "MetricIntervalUpperBound": "The upper bound for the difference between the alarm threshold and the CloudWatch metric. If the metric value is above the breach threshold, the upper bound is exclusive (the metric must be less than the threshold plus the upper bound). Otherwise, it is inclusive (the metric must be less than or equal to the threshold plus the upper bound). A null value indicates positive infinity.\n\nYou must specify at least one upper or lower bound.", @@ -4119,6 +4209,7 @@ "MetricName": "The name of the metric. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) .", "Metrics": "The metrics to include in the target tracking scaling policy, as a metric data query. This can include both raw metric and metric math expressions.", "Namespace": "The namespace of the metric.", + "Period": "The period of the metric in seconds. The default value is 60. Accepted values are 10, 30, and 60. For high resolution metric, set the value to less than 60. For more information, see [Create a target tracking policy using high-resolution metrics for faster response](https://docs.aws.amazon.com/autoscaling/ec2/userguide/policy-creating-high-resolution-metrics.html) .", "Statistic": "The statistic of the metric.", "Unit": "The unit of the metric. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* ." }, @@ -4200,10 +4291,12 @@ "Id": "A short name that identifies the object's results in the response. This name must be unique among all `TargetTrackingMetricDataQuery` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.", "Label": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.", "MetricStat": "Information about the metric data to return.\n\nConditional: Within each `TargetTrackingMetricDataQuery` object, you must specify either `Expression` or `MetricStat` , but not both.", + "Period": "The period of the metric in seconds. The default value is 60. Accepted values are 10, 30, and 60. For high resolution metric, set the value to less than 60. For more information, see [Create a target tracking policy using high-resolution metrics for faster response](https://docs.aws.amazon.com/autoscaling/ec2/userguide/policy-creating-high-resolution-metrics.html) .", "ReturnData": "Indicates whether to return the timestamps and raw data values of this metric.\n\nIf you use any math expressions, specify `true` for this value for only the final math expression that the metric specification is based on. You must specify `false` for `ReturnData` for all the other metrics and expressions used in the metric specification.\n\nIf you are only retrieving metrics and not performing any math expressions, do not specify anything for `ReturnData` . This sets it to its default ( `true` )." }, "AWS::AutoScaling::ScalingPolicy TargetTrackingMetricStat": { "Metric": "The metric to use.", + "Period": "The period of the metric in seconds. The default value is 60. Accepted values are 10, 30, and 60. For high resolution metric, set the value to less than 60. For more information, see [Create a target tracking policy using high-resolution metrics for faster response](https://docs.aws.amazon.com/autoscaling/ec2/userguide/policy-creating-high-resolution-metrics.html) .", "Stat": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide* .\n\nThe most commonly used metric for scaling is `Average` .", "Unit": "The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference* ." }, @@ -5009,20 +5102,20 @@ "TestAliasTags": "Metadata that you can assign to a resource as key-value pairs. For more information, see the following resources:\n\n- [Tag naming limits and requirements](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions)\n- [Tagging best practices](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-best-practices)" }, "AWS::Bedrock::Agent APISchema": { - "Payload": "The JSON or YAML-formatted payload defining the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", - "S3": "Contains details about the S3 object containing the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) ." + "Payload": "The JSON or YAML-formatted payload defining the OpenAPI schema for the action group.", + "S3": "Contains details about the S3 object containing the OpenAPI schema for the action group." }, "AWS::Bedrock::Agent ActionGroupExecutor": { - "CustomControl": "To return the action group invocation results directly in the `InvokeAgent` response, specify `RETURN_CONTROL` .", + "CustomControl": "To return the action group invocation results directly in the `InvokeInlineAgent` response, specify `RETURN_CONTROL` .", "Lambda": "The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action." }, "AWS::Bedrock::Agent AgentActionGroup": { "ActionGroupExecutor": "The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.", "ActionGroupName": "The name of the action group.", "ActionGroupState": "Specifies whether the action group is available for the agent to invoke or not when sending an [InvokeAgent](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_InvokeAgent.html) request.", - "ApiSchema": "Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", - "Description": "The description of the action group.", - "FunctionSchema": "Defines functions that each define parameters that the agent needs to invoke from the user. Each function represents an action in an action group.", + "ApiSchema": "Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com//bedrock/latest/userguide/agents-api-schema.html) .", + "Description": "A description of the action group.", + "FunctionSchema": "Contains details about the function schema for the action group or the JSON or YAML-formatted payload defining the schema.", "ParentActionGroupSignature": "If this field is set as `AMAZON.UserInput` , the agent can request the user for additional information when trying to complete a task. The `description` , `apiSchema` , and `actionGroupExecutor` fields must be blank for this action group.\n\nDuring orchestration, if the agent determines that it needs to invoke an API in an action group, but doesn't have enough information to complete the API request, it will invoke this action group instead and return an [Observation](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_Observation.html) reprompting the user for more information.", "SkipResourceInUseCheckOnDelete": "Specifies whether to delete the resource even if it's in use. By default, this value is `false` ." }, @@ -5060,7 +5153,7 @@ "InferenceConfiguration": "Contains inference parameters to use when the agent invokes a foundation model in the part of the agent sequence defined by the `promptType` . For more information, see [Inference parameters for foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html) .", "ParserMode": "Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the `promptType` . If you set the field as `OVERRIDEN` , the `overrideLambda` field in the [PromptOverrideConfiguration](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_PromptOverrideConfiguration.html) must be specified with the ARN of a Lambda function.", "PromptCreationMode": "Specifies whether to override the default prompt template for this `promptType` . Set this value to `OVERRIDDEN` to use the prompt that you provide in the `basePromptTemplate` . If you leave it as `DEFAULT` , the agent uses a default prompt template.", - "PromptState": "Specifies whether to allow the agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` \u2013 `ENABLED`\n- `ORCHESTRATION` \u2013 `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` \u2013 `ENABLED`\n- `POST_PROCESSING` \u2013 `DISABLED`", + "PromptState": "Specifies whether to allow the inline agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` \u2013 `ENABLED`\n- `ORCHESTRATION` \u2013 `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` \u2013 `ENABLED`\n- `POST_PROCESSING` \u2013 `DISABLED`", "PromptType": "The step in the agent sequence that this prompt configuration applies to." }, "AWS::Bedrock::Agent PromptOverrideConfiguration": { @@ -5627,7 +5720,7 @@ "GuardrailIdentifier": "The unique identifier of the guardrail. This can be an ID or the ARN." }, "AWS::Bedrock::KnowledgeBase": { - "Description": "The description of the knowledge base.", + "Description": "The description of the knowledge base associated with the inline agent.", "KnowledgeBaseConfiguration": "Contains details about the embeddings configuration of the knowledge base.", "Name": "The name of the knowledge base.", "RoleArn": "The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the knowledge base.", @@ -6116,8 +6209,34 @@ "Key": "The key of the tag.", "Value": "The value of the tag." }, + "AWS::Chatbot::CustomAction": { + "ActionName": "The name of the custom action. This name is included in the Amazon Resource Name (ARN).", + "AliasName": "The name used to invoke this action in a chat channel. For example, `@aws run my-alias` .", + "Attachments": "Defines when this custom action button should be attached to a notification.", + "Definition": "The definition of the command to run when invoked as an alias or as an action button.", + "Tags": "The tags to add to the configuration." + }, + "AWS::Chatbot::CustomAction CustomActionAttachment": { + "ButtonText": "The text of the button that appears on the notification.", + "Criteria": "The criteria for when a button should be shown based on values in the notification.", + "NotificationType": "The type of notification that the custom action should be attached to.", + "Variables": "The variables to extract from the notification." + }, + "AWS::Chatbot::CustomAction CustomActionAttachmentCriteria": { + "Operator": "The operation to perform on the named variable.", + "Value": "A value that is compared with the actual value of the variable based on the behavior of the operator.", + "VariableName": "The name of the variable to operate on." + }, + "AWS::Chatbot::CustomAction CustomActionDefinition": { + "CommandText": "The command string to run which may include variables by prefixing with a dollar sign ($)." + }, + "AWS::Chatbot::CustomAction Tag": { + "Key": "A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by Amazon Web Services (AWS) have the reserved prefix: `aws:` .", + "Value": "A string containing the value for this tag. You can specify a maximum of 256 characters for a tag value." + }, "AWS::Chatbot::MicrosoftTeamsChannelConfiguration": { "ConfigurationName": "The name of the configuration.", + "CustomizationResourceArns": "Links a list of resource ARNs (for example, custom action ARNs) to a Miscrosoft Teams channel configuration for AWS Chatbot .", "GuardrailPolicies": "The list of IAM policy ARNs that are applied as channel guardrails. The AWS managed 'AdministratorAccess' policy is applied as a default if this is not set.", "IamRoleArn": "The ARN of the IAM role that defines the permissions for AWS Chatbot .\n\nThis is a user-defined role that AWS Chatbot will assume. This is not the service-linked role. For more information, see [IAM Policies for AWS Chatbot](https://docs.aws.amazon.com/chatbot/latest/adminguide/chatbot-iam-policies.html) .", "LoggingLevel": "Specifies the logging level for this configuration. This property affects the log entries pushed to Amazon CloudWatch Logs.\n\nLogging levels include `ERROR` , `INFO` , or `NONE` .", @@ -6134,6 +6253,7 @@ }, "AWS::Chatbot::SlackChannelConfiguration": { "ConfigurationName": "The name of the configuration.", + "CustomizationResourceArns": "Links a list of resource ARNs (for example, custom action ARNs) to a Slack channel configuration for AWS Chatbot .", "GuardrailPolicies": "The list of IAM policy ARNs that are applied as channel guardrails. The AWS managed 'AdministratorAccess' policy is applied as a default if this is not set.", "IamRoleArn": "The ARN of the IAM role that defines the permissions for AWS Chatbot .\n\nThis is a user-defined role that AWS Chatbot will assume. This is not the service-linked role. For more information, see [IAM Policies for AWS Chatbot](https://docs.aws.amazon.com/chatbot/latest/adminguide/chatbot-iam-policies.html) .", "LoggingLevel": "Specifies the logging level for this configuration. This property affects the log entries pushed to Amazon CloudWatch Logs.\n\nLogging levels include `ERROR` , `INFO` , or `NONE` .", @@ -7186,6 +7306,31 @@ "Key": "The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. The key must be unique for the resource to which it applies.", "Value": "The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters." }, + "AWS::CloudTrail::Dashboard": { + "Name": "The name of the dashboard. The name must be unique to your account.\n\nTo create the Highlights dashboard, the name must be `AWSCloudTrail-Highlights` .", + "RefreshSchedule": "The schedule for a dashboard refresh.", + "Tags": "A list of tags.", + "TerminationProtectionEnabled": "Specifies whether termination protection is enabled for the dashboard. If termination protection is enabled, you cannot delete the dashboard until termination protection is disabled.", + "Widgets": "An array of widgets for a custom dashboard. A custom dashboard can have a maximum of ten widgets.\n\nYou do not need to specify widgets for the Highlights dashboard." + }, + "AWS::CloudTrail::Dashboard Frequency": { + "Unit": "The unit to use for the refresh.\n\nFor custom dashboards, the unit can be `HOURS` or `DAYS` .\n\nFor the Highlights dashboard, the `Unit` must be `HOURS` .", + "Value": "The value for the refresh schedule.\n\nFor custom dashboards, the following values are valid when the unit is `HOURS` : `1` , `6` , `12` , `24`\n\nFor custom dashboards, the only valid value when the unit is `DAYS` is `1` .\n\nFor the Highlights dashboard, the `Value` must be `6` ." + }, + "AWS::CloudTrail::Dashboard RefreshSchedule": { + "Frequency": "The frequency at which you want the dashboard refreshed.", + "Status": "Specifies whether the refresh schedule is enabled. Set the value to `ENABLED` to enable the refresh schedule, or to `DISABLED` to turn off the refresh schedule.", + "TimeOfDay": "The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00." + }, + "AWS::CloudTrail::Dashboard Tag": { + "Key": "The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. The key must be unique for the resource to which it applies.", + "Value": "The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters." + }, + "AWS::CloudTrail::Dashboard Widget": { + "QueryParameters": "The optional query parameters. The following query parameters are valid: `$StartTime$` , `$EndTime$` , and `$Period$` .", + "QueryStatement": "The query statement for the widget. For custom dashboard widgets, you can query across multiple event data stores as long as all event data stores exist in your account.\n\n> When a query uses `?` with `eventTime` , `?` must be surrounded by single quotes as follows: `'?'` .", + "ViewProperties": "The view properties for the widget. For more information about view properties, see [View properties for widgets](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-widget-properties.html) in the *AWS CloudTrail User Guide* ." + }, "AWS::CloudTrail::EventDataStore": { "AdvancedEventSelectors": "The advanced event selectors to use to select the events for the data store. You can configure up to five advanced event selectors for each event data store.\n\nFor more information about how to use advanced event selectors to log CloudTrail events, see [Log events by using advanced event selectors](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced) in the CloudTrail User Guide.\n\nFor more information about how to use advanced event selectors to include AWS Config configuration items in your event data store, see [Create an event data store for AWS Config configuration items](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-eds-cli.html#lake-cli-create-eds-config) in the CloudTrail User Guide.\n\nFor more information about how to use advanced event selectors to include events outside of AWS events in your event data store, see [Create an integration to log events from outside AWS](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-integrations-cli.html#lake-cli-create-integration) in the CloudTrail User Guide.", "BillingMode": "The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store.\n\nThe following are the possible values:\n\n- `EXTENDABLE_RETENTION_PRICING` - This billing mode is generally recommended if you want a flexible retention period of up to 3653 days (about 10 years). The default retention period for this billing mode is 366 days.\n- `FIXED_RETENTION_PRICING` - This billing mode is recommended if you expect to ingest more than 25 TB of event data per month and need a retention period of up to 2557 days (about 7 years). The default retention period for this billing mode is 2557 days.\n\nThe default value is `EXTENDABLE_RETENTION_PRICING` .\n\nFor more information about CloudTrail pricing, see [AWS CloudTrail Pricing](https://docs.aws.amazon.com/cloudtrail/pricing/) and [Managing CloudTrail Lake costs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-manage-costs.html) .", @@ -7223,8 +7368,8 @@ "Value": "The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters." }, "AWS::CloudTrail::ResourcePolicy": { - "ResourceArn": "The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel` .", - "ResourcePolicy": "A JSON-formatted string for an AWS resource-based policy.\n\nThe following are requirements for the resource policy:\n\n- Contains only one action: cloudtrail-data:PutAuditEvents\n- Contains at least one statement. The policy can have a maximum of 20 statements.\n- Each statement contains at least one principal. A statement can have a maximum of 50 principals." + "ResourceArn": "The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.\n\nExample event data store ARN format: `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`\n\nExample dashboard ARN format: `arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash`\n\nExample channel ARN format: `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`", + "ResourcePolicy": "A JSON-formatted string for an AWS resource-based policy.\n\nFor example resource-based policies, see [CloudTrail resource-based policy examples](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html) in the *CloudTrail User Guide* ." }, "AWS::CloudTrail::Trail": { "AdvancedEventSelectors": "Specifies the settings for advanced event selectors. You can use advanced event selectors to log management events, data events for all resource types, and network activity events.\n\nYou can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either `AdvancedEventSelectors` or `EventSelectors` , but not both. If you apply `AdvancedEventSelectors` to a trail, any existing `EventSelectors` are overwritten. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) and [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .", @@ -8086,7 +8231,7 @@ "AWS::CodePipeline::Pipeline RuleDeclaration": { "Configuration": "The action configuration fields for the rule.", "InputArtifacts": "The input artifacts fields for the rule, such as specifying an input file for the rule.", - "Name": "The name of the rule that is created for the condition, such as CheckAllResults.", + "Name": "The name of the rule that is created for the condition, such as `VariableCheck` .", "Region": "The Region for the condition associated with the rule.", "RoleArn": "The pipeline role ARN associated with the rule.", "RuleTypeId": "The ID for the rule type, which is made up of the combined values for category, owner, provider, and version." @@ -8282,6 +8427,21 @@ "AWS::Cognito::LogDeliveryConfiguration S3Configuration": { "BucketArn": "The ARN of an Amazon S3 bucket that's the destination for advanced security features log export." }, + "AWS::Cognito::ManagedLoginBranding": { + "Assets": "An array of image files that you want to apply to roles like backgrounds, logos, and icons. Each object must also indicate whether it is for dark mode, light mode, or browser-adaptive mode.", + "ClientId": "", + "ReturnMergedResources": "", + "Settings": "A JSON file, encoded as a `Document` type, with the the settings that you want to apply to your style.", + "UseCognitoProvidedValues": "When true, applies the default branding style options. This option reverts to a \"blank\" style that you can modify later in the branding designer.", + "UserPoolId": "The user pool where the branding style is assigned." + }, + "AWS::Cognito::ManagedLoginBranding AssetType": { + "Bytes": "The image file, in Base64-encoded binary.", + "Category": "The category that the image corresponds to in your managed login configuration. Managed login has asset categories for different types of logos, backgrounds, and icons.", + "ColorMode": "The display-mode target of the asset: light, dark, or browser-adaptive. For example, Amazon Cognito displays a dark-mode image only when the browser or application is in dark mode, but displays a browser-adaptive file in all contexts.", + "Extension": "The file type of the image file.", + "ResourceId": "The ID of the asset." + }, "AWS::Cognito::UserPool": { "AccountRecoverySetting": "The available verified method a user can use to recover their password when they call `ForgotPassword` . You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.", "AdminCreateUserConfig": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .", @@ -8306,16 +8466,19 @@ "UserPoolAddOns": "User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) .", "UserPoolName": "A string used to name the user pool.", "UserPoolTags": "The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.", + "UserPoolTier": "The user pool [feature plan](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html) , or tier. This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection. Defaults to `ESSENTIALS` .", "UsernameAttributes": "Specifies whether a user can use an email address or phone number as a username when they sign up.", "UsernameConfiguration": "Case sensitivity on the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `email@example.com` or `EMaiL@eXamplE.Com` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.\n\nThis configuration is immutable after you set it. For more information, see [UsernameConfigurationType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html) .", - "VerificationMessageTemplate": "The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.\n\nSet the email message type that corresponds to your `DefaultEmailOption` selection. For `CONFIRM_WITH_LINK` , specify an `EmailMessageByLink` and leave `EmailMessage` blank. For `CONFIRM_WITH_CODE` , specify an `EmailMessage` and leave `EmailMessageByLink` blank. When you supply both parameters with either choice, Amazon Cognito returns an error." + "VerificationMessageTemplate": "The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.\n\nSet the email message type that corresponds to your `DefaultEmailOption` selection. For `CONFIRM_WITH_LINK` , specify an `EmailMessageByLink` and leave `EmailMessage` blank. For `CONFIRM_WITH_CODE` , specify an `EmailMessage` and leave `EmailMessageByLink` blank. When you supply both parameters with either choice, Amazon Cognito returns an error.", + "WebAuthnRelyingPartyID": "", + "WebAuthnUserVerification": "" }, "AWS::Cognito::UserPool AccountRecoverySetting": { "RecoveryMechanisms": "The list of options and priorities for user message delivery in forgot-password operations. Sets or displays user pool preferences for email or SMS message priority, whether users should fall back to a second delivery method, and whether passwords should only be reset by administrators." }, "AWS::Cognito::UserPool AdminCreateUserConfig": { "AllowAdminCreateUserOnly": "The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation.", - "InviteMessageTemplate": "The template for the welcome message to new users.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", + "InviteMessageTemplate": "The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", "UnusedAccountValidityDays": "This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` .\n\nThe password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter.\n\nThe default value for this parameter is 7." }, "AWS::Cognito::UserPool AdvancedSecurityAdditionalFlows": { @@ -8375,7 +8538,8 @@ "TemporaryPasswordValidityDays": "The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to `7` . If you submit a value of `0` , Amazon Cognito treats it as a null value and sets `TemporaryPasswordValidityDays` to its default value.\n\n> When you set `TemporaryPasswordValidityDays` for a user pool, you can no longer set a value for the legacy `UnusedAccountValidityDays` parameter in that user pool." }, "AWS::Cognito::UserPool Policies": { - "PasswordPolicy": "The password policy settings for a user pool, including complexity, history, and length requirements." + "PasswordPolicy": "The password policy settings for a user pool, including complexity, history, and length requirements.", + "SignInPolicy": "" }, "AWS::Cognito::UserPool PreTokenGenerationConfig": { "LambdaArn": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.\n\nThis parameter and the `PreTokenGeneration` property of `LambdaConfig` have the same value. For new instances of pre token generation triggers, set `LambdaArn` .", @@ -8394,6 +8558,9 @@ "Required": "Specifies whether a user pool attribute is required. If the attribute is required and the user doesn't provide a value, registration or sign-in will fail.", "StringAttributeConstraints": "Specifies the constraints for an attribute of the string type." }, + "AWS::Cognito::UserPool SignInPolicy": { + "AllowedFirstAuthFactors": "" + }, "AWS::Cognito::UserPool SmsConfiguration": { "ExternalId": "The external ID provides additional security for your IAM role. You can use an `ExternalId` with the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide an `ExternalId` , your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide the `ExternalID` . If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of the `ExternalId` .\n\nFor more information about the `ExternalId` of a role, see [How to use an external ID when granting access to your AWS resources to a third party](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) .", "SnsCallerArn": "The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a [spending limit](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html) .", @@ -8431,16 +8598,16 @@ "CallbackURLs": "A list of allowed redirect (callback) URLs for the IdPs.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported.", "ClientName": "The client name for the user pool client you would like to create.", "DefaultRedirectURI": "The default redirect URI. In app clients with one assigned IdP, replaces `redirect_uri` in authentication requests. Must be in the `CallbackURLs` list.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server.\n- Not include a fragment component.\n\nFor more information, see [Default redirect URI](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#cognito-user-pools-app-idp-settings-about) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported.", - "EnablePropagateAdditionalUserContextData": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . If you don\u2019t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", + "EnablePropagateAdditionalUserContextData": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don\u2019t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", "EnableTokenRevocation": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client.", - "ExplicitAuthFlows": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n> If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` .", + "ExplicitAuthFlows": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n> If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` .", "GenerateSecret": "Boolean to specify whether you want to generate a secret for the user pool client being created.", "IdTokenValidity": "The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours.\n\nThe default time unit for `IdTokenValidity` in an API request is hours. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your ID\ntokens are valid for one hour.", "LogoutURLs": "A list of allowed logout URLs for the IdPs.", "PreventUserExistenceErrors": "Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool.\n\nValid values include:\n\n- `ENABLED` - This prevents user existence-related errors.\n- `LEGACY` - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.\n\nDefaults to `LEGACY` when you don't provide a value.", "ReadAttributes": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes.", "RefreshTokenValidity": "The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session\nand retrieve new access and ID tokens for 10 days.\n\nThe default time unit for `RefreshTokenValidity` in an API request is days. You can't set `RefreshTokenValidity` to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your refresh\ntokens are valid for 30 days.", - "SupportedIdentityProviders": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .", + "SupportedIdentityProviders": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with the [hosted UI and OAuth 2.0 authorization server](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) .", "TokenValidityUnits": "The units in which the validity times are represented. The default unit for RefreshToken is days, and default for ID and access tokens are hours.", "UserPoolId": "The user pool ID for the user pool where you want to create a user pool client.", "WriteAttributes": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." @@ -8458,7 +8625,7 @@ "RefreshToken": "A time unit for the value that you set in the `RefreshTokenValidity` parameter. The default `RefreshTokenValidity` time unit is `days` . `RefreshTokenValidity` duration can range from 60 minutes to 10 years." }, "AWS::Cognito::UserPoolDomain": { - "CustomDomainConfig": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.", + "CustomDomainConfig": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request.", "Domain": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.", "UserPoolId": "The ID of the user pool that is associated with the custom domain whose certificate you're updating." }, @@ -8544,7 +8711,7 @@ "DesiredDeliveryMediums": "Specify `\"EMAIL\"` if email will be used to send the welcome message. Specify `\"SMS\"` if the phone number will be used. The default value is `\"SMS\"` . You can specify more than one value.", "ForceAliasCreation": "This parameter is used only if the `phone_number_verified` or `email_verified` attribute is set to `True` . Otherwise, it is ignored.\n\nIf this parameter is set to `True` and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.\n\nIf this parameter is set to `False` , the API throws an `AliasExistsException` error if the alias already exists. The default value is `False` .", "MessageAction": "Set to `RESEND` to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to `SUPPRESS` to suppress sending the message. You can specify only one value.", - "UserAttributes": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "UserAttributes": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", "UserPoolId": "The user pool ID for the user pool where the user will be created.", "Username": "The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter.\n\n- The username can't be a duplicate of another username in the same user pool.\n- You can't change the value of a username after you create it.\n- You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) .", "ValidationData": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) ." @@ -8717,7 +8884,7 @@ "AWS::Config::ConfigurationRecorder": { "Name": "The name of the configuration recorder. AWS Config automatically assigns the name of \"default\" when creating the configuration recorder.\n\nYou cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.", "RecordingGroup": "Specifies which resource types AWS Config records for configuration changes.\n\n> *High Number of AWS Config Evaluations*\n> \n> You may notice increased activity in your account during your initial month recording with AWS Config when compared to subsequent months. During the initial bootstrapping process, AWS Config runs evaluations on all the resources in your account that you have selected for AWS Config to record.\n> \n> If you are running ephemeral workloads, you may see increased activity from AWS Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud ( Amazon EC2 ) Spot Instances, Amazon EMR jobs, and AWS Auto Scaling . If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with AWS Config turned off to avoid increased configuration recording and rule evaluations.", - "RecordingMode": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "RecordingMode": "Specifies the default recording frequency for the configuration recorder. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> *Some resource types require continuous recording*\n> \n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", "RoleARN": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* ." }, "AWS::Config::ConfigurationRecorder ExclusionByResourceTypes": { @@ -8731,13 +8898,13 @@ "ResourceTypes": "A comma-separated list that specifies which resource types AWS Config records.