diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d22a299a..9304dc64 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: ## this will contain a matrix of all the combinations ## we wish to test again: matrix: - go-version: [ 1.22.x ] + go-version: [ 1.24.x ] platform: [ ubuntu-latest, macos-latest, windows-latest ] ## Defines the platform for each test run @@ -26,13 +26,13 @@ jobs: steps: ## sets up go based on the version - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ matrix.go-version }} ## checks out our code locally, so we can work with the files - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 ## runs go test ./... - name: Build @@ -43,6 +43,6 @@ jobs: run: go test ./... -coverprofile=./cover.out - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@79066c46f8dcdf8d7355f820dbac958c5b4cb9d3 # v4.5.0 + uses: codecov/codecov-action@af09b5e394c93991b95a5e7646aeb90c1917f78f # v5.5.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b8686ae9..a43c835b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,11 +39,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0e346f2c4a1b999b44f1ef93fe08bdb83dae63ab # codeql-bundle-v2.18.1 + uses: github/codeql-action/init@17783bfb99b07f70fae080b654aed0c514057477 # codeql-bundle-v2.23.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@0e346f2c4a1b999b44f1ef93fe08bdb83dae63ab # codeql-bundle-v2.18.1 + uses: github/codeql-action/autobuild@17783bfb99b07f70fae080b654aed0c514057477 # codeql-bundle-v2.23.3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -70,4 +70,4 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0e346f2c4a1b999b44f1ef93fe08bdb83dae63ab # codeql-bundle-v2.18.1 + uses: github/codeql-action/analyze@17783bfb99b07f70fae080b654aed0c514057477 # codeql-bundle-v2.23.3 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 2a07ca21..f1328622 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -6,51 +6,53 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: - go-version: 1.22.x + go-version: 1.24.x - name: Restore cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-mod- - name: gofumpt - uses: iamnotaturtle/auto-gofmt@3934ab53013ffb44d3db33bbd1c271279b5925d5 # v2.1.0 + uses: jameswoolfenden/auto-gofmt@99a3ed2b78b6c01d70db1740ba16d3dff60003df # v0.0.3 test: strategy: matrix: - go-version: [ 1.21.x ] + go-version: [ 1.24.x ] platform: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.platform }} steps: - - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_version: 1.5.4 - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ matrix.go-version }} - name: Restore cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} restore-keys: | - ${{ runner.os }}-go-mod- + ## runs go test ./... + - name: Build + run: go build ./... - name: Test - run: make test + run: go test ./... -coverprofile=./cover.out docs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: - go-version: 1.22.x + go-version: 1.24.x diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eaa13b5d..c61d02ba 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,21 +11,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: - go-version: 1.22 + go-version: 1.24 - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 + uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: version: latest args: release --clean @@ -41,16 +41,16 @@ jobs: needs: - goreleaser steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Publish to Registry - uses: elgohr/Publish-Docker-Github-Action@82556589c08f584cb95411629a94e6c2b68b9b80 # v5 + uses: elgohr/Publish-Docker-Github-Action@32b6623ebb46c5fe6dcfc2281cfcd549a31366ce # v5 with: name: jameswoolfenden/pike username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} tags: "latest,${{ github.ref_name }}" - name: Update Docker Hub README - uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 + uses: peter-evans/dockerhub-description@1b9a80c056b620d92cedb9d9b5a223409c68ddfa # v5.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} @@ -64,7 +64,7 @@ jobs: - goreleaser steps: - name: Repository Dispatch - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 + uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0 with: token: ${{ secrets.PAT }} repository: jameswoolfenden/scoop diff --git a/.github/workflows/resources.yml b/.github/workflows/resources.yml index c67d337c..3bf07482 100644 --- a/.github/workflows/resources.yml +++ b/.github/workflows/resources.yml @@ -11,13 +11,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ matrix.go-version }} ## checks out our code locally, so we can work with the files - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 ## runs go test ./... - name: Build @@ -25,7 +25,7 @@ jobs: - name: Checkout AWS - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: hashicorp/terraform-provider-aws path: aws @@ -34,7 +34,7 @@ jobs: run: ${{ github.workspace }}/pike parse -d ${{ github.workspace }}/aws -name aws - name: Checkout AZURERM - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: hashicorp/terraform-provider-azurerm path: azurerm @@ -43,7 +43,7 @@ jobs: run: ${{ github.workspace }}/pike parse -d ${{ github.workspace }}/azurerm -name azurerm - name: Generate Google - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: hashicorp/terraform-provider-google path: google diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 1481a9de..87ceda51 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 with: stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.' days-before-stale: 30 diff --git a/.gitignore b/.gitignore index 02cd7d21..3e0edec4 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,9 @@ __debug_bin.exe provider.azure.tf provider.azurerm.tf terraform-provider-* +terraform-provider-azurerm/ +terraform-provider-google/ +terraform-provider-aws/ *.pem *.csr .destination diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7193c4c4..339dca20 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,7 +4,7 @@ default_language_version: python: python3.11 repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-json - id: check-merge-conflict @@ -29,7 +29,7 @@ repos: hooks: - id: shell-lint - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.41.0 + rev: v0.45.0 hooks: - id: markdownlint exclude: src/testdata|testdata @@ -39,7 +39,7 @@ repos: - id: terraform-fmt language_version: python3.11 - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.23 + rev: v0.1.29 hooks: - id: gofmt - id: goimports @@ -52,7 +52,7 @@ repos: - id: go-mod-tidy - id: go-generate - repo: https://github.com/jameswoolfenden/ghat - rev: v0.1.5 + rev: v0.1.13 hooks: - id: ghat-go name: ghat @@ -67,4 +67,3 @@ repos: hooks: - id: validate-toml - id: no-go-testing - - id: go-mod-tidy diff --git a/README.md b/README.md index b718e0c8..a860ae57 100644 --- a/README.md +++ b/README.md @@ -3,58 +3,69 @@ ![alt text](pike.jfif "Pike") [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/jameswoolfenden/pike/graphs/commit-activity) -[![Build Status](https://github.com/JamesWoolfenden/pike/workflows/CI/badge.svg?branch=master)](https://github.com/JamesWoolfenden/pike) +[![CI](https://github.com/JamesWoolfenden/pike/actions/workflows/ci.yml/badge.svg)](https://github.com/JamesWoolfenden/pike/actions/workflows/ci.yml) [![Latest Release](https://img.shields.io/github/release/JamesWoolfenden/pike.svg)](https://github.com/JamesWoolfenden/pike/releases/latest) [![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/JamesWoolfenden/pike.svg?label=latest)](https://github.com/JamesWoolfenden/pike/releases/latest) ![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.14.0-blue.svg) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit) [![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/) [![Github All Releases](https://img.shields.io/github/downloads/jameswoolfenden/pike/total.svg)](https://github.com/JamesWoolfenden/pike/releases) -[![codecov](https://codecov.io/gh/JamesWoolfenden/pike/graph/badge.svg?token=S5SW3BHIQQ)](https://codecov.io/gh/JamesWoolfenden/pike) +[![codecov](https://codecov.io/gh/JamesWoolfenden/pike/branch/master/graph/badge.svg?token=S5SW3BHIQQ)](https://codecov.io/gh/JamesWoolfenden/pike) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7032/badge)](https://www.bestpractices.dev/projects/7032) -Pike is a tool to determine the minimum permissions required to run a TF/IAC run: +Pike is a tool to determine the minimum permissions required to run a TF/IAC run. -Pike currently supports Terraform and supports multiple providers (AWS, GCP, AZURE), +**What's new?** +- json modules support. +- GCP compare, checks IAC permissions required versus a deployed role. +- Backend detection S3 and GCP. + +Pike currently supports Terraform and supports multiple providers (AWS, GCP and AZURE); Azure is the newest with AWS having the most supported resources . Feel free to submit PR or Issue if you find an issue or even better add new resources, and then I'll take a look at merging it ASAP. -**CAVEAT** The outputs of this tool are your first step, if you have AWS, you can now generate resources partially, there are no conditions and even partial resources are wildcarded (for now). -(for AWS) -**best practice** would go further (and I am working on it as well), you will need to modify these permissions to the minimum required in your environment by adding these -restrictions, you can also deploy using short-lived credentials (using this tool or Vault) (in AWS so far), generating short-lived credentials for your build +**CAVEAT** The outputs of this tool are your first step, if you have AWS, you can now generate resources partially, +there are no conditions and even partial resources are wild-carded (for now). +(for AWS)minimum +**best practice** would go further (and I am working on it as well), you will need to modify these permissions to the +required in your environment by adding these +restrictions, you can also deploy using short-lived credentials (using this tool or Vault) (in AWS so far), generating +short-lived credentials for your build and then remotely (REMOTE) supply and invoke your builds (INVOKE). -Ideally I would like to do this for you, but these policies are currently determined statically (QUICKER), and unrecorded intentions can be impossible to infer. +Ideally I would like to do this for you, but these policies are currently determined statically (QUICKER), and +unrecorded intentions can be impossible to infer. ## Table of Contents + - [Pike](#pike) - - [Table of Contents](#table-of-contents) - - [Install](#install) - - [MacOS](#macos) - - [Windows](#windows) - - [Docker](#docker) - - [Usage](#usage) - - [Scan](#scan) - - [Output](#output) - - [Make](#make) - - [Invoke](#invoke) - - [Inspect](#inspect) - - [Apply](#apply) - - [Remote](#remote) - - [Readme](#readme) - - [Pull](#pull) - - [Compare](#compare) - - [Help](#help) - - [Building](#building) - - [Extending](#extending) - - [Add Import mapping file](#add-import-mapping-file) - - [Add to provider Scan](#add-to-provider-scan) - - [Related Tools](#related-tools) + - [Table of Contents](#table-of-contents) + - [Install](#install) + - [MacOS](#macos) + - [Windows](#windows) + - [Docker](#docker) + - [Usage](#usage) + - [Scan](#scan) + - [Output](#output) + - [Make](#make) + - [Invoke](#invoke) + - [Inspect](#inspect) + - [Apply](#apply) + - [Remote](#remote) + - [Readme](#readme) + - [Pull](#pull) + - [Compare](#compare) + - [Help](#help) + - [Building](#building) + - [Extending](#extending) + - [Add Import mapping file](#add-import-mapping-file) + - [Add to provider Scan](#add-to-provider-scan) + - [Related Tools](#related-tools) + ## Install @@ -360,7 +371,7 @@ on: - master ``` -To authenticate the GitHub API you will need to set you GitHub Personal Access Token, as the environment variable +To authenticate with the GitHub API, you will need to set your GitHub Personal Access Token, as the environment variable *GITHUB_TOKEN* To Invoke a workflow, it is then: @@ -371,7 +382,7 @@ pike invoke -workflow master.yml -branch master -repository JamesWoolfenden/terr I created Invoke to be used in tandem with the new remote command which supplies temporary credentials to a workflow. -**Note The GitHub API is rate limited, usually 5000 calls per hour. +**Note The GitHub API is rate-limited, usually 5000 calls per hour. ```shell pike make -d ./module/aws/terraform-aws-s3/example/examplea @@ -408,7 +419,7 @@ This looks in the readme for the deliminators: ``` -and replaces is either with json or Terraform like so: +and replaces is either with JSON or Terraform like so: ```markdown This is the policy required to build this project: @@ -469,6 +480,8 @@ You can see an example here $./pike compare -d ../modules/aws/terraform-aws-appsync -a arn:aws:iam::680235478471:policy/basic ```markdown @@ -548,7 +561,7 @@ IAM Policy arn:aws:iam::680235478471:policy/basic versus Local ../modules/aws/te ## Pull Pull adds the ability to work with Git repositories (thanks to **go-git**), -to output the required permissions in json or Terraform: +to output the required permissions in JSON or Terraform: ```bash ./pike pull @@ -759,7 +772,7 @@ Make build ## Inspect -This new feature is in *beta*, and is not yet fully supported and currently only for AWS. +This new feature is in *beta* and is not yet fully supported and currently only for AWS. When Pike is run with inspect, it will scan your code and output a policy that is required to deploy the code, as normal, but it will also detect the running IAM credentials. It will then report on the overlap between the running credentials and the minimum policy. @@ -850,22 +863,23 @@ e.g. *aws_security_group.json* Datasources are the easiest to start with, I have a script (resource.ps1 - add pwsh with **brew install --cask powershell**) that creates a blank mapping file and tf -resource, but you've seen the example json file - make one without any entries. -You also need to create a minimal resource/datasource, that you are trying to figure out the permissions for, and place it in the correct dir +resource, but you've seen the example JSON file - make one without any entries. +You also need to create a minimal resource/datasource, that you are trying to figure out the permissions for, and place +it in the correct dir e.g../terraform/aws, I have a script for making a profile for the profile in the role directory. You can then tf using the empty role against the resource/datasource with no permissions. The debug output from the tf run will help you figure out the permissions you need to add to your basic role. You then update your "basic" role. Issues? -The providers don't always tell you want you need to add, +The providers, don't always tell you what you need to add, you will need to check the IAM docs and the online IAM policymakers. -Not all resource are as easy as others, anything that make/scripts CF internally. +Not all resources are as easy as others, anything that make/scripts CF internally. Some roles require *Passrole* and *CreateLinkedRole* but won't say so. Trail and error -#### What about "attributes" ? +#### What about "attributes"? -Some cloud providers require extra permissions depending on the attributes you add, this is how this is handled. +Some cloud providers require extra permissions depending on the attributes you add; this is how this is handled. Build out your tf resources to cover all reasonable scenarios. #### Eventual consistency @@ -885,7 +899,7 @@ var securityGroup []byte ### Add to provider Scan -Once you have added the json import above you just need to update the lookup table, +Once you have added the JSON import, as above, you then need to update the lookup table, so we can read it and get the permissions: ```txt diff --git a/bump.ps1 b/bump.ps1 old mode 100644 new mode 100755 diff --git a/go.mod b/go.mod index 76c24e7a..e4e7e273 100644 --- a/go.mod +++ b/go.mod @@ -1,78 +1,105 @@ module github.com/jameswoolfenden/pike -go 1.22.2 +go 1.24.2 require ( github.com/JamesWoolfenden/arn v0.2.5 - github.com/aws/aws-sdk-go v1.55.5 - github.com/aws/aws-sdk-go-v2 v1.30.3 - github.com/aws/aws-sdk-go-v2/config v1.27.27 - github.com/aws/aws-sdk-go-v2/service/iam v1.34.3 - github.com/go-git/go-git/v5 v5.12.0 + github.com/aws/aws-sdk-go v1.55.7 + github.com/aws/aws-sdk-go-v2 v1.36.5 + github.com/aws/aws-sdk-go-v2/config v1.29.17 + github.com/aws/aws-sdk-go-v2/service/iam v1.43.0 + github.com/go-git/go-git/v5 v5.16.2 + github.com/google/go-cmp v0.7.0 github.com/google/go-github/v47 v47.1.0 github.com/hashicorp/go-version v1.7.0 - github.com/hashicorp/hc-install v0.8.0 - github.com/hashicorp/hcl/v2 v2.21.0 - github.com/hashicorp/terraform-exec v0.21.0 - github.com/jameswoolfenden/identity v0.0.3 - github.com/rs/zerolog v1.33.0 - github.com/urfave/cli/v2 v2.27.3 - golang.org/x/crypto v0.25.0 - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - golang.org/x/net v0.27.0 - golang.org/x/oauth2 v0.22.0 + github.com/hashicorp/hc-install v0.9.2 + github.com/hashicorp/hcl/v2 v2.23.1-0.20250203194505-ba0759438da2 + github.com/hashicorp/terraform-exec v0.23.0 + github.com/jameswoolfenden/identity v0.0.5 + github.com/rs/zerolog v1.34.0 + github.com/stretchr/testify v1.10.0 + github.com/urfave/cli/v2 v2.27.7 + golang.org/x/crypto v0.39.0 + golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b + golang.org/x/net v0.41.0 + golang.org/x/oauth2 v0.30.0 + google.golang.org/api v0.240.0 + gopkg.in/ini.v1 v1.67.0 ) require ( - dario.cat/mergo v1.0.0 // indirect + cloud.google.com/go/auth v0.16.2 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect + cloud.google.com/go/compute/metadata v0.7.0 // indirect + dario.cat/mergo v1.0.2 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton // indirect + github.com/ProtonMail/go-crypto v1.3.0 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect - github.com/aws/smithy-go v1.20.3 // indirect - github.com/cloudflare/circl v1.3.9 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect - github.com/cyphar/filepath-securejoin v0.3.1 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.70 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 // indirect + github.com/aws/smithy-go v1.22.4 // indirect + github.com/cloudflare/circl v1.6.1 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect + github.com/cyphar/filepath-securejoin v0.4.1 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect + github.com/fatih/color v1.18.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.5.0 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/go-git/go-billy/v5 v5.6.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/google/go-querystring v1.1.0 // indirect + github.com/google/s2a-go v0.1.9 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect + github.com/googleapis/gax-go/v2 v2.14.2 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.7 // indirect - github.com/hashicorp/terraform-json v0.22.1 // indirect + github.com/hashicorp/go-retryablehttp v0.7.8 // indirect + github.com/hashicorp/terraform-json v0.25.