\n\nFor a list of valid `ResourceTypes` values, see the *Resource Type Value* column in [Supported AWS resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n\n> *Required and optional fields*\n> \n> Optionally, you can set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` .\n> \n> To record all configuration changes, set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` , and either omit this field or don't specify any resource types in this field. If you set the `AllSupported` field to `false` and specify values for `ResourceTypes` , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. > *Region availability*\n> \n> Before specifying a resource type for AWS Config to track, check [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) to see if the resource type is supported in the AWS Region where you set up AWS Config . If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config , even if the specified resource type is not supported in the AWS Region where you set up AWS Config ." }, "AWS::Config::ConfigurationRecorder RecordingMode": { - "RecordingFrequency": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "RecordingFrequency": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording cannot be specified for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", "RecordingModeOverrides": "An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode. The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override." }, "AWS::Config::ConfigurationRecorder RecordingModeOverride": { "Description": "A description that you provide for the override.", "RecordingFrequency": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", - "ResourceTypes": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`" + "ResourceTypes": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording cannot be specified for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`" }, "AWS::Config::ConfigurationRecorder RecordingStrategy": { "UseOnly": "The recording strategy for the configuration recorder.\n\n- If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n- If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `ExclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `IncludeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `ResourceTypes` field of `ExclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Canada West (Calgary)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)" @@ -8900,6 +9067,17 @@ "Key": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -", "Value": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -" }, + "AWS::Connect::EmailAddress": { + "Description": "The description of the email address.", + "DisplayName": "The display name of email address.", + "EmailAddress": "The email address with the instance, in [^\\s@]+@[^\\s@]+\\.[^\\s@]+ format.", + "InstanceArn": "The Amazon Resource Name (ARN) of the instance.", + "Tags": "" + }, + "AWS::Connect::EmailAddress Tag": { + "Key": "", + "Value": "" + }, "AWS::Connect::EvaluationForm": { "Description": "The description of the evaluation form.\n\n*Length Constraints* : Minimum length of 0. Maximum length of 1024.", "InstanceArn": "The identifier of the Amazon Connect instance.", @@ -9469,9 +9647,132 @@ "DialingCapacity": "The allocation of dialing capacity between multiple active campaigns." }, "AWS::ConnectCampaigns::Campaign Tag": { + "Key": "", + "Value": "" + }, + "AWS::ConnectCampaignsV2::Campaign": { + "ChannelSubtypeConfig": "Contains channel subtype configuration for an outbound campaign.", + "CommunicationLimitsOverride": "Communication limits configuration for an outbound campaign.", + "CommunicationTimeConfig": "Contains communication time configuration for an outbound campaign.", + "ConnectCampaignFlowArn": "The Amazon Resource Name (ARN) of the Amazon Connect campaign flow associated with the outbound campaign.", + "ConnectInstanceId": "The identifier of the Amazon Connect instance. You can find the `instanceId` in the ARN of the instance.", + "Name": "The name of the outbound campaign.", + "Schedule": "Contains the schedule configuration.", + "Source": "Contains source configuration.", + "Tags": "The tags used to organize, track, or control access for this resource. For example, `{ \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }` ." + }, + "AWS::ConnectCampaignsV2::Campaign AnswerMachineDetectionConfig": { + "AwaitAnswerMachinePrompt": "Whether or not waiting for an answer machine prompt is enabled.", + "EnableAnswerMachineDetection": "Enables answering machine detection." + }, + "AWS::ConnectCampaignsV2::Campaign ChannelSubtypeConfig": { + "Email": "The configuration of the email channel subtype.", + "Sms": "The configuration of the SMS channel subtype.", + "Telephony": "The configuration of the telephony channel subtype." + }, + "AWS::ConnectCampaignsV2::Campaign CommunicationLimit": { + "Frequency": "The frequency of communication limit evaluation.", + "MaxCountPerRecipient": "The maximum outreaching count for each recipient.", + "Unit": "The unit of communication limit evaluation." + }, + "AWS::ConnectCampaignsV2::Campaign CommunicationLimits": { + "CommunicationLimitList": "The list of CommunicationLimits." + }, + "AWS::ConnectCampaignsV2::Campaign CommunicationLimitsConfig": { + "AllChannelsSubtypes": "The CommunicationLimits that apply to all channel subtypes defined in an outbound campaign." + }, + "AWS::ConnectCampaignsV2::Campaign CommunicationTimeConfig": { + "Email": "The communication time configuration for the email channel subtype.", + "LocalTimeZoneConfig": "The local timezone configuration.", + "Sms": "The communication time configuration for the SMS channel subtype.", + "Telephony": "The communication time configuration for the telephony channel subtype." + }, + "AWS::ConnectCampaignsV2::Campaign DailyHour": { + "Key": "The key for DailyHour.", + "Value": "The value for DailyHour." + }, + "AWS::ConnectCampaignsV2::Campaign EmailChannelSubtypeConfig": { + "Capacity": "The allocation of email capacity between multiple running outbound campaigns.", + "DefaultOutboundConfig": "The default email outbound configuration of an outbound campaign.", + "OutboundMode": "The outbound mode for email of an outbound campaign." + }, + "AWS::ConnectCampaignsV2::Campaign EmailOutboundConfig": { + "ConnectSourceEmailAddress": "The Amazon Connect source email address.", + "SourceEmailAddressDisplayName": "The display name for the Amazon Connect source email address.", + "WisdomTemplateArn": "The Amazon Resource Name (ARN) of the Amazon Q in Connect template." + }, + "AWS::ConnectCampaignsV2::Campaign EmailOutboundMode": { + "AgentlessConfig": "The agentless outbound mode configuration for email." + }, + "AWS::ConnectCampaignsV2::Campaign LocalTimeZoneConfig": { + "DefaultTimeZone": "The timezone to use for all recipients.", + "LocalTimeZoneDetection": "Detects methods for the recipient's timezone." + }, + "AWS::ConnectCampaignsV2::Campaign OpenHours": { + "DailyHours": "The daily hours configuration." + }, + "AWS::ConnectCampaignsV2::Campaign PredictiveConfig": { + "BandwidthAllocation": "Bandwidth allocation for the predictive outbound mode." + }, + "AWS::ConnectCampaignsV2::Campaign ProgressiveConfig": { + "BandwidthAllocation": "Bandwidth allocation for the progressive outbound mode." + }, + "AWS::ConnectCampaignsV2::Campaign RestrictedPeriod": { + "EndDate": "The end date of the restricted period.", + "Name": "The name of the restricted period.", + "StartDate": "The start date of the restricted period." + }, + "AWS::ConnectCampaignsV2::Campaign RestrictedPeriods": { + "RestrictedPeriodList": "The restricted period list." + }, + "AWS::ConnectCampaignsV2::Campaign Schedule": { + "EndTime": "The end time of the schedule in UTC.", + "RefreshFrequency": "The refresh frequency of the campaign.", + "StartTime": "The start time of the schedule in UTC." + }, + "AWS::ConnectCampaignsV2::Campaign SmsChannelSubtypeConfig": { + "Capacity": "The allocation of SMS capacity between multiple running outbound campaigns.", + "DefaultOutboundConfig": "The default SMS outbound configuration of an outbound campaign.", + "OutboundMode": "The outbound mode of SMS for an outbound campaign." + }, + "AWS::ConnectCampaignsV2::Campaign SmsOutboundConfig": { + "ConnectSourcePhoneNumberArn": "The Amazon Resource Name (ARN) of the Amazon Connect source SMS phone number.", + "WisdomTemplateArn": "The Amazon Resource Name (ARN) of the Amazon Q in Connect template." + }, + "AWS::ConnectCampaignsV2::Campaign SmsOutboundMode": { + "AgentlessConfig": "Contains agentless outbound mode configuration." + }, + "AWS::ConnectCampaignsV2::Campaign Source": { + "CustomerProfilesSegmentArn": "The Amazon Resource Name (ARN) of the Customer Profiles segment." + }, + "AWS::ConnectCampaignsV2::Campaign Tag": { "Key": "The tag keys.", "Value": "The value of the tag." }, + "AWS::ConnectCampaignsV2::Campaign TelephonyChannelSubtypeConfig": { + "Capacity": "The allocation of telephony capacity between multiple running outbound campaigns.", + "ConnectQueueId": "The identifier of the Amazon Connect queue associated with telephony outbound requests of an outbound campaign.", + "DefaultOutboundConfig": "The default telephony outbound configuration of an outbound campaign.", + "OutboundMode": "The outbound mode of telephony for an outbound campaign." + }, + "AWS::ConnectCampaignsV2::Campaign TelephonyOutboundConfig": { + "AnswerMachineDetectionConfig": "The answering machine detection configuration.", + "ConnectContactFlowId": "The identifier of the published Amazon Connect contact flow.", + "ConnectSourcePhoneNumber": "The Amazon Connect source phone number." + }, + "AWS::ConnectCampaignsV2::Campaign TelephonyOutboundMode": { + "AgentlessConfig": "The agentless outbound mode configuration for telephony.", + "PredictiveConfig": "Contains predictive outbound mode configuration.", + "ProgressiveConfig": "Contains progressive telephony outbound mode configuration." + }, + "AWS::ConnectCampaignsV2::Campaign TimeRange": { + "EndTime": "The end time of the time range.", + "StartTime": "The start time of the time range." + }, + "AWS::ConnectCampaignsV2::Campaign TimeWindow": { + "OpenHours": "The open hours configuration.", + "RestrictedPeriods": "The restricted periods configuration." + }, "AWS::ControlTower::EnabledBaseline": { "BaselineIdentifier": "The specific `Baseline` enabled as part of the `EnabledBaseline` resource.", "BaselineVersion": "The enabled version of the `Baseline` .", @@ -12158,15 +12459,15 @@ "AWS::EC2::CapacityReservation": { "AvailabilityZone": "The Availability Zone in which to create the Capacity Reservation.", "EbsOptimized": "Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance.", - "EndDate": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to `expired` when it reaches its end date and time.\n\nYou must provide an `EndDate` value if `EndDateType` is `limited` . Omit `EndDate` if `EndDateType` is `unlimited` .\n\nIf the `EndDateType` is `limited` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.", + "EndDate": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to `expired` when it reaches its end date and time.\n\nYou must provide an `EndDate` value if `EndDateType` is `limited` . Omit `EndDate` if `EndDateType` is `unlimited` .\n\nIf the `EndDateType` is `limited` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.\n\nIf you are requesting a future-dated Capacity Reservation, you can't specify an end date and time that is within the commitment duration.", "EndDateType": "Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:\n\n- `unlimited` - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an `EndDate` if the `EndDateType` is `unlimited` .\n- `limited` - The Capacity Reservation expires automatically at a specified date and time. You must provide an `EndDate` value if the `EndDateType` value is `limited` .", "EphemeralStorage": "*Deprecated.*", - "InstanceCount": "The number of instances for which to reserve capacity.\n\nValid range: 1 - 1000", - "InstanceMatchCriteria": "Indicates the type of instance launches that the Capacity Reservation accepts. The options include:\n\n- `open` - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.\n- `targeted` - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.\n\nDefault: `open`", + "InstanceCount": "The number of instances for which to reserve capacity.\n\n> You can request future-dated Capacity Reservations for an instance count with a minimum of 100 VPUs. For example, if you request a future-dated Capacity Reservation for `m5.xlarge` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ). \n\nValid range: 1 - 1000", + "InstanceMatchCriteria": "Indicates the type of instance launches that the Capacity Reservation accepts. The options include:\n\n- `open` - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.\n- `targeted` - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.\n\n> If you are requesting a future-dated Capacity Reservation, you must specify `targeted` . \n\nDefault: `open`", "InstancePlatform": "The type of operating system for which to reserve capacity.", - "InstanceType": "The instance type for which to reserve capacity. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .", - "OutPostArn": "The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.", - "PlacementGroupArn": "The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see [Capacity Reservations for cluster placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html) in the *Amazon EC2 User Guide* .", + "InstanceType": "The instance type for which to reserve capacity.\n\n> You can request future-dated Capacity Reservations for instance types in the C, M, R, I, and T instance families only. \n\nFor more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .", + "OutPostArn": "> Not supported for future-dated Capacity Reservations. \n\nThe Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.", + "PlacementGroupArn": "> Not supported for future-dated Capacity Reservations. \n\nThe Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see [Capacity Reservations for cluster placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html) in the *Amazon EC2 User Guide* .", "TagSpecifications": "The tags to apply to the Capacity Reservation during launch.", "Tenancy": "Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:\n\n- `default` - The Capacity Reservation is created on hardware that is shared with other AWS accounts .\n- `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account .", "UnusedReservationBillingOwnerId": "The ID of the AWS account to which to assign billing of the unused capacity of the Capacity Reservation. A request will be sent to the specified account. That account must accept the request for the billing to be assigned to their account. For more information, see [Billing assignment for shared Amazon EC2 Capacity Reservations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html) .\n\nYou can assign billing only for shared Capacity Reservations. To share a Capacity Reservation, you must add it to a resource share. For more information, see [AWS::RAM::ResourceShare](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html) ." @@ -12375,7 +12676,7 @@ "BareMetal": "Indicates whether bare metal instance types must be included, excluded, or required.\n\n- To include bare metal instance types, specify `included` .\n- To require only bare metal instance types, specify `required` .\n- To exclude bare metal instance types, specify `excluded` .\n\nDefault: `excluded`", "BaselineEbsBandwidthMbps": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", "BurstablePerformance": "Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) .\n\n- To include burstable performance instance types, specify `included` .\n- To require only burstable performance instance types, specify `required` .\n- To exclude burstable performance instance types, specify `excluded` .\n\nDefault: `excluded`", - "CpuManufacturers": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "CpuManufacturers": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "ExcludedInstanceTypes": "The instance types to exclude.\n\nYou can use strings with one or more wild cards, represented by an asterisk ( `*` ), to exclude an instance family, type, size, or generation. The following are examples: `m5.8xlarge` , `c5*.*` , `m5a.*` , `r*` , `*3*` .\n\nFor example, if you specify `c5*` ,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*` , Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.\n\n> If you specify `ExcludedInstanceTypes` , you can't specify `AllowedInstanceTypes` . \n\nDefault: No excluded instance types", "InstanceGenerations": "Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .\n\nFor current generation instance types, specify `current` .\n\nFor previous generation instance types, specify `previous` .\n\nDefault: Current and previous generation instance types", "LocalStorage": "Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide* .\n\n- To include instance types with instance store volumes, specify `included` .\n- To require only instance types with instance store volumes, specify `required` .\n- To exclude instance types with instance store volumes, specify `excluded` .\n\nDefault: `included`", @@ -12790,6 +13091,9 @@ "Max": "The maximum baseline bandwidth, in Mbps. To specify no maximum limit, omit this parameter.", "Min": "The minimum baseline bandwidth, in Mbps. To specify no minimum limit, omit this parameter." }, + "AWS::EC2::LaunchTemplate BaselinePerformanceFactors": { + "Cpu": "The CPU performance to consider, using an instance family as the baseline reference." + }, "AWS::EC2::LaunchTemplate BlockDeviceMapping": { "DeviceName": "The device name (for example, /dev/sdh or xvdh).", "Ebs": "Parameters used to automatically set up EBS volumes when the instance is launched.", @@ -12797,7 +13101,7 @@ "VirtualName": "The virtual device name (ephemeralN). Instance store volumes are numbered starting from 0. An instance type with 2 available instance store volumes can specify mappings for ephemeral0 and ephemeral1. The number of available instance store volumes depends on the instance type. After you connect to the instance, you must mount the volume." }, "AWS::EC2::LaunchTemplate CapacityReservationSpecification": { - "CapacityReservationPreference": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n\n- `open` - The instance can run in any `open` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).\n- `none` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", + "CapacityReservationPreference": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n\n- `capacity-reservations-only` - The instance will only run in a Capacity Reservation or Capacity Reservation group. If capacity isn't available, the instance will fail to launch.\n- `open` - The instance can run in any `open` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone, tenancy).\n- `none` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", "CapacityReservationTarget": "Information about the target Capacity Reservation or Capacity Reservation group." }, "AWS::EC2::LaunchTemplate CapacityReservationTarget": { @@ -12809,6 +13113,9 @@ "UdpStreamTimeout": "Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.", "UdpTimeout": "Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds." }, + "AWS::EC2::LaunchTemplate Cpu": { + "References": "" + }, "AWS::EC2::LaunchTemplate CpuOptions": { "AmdSevSnp": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see [AMD SEV-SNP](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html) .", "CoreCount": "The number of CPU cores for the instance.", @@ -12860,8 +13167,9 @@ "AllowedInstanceTypes": "The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes.\n\nYou can use strings with one or more wild cards, represented by an asterisk ( `*` ), to allow an instance type, size, or generation. The following are examples: `m5.8xlarge` , `c5*.*` , `m5a.*` , `r*` , `*3*` .\n\nFor example, if you specify `c5*` ,Amazon EC2 will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*` , Amazon EC2 will allow all the M5a instance types, but not the M5n instance types.\n\n> If you specify `AllowedInstanceTypes` , you can't specify `ExcludedInstanceTypes` . \n\nDefault: All instance types", "BareMetal": "Indicates whether bare metal instance types must be included, excluded, or required.\n\n- To include bare metal instance types, specify `included` .\n- To require only bare metal instance types, specify `required` .\n- To exclude bare metal instance types, specify `excluded` .\n\nDefault: `excluded`", "BaselineEbsBandwidthMbps": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", + "BaselinePerformanceFactors": "The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. Currently, this parameter only supports CPU performance as a baseline performance factor. For more information, see [Performance protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html#ec2fleet-abis-performance-protection) in the *Amazon EC2 User Guide* .", "BurstablePerformance": "Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) .\n\n- To include burstable performance instance types, specify `included` .\n- To require only burstable performance instance types, specify `required` .\n- To exclude burstable performance instance types, specify `excluded` .\n\nDefault: `excluded`", - "CpuManufacturers": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "CpuManufacturers": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "ExcludedInstanceTypes": "The instance types to exclude.\n\nYou can use strings with one or more wild cards, represented by an asterisk ( `*` ), to exclude an instance type, size, or generation. The following are examples: `m5.8xlarge` , `c5*.*` , `m5a.*` , `r*` , `*3*` .\n\nFor example, if you specify `c5*` ,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*` , Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.\n\n> If you specify `ExcludedInstanceTypes` , you can't specify `AllowedInstanceTypes` . \n\nDefault: No excluded instance types", "InstanceGenerations": "Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .\n\nFor current generation instance types, specify `current` .\n\nFor previous generation instance types, specify `previous` .\n\nDefault: Current and previous generation instance types", "LocalStorage": "Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide* .\n\n- To include instance types with instance store volumes, specify `included` .\n- To require only instance types with instance store volumes, specify `required` .\n- To exclude instance types with instance store volumes, specify `excluded` .\n\nDefault: `included`", @@ -13003,6 +13311,9 @@ "Primary": "Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary.", "PrivateIpAddress": "The private IPv4 address." }, + "AWS::EC2::LaunchTemplate Reference": { + "InstanceFamily": "" + }, "AWS::EC2::LaunchTemplate SpotOptions": { "BlockDurationMinutes": "Deprecated.", "InstanceInterruptionBehavior": "The behavior when a Spot Instance is interrupted. The default is `terminate` .", @@ -13577,7 +13888,7 @@ "BareMetal": "Indicates whether bare metal instance types must be included, excluded, or required.\n\n- To include bare metal instance types, specify `included` .\n- To require only bare metal instance types, specify `required` .\n- To exclude bare metal instance types, specify `excluded` .\n\nDefault: `excluded`", "BaselineEbsBandwidthMbps": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", "BurstablePerformance": "Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) .\n\n- To include burstable performance instance types, specify `included` .\n- To require only burstable performance instance types, specify `required` .\n- To exclude burstable performance instance types, specify `excluded` .\n\nDefault: `excluded`", - "CpuManufacturers": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "CpuManufacturers": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "ExcludedInstanceTypes": "The instance types to exclude.\n\nYou can use strings with one or more wild cards, represented by an asterisk ( `*` ), to exclude an instance family, type, size, or generation. The following are examples: `m5.8xlarge` , `c5*.*` , `m5a.*` , `r*` , `*3*` .\n\nFor example, if you specify `c5*` ,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*` , Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.\n\n> If you specify `ExcludedInstanceTypes` , you can't specify `AllowedInstanceTypes` . \n\nDefault: No excluded instance types", "InstanceGenerations": "Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Current generation instance types are typically the latest two to three generations in each instance family. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .\n\nFor current generation instance types, specify `current` .\n\nFor previous generation instance types, specify `previous` .\n\nDefault: Current and previous generation instance types", "LocalStorage": "Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide* .\n\n- To include instance types with instance store volumes, specify `included` .\n- To require only instance types with instance store volumes, specify `required` .\n- To exclude instance types with instance store volumes, specify `excluded` .\n\nDefault: `included`", @@ -13955,6 +14266,19 @@ "Key": "The tag key.", "Value": "The tag value." }, + "AWS::EC2::VPCBlockPublicAccessExclusion": { + "InternetGatewayExclusionMode": "The desired VPC Block Public Access mode for a specific VPC or subnet exclusion.\n\n- `allow-bidirectional` : Allow all internet traffic to and from the excluded VPCs and subnets.\n- `allow-egress` : Allow outbound internet traffic from the excluded VPCs and subnets. Block inbound internet traffic to the excluded VPCs and subnets. Only applies when VPC Block Public Access is set to `block-bidirectional` .", + "SubnetId": "The ID of the subnet you want to exclude. Required only if you don't specify VpcId.", + "Tags": "An array of key-value pairs to apply to this resource.", + "VpcId": "The ID of the VPC you want to exclude. Required only if you don't specify SubnetId." + }, + "AWS::EC2::VPCBlockPublicAccessExclusion Tag": { + "Key": "The key of the tag.\n\nConstraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with `aws:` .", + "Value": "The value of the tag.\n\nConstraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters." + }, + "AWS::EC2::VPCBlockPublicAccessOptions": { + "InternetGatewayBlockMode": "The desired VPC Block Public Access mode for internet gateways in your account. We do not allow you to create this resource type in an \"off\" mode since off is the default value.\n\n- `block-bidirectional` : Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).\n- `block-ingress` : Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established." + }, "AWS::EC2::VPCCidrBlock": { "AmazonProvidedIpv6CidrBlock": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses or the size of the CIDR block.", "CidrBlock": "An IPv4 CIDR block to associate with the VPC.", @@ -14468,8 +14792,8 @@ "AWS::ECS::Service DeploymentConfiguration": { "Alarms": "Information about the CloudWatch alarms.", "DeploymentCircuitBreaker": "> The deployment circuit breaker can only be used for services using the rolling update ( `ECS` ) deployment type. \n\nThe *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*", - "MaximumPercent": "If a service is using the rolling update ( `ECS` ) deployment type, the `maximumPercent` parameter represents an upper limit on the number of your service's tasks that are allowed in the `RUNNING` or `PENDING` state during a deployment, as a percentage of the `desiredCount` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the `REPLICA` service scheduler and has a `desiredCount` of four tasks and a `maximumPercent` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default `maximumPercent` value for a service using the `REPLICA` service scheduler is 200%.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `maximumPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.", - "MinimumHealthyPercent": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service." + "MaximumPercent": "If a service is using the rolling update ( `ECS` ) deployment type, the `maximumPercent` parameter represents an upper limit on the number of your service's tasks that are allowed in the `RUNNING` or `PENDING` state during a deployment, as a percentage of the `desiredCount` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the `REPLICA` service scheduler and has a `desiredCount` of four tasks and a `maximumPercent` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default `maximumPercent` value for a service using the `REPLICA` service scheduler is 200%.\n\nThe Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `maximumPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.", + "MinimumHealthyPercent": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nIf any tasks are unhealthy and if `maximumPercent` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one \u2014 using the `minimumHealthyPercent` as a constraint \u2014 to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service." }, "AWS::ECS::Service DeploymentController": { "Type": "The deployment controller type to use. There are three deployment controller types available:\n\n- **ECS** - The rolling update ( `ECS` ) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the [DeploymentConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeploymentConfiguration.html) .\n- **CODE_DEPLOY** - The blue/green ( `CODE_DEPLOY` ) deployment type uses the blue/green deployment model powered by AWS CodeDeploy , which allows you to verify a new deployment of a service before sending production traffic to it.\n- **EXTERNAL** - The external ( `EXTERNAL` ) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service." @@ -14950,13 +15274,16 @@ "AWS::EKS::Cluster": { "AccessConfig": "The access configuration for the cluster.", "BootstrapSelfManagedAddons": "If you set this value to `False` when creating a cluster, the default networking add-ons will not be installed.\n\nThe default networking addons include vpc-cni, coredns, and kube-proxy.\n\nUse this option when you plan to install third-party alternative add-ons or self-manage the default networking add-ons.", + "ComputeConfig": "", "EncryptionConfig": "The encryption configuration for the cluster.", "KubernetesNetworkConfig": "The Kubernetes network configuration for the cluster.", "Logging": "The logging configuration for your cluster.", "Name": "The unique name to give to your cluster. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphanumeric character and can't be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you're creating the cluster in. Note that underscores can't be used in AWS CloudFormation .", "OutpostConfig": "An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This object isn't available for clusters on the AWS cloud.", + "RemoteNetworkConfig": "", "ResourcesVpcConfig": "The VPC configuration that's used by the cluster control plane. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the *Amazon EKS User Guide* . You must specify at least two subnets. You can specify up to five security groups, but we recommend that you use a dedicated security group for your cluster control plane.", "RoleArn": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. For more information, see [Amazon EKS Service IAM Role](https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html) in the **Amazon EKS User Guide** .", + "StorageConfig": "", "Tags": "The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Cluster tags don't propagate to any other resources associated with the cluster.\n\n> You must have the `eks:TagResource` and `eks:UntagResource` permissions for your [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.", "UpgradePolicy": "This value indicates if extended support is enabled or disabled for the cluster.\n\n[Learn more about EKS Extended Support in the EKS User Guide.](https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html)", "Version": "The desired Kubernetes version for your cluster. If you don't specify a value here, the default version available in Amazon EKS is used.\n\n> The default version might not be the latest version available.", @@ -14966,17 +15293,29 @@ "AuthenticationMode": "The desired authentication mode for the cluster. If you create a cluster by using the EKS API, AWS SDKs, or AWS CloudFormation , the default is `CONFIG_MAP` . If you create the cluster by using the AWS Management Console , the default value is `API_AND_CONFIG_MAP` .", "BootstrapClusterCreatorAdminPermissions": "Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time. The default value is `true` ." }, + "AWS::EKS::Cluster BlockStorage": { + "Enabled": "" + }, "AWS::EKS::Cluster ClusterLogging": { "EnabledTypes": "The enabled control plane logs for your cluster. All log types are disabled if the array is empty.\n\n> When updating a resource, you must include this `EnabledTypes` property if the previous CloudFormation template of the resource had it." }, + "AWS::EKS::Cluster ComputeConfig": { + "Enabled": "", + "NodePools": "", + "NodeRoleArn": "" + }, "AWS::EKS::Cluster ControlPlanePlacement": { "GroupName": "The name of the placement group for the Kubernetes control plane instances. This property is only used for a local cluster on an AWS Outpost." }, + "AWS::EKS::Cluster ElasticLoadBalancing": { + "Enabled": "" + }, "AWS::EKS::Cluster EncryptionConfig": { "Provider": "The encryption provider for the cluster.", "Resources": "Specifies the resources to be encrypted. The only supported value is `secrets` ." }, "AWS::EKS::Cluster KubernetesNetworkConfig": { + "ElasticLoadBalancing": "", "IpFamily": "Specify which IP family is used to assign Kubernetes pod and service IP addresses. If you don't specify a value, `ipv4` is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify `ipv6` , the VPC and subnets that you specify for cluster creation must have both `IPv4` and `IPv6` CIDR blocks assigned to them. You can't specify `ipv6` for clusters in China Regions.\n\nYou can only specify `ipv6` for `1.21` and later clusters that use version `1.10.1` or later of the Amazon VPC CNI add-on. If you specify `ipv6` , then ensure that your VPC meets the requirements listed in the considerations listed in [Assigning IPv6 addresses to pods and services](https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the Amazon EKS User Guide. Kubernetes assigns services `IPv6` addresses from the unique local address range `(fc00::/7)` . You can't specify a custom `IPv6` CIDR block. Pod addresses are assigned from the subnet's `IPv6` CIDR.", "ServiceIpv4Cidr": "Don't specify a value if you select `ipv6` for *ipFamily* . The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the `10.100.0.0/16` or `172.20.0.0/16` CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements:\n\n- Within one of the following private IP address blocks: `10.0.0.0/8` , `172.16.0.0/12` , or `192.168.0.0/16` .\n- Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.\n- Between `/24` and `/12` .\n\n> You can only specify a custom CIDR block when you create a cluster. You can't change this value after the cluster is created.", "ServiceIpv6Cidr": "The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom IPv6 CIDR block when you create the cluster." @@ -14995,6 +15334,16 @@ "AWS::EKS::Cluster Provider": { "KeyArn": "Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric and created in the same AWS Region as the cluster. If the KMS key was created in a different account, the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) must have access to the KMS key. For more information, see [Allowing users in other accounts to use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *AWS Key Management Service Developer Guide* ." }, + "AWS::EKS::Cluster RemoteNetworkConfig": { + "RemoteNodeNetworks": "", + "RemotePodNetworks": "" + }, + "AWS::EKS::Cluster RemoteNodeNetwork": { + "Cidrs": "" + }, + "AWS::EKS::Cluster RemotePodNetwork": { + "Cidrs": "" + }, "AWS::EKS::Cluster ResourcesVpcConfig": { "EndpointPrivateAccess": "Set this value to `true` to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is `false` , which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that `publicAccessCidrs` includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** .", "EndpointPublicAccess": "Set this value to `false` to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is `true` , which enables public access for your Kubernetes API server. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** .", @@ -15002,6 +15351,9 @@ "SecurityGroupIds": "Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see [Amazon EKS security group considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the **Amazon EKS User Guide** .", "SubnetIds": "Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane." }, + "AWS::EKS::Cluster StorageConfig": { + "BlockStorage": "" + }, "AWS::EKS::Cluster Tag": { "Key": "One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values.", "Value": "The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key)." @@ -15666,9 +16018,9 @@ "ClusterName": "A name for the cache cluster. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the cache cluster. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\nThe name must contain 1 to 50 alphanumeric characters or hyphens. The name must start with a letter and cannot end with a hyphen or contain two consecutive hyphens.", "Engine": "The name of the cache engine to be used for this cluster.\n\nValid values for this parameter are: `memcached` | valkey | `redis`", "EngineVersion": "The version number of the cache engine to be used for this cluster. To view the supported cache engine versions, use the DescribeCacheEngineVersions operation.\n\n*Important:* You can upgrade to a newer engine version (see [Selecting a Cache Engine and Version](https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/SelectEngine.html#VersionManagement) ), but you cannot downgrade to an earlier engine version. If you want to use an earlier engine version, you must delete the existing cluster or replication group and create it anew with the earlier engine version.", - "IpDiscovery": "The network type you choose when modifying a cluster, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "IpDiscovery": "The network type you choose when modifying a cluster, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "LogDeliveryConfigurations": "Specifies the destination, format and type of the logs.", - "NetworkType": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "NetworkType": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "NotificationTopicArn": "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) topic to which notifications are sent.\n\n> The Amazon SNS topic owner must be the same as the cluster owner.", "NumCacheNodes": "The number of cache nodes that the cache cluster should have.\n\n> However, if the `PreferredAvailabilityZone` and `PreferredAvailabilityZones` properties were not previously specified and you don't specify any new values, an update requires [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .", "Port": "The port number on which each of the cache nodes accepts connections.", @@ -15753,11 +16105,11 @@ "Engine": "The name of the cache engine to be used for the clusters in this replication group. The value must be set to `valkey` or `redis` .\n\n> Upgrading an existing engine from redis to valkey is done through in-place migration, and requires a parameter group.", "EngineVersion": "The version number of the cache engine to be used for the clusters in this replication group. To view the supported cache engine versions, use the `DescribeCacheEngineVersions` operation.\n\n*Important:* You can upgrade to a newer engine version (see [Selecting a Cache Engine and Version](https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/SelectEngine.html#VersionManagement) ) in the *ElastiCache User Guide* , but you cannot downgrade to an earlier engine version. If you want to use an earlier engine version, you must delete the existing cluster or replication group and create it anew with the earlier engine version.", "GlobalReplicationGroupId": "The name of the Global datastore", - "IpDiscovery": "The network type you choose when creating a replication group, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "IpDiscovery": "The network type you choose when creating a replication group, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "KmsKeyId": "The ID of the KMS key used to encrypt the disk on the cluster.", "LogDeliveryConfigurations": "Specifies the destination, format and type of the logs.", "MultiAZEnabled": "A flag indicating if you have Multi-AZ enabled to enhance fault tolerance. For more information, see [Minimizing Downtime: Multi-AZ](https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/AutoFailover.html) .", - "NetworkType": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "NetworkType": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "NodeGroupConfiguration": "`NodeGroupConfiguration` is a property of the `AWS::ElastiCache::ReplicationGroup` resource that configures an Amazon ElastiCache (ElastiCache) Valkey or Redis OSS cluster node group.\n\nIf you set [UseOnlineResharding](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-useonlineresharding) to `true` , you can update `NodeGroupConfiguration` without interruption. When `UseOnlineResharding` is set to `false` , or is not specified, updating `NodeGroupConfiguration` results in [replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) .", "NotificationTopicArn": "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) topic to which notifications are sent.\n\n> The Amazon SNS topic owner must be the same as the cluster owner.", "NumCacheClusters": "The number of clusters this replication group initially has.\n\nThis parameter is not used if there is more than one node group (shard). You should use `ReplicasPerNodeGroup` instead.\n\nIf `AutomaticFailoverEnabled` is `true` , the value of this parameter must be at least 2. If `AutomaticFailoverEnabled` is `false` you can omit this parameter (it will default to 1), or you can explicitly set it to a value between 2 and 6.\n\nThe maximum permitted value for `NumCacheClusters` is 6 (1 primary plus 5 replicas).", @@ -15822,7 +16174,7 @@ }, "AWS::ElastiCache::ServerlessCache": { "CacheUsageLimits": "The cache usage limit for the serverless cache.", - "DailySnapshotTime": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Valkey, Redis OSS, and Serverless Memcached only.", + "DailySnapshotTime": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Valkey, Redis OSS and Serverless Memcached only.", "Description": "A description of the serverless cache.", "Endpoint": "Represents the information required for client programs to connect to a cache node. This value is read-only.", "Engine": "The engine the serverless cache is compatible with.", @@ -15833,7 +16185,7 @@ "SecurityGroupIds": "The IDs of the EC2 security groups associated with the serverless cache.", "ServerlessCacheName": "The unique identifier of the serverless cache.", "SnapshotArnsToRestore": "The ARN of the snapshot from which to restore data into the new cache.", - "SnapshotRetentionLimit": "The current setting for the number of serverless cache snapshots the system will retain. Available for Valkey, Redis OSS, and Serverless Memcached only.", + "SnapshotRetentionLimit": "The current setting for the number of serverless cache snapshots the system will retain. Available for Valkey, Redis OSS and Serverless Memcached only.", "SubnetIds": "If no subnet IDs are given and your VPC is in us-west-1, then ElastiCache will select 2 default subnets across AZs in your VPC. For all other Regions, if no subnet IDs are given then ElastiCache will select 3 default subnets across AZs in your default VPC.", "Tags": "A list of tags to be added to this resource.", "UserGroupId": "The identifier of the user group associated with the serverless cache. Available for Valkey and Redis OSS only. Default is NULL." @@ -15872,7 +16224,7 @@ "AWS::ElastiCache::User": { "AccessString": "Access permissions string used for this user.", "AuthenticationMode": "Specifies the authentication mode to use. Below is an example of the possible JSON values:\n\n```\n{ Passwords: [\"*****\", \"******\"] // If Type is password.\n}\n```", - "Engine": "The current supported value is redis.", + "Engine": "The current supported values are valkey and redis.", "NoPasswordRequired": "Indicates a password is not required for this user.", "Passwords": "Passwords used for this user. You can create up to two passwords for each user.", "Tags": "The list of tags.", @@ -16100,7 +16452,7 @@ "TargetGroups": "Information about how traffic will be distributed between multiple target groups in a forward rule." }, "AWS::ElasticLoadBalancingV2::Listener ListenerAttribute": { - "Key": "The name of the attribute.\n\nThe following attribute is supported by Network Load Balancers, and Gateway Load Balancers.\n\n- `tcp.idle_timeout.seconds` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.", + "Key": "The name of the attribute.\n\nThe following attribute is supported by Network Load Balancers, and Gateway Load Balancers.\n\n- `tcp.idle_timeout.seconds` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.\n\nThe following attributes are only supported by Application Load Balancers.\n\n- `routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Serial-Number* HTTP request header.\n- `routing.http.request.x_amzn_mtls_clientcert_issuer.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Issuer* HTTP request header.\n- `routing.http.request.x_amzn_mtls_clientcert_subject.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Subject* HTTP request header.\n- `routing.http.request.x_amzn_mtls_clientcert_validity.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Validity* HTTP request header.\n- `routing.http.request.x_amzn_mtls_clientcert_leaf.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Leaf* HTTP request header.\n- `routing.http.request.x_amzn_mtls_clientcert.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert* HTTP request header.\n- `routing.http.request.x_amzn_tls_version.header_name` - Enables you to modify the header name of the *X-Amzn-Tls-Version* HTTP request header.\n- `routing.http.request.x_amzn_tls_cipher_suite.header_name` - Enables you to modify the header name of the *X-Amzn-Tls-Cipher-Suite* HTTP request header.\n- `routing.http.response.server.enabled` - Enables you to allow or remove the HTTP response server header.\n- `routing.http.response.strict_transport_security.header_value` - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.\n- `routing.http.response.access_control_allow_origin.header_value` - Specifies which origins are allowed to access the server.\n- `routing.http.response.access_control_allow_methods.header_value` - Returns which HTTP methods are allowed when accessing the server from a different origin.\n- `routing.http.response.access_control_allow_headers.header_value` - Specifies which headers can be used during the request.\n- `routing.http.response.access_control_allow_credentials.header_value` - Indicates whether the browser should include credentials such as cookies or authentication when making requests.\n- `routing.http.response.access_control_expose_headers.header_value` - Returns which headers the browser can expose to the requesting client.\n- `routing.http.response.access_control_max_age.header_value` - Specifies how long the results of a preflight request can be cached, in seconds.\n- `routing.http.response.content_security_policy.header_value` - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.\n- `routing.http.response.x_content_type_options.header_value` - Indicates whether the MIME types advertised in the *Content-Type* headers should be followed and not be changed.\n- `routing.http.response.x_frame_options.header_value` - Indicates whether the browser is allowed to render a page in a *frame* , *iframe* , *embed* or *object* .", "Value": "The value of the attribute." }, "AWS::ElasticLoadBalancingV2::Listener MutualAuthentication": { @@ -16234,6 +16586,7 @@ "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic": "Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink .", "IpAddressType": "The IP address type. Internal load balancers must use `ipv4` .\n\n[Application Load Balancers] The possible values are `ipv4` (IPv4 addresses), `dualstack` (IPv4 and IPv6 addresses), and `dualstack-without-public-ipv4` (public IPv6 addresses and private IPv4 and IPv6 addresses).\n\nApplication Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors.\n\n[Network Load Balancers and Gateway Load Balancers] The possible values are `ipv4` (IPv4 addresses) and `dualstack` (IPv4 and IPv6 addresses).", "LoadBalancerAttributes": "The load balancer attributes.", + "MinimumLoadBalancerCapacity": "The minimum capacity for a load balancer.", "Name": "The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with \"internal-\".\n\nIf you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.", "Scheme": "The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet.\n\nThe nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.\n\nThe default is an Internet-facing load balancer.\n\nYou can't specify a scheme for a Gateway Load Balancer.", "SecurityGroups": "[Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.", @@ -16243,9 +16596,12 @@ "Type": "The type of load balancer. The default is `application` ." }, "AWS::ElasticLoadBalancingV2::LoadBalancer LoadBalancerAttribute": { - "Key": "The name of the attribute.\n\nThe following attributes are supported by all load balancers:\n\n- `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false` . The default is `false` .\n- `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false` . The default for Network Load Balancers and Gateway Load Balancers is `false` . The default for Application Load Balancers is `true` , and can't be changed.\n\nThe following attributes are supported by both Application Load Balancers and Network Load Balancers:\n\n- `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false` . The default is `false` .\n- `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs.\n- `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n\nThe following attributes are supported by only Application Load Balancers:\n\n- `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n- `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n- `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false` . The default is `false` .\n- `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs.\n- `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor` , `defensive` , and `strictest` . The default is `defensive` .\n- `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( `true` ) or routed to targets ( `false` ). The default is `false` .\n- `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers ( `x-amzn-tls-version` and `x-amzn-tls-cipher-suite` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false` . The default is `false` .\n- `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append` , `preserve` , and `remove` . The default is `append` .\n\n- If the value is `append` , the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change.\n- If the value is `remove` , the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- `routing.http2.enabled` - Indicates whether HTTP/2 is enabled. The possible values are `true` and `false` . The default is `true` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n- `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Network Load Balancers:\n\n- `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity.\n- `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false` . The default is `false` .", + "Key": "The name of the attribute.\n\nThe following attributes are supported by all load balancers:\n\n- `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false` . The default is `false` .\n- `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false` . The default for Network Load Balancers and Gateway Load Balancers is `false` . The default for Application Load Balancers is `true` , and can't be changed.\n\nThe following attributes are supported by both Application Load Balancers and Network Load Balancers:\n\n- `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false` . The default is `false` .\n- `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs.\n- `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n- `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Application Load Balancers:\n\n- `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n- `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n- `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false` . The default is `false` .\n- `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs.\n- `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor` , `defensive` , and `strictest` . The default is `defensive` .\n- `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( `true` ) or routed to targets ( `false` ). The default is `false` .\n- `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers ( `x-amzn-tls-version` and `x-amzn-tls-cipher-suite` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false` . The default is `false` .\n- `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append` , `preserve` , and `remove` . The default is `append` .\n\n- If the value is `append` , the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change.\n- If the value is `remove` , the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- `routing.http2.enabled` - Indicates whether HTTP/2 is enabled. The possible values are `true` and `false` . The default is `true` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n- `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Network Load Balancers:\n\n- `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity.", "Value": "The value of the attribute." }, + "AWS::ElasticLoadBalancingV2::LoadBalancer MinimumLoadBalancerCapacity": { + "CapacityUnits": "The number of capacity units." + }, "AWS::ElasticLoadBalancingV2::LoadBalancer SubnetMapping": { "AllocationId": "[Network Load Balancers] The allocation ID of the Elastic IP address for an internet-facing load balancer.", "IPv6Address": "[Network Load Balancers] The IPv6 address.", @@ -19641,6 +19997,18 @@ "Height": "Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", "Width": "Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280." }, + "AWS::IVS::IngestConfiguration": { + "IngestProtocol": "Type of ingest protocol that the user employs for broadcasting.", + "InsecureIngest": "Whether the channel allows insecure RTMP ingest. Default: `false` .", + "Name": "Ingest name.", + "StageArn": "ARN of the stage with which the IngestConfiguration is associated.", + "Tags": "An array of key-value pairs to apply to this resource.", + "UserId": "Customer-assigned name to help identify the participant using the IngestConfiguration; this can be used to link a participant to a user in the customer\u2019s own systems. This can be any UTF-8 encoded text. *This field is exposed to all stage participants and should not be used for personally identifying, confidential, or sensitive information.*" + }, + "AWS::IVS::IngestConfiguration Tag": { + "Key": "One part of a key-value pair that makes up a tag. A `key` is a general label that acts like a category for more specific tag values.", + "Value": "The optional part of a key-value pair that makes up a tag. A `value` acts as a descriptor within a tag category (key)." + }, "AWS::IVS::PlaybackKeyPair": { "Name": "Playback-key-pair name. The value does not need to be unique.", "PublicKeyMaterial": "The public portion of a customer-generated key pair.", @@ -20434,7 +20802,9 @@ "ClientCertificateCallbackArn": "The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection." }, "AWS::IoT::DomainConfiguration ServerCertificateConfig": { - "EnableOCSPCheck": "A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see [Configurable endpoints](https://docs.aws.amazon.com//iot/latest/developerguide/iot-custom-endpoints-configurable.html) from the AWS IoT Core Developer Guide." + "EnableOCSPCheck": "A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. For more information, see [Configurable endpoints](https://docs.aws.amazon.com//iot/latest/developerguide/iot-custom-endpoints-configurable.html) from the AWS IoT Core Developer Guide.", + "OcspAuthorizedResponderArn": "", + "OcspLambdaArn": "" }, "AWS::IoT::DomainConfiguration ServerCertificateSummary": { "ServerCertificateArn": "The ARN of the server certificate.", @@ -20740,25 +21110,25 @@ "ThingName": "The name of the AWS IoT thing." }, "AWS::IoT::ThingType": { - "DeprecateThingType": "Deprecates a thing type. You can not associate new things with deprecated thing type.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", + "DeprecateThingType": "Deprecates a thing type. You can not associate new things with deprecated thing type. You cannot update `ThingTypeProperties` if the thing type is deprecated.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", "Tags": "Metadata which can be used to manage the thing type.", "ThingTypeName": "The name of the thing type.", - "ThingTypeProperties": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, and a list of searchable thing attribute names. `ThingTypeProperties` can't be updated after the initial creation of the `ThingType` ." + "ThingTypeProperties": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration` ." }, "AWS::IoT::ThingType Mqtt5Configuration": { - "PropagatingAttributes": "" + "PropagatingAttributes": "An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key." }, "AWS::IoT::ThingType PropagatingAttribute": { - "ConnectionAttribute": "", - "ThingAttribute": "", - "UserPropertyKey": "" + "ConnectionAttribute": "The attribute associated with the connection details.", + "ThingAttribute": "The thing attribute that is propagating for MQTT 5 message enrichment.", + "UserPropertyKey": "The key of the MQTT 5 user property, which is a key-value pair." }, "AWS::IoT::ThingType Tag": { "Key": "The tag's key.", "Value": "The tag's value." }, "AWS::IoT::ThingType ThingTypeProperties": { - "Mqtt5Configuration": "", + "Mqtt5Configuration": "The configuration to add user-defined properties to enrich MQTT 5 messages.", "SearchableAttributes": "A list of searchable thing attribute names.", "ThingTypeDescription": "The description of the thing type." }, @@ -21583,90 +21953,90 @@ "AWS::IoTFleetWise::Campaign": { "Action": "Specifies how to update a campaign. The action can be one of the following:\n\n- `APPROVE` - To approve delivering a data collection scheme to vehicles.\n- `SUSPEND` - To suspend collecting signal data. The campaign is deleted from vehicles and all vehicles in the suspended campaign will stop sending data.\n- `RESUME` - To reactivate the `SUSPEND` campaign. The campaign is redeployed to all vehicles and the vehicles will resume sending data.\n- `UPDATE` - To update a campaign.", "CollectionScheme": "The data collection scheme associated with the campaign. You can specify a scheme that collects data based on time or an event.", - "Compression": "(Optional) Whether to compress signals before transmitting data to AWS IoT FleetWise . If you don't want to compress the signals, use `OFF` . If it's not specified, `SNAPPY` is used.\n\nDefault: `SNAPPY`", - "DataDestinationConfigs": "(Optional) The destination where the campaign sends data. You can choose to send data to be stored in Amazon S3 or Amazon Timestream .\n\nAmazon S3 optimizes the cost of data storage and provides additional mechanisms to use vehicle data, such as data lakes, centralized data storage, data processing pipelines, and analytics. AWS IoT FleetWise supports at-least-once file delivery to S3. Your vehicle data is stored on multiple AWS IoT FleetWise servers for redundancy and high availability.\n\nYou can use Amazon Timestream to access and analyze time series data, and Timestream to query vehicle data so that you can identify trends and patterns.", - "DataExtraDimensions": "(Optional) A list of vehicle attributes to associate with a campaign.\n\nEnrich the data with specified vehicle attributes. For example, add `make` and `model` to the campaign, and AWS IoT FleetWise will associate the data with those attributes as dimensions in Amazon Timestream . You can then query the data against `make` and `model` .\n\nDefault: An empty array", - "DataPartitions": "", - "Description": "(Optional) The description of the campaign.", - "DiagnosticsMode": "(Optional) Option for a vehicle to send diagnostic trouble codes to AWS IoT FleetWise . If you want to send diagnostic trouble codes, use `SEND_ACTIVE_DTCS` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", - "ExpiryTime": "(Optional) The time the campaign expires, in seconds since epoch (January 1, 1970 at midnight UTC time). Vehicle data isn't collected after the campaign expires.\n\nDefault: 253402214400 (December 31, 9999, 00:00:00 UTC)", + "Compression": "Whether to compress signals before transmitting data to AWS IoT FleetWise . If you don't want to compress the signals, use `OFF` . If it's not specified, `SNAPPY` is used.\n\nDefault: `SNAPPY`", + "DataDestinationConfigs": "The destination where the campaign sends data. You can choose to send data to be stored in Amazon S3 or Amazon Timestream .\n\nAmazon S3 optimizes the cost of data storage and provides additional mechanisms to use vehicle data, such as data lakes, centralized data storage, data processing pipelines, and analytics. AWS IoT FleetWise supports at-least-once file delivery to S3. Your vehicle data is stored on multiple AWS IoT FleetWise servers for redundancy and high availability.\n\nYou can use Amazon Timestream to access and analyze time series data, and Timestream to query vehicle data so that you can identify trends and patterns.", + "DataExtraDimensions": "A list of vehicle attributes to associate with a campaign.\n\nEnrich the data with specified vehicle attributes. For example, add `make` and `model` to the campaign, and AWS IoT FleetWise will associate the data with those attributes as dimensions in Amazon Timestream . You can then query the data against `make` and `model` .\n\nDefault: An empty array", + "DataPartitions": "The data partitions associated with the signals collected from the vehicle.", + "Description": "The description of the campaign.", + "DiagnosticsMode": "Option for a vehicle to send diagnostic trouble codes to AWS IoT FleetWise . If you want to send diagnostic trouble codes, use `SEND_ACTIVE_DTCS` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "ExpiryTime": "The time the campaign expires, in seconds since epoch (January 1, 1970 at midnight UTC time). Vehicle data isn't collected after the campaign expires.\n\nDefault: 253402214400 (December 31, 9999, 00:00:00 UTC)", "Name": "The name of a campaign.", - "PostTriggerCollectionDuration": "(Optional) How long (in milliseconds) to collect raw data after a triggering event initiates the collection. If it's not specified, `0` is used.\n\nDefault: `0`", - "Priority": "(Optional) A number indicating the priority of one campaign over another campaign for a certain vehicle or fleet. A campaign with the lowest value is deployed to vehicles before any other campaigns. If it's not specified, `0` is used.\n\nDefault: `0`", + "PostTriggerCollectionDuration": "How long (in milliseconds) to collect raw data after a triggering event initiates the collection. If it's not specified, `0` is used.\n\nDefault: `0`", + "Priority": "A number indicating the priority of one campaign over another campaign for a certain vehicle or fleet. A campaign with the lowest value is deployed to vehicles before any other campaigns. If it's not specified, `0` is used.\n\nDefault: `0`", "SignalCatalogArn": "The Amazon Resource Name (ARN) of the signal catalog associated with the campaign.", - "SignalsToCollect": "(Optional) A list of information about signals to collect.", - "SignalsToFetch": "", - "SpoolingMode": "(Optional) Whether to store collected data after a vehicle lost a connection with the cloud. After a connection is re-established, the data is automatically forwarded to AWS IoT FleetWise . If you want to store collected data when a vehicle loses connection with the cloud, use `TO_DISK` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", - "StartTime": "(Optional) The time, in milliseconds, to deliver a campaign after it was approved. If it's not specified, `0` is used.\n\nDefault: `0`", - "Tags": "(Optional) Metadata that can be used to manage the campaign.", + "SignalsToCollect": "A list of information about signals to collect.", + "SignalsToFetch": "A list of information about signals to fetch.", + "SpoolingMode": "Whether to store collected data after a vehicle lost a connection with the cloud. After a connection is re-established, the data is automatically forwarded to AWS IoT FleetWise . If you want to store collected data when a vehicle loses connection with the cloud, use `TO_DISK` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "StartTime": "The time, in milliseconds, to deliver a campaign after it was approved. If it's not specified, `0` is used.\n\nDefault: `0`", + "Tags": "Metadata that can be used to manage the campaign.", "TargetArn": "The Amazon Resource Name (ARN) of a vehicle or fleet to which the campaign is deployed." }, "AWS::IoTFleetWise::Campaign CollectionScheme": { - "ConditionBasedCollectionScheme": "(Optional) Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", - "TimeBasedCollectionScheme": "(Optional) Information about a collection scheme that uses a time period to decide how often to collect data." + "ConditionBasedCollectionScheme": "Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", + "TimeBasedCollectionScheme": "Information about a collection scheme that uses a time period to decide how often to collect data." }, "AWS::IoTFleetWise::Campaign ConditionBasedCollectionScheme": { - "ConditionLanguageVersion": "(Optional) Specifies the version of the conditional expression language.", + "ConditionLanguageVersion": "Specifies the version of the conditional expression language.", "Expression": "The logical expression used to recognize what data to collect. For example, `$variable.Vehicle.OutsideAirTemperature >= 105.0` .", - "MinimumTriggerIntervalMs": "(Optional) The minimum duration of time between two triggering events to collect data, in milliseconds.