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/pjbgf/sha1cd v0.3.0 // indirect + github.com/pjbgf/sha1cd v0.3.2 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect - github.com/skeema/knownhosts v1.3.0 // indirect + github.com/sergi/go-diff v1.4.0 // indirect + github.com/skeema/knownhosts v1.3.1 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect - github.com/zclconf/go-cty v1.15.0 // indirect - golang.org/x/mod v0.20.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.23.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/tools v0.23.0 // indirect + github.com/zclconf/go-cty v1.16.3 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect + go.opentelemetry.io/otel v1.37.0 // indirect + go.opentelemetry.io/otel/metric v1.37.0 // indirect + go.opentelemetry.io/otel/trace v1.37.0 // indirect + golang.org/x/mod v0.25.0 // indirect + golang.org/x/sync v0.15.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/text v0.26.0 // indirect + golang.org/x/tools v0.34.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect + google.golang.org/grpc v1.73.0 // indirect + google.golang.org/protobuf v1.36.6 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) require ( - github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect github.com/onsi/ginkgo v1.16.5 // indirect github.com/yudai/gojsondiff v1.0.0 github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect diff --git a/go.sum b/go.sum index 381251d2..a1abcddd 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,18 @@ -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +cloud.google.com/go/auth v0.16.2 h1:QvBAGFPLrDeoiNjyfVunhQ10HKNYuOwZ5noee0M5df4= +cloud.google.com/go/auth v0.16.2/go.mod h1:sRBas2Y1fB1vZTdurouM0AzuYQBMZinrUYL8EufhtEA= +cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= +cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= +cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU= +cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo= +dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= +dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= github.com/JamesWoolfenden/arn v0.2.5 h1:5QzdBn28X0znoefzpdtD1iWKA2OlJ1hRH12jA5VomuM= github.com/JamesWoolfenden/arn v0.2.5/go.mod h1:mvAV1GE5qXaYKYB6uQLpaGfaVwyhorsTHRrTRpng8xo= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton h1:KVBEgU3CJpmzLChnLiSuEyCuhGhcMt3eOST+7A+ckto= -github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw= +github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= @@ -15,71 +21,79 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= -github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= -github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY= -github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= -github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90= -github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg= -github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI= -github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/iam v1.34.3 h1:p4L/tixJ3JUIxCteMGT6oMlqCbEv/EzSZoVwdiib8sU= -github.com/aws/aws-sdk-go-v2/service/iam v1.34.3/go.mod h1:rfOWxxwdecWvSC9C2/8K/foW3Blf+aKnIIPP9kQ2DPE= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ= -github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= -github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= -github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= -github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= +github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.36.5 h1:0OF9RiEMEdDdZEMqF9MRjevyxAQcf6gY+E7vwBILFj0= +github.com/aws/aws-sdk-go-v2 v1.36.5/go.mod h1:EYrzvCCN9CMUTa5+6lf6MM4tq3Zjp8UhSGR/cBsjai0= +github.com/aws/aws-sdk-go-v2/config v1.29.17 h1:jSuiQ5jEe4SAMH6lLRMY9OVC+TqJLP5655pBGjmnjr0= +github.com/aws/aws-sdk-go-v2/config v1.29.17/go.mod h1:9P4wwACpbeXs9Pm9w1QTh6BwWwJjwYvJ1iCt5QbCXh8= +github.com/aws/aws-sdk-go-v2/credentials v1.17.70 h1:ONnH5CM16RTXRkS8Z1qg7/s2eDOhHhaXVd72mmyv4/0= +github.com/aws/aws-sdk-go-v2/credentials v1.17.70/go.mod h1:M+lWhhmomVGgtuPOhO85u4pEa3SmssPTdcYpP/5J/xc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 h1:KAXP9JSHO1vKGCr5f4O6WmlVKLFFXgWYAGoJosorxzU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32/go.mod h1:h4Sg6FQdexC1yYG9RDnOvLbW1a/P986++/Y/a+GyEM8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 h1:SsytQyTMHMDPspp+spo7XwXTP44aJZZAC7fBV2C5+5s= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36/go.mod h1:Q1lnJArKRXkenyog6+Y+zr7WDpk4e6XlR6gs20bbeNo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 h1:i2vNHQiXUvKhs3quBR6aqlgJaiaexz/aNvdCktW/kAM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36/go.mod h1:UdyGa7Q91id/sdyHPwth+043HhmP6yP9MBHgbZM0xo8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= +github.com/aws/aws-sdk-go-v2/service/iam v1.43.0 h1:/ZZo3N8iU/PLsRSCjjlT/J+n4N8kqfTO7BwW1GE+G50= +github.com/aws/aws-sdk-go-v2/service/iam v1.43.0/go.mod h1:QRtwvoAGc59uxv4vQHPKr75SLzhYCRSoETxAA98r6O4= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 h1:CXV68E2dNqhuynZJPB80bhPQwAKqBWVer887figW6Jc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4/go.mod h1:/xFi9KtvBXP97ppCz1TAEvU1Uf66qvid89rbem3wCzQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 h1:t0E6FzREdtCsiLIoLCWsYliNsRBgyGD/MCK571qk4MI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17/go.mod h1:ygpklyoaypuyDvOM5ujWGrYWpAK3h7ugnmKCU/76Ys4= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 h1:AIRJ3lfb2w/1/8wOOSqYb9fUKGwQbtysJ2H1MofRUPg= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.5/go.mod h1:b7SiVprpU+iGazDUqvRSLf5XmCdn+JtT1on7uNL6Ipc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 h1:BpOxT3yhLwSJ77qIY3DoHAQjZsc4HEGfMCE4NGy3uFg= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3/go.mod h1:vq/GQR1gOFLquZMSrxUK/cpvKCNVYibNyJ1m7JrU88E= +github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 h1:NFOJ/NXEGV4Rq//71Hs1jC/NvPs1ezajK+yQmkwnPV0= +github.com/aws/aws-sdk-go-v2/service/sts v1.34.0/go.mod h1:7ph2tGpfQvwzgistp2+zga9f+bCjlQJPkPUmMgDSD7w= +github.com/aws/smithy-go v1.22.4 h1:uqXzVZNuNexwc/xrh6Tb56u89WDlJY6HS+KC0S4QSjw= +github.com/aws/smithy-go v1.22.4/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= -github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= -github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= +github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= +github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= -github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= +github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o= +github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= -github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= +github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= -github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= +github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= -github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM= +github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= @@ -87,35 +101,45 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-github/v47 v47.1.0 h1:Cacm/WxQBOa9lF0FT0EMjZ2BWMetQ1TQfyurn4yF1z8= github.com/google/go-github/v47 v47.1.0/go.mod h1:VPZBXNbFSJGjyjFRUKo9vZGawTajnWzC/YjGw/oFKi0= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= +github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= +github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= +github.com/googleapis/gax-go/v2 v2.14.2 h1:eBLnkZ9635krYIPD+ag1USrOAI0Nr0QYF3+/3GqO0k0= +github.com/googleapis/gax-go/v2 v2.14.2/go.mod h1:ON64QhlJkhVtSqp4v1uaK92VyZ2gmvDQsweuyLV+8+w= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= -github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48= +github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.8.0 h1:LdpZeXkZYMQhoKPCecJHlKvUkQFixN/nvyR1CdfOLjI= -github.com/hashicorp/hc-install v0.8.0/go.mod h1:+MwJYjDfCruSD/udvBmRB22Nlkwwkwf5sAB6uTIhSaU= -github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= -github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= -github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= -github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= -github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= +github.com/hashicorp/hc-install v0.9.2 h1:v80EtNX4fCVHqzL9Lg/2xkp62bbvQMnvPQ0G+OmtO24= +github.com/hashicorp/hc-install v0.9.2/go.mod h1:XUqBQNnuT4RsxoxiM9ZaUk0NX8hi2h+Lb6/c0OZnC/I= +github.com/hashicorp/hcl/v2 v2.23.1-0.20250203194505-ba0759438da2 h1:JP8y98OtHTujECs4s/HxlKc5yql/RlC99Dt1Iz4R+lM= +github.com/hashicorp/hcl/v2 v2.23.1-0.20250203194505-ba0759438da2/go.mod h1:k+HgkLpoWu9OS81sy4j1XKDXaWm/rLysG33v5ibdDnc= +github.com/hashicorp/terraform-exec v0.23.0 h1:MUiBM1s0CNlRFsCLJuM5wXZrzA3MnPYEsiXmzATMW/I= +github.com/hashicorp/terraform-exec v0.23.0/go.mod h1:mA+qnx1R8eePycfwKkCRk3Wy65mwInvlpAeOwmA7vlY= +github.com/hashicorp/terraform-json v0.25.0 h1:rmNqc/CIfcWawGiwXmRuiXJKEiJu1ntGoxseG1hLhoQ= +github.com/hashicorp/terraform-json v0.25.0/go.mod h1:sMKS8fiRDX4rVlR6EJUMudg1WcanxCMoWwTLkgZP/vc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/jameswoolfenden/identity v0.0.3 h1:rR+ja7XFAp8dl0HSviIPaltUgQhL+O++9DxBh8NGd0M= -github.com/jameswoolfenden/identity v0.0.3/go.mod h1:qfhuE+BNQxV9jhUnZiiCAtilc42Ak6n+rs95MAMI/t0= +github.com/jameswoolfenden/identity v0.0.5 h1:y7s6+Nvk21a81eHspwTteO0HVq49nZJFmNu9V72whnY= +github.com/jameswoolfenden/identity v0.0.5/go.mod h1:kQfxlwgjvu8RKuFzd9QeudGeypQQglBXwRLUpk3VQnA= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= @@ -131,8 +155,9 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= @@ -148,34 +173,34 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= +github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8= -github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= +github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= +github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= +github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= +github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= -github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= +github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8= +github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/urfave/cli/v2 v2.27.3 h1:/POWahRmdh7uztQ3CYnaDddk0Rm90PyOgIxgW2rr41M= -github.com/urfave/cli/v2 v2.27.3/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU= +github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= @@ -187,36 +212,50 @@ github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDf github.com/yudai/pp v2.0.1+incompatible h1:Q4//iY4pNF6yPLZIigmvcl7k/bPgrcTPIFIcmawg5bI= github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= -github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.16.3 h1:osr++gw2T61A8KVYHoQiFbFd1Lh3JOCXc/jFLJXKTxk= +github.com/zclconf/go-cty v1.16.3/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY= +go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= +go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= +go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= +go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= +go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= +go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= +go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= +go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= +go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o= +golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= +golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= +golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -235,36 +274,50 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= +golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= +golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.240.0 h1:PxG3AA2UIqT1ofIzWV2COM3j3JagKTKSwy7L6RHNXNU= +google.golang.org/api v0.240.0/go.mod h1:cOVEm2TpdAGHL2z+UwyS+kmlGr3bVWQQ6sYEqkKje50= +google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 h1:1tXaIXCracvtsRxSBsYDiSBN0cuJvM7QYW+MrpIRY78= +google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:49MsLSx0oWMOZqcpB3uL8ZOkAh1+TndpJ8ONoCBWiZk= +google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 h1:vPV0tzlsK6EzEDHNNH5sa7Hs9bd7iXR7B1tSiPepkV0= +google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:pKLAc5OolXC3ViWGI62vvC0n10CpwAtRcTNCFwTKBEw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1:fc6jSaCT0vBduLYZHYrBBNY4dsWuvgyff9noRNDdBeE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= +google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= diff --git a/main.go b/main.go index a1be9f37..efcc7806 100644 --- a/main.go +++ b/main.go @@ -7,7 +7,7 @@ import ( "sort" "time" - pike "github.com/jameswoolfenden/pike/src" //nolint:goimports + pike "github.com/jameswoolfenden/pike/src" "github.com/jameswoolfenden/pike/src/parse" "github.com/rs/zerolog" "github.com/rs/zerolog/log" @@ -31,12 +31,16 @@ func main() { region string workflow string name string + provider string + outfile string + policyName string ) log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr}) app := &cli.App{ EnableBashCompletion: true, Flags: []cli.Flag{}, + UsageText: "Pike is a CLI for investigating IAM permissions", Commands: []*cli.Command{ { Name: "make", @@ -53,11 +57,15 @@ func main() { }, Action: func(*cli.Context) error { arn, err := pike.Make(directory) + if err != nil { + return fmt.Errorf("make failed: %w", err) + } + if arn != nil { - log.Print(*arn) + fmt.Print(*arn) } - return fmt.Errorf("make failed: %w", err) + return nil }, }, { @@ -159,13 +167,31 @@ func main() { Usage: "Add resource constraints to policy (AWS only)", Destination: &enableResources, }, + &cli.StringFlag{ + Name: "provider", + Aliases: []string{"p"}, + Usage: "Filter results for just this provider (e.g. aws, gcp, azure)", + Destination: &provider, + }, + &cli.StringFlag{ + Name: "outfile", + //Aliases: []string{""}, + Usage: "filepath you want to write to the policy to", + Destination: &outfile, + }, + &cli.StringFlag{ + Name: "policyName", + //Aliases: []string{""}, + Usage: "the name of the policy you want to write", + Destination: &policyName, + }, }, Action: func(*cli.Context) error { if file == "" { - return pike.Scan(directory, output, nil, init, write, enableResources) + return pike.Scan(directory, output, nil, init, write, enableResources, provider, outfile, policyName) } - return pike.Scan(directory, output, &file, init, write, enableResources) + return pike.Scan(directory, output, &file, init, write, enableResources, provider, outfile, policyName) }, }, { @@ -183,8 +209,8 @@ func main() { &cli.StringFlag{ Name: "arn", Aliases: []string{"a"}, - Usage: "Policy identifier e.g. arn", - Value: "arn:aws:iam::680235478471:policy/basic", + Usage: "Policy identifier e.g. arn, gcp role path", + Required: true, Destination: &arn, EnvVars: []string{"ARN"}, }, @@ -197,7 +223,15 @@ func main() { }, Action: func(*cli.Context) error { theSame, err := pike.Compare(directory, arn, init) - log.Print("The same: ", theSame) + if err != nil { + log.Fatal().Msg(err.Error()) + os.Exit(1) + } + + if !theSame { + os.Exit(1) + } + return err }, }, @@ -226,15 +260,20 @@ func main() { return err } if Difference.Under != nil { + fmt.Println("The following are under-permissive: ") + for _, v := range Difference.Under { fmt.Println(v) } + return errors.New("under-permissive") } if Difference.Over != nil { + fmt.Println("The following are over-permissive: ") + for _, v := range Difference.Over { fmt.Println(v) } diff --git a/resource.ps1 b/resource.ps1 index 1d537fac..1fc1b9a6 100755 --- a/resource.ps1 +++ b/resource.ps1 @@ -49,5 +49,5 @@ else $tffile = path terraform $provider "$resource.tf" } -$tffile=path $PSScriptRoot $tffile +$tffile = path $PSScriptRoot $tffile new-item $tffile -value $content diff --git a/src/aws.go b/src/aws.go index 1c3e5dec..bf552bdc 100644 --- a/src/aws.go +++ b/src/aws.go @@ -2,36 +2,1577 @@ package pike import ( "encoding/json" - "errors" "fmt" + + "github.com/rs/zerolog/log" +) + +const ( + terraform string = "terraform" + module string = "module" + resource string = "resource" + data string = "data" ) -const terraform string = "terraform" +var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals + "aws_accessanalyzer_analyzer": awsAccessAnalyzer, + "aws_accessanalyzer_archive_rule": awsAccessAnalyzerArchiveRule, + "aws_account_alternate_contact": awsAccountAlternativeContact, + "aws_account_primary_contact": awsAccountPrimaryContact, + "aws_account_region": awsAccountRegion, + "aws_acm_certificate": AWSAcmCertificate, + "aws_acm_certificate_validation": placeholder, + "aws_acmpca_certificate": awsAcmpcaCertificate, + "aws_acmpca_certificate_authority": awsAcmpcaCertificateAuthority, + "aws_acmpca_certificate_authority_certificate": awsAcmpcaCertificateAuthorityCertificate, + "aws_acmpca_permission": awsAcmpcaPermission, + "aws_acmpca_policy": awsAcmpcaPolicy, + "aws_alb": awsLb, + "aws_alb_listener": awsLbListener, + "aws_alb_target_group": awsLbTargetGroup, + "aws_alb_target_group_attachment": awsLbTargetGroupAttachment, + "aws_ami": awsAmi, + "aws_ami_copy": awsAmiCopy, + "aws_ami_from_instance": awsAmiFromInstance, + "aws_ami_launch_permission": awsAmiLauchPermission, + "aws_amplify_app": awsAmplifyApp, + "aws_amplify_backend_environment": awsAmplifyBackendEnvironment, + "aws_amplify_branch": awsAmplifyBranch, + "aws_amplify_domain_association": awsAmplifyDomainAssociation, + "aws_amplify_webhook": awsAmplifyWebhook, + "aws_api_gateway_account": awsAPIGatewayAccount, + "aws_api_gateway_api_key": awsApigatewayv2Api, + "aws_api_gateway_authorizer": awsApigatewayv2Api, + "aws_api_gateway_base_path_mapping": awsApigatewayv2Api, + "aws_api_gateway_client_certificate": awsAPIGatewayRestAPI, + "aws_api_gateway_deployment": awsApigatewayv2Api, + "aws_api_gateway_documentation_part": awsApigatewayv2Api, + "aws_api_gateway_documentation_version": awsApigatewayv2Api, + "aws_api_gateway_domain_name": awsApigatewayv2Api, + "aws_api_gateway_domain_name_access_association": awsAPIGatewayDomainNameAccessAssociation, + "aws_api_gateway_gateway_response": awsApigatewayv2Api, + "aws_api_gateway_integration": awsApigatewayv2Api, + "aws_api_gateway_integration_response": awsApigatewayv2Api, + "aws_api_gateway_method": awsApigatewayv2Api, + "aws_api_gateway_method_response": awsApigatewayv2Api, + "aws_api_gateway_method_settings": awsApigatewayv2Api, + "aws_api_gateway_model": awsApigatewayv2Api, + "aws_api_gateway_request_validator": awsAPIGatewayRestAPI, + "aws_api_gateway_resource": awsApigatewayv2Api, + "aws_api_gateway_rest_api": awsAPIGatewayRestAPI, + "aws_api_gateway_rest_api_put": awsAPIGatewayRestAPI, + "aws_api_gateway_rest_api_policy": awsApigatewayv2Api, + "aws_api_gateway_stage": awsApigatewayv2Api, + "aws_api_gateway_usage_plan": awsApigatewayv2Api, + "aws_api_gateway_usage_plan_key": awsApigatewayv2Api, + "aws_api_gateway_vpc_link": awsApigatewayv2Api, + "aws_apigatewayv2_api": awsApigatewayv2Api, + "aws_apigatewayv2_api_mapping": awsApigatewayv2Api, + "aws_apigatewayv2_authorizer": awsApigatewayv2Api, + "aws_apigatewayv2_deployment": awsApigatewayv2Api, + "aws_apigatewayv2_domain_name": awsApigatewayv2Api, + "aws_apigatewayv2_integration": awsApigatewayv2Api, + "aws_apigatewayv2_integration_response": awsApigatewayv2Api, + "aws_apigatewayv2_model": awsApigatewayv2Api, + "aws_apigatewayv2_route": awsApigatewayv2Api, + "aws_apigatewayv2_route_response": awsApigatewayv2Api, + "aws_apigatewayv2_stage": awsApigatewayv2Api, + "aws_apigatewayv2_vpc_link": awsApigatewayv2Api, + "aws_app_cookie_stickiness_policy": awsAppCookieStickinessPolicy, + "aws_appautoscaling_policy": awsAppautoscalingPolicy, + "aws_appautoscaling_scheduled_action": awsAppautoscalingScheduledAction, + "aws_appautoscaling_target": awsAppautoscalingTarget, + "aws_appconfig_application": awsAppconfigApplication, + "aws_appconfig_configuration_profile": awsAppconfigConfigurationProfile, + "aws_appconfig_deployment": awsAppconfigDeployment, + "aws_appconfig_deployment_strategy": awsAppconfigDeploymentStrategy, + "aws_appconfig_environment": awsAppconfigEnvironment, + "aws_appconfig_extension": awsAppconfigExtension, + "aws_appconfig_extension_association": awsAppconfigExtensionAssociation, + "aws_appconfig_hosted_configuration_version": awsAppconfigHostedConfigurationVersion, + "aws_appfabric_app_authorization": awsAppfabricAppAuthorization, + "aws_appfabric_app_authorization_connection": awsAppfabricAppAuthorizationConnection, + "aws_appfabric_app_bundle": awsAppfabricAppBundle, + "aws_appfabric_ingestion": awsAppfabricIngestion, + "aws_appfabric_ingestion_destination": awsAppfabricIngestionDestination, + "aws_appflow_connector_profile": awsAppflowConnectorProfile, + "aws_appflow_flow": awsAppflowFlow, + "aws_appintegrations_data_integration": awsAppintegrationsDataIntegration, + "aws_appintegrations_event_integration": awsAppintegrationsEventIntegration, + "aws_applicationinsights_application": awsApplicationinsightsApplication, + "aws_appmesh_gateway_route": awsAppmeshGatewayRoute, + "aws_appmesh_mesh": awsAppmeshMesh, + "aws_appmesh_route": awsAppmeshRoute, + "aws_appmesh_virtual_gateway": awsAppmeshVirtualGateway, + "aws_appmesh_virtual_node": awsAppmeshVirtualNode, + "aws_appmesh_virtual_router": awsAppmeshVirtualRouter, + "aws_appmesh_virtual_service": awsAppmeshVirtualService, + "aws_apprunner_auto_scaling_configuration_version": awsApprunnerAutoScalingConfigurationVersion, + "aws_apprunner_connection": awsApprunnerConnection, + "aws_apprunner_custom_domain_association": awsApprunnerCustomDomainAssociation, + "aws_apprunner_default_auto_scaling_configuration_version": awsApprunnerDefaultAutoScalingConfigurationVersion, //nolint:lll + "aws_apprunner_deployment": awsApprunnerDeployment, + "aws_apprunner_observability_configuration": awsApprunnerObservabilityConfiguration, + "aws_apprunner_service": awsApprunnerService, + "aws_apprunner_vpc_connector": awsApprunnerVpcConnector, + "aws_apprunner_vpc_ingress_connection": awsApprunnerVpcIngressConnection, + "aws_appstream_directory_config": awsAppstreamDirectoryConfig, + "aws_appstream_fleet": awsAppstreamFleet, + "aws_appstream_fleet_stack_association": awsAppstreamFleetStackAssociation, + "aws_appstream_image_builder": awsAppstreamImageBuilder, + "aws_appstream_stack": awsAppstreamStack, + "aws_appstream_user": awsAppstreamUser, + "aws_appstream_user_stack_association": awsAppstreamUserStackAssociation, + "aws_appsync_api_cache": awsAppsyncAPICache, + "aws_appsync_api_key": awsAppsyncAPIKey, + "aws_appsync_datasource": awsAppsyncDatasource, + "aws_appsync_domain_name": awsAppsyncDomainName, + "aws_appsync_domain_name_api_association": awsAppsyncDomainNameAPIAssociation, + "aws_appsync_function": awsAppsyncFunction, + "aws_appsync_graphql_api": awsAppsyncGraphAPI, + "aws_appsync_resolver": awsAppsyncResolver, + "aws_appsync_source_api_association": awsAppsyncSourceAPIAssociation, + "aws_appsync_type": awsAppsyncType, + "aws_athena_data_catalog": awsAthenaDataCatalog, + "aws_athena_database": awsAthenaDatabase, + "aws_athena_named_query": awsAthenaNamedQuery, + "aws_athena_prepared_statement": awsAthenaPreparedStatement, + "aws_athena_workgroup": awsAthenaWorkgroup, + "aws_auditmanager_account_registration": awsAuditmanagerAccountRegistration, + "aws_auditmanager_assessment": awsAuditmanagerAssessment, + "aws_auditmanager_assessment_delegation": awsAuditmanagerAssessmentDelegation, + "aws_auditmanager_assessment_report": awsAuditmanagerAssessmentReport, + "aws_auditmanager_control": awsAuditmanagerControl, + "aws_auditmanager_framework": awsAuditmanagerFramework, + "aws_auditmanager_framework_share": awsAuditmanagerFrameworkShare, + "aws_auditmanager_organization_admin_account_registration": awsAuditmanagerOrganizationAdminAccountRegistration, //nolint:lll + "aws_autoscaling_attachment": awsAutoscalingAttachment, + "aws_autoscaling_group": awsAutoscalingGroup, + "aws_autoscaling_group_tag": awsAutoscalingGroupTag, + "aws_autoscaling_lifecycle_hook": awsAutoscalingLifecycleHook, + "aws_autoscaling_notification": awsAutoscalingNotification, + "aws_autoscaling_policy": awsAutoscalingPolicy, + "aws_autoscaling_schedule": awsAutoscalingSchedule, + "aws_autoscaling_traffic_source_attachment": awsAutoscalingTrafficSourceAttachment, + "aws_autoscalingplans_scaling_plan": awsAutoscalingplansScalingPlan, + "aws_backup_framework": awsBackupFramework, + "aws_backup_global_settings": awsBackupGlobalSettings, + "aws_backup_logically_air_gapped_vault": awsBackupLogicallyAirGappedVault, + "aws_backup_plan": awsBackupPlan, + "aws_backup_region_settings": awsBackupRegionSettings, + "aws_backup_report_plan": awsBackupReportPlan, + "aws_backup_selection": awsBackupSelection, + "aws_backup_vault": awsBackupVault, + "aws_backup_vault_lock_configuration": awsBackupVaultLockConfiguration, + "aws_backup_vault_notifications": awsBackupVaultNotification, + "aws_backup_vault_policy": awsBackupVaultPolicy, + "aws_batch_compute_environment": awsBatchComputeEnvironment, + "aws_batch_job_definition": awsBatchJobDefinition, + "aws_batch_job_queue": awsBatchJobQueue, + "aws_batch_scheduling_policy": awsBatchSchedulingPolicy, + "aws_bcmdataexports_export": awsBcmdataexportsExport, + "aws_bedrock_custom_model": awsBedrockCustomModel, + "aws_bedrock_guardrail": awsBedrockGuardrail, + "aws_bedrock_guardrail_version": awsBedrockGuardrailVersion, + "aws_bedrock_inference_profile": awsBedrockInferenceProfile, + "aws_bedrock_model_invocation_logging_configuration": awsBedrockModelInvocationLoggingConfiguration, + "aws_bedrock_provisioned_model_throughput": awsBedrockProvisionedModelThroughput, + "aws_bedrockagent_agent": awsBedrockagentAgent, + "aws_bedrockagent_agent_action_group": awsBedrockagentActionGroup, + "aws_bedrockagent_agent_alias": awsBedrockagentAgentAlias, + "aws_bedrockagent_agent_collaborator": awsBedrockagentAgentCollaborator, + "aws_bedrockagent_agent_knowledge_base_association": awsBedrockagentKnowledgeBaseAssociation, + "aws_bedrockagent_data_source": awsBedrockagentDatasource, + "aws_bedrockagent_knowledge_base": awsBedrockagentKnowledgeBase, + "aws_budgets_budget": awsBudgetsBudget, + "aws_budgets_budget_action": awsBudgetsBudgetAction, + "aws_ce_anomaly_monitor": awsCeAnomalyMonitor, + "aws_ce_anomaly_subscription": awsCeAnomalySubscription, + "aws_ce_cost_allocation_tag": awsCeCostAllocationTag, + "aws_ce_cost_category": awsCeCostCategory, + "aws_chatbot_slack_channel_configuration": awsChatbotSlackChannelConfiguration, + "aws_chatbot_teams_channel_configuration": awsChatbotTeamsChannelConfiguration, + "aws_chime_voice_connector": awsChimeVoiceConnector, + "aws_chime_voice_connector_group": awsChimeVoiceConnectorGroup, + "aws_chime_voice_connector_logging": awsChimeVoiceConnectorLogging, + "aws_chime_voice_connector_origination": awsChimeVoiceConnectorOrigination, + "aws_chime_voice_connector_streaming": awsChimeVoiceConnectorStreaming, + "aws_chime_voice_connector_termination": awsChimeVoiceConnectorTermination, + "aws_chime_voice_connector_termination_credentials": awsChimeVoiceConnectorTerminationCredentials, + "aws_chimesdkmediapipelines_media_insights_pipeline_configuration": awsChimesdkmediapipelinesMediaInsightsPipelineConfiguration, + "aws_chimesdkvoice_global_settings": awsChimesdkvoiceGlobalSettings, + "aws_chimesdkvoice_sip_media_application": awsChimesdkvoiceSIPMediaApplication, + "aws_chimesdkvoice_sip_rule": awsChimesdkvoiceSIPRule, + "aws_chimesdkvoice_voice_profile_domain": awsChimesdkvoiceVoiceProfileDomain, + "aws_cleanrooms_collaboration": awsCleanroomsCollaboration, + "aws_cleanrooms_configured_table": awsCleanroomsConfiguredTable, + "aws_cleanrooms_membership": awsCleanroomsMembership, + "aws_cloud9_environment_ec2": awsCloud9EnvironmentEc2, + "aws_cloud9_environment_membership": awsCloud9EnvironmentMembership, + "aws_cloudcontrolapi_resource": awsCloudcontrolapiResource, + "aws_cloudformation_stack": awsCloudformationStack, + "aws_cloudformation_stack_instances": awsCloudformationStackInstances, + "aws_cloudformation_stack_set": awsCloudFormationStackSet, + "aws_cloudformation_stack_set_instance": awsCloudFormationStackSetInstance, + "aws_cloudformation_type": awsCloudformationType, + "aws_cloudfront_cache_policy": awsCloudfrontCachePolicy, + "aws_cloudfront_continuous_deployment_policy": awsCloudfrontContinuousDeploymentPolicy, + "aws_cloudfront_distribution": awsCloudfrontDistribution, + "aws_cloudfront_field_level_encryption_config": awsCloudfrontFieldLevelEncryptionConfig, + "aws_cloudfront_field_level_encryption_profile": awsCloudfrontFieldLevelEncryptionProfile, + "aws_cloudfront_function": awsCloudfrontFunction, + "aws_cloudfront_key_group": awsCloudfrontKeyGroup, + "aws_cloudfront_key_value_store": awsCloudfrontKeyValueStore, + "aws_cloudfront_monitoring_subscription": awsCloudfrontMonitoringSubscription, + "aws_cloudfront_origin_access_control": awsCloudfrontOriginAccessControl, + "aws_cloudfront_origin_access_identity": awsCloudfrontOriginAccessIdentity, + "aws_cloudfront_origin_request_policy": awsCloudfrontOriginRequestPolicy, + "aws_cloudfront_public_key": awsCloudfrontPublicKey, + "aws_cloudfront_realtime_log_config": awsCloudfrontRealtimeLogConfig, + "aws_cloudfront_response_headers_policy": awsCloudfrontResponseHeadersPolicy, + "aws_cloudfront_vpc_origin": awsCloudfrontVpcOrigin, + "aws_cloudfrontkeyvaluestore_key": awsCloudfrontkeyvaluestoreKey, + "aws_cloudhsm_v2_cluster": awsCloudhsmV2Vluster, + "aws_cloudhsm_v2_hsm": awsCloudhsmV2Hsm, + "aws_cloudsearch_domain": awsCloudsearchDomain, + "aws_cloudsearch_domain_service_access_policy": awsCloudsearchDomainServiceAccessPolicy, + "aws_cloudtrail": awsCloudtrail, + "aws_cloudtrail_event_data_store": awsCloudtrailEventDataStore, + "aws_cloudtrail_organization_delegated_admin_account": awsCloudtrailOrganizationDelegatedAdminAccount, + "aws_cloudwatch_composite_alarm": awsCloudwatchCompositeAlarm, + "aws_cloudwatch_dashboard": awsCloudwatchDashboard, + "aws_cloudwatch_event_api_destination": awsCloudwatchEventAPIDestination, + "aws_cloudwatch_event_archive": awsCloudwatchEventArchive, + "aws_cloudwatch_event_bus": awsCloudwatchEventBus, + "aws_cloudwatch_event_bus_policy": awsCloudwatchEventBusPolicy, + "aws_cloudwatch_event_connection": awsCloudwatchEventConnection, + "aws_cloudwatch_event_endpoint": awsCloudwatchEventEndpoint, + "aws_cloudwatch_event_permission": awsCloudwatchEventPermission, + "aws_cloudwatch_event_rule": awsCloudwatchEventRule, + "aws_cloudwatch_event_target": awsCloudwatchEventTarget, + "aws_cloudwatch_log_account_policy": awsCloudwatchLogAccountPolicy, + "aws_cloudwatch_log_anomaly_detector": awsCloudwatchLogAnomalyDetector, + "aws_cloudwatch_log_data_protection_policy": awsCloudwatchLogDataProtectionPolicy, + "aws_cloudwatch_log_delivery": awsCloudwatchLogDelivery, + "aws_cloudwatch_log_delivery_destination": awsCloudwatchLogDeliveryDestination, + "aws_cloudwatch_log_delivery_destination_policy": awsCloudwatchLogDeliveryDestinationPolicy, + "aws_cloudwatch_log_delivery_source": awsCloudwatchLogDeliverySource, + "aws_cloudwatch_log_destination": awsCloudwatchLogDestination, + "aws_cloudwatch_log_destination_policy": awsCloudwatchLogDestinationPolicy, + "aws_cloudwatch_log_group": awsCloudwatchLogGroup, + "aws_cloudwatch_log_index_policy": awsCloudwatchLogIndexPolicy, + "aws_cloudwatch_log_metric_filter": awsCloudwatchLogMetricFilter, + "aws_cloudwatch_log_resource_policy": awsCloudwatchLogResourcePolicy, + "aws_cloudwatch_log_stream": awsCloudwatchLogStream, + "aws_cloudwatch_log_subscription_filter": awsCloudwatchLogSubscriptionFilter, + "aws_cloudwatch_metric_alarm": awsCloudwatchMetricAlarm, + "aws_cloudwatch_metric_stream": awsCloudwatchMetricStream, + "aws_cloudwatch_query_definition": awsCloudwatchQueryDestination, + "aws_codeartifact_domain": awsCodeartifactDomain, + "aws_codeartifact_domain_permissions_policy": awsCodeartifactDomainPermissionsPolicy, + "aws_codeartifact_repository": awsCodeartifactRepository, + "aws_codeartifact_repository_permissions_policy": awsCodeartifactRepositoryPermissionsPolicy, + "aws_codebuild_fleet": awsCodeBuildFleet, + "aws_codebuild_project": awsCodebuildProject, + "aws_codebuild_report_group": awsCodebuildReportGroup, + "aws_codebuild_resource_policy": awsCodebuildResourcePolicy, + "aws_codebuild_source_credential": awsCodebuildSourceCredential, + "aws_codebuild_webhook": awsCodebuildWebhook, + "aws_codecatalyst_dev_environment": placeholder, + "aws_codecatalyst_project": placeholder, + "aws_codecatalyst_source_repository": placeholder, + "aws_codecommit_approval_rule_template": awsCodecommitApprovalRuleTemplate, + "aws_codecommit_approval_rule_template_association": awsCodecommitApprovalRuleTemplateAssociation, + "aws_codecommit_repository": awsCodecommitRepository, + "aws_codecommit_trigger": awsCodecommitTrigger, + "aws_codeconnections_connection": awsCodeconnectionsConnection, + "aws_codeconnections_host": awsCodeconnectionsHost, + "aws_codedeploy_app": awsCodedeployApp, + "aws_codedeploy_deployment_config": awsCodedeployDeploymentConfig, + "aws_codedeploy_deployment_group": awsCodedeployDeploymentGroup, + "aws_codeguruprofiler_profiling_group": awsCodeguruprofilerProfilingGroup, + "aws_codegurureviewer_repository_association": awsCodegurureviewerRepositoryAssociation, + "aws_codepipeline": awsCodepipeline, + "aws_codepipeline_custom_action_type": awsCodepipelineCustomActionType, + "aws_codepipeline_webhook": awsCodepipelineWebhook, + "aws_codestarconnections_connection": awsCodestarconnectionsConnection, + "aws_codestarconnections_host": awsCodestarconnectionsHost, + "aws_codestarnotifications_notification_rule": awsCodestarconnectionsNotificationsRule, + "aws_cognito_identity_pool": awsCognitoIdentityPool, + "aws_cognito_identity_pool_provider_principal_tag": awsCognitoIdentityPoolProviderPrincipalTag, + "aws_cognito_identity_pool_roles_attachment": awsCognitoIdentityPoolRolesAttachment, + "aws_cognito_identity_provider": awsCognitoIdentityProvider, + "aws_cognito_managed_user_pool_client": awsCognitoManagedUserPoolClient, + "aws_cognito_resource_server": awsCognitoResourceServer, + "aws_cognito_risk_configuration": awsCognitoRiskConfiguration, + "aws_cognito_user": awsCognitoUser, + "aws_cognito_user_group": awsCognitoUserGroup, + "aws_cognito_user_in_group": awsCognitoUserInGroup, + "aws_cognito_user_pool": awsCognitoUserPool, + "aws_cognito_user_pool_client": awsCognitoUserPoolClient, + "aws_cognito_user_pool_domain": awsCognitoUserPoolDomain, + "aws_cognito_user_pool_ui_customization": awsCognitoUserPoolUICustomization, + "aws_comprehend_document_classifier": awsComprehendDocumentClassifier, + "aws_comprehend_entity_recognizer": awsComprehendEntityRecognizer, + "aws_computeoptimizer_enrollment_status": awsComputeoptimizerEnrollmentStatus, + "aws_computeoptimizer_recommendation_preferences": awsComputeoptimizerRecommendationPreferences, + "aws_config_aggregate_authorization": awsConfigAggregateAuthorization, + "aws_config_config_rule": awsConfigConfigRule, + "aws_config_configuration_aggregator": awsConfigConfigurationAggregator, + "aws_config_configuration_recorder": awsConfigConfigurationRecorder, + "aws_config_configuration_recorder_status": awsConfigConfigurationRecorderStatus, + "aws_config_conformance_pack": awsConfigConformancePack, + "aws_config_delivery_channel": awsConfigDeliveryChannel, + "aws_config_organization_conformance_pack": awsConfigOrganizationConformancePack, + "aws_config_organization_custom_policy_rule": awsConfigOrganizationCustomPolicyRule, + "aws_config_organization_custom_rule": awsConfigOrganizationCustomRule, + "aws_config_organization_managed_rule": awsConfigOrganizationManagedRule, + "aws_config_remediation_configuration": awsConfigRemediationConfiguration, + "aws_config_retention_configuration": awsConfigRetentionConfiguration, + "aws_connect_bot_association": awsConnectBotAssociation, + "aws_connect_contact_flow": awsConnectContactFlow, + "aws_connect_contact_flow_module": awsConnectContactFlowModule, + "aws_connect_hours_of_operation": awsConnectHoursOfOperation, + "aws_connect_instance": awsConnectInstance, + "aws_connect_instance_storage_config": awsConnectInstanceStorageConfig, + "aws_connect_lambda_function_association": awsConnectLambdaFunctionAssociation, + "aws_connect_phone_number": awsConnectPhoneNumber, + "aws_connect_queue": awsConnectQueue, + "aws_connect_quick_connect": awsConnectQuickConnect, + "aws_connect_routing_profile": awsConnectRoutingProfile, + "aws_connect_security_profile": awsConnectSecurityProfile, + "aws_connect_user": awsConnectUser, + "aws_connect_user_hierarchy_group": awsConnectUserHierarchyGroup, + "aws_connect_user_hierarchy_structure": awsConnectUserHierarchyStructure, + "aws_connect_vocabulary": awsConnectVocabulary, + "aws_controltower_control": awsControltowerControl, + "aws_controltower_landing_zone": awsControltowerLandingZone, + "aws_costoptimizationhub_enrollment_status": awsCostoptimizationhubEnrollmentStatus, + "aws_costoptimizationhub_preferences": awsCostoptimizationhubPreferences, + "aws_cur_report_definition": awsCurReportDefinition, + "aws_customer_gateway": awsCustomerGateway, + "aws_customerprofiles_domain": awsCustomerprofilesDomain, + "aws_customerprofiles_profile": awsCustomerprofilesProfile, + "aws_dataexchange_data_set": awsDataexchangeDataSet, + "aws_dataexchange_revision": awsDataexchangeRevision, + "aws_datapipeline_pipeline": awsDatapipelinePipeline, + "aws_datapipeline_pipeline_definition": awsDatapipelinePipelineDefinition, + "aws_datasync_agent": awsDatasyncAgent, + "aws_datasync_location_azure_blob": awsDatasyncLocationAzureBlob, + "aws_datasync_location_efs": awsDatasyncLocationEfs, + "aws_datasync_location_fsx_lustre_file_system": awsDatasyncLocationFsxLustreFileSystem, + "aws_datasync_location_fsx_ontap_file_system": awsDatasyncLocationFsxOntapFileSystem, + "aws_datasync_location_fsx_openzfs_file_system": awsDatasyncLocationFsxOpenzfsFileSystem, + "aws_datasync_location_fsx_windows_file_system": awsDatasyncLocationFsxWindowsFileSystem, + "aws_datasync_location_hdfs": awsDatasyncLocationHdfs, + "aws_datasync_location_nfs": awsDatasyncLocationNfs, + "aws_datasync_location_object_storage": awsDatasyncLocationObjectStorage, + "aws_datasync_location_s3": awsDatasyncLocationS3, + "aws_datasync_location_smb": awsDatasyncLocationSmb, + "aws_datasync_task": awsDatasyncTask, + "aws_datazone_asset_type": awsDatazoneAssetType, + "aws_datazone_domain": awsDatazoneDomain, + "aws_datazone_environment": awsDatazoneEnvironment, + "aws_datazone_environment_blueprint_configuration": awsDatazoneEnvironmentBlueprintConfiguration, + "aws_datazone_environment_profile": awsDatazoneEnvironmentProfile, + "aws_datazone_form_type": awsDatazoneFormType, + "aws_datazone_glossary": awsDatazoneGlossary, + "aws_datazone_glossary_term": awsDatazoneGlossaryTerm, + "aws_datazone_project": awsDatazoneProject, + "aws_datazone_user_profile": awsDatazoneUserProfile, + "aws_dax_cluster": awsDaxCluster, + "aws_dax_parameter_group": awsDaxParameterGroup, + "aws_dax_subnet_group": awsDaxSubnetGroup, + "aws_db_cluster_snapshot": awsDBClusterSnapshot, + "aws_db_event_subscription": awsDBEventSubscription, + "aws_db_instance": awsDBInstance, + "aws_db_instance_automated_backups_replication": awsDBInstanceAutomatedBackupsReplication, + "aws_db_instance_role_association": awsDBInstanceRoleAssociation, + "aws_db_option_group": awsDBOptionGroup, + "aws_db_parameter_group": awsDBParameterGroup, + "aws_db_proxy": awsDBProxy, + "aws_db_proxy_default_target_group": awsDBProxyDefaultTargetGroup, + "aws_db_proxy_endpoint": awsDBProxyEndpoint, + "aws_db_proxy_target": awsDBProxyTarget, + "aws_db_snapshot": awsDBSnapshot, + "aws_db_snapshot_copy": awsDBSnapshotCopy, + "aws_db_subnet_group": awsDBSubnetGroup, + "aws_default_network_acl": awsDefaultNetworkACL, + "aws_default_route_table": awsDefaultRouteTable, + "aws_default_security_group": awsDefaultSecurityGroup, + "aws_default_subnet": awsDefaultSubnet, + "aws_default_vpc": awsDefaultVpc, + "aws_default_vpc_dhcp_options": awsDefaultVpcDhcpOptions, + "aws_detective_graph": awsDetectiveGraph, + "aws_detective_invitation_accepter": awsDetectiveInvitationAccepter, + "aws_detective_member": awsDetectiveMember, + "aws_detective_organization_admin_account": awsDectectiveOrganizationAdminAccount, + "aws_detective_organization_configuration": awsDetectiveOrganizationConfiguration, + "aws_devicefarm_device_pool": awsDevicefarmDevicePool, + "aws_devicefarm_instance_profile": awsDevicefarmInstanceProfile, + "aws_devicefarm_network_profile": awsDevicefarmNetworkProfile, + "aws_devicefarm_project": awsDevicefarmProject, + "aws_devicefarm_upload": awsDevicefarmUpload, + "aws_devopsguru_event_sources_config": awsDevopsguruEventSourcesConfig, + "aws_devopsguru_notification_channel": awsDevopsguruNotificationChannel, + "aws_devopsguru_resource_collection": awsDevopsguruResourceCollection, + "aws_devopsguru_service_integration": awsDevopsguruServiceIntegration, + "aws_directory_service_conditional_forwarder": awsDirectoryServiceConditionalForwarder, + "aws_directory_service_directory": awsDirectoryServiceDirectory, + "aws_directory_service_log_subscription": awsDirectoryServiceLogSubscription, + "aws_directory_service_radius_settings": awsDirectoryServiceRadiusSettings, + "aws_directory_service_region": awsDirectoryServiceRegion, + "aws_directory_service_shared_directory": awsDirectoryServiceSharedDirectory, + "aws_directory_service_shared_directory_accepter": awsDirectoryServiceSharedDirectoryAccepter, + "aws_directory_service_trust": awsDirectoryServiceTrust, + "aws_dlm_lifecycle_policy": awsDlmLifecyclePolicy, + "aws_dms_certificate": awsDmsCertificate, + "aws_dms_endpoint": awsDmsEndpoint, + "aws_dms_event_subscription": awsDmsEventSubscription, + "aws_dms_replication_config": awsDmsReplicationConfig, + "aws_dms_replication_instance": awsDmsReplicationInstance, + "aws_dms_replication_subnet_group": awsDmsReplicationSubnetGroup, + "aws_dms_replication_task": awsDmsReplicationTask, + "aws_dms_s3_endpoint": awsDmsS3Endpoint, + "aws_docdb_cluster": awsRdsCluster, + "aws_docdb_cluster_instance": awsNeptuneClusterInstance, + "aws_docdb_cluster_parameter_group": awsRdsClusterParameterGroup, + "aws_docdb_cluster_snapshot": awsDBClusterSnapshot, + "aws_docdb_event_subscription": awsNeptuneEventSubscription, + "aws_docdb_global_cluster": awsRdsGlobalCluster, + "aws_docdb_subnet_group": awsDBSubnetGroup, + "aws_docdbelastic_cluster": awsDocdbelasticCluster, + "aws_drs_replication_configuration_template": awsDrsReplicationConfigurationTemplate, + "aws_dx_bgp_peer": awsDxBgpPeer, + "aws_dx_connection": awsDxConnection, + "aws_dx_connection_association": awsDxConnectionAssociation, + "aws_dx_connection_confirmation": awsDxConnectionConfirmation, + "aws_dx_gateway": awsDxGateway, + "aws_dx_gateway_association": awsDxGatewayAssociation, + "aws_dx_gateway_association_proposal": awsDxGatewayAssociationProposal, + "aws_dx_hosted_connection": awsDxHostedConnection, + "aws_dx_hosted_private_virtual_interface": awsDxHostedPrivateVirtualInterface, + "aws_dx_hosted_private_virtual_interface_accepter": awsDxHostedPrivateVirtualInterfaceAccepter, + "aws_dx_hosted_public_virtual_interface": awsDxHostedPublicVirtualInterface, + "aws_dx_hosted_public_virtual_interface_accepter": awsDxHostedPublicVirtualInterfaceAccepter, + "aws_dx_hosted_transit_virtual_interface": awsDxHostedTransitVirtualInterface, + "aws_dx_hosted_transit_virtual_interface_accepter": awsDxHostedTransitVirtualInterfaceAccepter, + "aws_dx_lag": awsDxLag, + "aws_dx_macsec_key_association": awsDxMacsecKeyAssociation, + "aws_dx_private_virtual_interface": awsDxPrivateVirtualInterface, + "aws_dx_public_virtual_interface": awsDxPublicVirtualInterface, + "aws_dx_transit_virtual_interface": awsDxTransitVirtualInterface, + "aws_dynamodb_contributor_insights": awsDynamodbContributorInsights, + "aws_dynamodb_global_table": awsDynamodbGlobalTable, + "aws_dynamodb_kinesis_streaming_destination": awsDynamodbKinesisStreamingDestination, + "aws_dynamodb_resource_policy": awsDynamodbResourcePolicy, + "aws_dynamodb_table": awsDynamodbTable, + "aws_dynamodb_table_export": awsDynamodbTableExport, + "aws_dynamodb_table_item": awsDynamodbTableItem, + "aws_dynamodb_table_replica": awsDynamodbTableReplica, + "aws_dynamodb_tag": awsDynamodbTag, + "aws_ebs_default_kms_key": awsEbsDefaultKmsKey, + "aws_ebs_encryption_by_default": awsEbsEncryptionByDefault, + "aws_ebs_fast_snapshot_restore": awsEbsFastSnapshotRestore, + "aws_ebs_snapshot": awsEbsSnapshot, + "aws_ebs_snapshot_block_public_access": awsEbsSnapshotBlockPublicAccess, + "aws_ebs_snapshot_copy": awsEbsSnapshotCopy, + "aws_ebs_snapshot_import": awsEbsSnapshotImport, + "aws_ebs_volume": awsEbsVolume, + "aws_ec2_availability_zone_group": awsEc2AvailabilityGroup, + "aws_ec2_capacity_block_reservation": awsEc2CapacityBlockReservation, + "aws_ec2_capacity_reservation": awsEc2CapacityReservation, + "aws_ec2_carrier_gateway": awsEc2CarrierGateway, + "aws_ec2_client_vpn_authorization_rule": awsEc2ClientvpnAuthorizationRule, + "aws_ec2_client_vpn_endpoint": awsEc2ClientVpnEndpoint, + "aws_ec2_client_vpn_network_association": awsEc2ClientVpnNetworkAssociation, + "aws_ec2_client_vpn_route": awsEc2ClientVpnRoute, + "aws_ec2_fleet": awsEc2Fleet, + "aws_ec2_host": awsEc2Host, + "aws_ec2_image_block_public_access": awsEc2ImageBlockPublicAccess, + "aws_ec2_instance": awsInstance, + "aws_ec2_instance_connect_endpoint": awsEc2InstanceConnectEndpoint, + "aws_ec2_instance_metadata_defaults": awsEc2InstanceMetadataDefaults, + "aws_ec2_instance_state": awsEc2InstanceState, + "aws_ec2_local_gateway_route": awsEc2LocalGatewayRoute, + "aws_ec2_local_gateway_route_table_vpc_association": awsEc2LocalGatewayRouteTableVpcAssociation, + "aws_ec2_managed_prefix_list": awsEc2ManagedPrefixList, + "aws_ec2_managed_prefix_list_entry": awsEc2ManagedPrefixListEntry, + "aws_ec2_network_insights_analysis": awsEc2NetworkInsightsAnalysis, + "aws_ec2_network_insights_path": awsEc2NetworkInsightsPath, + "aws_ec2_serial_console_access": awsEc2SerialConsoleAccess, + "aws_ec2_subnet_cidr_reservation": awsEc2SubnetCidrReservation, + "aws_ec2_tag": awsEc2Tag, + "aws_ec2_traffic_mirror_filter": awsEc2TrafficMirrorFilter, + "aws_ec2_traffic_mirror_filter_rule": awsEc2TrafficMirrorFilterRule, + "aws_ec2_traffic_mirror_session": awsEc2TrafficMirrorSession, + "aws_ec2_traffic_mirror_target": awsEc2TrafficMirrorTarget, + "aws_ec2_transit_gateway": awsEc2TransitGateway, + "aws_ec2_transit_gateway_connect": awsEc2TransitGatewayConnect, + "aws_ec2_transit_gateway_connect_peer": awsEc2TransitGatewayConnectPeer, + "aws_ec2_transit_gateway_default_route_table_association": awsEc2TransitGatewayDefaultRouteTableAssociation, + "aws_ec2_transit_gateway_default_route_table_propagation": awsEc2TransitGatewayDefaultRouteTablePropagation, + "aws_ec2_transit_gateway_multicast_domain": awsEc2TransitGatewayMulticastDomain, + "aws_ec2_transit_gateway_multicast_domain_association": awsEc2TransitGatewayMulticastDomainAssociation, + "aws_ec2_transit_gateway_multicast_group_member": awsEc2TransitGatewayMulticastGroupMember, + "aws_ec2_transit_gateway_multicast_group_source": awsEc2TransitGatewayMulticastGroupSource, + "aws_ec2_transit_gateway_peering_attachment": awsEc2TransitGatewayPeeringAttachment, + "aws_ec2_transit_gateway_peering_attachment_accepter": awsEc2TransitGatewayPeeringAttachmentAccepter, + "aws_ec2_transit_gateway_policy_table": awsEc2TransitGatewayPolicyTable, + "aws_ec2_transit_gateway_policy_table_association": awsEc2TransitGatewayPolicyTableAssociation, + "aws_ec2_transit_gateway_prefix_list_reference": awsEc2TransitGatewayPrefixListReference, + "aws_ec2_transit_gateway_route": awsEc2TransitGatewayRoute, + "aws_ec2_transit_gateway_route_table": awsEc2TransitGatewayRouteTable, + "aws_ec2_transit_gateway_route_table_association": awsEc2TransitGatewayRouteTableAssociation, + "aws_ec2_transit_gateway_route_table_propagation": awsEc2TransitGatewayRouteTablePropagation, + "aws_ec2_transit_gateway_vpc_attachment": awsEc2TransitGatewayVpcAttachment, + "aws_ec2_transit_gateway_vpc_attachment_accepter": awsEc2TransitGatewayVpcAttachmentAccepter, + "aws_ecr_account_setting": awsEcrAccountSetting, + "aws_ecr_lifecycle_policy": awsEcrLifecyclePolicy, + "aws_ecr_pull_through_cache_rule": awsEcrPullThroughCacheRule, + "aws_ecr_registry_policy": awsEcrRegistryPolicy, + "aws_ecr_registry_scanning_configuration": awsEcrRegistryScanningConfiguration, + "aws_ecr_replication_configuration": awsEcrReplicationConfiguration, + "aws_ecr_repository": awsEcrRepository, + "aws_ecr_repository_creation_template": awsEcrRepositoryCreationTemplate, + "aws_ecr_repository_policy": awsEcrRepositoryPolicy, + "aws_ecrpublic_repository": awsEcrPublicRepository, + "aws_ecrpublic_repository_policy": awsEcrpublicRepositoryPolicy, + "aws_ecs_account_setting_default": awsEcsAccountSettingDefault, + "aws_ecs_capacity_provider": awsEcsCapacityProvider, + "aws_ecs_cluster": awsEcsCluster, + "aws_ecs_cluster_capacity_providers": awsEcsClusterCapacityProviders, + "aws_ecs_service": awsEcsService, + "aws_ecs_tag": awsEcsTag, + "aws_ecs_task_definition": awsEcsTaskDefinition, + "aws_ecs_task_set": awsEcsTaskSet, + "aws_efs_access_point": awsEfsAccessPoint, + "aws_efs_backup_policy": awsEfsBackupPolicy, + "aws_efs_file_system": awsEfsFileSystem, + "aws_efs_file_system_policy": awsEfsFileSystemPolicy, + "aws_efs_mount_target": awsEfsMountTarget, + "aws_efs_replication_configuration": awsEfsReplicationConfiguration, + "aws_egress_only_internet_gateway": awsEgressOnlyInternetGateway, + "aws_eip": awsEip, + "aws_eip_association": awsEipAssociation, + "aws_eip_domain_name": awsEipDomainName, + "aws_eks_access_entry": awsEksAccessEntry, + "aws_eks_access_policy_association": awsEksAccessPolicyAssociation, + "aws_eks_addon": awsEksAddon, + "aws_eks_cluster": awsEksCluster, + "aws_eks_fargate_profile": awsEksFargateProfile, + "aws_eks_identity_provider_config": awsEksIdentityProviderConfig, + "aws_eks_node_group": awsEksNodeGroup, + "aws_eks_pod_identity_association": awsEksPodIdentityAssociation, + "aws_elastic_beanstalk_application": awsElasticBeanstalkApplication, + "aws_elastic_beanstalk_application_version": awsElasticBeanstalkApplicationVersion, + "aws_elastic_beanstalk_configuration_template": awsElasticBeanstalkConfigurationTemplate, + "aws_elastic_beanstalk_environment": awsElastiBeanstalkEnvironment, + "aws_elasticache_cluster": awsElasticacheCluster, + "aws_elasticache_global_replication_group": awsElasticacheGlobalReplicationGroup, + "aws_elasticache_parameter_group": awsElasticacheParameterGroup, + "aws_elasticache_replication_group": awsElasticacheReplicationGroup, + "aws_elasticache_reserved_cache_node": awsElasticacheReservedCacheNode, + "aws_elasticache_serverless_cache": awsElasticacheServerlessCache, + "aws_elasticache_subnet_group": awsElasticacheSubnetGroup, + "aws_elasticache_user": awsElasticacheUser, + "aws_elasticache_user_group": awsElasticacheUserGroup, + "aws_elasticache_user_group_association": awsElasticacheUserGroupAssociation, + "aws_elasticsearch_domain": awsElasticsearchDomain, + "aws_elasticsearch_domain_policy": awsElasticsearchDomainPolicy, + "aws_elasticsearch_domain_saml_options": awsElasticsearchDomainSamlOptions, + "aws_elasticsearch_vpc_endpoint": awsElasticsearchVpcEndpoint, + "aws_elastictranscoder_pipeline": awsElastictranscoderPipeline, + "aws_elastictranscoder_preset": awsElastictranscoderPreset, + "aws_elb": awsElb, + "aws_elb_attachment": awsElbAttachment, + "aws_emr_block_public_access_configuration": awsEmrBlockPublicAccessConfiguration, + "aws_emr_cluster": awsEmrCluster, + "aws_emr_instance_fleet": awsEmrInstanceFleet, + "aws_emr_instance_group": awsEmrInstanceGroup, + "aws_emr_managed_scaling_policy": awsEmrManagedScalingPolicy, + "aws_emr_security_configuration": awsEmrSecurityConfiguration, + "aws_emr_studio": awsEmrStudio, + "aws_emr_studio_session_mapping": awsEmrStudioSessionMapping, + "aws_emrcontainers_job_template": awsEmrcontainersJobTemplate, + "aws_emrcontainers_virtual_cluster": awsEmrcontainersVirtualCluster, + "aws_emrserverless_application": awsEmrseverlessApplication, + "aws_evidently_feature": awsEvidentlyFeature, + "aws_evidently_launch": awsEvidentlyLaunch, + "aws_evidently_project": awsEvidentlyProject, + "aws_evidently_segment": awsEvidentlySegment, + "aws_finspace_kx_cluster": awsFinspaceKxCluster, + "aws_finspace_kx_database": awsFinspaceKxDatabase, + "aws_finspace_kx_dataview": awsFinspaceKxDataview, + "aws_finspace_kx_environment": awsFinspaceKxEnvironment, + "aws_finspace_kx_scaling_group": awsFinspaceKxScalingGroup, + "aws_finspace_kx_user": awsFinspaceKxUser, + "aws_finspace_kx_volume": awsFinspaceKxVolume, + "aws_fis_experiment_template": awsFisExperimentTemplate, + "aws_flow_log": awsFlowLog, + "aws_fms_admin_account": awsFmsAdminAccount, + "aws_fms_policy": awsFmsPolicy, + "aws_fms_resource_set": awsFmsResourceSet, + "aws_fsx_backup": awsFsxBackup, + "aws_fsx_data_repository_association": awsFsxDataRepositoryAssociation, + "aws_fsx_file_cache": awsFsxFileCache, + "aws_fsx_lustre_file_system": awsFsxLustreFileSystem, + "aws_fsx_ontap_file_system": awsFsxOntapFileSystem, + "aws_fsx_ontap_storage_virtual_machine": awsFsxOntapStorageVirtualMachine, + "aws_fsx_ontap_volume": awsFsxOntapVolume, + "aws_fsx_openzfs_file_system": awsFsxOpenzfsFileSystem, + "aws_fsx_openzfs_snapshot": awsFsxOpenzfsSnaphot, + "aws_fsx_openzfs_volume": awsFsxOpenzfsVolume, + "aws_fsx_windows_file_system": awsFsxWindowsFileSystem, + "aws_gamelift_alias": awsGameliftAlias, + "aws_gamelift_build": awsGameliftBuild, + "aws_gamelift_fleet": awsGameliftFleet, + "aws_gamelift_game_server_group": awsGameliftGameServerGroup, + "aws_gamelift_game_session_queue": awsGameliftGameSessionQueue, + "aws_gamelift_script": awsGameliftScript, + "aws_glacier_vault": awsGlacierVault, + "aws_glacier_vault_lock": awsGlacierVaultLock, + "aws_globalaccelerator_accelerator": awsGlobalacceleratorAccelerator, + "aws_globalaccelerator_cross_account_attachment": awsGlobalacceleratorCrossAccountAttachment, + "aws_globalaccelerator_custom_routing_accelerator": awsGlobalacceleratorCustomRoutingAccelerator, + "aws_globalaccelerator_custom_routing_endpoint_group": awsGlobalacceleratorCustomRoutingEndpointGroup, + "aws_globalaccelerator_custom_routing_listener": awsGlobalacceleratorCustomRoutingListener, + "aws_globalaccelerator_endpoint_group": awsGlobalacceleratorEndpointGroup, + "aws_globalaccelerator_listener": awsGlobalacceleratorListener, + "aws_glue_catalog_database": awsGlueCatalogDatabase, + "aws_glue_catalog_table": awsGlueCatalogTable, + "aws_glue_catalog_table_optimizer": awsGlueCatalogTableOptimizer, + "aws_glue_classifier": awsGlueClassifier, + "aws_glue_connection": awsGlueConnection, + "aws_glue_crawler": awsGlueCrawler, + "aws_glue_data_catalog_encryption_settings": awsGlueDataCatalogEncryptionSettings, + "aws_glue_data_quality_ruleset": awsGlueDataQualityRuleset, + "aws_glue_dev_endpoint": awsGlueDevEndpoint, + "aws_glue_job": awsGlueJob, + "aws_glue_ml_transform": awsGlueMlTransform, + "aws_glue_partition": awsGluePartition, + "aws_glue_partition_index": awsGluePartitionIndex, + "aws_glue_registry": awsGlueRegistry, + "aws_glue_resource_policy": awsGlueResourcePolicy, + "aws_glue_schema": awsGlueSchema, + "aws_glue_security_configuration": awsGlueSecurityConfiguration, + "aws_glue_trigger": awsGlueTrigger, + "aws_glue_user_defined_function": awsGlueUserDefinedFunction, + "aws_glue_workflow": awsGlueWorkflow, + "aws_grafana_license_association": awsGrafanaLicenseAssociation, + "aws_grafana_role_association": awsGrafanaRoleAssociation, + "aws_grafana_workspace": awsGrafanaWorkspace, + "aws_grafana_workspace_api_key": awsGrafanaWorkspaceAPIKey, + "aws_grafana_workspace_saml_configuration": awsGrafanaWorkspaceSamlConfiguration, + "aws_grafana_workspace_service_account": awsGrafanaWorkspaceServiceAccount, + "aws_grafana_workspace_service_account_token": awsGrafanaWorkspaceServiceAccountToken, + "aws_guardduty_detector": awsGuarddutyDetector, + "aws_guardduty_detector_feature": awsGuarddutyDetectorFeature, + "aws_guardduty_filter": awsGuarddutyFilter, + "aws_guardduty_invite_accepter": awsGuarddutyInviteAcceptor, + "aws_guardduty_ipset": awsGuarddutyIpset, + "aws_guardduty_malware_protection_plan": awsGuarddutyMalwareProtectionPlan, + "aws_guardduty_member": awsGuarddutyMember, + "aws_guardduty_member_detector_feature": awsGuarddutyMemberDetectorFeature, + "aws_guardduty_organization_admin_account": awsGuarddutyOrganizationAdminAccount, + "aws_guardduty_organization_configuration": awsGuarddutyOrganizationConfiguration, + "aws_guardduty_organization_configuration_feature": awsGuarddutyOrganizationConfigurationFeature, + "aws_guardduty_publishing_destination": awsGuarddutyPublishingDestination, + "aws_guardduty_threatintelset": awsGuarddutyThreatintelset, + "aws_iam_access_key": awsIamAccessKey, + "aws_iam_account_alias": awsIamAccountAlias, + "aws_iam_account_password_policy": awsIamAccountPasswordPolicy, + "aws_iam_group": awsIamGroup, + "aws_iam_group_membership": awsIamGroupMembership, + "aws_iam_group_policies_exclusive": awsIamGroupPoliciesExclusive, + "aws_iam_group_policy": awsIamGroupPolicy, + "aws_iam_group_policy_attachment": awsIamGroupPolicyAttachment, + "aws_iam_group_policy_attachments_exclusive": awsIamGroupPolicyAttachmentExclusive, + "aws_iam_instance_profile": awsIamInstanceProfile, + "aws_iam_openid_connect_provider": awsIamOpenidConnectProvider, + "aws_iam_organizations_features": awsIamOrganizationsFeatures, + "aws_iam_policy": awsIamPolicy, + "aws_iam_policy_attachment": awsIamPolicyAttachment, + "aws_iam_role": awsIamRole, + "aws_iam_role_policies_exclusive": awsIamRolePoliciesExclusive, + "aws_iam_role_policy": awsIamRolePolicy, + "aws_iam_role_policy_attachment": awsIamRolePolicyAttachment, + "aws_iam_role_policy_attachments_exclusive": awsIamRolePolicyAttachmentsExclusive, + "aws_iam_saml_provider": awsIamSamlProvider, + "aws_iam_security_token_service_preferences": awsIamSecurityTokenServicePreferences, + "aws_iam_server_certificate": awsIamServerCertificate, + "aws_iam_service_linked_role": awsIamServiceLinkedRole, + "aws_iam_service_specific_credential": awsIamServiceSpecificCredential, + "aws_iam_signing_certificate": awsIamSigningCertificate, + "aws_iam_user": awsIamUser, + "aws_iam_user_group_membership": awsIamUserGroupMembership, + "aws_iam_user_login_profile": awsIamUserLoginProfile, + "aws_iam_user_policies_exclusive": awsIamUserPoliciesExclusive, + "aws_iam_user_policy": awsIamUserPolicy, + "aws_iam_user_policy_attachment": awsIamUserPolicyAttachment, + "aws_iam_user_policy_attachments_exclusive": awsIamUserPolicyAttachmentsExclusive, + "aws_iam_user_ssh_key": awsIamUserSSHKey, + "aws_iam_virtual_mfa_device": awsIamVirtualMfaDevice, + "aws_identitystore_group": awsIdentitystoreGroup, + "aws_identitystore_group_membership": awsIdentitystoreGroupMembership, + "aws_identitystore_user": awsIdentitystoreUser, + "aws_imagebuilder_component": awsImagebuilderComponent, + "aws_imagebuilder_container_recipe": awsImagebuilderContainerRecipe, + "aws_imagebuilder_distribution_configuration": awsImagebuilderDistributionConfiguration, + "aws_imagebuilder_image": awsImagebuilderImage, + "aws_imagebuilder_image_pipeline": awsImagebuilderImagePipeline, + "aws_imagebuilder_image_recipe": awsImagebuilderImageRecipe, + "aws_imagebuilder_infrastructure_configuration": awsImagebuilderInstrastructureConfiguration, + "aws_imagebuilder_lifecycle_policy": awsImagebuilderLifecyclePolicy, + "aws_imagebuilder_workflow": awsImagebuilderWorkflow, + "aws_inspector2_delegated_admin_account": awsInspector2DelegatedAdminAccount, + "aws_inspector2_enabler": awsInspector2Enabler, + "aws_inspector2_member_association": awsInspector2MemberAssociation, + "aws_inspector2_organization_configuration": awsInspector2OrganizationConfiguration, + "aws_inspector_assessment_target": awsInspectorAssessmentTarget, + "aws_inspector_assessment_template": awsInspectorAssessmentTemplate, + "aws_inspector_resource_group": awsInspectorResouceGroup, + "aws_instance": awsInstance, + "aws_internet_gateway": awsInternetGateway, + "aws_internet_gateway_attachment": awsInternetGatewayAttachment, + "aws_internetmonitor_monitor": awsInternetmonitorMonitor, + "aws_iot_authorizer": awsIotAuthorizer, + "aws_iot_billing_group": awsIotBillingGroup, + "aws_iot_ca_certificate": awsIotCaCertificate, + "aws_iot_certificate": awsIotCertificate, + "aws_iot_domain_configuration": awsIotDomainConfiguration, + "aws_iot_event_configurations": awsIotEventConfigurations, + "aws_iot_indexing_configuration": awsIotIndexingConfiguration, + "aws_iot_logging_options": awsIotLoggingOptions, + "aws_iot_policy": awsIotPolicy, + "aws_iot_policy_attachment": awsIotPolicyAttachment, + "aws_iot_provisioning_template": awsIotProvisioningTemplate, + "aws_iot_role_alias": awsIotRoleAlias, + "aws_iot_thing": awsIotThing, + "aws_iot_thing_group": awsIotThingGroup, + "aws_iot_thing_group_membership": awsIotThingGroupMembership, + "aws_iot_thing_principal_attachment": awsIotThingPrincipalAttachment, + "aws_iot_thing_type": awsIotThingType, + "aws_iot_topic_rule": awsIotTopicRule, + "aws_iot_topic_rule_destination": awsIotTopicRuleDestination, + "aws_ivs_channel": awsIvsChannel, + "aws_ivs_playback_key_pair": awsIvsPlaybackKeyPair, + "aws_ivs_recording_configuration": awsIvsRecordingConfigration, + "aws_ivschat_logging_configuration": awsIvschatLoggingConfiguration, + "aws_ivschat_room": awsIvschatRoom, + "aws_kendra_data_source": awsKendraDataSource, + "aws_kendra_experience": awsKendraExperience, + "aws_kendra_faq": awsKendraFaq, + "aws_kendra_index": awsKendraIndex, + "aws_kendra_query_suggestions_block_list": awsKendraQuerySuggestionsBlockList, + "aws_kendra_thesaurus": awsKendraThesaurus, + "aws_key_pair": awsKeyPair, + "aws_keyspaces_keyspace": awsKeyspacesKeyspace, + "aws_keyspaces_table": awsKeyspacesTable, + "aws_kinesis_analytics_application": awsKinesisanalyticsApplication, + "aws_kinesis_firehose_delivery_stream": awsKinesisFirehoseDeliveryStream, + "aws_kinesis_resource_policy": awsKinesisResourcePolicy, + "aws_kinesis_stream": awsKinesisStream, + "aws_kinesis_stream_consumer": awsKinesisStreamConsumer, + "aws_kinesis_video_stream": awsKinesisVideoStream, + "aws_kinesisanalyticsv2_application": awsKinesisanalyticsv2Application, + "aws_kinesisanalyticsv2_application_snapshot": awsKinesisanalyticsv2ApplicationSnapshot, + "aws_kms_alias": awsKmsAlias, + "aws_kms_ciphertext": awsKmsCiphertext, + "aws_kms_custom_key_store": awsKmsCustomKeyStore, + "aws_kms_external_key": awsKmsExternalKey, + "aws_kms_grant": awsKmsGrant, + "aws_kms_key": awsKmsKey, + "aws_kms_key_policy": awsKmsKeyPolicy, + "aws_kms_replica_external_key": awsKmsReplicaExternalKey, + "aws_kms_replica_key": awsKmsReplicaKey, + "aws_lakeformation_data_cells_filter": awsLakeformationDataCellsFilter, + "aws_lakeformation_data_lake_settings": awsLakeformationDataLakeSettings, + "aws_lakeformation_lf_tag": awsLakeformationLfTag, + "aws_lakeformation_permissions": awsLakeformationPermissions, + "aws_lakeformation_resource": awsLakeformationResource, + "aws_lakeformation_resource_lf_tag": awsLakeformationResourceLfTag, + "aws_lakeformation_resource_lf_tags": awsLakeformationResourceLfTags, + "aws_lambda_alias": awsLambdaAlias, + "aws_lambda_code_signing_config": awsLambdaCodeSigningConfig, + "aws_lambda_event_source_mapping": awsLambdaEventSourceMapping, + "aws_lambda_function": awsLambdaFunction, + "aws_lambda_function_event_invoke_config": awsLambdaFunctionEventInvokeConfig, + "aws_lambda_function_recursion_config": awsLambdaFunctionRecursionConfig, + "aws_lambda_function_url": awsLambdaFunctionURL, + "aws_lambda_invocation": awsLambdaInvocation, + "aws_lambda_layer_version": awsLambdaLayerVersion, + "aws_lambda_layer_version_permission": awsLambdaLayerVersionPermission, + "aws_lambda_permission": awsLambdaPermission, + "aws_lambda_provisioned_concurrency_config": awsLambdaProvisionedConcurrencyConfig, + "aws_lambda_runtime_management_config": awsLambdaRuntimeManagementConfig, + "aws_launch_configuration": awsLaunchConfiguration, + "aws_launch_template": awsLaunchTemplate, + "aws_lb": awsLb, + "aws_lb_cookie_stickiness_policy": awsLbCookieStickinessPolicy, + "aws_lb_listener": awsLbListener, + "aws_lb_listener_certificate": awsLbListenerCertificate, + "aws_lb_listener_rule": awsLbListenerRule, + "aws_lb_ssl_negotiation_policy": awsLbSslNegotiationPolicy, + "aws_lb_target_group": awsLbTargetGroup, + "aws_lb_target_group_attachment": awsLbTargetGroupAttachment, + "aws_lb_trust_store": awsLbTrustStore, + "aws_lb_trust_store_revocation": awsLbTrustStoreRevocation, + "aws_lex_bot": awsLexBot, + "aws_lex_bot_alias": awsLexBotAlias, + "aws_lex_intent": awsLexIntent, + "aws_lex_slot_type": awsLexSlotType, + "aws_lexv2models_bot": awsLexv2ModelsBot, + "aws_lexv2models_bot_locale": awsLexv2ModelsBotLocale, + "aws_lexv2models_bot_version": awsLexv2ModelsBotVersion, + "aws_lexv2models_intent": awsLexv2ModelsIntent, + "aws_lexv2models_slot": awsLexv2ModelsSlot, + "aws_lexv2models_slot_type": awsLexv2ModelsSlotType, + "aws_licensemanager_association": awsLicensemanagerAssociation, + "aws_licensemanager_grant": awsLicencemanagerGrant, + "aws_licensemanager_grant_accepter": awsLicensemanagerGrantAccepter, + "aws_licensemanager_license_configuration": awsLicenceManagerLicencenceConfiguration, + "aws_lightsail_bucket": awsLightsailBucket, + "aws_lightsail_bucket_access_key_access_key": awsLightsailBucketAccessKeyAccessKey, + "aws_lightsail_bucket_resource_access": awsLightsailBucketResourceAccess, + "aws_lightsail_certificate": awsLightsailCertificate, + "aws_lightsail_container_service": awsLightsailContainerService, + "aws_lightsail_container_service_deployment_version": awsLightsailContainerServiceDeploymentVersion, + "aws_lightsail_database": awsLightsailDatabase, + "aws_lightsail_disk": awsLightsailDisk, + "aws_lightsail_disk_attachment": awsLightsailDiskAttachment, + "aws_lightsail_distribution": awsLightsailDistribution, + "aws_lightsail_domain": awsLightsailDomain, + "aws_lightsail_domain_entry": awsLightsailDomainEntry, + "aws_lightsail_instance": awsLightsailInstance, + "aws_lightsail_instance_public_ports": awsLightsailInstancePublicPorts, + "aws_lightsail_key_pair": awsLightsailKeyPair, + "aws_lightsail_lb": awsLightsailLb, + "aws_lightsail_lb_attachment": awsLightsailLbAttachment, + "aws_lightsail_lb_certificate": awsLightsailLbCertificate, + "aws_lightsail_lb_certificate_attachment": awsLightsailLbCertificateAttachment, + "aws_lightsail_lb_https_redirection_policy": awsLightsailLbHTTPSRedirectionPolicy, + "aws_lightsail_lb_stickiness_policy": awsLightsailLbStickinessPolicy, + "aws_lightsail_static_ip": awsLightsailStaticIP, + "aws_lightsail_static_ip_attachment": awsLightsailStaticIPAttachment, + "aws_load_balancer_backend_server_policy": awsLoadBalancerBackendServerPolicy, + "aws_load_balancer_listener_policy": awsLoadBalancerListenerPolicy, + "aws_load_balancer_policy": awsLoadBalancerPolicy, + "aws_location_geofence_collection": awsLocationGeofenceCollection, + "aws_location_map": awsLocationMap, + "aws_location_place_index": awsLocationPlaceIndex, + "aws_location_route_calculator": awsLocationRouteCalculator, + "aws_location_tracker": awsLocationTracker, + "aws_location_tracker_association": awsLocationTrackerAssociation, + "aws_m2_application": awsM2Application, + "aws_m2_deployment": awsM2Deployment, + "aws_m2_environment": awsM2Environment, + "aws_macie2_account": awsMacieAccount, + "aws_macie2_classification_export_configuration": awsMacieClassificationExportConfiguration, + "aws_macie2_classification_job": awsMacieClassificationJob, + "aws_macie2_custom_data_identifier": awsMacie2CustomDataIdentifier, + "aws_macie2_findings_filter": awsMacie2FindingsFilter, + "aws_macie2_invitation_accepter": awsMacieInvitationAccepter, + "aws_macie2_member": awsMacieMember, + "aws_macie2_organization_admin_account": awsMacieOrganizationAdminAccount, + "aws_main_route_table_association": awsMainRouteTableAssociation, + "aws_media_convert_queue": awsMediaConvertQueue, + "aws_media_package_channel": awsMediaPackageChannel, + "aws_media_packagev2_channel_group": awsMediaPackagev2ChannelGroup, + "aws_media_store_container": awsMediaStoreContainer, + "aws_media_store_container_policy": awsMediaStoreContainerPolicy, + "aws_medialive_channel": awsMedialiveChannel, + "aws_medialive_input": awsMedialiveInput, + "aws_medialive_input_security_group": awsMedialiveInputSecurityGroup, + "aws_medialive_multiplex": awsMedialiveMulitplex, + "aws_medialive_multiplex_program": awsMedialiveMultiplexProgram, + "aws_memorydb_acl": awsMemorydbACL, + "aws_memorydb_cluster": awsMemorydbCluster, + "aws_memorydb_multi_region_cluster": awsMemorydbMultiRegionCluster, + "aws_memorydb_parameter_group": awsMemorydbParameterGroup, + "aws_memorydb_snapshot": awsMemorydbSnapshot, + "aws_memorydb_subnet_group": awsMemorydbSubnetGroup, + "aws_memorydb_user": awsMemorydbUser, + "aws_mq_broker": awsMqBroker, + "aws_mq_configuration": awsMqConfiguration, + "aws_msk_cluster": awsMskCluster, + "aws_msk_cluster_policy": awsMskClusterPolicy, + "aws_msk_configuration": awsMskConfiguration, + "aws_msk_replicator": awsMskReplicator, + "aws_msk_scram_secret_association": awsMskScramSecretAssociation, + "aws_msk_serverless_cluster": awsMskServerlessCluster, + "aws_msk_single_scram_secret_association": awsMskSingleScramSecretAssociation, + "aws_msk_vpc_connection": awsMskVpcConnection, + "aws_mskconnect_connector": awsMskconnectConnector, + "aws_mskconnect_custom_plugin": awsMskconnectCustomPlugin, + "aws_mskconnect_worker_configuration": awsMskconnectWorkerConfiguration, + "aws_mwaa_environment": awsMwaaEnvironment, + "aws_nat_gateway": awsNatGateway, + "aws_neptune_cluster": awsNeptuneCluster, + "aws_neptune_cluster_endpoint": awsNeptuneClusterEndpoint, + "aws_neptune_cluster_instance": awsNeptuneClusterInstance, + "aws_neptune_cluster_parameter_group": awsRdsClusterParameterGroup, + "aws_neptune_cluster_snapshot": awsNeptuneClusterSnapshot, + "aws_neptune_event_subscription": awsNeptuneEventSubscription, + "aws_neptune_global_cluster": awsRdsGlobalCluster, + "aws_neptune_parameter_group": awsDBParameterGroup, + "aws_neptune_subnet_group": awsDBSubnetGroup, + "aws_network_acl": awsNetworkACL, + "aws_network_acl_association": awsNetworkACLAssociation, + "aws_network_acl_rule": awsNetworkACLRule, + "aws_network_interface": awsNetworkInterface, + "aws_network_interface_attachment": awsNetworkInterfaceAttachment, + "aws_network_interface_sg_attachment": awsNetworkInterfaceSgAttachment, + "aws_networkfirewall_firewall": awsNetworkfirewallFirewall, + "aws_networkfirewall_firewall_policy": awsNetworkfirewallFirewallPolicy, + "aws_networkfirewall_logging_configuration": awsNetworkfirewallLoggingConfiguration, + "aws_networkfirewall_resource_policy": awsNetworkfirewallResourcePolicy, + "aws_networkfirewall_rule_group": awsNetworkfirewallRuleGroup, + "aws_networkfirewall_tls_inspection_configuration": awsNetworkfirewallTLSInspectionConfiguration, + "aws_networkmanager_attachment_accepter": awsNetworkmanagerAttachmentAccepter, + "aws_networkmanager_connect_attachment": awsNetworkManagerConnectAttachment, + "aws_networkmanager_connect_peer": awsNetworkManagerConnectPeer, + "aws_networkmanager_connection": awsNetworkmanagerConnection, + "aws_networkmanager_core_network": awsNetworkmanagerCoreNetwork, + "aws_networkmanager_core_network_policy_attachment": awsNetworkmanagerCoreNetworkPolicyAttachment, + "aws_networkmanager_customer_gateway_association": awsNetworkmanagerCustomerGatewayAssociation, + "aws_networkmanager_device": awsNetworkmanagerDevice, + "aws_networkmanager_dx_gateway_attachment": awsNetworkmanagerDxGatewayAttachment, + "aws_networkmanager_global_network": awsNetworkmanagerGlobalNetwork, + "aws_networkmanager_link": awsNetworkmanagerLink, + "aws_networkmanager_link_association": awsNetworkmanagerLinkAssocation, + "aws_networkmanager_site": awsNetworkmanagerSite, + "aws_networkmanager_site_to_site_vpn_attachment": awsNetworkmanagerSiteToSiteVpnAttachment, + "aws_networkmanager_transit_gateway_connect_peer_association": awsNetworkmanagerTransitGatewayConnectPeerAssociation, + "aws_networkmanager_transit_gateway_peering": awsNetworkmanagerTransitGatewayPeering, + "aws_networkmanager_transit_gateway_registration": awsNetworkmanagerTransitGatewayRegistration, + "aws_networkmanager_transit_gateway_route_table_attachment": awsNetworkmanagerTransitGatewayRouteTableAttachment, + "aws_networkmanager_vpc_attachment": awsNetworkmanagerVpcAttachment, + "aws_networkmonitor_monitor": awsNetworkmonitorMonitor, + "aws_networkmonitor_probe": awsNetworkmonitorProbe, + "aws_oam_link": awsOamLink, + "aws_oam_sink": awsOamSink, + "aws_oam_sink_policy": awsOamSinkPolicy, + "aws_opensearch_authorize_vpc_endpoint_access": awsOpensearchAuthorizeVpcEndpointAccess, + "aws_opensearch_domain": awsElasticsearchDomain, + "aws_opensearch_domain_policy": awsElasticsearchDomainPolicy, + "aws_opensearch_domain_saml_options": awsOpensearchDomainSamlOptions, + "aws_opensearch_inbound_connection_accepter": awsOpensearchInboundConnectionAccepter, + "aws_opensearch_outbound_connection": awsOpensearchOutboundConnection, + "aws_opensearch_package": awsOpensearchPackage, + "aws_opensearch_package_association": awsOpensearchPackageAssociation, + "aws_opensearch_vpc_endpoint": awsOpensearchVPCEndpoint, + "aws_opensearchserverless_access_policy": awsOpenseachserverlessAccessPolicy, + "aws_opensearchserverless_collection": awsOpenseachserverlessCollection, + "aws_opensearchserverless_lifecycle_policy": awsOpenseachserverlessLifecyclePolicy, + "aws_opensearchserverless_security_config": awsOpenseachserverlessSecurityConfig, + "aws_opensearchserverless_security_policy": awsOpenseachserverlessSecurityPolicy, + "aws_opensearchserverless_vpc_endpoint": awsOpenseachserverlessVpcEndpoint, + "aws_opsworks_application": awsOpsworksApplication, + "aws_opsworks_custom_layer": awsOpsworksCustomLayer, + "aws_opsworks_ecs_cluster_layer": awsOpsworksEcsClusterLayer, + "aws_opsworks_ganglia_layer": awsOpsworksGangliaLayer, + "aws_opsworks_haproxy_layer": awsOpsworksHaproxyLayer, + "aws_opsworks_instance": awsOpsworksInstance, + "aws_opsworks_java_app_layer": awsOpsworksJavaAppLayer, + "aws_opsworks_memcached_layer": awsOpsworksMemcachedLayer, + "aws_opsworks_mysql_layer": awsOpsworksMysqlLayer, + "aws_opsworks_nodejs_app_layer": awsOpsworksNodejsAppLayer, + "aws_opsworks_permission": awsOpsworksPermission, + "aws_opsworks_php_app_layer": awsOpsworksPhpAppLayer, + "aws_opsworks_rails_app_layer": awsOpsworksRailsAppLayer, + "aws_opsworks_rds_db_instance": awsOpsworksRdsDBInstance, + "aws_opsworks_stack": awsOpsworksStack, + "aws_opsworks_static_web_layer": awsOpsworksStaticWebLayer, + "aws_opsworks