\n\n> If a signal changes often, you might want to collect data at a slower rate.", - "TriggerMode": "(Optional) Whether to collect data for all triggering events ( `ALWAYS` ). Specify ( `RISING_EDGE` ), or specify only when the condition first evaluates to false. For example, triggering on \"AirbagDeployed\"; Users aren't interested on triggering when the airbag is already exploded; they only care about the change from not deployed => deployed." + "MinimumTriggerIntervalMs": "The minimum duration of time between two triggering events to collect data, in milliseconds.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "TriggerMode": "Whether to collect data for all triggering events ( `ALWAYS` ). Specify ( `RISING_EDGE` ), or specify only when the condition first evaluates to false. For example, triggering on \"AirbagDeployed\"; Users aren't interested on triggering when the airbag is already exploded; they only care about the change from not deployed => deployed." }, "AWS::IoTFleetWise::Campaign ConditionBasedSignalFetchConfig": { - "ConditionExpression": "", - "TriggerMode": "" + "ConditionExpression": "The condition that must be satisfied to trigger a signal fetch.", + "TriggerMode": "Indicates the mode in which the signal fetch is triggered." }, "AWS::IoTFleetWise::Campaign DataDestinationConfig": { - "MqttTopicConfig": "", - "S3Config": "(Optional) The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data.", - "TimestreamConfig": "(Optional) The Amazon Timestream table where the campaign sends data." + "MqttTopicConfig": "The MQTT topic to which the AWS IoT FleetWise campaign routes data.\n\n> Access to certain AWS IoT FleetWise features is currently gated. For more information, see [AWS Region and feature availability](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleetwise-regions.html) in the *AWS IoT FleetWise Developer Guide* .", + "S3Config": "The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data.", + "TimestreamConfig": "The Amazon Timestream table where the campaign sends data." }, "AWS::IoTFleetWise::Campaign DataPartition": { - "Id": "", - "StorageOptions": "", - "UploadOptions": "" + "Id": "The ID of the data partition. The data partition ID must be unique within a campaign. You can establish a data partition as the default partition for a campaign by using `default` as the ID.", + "StorageOptions": "The storage options for a data partition.", + "UploadOptions": "The upload options for the data partition." }, "AWS::IoTFleetWise::Campaign DataPartitionStorageOptions": { - "MaximumSize": "", - "MinimumTimeToLive": "", - "StorageLocation": "" + "MaximumSize": "The maximum storage size of the data stored in the data partition.\n\n> Newer data overwrites older data when the partition reaches the maximum size.", + "MinimumTimeToLive": "The amount of time that data in this partition will be kept on disk.\n\n- After the designated amount of time passes, the data can be removed, but it's not guaranteed to be removed.\n- Before the time expires, data in this partition can still be deleted if the partition reaches its configured maximum size.\n- Newer data will overwrite older data when the partition reaches the maximum size.", + "StorageLocation": "The folder name for the data partition under the campaign storage folder." }, "AWS::IoTFleetWise::Campaign DataPartitionUploadOptions": { - "ConditionLanguageVersion": "", - "Expression": "" + "ConditionLanguageVersion": "The version of the condition language. Defaults to the most recent condition language version.", + "Expression": "The logical expression used to recognize what data to collect. For example, `$variable.`Vehicle.OutsideAirTemperature` >= 105.0` ." }, "AWS::IoTFleetWise::Campaign MqttTopicConfig": { - "ExecutionRoleArn": "", - "MqttTopicArn": "" + "ExecutionRoleArn": "The ARN of the role that grants AWS IoT FleetWise permission to access and act on messages sent to the MQTT topic.", + "MqttTopicArn": "The ARN of the MQTT topic." }, "AWS::IoTFleetWise::Campaign S3Config": { "BucketArn": "The Amazon Resource Name (ARN) of the Amazon S3 bucket.", - "DataFormat": "(Optional) Specify the format that files are saved in the Amazon S3 bucket. You can save files in an Apache Parquet or JSON format.\n\n- Parquet - Store data in a columnar storage file format. Parquet is optimal for fast data retrieval and can reduce costs. This option is selected by default.\n- JSON - Store data in a standard text-based JSON file format.", - "Prefix": "(Optional) Enter an S3 bucket prefix. The prefix is the string of characters after the bucket name and before the object name. You can use the prefix to organize data stored in Amazon S3 buckets. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* .\n\nBy default, AWS IoT FleetWise sets the prefix `processed-data/year=YY/month=MM/date=DD/hour=HH/` (in UTC) to data it delivers to Amazon S3 . You can enter a prefix to append it to this default prefix. For example, if you enter the prefix `vehicles` , the prefix will be `vehicles/processed-data/year=YY/month=MM/date=DD/hour=HH/` .", - "StorageCompressionFormat": "(Optional) By default, stored data is compressed as a .gzip file. Compressed files have a reduced file size, which can optimize the cost of data storage." + "DataFormat": "Specify the format that files are saved in the Amazon S3 bucket. You can save files in an Apache Parquet or JSON format.\n\n- Parquet - Store data in a columnar storage file format. Parquet is optimal for fast data retrieval and can reduce costs. This option is selected by default.\n- JSON - Store data in a standard text-based JSON file format.", + "Prefix": "Enter an S3 bucket prefix. The prefix is the string of characters after the bucket name and before the object name. You can use the prefix to organize data stored in Amazon S3 buckets. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* .\n\nBy default, AWS IoT FleetWise sets the prefix `processed-data/year=YY/month=MM/date=DD/hour=HH/` (in UTC) to data it delivers to Amazon S3 . You can enter a prefix to append it to this default prefix. For example, if you enter the prefix `vehicles` , the prefix will be `vehicles/processed-data/year=YY/month=MM/date=DD/hour=HH/` .", + "StorageCompressionFormat": "By default, stored data is compressed as a .gzip file. Compressed files have a reduced file size, which can optimize the cost of data storage." }, "AWS::IoTFleetWise::Campaign SignalFetchConfig": { - "ConditionBased": "", - "TimeBased": "" + "ConditionBased": "The configuration of a condition-based signal fetch operation.", + "TimeBased": "The configuration of a time-based signal fetch operation." }, "AWS::IoTFleetWise::Campaign SignalFetchInformation": { - "Actions": "", - "ConditionLanguageVersion": "", - "FullyQualifiedName": "", - "SignalFetchConfig": "" + "Actions": "The actions to be performed by the signal fetch.", + "ConditionLanguageVersion": "The version of the condition language used.", + "FullyQualifiedName": "The fully qualified name of the signal to be fetched.", + "SignalFetchConfig": "The configuration of the signal fetch operation." }, "AWS::IoTFleetWise::Campaign SignalInformation": { - "DataPartitionId": "", - "MaxSampleCount": "(Optional) The maximum number of samples to collect.", - "MinimumSamplingIntervalMs": "(Optional) The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "DataPartitionId": "The ID of the data partition this signal is associated with.\n\nThe ID must match one of the IDs provided in `dataPartitions` . This is accomplished either by specifying a particular data partition ID or by using `default` for an established default partition. You can establish a default partition in the `DataPartition` data type.\n\n> If you upload a signal as a condition for a campaign's data partition, the same signal must be included in `signalsToCollect` . > Access to certain AWS IoT FleetWise features is currently gated. For more information, see [AWS Region and feature availability](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleetwise-regions.html) in the *AWS IoT FleetWise Developer Guide* .", + "MaxSampleCount": "The maximum number of samples to collect.", + "MinimumSamplingIntervalMs": "The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", "Name": "The name of the signal." }, "AWS::IoTFleetWise::Campaign StorageMaximumSize": { - "Unit": "", - "Value": "" + "Unit": "The data type of the data to store.", + "Value": "The maximum amount of time to store data." }, "AWS::IoTFleetWise::Campaign StorageMinimumTimeToLive": { - "Unit": "", - "Value": "" + "Unit": "The time increment type.", + "Value": "The minimum amount of time to store the data." }, "AWS::IoTFleetWise::Campaign Tag": { "Key": "The tag's key.", @@ -21676,25 +22046,26 @@ "PeriodMs": "The time period (in milliseconds) to decide how often to collect data. For example, if the time period is `60000` , the Edge Agent software collects data once every minute." }, "AWS::IoTFleetWise::Campaign TimeBasedSignalFetchConfig": { - "ExecutionFrequencyMs": "" + "ExecutionFrequencyMs": "The frequency with which the signal fetch will be executed." }, "AWS::IoTFleetWise::Campaign TimestreamConfig": { "ExecutionRoleArn": "The Amazon Resource Name (ARN) of the task execution role that grants AWS IoT FleetWise permission to deliver data to the Amazon Timestream table.", "TimestreamTableArn": "The Amazon Resource Name (ARN) of the Amazon Timestream table." }, "AWS::IoTFleetWise::DecoderManifest": { - "Description": "(Optional) A brief description of the decoder manifest.", + "DefaultForUnmappedSignals": "Use default decoders for all unmapped signals in the model. You don't need to provide any detailed decoding information.", + "Description": "A brief description of the decoder manifest.", "ModelManifestArn": "The Amazon Resource Name (ARN) of a vehicle model (model manifest) associated with the decoder manifest.", "Name": "The name of the decoder manifest.", - "NetworkInterfaces": "(Optional) A list of information about available network interfaces.", - "SignalDecoders": "(Optional) A list of information about signal decoders.", - "Status": "(Optional) The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", - "Tags": "(Optional) Metadata that can be used to manage the decoder manifest." + "NetworkInterfaces": "A list of information about available network interfaces.", + "SignalDecoders": "A list of information about signal decoders.", + "Status": "The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", + "Tags": "Metadata that can be used to manage the decoder manifest." }, "AWS::IoTFleetWise::DecoderManifest CanInterface": { "Name": "The unique name of the interface.", - "ProtocolName": "(Optional) The name of the communication protocol for the interface.", - "ProtocolVersion": "(Optional) The version of the communication protocol for the interface." + "ProtocolName": "The name of the communication protocol for the interface.", + "ProtocolVersion": "The version of the communication protocol for the interface." }, "AWS::IoTFleetWise::DecoderManifest CanNetworkInterface": { "CanInterface": "Information about a network interface specified by the Controller Area Network (CAN) protocol.", @@ -21707,7 +22078,7 @@ "IsSigned": "Whether the message data is specified as a signed value.", "Length": "How many bytes of data are in the message.", "MessageId": "The ID of the message.", - "Name": "(Optional) The name of the signal.", + "Name": "The name of the signal.", "Offset": "The offset used to calculate the signal value. Combined with factor, the calculation is `value = raw_value * factor + offset` .", "StartBit": "Indicates the beginning of the CAN message." }, @@ -21717,27 +22088,45 @@ "InterfaceId": "The ID of a network interface that specifies what network protocol a vehicle follows.", "Type": "The network protocol for the vehicle. For example, `CAN_SIGNAL` specifies a protocol that defines how data is communicated between electronic control units (ECUs). `OBD_SIGNAL` specifies a protocol that defines how self-diagnostic data is communicated between ECUs." }, + "AWS::IoTFleetWise::DecoderManifest CustomDecodingInterface": { + "Name": "The name of the interface." + }, + "AWS::IoTFleetWise::DecoderManifest CustomDecodingNetworkInterface": { + "CustomDecodingInterface": "Represents a custom network interface as defined by the customer.", + "InterfaceId": "The ID of a network interface that specifies what network protocol a vehicle follows.", + "Type": "The network protocol for the vehicle. For example, `CAN_SIGNAL` specifies a protocol that defines how data is communicated between electronic control units (ECUs). `OBD_SIGNAL` specifies a protocol that defines how self-diagnostic data is communicated between ECUs." + }, + "AWS::IoTFleetWise::DecoderManifest CustomDecodingSignal": { + "Id": "The ID of the signal." + }, + "AWS::IoTFleetWise::DecoderManifest CustomDecodingSignalDecoder": { + "CustomDecodingSignal": "Information about signals using a custom decoding protocol as defined by the customer.\n\n> Access to certain AWS IoT FleetWise features is currently gated. For more information, see [AWS Region and feature availability](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleetwise-regions.html) in the *AWS IoT FleetWise Developer Guide* .", + "FullyQualifiedName": "The fully qualified name of a signal decoder as defined in a vehicle model.", + "InterfaceId": "The ID of a network interface that specifies what network protocol a vehicle follows.", + "Type": "The network protocol for the vehicle. For example, `CAN_SIGNAL` specifies a protocol that defines how data is communicated between electronic control units (ECUs). `OBD_SIGNAL` specifies a protocol that defines how self-diagnostic data is communicated between ECUs." + }, "AWS::IoTFleetWise::DecoderManifest NetworkInterfacesItems": { - "CanNetworkInterface": "", - "ObdNetworkInterface": "" + "CanNetworkInterface": "A single controller area network (CAN) device interface.", + "CustomDecodingNetworkInterface": "Represents a custom network interface as defined by the customer.\n\n> Access to certain AWS IoT FleetWise features is currently gated. For more information, see [AWS Region and feature availability](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleetwise-regions.html) in the *AWS IoT FleetWise Developer Guide* .", + "ObdNetworkInterface": "A network interface that specifies the on-board diagnostic (OBD) II network protocol." }, "AWS::IoTFleetWise::DecoderManifest ObdInterface": { - "DtcRequestIntervalSeconds": "(Optional) The maximum number message requests per diagnostic trouble code per second.", - "HasTransmissionEcu": "(Optional) Whether the vehicle has a transmission control module (TCM).", + "DtcRequestIntervalSeconds": "The maximum number message requests per diagnostic trouble code per second.", + "HasTransmissionEcu": "Whether the vehicle has a transmission control module (TCM).", "Name": "The name of the interface.", - "ObdStandard": "(Optional) The standard OBD II PID.", - "PidRequestIntervalSeconds": "(Optional) The maximum number message requests per second.", + "ObdStandard": "The standard OBD II PID.", + "PidRequestIntervalSeconds": "The maximum number message requests per second.", "RequestMessageId": "The ID of the message requesting vehicle data.", - "UseExtendedIds": "(Optional) Whether to use extended IDs in the message." + "UseExtendedIds": "Whether to use extended IDs in the message." }, "AWS::IoTFleetWise::DecoderManifest ObdNetworkInterface": { "InterfaceId": "The ID of the network interface.", - "ObdInterface": "(Optional) Information about a network interface specified by the On-board diagnostic (OBD) II protocol.", + "ObdInterface": "Information about a network interface specified by the On-board diagnostic (OBD) II protocol.", "Type": "The network protocol for the vehicle. For example, `CAN_SIGNAL` specifies a protocol that defines how data is communicated between electronic control units (ECUs). `OBD_SIGNAL` specifies a protocol that defines how self-diagnostic data is communicated between ECUs." }, "AWS::IoTFleetWise::DecoderManifest ObdSignal": { - "BitMaskLength": "(Optional) The number of bits to mask in a message.", - "BitRightShift": "(Optional) The number of positions to shift bits in the message.", + "BitMaskLength": "The number of bits to mask in a message.", + "BitRightShift": "The number of positions to shift bits in the message.", "ByteLength": "The length of a message.", "Offset": "The offset used to calculate the signal value. Combined with scaling, the calculation is `value = raw_value * scaling + offset` .", "Pid": "The diagnostic code used to request data from a vehicle for this signal.", @@ -21747,106 +22136,120 @@ "StartByte": "Indicates the beginning of the message." }, "AWS::IoTFleetWise::DecoderManifest ObdSignalDecoder": { - "FullyQualifiedName": "", - "InterfaceId": "", + "FullyQualifiedName": "The fully qualified name of a signal decoder as defined in a vehicle model.", + "InterfaceId": "The ID of a network interface that specifies what network protocol a vehicle follows.", "ObdSignal": "Information about signal messages using the on-board diagnostics (OBD) II protocol in a vehicle.", - "Type": "" + "Type": "The network protocol for the vehicle. For example, `CAN_SIGNAL` specifies a protocol that defines how data is communicated between electronic control units (ECUs). `OBD_SIGNAL` specifies a protocol that defines how self-diagnostic data is communicated between ECUs." }, "AWS::IoTFleetWise::DecoderManifest SignalDecodersItems": { - "CanSignalDecoder": "", - "ObdSignalDecoder": "" + "CanSignalDecoder": "Information about signal decoder using the Controller Area Network (CAN) protocol.", + "CustomDecodingSignalDecoder": "Information about a [custom signal decoder](https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/API_CustomDecodingSignal.html) .\n\n> Access to certain AWS IoT FleetWise features is currently gated. For more information, see [AWS Region and feature availability](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleetwise-regions.html) in the *AWS IoT FleetWise Developer Guide* .", + "ObdSignalDecoder": "Information about signal decoder using the on-board diagnostic (OBD) II protocol." }, "AWS::IoTFleetWise::DecoderManifest Tag": { "Key": "The tag's key.", "Value": "The tag's value." }, "AWS::IoTFleetWise::Fleet": { - "Description": "(Optional) A brief description of the fleet.", + "Description": "A brief description of the fleet.", "Id": "The unique ID of the fleet.", "SignalCatalogArn": "The ARN of the signal catalog associated with the fleet.", - "Tags": "(Optional) Metadata that can be used to manage the fleet." + "Tags": "Metadata that can be used to manage the fleet." }, "AWS::IoTFleetWise::Fleet Tag": { "Key": "The tag's key.", "Value": "The tag's value." }, "AWS::IoTFleetWise::ModelManifest": { - "Description": "(Optional) A brief description of the vehicle model.", + "Description": "A brief description of the vehicle model.", "Name": "The name of the vehicle model.", - "Nodes": "(Optional) A list of nodes, which are a general abstraction of signals.", + "Nodes": "A list of nodes, which are a general abstraction of signals.", "SignalCatalogArn": "The Amazon Resource Name (ARN) of the signal catalog associated with the vehicle model.", - "Status": "(Optional) The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", - "Tags": "(Optional) Metadata that can be used to manage the vehicle model." + "Status": "The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", + "Tags": "Metadata that can be used to manage the vehicle model." }, "AWS::IoTFleetWise::ModelManifest Tag": { "Key": "The tag's key.", "Value": "The tag's value." }, "AWS::IoTFleetWise::SignalCatalog": { - "Description": "(Optional) A brief description of the signal catalog.", - "Name": "(Optional) The name of the signal catalog.", - "NodeCounts": "(Optional) Information about the number of nodes and node types in a vehicle network.", - "Nodes": "(Optional) A list of information about nodes, which are a general abstraction of signals.", - "Tags": "(Optional) Metadata that can be used to manage the signal catalog." + "Description": "A brief description of the signal catalog.", + "Name": "The name of the signal catalog.", + "NodeCounts": "Information about the number of nodes and node types in a vehicle network.", + "Nodes": "A list of information about nodes, which are a general abstraction of signals.", + "Tags": "Metadata that can be used to manage the signal catalog." }, "AWS::IoTFleetWise::SignalCatalog Actuator": { - "AllowedValues": "(Optional) A list of possible values an actuator can take.", - "AssignedValue": "(Optional) A specified value for the actuator.", + "AllowedValues": "A list of possible values an actuator can take.", + "AssignedValue": "A specified value for the actuator.", "DataType": "The specified data type of the actuator.", - "Description": "(Optional) A brief description of the actuator.", + "Description": "A brief description of the actuator.", "FullyQualifiedName": "The fully qualified name of the actuator. For example, the fully qualified name of an actuator might be `Vehicle.Front.Left.Door.Lock` .", - "Max": "(Optional) The specified possible maximum value of an actuator.", - "Min": "(Optional) The specified possible minimum value of an actuator.", - "Unit": "(Optional) The scientific unit for the actuator." + "Max": "The specified possible maximum value of an actuator.", + "Min": "The specified possible minimum value of an actuator.", + "Unit": "The scientific unit for the actuator." }, "AWS::IoTFleetWise::SignalCatalog Attribute": { - "AllowedValues": "(Optional) A list of possible values an attribute can be assigned.", - "AssignedValue": "(Optional) A specified value for the attribute.", + "AllowedValues": "A list of possible values an attribute can be assigned.", + "AssignedValue": "A specified value for the attribute.", "DataType": "The specified data type of the attribute.", - "DefaultValue": "(Optional) The default value of the attribute.", - "Description": "(Optional) A brief description of the attribute.", + "DefaultValue": "The default value of the attribute.", + "Description": "A brief description of the attribute.", "FullyQualifiedName": "The fully qualified name of the attribute. For example, the fully qualified name of an attribute might be `Vehicle.Body.Engine.Type` .", - "Max": "(Optional) The specified possible maximum value of the attribute.", - "Min": "(Optional) The specified possible minimum value of the attribute.", - "Unit": "(Optional) The scientific unit for the attribute." + "Max": "The specified possible maximum value of the attribute.", + "Min": "The specified possible minimum value of the attribute.", + "Unit": "The scientific unit for the attribute." }, "AWS::IoTFleetWise::SignalCatalog Branch": { - "Description": "(Optional) A brief description of the branch.", + "Description": "A brief description of the branch.", "FullyQualifiedName": "The fully qualified name of the branch. For example, the fully qualified name of a branch might be `Vehicle.Body.Engine` ." }, "AWS::IoTFleetWise::SignalCatalog Node": { - "Actuator": "(Optional) Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", - "Attribute": "(Optional) Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", - "Branch": "(Optional) Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", - "Sensor": "(Optional) An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors." + "Actuator": "Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", + "Attribute": "Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", + "Branch": "Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", + "Sensor": "An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors." }, "AWS::IoTFleetWise::SignalCatalog NodeCounts": { - "TotalActuators": "(Optional) The total number of nodes in a vehicle network that represent actuators.", - "TotalAttributes": "(Optional) The total number of nodes in a vehicle network that represent attributes.", - "TotalBranches": "(Optional) The total number of nodes in a vehicle network that represent branches.", - "TotalNodes": "(Optional) The total number of nodes in a vehicle network.", - "TotalSensors": "(Optional) The total number of nodes in a vehicle network that represent sensors." + "TotalActuators": "The total number of nodes in a vehicle network that represent actuators.", + "TotalAttributes": "The total number of nodes in a vehicle network that represent attributes.", + "TotalBranches": "The total number of nodes in a vehicle network that represent branches.", + "TotalNodes": "The total number of nodes in a vehicle network.", + "TotalSensors": "The total number of nodes in a vehicle network that represent sensors." }, "AWS::IoTFleetWise::SignalCatalog Sensor": { - "AllowedValues": "(Optional) A list of possible values a sensor can take.", + "AllowedValues": "A list of possible values a sensor can take.", "DataType": "The specified data type of the sensor.", - "Description": "(Optional) A brief description of a sensor.", + "Description": "A brief description of a sensor.", "FullyQualifiedName": "The fully qualified name of the sensor. For example, the fully qualified name of a sensor might be `Vehicle.Body.Engine.Battery` .", - "Max": "(Optional) The specified possible maximum value of the sensor.", - "Min": "(Optional) The specified possible minimum value of the sensor.", - "Unit": "(Optional) The scientific unit of measurement for data collected by the sensor." + "Max": "The specified possible maximum value of the sensor.", + "Min": "The specified possible minimum value of the sensor.", + "Unit": "The scientific unit of measurement for data collected by the sensor." }, "AWS::IoTFleetWise::SignalCatalog Tag": { "Key": "The tag's key.", "Value": "The tag's value." }, + "AWS::IoTFleetWise::StateTemplate": { + "DataExtraDimensions": "A list of vehicle attributes associated with the payload published on the state template's MQTT topic.", + "Description": "A brief description of the state template.", + "MetadataExtraDimensions": "A list of vehicle attributes to associate with the user properties of the messages published on the state template's MQTT topic. For example, if you add `Vehicle.Attributes.Make` and `Vehicle.Attributes.Model` attributes, these attributes are included as user properties with the MQTT message.", + "Name": "The unique alias of the state template.", + "SignalCatalogArn": "The Amazon Resource Name (ARN) of the signal catalog associated with the state template.", + "StateTemplateProperties": "A list of signals from which data is collected. The state template properties contain the fully qualified names of the signals.", + "Tags": "Metadata that can be used to manage the state template." + }, + "AWS::IoTFleetWise::StateTemplate Tag": { + "Key": "The tag's key.", + "Value": "The tag's value." + }, "AWS::IoTFleetWise::Vehicle": { - "AssociationBehavior": "(Optional) An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", - "Attributes": "(Optional) Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", + "AssociationBehavior": "An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", + "Attributes": "Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", "DecoderManifestArn": "The Amazon Resource Name (ARN) of a decoder manifest associated with the vehicle to create.", "ModelManifestArn": "The Amazon Resource Name (ARN) of the vehicle model (model manifest) to create the vehicle from.", "Name": "The unique ID of the vehicle.", - "Tags": "(Optional) Metadata which can be used to manage the vehicle." + "Tags": "Metadata which can be used to manage the vehicle." }, "AWS::IoTFleetWise::Vehicle Tag": { "Key": "The tag's key.", @@ -22037,6 +22440,8 @@ "PortalContactEmail": "The AWS administrator's contact email address.", "PortalDescription": "A description for the portal.", "PortalName": "A friendly name for the portal.", + "PortalType": "Define the type of portal. The value for AWS IoT SiteWise Monitor (Classic) is `SITEWISE_PORTAL_V1` . The value for AWS IoT SiteWise Monitor (AI-aware) is `SITEWISE_PORTAL_V2` .", + "PortalTypeConfiguration": "", "RoleArn": "The [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see [Using service roles for AWS IoT SiteWise Monitor](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) in the *AWS IoT SiteWise User Guide* .", "Tags": "A list of key-value pairs that contain metadata for the portal. For more information, see [Tagging your AWS IoT SiteWise resources](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) in the *AWS IoT SiteWise User Guide* ." }, @@ -22044,6 +22449,9 @@ "AlarmRoleArn": "The [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the IAM role that allows the alarm to perform actions and access AWS resources and services, such as AWS IoT Events .", "NotificationLambdaArn": "The [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the Lambda function that manages alarm notifications. For more information, see [Managing alarm notifications](https://docs.aws.amazon.com/iotevents/latest/developerguide/lambda-support.html) in the *AWS IoT Events Developer Guide* ." }, + "AWS::IoTSiteWise::Portal PortalTypeEntry": { + "PortalTools": "" + }, "AWS::IoTSiteWise::Portal Tag": { "Key": "The key or name that identifies the tag.", "Value": "The value of the tag." @@ -24126,9 +24534,9 @@ "MaximumBatchingWindowInSeconds": "The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.\n\n*Default ( Kinesis , DynamoDB , Amazon SQS event sources)* : 0\n\n*Default ( Amazon MSK , Kafka, Amazon MQ , Amazon DocumentDB event sources)* : 500 ms\n\n*Related setting:* For Amazon SQS event sources, when you set `BatchSize` to a value greater than 10, you must set `MaximumBatchingWindowInSeconds` to at least 1.", "MaximumRecordAgeInSeconds": "(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1,\nwhich sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.\n\n> The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed", "MaximumRetryAttempts": "(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1,\nwhich sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.", - "MetricsConfig": "", + "MetricsConfig": "The metrics configuration for your event source. For more information, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics) .", "ParallelizationFactor": "(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.", - "ProvisionedPollerConfig": "", + "ProvisionedPollerConfig": "(Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see [provisioned mode](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#invocation-eventsourcemapping-provisioned-mode) .", "Queues": "(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.", "ScalingConfig": "(Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency) .", "SelfManagedEventSource": "The self-managed Apache Kafka cluster for your event source.", @@ -24161,14 +24569,14 @@ "Filters": "A list of filters." }, "AWS::Lambda::EventSourceMapping MetricsConfig": { - "Metrics": "" + "Metrics": "The metrics you want your event source mapping to produce. Include `EventCount` to receive event source mapping metrics related to the number of events processed by your event source mapping. For more information about these metrics, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics) ." }, "AWS::Lambda::EventSourceMapping OnFailure": { "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination." }, "AWS::Lambda::EventSourceMapping ProvisionedPollerConfig": { - "MaximumPollers": "", - "MinimumPollers": "" + "MaximumPollers": "The maximum number of event pollers this event source can scale up to.", + "MinimumPollers": "The minimum number of event pollers this event source can scale down to." }, "AWS::Lambda::EventSourceMapping ScalingConfig": { "MaximumConcurrency": "Limits the number of concurrent instances that the Amazon SQS event source can invoke." @@ -25539,6 +25947,11 @@ "Content": "The content of the application definition. This is a JSON object that contains the resource configuration/definitions that identify an application.", "S3Location": "The S3 bucket that contains the application definition." }, + "AWS::M2::Deployment": { + "ApplicationId": "The unique identifier of the application.", + "ApplicationVersion": "The version of the application.", + "EnvironmentId": "The unique identifier of the runtime environment." + }, "AWS::M2::Environment": { "Description": "The description of the runtime environment.", "EngineType": "The target platform for the runtime environment.", @@ -26051,7 +26464,7 @@ "Name": "The name of the flow.", "Source": "The settings for the source that you want to use for the new flow.", "SourceFailoverConfig": "The settings for source failover.", - "SourceMonitoringConfig": "", + "SourceMonitoringConfig": "The settings for source monitoring.", "VpcInterfaces": "The VPC interfaces that you added to this flow." }, "AWS::MediaConnect::Flow Encryption": { @@ -26127,7 +26540,7 @@ "MediaStreamSourceConfigurations": "The media stream that is associated with the source, and the parameters for that association.", "MinLatency": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender\u2019s minimum latency and the receiver\u2019s minimum latency.", "Name": "The name of the source.", - "Protocol": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.", + "Protocol": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "SenderControlPort": "The port that the flow uses to send outbound requests to initiate connection with the sender.", "SenderIpAddress": "The IP address that the flow communicates with to initiate connection with the sender.", "SourceArn": "The ARN of the source.", @@ -26139,7 +26552,7 @@ "WhitelistCidr": "The range of IP addresses that are allowed to contribute content to your source. Format the IP addresses as a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." }, "AWS::MediaConnect::Flow SourceMonitoringConfig": { - "ThumbnailState": "" + "ThumbnailState": "The current state of the thumbnail monitoring.\n\n- If you don't explicitly specify a value when creating a flow, no thumbnail state will be set.\n- If you update an existing flow and remove a previously set thumbnail state, the value will change to `DISABLED` ." }, "AWS::MediaConnect::Flow SourcePriority": { "PrimarySource": "The name of the source you choose as the primary source for this flow." @@ -26181,13 +26594,13 @@ "Destination": "The IP address where you want to send the output.", "Encryption": "The encryption credentials that you want to use for the output.", "FlowArn": "The Amazon Resource Name (ARN) of the flow this output is attached to.", - "MaxLatency": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams.", + "MaxLatency": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.", "MediaStreamOutputConfigurations": "The definition for each media stream that is associated with the output.", "MinLatency": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender\u2019s minimum latency and the receiver\u2019s minimum latency.", "Name": "The name of the output. This value must be unique within the current flow.", "OutputStatus": "An indication of whether the new output should be enabled or disabled as soon as it is created. If you don't specify the outputStatus field in your request, MediaConnect sets it to ENABLED.", "Port": "The port to use when MediaConnect distributes content to the output.", - "Protocol": "The protocol to use for the output.", + "Protocol": "The protocol to use for the output.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "RemoteId": "The identifier that is assigned to the Zixi receiver. This parameter applies only to outputs that use Zixi pull.", "SmoothingLatency": "The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams.", "StreamId": "The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams.", @@ -26228,7 +26641,7 @@ "GatewayBridgeSource": "The source configuration for cloud flows receiving a stream from a bridge.", "IngestPort": "The port that the flow listens on for incoming content. If the protocol of the source is Zixi, the port must be set to 2088.", "MaxBitrate": "The maximum bitrate for RIST, RTP, and RTP-FEC streams.", - "MaxLatency": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams.", + "MaxLatency": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.", "MinLatency": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender\u2019s minimum latency and the receiver\u2019s minimum latency.", "Name": "The name of the source.", "Protocol": "The protocol that the source uses to deliver the content to MediaConnect. Adding additional sources to an existing flow requires Failover to be enabled. When you enable Failover, the additional source must use the same protocol as the existing source. Only the following protocols support failover: Zixi-push, RTP-FEC, RTP, RIST and SRT protocols.\n\nIf you use failover with SRT caller or listener, the `FailoverMode` property must be set to `FAILOVER` . The `FailoverMode` property\u00a0is found in\u00a0the `FailoverConfig` resource\u00a0of the same flow ARN you used for the source's `FlowArn` property. SRT caller/listener does not support\u00a0merge\u00a0mode failover.", @@ -27686,7 +28099,7 @@ "ManifestName": "A short string that's appended to the end of the endpoint URL to create a unique path to this endpoint. The manifestName on the HLSManifest object overrides the manifestName that you provided on the originEndpoint object.", "PlaylistType": "When specified as either `event` or `vod` , a corresponding `EXT-X-PLAYLIST-TYPE` entry is included in the media playlist. Indicates if the playlist is live-to-VOD content.", "PlaylistWindowSeconds": "Time window (in seconds) contained in each parent manifest.", - "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "Url": "The URL that's used to request this manifest from this endpoint." }, "AWS::MediaPackage::OriginEndpoint HlsPackage": { @@ -27698,7 +28111,7 @@ "IncludeIframeOnlyStream": "Only applies to stream sets with a single video track. When true, the stream set includes an additional I-frame only stream, along with the other tracks. If false, this extra stream is not included.", "PlaylistType": "When specified as either `event` or `vod` , a corresponding `EXT-X-PLAYLIST-TYPE` entry is included in the media playlist. Indicates if the playlist is live-to-VOD content.", "PlaylistWindowSeconds": "Time window (in seconds) contained in each parent manifest.", - "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "SegmentDurationSeconds": "Duration (in seconds) of each fragment. Actual fragments are rounded to the nearest multiple of the source fragment duration.", "StreamSelection": "Limitations for outputs from the endpoint, based on the video bitrate.", "UseAudioRenditionGroup": "When true, AWS Elemental MediaPackage bundles all audio tracks in a rendition group. All other tracks in the stream can be used with any audio rendition from the group." @@ -27780,7 +28193,7 @@ "AdMarkers": "This setting controls ad markers in the packaged content.\n\nValid values:\n\n- `NONE` - Omits all SCTE-35 ad markers from the output.\n- `PASSTHROUGH` - Creates a copy in the output of the SCTE-35 ad markers (comments) taken directly from the input manifest.\n- `SCTE35_ENHANCED` - Generates ad markers and blackout tags in the output based on the SCTE-35 messages from the input manifest.", "IncludeIframeOnlyStream": "Applies to stream sets with a single video track only. When enabled, the output includes an additional I-frame only stream, along with the other tracks.", "ManifestName": "A short string that's appended to the end of the endpoint URL to create a unique path to this packaging configuration.", - "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "RepeatExtXKey": "Repeat the `EXT-X-KEY` directive for every media segment. This might result in an increase in client requests to the DRM server.", "StreamSelection": "Video bitrate limitations for outputs from this packaging configuration." }, @@ -27903,7 +28316,7 @@ }, "AWS::MediaPackageV2::OriginEndpoint EncryptionContractConfiguration": { "PresetSpeke20Audio": "A collection of audio encryption presets.\n\nValue description:\n\n- `PRESET-AUDIO-1` - Use one content key to encrypt all of the audio tracks in your stream.\n- `PRESET-AUDIO-2` - Use one content key to encrypt all of the stereo audio tracks and one content key to encrypt all of the multichannel audio tracks.\n- `PRESET-AUDIO-3` - Use one content key to encrypt all of the stereo audio tracks, one content key to encrypt all of the multichannel audio tracks with 3 to 6 channels, and one content key to encrypt all of the multichannel audio tracks with more than 6 channels.\n- `SHARED` - Use the same content key for all of the audio and video tracks in your stream.\n- `UNENCRYPTED` - Don't encrypt any of the audio tracks in your stream.", - "PresetSpeke20Video": "The SPEKE Version 2.0 preset video associated with the encryption contract configuration of the origin endpoint." + "PresetSpeke20Video": "The SPEKE Version 2.0 preset video associated with the encryption contract configuration of the origin endpoint.\n\nA collection of video encryption presets.\n\nValue description:\n\n- `PRESET-VIDEO-1` - Use one content key to encrypt all of the video tracks in your stream.\n- `PRESET-VIDEO-2` - Use one content key to encrypt all of the SD video tracks and one content key for all HD and higher resolutions video tracks.\n- `PRESET-VIDEO-3` - Use one content key to encrypt all of the SD video tracks, one content key for HD video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-4` - Use one content key to encrypt all of the SD video tracks, one content key for HD video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `PRESET-VIDEO-5` - Use one content key to encrypt all of the SD video tracks, one content key for HD1 video tracks, one content key for HD2 video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `PRESET-VIDEO-6` - Use one content key to encrypt all of the SD video tracks, one content key for HD1 video tracks, one content key for HD2 video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-7` - Use one content key to encrypt all of the SD+HD1 video tracks, one content key for HD2 video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-8` - Use one content key to encrypt all of the SD+HD1 video tracks, one content key for HD2 video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `SHARED` - Use the same content key for all of the video and audio tracks in your stream.\n- `UNENCRYPTED` - Don't encrypt any of the video tracks in your stream." }, "AWS::MediaPackageV2::OriginEndpoint EncryptionMethod": { "CmafEncryptionMethod": "The encryption method to use.", @@ -27934,7 +28347,7 @@ "FilterConfiguration": "", "ManifestName": "A short short string that's appended to the endpoint URL. The manifest name creates a unique path to this endpoint. If you don't enter a value, MediaPackage uses the default manifest name, `index` . MediaPackage automatically inserts the format extension, such as `.m3u8` . You can't use the same manifest name if you use HLS manifest and low-latency HLS manifest. The `manifestName` on the `HLSManifest` object overrides the `manifestName` you provided on the `originEndpoint` object.", "ManifestWindowSeconds": "The total duration (in seconds) of the manifest's content.", - "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. If you don't enter an interval, `EXT-X-PROGRAM-DATE-TIME` tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. `ID3Timed` metadata messages generate every 5 seconds whenever MediaPackage ingests the content.\n\nIrrespective of this parameter, if any `ID3Timed` metadata is in the HLS input, MediaPackage passes through that metadata to the HLS output.", + "ProgramDateTimeIntervalSeconds": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. If you don't enter an interval, `EXT-X-PROGRAM-DATE-TIME` tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.\n\nIrrespective of this parameter, if any `ID3Timed` metadata is in the HLS input, MediaPackage passes through that metadata to the HLS output.", "ScteHls": "The SCTE-35 HLS configuration associated with the low-latency HLS (LL-HLS) manifest configuration of the origin endpoint.", "StartTag": "", "Url": "The URL of the low-latency HLS (LL-HLS) manifest configuration of the origin endpoint." @@ -29134,10 +29547,19 @@ }, "AWS::OpenSearchServerless::SecurityConfig": { "Description": "The description of the security configuration.", + "IamIdentityCenterOptions": "", "Name": "The name of the security configuration.", "SamlOptions": "SAML options for the security configuration in the form of a key-value map.", "Type": "The type of security configuration. Currently the only option is `saml` ." }, + "AWS::OpenSearchServerless::SecurityConfig IamIdentityCenterConfigOptions": { + "ApplicationArn": "", + "ApplicationDescription": "", + "ApplicationName": "", + "GroupAttribute": "", + "InstanceArn": "", + "UserAttribute": "" + }, "AWS::OpenSearchServerless::SecurityConfig SamlConfigOptions": { "GroupAttribute": "The group attribute for this SAML integration.", "Metadata": "The XML IdP metadata file generated from your identity provider.", @@ -40802,8 +41224,8 @@ "Tags": "The tag key and value pairs that are attached to the resource group." }, "AWS::ResourceGroups::Group ConfigurationItem": { - "Parameters": "A collection of parameters for this configuration item. For the list of parameters that you can use with each configuration item `Type` , see [Supported resource types and parameters](https://docs.aws.amazon.com/ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", - "Type": "Specifies the type of configuration item. Each item must have a unique value for type. For the list of the types that you can specify for a configuration item, see [Supported resource types and parameters](https://docs.aws.amazon.com/ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* ." + "Parameters": "A collection of parameters for this configuration item. For the list of parameters that you can use with each configuration item `Type` , see [Supported resource types and parameters](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", + "Type": "Specifies the type of configuration item. Each item must have a unique value for type. For the list of the types that you can specify for a configuration item, see [Supported resource types and parameters](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* ." }, "AWS::ResourceGroups::Group ConfigurationParameter": { "Name": "The name of the group configuration parameter. For the list of parameters that you can use with each configuration item type, see [Supported resource types and parameters](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", @@ -40819,13 +41241,19 @@ "Type": "Specifies the type of resource query that determines this group's membership. There are two valid query types:\n\n- `TAG_FILTERS_1_0` indicates that the group is a tag-based group. To complete the group membership, you must include the `TagFilters` property to specify the tag filters to use in the query.\n- `CLOUDFORMATION_STACK_1_0` , the default, indicates that the group is a CloudFormation stack-based group. Group membership is based on the CloudFormation stack. You must specify the `StackIdentifier` property in the query to define which stack to associate the group with, or leave it empty to default to the stack where the group is defined." }, "AWS::ResourceGroups::Group Tag": { - "Key": "", - "Value": "" + "Key": "The tag key.", + "Value": "The tag value." }, "AWS::ResourceGroups::Group TagFilter": { "Key": "A string that defines a tag key. Only resources in the account that are tagged with a specified tag key are members of the tag-based resource group.\n\nThis field is required when the `ResourceQuery` structure's `Type` property is `TAG_FILTERS_1_0` . You must specify at least one tag key.", "Values": "A list of tag values that can be included in the tag-based resource group. This is optional. If you don't specify a value or values for a key, then an AWS resource with any value for that key is a member." }, + "AWS::ResourceGroups::TagSyncTask": { + "Group": "The Amazon resource name (ARN) or name of the application group for which you want to create a tag-sync task.", + "RoleArn": "The Amazon resource name (ARN) of the role assumed by the service to tag and untag resources on your behalf.", + "TagKey": "The tag key.", + "TagValue": "The tag value." + }, "AWS::RoboMaker::Fleet": { "Name": "The name of the fleet.", "Tags": "The list of all tags added to the fleet." @@ -41262,7 +41690,7 @@ "Tags": "A list of the tag keys and values that you want to associate with the rule group." }, "AWS::Route53Resolver::FirewallRuleGroup FirewallRule": { - "Action": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:\n\n- `ALLOW` - Permit the request to go through.\n- `ALERT` - Permit the request to go through but send an alert to the logs.\n- `BLOCK` - Disallow the request. If this is specified,then `BlockResponse` must also be specified.\n\nif `BlockResponse` is `OVERRIDE` , then all of the following `OVERRIDE` attributes must be specified:\n\n- `BlockOverrideDnsType`\n- `BlockOverrideDomain`\n- `BlockOverrideTtl`", + "Action": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advvanced rule:\n\n- `ALLOW` - Permit the request to go through. Not available for DNS Firewall Advanced rules.\n- `ALERT` - Permit the request to go through but send an alert to the logs.\n- `BLOCK` - Disallow the request. If this is specified,then `BlockResponse` must also be specified.\n\nif `BlockResponse` is `OVERRIDE` , then all of the following `OVERRIDE` attributes must be specified:\n\n- `BlockOverrideDnsType`\n- `BlockOverrideDomain`\n- `BlockOverrideTtl`", "BlockOverrideDnsType": "The DNS record's type. This determines the format of the record value that you provided in `BlockOverrideDomain` . Used for the rule action `BLOCK` with a `BlockResponse` setting of `OVERRIDE` .", "BlockOverrideDomain": "The custom DNS record to send back in response to the query. Used for the rule action `BLOCK` with a `BlockResponse` setting of `OVERRIDE` .", "BlockOverrideTtl": "The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action `BLOCK` with a `BlockResponse` setting of `OVERRIDE` .", @@ -41428,7 +41856,7 @@ "LoggingConfiguration": "Settings that define where logs are stored.", "MetricsConfigurations": "Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) .", "NotificationConfiguration": "Configuration that defines how Amazon S3 handles bucket notifications.", - "ObjectLockConfiguration": "> This operation is not supported by directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", + "ObjectLockConfiguration": "> This operation is not supported for directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", "ObjectLockEnabled": "Indicates whether this bucket has an Object Lock configuration enabled. Enable `ObjectLockEnabled` when you apply `ObjectLockConfiguration` to a bucket.", "OwnershipControls": "Configuration that defines how Amazon S3 handles Object Ownership rules.", "PublicAccessBlockConfiguration": "Configuration that defines how Amazon S3 handles public access.", @@ -41881,7 +42309,7 @@ "BucketEncryption": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see [Setting and monitoring default encryption for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html) in the *Amazon S3 User Guide* .", "BucketName": "A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format `*bucket_base_name* -- *az_id* --x-s3` (for example, `*bucket_base_name* -- *usw2-az1* --x-s3` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* .\n\n> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", "DataRedundancy": "The number of Availability Zone that's used for redundancy for the bucket.", - "LifecycleConfiguration": "Container for lifecycle rules. You can add as many as 1000 rules.\n\nFor more information see, [Managing your storage lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) in the *Amazon S3 User Guide* .", + "LifecycleConfiguration": "Container for lifecycle rules. You can add as many as 1000 rules.\n\nFor more information see, [Creating and managing a lifecycle configuration for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html ) in the *Amazon S3 User Guide* .", "LocationName": "The name of the location where the bucket will be created.\n\nFor directory buckets, the name of the location is the AZ ID of the Availability Zone where the bucket will be created. An example AZ ID value is `usw2-az1` ." }, "AWS::S3Express::DirectoryBucket AbortIncompleteMultipartUpload": { @@ -41891,14 +42319,14 @@ "ServerSideEncryptionConfiguration": "Specifies the default server-side-encryption configuration." }, "AWS::S3Express::DirectoryBucket LifecycleConfiguration": { - "Rules": "Specifies lifecycle configuration rules for an Amazon S3 bucket." + "Rules": "A lifecycle rule for individual objects in an Amazon S3 Express bucket." }, "AWS::S3Express::DirectoryBucket Rule": { - "AbortIncompleteMultipartUpload": "", - "ExpirationInDays": "", + "AbortIncompleteMultipartUpload": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.", + "ExpirationInDays": "Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.", "Id": "Unique identifier for the rule. The value can't be longer than 255 characters.", - "ObjectSizeGreaterThan": "", - "ObjectSizeLessThan": "", + "ObjectSizeGreaterThan": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", + "ObjectSizeLessThan": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", "Prefix": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", "Status": "If `Enabled` , the rule is currently being applied. If `Disabled` , the rule is not currently being applied." }, @@ -43100,7 +43528,7 @@ "InstanceType": "The instance type of the instance group of a SageMaker HyperPod cluster.", "LifeCycleConfig": "The lifecycle configuration for a SageMaker HyperPod cluster.", "OnStartDeepHealthChecks": "A flag indicating whether deep health checks should be performed when the HyperPod cluster instance group is created or updated. Deep health checks are comprehensive, invasive tests that validate the health of the underlying hardware and infrastructure components.", - "OverrideVpcConfig": "", + "OverrideVpcConfig": "When specified, overrides the subnet and security group configuration for a specific instance group.", "ThreadsPerCore": "The number of threads per CPU core you specified under `CreateCluster` ." }, "AWS::SageMaker::Cluster ClusterInstanceStorageConfig": { @@ -43666,7 +44094,8 @@ "DesiredCopyCount": "" }, "AWS::SageMaker::InferenceComponent InferenceComponentSpecification": { - "ComputeResourceRequirements": "The compute resources allocated to run the model assigned to the inference component.", + "BaseInferenceComponentName": "The name of an existing inference component that is to contain the inference component that you're creating with your request.\n\nSpecify this parameter only if your request is meant to create an adapter inference component. An adapter inference component contains the path to an adapter model. The purpose of the adapter model is to tailor the inference output of a base foundation model, which is hosted by the base inference component. The adapter inference component uses the compute resources that you assigned to the base inference component.\n\nWhen you create an adapter inference component, use the `Container` parameter to specify the location of the adapter artifacts. In the parameter value, use the `ArtifactUrl` parameter of the `InferenceComponentContainerSpecification` data type.\n\nBefore you can create an adapter inference component, you must have an existing inference component that contains the foundation model that you want to adapt.", + "ComputeResourceRequirements": "The compute resources allocated to run the model, plus any adapter models, that you assign to the inference component.\n\nOmit this parameter if your request is meant to create an adapter inference component. An adapter inference component is loaded by a base inference component, and it uses the compute resources of the base inference component.", "Container": "Defines a container that provides the runtime environment for a model that you deploy with an inference component.", "ModelName": "The name of an existing SageMaker model object in your account that you want to deploy with the inference component.", "StartupParameters": "Settings that take effect while the model container starts up." @@ -45012,7 +45441,7 @@ "SecretId": "The ARN or name of the secret to attach the resource-based policy.\n\nFor an ARN, we recommend that you specify a complete ARN rather than a partial ARN." }, "AWS::SecretsManager::RotationSchedule": { - "HostedRotationLambda": "Creates a new Lambda rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) . To use a rotation function that already exists, specify `RotationLambdaARN` instead.\n\nFor Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .\n\nFor Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .", + "HostedRotationLambda": "Creates a new Lambda rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) . To use a rotation function that already exists, specify `RotationLambdaARN` instead.\n\nYou must specify `Transform: AWS::SecretsManager-2024-09-16` at the beginning of the CloudFormation template. Transforms are macros hosted by AWS CloudFormation that help you create and manage complex infrastructure. The `Transform: AWS::SecretsManager-2024-09-16` transform automatically extends the CloudFormation stack to include a nested stack (of type `AWS::CloudFormation::Stack` ), which then creates and updates on your behalf during subsequent stack operations, the appropriate rotation Lambda function for your database or service. For general information on transforms, see the [AWS CloudFormation documentation.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-reference.html)\n\nFor Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .\n\nFor Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .", "RotateImmediatelyOnUpdate": "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in `RotationRules` .\n\nIf you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the [`testSecret` step](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) of the Lambda rotation function. The test creates an `AWSPENDING` version of the secret and then removes it.\n\nIf you don't specify this value, then by default, Secrets Manager rotates the secret immediately.\n\nRotation is an asynchronous process. For more information, see [How rotation works](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) .", "RotationLambdaARN": "The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function.\n\nFor Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .\n\nFor Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .\n\nTo create a new rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) , specify `HostedRotationLambda` instead.", "RotationRules": "A structure that defines the rotation configuration for this secret.", @@ -45025,7 +45454,7 @@ "MasterSecretKmsKeyArn": "The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the [alternating users strategy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users) and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key `aws/secretsmanager` . CloudFormation grants the execution role for the Lambda rotation function `Decrypt` , `DescribeKey` , and `GenerateDataKey` permission to the key in this property. For more information, see [Lambda rotation function execution role permissions for Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html) .\n\nYou can specify `MasterSecretKmsKeyArn` or `SuperuserSecretKmsKeyArn` but not both. They represent the same superuser secret KMS key .", "RotationLambdaName": "The name of the Lambda rotation function.", "RotationType": "The rotation template to base the rotation function on, one of the following:\n\n- `Db2SingleUser` to use the template [SecretsManagerRDSDb2RotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-db2-singleuser) .\n- `Db2MultiUser` to use the template [SecretsManagerRDSDb2RotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-db2-multiuser) .\n- `MySQLSingleUser` to use the template [SecretsManagerRDSMySQLRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mysql-singleuser) .\n- `MySQLMultiUser` to use the template [SecretsManagerRDSMySQLRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mysql-multiuser) .\n- `PostgreSQLSingleUser` to use the template [SecretsManagerRDSPostgreSQLRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-postgre-singleuser)\n- `PostgreSQLMultiUser` to use the template [SecretsManagerRDSPostgreSQLRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-postgre-multiuser) .\n- `OracleSingleUser` to use the template [SecretsManagerRDSOracleRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-oracle-singleuser) .\n- `OracleMultiUser` to use the template [SecretsManagerRDSOracleRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-oracle-multiuser) .\n- `MariaDBSingleUser` to use the template [SecretsManagerRDSMariaDBRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mariadb-singleuser) .\n- `MariaDBMultiUser` to use the template [SecretsManagerRDSMariaDBRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mariadb-multiuser) .\n- `SQLServerSingleUser` to use the template [SecretsManagerRDSSQLServerRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-sqlserver-singleuser) .\n- `SQLServerMultiUser` to use the template [SecretsManagerRDSSQLServerRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-sqlserver-multiuser) .\n- `RedshiftSingleUser` to use the template [SecretsManagerRedshiftRotationSingleUsr](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-redshift-singleuser) .\n- `RedshiftMultiUser` to use the template [SecretsManagerRedshiftRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-redshift-multiuser) .\n- `MongoDBSingleUser` to use the template [SecretsManagerMongoDBRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mongodb-singleuser) .\n- `MongoDBMultiUser` to use the template [SecretsManagerMongoDBRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mongodb-multiuser) .", - "Runtime": "By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7*\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", + "Runtime": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.9. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", "SuperuserSecretArn": "The ARN of the secret that contains superuser credentials, if you use the [Alternating users rotation strategy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users) . CloudFormation grants the execution role for the Lambda rotation function `GetSecretValue` permission to the secret in this property. For more information, see [Lambda rotation function execution role permissions for Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html) .\n\nYou must create the superuser secret before you can set this property.\n\nYou must also include the superuser secret ARN as a key in the JSON of the rotating secret so that the Lambda rotation function can find it. CloudFormation does not hardcode secret ARNs in the Lambda rotation function, so you can use the function to rotate multiple secrets. For more information, see [JSON structure of Secrets Manager secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) .\n\nYou can specify `MasterSecretArn` or `SuperuserSecretArn` but not both. They represent the same superuser secret.", "SuperuserSecretKmsKeyArn": "The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the [alternating users strategy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users) and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key `aws/secretsmanager` . CloudFormation grants the execution role for the Lambda rotation function `Decrypt` , `DescribeKey` , and `GenerateDataKey` permission to the key in this property. For more information, see [Lambda rotation function execution role permissions for Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html) .\n\nYou can specify `MasterSecretKmsKeyArn` or `SuperuserSecretKmsKeyArn` but not both. They represent the same superuser secret KMS key .", "VpcSecurityGroupIds": "A comma-separated list of security group IDs applied to the target database.\n\nThe template applies the same security groups as on the Lambda rotation function that is created as part of this stack.", @@ -45102,15 +45531,15 @@ "ComplianceSecurityControlId": "The security control ID for which a finding was generated. Security control IDs are the same across standards.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "ComplianceStatus": "The result of a security check. This field is only used for findings generated from controls.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "Confidence": "The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. `Confidence` is scored on a 0\u2013100 basis using a ratio scale. A value of `0` means 0 percent confidence, and a value of `100` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", - "CreatedAt": "A timestamp that indicates when this finding record was created.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "CreatedAt": "A timestamp that indicates when this finding record was created.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "Criticality": "The level of importance that is assigned to the resources that are associated with a finding. `Criticality` is scored on a 0\u2013100 basis, using a ratio scale that supports only full integers. A score of `0` means that the underlying resources have no criticality, and a score of `100` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "Description": "A finding's description.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", - "FirstObservedAt": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "FirstObservedAt": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "GeneratorId": "The identifier for the solution-specific component that generated a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 100 items.", "Id": "The product-specific identifier for a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", - "LastObservedAt": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "LastObservedAt": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "NoteText": "The text of a user-defined note that's added to a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", - "NoteUpdatedAt": "The timestamp of when the note was updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "NoteUpdatedAt": "The timestamp of when the note was updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "NoteUpdatedBy": "The principal that created a note.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "ProductArn": "The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "ProductName": "Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", @@ -45127,15 +45556,15 @@ "SourceUrl": "Provides a URL that links to a page about the current finding in the finding product.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "Title": "A finding's title.\n\nArray Members: Minimum number of 1 item. Maximum number of 100 items.", "Type": "One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", - "UpdatedAt": "A timestamp that indicates when the finding record was most recently updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "UpdatedAt": "A timestamp that indicates when the finding record was most recently updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "UserDefinedFields": "A list of user-defined name and value string pairs added to a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "VerificationState": "Provides the veracity of a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "WorkflowStatus": "Provides information about the status of the investigation into a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." }, "AWS::SecurityHub::AutomationRule DateFilter": { "DateRange": "A date range for the date filter.", - "End": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", - "Start": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )" + "End": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", + "Start": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` ." }, "AWS::SecurityHub::AutomationRule DateRange": { "Unit": "A date range unit for the date filter.", @@ -45236,7 +45665,7 @@ "ComplianceSecurityControlParametersValue": "The current value of a security control parameter.", "ComplianceStatus": "Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.", "Confidence": "A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.\n\nConfidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.", - "CreatedAt": "A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "CreatedAt": "A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "Criticality": "The level of importance assigned to the resources associated with the finding.\n\nA score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.", "Description": "A finding's description.", "FindingProviderFieldsConfidence": "The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.\n\nConfidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.", @@ -45246,11 +45675,11 @@ "FindingProviderFieldsSeverityLabel": "The finding provider value for the severity label.", "FindingProviderFieldsSeverityOriginal": "The finding provider's original value for the severity.", "FindingProviderFieldsTypes": "One or more finding types that the finding provider assigned to the finding. Uses the format of `namespace/category/classifier` that classify a finding.\n\nValid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications", - "FirstObservedAt": "A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "FirstObservedAt": "A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "GeneratorId": "The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.", "Id": "The security findings provider-specific identifier for a finding.", "Keyword": "This field is deprecated. A keyword for a finding.", - "LastObservedAt": "A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "LastObservedAt": "A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "MalwareName": "The name of the malware that was observed.", "MalwarePath": "The filesystem path of the malware that was observed.", "MalwareState": "The state of the malware that was observed.", @@ -45269,12 +45698,12 @@ "NoteText": "The text of a note.", "NoteUpdatedAt": "The timestamp of when the note was updated.", "NoteUpdatedBy": "The principal that created a note.", - "ProcessLaunchedAt": "A timestamp that identifies when the process was launched.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "ProcessLaunchedAt": "A timestamp that identifies when the process was launched.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "ProcessName": "The name of the process.", "ProcessParentPid": "The parent process ID. This field accepts positive integers between `O` and `2147483647` .", "ProcessPath": "The path to the process executable.", "ProcessPid": "The process ID.", - "ProcessTerminatedAt": "A timestamp that identifies when the process was terminated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "ProcessTerminatedAt": "A timestamp that identifies when the process was terminated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "ProductArn": "The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.", "ProductFields": "A data type where security findings providers can include additional solution-specific details that aren't part of the defined `AwsSecurityFinding` format.", "ProductName": "The name of the solution (product) that generates findings.", @@ -45303,7 +45732,7 @@ "ResourceAwsS3BucketOwnerName": "The display name of the owner of the S3 bucket.", "ResourceContainerImageId": "The identifier of the image related to a finding.", "ResourceContainerImageName": "The name of the image related to a finding.", - "ResourceContainerLaunchedAt": "A timestamp that identifies when the container was started.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "ResourceContainerLaunchedAt": "A timestamp that identifies when the container was started.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "ResourceContainerName": "The name of the container related to a finding.", "ResourceDetailsOther": "The details of a resource that doesn't have a specific subfield for the resource type defined.", "ResourceId": "The canonical identifier for the given resource type.", @@ -45324,7 +45753,7 @@ "ThreatIntelIndicatorValue": "The value of a threat intelligence indicator.", "Title": "A finding's title.", "Type": "A finding type in the format of `namespace/category/classifier` that classifies a finding.", - "UpdatedAt": "A timestamp that indicates when the security findings provider last updated the finding record.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "UpdatedAt": "A timestamp that indicates when the security findings provider last updated the finding record.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "UserDefinedFields": "A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.", "VerificationState": "The veracity of a finding.", "VulnerabilitiesExploitAvailable": "Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this field only if you use Security Hub and Amazon Inspector.", @@ -45337,8 +45766,8 @@ }, "AWS::SecurityHub::Insight DateFilter": { "DateRange": "A date range for the date filter.", - "End": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", - "Start": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )" + "End": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", + "Start": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` ." }, "AWS::SecurityHub::Insight DateRange": { "Unit": "A date range unit for the date filter.", @@ -45933,7 +46362,7 @@ "ExecutionRoleArn": "The ARN of the IAM role to be used to run the canary. This role must already exist, and must include `lambda.amazonaws.com` as a principal in the trust policy. The role must also have the following permissions:\n\n- `s3:PutObject`\n- `s3:GetBucketLocation`\n- `s3:ListAllMyBuckets`\n- `cloudwatch:PutMetricData`\n- `logs:CreateLogGroup`\n- `logs:CreateLogStream`\n- `logs:PutLogEvents`", "FailureRetentionPeriod": "The number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.", "Name": "The name for this canary. Be sure to give it a descriptive name that distinguishes it from other canaries in your account.\n\nDo not include secrets or proprietary information in your canary names. The canary name makes up part of the canary ARN, and the ARN is included in outbound calls over the internet. For more information, see [Security Considerations for Synthetics Canaries](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/servicelens_canaries_security.html) .", - "ProvisionedResourceCleanup": "", + "ProvisionedResourceCleanup": "Specifies whether to also delete the Lambda functions and layers used by this canary when the canary is deleted. If it is `AUTOMATIC` , the Lambda functions and layers will be deleted when the canary is deleted.\n\nIf the value of this parameter is `OFF` , then the value of the `DeleteLambda` parameter of the [DeleteCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DeleteCanary.html) operation determines whether the Lambda functions and layers will be deleted.", "ResourcesToReplicateTags": "To have the tags that you apply to this canary also be applied to the Lambda function that the canary uses, specify this property with the value `lambda-function` . If you do this, CloudWatch Synthetics will keep the tags of the canary and the Lambda function synchronized. Any future changes you make to the canary's tags will also be applied to the function.", "RunConfig": "A structure that contains input information for a canary run. If you omit this structure, the frequency of the canary is used as canary's timeout value, up to a maximum of 900 seconds.", "RuntimeVersion": "Specifies the runtime version to use for the canary. For more information about runtime versions, see [Canary Runtime Versions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library.html) .", @@ -47632,25 +48061,210 @@ "RenderingConfiguration": "Information about how to render the content.", "ServerSideEncryptionConfiguration": "This customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom. For more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) in the *AWS Key Management Service Developer Guide* .", "SourceConfiguration": "The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases.", - "Tags": "The tags used to organize, track, or control access for this resource." + "Tags": "The tags used to organize, track, or control access for this resource.", + "VectorIngestionConfiguration": "Contains details about how to ingest the documents in a data source." }, "AWS::Wisdom::KnowledgeBase AppIntegrationsConfiguration": { "AppIntegrationArn": "The Amazon Resource Name (ARN) of the AppIntegrations DataIntegration to use for ingesting content.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` as source fields.\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` as source fields.\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , your AppIntegrations DataIntegration must have an ObjectConfiguration if `objectFields` is not provided, including at least `id` , `title` , `updated_at` , and `draft` as source fields.\n- For [SharePoint](https://docs.aws.amazon.com/https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index) , your AppIntegrations DataIntegration must have a FileConfiguration, including only file extensions that are among `docx` , `pdf` , `html` , `htm` , and `txt` .\n- For [Amazon S3](https://docs.aws.amazon.com/s3/) , the ObjectConfiguration and FileConfiguration of your AppIntegrations DataIntegration must be null. The `SourceURI` of your DataIntegration must use the following format: `s3://your_s3_bucket_name` .\n\n> The bucket policy of the corresponding S3 bucket must allow the AWS principal `app-integrations.amazonaws.com` to perform `s3:ListBucket` , `s3:GetObject` , and `s3:GetBucketLocation` against the bucket.", "ObjectFields": "The fields from the source that are made available to your agents in Amazon Q in Connect. Optional if ObjectConfiguration is included in the provided DataIntegration.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , you must include at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` .\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , you must include at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` .\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , you must include at least `id` , `title` , `updated_at` , and `draft` .\n\nMake sure to include additional fields. These fields are indexed and used to source recommendations." }, + "AWS::Wisdom::KnowledgeBase BedrockFoundationModelConfiguration": { + "ModelArn": "", + "ParsingPrompt": "" + }, + "AWS::Wisdom::KnowledgeBase ChunkingConfiguration": { + "ChunkingStrategy": "Knowledge base can split your source data into chunks. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. You have the following options for chunking your data. If you opt for `NONE` , then you may want to pre-process your files by splitting them up such that each file corresponds to a chunk.", + "FixedSizeChunkingConfiguration": "Configurations for when you choose fixed-size chunking. If you set the `chunkingStrategy` as `NONE` , exclude this field.", + "HierarchicalChunkingConfiguration": "Settings for hierarchical document chunking for a data source. Hierarchical chunking splits documents into layers of chunks where the first layer contains large chunks, and the second layer contains smaller chunks derived from the first layer.", + "SemanticChunkingConfiguration": "Settings for semantic document chunking for a data source. Semantic chunking splits a document into smaller documents based on groups of similar content derived from the text with natural language processing." + }, + "AWS::Wisdom::KnowledgeBase CrawlerLimits": { + "RateLimit": "" + }, + "AWS::Wisdom::KnowledgeBase FixedSizeChunkingConfiguration": { + "MaxTokens": "The maximum number of tokens to include in a chunk.", + "OverlapPercentage": "The percentage of overlap between adjacent chunks of a data source." + }, + "AWS::Wisdom::KnowledgeBase HierarchicalChunkingConfiguration": { + "LevelConfigurations": "Token settings for each layer.", + "OverlapTokens": "The number of tokens to repeat across chunks in the same layer." + }, + "AWS::Wisdom::KnowledgeBase HierarchicalChunkingLevelConfiguration": { + "MaxTokens": "The maximum number of tokens that a chunk can contain in this layer." + }, + "AWS::Wisdom::KnowledgeBase ManagedSourceConfiguration": { + "WebCrawlerConfiguration": "Configuration data for web crawler data source." + }, + "AWS::Wisdom::KnowledgeBase ParsingConfiguration": { + "BedrockFoundationModelConfiguration": "Settings for a foundation model used to parse documents for a data source.", + "ParsingStrategy": "The parsing strategy for the data source." + }, + "AWS::Wisdom::KnowledgeBase ParsingPrompt": { + "ParsingPromptText": "Instructions for interpreting the contents of a document." + }, "AWS::Wisdom::KnowledgeBase RenderingConfiguration": { "TemplateUri": "A URI template containing exactly one variable in `${variableName}` format. This can only be set for `EXTERNAL` knowledge bases. For Salesforce, ServiceNow, and Zendesk, the variable must be one of the following:\n\n- Salesforce: `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , or `IsDeleted`\n- ServiceNow: `number` , `short_description` , `sys_mod_count` , `workflow_state` , or `active`\n- Zendesk: `id` , `title` , `updated_at` , or `draft`\n\nThe variable is replaced with the actual value for a piece of content when calling [GetContent](https://docs.aws.amazon.com/amazon-q-connect/latest/APIReference/API_GetContent.html) ." }, + "AWS::Wisdom::KnowledgeBase SeedUrl": { + "Url": "URL for crawling" + }, + "AWS::Wisdom::KnowledgeBase SemanticChunkingConfiguration": { + "BreakpointPercentileThreshold": "The dissimilarity threshold for splitting chunks.", + "BufferSize": "The buffer size.", + "MaxTokens": "The maximum number of tokens that a chunk can contain." + }, "AWS::Wisdom::KnowledgeBase ServerSideEncryptionConfiguration": { "KmsKeyId": "The customer managed key used for encryption.\n\nThis customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom.\n\nFor more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) ." }, "AWS::Wisdom::KnowledgeBase SourceConfiguration": { - "AppIntegrations": "Configuration information for Amazon AppIntegrations to automatically ingest content." + "AppIntegrations": "Configuration information for Amazon AppIntegrations to automatically ingest content.", + "ManagedSourceConfiguration": "Source configuration for managed resources." }, "AWS::Wisdom::KnowledgeBase Tag": { "Key": "The key-value string map. The valid character set is `[a-zA-Z+-=._:/]` . The tag key can be up to 128 characters and must not start with `aws:` .", "Value": "The tag value can be up to 256 characters." }, + "AWS::Wisdom::KnowledgeBase UrlConfiguration": { + "SeedUrls": "List of URLs for crawling." + }, + "AWS::Wisdom::KnowledgeBase VectorIngestionConfiguration": { + "ChunkingConfiguration": "Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried.", + "ParsingConfiguration": "A custom parser for data source documents." + }, + "AWS::Wisdom::KnowledgeBase WebCrawlerConfiguration": { + "CrawlerLimits": "The configuration of crawl limits for the web URLs.", + "ExclusionFilters": "A list of one or more exclusion regular expression patterns to exclude certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn\u2019t crawled.", + "InclusionFilters": "A list of one or more inclusion regular expression patterns to include certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn\u2019t crawled.", + "Scope": "The scope of what is crawled for your URLs. You can choose to crawl only web pages that belong to the same host or primary domain. For example, only web pages that contain the seed URL `https://docs.aws.amazon.com/bedrock/latest/userguide/` and no other domains. You can choose to include sub domains in addition to the host or primary domain. For example, web pages that contain `aws.amazon.com` can also include sub domain `docs.aws.amazon.com` .", + "UrlConfiguration": "The configuration of the URL/URLs for the web content that you want to crawl. You should be authorized to crawl the URLs." + }, + "AWS::Wisdom::MessageTemplate": { + "ChannelSubtype": "The channel subtype this message template applies to.", + "Content": "The content of the message template.", + "DefaultAttributes": "An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.", + "Description": "The description of the message template.", + "GroupingConfiguration": "The configuration information of the external data source.", + "KnowledgeBaseArn": "The Amazon Resource Name (ARN) of the knowledge base.", + "Language": "The language code value for the language in which the quick response is written. The supported language codes include `de_DE` , `en_US` , `es_ES` , `fr_FR` , `id_ID` , `it_IT` , `ja_JP` , `ko_KR` , `pt_BR` , `zh_CN` , `zh_TW`", + "Name": "The name of the message template.", + "Tags": "The tags used to organize, track, or control access for this resource." + }, + "AWS::Wisdom::MessageTemplate AgentAttributes": { + "FirstName": "The agent\u2019s first name as entered in their Amazon Connect user account.", + "LastName": "The agent\u2019s last name as entered in their Amazon Connect user account." + }, + "AWS::Wisdom::MessageTemplate Content": { + "EmailMessageTemplateContent": "The content of the message template that applies to the email channel subtype.", + "SmsMessageTemplateContent": "The content of message template that applies to SMS channel subtype." + }, + "AWS::Wisdom::MessageTemplate CustomerProfileAttributes": { + "AccountNumber": "A unique account number that you have given to the customer.", + "AdditionalInformation": "Any additional information relevant to the customer's profile.", + "Address1": "The first line of a customer address.", + "Address2": "The second line of a customer address.", + "Address3": "The third line of a customer address.", + "Address4": "The fourth line of a customer address.", + "BillingAddress1": "The first line of a customer\u2019s billing address.", + "BillingAddress2": "The second line of a customer\u2019s billing address.", + "BillingAddress3": "The third line of a customer\u2019s billing address.", + "BillingAddress4": "The fourth line of a customer\u2019s billing address.", + "BillingCity": "The city of a customer\u2019s billing address.", + "BillingCountry": "The country of a customer\u2019s billing address.", + "BillingCounty": "The county of a customer\u2019s billing address.", + "BillingPostalCode": "The postal code of a customer\u2019s billing address.", + "BillingProvince": "The province of a customer\u2019s billing address.", + "BillingState": "The state of a customer\u2019s billing address.", + "BirthDate": "The customer's birth date.", + "BusinessEmailAddress": "The customer's business email address.", + "BusinessName": "The name of the customer's business.", + "BusinessPhoneNumber": "The customer's business phone number.", + "City": "The city in which a customer lives.", + "Country": "The country in which a customer lives.", + "County": "The county in which a customer lives.", + "Custom": "The custom attributes in customer profile attributes.", + "EmailAddress": "The customer's email address, which has not been specified as a personal or business address.", + "FirstName": "The customer's first name.", + "Gender": "The customer's gender.", + "HomePhoneNumber": "The customer's mobile phone number.", + "LastName": "The customer's last name.", + "MailingAddress1": "The first line of a customer\u2019s mailing address.", + "MailingAddress2": "The second line of a customer\u2019s mailing address.", + "MailingAddress3": "The third line of a customer\u2019s mailing address.", + "MailingAddress4": "The fourth line of a customer\u2019s mailing address.", + "MailingCity": "The city of a customer\u2019s mailing address.", + "MailingCountry": "The country of a customer\u2019s mailing address.", + "MailingCounty": "The county of a customer\u2019s mailing address.", + "MailingPostalCode": "The postal code of a customer\u2019s mailing address.", + "MailingProvince": "The province of a customer\u2019s mailing address.", + "MailingState": "The state of a customer\u2019s mailing address.", + "MiddleName": "The customer's middle name.", + "MobilePhoneNumber": "The customer's mobile phone number.", + "PartyType": "The customer's party type.", + "PhoneNumber": "The customer's phone number, which has not been specified as a mobile, home, or business number.", + "PostalCode": "The postal code of a customer address.", + "ProfileARN": "The ARN of a customer profile.", + "ProfileId": "The unique identifier of a customer profile.", + "Province": "The province in which a customer lives.", + "ShippingAddress1": "The first line of a customer\u2019s shipping address.", + "ShippingAddress2": "The second line of a customer\u2019s shipping address.", + "ShippingAddress3": "The third line of a customer\u2019s shipping address.", + "ShippingAddress4": "The fourth line of a customer\u2019s shipping address.", + "ShippingCity": "The city of a customer\u2019s shipping address.", + "ShippingCountry": "The country of a customer\u2019s shipping address.", + "ShippingCounty": "The county of a customer\u2019s shipping address.", + "ShippingPostalCode": "The postal code of a customer\u2019s shipping address.", + "ShippingProvince": "The province of a customer\u2019s shipping address.", + "ShippingState": "The state of a customer\u2019s shipping address.", + "State": "The state in which a customer lives." + }, + "AWS::Wisdom::MessageTemplate EmailMessageTemplateContent": { + "Body": "The body to use in email messages.", + "Headers": "The email headers to include in email messages.", + "Subject": "The subject line, or title, to use in email messages." + }, + "AWS::Wisdom::MessageTemplate EmailMessageTemplateContentBody": { + "Html": "The message body, in HTML format, to use in email messages that are based on the message template. We recommend using HTML format for email clients that render HTML content. You can include links, formatted text, and more in an HTML message.", + "PlainText": "The message body, in plain text format, to use in email messages that are based on the message template. We recommend using plain text format for email clients that don't render HTML content and clients that are connected to high-latency networks, such as mobile devices." + }, + "AWS::Wisdom::MessageTemplate EmailMessageTemplateHeader": { + "Name": "The name of the email header.", + "Value": "The value of the email header." + }, + "AWS::Wisdom::MessageTemplate GroupingConfiguration": { + "Criteria": "The criteria used for grouping Amazon Q in Connect users.\n\nThe following is the list of supported criteria values.\n\n- `RoutingProfileArn` : Grouping the users by their [Amazon Connect routing profile ARN](https://docs.aws.amazon.com/connect/latest/APIReference/API_RoutingProfile.html) . User should have [SearchRoutingProfile](https://docs.aws.amazon.com/connect/latest/APIReference/API_SearchRoutingProfiles.html) and [DescribeRoutingProfile](https://docs.aws.amazon.com/connect/latest/APIReference/API_DescribeRoutingProfile.html) permissions when setting criteria to this value.", + "Values": "The list of values that define different groups of Amazon Q in Connect users.\n\n- When setting `criteria` to `RoutingProfileArn` , you need to provide a list of ARNs of [Amazon Connect routing profiles](https://docs.aws.amazon.com/connect/latest/APIReference/API_RoutingProfile.html) as values of this parameter." + }, + "AWS::Wisdom::MessageTemplate MessageTemplateAttributes": { + "AgentAttributes": "The agent attributes that are used with the message template.", + "CustomAttributes": "The custom attributes that are used with the message template.", + "CustomerProfileAttributes": "The customer profile attributes that are used with the message template.", + "SystemAttributes": "The system attributes that are used with the message template." + }, + "AWS::Wisdom::MessageTemplate MessageTemplateBodyContentProvider": { + "Content": "The content of the message template." + }, + "AWS::Wisdom::MessageTemplate SmsMessageTemplateContent": { + "Body": "The body to use in SMS messages." + }, + "AWS::Wisdom::MessageTemplate SmsMessageTemplateContentBody": { + "PlainText": "The message body to use in SMS messages." + }, + "AWS::Wisdom::MessageTemplate SystemAttributes": { + "CustomerEndpoint": "The CustomerEndpoint attribute.", + "Name": "The name of the task.", + "SystemEndpoint": "The SystemEndpoint attribute." + }, + "AWS::Wisdom::MessageTemplate SystemEndpointAttributes": { + "Address": "The customer's phone number if used with `customerEndpoint` , or the number the customer dialed to call your contact center if used with `systemEndpoint` ." + }, + "AWS::Wisdom::MessageTemplate Tag": { + "Key": "", + "Value": "" + }, + "AWS::Wisdom::MessageTemplateVersion": { + "MessageTemplateArn": "The Amazon Resource Name (ARN) of the message template.", + "MessageTemplateContentSha256": "The content SHA256 of the message template." + }, "AWS::WorkSpaces::ConnectionAlias": { "ConnectionString": "The connection string specified for the connection alias. The connection string must be in the form of a fully qualified domain name (FQDN), such as `www.example.com` .", "Tags": "The tags to associate with the connection alias." @@ -47747,6 +48361,42 @@ "Key": "The key of the tag.", "Value": "The value of the tag" }, + "AWS::WorkSpacesWeb::DataProtectionSettings": { + "AdditionalEncryptionContext": "The additional encryption context of the data protection settings.", + "CustomerManagedKey": "The customer managed key used to encrypt sensitive information in the data protection settings.", + "Description": "The description of the data protection settings.", + "DisplayName": "The display name of the data protection settings.", + "InlineRedactionConfiguration": "The inline redaction configuration for the data protection settings.", + "Tags": "The tags of the data protection settings." + }, + "AWS::WorkSpacesWeb::DataProtectionSettings CustomPattern": { + "KeywordRegex": "The keyword regex for the customer pattern. After there is a match to the pattern regex, the keyword regex is used to search within the proximity of the match. If there is a keyword match, then the match is confirmed. If no keyword regex is provided, the pattern regex match will automatically be confirmed. The format must follow JavaScript regex format. The pattern must be enclosed between slashes, and can have flags behind the second slash. For example, \u201c/ab+c/gi\u201d", + "PatternDescription": "The pattern description for the customer pattern.", + "PatternName": "The pattern name for the custom pattern.", + "PatternRegex": "The pattern regex for the customer pattern. The format must follow JavaScript regex format. The pattern must be enclosed between slashes, and can have flags behind the second slash. For example: \u201c/ab+c/gi\u201d." + }, + "AWS::WorkSpacesWeb::DataProtectionSettings InlineRedactionConfiguration": { + "GlobalConfidenceLevel": "The global confidence level for the inline redaction configuration. This indicates the certainty of data type matches in the redaction process. Confidence level 3 means high confidence, and requires a formatted text pattern match in order for content to be redacted. Confidence level 2 means medium confidence, and redaction considers both formatted and unformatted text, and adds keyword associate to the logic. Confidence level 1 means low confidence, and redaction is enforced for both formatted pattern + unformatted pattern without keyword. This is applied to patterns that do not have a pattern-level confidence level. Defaults to confidence level 2.", + "GlobalEnforcedUrls": "The global enforced URL configuration for the inline redaction configuration. This is applied to patterns that do not have a pattern-level enforced URL list.", + "GlobalExemptUrls": "The global exempt URL configuration for the inline redaction configuration. This is applied to patterns that do not have a pattern-level exempt URL list.", + "InlineRedactionPatterns": "The inline redaction patterns to be enabled for the inline redaction configuration." + }, + "AWS::WorkSpacesWeb::DataProtectionSettings InlineRedactionPattern": { + "BuiltInPatternId": "The built-in pattern from the list of preconfigured patterns. Either a customPattern or builtInPatternId is required. To view the entire list of data types and their corresponding built-in pattern IDs, see [Base inline redaction](https://docs.aws.amazon.com/workspaces-web/latest/adminguide/base-inline-redaction.html) .", + "ConfidenceLevel": "The confidence level for inline redaction pattern. This indicates the certainty of data type matches in the redaction process. Confidence level 3 means high confidence, and requires a formatted text pattern match in order for content to be redacted. Confidence level 2 means medium confidence, and redaction considers both formatted and unformatted text, and adds keyword associate to the logic. Confidence level 1 means low confidence, and redaction is enforced for both formatted pattern + unformatted pattern without keyword. This overrides the global confidence level.", + "CustomPattern": "The configuration for a custom pattern. Either a customPattern or builtInPatternId is required.", + "EnforcedUrls": "The enforced URL configuration for the inline redaction pattern. This will override the global enforced URL configuration.", + "ExemptUrls": "The exempt URL configuration for the inline redaction pattern. This will override the global exempt URL configuration for the inline redaction pattern.", + "RedactionPlaceHolder": "The redaction placeholder that will replace the redacted text in session for the inline redaction pattern." + }, + "AWS::WorkSpacesWeb::DataProtectionSettings RedactionPlaceHolder": { + "RedactionPlaceHolderText": "The redaction placeholder text that will replace the redacted text in session for the custom text redaction placeholder type.", + "RedactionPlaceHolderType": "The redaction placeholder type that will replace the redacted text in session." + }, + "AWS::WorkSpacesWeb::DataProtectionSettings Tag": { + "Key": "The key of the tag.", + "Value": "The value of the tag." + }, "AWS::WorkSpacesWeb::IdentityProvider": { "IdentityProviderDetails": "The identity provider details. The following list describes the provider detail keys for each identity provider type.\n\n- For Google and Login with Amazon:\n\n- `client_id`\n- `client_secret`\n- `authorize_scopes`\n- For Facebook:\n\n- `client_id`\n- `client_secret`\n- `authorize_scopes`\n- `api_version`\n- For Sign in with Apple:\n\n- `client_id`\n- `team_id`\n- `key_id`\n- `private_key`\n- `authorize_scopes`\n- For OIDC providers:\n\n- `client_id`\n- `client_secret`\n- `attributes_request_method`\n- `oidc_issuer`\n- `authorize_scopes`\n- `authorize_url` *if not available from discovery URL specified by oidc_issuer key*\n- `token_url` *if not available from discovery URL specified by oidc_issuer key*\n- `attributes_url` *if not available from discovery URL specified by oidc_issuer key*\n- `jwks_uri` *if not available from discovery URL specified by oidc_issuer key*\n- For SAML providers:\n\n- `MetadataFile` OR `MetadataURL`\n- `IDPSignout` (boolean) *optional*\n- `IDPInit` (boolean) *optional*\n- `RequestSigningAlgorithm` (string) *optional* - Only accepts `rsa-sha256`\n- `EncryptedResponses` (boolean) *optional*", "IdentityProviderName": "The identity provider name.", @@ -47789,6 +48439,7 @@ "AuthenticationType": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`IAM Identity Center` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", "BrowserSettingsArn": "The ARN of the browser settings that is associated with this web portal.", "CustomerManagedKey": "The customer managed key of the web portal.