_user_profile": awsOpsworksUserProfile, + "aws_organizations_account": awsOrganizationsAccount, + "aws_organizations_delegated_administrator": awsOrganizationsDelegatedAdministrator, + "aws_organizations_organization": awsOrganizationsOrganization, + "aws_organizations_organizational_unit": awsOrganizationsOrganizationalUnit, + "aws_organizations_policy": awsOrganizationsPolicy, + "aws_organizations_policy_attachment": awsOrganizationsPolicyAttachment, + "aws_organizations_resource_policy": awsOrganizationsResourcePolicy, + "aws_osis_pipeline": awsOsisPipeline, + "aws_paymentcryptography_key": awsPaymentcrytopgraphyKey, + "aws_paymentcryptography_key_alias": awsPaymentcrytopgraphyKeyAlias, + "aws_pinpoint_adm_channel": awsPinpointAdmChannel, + "aws_pinpoint_apns_channel": awsPinpointApnsChannel, + "aws_pinpoint_apns_sandbox_channel": awsPinpointApnsSandboxChannel, + "aws_pinpoint_apns_voip_channel": awsPinpointApnsVoipChannel, + "aws_pinpoint_apns_voip_sandbox_channel": awsPinpointApnsVoipSandboxChannel, + "aws_pinpoint_app": awsPinpointApp, + "aws_pinpoint_baidu_channel": awsPinpointBaiduChannel, + "aws_pinpoint_email_channel": awsPinpointEmailChannel, + "aws_pinpoint_email_template": awsPinpointEmailTemplate, + "aws_pinpoint_event_stream": awsPinpointEventStream, + "aws_pinpoint_gcm_channel": awsPinpointGcmChannel, + "aws_pinpoint_sms_channel": awsPinpointSmsChannel, + "aws_pinpointsmsvoicev2_configuration_set": awsPinpointsmsvoicev2ConfigurationSet, + "aws_pinpointsmsvoicev2_opt_out_list": awsPinpointsmsvoicev2OptOutList, + "aws_pinpointsmsvoicev2_phone_number": awsPinpointsmsvoicev2PhoneNumber, + "aws_pipes_pipe": awsPipesPipe, + "aws_placement_group": awsPlacementGroup, + "aws_prometheus_alert_manager_definition": awsPrometheusAlertManagerDefinition, + "aws_prometheus_rule_group_namespace": awsPrometheusRuleGroupNamespace, + "aws_prometheus_scraper": awsPrometheusScraper, + "aws_prometheus_workspace": awsPrometheusWorkspace, + "aws_proxy_protocol_policy": awsProxyProtocolPolicy, + "aws_qldb_ledger": awsQlbdLedger, + "aws_qldb_stream": awsQldbStream, + "aws_quicksight_account_subscription": awsQuicksightAccountSubscription, + "aws_quicksight_analysis": awsQuicksightAnalysis, + "aws_quicksight_dashboard": awsQuicksightDashboard, + "aws_quicksight_data_set": awsQuicksightDataSet, + "aws_quicksight_data_source": awsQuicksightDataSource, + "aws_quicksight_folder": awsQuicksightFolder, + "aws_quicksight_folder_membership": awsQuicksightFolderMembership, + "aws_quicksight_group": awsQuicksightGroup, + "aws_quicksight_group_membership": awsQuicksightGroupMembership, + "aws_quicksight_iam_policy_assignment": awsQuicksightIamPolicyAssignment, + "aws_quicksight_ingestion": awsQuicksightIngestion, + "aws_quicksight_namespace": awsQuicksightNamespace, + "aws_quicksight_refresh_schedule": awsQuicksightRefreshSchedule, + "aws_quicksight_template": awsQuicksightTemplate, + "aws_quicksight_template_alias": awsQuicksightTemplateAlias, + "aws_quicksight_theme": awsQuicksightTheme, + "aws_quicksight_user": awsQuicksightUser, + "aws_quicksight_vpc_connection": awsQuicksightVpcConnection, + "aws_ram_principal_association": awsRAMPrincipleAssociation, + "aws_ram_resource_association": awsRAMResourceAssociation, + "aws_ram_resource_share": awsRAMResourceShare, + "aws_ram_resource_share_accepter": awsRamResourceShareAccepter, + "aws_ram_sharing_with_organization": awsRamSharingWithOrganization, + "aws_rbin_rule": awsRbinRule, + "aws_rds_certificate": awsRdsCertificate, + "aws_rds_cluster": awsRdsCluster, + "aws_rds_cluster_activity_stream": awsRdsClusterActivityStream, + "aws_rds_cluster_endpoint": awsRdsClusterEndpoint, + "aws_rds_cluster_instance": awsDBInstance, + "aws_rds_cluster_parameter_group": awsRdsClusterParameterGroup, + "aws_rds_cluster_role_association": awsRdsClusterRoleAssociation, + "aws_rds_cluster_snapshot_copy": awsRdsClusterSnapshotCopy, + "aws_rds_custom_db_engine_version": awsRdsCustomDBEngineVersion, + "aws_rds_export_task": awsRdsExportTask, + "aws_rds_global_cluster": awsRdsGlobalCluster, + "aws_rds_instance_state": awsRdsInstanceState, + "aws_rds_integration": awsRdsIntegration, + "aws_rds_reserved_instance": awsRdsReservedInstance, + "aws_redshift_authentication_profile": awsRedshiftAuthenticationProfile, + "aws_redshift_cluster": awsRedshiftCluster, + "aws_redshift_cluster_iam_roles": awsRedshiftClusterIamRoles, + "aws_redshift_cluster_snapshot": awsRedshiftClusterSnapshot, + "aws_redshift_data_share_authorization": awsRedshiftDataShareAuthorization, + "aws_redshift_data_share_consumer_association": awsRedshiftDataShareConsumerAssociation, + "aws_redshift_endpoint_access": awsRedshiftEndpointAccess, + "aws_redshift_endpoint_authorization": awsRedshiftEndpointAuthorization, + "aws_redshift_event_subscription": awsRedshiftEventSubscription, + "aws_redshift_hsm_client_certificate": awsRedshiftHsmClientCertififcate, + "aws_redshift_hsm_configuration": awsRedshiftHsmConfiguration, + "aws_redshift_logging": awsRedshiftLogging, + "aws_redshift_parameter_group": awsRedshiftParameterGroup, + "aws_redshift_partner": awsRedshiftPartner, + "aws_redshift_resource_policy": awsRedshiftResourcePolicy, + "aws_redshift_scheduled_action": awsRedshiftScheduledAction, + "aws_redshift_snapshot_copy": awsRedshiftSnapshotCopy, + "aws_redshift_snapshot_copy_grant": awsRedshiftSnapshotCopyGrant, + "aws_redshift_snapshot_schedule": awsRedshiftSnapshotSchedule, + "aws_redshift_snapshot_schedule_association": awsRedshiftSnapshotScheduleAssociation, + "aws_redshift_subnet_group": awsRedshiftSubnetGroup, + "aws_redshift_usage_limit": awsRedshiftUsageLimit, + "aws_redshiftdata_statement": awsRedshiftdataStatement, + "aws_redshiftserverless_custom_domain_association": awsRedshiftserverlessCustomDomainAssociation, + "aws_redshiftserverless_endpoint_access": awsRedshiftserverlessEndpointAccess, + "aws_redshiftserverless_namespace": awsRedshiftserverlessNamespace, + "aws_redshiftserverless_resource_policy": awsRedshiftserverlessResourcePolicy, + "aws_redshiftserverless_snapshot": awsRedshiftserverlessSnapshot, + "aws_redshiftserverless_usage_limit": awsRedshiftserverlessUsageLimit, + "aws_redshiftserverless_workgroup": awsRedshiftserverlessWorkgroup, + "aws_rekognition_collection": awsRekognitionCollection, + "aws_rekognition_project": awsRekognitionProject, + "aws_rekognition_stream_processor": awsRekognitionStreamProcessor, + "aws_resiliencehub_resiliency_policy": awsResilienceResiliencePolicy, + "aws_resourceexplorer2_index": awsResourceexplorer2Index, + "aws_resourceexplorer2_view": awsResourceexplorer2View, + "aws_resourcegroups_group": awsResourcegroupsGroup, + "aws_resourcegroups_resource": awsResourcegroupsResource, + "aws_rolesanywhere_profile": awsRolesanywhereProfile, + "aws_rolesanywhere_trust_anchor": awsRolesanywhereTrustAnchor, + "aws_route": awsRoute, + "aws_route53_cidr_collection": awsRoute53CidrCollection, + "aws_route53_cidr_location": awsRoute53CidrLocation, + "aws_route53_delegation_set": awsRoute53DelegationSet, + "aws_route53_health_check": awsRoute53HealthCheck, + "aws_route53_hosted_zone_dnssec": awsRoute53HostedZoneDnssec, + "aws_route53_key_signing_key": awsRoute53KeySiginingKey, + "aws_route53_query_log": awsRoute53QueryLog, + "aws_route53_record": awsRoute53Record, + "aws_route53_resolver_config": awsRoute53ResolverConfig, + "aws_route53_resolver_dnssec_config": awsRoute53ResolverDnssecConfig, + "aws_route53_resolver_endpoint": awsRoute53ResolverEndpoint, + "aws_route53_resolver_firewall_config": awsRoute53ResolverFirewallConfig, + "aws_route53_resolver_firewall_domain_list": awsRoute53ResolverFirewallDomainList, + "aws_route53_resolver_firewall_rule": awsRoute53ResolverFirewallRule, + "aws_route53_resolver_firewall_rule_group": awsRoute53ResolverFirewallRuleGroup, + "aws_route53_resolver_firewall_rule_group_association": awsRoute53ResolverFirewallRuleGroupAssociation, + "aws_route53_resolver_query_log_config": awsRoute53ResolverQueryLogConfig, + "aws_route53_resolver_query_log_config_association": awsRoute53ResolverQueryLogConfigAssociation, + "aws_route53_resolver_rule": awsRoute53ResolverRule, + "aws_route53_resolver_rule_association": awsRoute53ResolverRuleAssociation, + "aws_route53_traffic_policy": awsRoute53TrafficPolicy, + "aws_route53_traffic_policy_instance": awsRoute53TrafficPolicyInstance, + "aws_route53_vpc_association_authorization": awsRoute53VpcAssociationAuthorization, + "aws_route53_zone": awsRoute53Zone, + "aws_route53_zone_association": awsRoute53ZoneAssociation, + "aws_route53domains_delegation_signer_record": awsRoute53DomainsDelegationSignerRecord, + "aws_route53domains_domain": awsRoute53DomainsDomain, + "aws_route53domains_registered_domain": awsRoute53DomainsRegisteredDomain, + "aws_route53profiles_association": awsRoute53profilesAssociation, + "aws_route53profiles_profile": awsRoute53profilesProfile, + "aws_route53profiles_resource_association": awsRoute53profilesResourceAssociation, + "aws_route53recoverycontrolconfig_cluster": awsRoute53recoverycontrolconfigCluster, + "aws_route53recoverycontrolconfig_control_panel": awsRoute53recoverycontrolconfigControlPanel, + "aws_route53recoverycontrolconfig_routing_control": awsRoute53recoverycontrolconfigRoutingControl, + "aws_route53recoverycontrolconfig_safety_rule": awsRoute53recoverycontrolconfigSafetyRule, + "aws_route53recoveryreadiness_cell": awsRoute53recoveryreadinessCell, + "aws_route53recoveryreadiness_readiness_check": awsRoute53recoveryreadinessReadinessCheck, + "aws_route53recoveryreadiness_recovery_group": awsRoute53recoveryreadinessRecoveryGroup, + "aws_route53recoveryreadiness_resource_set": awsRoute53recoveryreadinessResourceSet, + "aws_route_table": awsRouteTable, + "aws_route_table_association": awsRouteTableAssociation, + "aws_rum_app_monitor": awsRumAppMonitor, + "aws_rum_metrics_destination": awsRumMetricsDestination, + "aws_s3_access_point": awsS3AccessPoint, + "aws_s3_account_public_access_block": awsS3AccountPublicAccessBlock, + "aws_s3_bucket": awsS3Bucket, + "aws_s3_bucket_accelerate_configuration": awsS3BucketAccelerateConfiguration, + "aws_s3_bucket_acl": awsS3BucketACL, + "aws_s3_bucket_analytics_configuration": awsS3BucketAnalyticsConfiguration, + "aws_s3_bucket_cors_configuration": awsS3BucketCorsConfiguration, + "aws_s3_bucket_intelligent_tiering_configuration": awsS3BucketIntelligentTieringConfiguration, + "aws_s3_bucket_inventory": awsS3BucketInventory, + "aws_s3_bucket_lifecycle_configuration": awsS3BucketLifecycleConfiguration, + "aws_s3_bucket_logging": awsS3BucketLogging, + "aws_s3_bucket_metric": awsS3BucketMetric, + "aws_s3_bucket_notification": awsS3BucketNotification, + "aws_s3_bucket_object": awsS3Object, + "aws_s3_bucket_object_lock_configuration": awsS3BucketObjectLockCOnfiguration, + "aws_s3_bucket_ownership_controls": awsS3BucketOwnershipControls, + "aws_s3_bucket_policy": awsS3BucketPolicy, + "aws_s3_bucket_public_access_block": awsS3BucketPublicAccessBlock, + "aws_s3_bucket_replication_configuration": awsS3BucketReplicationConfiguration, + "aws_s3_bucket_request_payment_configuration": awsS3BucketRequestPaymentConfiguration, + "aws_s3_bucket_server_side_encryption_configuration": awsS3BucketServerSideEncryptionConfiguration, + "aws_s3_bucket_versioning": awsS3BucketVersioning, + "aws_s3_bucket_website_configuration": awsS3BucketWebsiteConfiguration, + "aws_s3_directory_bucket": awsS3DirectoryBucket, + "aws_s3_object": awsS3Object, + "aws_s3_object_copy": awsS3ObjectCopy, + "aws_s3control_access_grant": awsS3controlAccessGrant, + "aws_s3control_access_grants_instance": awsS3controlAccessGrantInstance, + "aws_s3control_access_grants_instance_resource_policy": awsS3controlAccessGrantInstanceResourcePolicy, + "aws_s3control_access_grants_location": awsS3controlAccessGrantLocation, + "aws_s3control_access_point_policy": awsS3controlAccessPointPolicy, + "aws_s3control_bucket": awsS3ControlBucket, + "aws_s3control_bucket_lifecycle_configuration": awsS3ControlBucketLifecycleAssociation, + "aws_s3control_bucket_policy": awsS3ControlBucketPolicy, + "aws_s3control_multi_region_access_point": awscontrolMultiRegionAccessPoint, + "aws_s3control_multi_region_access_point_policy": awscontrolMultiRegionAccessPointPolicy, + "aws_s3control_object_lambda_access_point": awsS3ControlObjectLambdaAccessPoint, + "aws_s3control_object_lambda_access_point_policy": awsS3ControlObjectLambdaAccessPointPolicy, + "aws_s3control_storage_lens_configuration": awsS3ControlStorageLensConfiguration, + "aws_s3outposts_endpoint": awsS3outpostsEndpoint, + "aws_s3tables_namespace": awsS3tablesNamespace, + "aws_s3tables_table": awsS3tablesTable, + "aws_s3tables_table_bucket": awsS3tablesTableBucket, + "aws_s3tables_table_bucket_policy": awsS3tablesTableBucketPolicy, + "aws_s3tables_table_policy": awsS3tablesTablePolicy, + "aws_sagemaker_app": awsSagemakerApp, + "aws_sagemaker_app_image_config": awsSagemakerAppImageConfig, + "aws_sagemaker_code_repository": awsSagemakerCodeRepository, + "aws_sagemaker_data_quality_job_definition": awsSagemakerDataQualityJobDefinition, + "aws_sagemaker_device": awsSagemakerDevice, + "aws_sagemaker_device_fleet": awsSagemakerDeviceFleet, + "aws_sagemaker_domain": awsSagemakerDomain, + "aws_sagemaker_endpoint": awsSagemakerEndpoint, + "aws_sagemaker_endpoint_configuration": awsSagemakerEndpointConfiguration, + "aws_sagemaker_feature_group": awsSagemakerFeatureGroup, + "aws_sagemaker_flow_definition": awsSagemakerFlowDefinition, + "aws_sagemaker_hub": awsSagemakerHub, + "aws_sagemaker_human_task_ui": awsSagemakerHumanTaskUI, + "aws_sagemaker_image": awsSagemakerImage, + "aws_sagemaker_image_version": awsSagemakerImageVersion, + "aws_sagemaker_mlflow_tracking_server": awsSagemakerMlflowTrackingServer, + "aws_sagemaker_model": awsSagemakerModel, + "aws_sagemaker_model_package_group": awsSagemakerModelPackageGroup, + "aws_sagemaker_model_package_group_policy": awsSagemakerModelPackageGroupPolicy, + "aws_sagemaker_monitoring_schedule": awsSagemakerMonitoringSchedule, + "aws_sagemaker_notebook_instance": awsSagemakerNotebookInstance, + "aws_sagemaker_notebook_instance_lifecycle_configuration": awsSagemakerNotebookInstanceLifecycleConfiguration, + "aws_sagemaker_pipeline": awsSagemakerPipeline, + "aws_sagemaker_project": awsSagemakerProject, + "aws_sagemaker_servicecatalog_portfolio_status": awsSagemakerServicecatalogPortfolioStatus, + "aws_sagemaker_space": awsSagemakerSpace, + "aws_sagemaker_studio_lifecycle_config": awsSagemakerStudioLifecycleConfig, + "aws_sagemaker_user_profile": awsSagemakerUserProfile, + "aws_sagemaker_workforce": awsSagemakerWorkforce, + "aws_sagemaker_workteam": awsSagemakerWorkteam, + "aws_scheduler_schedule": awsSchedulerSchedule, + "aws_scheduler_schedule_group": awsSchedulerScheduleGroup, + "aws_schemas_discoverer": awsSchemasDiscoverer, + "aws_schemas_registry": awsSchemasRegistry, + "aws_schemas_registry_policy": awsSchemasRegistryPolicy, + "aws_schemas_schema": awsSchemasSchema, + "aws_secretsmanager_secret": awsSecretsmanagerSecret, + "aws_secretsmanager_secret_policy": awsSecretsmanagerSecretPolicy, + "aws_secretsmanager_secret_rotation": awsSecretsmanagerSecretRotation, + "aws_secretsmanager_secret_version": awsSecretsmanagerSecretVersion, + "aws_security_group": awsSecurityGroup, + "aws_security_group_rule": awsSecurityGroupRule, + "aws_securityhub_account": awsSecurityhubAccount, + "aws_securityhub_action_target": awsSecurityhubActionTarget, + "aws_securityhub_automation_rule": awsSecurityhubAutomationRule, + "aws_securityhub_configuration_policy": awsSecurityhubConfigurationPolicy, + "aws_securityhub_configuration_policy_association": awsSecurityhubConfigurationPolicyAssociation, + "aws_securityhub_finding_aggregator": awsSecurityhubFindingAggregator, + "aws_securityhub_insight": awsSecurityhubInsight, + "aws_securityhub_invite_accepter": awsSecurityHubInviteAccepter, + "aws_securityhub_member": awsSecurityhubMember, + "aws_securityhub_organization_admin_account": awsSecurityhubOrganizationAdminAccount, + "aws_securityhub_organization_configuration": awsSecurityhubOrganizationConfiguration, + "aws_securityhub_product_subscription": awsSecurityhubProductSubscription, + "aws_securityhub_standards_control": awsSecurityhubStandardsControl, + "aws_securityhub_standards_control_association": awsSecurityhubStandardsControlAssociation, + "aws_securityhub_standards_subscription": awsSecurityhubStandardsSubscription, + "aws_securitylake_aws_log_source": awsSecuritylakeAwsLogSource, + "aws_securitylake_custom_log_source": awsSecuritylakeCustomLogSource, + "aws_securitylake_data_lake": awsSecuritylakeDataLake, + "aws_securitylake_subscriber": awsSecuritylakeSubscriber, + "aws_securitylake_subscriber_notification": awsSecuritylakeSubscriberNotification, + "aws_serverlessapplicationrepository_cloudformation_stack": awsServerlessapplicationrepositoryCloudformationStack, + "aws_service_discovery_http_namespace": awsServiceDiscoveryHttpNamespace, + "aws_service_discovery_instance": awsServiceDiscoveryInstance, + "aws_service_discovery_private_dns_namespace": awsServiceDiscoveryPrivateDNSNamespace, + "aws_service_discovery_public_dns_namespace": awsServiceDiscoveryPublicDNSNamespace, + "aws_service_discovery_service": awsServiceDiscoveryService, + "aws_servicecatalog_budget_resource_association": awsServicecatalogBudgetResourceAssociation, + "aws_servicecatalog_constraint": awsServicecatalogConstraint, + "aws_servicecatalog_organizations_access": awsServicecatalogOrganizationAccess, + "aws_servicecatalog_portfolio": awsServicecatalogPortfolio, + "aws_servicecatalog_portfolio_share": awsServicecatalogPortfolioShare, + "aws_servicecatalog_principal_portfolio_association": awsServicecatalogPrincipalPortfolioAssociation, + "aws_servicecatalog_product": awsServicecatalogProduct, + "aws_servicecatalog_product_portfolio_association": awsServicecatalogProductPortfolioAssociation, + "aws_servicecatalog_provisioned_product": awsServicecatalogProvisionedProduct, + "aws_servicecatalog_provisioning_artifact": awsServiceCatalogProvisioningArtifact, + "aws_servicecatalog_service_action": awsServicecatalogServiceAction, + "aws_servicecatalog_tag_option": awsServicecatalogTagOption, + "aws_servicecatalog_tag_option_resource_association": awsServicecatalogTagOptionResourceAssociation, + "aws_servicecatalogappregistry_application": awsServicecatalogappregistryApplication, + "aws_servicecatalogappregistry_attribute_group": awsServicecatalogappregistryAttributeGroup, + "aws_servicecatalogappregistry_attribute_group_association": awsServicecatalogappregistryAttributeGroupAssociation, + "aws_servicequotas_service_quota": awsServicequotasServiceQuota, + "aws_servicequotas_template": awsServiceQuotasTemplate, + "aws_servicequotas_template_association": awsServiceQuotasTemplateAssociation, + "aws_ses_active_receipt_rule_set": awsSesActiveReceiptRuleSet, + "aws_ses_configuration_set": awsSesConfigurationSet, + "aws_ses_domain_dkim": awsSesDomainDkim, + "aws_ses_domain_identity": awsSesDomainIdentity, + "aws_ses_domain_identity_verification": awsSesDomainIdentityVerification, + "aws_ses_domain_mail_from": awsSesDomainMailFrom, + "aws_ses_email_identity": awsSesEmailIdentity, + "aws_ses_event_destination": awsSesEventDestination, + "aws_ses_identity_notification_topic": awsSesIdentityNotificationTopic, + "aws_ses_identity_policy": awsSesIdentityPolicy, + "aws_ses_receipt_filter": awsSesReceiptFilter, + "aws_ses_receipt_rule": awsSesReceiptRule, + "aws_ses_receipt_rule_set": awsSesReceiptRuleSet, + "aws_ses_template": awsSesTemplate, + "aws_sesv2_account_suppression_attributes": awsSesv2AccountSuppressionAttributes, + "aws_sesv2_account_vdm_attributes": awsSesv2AccountVdmAttributes, + "aws_sesv2_configuration_set": awsSesv2ConfigurationSet, + "aws_sesv2_configuration_set_event_destination": awsSesv2ConfigurationSetEventDestination, + "aws_sesv2_contact_list": awsSesv2ContactList, + "aws_sesv2_dedicated_ip_assignment": awsSesv2DedicatedIPAssignment, + "aws_sesv2_dedicated_ip_pool": awsSesv2DedicatedIPPool, + "aws_sesv2_email_identity": awsSesv2EmailIdentity, + "aws_sesv2_email_identity_feedback_attributes": awsSesv2EmailIdentityFeedbackAttributes, + "aws_sesv2_email_identity_mail_from_attributes": awsSesv2EmailIdentityMailFromAttributes, + "aws_sesv2_email_identity_policy": awsSesv2EmailIdentityPolicy, + "aws_sfn_activity": awsSfnActivity, + "aws_sfn_alias": awsSfnAlias, + "aws_sfn_state_machine": awsSfnStateMachine, + "aws_shield_application_layer_automatic_response": awsShieldApplicationLayerAutomaticsResponse, + "aws_shield_drt_access_log_bucket_association": awsShieldDrtAccessLogBucketAssociation, + "aws_shield_drt_access_role_arn_association": awsShieldDrtAccessRoleArnAssociation, + "aws_shield_proactive_engagement": awsShieldProactiveEngagement, + "aws_shield_protection": awsShieldProtection, + "aws_shield_protection_group": awsShieldProtectionGroup, + "aws_shield_protection_health_check_association": awsShieldProtectionHealthCheckAssociation, + "aws_shield_subscription": awsShieldSubscription, + "aws_signer_signing_job": awsSignerSigningJob, + "aws_signer_signing_profile": awsSignerSigningProfile, + "aws_signer_signing_profile_permission": awsSignerSigningProfilePermission, + "aws_simpledb_domain": awsSimpledbDomain, + "aws_snapshot_create_volume_permission": awsSnapshotCreateVolumePermission, + "aws_sns_platform_application": awsSnsPlatformApplication, + "aws_sns_sms_preferences": awsSnsSmsPreferences, + "aws_sns_topic": awsSnsTopic, + "aws_sns_topic_data_protection_policy": awsSnsTopicDataProtection, + "aws_sns_topic_policy": awsSnsTopicPolicy, + "aws_sns_topic_subscription": awsSnsTopicSubscription, + "aws_spot_datafeed_subscription": awsSpotDatafeedSubscription, + "aws_spot_fleet_request": awsSpotFleetRequest, + "aws_spot_instance_request": awsSpotInstanceRequest, + "aws_sqs_queue": awsSqsQueue, + "aws_sqs_queue_policy": awsSqsQueuePolicy, + "aws_sqs_queue_redrive_allow_policy": awsSqsQueueRedriveAllowPolicy, + "aws_sqs_queue_redrive_policy": awsSqsQueueRedrivePolicy, + "aws_ssm_activation": awsSsmActivation, + "aws_ssm_association": awsSsmAssociation, + "aws_ssm_default_patch_baseline": awsSsmDefaultPatchBaseline, + "aws_ssm_document": awsSsmDocument, + "aws_ssm_maintenance_window": awsSsmMaintenanceWindow, + "aws_ssm_maintenance_window_target": awsSsmMaintenanceWindowTarget, + "aws_ssm_maintenance_window_task": awsSsmMaintenanceWindowTask, + "aws_ssm_parameter": awsSsmParameter, + "aws_ssm_patch_baseline": awsSsmPatchBaseline, + "aws_ssm_patch_group": awsSsmPatchGroup, + "aws_ssm_resource_data_sync": awsSsmResourceDataSync, + "aws_ssm_service_setting": awsSsmServiceSetting, + "aws_ssmcontacts_contact": awsSsmcontactsContact, + "aws_ssmcontacts_contact_channel": awsSsmcontactContactChannel, + "aws_ssmcontacts_plan": awsSsmcontactsPlan, + "aws_ssmcontacts_rotation": awsSsmcontactsRotation, + "aws_ssmincidents_replication_set": awsSsmincidentsReplicationSet, + "aws_ssmincidents_response_plan": awsSsmincidentsResponsePlan, + "aws_ssmquicksetup_configuration_manager": awsSsmquicksetupConfigurationManager, + "aws_ssoadmin_account_assignment": awsSsoadminAccountAssignment, + "aws_ssoadmin_application": awsSsoadminApplication, + "aws_ssoadmin_application_access_scope": awsSsoadminApplicationAccessScope, + "aws_ssoadmin_application_assignment": awsSsoadminApplicationAssignment, + "aws_ssoadmin_application_assignment_configuration": awsSsoadminApplicationAssignmentConfiguration, + "aws_ssoadmin_customer_managed_policy_attachment": awsSsoadminCustomerManagedPolicyAttachment, + "aws_ssoadmin_instance_access_control_attributes": awsSsoadminInstanceAccessControlAttributes, + "aws_ssoadmin_managed_policy_attachment": awsSsoadminManagedPolicyAttachment, + "aws_ssoadmin_permission_set": awsSsoadminPermissionSet, + "aws_ssoadmin_permission_set_inline_policy": awsSsoadminPermissionSetInlinePolicy, + "aws_ssoadmin_permissions_boundary_attachment": awsSsoadminPermissionsBoundaryAttachment, + "aws_ssoadmin_trusted_token_issuer": awsSsoadminTrustedTokenIssuer, + "aws_storagegateway_cache": awsStoragegatewayCache, + "aws_storagegateway_cached_iscsi_volume": awsStoragegatewayCachedIscsiVolume, + "aws_storagegateway_file_system_association": awsStoragegatewayFileSystemAssociation, + "aws_storagegateway_gateway": awsStoragegatewayGateway, + "aws_storagegateway_nfs_file_share": awsStoragegatewayNfsFileShare, + "aws_storagegateway_smb_file_share": awsStoragegatewaySmbFileShare, + "aws_storagegateway_stored_iscsi_volume": awsStoragegatewayStoredIscsiVolume, + "aws_storagegateway_tape_pool": awsStoragegatewayTapePool, + "aws_storagegateway_upload_buffer": awsStoragegatewayUploadBuffer, + "aws_storagegateway_working_storage": awsStoragegatewayWorkingStorage, + "aws_subnet": awsSubnet, + "aws_swf_domain": awsSwfDomain, + "aws_synthetics_canary": awsSyntheticsCanary, + "aws_synthetics_group": awsSyntheticsGroup, + "aws_synthetics_group_association": awsSyntheticsGroupAssociation, + "aws_timestreaminfluxdb_db_instance": awsTimestreamhubFindingAggregator, + "aws_timestreamquery_scheduled_query": awsTimestreamqueryScheduledQuery, + "aws_timestreamwrite_database": awsTimestreamwriteDatabase, + "aws_timestreamwrite_table": awsTimestreamwriteTable, + "aws_transcribe_language_model": awsTranscribeLanguageModel, + "aws_transcribe_medical_vocabulary": awsTranscribeMedicalVocabulary, + "aws_transcribe_vocabulary": awsTranscribeVocabulary, + "aws_transcribe_vocabulary_filter": awsTranscribeVocabularyFilter, + "aws_transfer_access": awsTransferAccess, + "aws_transfer_agreement": awsTransferAgreement, + "aws_transfer_certificate": awsTransferCertificate, + "aws_transfer_connector": awsTransferConnector, + "aws_transfer_profile": awsTransferProfile, + "aws_transfer_server": awsTransferServer, + "aws_transfer_ssh_key": awsTransferSSHKey, + "aws_transfer_tag": awsTransferTag, + "aws_transfer_user": awsTransferUser, + "aws_transfer_workflow": awsTransferWorkflow, + "aws_verifiedaccess_endpoint": awsVerifiedaccessEndpoint, + "aws_verifiedaccess_group": awsVerifiedaccessGroup, + "aws_verifiedaccess_instance": awsVerifiedaccessInstance, + "aws_verifiedaccess_instance_logging_configuration": awsVerifiedaccessInstanceLoggingConfiguration, + "aws_verifiedaccess_instance_trust_provider_attachment": awsVerifiedaccessInstanceTrustProviderAttachment, + "aws_verifiedaccess_trust_provider": awsVerifiedaccessTrustProvider, + "aws_verifiedpermissions_identity_source": awsVerifiedpermissionsIdentitySource, + "aws_verifiedpermissions_policy": awsVerifiedpermissionsPolicy, + "aws_verifiedpermissions_policy_store": awsVerifiedpermissionsPolicyStore, + "aws_verifiedpermissions_policy_template": awsVerifiedpermissionsPolicyTemplate, + "aws_verifiedpermissions_schema": awsVerifiedpermissionsSchema, + "aws_volume_attachment": awsVolumeAttachment, + "aws_vpc": awsVpc, + "aws_vpc_block_public_access_exclusion": awsVpcBlockPublicAccessExclusion, + "aws_vpc_block_public_access_options": awsVpcBlockPublicAccessOptions, + "aws_vpc_dhcp_options": awsVpcDhcpOptions, + "aws_vpc_dhcp_options_association": awsVpcDhcpOptionsAssociation, + "aws_vpc_endpoint": awsVpcEndpoint, + "aws_vpc_endpoint_connection_accepter": awsVpcEndpointConnectionAccepter, + "aws_vpc_endpoint_connection_notification": awsVpcEndpointConnectionNotification, + "aws_vpc_endpoint_policy": awsVpcEndpointPolicy, + "aws_vpc_endpoint_private_dns": awsVpcEndpointPrivateDns, + "aws_vpc_endpoint_route_table_association": awsVpcEndpointRouteTableAssociation, + "aws_vpc_endpoint_security_group_association": awsVpcEndpointSecurityGroupAssociation, + "aws_vpc_endpoint_service": awsVpcEndpointService, + "aws_vpc_endpoint_service_allowed_principal": awsVpcEndpointServiceAllowedPrincipal, + "aws_vpc_endpoint_service_private_dns_verification": awsVpcEndpointServicePrivateDnsVerification, + "aws_vpc_endpoint_subnet_association": awsVpcEndpointSubnetAssociation, + "aws_vpc_ipam": awsVpcIpam, + "aws_vpc_ipam_organization_admin_account": awsVpcIpamOrganizationAdminAccount, + "aws_vpc_ipam_pool": awsVpcIpamPool, + "aws_vpc_ipam_pool_cidr": awsVpcIpamPoolCidr, + "aws_vpc_ipam_pool_cidr_allocation": awsVpcIpamPoolCidrAllocation, + "aws_vpc_ipam_preview_next_cidr": awsVpcIpamPreviewNextCidr, + "aws_vpc_ipam_resource_discovery": awsVpcIpamResourceDiscovery, + "aws_vpc_ipam_resource_discovery_association": awsVpcIpamResourceDiscoveryAssociation, + "aws_vpc_ipam_scope": awsVpcIpamScope, + "aws_vpc_ipv4_cidr_block_association": awsVpcIpv4CidrBlockAssociation, + "aws_vpc_ipv6_cidr_block_association": awsVpcIpv6CidrBlockAssociation, + "aws_vpc_network_performance_metric_subscription": awsVpcNetworkPerformanceMetricSubscription, + "aws_vpc_peering_connection": awsVpcPeeringConnection, + "aws_vpc_peering_connection_accepter": awsVpcPeeringConnectionAccepter, + "aws_vpc_peering_connection_options": awsVpcPeeringConnectionOptions, + "aws_vpc_security_group_egress_rule": awsVpcSecurityGroupEgressRule, + "aws_vpc_security_group_ingress_rule": awsVpcSecurityGroupIngressRule, + "aws_vpc_security_group_vpc_association": awsVpcSecurityGroupAssociation, + "aws_vpclattice_access_log_subscription": awsVpclatticeAccesLogSubscription, + "aws_vpclattice_auth_policy": awsVpclatticeAuthPolicy, + "aws_vpclattice_listener": awsVpclatticeListener, + "aws_vpclattice_listener_rule": awsVpclatticeListernerRule, + "aws_vpclattice_resource_configuration": awsVpclatticeResourceConfiguration, + "aws_vpclattice_resource_gateway": awsVpclatticeResourceGateway, + "aws_vpclattice_resource_policy": awsVpclatticeResourcePolicy, + "aws_vpclattice_service": awsVpclatticeService, + "aws_vpclattice_service_network": awsVpclatticeServiceNetwork, + "aws_vpclattice_service_network_resource_association": awsVpclatticeServiceNetworkResourceAssociation, + "aws_vpclattice_service_network_service_association": awsVpclatticeServiceNetworkServiceAssocation, + "aws_vpclattice_service_network_vpc_association": awsVpclatticeServiceNetworkVpcAssociation, + "aws_vpclattice_target_group": awsVpclatticeTargetGroup, + "aws_vpclattice_target_group_attachment": awsVpclatticeTargetGroupAssociation, + "aws_vpn_connection": awsVpnConnection, + "aws_vpn_connection_route": awsVpnConnectionRoute, + "aws_vpn_gateway": awsVpnGateway, + "aws_vpn_gateway_attachment": awsVpnGatewayAttachment, + "aws_vpn_gateway_route_propagation": awsVpnGatewayRoutePropagation, + "aws_waf_byte_match_set": awsWafByteMatchSet, + "aws_waf_geo_match_set": awsWafGeoMatchSet, + "aws_waf_ipset": awsWafIpset, + "aws_waf_rate_based_rule": awsWafRateBasedRule, + "aws_waf_regex_match_set": awsWafRegexMatchSet, + "aws_waf_regex_pattern_set": awsWafRegexPatternSet, + "aws_waf_rule": awsWafRule, + "aws_waf_rule_group": awsWafRuleGroup, + "aws_waf_size_constraint_set": awsWafSizeConstraintSet, + "aws_waf_sql_injection_match_set": awsWafSQLInjectionMatchSet, + "aws_waf_web_acl": awsWafWebACL, + "aws_waf_xss_match_set": awsWafXSSNatchSet, + "aws_wafregional_byte_match_set": awsWafregionalByteMatchSet, + "aws_wafregional_geo_match_set": awsWafregionalGeoMatchSet, + "aws_wafregional_ipset": awsWafregionalIpset, + "aws_wafregional_rate_based_rule": awsWafregionalRateBasedRule, + "aws_wafregional_regex_match_set": awsWafregionalRegexMatchSet, + "aws_wafregional_regex_pattern_set": awsWafregionalRegexPatternSet, + "aws_wafregional_rule": awsWafregionalRule, + "aws_wafregional_rule_group": awsWafregionalRuleGroup, + "aws_wafregional_size_constraint_set": awsWafregionalSizeConstraintSet, + "aws_wafregional_sql_injection_match_set": awsWafregionalSQLInjectionMatchSet, + "aws_wafregional_web_acl": awsWafregionalWebACL, + "aws_wafregional_web_acl_association": awsWafregionalWebACLAssociation, + "aws_wafregional_xss_match_set": awsWafregionalXSSNatchSet, + "aws_wafv2_ip_set": awsWafv2IpSet, + "aws_wafv2_regex_pattern_set": awsWafv2RegexPatternSet, + "aws_wafv2_rule_group": awsWafv2RuleGroup, + "aws_wafv2_web_acl": awsWafv2WebACL, + "aws_wafv2_web_acl_association": awsWafv2WebACLAssociation, + "aws_wafv2_web_acl_logging_configuration": awsWafv2WebACLLoggingConfiguration, + "aws_worklink_fleet": placeholder, + "aws_worklink_website_certificate_authority_association": placeholder, + "aws_workspaces_connection_alias": awsWorkspacesConnectionAlias, + "aws_workspaces_directory": awsWorkspacesDirectory, + "aws_workspaces_ip_group": awsWorkspacesIPGroup, + "aws_workspaces_workspace": awsWorkspacesWorkspace, + "aws_xray_encryption_config": awsXrayEncryptionConfig, + "aws_xray_group": awsXrayGroup, + "aws_xray_sampling_rule": awsXraySamplingRule, + "backend": s3backend, + "aws_cloudwatch_contributor_insight_rule": awsCloudwatchContributorInsightRule, + "aws_cloudwatch_contributor_managed_insight_rule": awsCloudwatchContributorManagedInsightRule, + "aws_qbusiness_application": awsQbusinessApplication, + "aws_dataexchange_event_action": awsDataexchangeEventAction, + "aws_macie2_organization_configuration": awsMacie2OrganizationConfiguration, + "aws_neptunegraph_graph": awsNeptunegraphGraph, + "aws_quicksight_role_membership": awsQuicksightRoleMembership, + "aws_rds_shard_group": awsRdsShardGroup, + "aws_xray_resource_policy": awsXrayResourcePolicy, + "aws_lakeformation_opt_in": awsLakeformationOptIn, + "aws_network_interface_permission": awsNetworkInterfacePermission, + "aws_route53_records_exclusive": awsRoute53RecordsExclusive, + "aws_athena_capacity_reservation": awsAthenaCapacityReservation, + "aws_redshift_integration": awsRedshiftIntegration, + "aws_backup_restore_testing_plan": awsBackupRestoreTestingPlan, + "aws_ec2_default_credit_specification": awsEc2DefaultCreditSpecification, + "aws_bedrockagent_prompt": awsBedrockagentPrompt, + "aws_cloudfrontkeyvaluestore_keys_exclusive": awsCloudfrontkeyvaluestoreKeysExclusive, + "aws_dataexchange_revision_assets": awsDataexchangeRevisionAssets, + "aws_inspector2_filter": awsInspector2Filter, + "aws_wafv2_api_key": awsWafv2ApiKey, + "aws_notifications_channel_association": awsNotificationsChannelAssociation, + "aws_notifications_event_rule": awsNotificationsEventRule, + "aws_notifications_notification_configuration": awsNotificationsNotificationConfiguration, + "aws_notifications_notification_hub": awsNotificationsNotificationHub, + "aws_notificationscontacts_email_contact": awsNotificationscontactsEmailContact, + "aws_quicksight_account_settings": awsQuicksightAccountSettings, + "aws_workspacesweb_browser_settings": awsWorkspaceswebBrowserSettings, + "aws_workspacesweb_network_settings": awsWorkspaceswebNetworkSettings, + "aws_workspacesweb_user_settings": awsWorkspaceswebUserSettings, + "aws_dsql_cluster": awsDsqlCluster, + "aws_dsql_cluster_peering": awsDsqlClusterPeering, + "aws_lightsail_bucket_access_key": awsLightsailBucketAccessKey, + "aws_prometheus_workspace_configuration": awsPrometheusWorkspaceConfiguration, + "aws_s3control_directory_bucket_access_point_scope": awsS3controlDirectoryBucketAccessPointScope, + "aws_vpc_route_server": awsVpcRouteServer, + "aws_vpc_route_server_association": placeholder, + "aws_vpc_route_server_propagation": awsVpcRouteServerPropagation, + "aws_vpc_route_server_vpc_association": awsVpcRouteServerVpcAssociation, + "aws_workspacesweb_data_protection_settings": awsWorkspaceswebDataProtectionSettings, + "aws_workspacesweb_ip_access_settings": awsWorkspaceswebIpAccessSettings, + "aws_workspacesweb_user_access_logging_settings": awsWorkspaceswebUserAccessLoggingSettings, +} // GetAWSPermissions for AWS resources. func GetAWSPermissions(result ResourceV2) ([]string, error) { + // Validate the input + if result.TypeName == "" { + return nil, &emptyTypeNameError{} + } + + if result.Name == "" { + return nil, &emptyNameError{} + } + var ( err error Permissions []string ) switch result.TypeName { - case "resource", terraform: + case resource, terraform: { Permissions, err = GetAWSResourcePermissions(result) - if err != nil { - return Permissions, err + return Permissions, &getAWSResourcePermissionsError{err} } } - case "data": + case data: { Permissions, err = GetAWSDataPermissions(result) if err != nil { - return Permissions, err + return Permissions, &getAWSDataPermissionsError{err} } } - case "module": + case module: { // do nothing this is a module not a base resource type, and // we shouldn't really be able to get here unless well bad naming @@ -57,805 +1598,18 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) { if temp := AwsLookup(result.Name); temp != nil { Permissions, err = GetPermissionMap(temp.