\n\n*Pattern* : `^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$`", + "DataProtectionSettingsArn": "The ARN of the data protection settings.", "DisplayName": "The name of the web portal.", "InstanceType": "The type and resources of the underlying instance.", "IpAccessSettingsArn": "The ARN of the IP access settings that is associated with the web portal.", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index 1a7efe012..09af736a3 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -5554,7 +5554,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source.", + "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. AWS Certificate Manager is the only supported source.", "title": "CertificateArn", "type": "string" }, @@ -19211,7 +19211,7 @@ "type": "string" }, "Type": { - "markdownDescription": "The type of the data source.\n\n- *AWS_LAMBDA* : The data source is an AWS Lambda function.\n- *AMAZON_DYNAMODB* : The data source is an Amazon DynamoDB table.\n- *AMAZON_ELASTICSEARCH* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_EVENTBRIDGE* : The data source is an Amazon EventBridge event bus.\n- *AMAZON_OPENSEARCH_SERVICE* : The data source is an Amazon OpenSearch Service domain.\n- *NONE* : There is no data source. This type is used when you wish to invoke a GraphQL operation without connecting to a data source, such as performing data transformation with resolvers or triggering a subscription to be invoked from a mutation.\n- *HTTP* : The data source is an HTTP endpoint.\n- *RELATIONAL_DATABASE* : The data source is a relational database.", + "markdownDescription": "The type of the data source.\n\n- *AWS_LAMBDA* : The data source is an AWS Lambda function.\n- *AMAZON_DYNAMODB* : The data source is an Amazon DynamoDB table.\n- *AMAZON_ELASTICSEARCH* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_EVENTBRIDGE* : The data source is an Amazon EventBridge event bus.\n- *AMAZON_OPENSEARCH_SERVICE* : The data source is an Amazon OpenSearch Service domain.\n- *AMAZON_BEDROCK_RUNTIME* : The data source is the Amazon Bedrock runtime.\n- *NONE* : There is no data source. This type is used when you wish to invoke a GraphQL operation without connecting to a data source, such as performing data transformation with resolvers or triggering a subscription to be invoked from a mutation.\n- *HTTP* : The data source is an HTTP endpoint.\n- *RELATIONAL_DATABASE* : The data source is a relational database.", "title": "Type", "type": "string" } @@ -29024,13 +29024,13 @@ "additionalProperties": false, "properties": { "Payload": { - "markdownDescription": "The JSON or YAML-formatted payload defining the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", + "markdownDescription": "The JSON or YAML-formatted payload defining the OpenAPI schema for the action group.", "title": "Payload", "type": "string" }, "S3": { "$ref": "#/definitions/AWS::Bedrock::Agent.S3Identifier", - "markdownDescription": "Contains details about the S3 object containing the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", + "markdownDescription": "Contains details about the S3 object containing the OpenAPI schema for the action group.", "title": "S3" } }, @@ -29070,11 +29070,11 @@ }, "ApiSchema": { "$ref": "#/definitions/AWS::Bedrock::Agent.APISchema", - "markdownDescription": "Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) .", + "markdownDescription": "Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com//bedrock/latest/userguide/agents-api-schema.html) .", "title": "ApiSchema" }, "Description": { - "markdownDescription": "The description of the action group.", + "markdownDescription": "A description of the action group.", "title": "Description", "type": "string" }, @@ -29177,7 +29177,7 @@ "type": "string" }, "PromptState": { - "markdownDescription": "Specifies whether to allow the agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` \u2013 `ENABLED`\n- `ORCHESTRATION` \u2013 `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` \u2013 `ENABLED`\n- `POST_PROCESSING` \u2013 `DISABLED`", + "markdownDescription": "Specifies whether to allow the inline agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` \u2013 `ENABLED`\n- `ORCHESTRATION` \u2013 `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` \u2013 `ENABLED`\n- `POST_PROCESSING` \u2013 `DISABLED`", "title": "PromptState", "type": "string" }, @@ -29929,7 +29929,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the knowledge base.", + "markdownDescription": "The description of the knowledge base associated with the inline agent.", "title": "Description", "type": "string" }, @@ -39350,12 +39350,12 @@ "additionalProperties": false, "properties": { "ResourceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel` .", + "markdownDescription": "The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.\n\nExample event data store ARN format: `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`\n\nExample dashboard ARN format: `arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash`\n\nExample channel ARN format: `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`", "title": "ResourceArn", "type": "string" }, "ResourcePolicy": { - "markdownDescription": "A JSON-formatted string for an AWS resource-based policy.\n\nThe following are requirements for the resource policy:\n\n- Contains only one action: cloudtrail-data:PutAuditEvents\n- Contains at least one statement. The policy can have a maximum of 20 statements.\n- Each statement contains at least one principal. A statement can have a maximum of 50 principals.", + "markdownDescription": "A JSON-formatted string for an AWS resource-based policy.\n\nFor example resource-based policies, see [CloudTrail resource-based policy examples](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html) in the *CloudTrail User Guide* .", "title": "ResourcePolicy", "type": "object" } @@ -45941,7 +45941,7 @@ }, "InviteMessageTemplate": { "$ref": "#/definitions/AWS::Cognito::UserPool.InviteMessageTemplate", - "markdownDescription": "The template for the welcome message to new users.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", + "markdownDescription": "The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .", "title": "InviteMessageTemplate" }, "UnusedAccountValidityDays": { @@ -46466,7 +46466,7 @@ "type": "string" }, "EnablePropagateAdditionalUserContextData": { - "markdownDescription": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . If you don\u2019t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", + "markdownDescription": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don\u2019t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", "title": "EnablePropagateAdditionalUserContextData", "type": "boolean" }, @@ -46479,7 +46479,7 @@ "items": { "type": "string" }, - "markdownDescription": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n> If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` .", + "markdownDescription": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n> If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` .", "title": "ExplicitAuthFlows", "type": "array" }, @@ -46523,7 +46523,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .", + "markdownDescription": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with the [hosted UI and OAuth 2.0 authorization server](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) .", "title": "SupportedIdentityProviders", "type": "array" }, @@ -46661,7 +46661,7 @@ "properties": { "CustomDomainConfig": { "$ref": "#/definitions/AWS::Cognito::UserPoolDomain.CustomDomainConfigType", - "markdownDescription": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.", + "markdownDescription": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request.", "title": "CustomDomainConfig" }, "Domain": { @@ -47419,7 +47419,7 @@ "items": { "$ref": "#/definitions/AWS::Cognito::UserPoolUser.AttributeType" }, - "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "markdownDescription": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", "title": "UserAttributes", "type": "array" }, @@ -48592,7 +48592,7 @@ }, "RecordingMode": { "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode", - "markdownDescription": "Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "markdownDescription": "Specifies the default recording frequency for the configuration recorder. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> *Some resource types require continuous recording*\n> \n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", "title": "RecordingMode" }, "RoleARN": { @@ -48682,7 +48682,7 @@ "additionalProperties": false, "properties": { "RecordingFrequency": { - "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", + "markdownDescription": "The default recording frequency that AWS Config uses to record configuration changes.\n\n> Daily recording cannot be specified for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`\n> \n> For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.", "title": "RecordingFrequency", "type": "string" }, @@ -48717,7 +48717,7 @@ "items": { "type": "string" }, - "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording is not supported for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", + "markdownDescription": "A comma-separated list that specifies which resource types AWS Config includes in the override.\n\n> Daily recording cannot be specified for the following resource types:\n> \n> - `AWS::Config::ResourceCompliance`\n> - `AWS::Config::ConformancePackCompliance`\n> - `AWS::Config::ConfigurationRecorder`", "title": "ResourceTypes", "type": "array" } @@ -68402,7 +68402,7 @@ "type": "boolean" }, "EndDate": { - "markdownDescription": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to `expired` when it reaches its end date and time.\n\nYou must provide an `EndDate` value if `EndDateType` is `limited` . Omit `EndDate` if `EndDateType` is `unlimited` .\n\nIf the `EndDateType` is `limited` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.", + "markdownDescription": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to `expired` when it reaches its end date and time.\n\nYou must provide an `EndDate` value if `EndDateType` is `limited` . Omit `EndDate` if `EndDateType` is `unlimited` .\n\nIf the `EndDateType` is `limited` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.\n\nIf you are requesting a future-dated Capacity Reservation, you can't specify an end date and time that is within the commitment duration.", "title": "EndDate", "type": "string" }, @@ -68417,12 +68417,12 @@ "type": "boolean" }, "InstanceCount": { - "markdownDescription": "The number of instances for which to reserve capacity.\n\nValid range: 1 - 1000", + "markdownDescription": "The number of instances for which to reserve capacity.\n\n> You can request future-dated Capacity Reservations for an instance count with a minimum of 100 VPUs. For example, if you request a future-dated Capacity Reservation for `m5.xlarge` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ). \n\nValid range: 1 - 1000", "title": "InstanceCount", "type": "number" }, "InstanceMatchCriteria": { - "markdownDescription": "Indicates the type of instance launches that the Capacity Reservation accepts. The options include:\n\n- `open` - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.\n- `targeted` - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.\n\nDefault: `open`", + "markdownDescription": "Indicates the type of instance launches that the Capacity Reservation accepts. The options include:\n\n- `open` - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.\n- `targeted` - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.\n\n> If you are requesting a future-dated Capacity Reservation, you must specify `targeted` . \n\nDefault: `open`", "title": "InstanceMatchCriteria", "type": "string" }, @@ -68432,17 +68432,17 @@ "type": "string" }, "InstanceType": { - "markdownDescription": "The instance type for which to reserve capacity. For more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .", + "markdownDescription": "The instance type for which to reserve capacity.\n\n> You can request future-dated Capacity Reservations for instance types in the C, M, R, I, and T instance families only. \n\nFor more information, see [Instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide* .", "title": "InstanceType", "type": "string" }, "OutPostArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.", + "markdownDescription": "> Not supported for future-dated Capacity Reservations. \n\nThe Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.", "title": "OutPostArn", "type": "string" }, "PlacementGroupArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see [Capacity Reservations for cluster placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html) in the *Amazon EC2 User Guide* .", + "markdownDescription": "> Not supported for future-dated Capacity Reservations. \n\nThe Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see [Capacity Reservations for cluster placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html) in the *Amazon EC2 User Guide* .", "title": "PlacementGroupArn", "type": "string" }, @@ -69873,7 +69873,7 @@ "items": { "type": "string" }, - "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "title": "CpuManufacturers", "type": "array" }, @@ -72691,7 +72691,7 @@ "additionalProperties": false, "properties": { "CapacityReservationPreference": { - "markdownDescription": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n\n- `open` - The instance can run in any `open` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).\n- `none` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", + "markdownDescription": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n\n- `capacity-reservations-only` - The instance will only run in a Capacity Reservation or Capacity Reservation group. If capacity isn't available, the instance will fail to launch.\n- `open` - The instance can run in any `open` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone, tenancy).\n- `none` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", "title": "CapacityReservationPreference", "type": "string" }, @@ -72974,7 +72974,7 @@ "items": { "type": "string" }, - "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "title": "CpuManufacturers", "type": "array" }, @@ -77494,7 +77494,7 @@ "items": { "type": "string" }, - "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", + "markdownDescription": "The CPU manufacturers to include.\n\n- For instance types with Intel CPUs, specify `intel` .\n- For instance types with AMD CPUs, specify `amd` .\n- For instance types with AWS CPUs, specify `amazon-web-services` .\n- For instance types with Apple CPUs, specify `apple` .\n\n> Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. \n\nDefault: Any manufacturer", "title": "CpuManufacturers", "type": "array" }, @@ -83779,12 +83779,12 @@ "title": "DeploymentCircuitBreaker" }, "MaximumPercent": { - "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `maximumPercent` parameter represents an upper limit on the number of your service's tasks that are allowed in the `RUNNING` or `PENDING` state during a deployment, as a percentage of the `desiredCount` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the `REPLICA` service scheduler and has a `desiredCount` of four tasks and a `maximumPercent` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default `maximumPercent` value for a service using the `REPLICA` service scheduler is 200%.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `maximumPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.", + "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `maximumPercent` parameter represents an upper limit on the number of your service's tasks that are allowed in the `RUNNING` or `PENDING` state during a deployment, as a percentage of the `desiredCount` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the `REPLICA` service scheduler and has a `desiredCount` of four tasks and a `maximumPercent` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default `maximumPercent` value for a service using the `REPLICA` service scheduler is 200%.\n\nThe Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `maximumPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.", "title": "MaximumPercent", "type": "number" }, "MinimumHealthyPercent": { - "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", + "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nIf any tasks are unhealthy and if `maximumPercent` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one \u2014 using the `minimumHealthyPercent` as a constraint \u2014 to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", "title": "MinimumHealthyPercent", "type": "number" } @@ -90365,7 +90365,7 @@ "type": "string" }, "IpDiscovery": { - "markdownDescription": "The network type you choose when modifying a cluster, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "The network type you choose when modifying a cluster, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "IpDiscovery", "type": "string" }, @@ -90378,7 +90378,7 @@ "type": "array" }, "NetworkType": { - "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "NetworkType", "type": "string" }, @@ -90937,7 +90937,7 @@ "type": "string" }, "IpDiscovery": { - "markdownDescription": "The network type you choose when creating a replication group, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "The network type you choose when creating a replication group, either `ipv4` | `ipv6` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "IpDiscovery", "type": "string" }, @@ -90960,7 +90960,7 @@ "type": "boolean" }, "NetworkType": { - "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", + "markdownDescription": "Must be either `ipv4` | `ipv6` | `dual_stack` . IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the [Nitro system](https://docs.aws.amazon.com/ec2/nitro/) .", "title": "NetworkType", "type": "string" }, @@ -91418,7 +91418,7 @@ "title": "CacheUsageLimits" }, "DailySnapshotTime": { - "markdownDescription": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Valkey, Redis OSS, and Serverless Memcached only.", + "markdownDescription": "The daily time that a cache snapshot will be created. Default is NULL, i.e. snapshots will not be created at a specific time on a daily basis. Available for Valkey, Redis OSS and Serverless Memcached only.", "title": "DailySnapshotTime", "type": "string" }, @@ -91479,7 +91479,7 @@ "type": "array" }, "SnapshotRetentionLimit": { - "markdownDescription": "The current setting for the number of serverless cache snapshots the system will retain. Available for Valkey, Redis OSS, and Serverless Memcached only.", + "markdownDescription": "The current setting for the number of serverless cache snapshots the system will retain. Available for Valkey, Redis OSS and Serverless Memcached only.", "title": "SnapshotRetentionLimit", "type": "number" }, @@ -91739,7 +91739,7 @@ "title": "AuthenticationMode" }, "Engine": { - "markdownDescription": "The current supported value is redis.", + "markdownDescription": "The current supported values are valkey and redis.", "title": "Engine", "type": "string" }, @@ -94084,7 +94084,7 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The name of the attribute.\n\nThe following attributes are supported by all load balancers:\n\n- `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false` . The default is `false` .\n- `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false` . The default for Network Load Balancers and Gateway Load Balancers is `false` . The default for Application Load Balancers is `true` , and can't be changed.\n\nThe following attributes are supported by both Application Load Balancers and Network Load Balancers:\n\n- `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false` . The default is `false` .\n- `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs.\n- `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n\nThe following attributes are supported by only Application Load Balancers:\n\n- `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n- `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n- `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false` . The default is `false` .\n- `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs.\n- `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor` , `defensive` , and `strictest` . The default is `defensive` .\n- `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( `true` ) or routed to targets ( `false` ). The default is `false` .\n- `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers ( `x-amzn-tls-version` and `x-amzn-tls-cipher-suite` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false` . The default is `false` .\n- `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append` , `preserve` , and `remove` . The default is `append` .\n\n- If the value is `append` , the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change.\n- If the value is `remove` , the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- `routing.http2.enabled` - Indicates whether HTTP/2 is enabled. The possible values are `true` and `false` . The default is `true` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n- `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Network Load Balancers:\n\n- `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity.\n- `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false` . The default is `false` .", + "markdownDescription": "The name of the attribute.\n\nThe following attributes are supported by all load balancers:\n\n- `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false` . The default is `false` .\n- `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false` . The default for Network Load Balancers and Gateway Load Balancers is `false` . The default for Application Load Balancers is `true` , and can't be changed.\n\nThe following attributes are supported by both Application Load Balancers and Network Load Balancers:\n\n- `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false` . The default is `false` .\n- `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs.\n- `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n- `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Application Load Balancers:\n\n- `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n- `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n- `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false` . The default is `false` .\n- `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n- `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs.\n- `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor` , `defensive` , and `strictest` . The default is `defensive` .\n- `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( `true` ) or routed to targets ( `false` ). The default is `false` .\n- `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers ( `x-amzn-tls-version` and `x-amzn-tls-cipher-suite` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false` . The default is `false` .\n- `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false` . The default is `false` .\n- `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append` , `preserve` , and `remove` . The default is `append` .\n\n- If the value is `append` , the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change.\n- If the value is `remove` , the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets.\n- `routing.http2.enabled` - Indicates whether HTTP/2 is enabled. The possible values are `true` and `false` . The default is `true` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n- `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false` . The default is `false` .\n\nThe following attributes are supported by only Network Load Balancers:\n\n- `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity.", "title": "Key", "type": "string" }, @@ -123442,7 +123442,7 @@ "additionalProperties": false, "properties": { "DeprecateThingType": { - "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", + "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type. You cannot update `ThingTypeProperties` if the thing type is deprecated.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", "title": "DeprecateThingType", "type": "boolean" }, @@ -123461,7 +123461,7 @@ }, "ThingTypeProperties": { "$ref": "#/definitions/AWS::IoT::ThingType.ThingTypeProperties", - "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, and a list of searchable thing attribute names. `ThingTypeProperties` can't be updated after the initial creation of the `ThingType` .", + "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration` .", "title": "ThingTypeProperties" } }, @@ -127973,7 +127973,7 @@ "title": "CollectionScheme" }, "Compression": { - "markdownDescription": "(Optional) Whether to compress signals before transmitting data to AWS IoT FleetWise . If you don't want to compress the signals, use `OFF` . If it's not specified, `SNAPPY` is used.\n\nDefault: `SNAPPY`", + "markdownDescription": "Whether to compress signals before transmitting data to AWS IoT FleetWise . If you don't want to compress the signals, use `OFF` . If it's not specified, `SNAPPY` is used.\n\nDefault: `SNAPPY`", "title": "Compression", "type": "string" }, @@ -127981,7 +127981,7 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.DataDestinationConfig" }, - "markdownDescription": "(Optional) The destination where the campaign sends data. You can choose to send data to be stored in Amazon S3 or Amazon Timestream .\n\nAmazon S3 optimizes the cost of data storage and provides additional mechanisms to use vehicle data, such as data lakes, centralized data storage, data processing pipelines, and analytics. AWS IoT FleetWise supports at-least-once file delivery to S3. Your vehicle data is stored on multiple AWS IoT FleetWise servers for redundancy and high availability.\n\nYou can use Amazon Timestream to access and analyze time series data, and Timestream to query vehicle data so that you can identify trends and patterns.", + "markdownDescription": "The destination where the campaign sends data. You can choose to send data to be stored in Amazon S3 or Amazon Timestream .\n\nAmazon S3 optimizes the cost of data storage and provides additional mechanisms to use vehicle data, such as data lakes, centralized data storage, data processing pipelines, and analytics. AWS IoT FleetWise supports at-least-once file delivery to S3. Your vehicle data is stored on multiple AWS IoT FleetWise servers for redundancy and high availability.\n\nYou can use Amazon Timestream to access and analyze time series data, and Timestream to query vehicle data so that you can identify trends and patterns.", "title": "DataDestinationConfigs", "type": "array" }, @@ -127989,22 +127989,22 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of vehicle attributes to associate with a campaign.\n\nEnrich the data with specified vehicle attributes. For example, add `make` and `model` to the campaign, and AWS IoT FleetWise will associate the data with those attributes as dimensions in Amazon Timestream . You can then query the data against `make` and `model` .\n\nDefault: An empty array", + "markdownDescription": "A list of vehicle attributes to associate with a campaign.\n\nEnrich the data with specified vehicle attributes. For example, add `make` and `model` to the campaign, and AWS IoT FleetWise will associate the data with those attributes as dimensions in Amazon Timestream . You can then query the data against `make` and `model` .\n\nDefault: An empty array", "title": "DataExtraDimensions", "type": "array" }, "Description": { - "markdownDescription": "(Optional) The description of the campaign.", + "markdownDescription": "The description of the campaign.", "title": "Description", "type": "string" }, "DiagnosticsMode": { - "markdownDescription": "(Optional) Option for a vehicle to send diagnostic trouble codes to AWS IoT FleetWise . If you want to send diagnostic trouble codes, use `SEND_ACTIVE_DTCS` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "markdownDescription": "Option for a vehicle to send diagnostic trouble codes to AWS IoT FleetWise . If you want to send diagnostic trouble codes, use `SEND_ACTIVE_DTCS` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", "title": "DiagnosticsMode", "type": "string" }, "ExpiryTime": { - "markdownDescription": "(Optional) The time the campaign expires, in seconds since epoch (January 1, 1970 at midnight UTC time). Vehicle data isn't collected after the campaign expires.\n\nDefault: 253402214400 (December 31, 9999, 00:00:00 UTC)", + "markdownDescription": "The time the campaign expires, in seconds since epoch (January 1, 1970 at midnight UTC time). Vehicle data isn't collected after the campaign expires.\n\nDefault: 253402214400 (December 31, 9999, 00:00:00 UTC)", "title": "ExpiryTime", "type": "string" }, @@ -128014,12 +128014,12 @@ "type": "string" }, "PostTriggerCollectionDuration": { - "markdownDescription": "(Optional) How long (in milliseconds) to collect raw data after a triggering event initiates the collection. If it's not specified, `0` is used.\n\nDefault: `0`", + "markdownDescription": "How long (in milliseconds) to collect raw data after a triggering event initiates the collection. If it's not specified, `0` is used.\n\nDefault: `0`", "title": "PostTriggerCollectionDuration", "type": "number" }, "Priority": { - "markdownDescription": "(Optional) A number indicating the priority of one campaign over another campaign for a certain vehicle or fleet. A campaign with the lowest value is deployed to vehicles before any other campaigns. If it's not specified, `0` is used.\n\nDefault: `0`", + "markdownDescription": "A number indicating the priority of one campaign over another campaign for a certain vehicle or fleet. A campaign with the lowest value is deployed to vehicles before any other campaigns. If it's not specified, `0` is used.\n\nDefault: `0`", "title": "Priority", "type": "number" }, @@ -128032,17 +128032,17 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.SignalInformation" }, - "markdownDescription": "(Optional) A list of information about signals to collect.", + "markdownDescription": "A list of information about signals to collect.", "title": "SignalsToCollect", "type": "array" }, "SpoolingMode": { - "markdownDescription": "(Optional) Whether to store collected data after a vehicle lost a connection with the cloud. After a connection is re-established, the data is automatically forwarded to AWS IoT FleetWise . If you want to store collected data when a vehicle loses connection with the cloud, use `TO_DISK` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "markdownDescription": "Whether to store collected data after a vehicle lost a connection with the cloud. After a connection is re-established, the data is automatically forwarded to AWS IoT FleetWise . If you want to store collected data when a vehicle loses connection with the cloud, use `TO_DISK` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", "title": "SpoolingMode", "type": "string" }, "StartTime": { - "markdownDescription": "(Optional) The time, in milliseconds, to deliver a campaign after it was approved. If it's not specified, `0` is used.\n\nDefault: `0`", + "markdownDescription": "The time, in milliseconds, to deliver a campaign after it was approved. If it's not specified, `0` is used.\n\nDefault: `0`", "title": "StartTime", "type": "string" }, @@ -128050,7 +128050,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the campaign.", + "markdownDescription": "Metadata that can be used to manage the campaign.", "title": "Tags", "type": "array" }, @@ -128095,12 +128095,12 @@ "properties": { "ConditionBasedCollectionScheme": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.ConditionBasedCollectionScheme", - "markdownDescription": "(Optional) Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", + "markdownDescription": "Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", "title": "ConditionBasedCollectionScheme" }, "TimeBasedCollectionScheme": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.TimeBasedCollectionScheme", - "markdownDescription": "(Optional) Information about a collection scheme that uses a time period to decide how often to collect data.", + "markdownDescription": "Information about a collection scheme that uses a time period to decide how often to collect data.", "title": "TimeBasedCollectionScheme" } }, @@ -128110,7 +128110,7 @@ "additionalProperties": false, "properties": { "ConditionLanguageVersion": { - "markdownDescription": "(Optional) Specifies the version of the conditional expression language.", + "markdownDescription": "Specifies the version of the conditional expression language.", "title": "ConditionLanguageVersion", "type": "number" }, @@ -128120,12 +128120,12 @@ "type": "string" }, "MinimumTriggerIntervalMs": { - "markdownDescription": "(Optional) The minimum duration of time between two triggering events to collect data, in milliseconds.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "markdownDescription": "The minimum duration of time between two triggering events to collect data, in milliseconds.\n\n> If a signal changes often, you might want to collect data at a slower rate.", "title": "MinimumTriggerIntervalMs", "type": "number" }, "TriggerMode": { - "markdownDescription": "(Optional) Whether to collect data for all triggering events ( `ALWAYS` ). Specify ( `RISING_EDGE` ), or specify only when the condition first evaluates to false. For example, triggering on \"AirbagDeployed\"; Users aren't interested on triggering when the airbag is already exploded; they only care about the change from not deployed => deployed.", + "markdownDescription": "Whether to collect data for all triggering events ( `ALWAYS` ). Specify ( `RISING_EDGE` ), or specify only when the condition first evaluates to false. For example, triggering on \"AirbagDeployed\"; Users aren't interested on triggering when the airbag is already exploded; they only care about the change from not deployed => deployed.", "title": "TriggerMode", "type": "string" } @@ -128140,12 +128140,12 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.S3Config", - "markdownDescription": "(Optional) The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data.", + "markdownDescription": "The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data.", "title": "S3Config" }, "TimestreamConfig": { "$ref": "#/definitions/AWS::IoTFleetWise::Campaign.TimestreamConfig", - "markdownDescription": "(Optional) The Amazon Timestream table where the campaign sends data.", + "markdownDescription": "The Amazon Timestream table where the campaign sends data.", "title": "TimestreamConfig" } }, @@ -128160,17 +128160,17 @@ "type": "string" }, "DataFormat": { - "markdownDescription": "(Optional) Specify the format that files are saved in the Amazon S3 bucket. You can save files in an Apache Parquet or JSON format.\n\n- Parquet - Store data in a columnar storage file format. Parquet is optimal for fast data retrieval and can reduce costs. This option is selected by default.\n- JSON - Store data in a standard text-based JSON file format.", + "markdownDescription": "Specify the format that files are saved in the Amazon S3 bucket. You can save files in an Apache Parquet or JSON format.\n\n- Parquet - Store data in a columnar storage file format. Parquet is optimal for fast data retrieval and can reduce costs. This option is selected by default.\n- JSON - Store data in a standard text-based JSON file format.", "title": "DataFormat", "type": "string" }, "Prefix": { - "markdownDescription": "(Optional) Enter an S3 bucket prefix. The prefix is the string of characters after the bucket name and before the object name. You can use the prefix to organize data stored in Amazon S3 buckets. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* .\n\nBy default, AWS IoT FleetWise sets the prefix `processed-data/year=YY/month=MM/date=DD/hour=HH/` (in UTC) to data it delivers to Amazon S3 . You can enter a prefix to append it to this default prefix. For example, if you enter the prefix `vehicles` , the prefix will be `vehicles/processed-data/year=YY/month=MM/date=DD/hour=HH/` .", + "markdownDescription": "Enter an S3 bucket prefix. The prefix is the string of characters after the bucket name and before the object name. You can use the prefix to organize data stored in Amazon S3 buckets. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* .\n\nBy default, AWS IoT FleetWise sets the prefix `processed-data/year=YY/month=MM/date=DD/hour=HH/` (in UTC) to data it delivers to Amazon S3 . You can enter a prefix to append it to this default prefix. For example, if you enter the prefix `vehicles` , the prefix will be `vehicles/processed-data/year=YY/month=MM/date=DD/hour=HH/` .", "title": "Prefix", "type": "string" }, "StorageCompressionFormat": { - "markdownDescription": "(Optional) By default, stored data is compressed as a .gzip file. Compressed files have a reduced file size, which can optimize the cost of data storage.", + "markdownDescription": "By default, stored data is compressed as a .gzip file. Compressed files have a reduced file size, which can optimize the cost of data storage.", "title": "StorageCompressionFormat", "type": "string" } @@ -128184,12 +128184,12 @@ "additionalProperties": false, "properties": { "MaxSampleCount": { - "markdownDescription": "(Optional) The maximum number of samples to collect.", + "markdownDescription": "The maximum number of samples to collect.", "title": "MaxSampleCount", "type": "number" }, "MinimumSamplingIntervalMs": { - "markdownDescription": "(Optional) The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "markdownDescription": "The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", "title": "MinimumSamplingIntervalMs", "type": "number" }, @@ -128274,7 +128274,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the decoder manifest.", + "markdownDescription": "A brief description of the decoder manifest.", "title": "Description", "type": "string" }, @@ -128292,7 +128292,7 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::DecoderManifest.NetworkInterfacesItems" }, - "markdownDescription": "(Optional) A list of information about available network interfaces.", + "markdownDescription": "A list of information about available network interfaces.", "title": "NetworkInterfaces", "type": "array" }, @@ -128300,12 +128300,12 @@ "items": { "$ref": "#/definitions/AWS::IoTFleetWise::DecoderManifest.SignalDecodersItems" }, - "markdownDescription": "(Optional) A list of information about signal decoders.", + "markdownDescription": "A list of information about signal decoders.", "title": "SignalDecoders", "type": "array" }, "Status": { - "markdownDescription": "(Optional) The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", + "markdownDescription": "The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", "title": "Status", "type": "string" }, @@ -128313,7 +128313,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the decoder manifest.", + "markdownDescription": "Metadata that can be used to manage the decoder manifest.", "title": "Tags", "type": "array" } @@ -128354,12 +128354,12 @@ "type": "string" }, "ProtocolName": { - "markdownDescription": "(Optional) The name of the communication protocol for the interface.", + "markdownDescription": "The name of the communication protocol for the interface.", "title": "ProtocolName", "type": "string" }, "ProtocolVersion": { - "markdownDescription": "(Optional) The version of the communication protocol for the interface.", + "markdownDescription": "The version of the communication protocol for the interface.", "title": "ProtocolVersion", "type": "string" } @@ -128398,7 +128398,7 @@ "type": "string" }, "Name": { - "markdownDescription": "(Optional) The name of the signal.", + "markdownDescription": "The name of the signal.", "title": "Name", "type": "string" }, @@ -128450,12 +128450,12 @@ "additionalProperties": false, "properties": { "DtcRequestIntervalSeconds": { - "markdownDescription": "(Optional) The maximum number message requests per diagnostic trouble code per second.", + "markdownDescription": "The maximum number message requests per diagnostic trouble code per second.", "title": "DtcRequestIntervalSeconds", "type": "string" }, "HasTransmissionEcu": { - "markdownDescription": "(Optional) Whether the vehicle has a transmission control module (TCM).", + "markdownDescription": "Whether the vehicle has a transmission control module (TCM).", "title": "HasTransmissionEcu", "type": "string" }, @@ -128465,12 +128465,12 @@ "type": "string" }, "ObdStandard": { - "markdownDescription": "(Optional) The standard OBD II PID.", + "markdownDescription": "The standard OBD II PID.", "title": "ObdStandard", "type": "string" }, "PidRequestIntervalSeconds": { - "markdownDescription": "(Optional) The maximum number message requests per second.", + "markdownDescription": "The maximum number message requests per second.", "title": "PidRequestIntervalSeconds", "type": "string" }, @@ -128480,7 +128480,7 @@ "type": "string" }, "UseExtendedIds": { - "markdownDescription": "(Optional) Whether to use extended IDs in the message.", + "markdownDescription": "Whether to use extended IDs in the message.", "title": "UseExtendedIds", "type": "string" } @@ -128495,12 +128495,12 @@ "additionalProperties": false, "properties": { "BitMaskLength": { - "markdownDescription": "(Optional) The number of bits to mask in a message.", + "markdownDescription": "The number of bits to mask in a message.", "title": "BitMaskLength", "type": "string" }, "BitRightShift": { - "markdownDescription": "(Optional) The number of positions to shift bits in the message.", + "markdownDescription": "The number of positions to shift bits in the message.", "title": "BitRightShift", "type": "string" }, @@ -128613,7 +128613,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the fleet.", + "markdownDescription": "A brief description of the fleet.", "title": "Description", "type": "string" }, @@ -128631,7 +128631,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the fleet.", + "markdownDescription": "Metadata that can be used to manage the fleet.", "title": "Tags", "type": "array" } @@ -128699,7 +128699,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the vehicle model.", + "markdownDescription": "A brief description of the vehicle model.", "title": "Description", "type": "string" }, @@ -128712,7 +128712,7 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of nodes, which are a general abstraction of signals.", + "markdownDescription": "A list of nodes, which are a general abstraction of signals.", "title": "Nodes", "type": "array" }, @@ -128722,7 +128722,7 @@ "type": "string" }, "Status": { - "markdownDescription": "(Optional) The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", + "markdownDescription": "The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", "title": "Status", "type": "string" }, @@ -128730,7 +128730,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the vehicle model.", + "markdownDescription": "Metadata that can be used to manage the vehicle model.", "title": "Tags", "type": "array" } @@ -128798,25 +128798,25 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the signal catalog.", + "markdownDescription": "A brief description of the signal catalog.", "title": "Description", "type": "string" }, "Name": { - "markdownDescription": "(Optional) The name of the signal catalog.", + "markdownDescription": "The name of the signal catalog.", "title": "Name", "type": "string" }, "NodeCounts": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.NodeCounts", - "markdownDescription": "(Optional) Information about the number of nodes and node types in a vehicle network.", + "markdownDescription": "Information about the number of nodes and node types in a vehicle network.", "title": "NodeCounts" }, "Nodes": { "items": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Node" }, - "markdownDescription": "(Optional) A list of information about nodes, which are a general abstraction of signals.", + "markdownDescription": "A list of information about nodes, which are a general abstraction of signals.", "title": "Nodes", "type": "array" }, @@ -128824,7 +128824,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata that can be used to manage the signal catalog.", + "markdownDescription": "Metadata that can be used to manage the signal catalog.", "title": "Tags", "type": "array" } @@ -128858,12 +128858,12 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of possible values an actuator can take.", + "markdownDescription": "A list of possible values an actuator can take.", "title": "AllowedValues", "type": "array" }, "AssignedValue": { - "markdownDescription": "(Optional) A specified value for the actuator.", + "markdownDescription": "A specified value for the actuator.", "title": "AssignedValue", "type": "string" }, @@ -128873,7 +128873,7 @@ "type": "string" }, "Description": { - "markdownDescription": "(Optional) A brief description of the actuator.", + "markdownDescription": "A brief description of the actuator.", "title": "Description", "type": "string" }, @@ -128883,17 +128883,17 @@ "type": "string" }, "Max": { - "markdownDescription": "(Optional) The specified possible maximum value of an actuator.", + "markdownDescription": "The specified possible maximum value of an actuator.", "title": "Max", "type": "number" }, "Min": { - "markdownDescription": "(Optional) The specified possible minimum value of an actuator.", + "markdownDescription": "The specified possible minimum value of an actuator.", "title": "Min", "type": "number" }, "Unit": { - "markdownDescription": "(Optional) The scientific unit for the actuator.", + "markdownDescription": "The scientific unit for the actuator.", "title": "Unit", "type": "string" } @@ -128911,12 +128911,12 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of possible values an attribute can be assigned.", + "markdownDescription": "A list of possible values an attribute can be assigned.", "title": "AllowedValues", "type": "array" }, "AssignedValue": { - "markdownDescription": "(Optional) A specified value for the attribute.", + "markdownDescription": "A specified value for the attribute.", "title": "AssignedValue", "type": "string" }, @@ -128926,12 +128926,12 @@ "type": "string" }, "DefaultValue": { - "markdownDescription": "(Optional) The default value of the attribute.", + "markdownDescription": "The default value of the attribute.", "title": "DefaultValue", "type": "string" }, "Description": { - "markdownDescription": "(Optional) A brief description of the attribute.", + "markdownDescription": "A brief description of the attribute.", "title": "Description", "type": "string" }, @@ -128941,17 +128941,17 @@ "type": "string" }, "Max": { - "markdownDescription": "(Optional) The specified possible maximum value of the attribute.", + "markdownDescription": "The specified possible maximum value of the attribute.", "title": "Max", "type": "number" }, "Min": { - "markdownDescription": "(Optional) The specified possible minimum value of the attribute.", + "markdownDescription": "The specified possible minimum value of the attribute.", "title": "Min", "type": "number" }, "Unit": { - "markdownDescription": "(Optional) The scientific unit for the attribute.", + "markdownDescription": "The scientific unit for the attribute.", "title": "Unit", "type": "string" } @@ -128966,7 +128966,7 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "(Optional) A brief description of the branch.", + "markdownDescription": "A brief description of the branch.", "title": "Description", "type": "string" }, @@ -128986,22 +128986,22 @@ "properties": { "Actuator": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Actuator", - "markdownDescription": "(Optional) Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", + "markdownDescription": "Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", "title": "Actuator" }, "Attribute": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Attribute", - "markdownDescription": "(Optional) Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", + "markdownDescription": "Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", "title": "Attribute" }, "Branch": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Branch", - "markdownDescription": "(Optional) Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", + "markdownDescription": "Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", "title": "Branch" }, "Sensor": { "$ref": "#/definitions/AWS::IoTFleetWise::SignalCatalog.Sensor", - "markdownDescription": "(Optional) An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors.", + "markdownDescription": "An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors.", "title": "Sensor" } }, @@ -129011,27 +129011,27 @@ "additionalProperties": false, "properties": { "TotalActuators": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent actuators.", + "markdownDescription": "The total number of nodes in a vehicle network that represent actuators.", "title": "TotalActuators", "type": "number" }, "TotalAttributes": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent attributes.", + "markdownDescription": "The total number of nodes in a vehicle network that represent attributes.", "title": "TotalAttributes", "type": "number" }, "TotalBranches": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent branches.", + "markdownDescription": "The total number of nodes in a vehicle network that represent branches.", "title": "TotalBranches", "type": "number" }, "TotalNodes": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network.", + "markdownDescription": "The total number of nodes in a vehicle network.", "title": "TotalNodes", "type": "number" }, "TotalSensors": { - "markdownDescription": "(Optional) The total number of nodes in a vehicle network that represent sensors.", + "markdownDescription": "The total number of nodes in a vehicle network that represent sensors.", "title": "TotalSensors", "type": "number" } @@ -129045,7 +129045,7 @@ "items": { "type": "string" }, - "markdownDescription": "(Optional) A list of possible values a sensor can take.", + "markdownDescription": "A list of possible values a sensor can take.", "title": "AllowedValues", "type": "array" }, @@ -129055,7 +129055,7 @@ "type": "string" }, "Description": { - "markdownDescription": "(Optional) A brief description of a sensor.", + "markdownDescription": "A brief description of a sensor.", "title": "Description", "type": "string" }, @@ -129065,17 +129065,17 @@ "type": "string" }, "Max": { - "markdownDescription": "(Optional) The specified possible maximum value of the sensor.", + "markdownDescription": "The specified possible maximum value of the sensor.", "title": "Max", "type": "number" }, "Min": { - "markdownDescription": "(Optional) The specified possible minimum value of the sensor.", + "markdownDescription": "The specified possible minimum value of the sensor.", "title": "Min", "type": "number" }, "Unit": { - "markdownDescription": "(Optional) The scientific unit of measurement for data collected by the sensor.", + "markdownDescription": "The scientific unit of measurement for data collected by the sensor.", "title": "Unit", "type": "string" } @@ -129122,13 +129122,13 @@ "additionalProperties": false, "properties": { "AssociationBehavior": { - "markdownDescription": "(Optional) An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", + "markdownDescription": "An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", "title": "AssociationBehavior", "type": "string" }, "Attributes": { "additionalProperties": true, - "markdownDescription": "(Optional) Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", + "markdownDescription": "Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -129156,7 +129156,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "(Optional) Metadata which can be used to manage the vehicle.", + "markdownDescription": "Metadata which can be used to manage the vehicle.", "title": "Tags", "type": "array" } @@ -155228,7 +155228,7 @@ "type": "string" }, "Protocol": { - "markdownDescription": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.", + "markdownDescription": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "title": "Protocol", "type": "string" }, @@ -155527,7 +155527,7 @@ "type": "string" }, "MaxLatency": { - "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams.", + "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.", "title": "MaxLatency", "type": "number" }, @@ -155547,7 +155547,7 @@ "type": "number" }, "Protocol": { - "markdownDescription": "The protocol to use for the output.", + "markdownDescription": "The protocol to use for the output.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "title": "Protocol", "type": "string" }, @@ -155711,7 +155711,7 @@ "type": "number" }, "MaxLatency": { - "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams.", + "markdownDescription": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.", "title": "MaxLatency", "type": "number" }, @@ -162588,7 +162588,7 @@ "type": "number" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -162650,7 +162650,7 @@ "type": "number" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -163088,7 +163088,7 @@ "type": "string" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. Additionally, ID3Timed metadata messages are generated every 5 seconds starting when the content was ingested.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify.\n\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.\n\nOmit this attribute or enter `0` to indicate that the `EXT-X-PROGRAM-DATE-TIME` tags are not included in the manifest.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -163793,7 +163793,7 @@ "type": "string" }, "PresetSpeke20Video": { - "markdownDescription": "The SPEKE Version 2.0 preset video associated with the encryption contract configuration of the origin endpoint.", + "markdownDescription": "The SPEKE Version 2.0 preset video associated with the encryption contract configuration of the origin endpoint.\n\nA collection of video encryption presets.\n\nValue description:\n\n- `PRESET-VIDEO-1` - Use one content key to encrypt all of the video tracks in your stream.\n- `PRESET-VIDEO-2` - Use one content key to encrypt all of the SD video tracks and one content key for all HD and higher resolutions video tracks.\n- `PRESET-VIDEO-3` - Use one content key to encrypt all of the SD video tracks, one content key for HD video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-4` - Use one content key to encrypt all of the SD video tracks, one content key for HD video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `PRESET-VIDEO-5` - Use one content key to encrypt all of the SD video tracks, one content key for HD1 video tracks, one content key for HD2 video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `PRESET-VIDEO-6` - Use one content key to encrypt all of the SD video tracks, one content key for HD1 video tracks, one content key for HD2 video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-7` - Use one content key to encrypt all of the SD+HD1 video tracks, one content key for HD2 video tracks and one content key for all UHD video tracks.\n- `PRESET-VIDEO-8` - Use one content key to encrypt all of the SD+HD1 video tracks, one content key for HD2 video tracks, one content key for all UHD1 video tracks and one content key for all UHD2 video tracks.\n- `SHARED` - Use the same content key for all of the video and audio tracks in your stream.\n- `UNENCRYPTED` - Don't encrypt any of the video tracks in your stream.", "title": "PresetSpeke20Video", "type": "string" } @@ -163914,7 +163914,7 @@ "type": "number" }, "ProgramDateTimeIntervalSeconds": { - "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. If you don't enter an interval, `EXT-X-PROGRAM-DATE-TIME` tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. `ID3Timed` metadata messages generate every 5 seconds whenever MediaPackage ingests the content.\n\nIrrespective of this parameter, if any `ID3Timed` metadata is in the HLS input, MediaPackage passes through that metadata to the HLS output.", + "markdownDescription": "Inserts `EXT-X-PROGRAM-DATE-TIME` tags in the output manifest at the interval that you specify. If you don't enter an interval, `EXT-X-PROGRAM-DATE-TIME` tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.\n\nIrrespective of this parameter, if any `ID3Timed` metadata is in the HLS input, MediaPackage passes through that metadata to the HLS output.", "title": "ProgramDateTimeIntervalSeconds", "type": "number" }, @@ -230582,12 +230582,12 @@ "items": { "$ref": "#/definitions/AWS::ResourceGroups::Group.ConfigurationParameter" }, - "markdownDescription": "A collection of parameters for this configuration item. For the list of parameters that you can use with each configuration item `Type` , see [Supported resource types and parameters](https://docs.aws.amazon.com/ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", + "markdownDescription": "A collection of parameters for this configuration item. For the list of parameters that you can use with each configuration item `Type` , see [Supported resource types and parameters](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", "title": "Parameters", "type": "array" }, "Type": { - "markdownDescription": "Specifies the type of configuration item. Each item must have a unique value for type. For the list of the types that you can specify for a configuration item, see [Supported resource types and parameters](https://docs.aws.amazon.com/ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", + "markdownDescription": "Specifies the type of configuration item. Each item must have a unique value for type. For the list of the types that you can specify for a configuration item, see [Supported resource types and parameters](https://docs.aws.amazon.com//ARG/latest/APIReference/about-slg.html#about-slg-types) in the *AWS Resource Groups User Guide* .", "title": "Type", "type": "string" } @@ -234126,7 +234126,7 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:\n\n- `ALLOW` - Permit the request to go through.\n- `ALERT` - Permit the request to go through but send an alert to the logs.\n- `BLOCK` - Disallow the request. If this is specified,then `BlockResponse` must also be specified.\n\nif `BlockResponse` is `OVERRIDE` , then all of the following `OVERRIDE` attributes must be specified:\n\n- `BlockOverrideDnsType`\n- `BlockOverrideDomain`\n- `BlockOverrideTtl`", + "markdownDescription": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advvanced rule:\n\n- `ALLOW` - Permit the request to go through. Not available for DNS Firewall Advanced rules.\n- `ALERT` - Permit the request to go through but send an alert to the logs.\n- `BLOCK` - Disallow the request. If this is specified,then `BlockResponse` must also be specified.\n\nif `BlockResponse` is `OVERRIDE` , then all of the following `OVERRIDE` attributes must be specified:\n\n- `BlockOverrideDnsType`\n- `BlockOverrideDomain`\n- `BlockOverrideTtl`", "title": "Action", "type": "string" }, @@ -235503,7 +235503,7 @@ }, "ObjectLockConfiguration": { "$ref": "#/definitions/AWS::S3::Bucket.ObjectLockConfiguration", - "markdownDescription": "> This operation is not supported by directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", + "markdownDescription": "> This operation is not supported for directory buckets. \n\nPlaces an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .\n\n> - The `DefaultRetention` settings require both a mode and a period.\n> - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.\n> - You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) .", "title": "ObjectLockConfiguration" }, "ObjectLockEnabled": { @@ -247529,7 +247529,7 @@ "properties": { "ComputeResourceRequirements": { "$ref": "#/definitions/AWS::SageMaker::InferenceComponent.InferenceComponentComputeResourceRequirements", - "markdownDescription": "The compute resources allocated to run the model assigned to the inference component.", + "markdownDescription": "The compute resources allocated to run the model, plus any adapter models, that you assign to the inference component.\n\nOmit this parameter if your request is meant to create an adapter inference component. An adapter inference component is loaded by a base inference component, and it uses the compute resources of the base inference component.", "title": "ComputeResourceRequirements" }, "Container": { @@ -254462,7 +254462,7 @@ "properties": { "HostedRotationLambda": { "$ref": "#/definitions/AWS::SecretsManager::RotationSchedule.HostedRotationLambda", - "markdownDescription": "Creates a new Lambda rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) . To use a rotation function that already exists, specify `RotationLambdaARN` instead.\n\nFor Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .\n\nFor Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .", + "markdownDescription": "Creates a new Lambda rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) . To use a rotation function that already exists, specify `RotationLambdaARN` instead.\n\nYou must specify `Transform: AWS::SecretsManager-2024-09-16` at the beginning of the CloudFormation template. Transforms are macros hosted by AWS CloudFormation that help you create and manage complex infrastructure. The `Transform: AWS::SecretsManager-2024-09-16` transform automatically extends the CloudFormation stack to include a nested stack (of type `AWS::CloudFormation::Stack` ), which then creates and updates on your behalf during subsequent stack operations, the appropriate rotation Lambda function for your database or service. For general information on transforms, see the [AWS CloudFormation documentation.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-reference.html)\n\nFor Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .\n\nFor Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .", "title": "HostedRotationLambda" }, "RotateImmediatelyOnUpdate": { @@ -254546,7 +254546,7 @@ "type": "string" }, "Runtime": { - "markdownDescription": "By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7*\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", + "markdownDescription": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.9. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", "title": "Runtime", "type": "string" }, @@ -255095,7 +255095,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when this finding record was created.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when this finding record was created.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "CreatedAt", "type": "array" }, @@ -255119,7 +255119,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "FirstObservedAt", "type": "array" }, @@ -255143,7 +255143,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "LastObservedAt", "type": "array" }, @@ -255159,7 +255159,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "The timestamp of when the note was updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "The timestamp of when the note was updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "NoteUpdatedAt", "type": "array" }, @@ -255295,7 +255295,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the finding record was most recently updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "A timestamp that indicates when the finding record was most recently updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "UpdatedAt", "type": "array" }, @@ -255335,12 +255335,12 @@ "title": "DateRange" }, "End": { - "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "End", "type": "string" }, "Start": { - "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "Start", "type": "string" } @@ -255818,7 +255818,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "CreatedAt", "type": "array" }, @@ -255898,7 +255898,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "FirstObservedAt", "type": "array" }, @@ -255922,7 +255922,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "LastObservedAt", "type": "array" }, @@ -256074,7 +256074,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that identifies when the process was launched.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that identifies when the process was launched.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "ProcessLaunchedAt", "type": "array" }, @@ -256114,7 +256114,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that identifies when the process was terminated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that identifies when the process was terminated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "ProcessTerminatedAt", "type": "array" }, @@ -256338,7 +256338,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that identifies when the container was started.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that identifies when the container was started.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "ResourceContainerLaunchedAt", "type": "array" }, @@ -256490,7 +256490,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::Insight.DateFilter" }, - "markdownDescription": "A timestamp that indicates when the security findings provider last updated the finding record.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that indicates when the security findings provider last updated the finding record.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "UpdatedAt", "type": "array" }, @@ -256568,12 +256568,12 @@ "title": "DateRange" }, "End": { - "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "End", "type": "string" }, "Start": { - "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )", + "markdownDescription": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nIf a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round `2024-10-31T23:00:00.123456789Z` to `2024-10-31T23:00:00.123Z` .", "title": "Start", "type": "string" }