([]byte), result.Attributes, result.Name) } else { - return nil, fmt.Errorf("%s not implemented", result.Name) + return nil, ¬ImplementedResourceError{result.Name} } return Permissions, err } func AwsLookup(name string) interface{} { - TFLookup := map[string]interface{}{ - "aws_accessanalyzer_analyzer": awsAccessAnalyzer, - "aws_accessanalyzer_archive_rule": awsAccessAnalyzerArchiveRule, - "aws_account_alternate_contact": awsAccountAlternativeContact, - "aws_account_primary_contact": awsAccountPrimaryContact, - "aws_account_region": awsAccountRegion, - "aws_acm_certificate": AWSAcmCertificate, - "aws_acm_certificate_validation": placeholder, - "aws_acmpca_certificate": awsAcmpcaCertificate, - "aws_acmpca_certificate_authority": awsAcmpcaCertificateAuthority, - "aws_acmpca_certificate_authority_certificate": awsAcmpcaCertificateAuthorityCertificate, - "aws_acmpca_permission": awsAcmpcaPermission, - "aws_acmpca_policy": awsAcmpcaPolicy, - "aws_alb": awsLb, - "aws_alb_listener": awsLbListener, - "aws_alb_target_group": awsLbTargetGroup, - "aws_alb_target_group_attachment": awsLbTargetGroupAttachment, - "aws_ami": awsAmi, - "aws_ami_copy": awsAmiCopy, - "aws_ami_from_instance": awsAmiFromInstance, - "aws_ami_launch_permission": awsAmiLauchPermission, - "aws_api_gateway_account": awsAPIGatewayAccount, - "aws_api_gateway_api_key": awsApigatewayv2Api, - "aws_api_gateway_authorizer": awsApigatewayv2Api, - "aws_api_gateway_base_path_mapping": awsApigatewayv2Api, - "aws_api_gateway_client_certificate": awsAPIGatewayRestAPI, - "aws_api_gateway_deployment": awsApigatewayv2Api, - "aws_api_gateway_documentation_part": awsApigatewayv2Api, - "aws_api_gateway_documentation_version": awsApigatewayv2Api, - "aws_api_gateway_domain_name": awsApigatewayv2Api, - "aws_api_gateway_gateway_response": awsApigatewayv2Api, - "aws_api_gateway_integration": awsApigatewayv2Api, - "aws_api_gateway_integration_response": awsApigatewayv2Api, - "aws_api_gateway_method": awsApigatewayv2Api, - "aws_api_gateway_method_response": awsApigatewayv2Api, - "aws_api_gateway_method_settings": awsApigatewayv2Api, - "aws_api_gateway_model": awsApigatewayv2Api, - "aws_api_gateway_request_validator": awsAPIGatewayRestAPI, - "aws_api_gateway_resource": awsApigatewayv2Api, - "aws_api_gateway_rest_api": awsAPIGatewayRestAPI, - "aws_api_gateway_rest_api_policy": awsApigatewayv2Api, - "aws_api_gateway_stage": awsApigatewayv2Api, - "aws_api_gateway_usage_plan": awsApigatewayv2Api, - "aws_api_gateway_usage_plan_key": awsApigatewayv2Api, - "aws_api_gateway_vpc_link": awsApigatewayv2Api, - "aws_apigatewayv2_api": awsApigatewayv2Api, - "aws_apigatewayv2_api_mapping": awsApigatewayv2Api, - "aws_apigatewayv2_authorizer": awsApigatewayv2Api, - "aws_apigatewayv2_deployment": awsApigatewayv2Api, - "aws_apigatewayv2_domain_name": awsApigatewayv2Api, - "aws_apigatewayv2_integration": awsApigatewayv2Api, - "aws_apigatewayv2_integration_response": awsApigatewayv2Api, - "aws_apigatewayv2_model": awsApigatewayv2Api, - "aws_apigatewayv2_route": awsApigatewayv2Api, - "aws_apigatewayv2_route_response": awsApigatewayv2Api, - "aws_apigatewayv2_stage": awsApigatewayv2Api, - "aws_apigatewayv2_vpc_link": awsApigatewayv2Api, - "aws_app_cookie_stickiness_policy": awsAppCookieStickinessPolicy, - "aws_appautoscaling_policy": awsAppautoscalingPolicy, - "aws_appautoscaling_scheduled_action": awsAppautoscalingScheduledAction, - "aws_appautoscaling_target": awsAppautoscalingTarget, - "aws_appconfig_application": awsAppconfigApplication, - "aws_appconfig_configuration_profile": awsAppconfigConfigurationProfile, - "aws_applicationinsights_application": awsApplicationinsightsApplication, - "aws_athena_data_catalog": awsAthenaDataCatalog, - "aws_athena_database": awsAthenaDatabase, - "aws_athena_named_query": awsAthenaNamedQuery, - "aws_athena_workgroup": awsAthenaWorkgroup, - "aws_auditmanager_account_registration": awsAuditmanagerAccountRegistration, - "aws_auditmanager_assessment": awsAuditmanagerAssessment, - "aws_auditmanager_assessment_delegation": awsAuditmanagerAssessmentDelegation, - "aws_auditmanager_assessment_report": awsAuditmanagerAssessmentReport, - "aws_auditmanager_control": awsAuditmanagerControl, - "aws_auditmanager_framework": awsAuditmanagerFramework, - "aws_auditmanager_framework_share": awsAuditmanagerFrameworkShare, - "aws_auditmanager_organization_admin_account_registration": awsAuditmanagerOrganizationAdminAccountRegistration, - "aws_autoscaling_attachment": awsAutoscalingAttachment, - "aws_autoscaling_group": awsAutoscalingGroup, - "aws_autoscaling_group_tag": awsAutoscalingGroupTag, - "aws_autoscaling_lifecycle_hook": awsAutoscalingLifecycleHook, - "aws_autoscaling_notification": awsAutoscalingNotification, - "aws_autoscaling_policy": awsAutoscalingPolicy, - "aws_autoscaling_schedule": awsAutoscalingSchedule, - "aws_autoscaling_traffic_source_attachment": awsAutoscalingTrafficSourceAttachment, - "aws_autoscalingplans_scaling_plan": awsAutoscalingplansScalingPlan, - "aws_backup_framework": awsBackupFramework, - "aws_backup_global_settings": awsBackupGlobalSettings, - "aws_backup_plan": awsBackupPlan, - "aws_backup_region_settings": awsBackupRegionSettings, - "aws_backup_report_plan": awsBackupReportPlan, - "aws_backup_selection": awsBackupSelection, - "aws_backup_vault": awsBackupVault, - "aws_backup_vault_lock_configuration": awsBackupVaultLockConfiguration, - "aws_backup_vault_notifications": awsBackupVaultNotification, - "aws_backup_vault_policy": awsBackupVaultPolicy, - "aws_batch_compute_environment": awsBatchComputeEnvironment, - "aws_batch_job_definition": awsBatchJobDefinition, - "aws_batch_job_queue": awsBatchJobQueue, - "aws_batch_scheduling_policy": awsBatchSchedulingPolicy, - "aws_bedrock_custom_model": awsBedrockCustomModel, - "aws_bedrock_model_invocation_logging_configuration": awsBedrockModelInvocationLoggingConfiguration, - "aws_bedrock_provisioned_model_throughput": awsBedrockProvisionedModelThroughput, - "aws_bedrockagent_agent": awsBedrockagentAgent, - "aws_bedrockagent_agent_action_group": awsBedrockagentActionGroup, - "aws_bedrockagent_agent_alias": awsBedrockagentAgentAlias, - "aws_budgets_budget": awsBudgetsBudget, - "aws_budgets_budget_action": awsBudgetsBudgetAction, - "aws_ce_anomaly_monitor": awsCeAnomalyMonitor, - "aws_ce_anomaly_subscription": awsCeAnomalySubscription, - "aws_ce_cost_allocation_tag": awsCeCostAllocationTag, - "aws_ce_cost_category": awsCeCostCategory, - "aws_cloud9_environment_ec2": awsCloud9EnvironmentEc2, - "aws_cloudformation_stack": awsCloudformationStack, - "aws_cloudformation_stack_set": awsCloudFormationStackSet, - "aws_cloudformation_stack_set_instance": awsCloudFormationStackSetInstance, - "aws_cloudformation_type": awsCloudformationType, - "aws_cloudfront_cache_policy": awsCloudfrontCachePolicy, - "aws_cloudfront_continuous_deployment_policy": awsCloudfrontContinuousDeploymentPolicy, - "aws_cloudfront_distribution": awsCloudfrontDistribution, - "aws_cloudfront_field_level_encryption_config": awsCloudfrontFieldLevelEncryptionConfig, - "aws_cloudfront_field_level_encryption_profile": awsCloudfrontFieldLevelEncryptionProfile, - "aws_cloudfront_function": awsCloudfrontFunction, - "aws_cloudfront_key_group": awsCloudfrontKeyGroup, - "aws_cloudfront_monitoring_subscription": awsCloudfrontMonitoringSubscription, - "aws_cloudfront_origin_access_control": awsCloudfrontOriginAccessControl, - "aws_cloudfront_origin_access_identity": awsCloudfrontOriginAccessIdentity, - "aws_cloudfront_origin_request_policy": awsCloudfrontOriginRequestPolicy, - "aws_cloudfront_public_key": awsCloudfrontPublicKey, - "aws_cloudfront_response_headers_policy": awsCloudfrontResponseHeadersPolicy, - "aws_cloudsearch_domain": awsCloudsearchDomain, - "aws_cloudsearch_domain_service_access_policy": awsCloudsearchDomainServiceAccessPolicy, - "aws_cloudtrail": awsCloudtrail, - "aws_cloudtrail_event_data_store": awsCloudtrailEventDataStore, - "aws_cloudwatch_composite_alarm": awsCloudwatchCompositeAlarm, - "aws_cloudwatch_dashboard": awsCloudwatchDashboard, - "aws_cloudwatch_event_api_destination": awsCloudwatchEventAPIDestination, - "aws_cloudwatch_event_archive": awsCloudwatchEventArchive, - "aws_cloudwatch_event_bus": awsCloudwatchEventBus, - "aws_cloudwatch_event_bus_policy": awsCloudwatchEventBusPolicy, - "aws_cloudwatch_event_connection": awsCloudwatchEventConnection, - "aws_cloudwatch_event_endpoint": awsCloudwatchEventEndpoint, - "aws_cloudwatch_event_permission": awsCloudwatchEventPermission, - "aws_cloudwatch_event_rule": awsCloudwatchEventRule, - "aws_cloudwatch_event_target": awsCloudwatchEventTarget, - "aws_cloudwatch_log_data_protection_policy": awsCloudwatchLogDataProtectionPolicy, - "aws_cloudwatch_log_destination": awsCloudwatchLogDestination, - "aws_cloudwatch_log_destination_policy": awsCloudwatchLogDestinationPolicy, - "aws_cloudwatch_log_group": awsCloudwatchLogGroup, - "aws_cloudwatch_log_metric_filter": awsCloudwatchLogMetricFilter, - "aws_cloudwatch_log_resource_policy": awsCloudwatchLogResourcePolicy, - "aws_cloudwatch_log_stream": awsCloudwatchLogStream, - "aws_cloudwatch_log_subscription_filter": awsCloudwatchLogSubscriptionFilter, - "aws_cloudwatch_metric_alarm": awsCloudwatchMetricAlarm, - "aws_cloudwatch_metric_stream": awsCloudwatchMetricStream, - "aws_cloudwatch_query_definition": awsCloudwatchQueryDestination, - "aws_codeartifact_domain": awsCodeartifactDomain, - "aws_codeartifact_domain_permissions_policy": awsCodeartifactDomainPermissionsPolicy, - "aws_codeartifact_repository": awsCodeartifactRepository, - "aws_codeartifact_repository_permissions_policy": awsCodeartifactRepositoryPermissionsPolicy, - "aws_codebuild_project": awsCodebuildProject, - "aws_codebuild_report_group": awsCodebuildReportGroup, - "aws_codebuild_resource_policy": awsCodebuildResourcePolicy, - "aws_codebuild_source_credential": awsCodebuildSourceCredential, - "aws_codebuild_webhook": awsCodebuildWebhook, - "aws_codecatalyst_dev_environment": placeholder, - "aws_codecatalyst_project": placeholder, - "aws_codecatalyst_source_repository": placeholder, - "aws_codecommit_approval_rule_template": awsCodecommitApprovalRuleTemplate, - "aws_codecommit_approval_rule_template_association": awsCodecommitApprovalRuleTemplateAssociation, - "aws_codecommit_repository": awsCodecommitRepository, - "aws_codecommit_trigger": awsCodecommitTrigger, - "aws_codedeploy_app": awsCodedeployApp, - "aws_codedeploy_deployment_config": awsCodedeployDeploymentConfig, - "aws_codedeploy_deployment_group": awsCodedeployDeploymentGroup, - "aws_codeguruprofiler_profiling_group": awsCodeguruprofilerProfilingGroup, - "aws_codegurureviewer_repository_association": awsCodegurureviewerRepositoryAssociation, - "aws_codepipeline": awsCodepipeline, - "aws_codepipeline_custom_action_type": awsCodepipelineCustomActionType, - "aws_codepipeline_webhook": awsCodepipelineWebhook, - "aws_codestarconnections_connection": awsCodestarconnectionsConnection, - "aws_codestarconnections_host": awsCodestarconnectionsHost, - "aws_codestarnotifications_notification_rule": awsCodestarconnectionsNotificationsRule, - "aws_cognito_identity_pool": awsCognitoIdentityPool, - "aws_cognito_identity_provider": awsCognitoIdentityProvider, - "aws_cognito_resource_server": awsCognitoResourceServer, - "aws_cognito_risk_configuration": awsCognitoRiskConfiguration, - "aws_cognito_user": awsCognitoUser, - "aws_cognito_user_group": awsCognitoUserGroup, - "aws_cognito_user_in_group": awsCognitoUserInGroup, - "aws_cognito_user_pool": awsCognitoUserPool, - "aws_cognito_user_pool_client": awsCognitoUserPoolClient, - "aws_cognito_user_pool_domain": awsCognitoUserPoolDomain, - "aws_cognito_user_pool_ui_customization": awsCognitoUserPoolUICustomization, - "aws_config_config_rule": awsConfigConfigRule, - "aws_config_configuration_aggregator": awsConfigConfigurationAggregator, - "aws_config_configuration_recorder": awsConfigConfigurationRecorder, - "aws_config_configuration_recorder_status": awsConfigConfigurationRecorderStatus, - "aws_config_delivery_channel": awsConfigDeliveryChannel, - "aws_connect_bot_association": awsConnectBotAssociation, - "aws_connect_contact_flow": awsConnectContactFlow, - "aws_connect_contact_flow_module": awsConnectContactFlowModule, - "aws_connect_hours_of_operation": awsConnectHoursOfOperation, - "aws_connect_instance": awsConnectInstance, - "aws_connect_instance_storage_config": awsConnectInstanceStorageConfig, - "aws_connect_phone_number": awsConnectPhoneNumber, - "aws_connect_queue": awsConnectQueue, - "aws_connect_quick_connect": awsConnectQuickConnect, - "aws_connect_routing_profile": awsConnectRoutingProfile, - "aws_connect_security_profile": awsConnectSecurityProfile, - "aws_connect_user": awsConnectUser, - "aws_connect_user_hierarchy_group": awsConnectUserHierarchyGroup, - "aws_connect_user_hierarchy_structure": awsConnectUserHierarchyStructure, - "aws_connect_vocabulary": awsConnectVocabulary, - "aws_customer_gateway": awsCustomerGateway, - "aws_datapipeline_pipeline": awsDatapipelinePipeline, - "aws_datapipeline_pipeline_definition": awsDatapipelinePipelineDefinition, - "aws_datasync_agent": awsDatasyncAgent, - "aws_datasync_location_azure_blob": awsDatasyncLocationAzureBlob, - "aws_datasync_location_efs": awsDatasyncLocationEfs, - "aws_datasync_location_fsx_lustre_file_system": awsDatasyncLocationFsxLustreFileSystem, - "aws_datasync_location_fsx_ontap_file_system": awsDatasyncLocationFsxOntapFileSystem, - "aws_datasync_location_fsx_openzfs_file_system": awsDatasyncLocationFsxOpenzfsFileSystem, - "aws_datasync_location_fsx_windows_file_system": awsDatasyncLocationFsxWindowsFileSystem, - "aws_datasync_location_hdfs": awsDatasyncLocationHdfs, - "aws_datasync_location_nfs": awsDatasyncLocationNfs, - "aws_datasync_location_object_storage": awsDatasyncLocationObjectStorage, - "aws_datasync_location_s3": awsDatasyncLocationS3, - "aws_datasync_location_smb": awsDatasyncLocationSmb, - "aws_datasync_task": awsDatasyncTask, - "aws_datazone_domain": awsDatazoneDomain, - "aws_datazone_environment_blueprint_configuration": awsDatazoneEnvironmentBlueprintConfiguration, - "aws_dax_cluster": awsDaxCluster, - "aws_dax_parameter_group": awsDaxParameterGroup, - "aws_dax_subnet_group": awsDaxSubnetGroup, - "aws_db_cluster_snapshot": awsDBClusterSnapshot, - "aws_db_event_subscription": awsDBEventSubscription, - "aws_db_instance": awsDBInstance, - "aws_db_instance_automated_backups_replication": awsDbInstanceAutomatedBackupsReplication, - "aws_db_instance_role_association": awsDbInstanceRoleAssociation, - "aws_db_option_group": awsDBOptionGroup, - "aws_db_parameter_group": awsDBParameterGroup, - "aws_db_proxy": awsDbProxy, - "aws_db_proxy_default_target_group": awsDbProxyDefaultTargetGroup, - "aws_db_proxy_endpoint": awsDbProxyEndpoint, - "aws_db_proxy_target": awsDbProxyTarget, - "aws_db_snapshot": awsDbSnapshot, - "aws_db_snapshot_copy": awsDbSnapshotCopy, - "aws_db_subnet_group": awsDBSubnetGroup, - "aws_default_network_acl": awsDefaultNetworkACL, - "aws_default_route_table": awsDefaultRouteTable, - "aws_default_security_group": awsDefaultSecurityGroup, - "aws_default_subnet": awsDefaultSubnet, - "aws_default_vpc": awsDefaultVpc, - "aws_default_vpc_dhcp_options": awsDefaultVpcDhcpOptions, - "aws_directory_service_directory": awsDirectoryServiceDirectory, - "aws_directory_service_log_subscription": awsDirectoryServiceLogSubscription, - "aws_dlm_lifecycle_policy": awsDlmLifecyclePolicy, - "aws_dms_certificate": awsDmsCertificate, - "aws_dms_endpoint": awsDmsEndpoint, - "aws_dms_event_subscription": awsDmsEventSubscription, - "aws_dms_replication_config": awsDmsReplicationConfig, - "aws_dms_replication_instance": awsDmsReplicationInstance, - "aws_dms_replication_subnet_group": awsDmsReplicationSubnetGroup, - "aws_dms_replication_task": awsDmsReplicationTask, - "aws_dms_s3_endpoint": awsDmsS3Endpoint, - "aws_docdb_cluster": awsRdsCluster, - "aws_docdb_cluster_instance": awsNeptuneClusterInstance, - "aws_docdb_cluster_parameter_group": awsRdsClusterParameterGroup, - "aws_docdb_cluster_snapshot": awsDBClusterSnapshot, - "aws_docdb_event_subscription": awsNeptuneEventSubscription, - "aws_docdb_global_cluster": awsRdsGlobalCluster, - "aws_docdb_subnet_group": awsDBSubnetGroup, - "aws_dx_gateway": awsDxGateway, - "aws_dx_gateway_association": awsDxGatewayAssociation, - "aws_dx_hosted_transit_virtual_interface_accepter": awsDxHostedTransitVirtualInterfaceAccepter, - "aws_dynamodb_contributor_insights": awsDynamodbContributorInsights, - "aws_dynamodb_global_table": awsDynamodbGlobalTable, - "aws_dynamodb_table": awsDynamodbTable, - "aws_dynamodb_table_item": awsDynamodbTableItem, - "aws_dynamodb_tag": awsDynamodbTag, - "aws_ebs_default_kms_key": awsEbsDefaultKmsKey, - "aws_ebs_encryption_by_default": awsEbsEncryptionByDefault, - "aws_ebs_snapshot": awsEbsSnapshot, - "aws_ebs_snapshot_copy": awsEbsSnapshotCopy, - "aws_ebs_volume": awsEbsVolume, - "aws_ec2_availability_zone_group": awsEc2AvailabilityGroup, - "aws_ec2_capacity_reservation": awsEc2CapacityReservation, - "aws_ec2_carrier_gateway": awsEc2CarrierGateway, - "aws_ec2_client_vpn_authorization_rule": awsEc2ClientvpnAuthorizationRule, - "aws_ec2_client_vpn_endpoint": awsEc2ClientVpnEndpoint, - "aws_ec2_client_vpn_network_association": awsEc2ClientVpnNetworkAssociation, - "aws_ec2_client_vpn_route": awsEc2ClientVpnRoute, - "aws_ec2_fleet": awsEc2Fleet, - "aws_ec2_host": awsEc2Host, - "aws_ec2_network_insights_analysis": awsEc2NetworkInsightsAnalysis, - "aws_ec2_network_insights_path": awsEc2NetworkInsightsPath, - "aws_ec2_tag": awsEc2Tag, - "aws_ec2_transit_gateway": awsEc2TransitGateway, - "aws_ec2_transit_gateway_route": awsEc2TransitGatewayRoute, - "aws_ec2_transit_gateway_route_table": awsEc2TransitGatewayRouteTable, - "aws_ec2_transit_gateway_route_table_association": awsEc2TransitGatewayRouteTableAssociation, - "aws_ec2_transit_gateway_route_table_propagation": awsEc2TransitGatewayRouteTablePropagation, - "aws_ec2_transit_gateway_vpc_attachment": awsEc2TransitGatewayVpcAttachment, - "aws_ecr_lifecycle_policy": awsEcrLifecyclePolicy, - "aws_ecr_pull_through_cache_rule": awsEcrPullThroughCacheRule, - "aws_ecr_registry_policy": awsEcrRegistryPolicy, - "aws_ecr_registry_scanning_configuration": awsEcrRegistryScanningConfiguration, - "aws_ecr_replication_configuration": awsEcrReplicationConfiguration, - "aws_ecr_repository": awsEcrRepository, - "aws_ecr_repository_policy": awsEcrRepositoryPolicy, - "aws_ecrpublic_repository": awsEcrPublicRepository, - "aws_ecrpublic_repository_policy": awsEcrpublicRepositoryPolicy, - "aws_ecs_cluster": awsEcsCluster, - "aws_ecs_service": awsEcsService, - "aws_ecs_task_definition": awsEcsTaskDefinition, - "aws_efs_access_point": awsEfsAccessPoint, - "aws_efs_backup_policy": awsEfsBackupPolicy, - "aws_efs_file_system": awsEfsFileSystem, - "aws_efs_file_system_policy": awsEfsFileSystemPolicy, - "aws_efs_mount_target": awsEfsMountTarget, - "aws_efs_replication_configuration": awsEfsReplicationConfiguration, - "aws_egress_only_internet_gateway": awsEgressOnlyInternetGateway, - "aws_eip": awsEip, - "aws_eip_association": awsEipAssociation, - "aws_eks_addon": awsEksAddon, - "aws_eks_cluster": awsEksCluster, - "aws_eks_node_group": awsEksNodeGroup, - "aws_elastic_beanstalk_application": awsElasticBeanstalkApplication, - "aws_elastic_beanstalk_application_version": awsElasticBeanstalkApplicationVersion, - "aws_elastic_beanstalk_configuration_template": awsElasticBeanstalkConfigurationTemplate, - "aws_elastic_beanstalk_environment": awsElastiBeanstalkEnvironment, - "aws_elasticache_cluster": awsElasticacheCluster, - "aws_elasticache_parameter_group": awsElasticacheParameterGroup, - "aws_elasticache_replication_group": awsElasticacheReplicationGroup, - "aws_elasticache_subnet_group": awsElasticacheSubnetGroup, - "aws_elasticache_user": awsElasticacheUser, - "aws_elasticache_user_group": awsElasticacheUserGroup, - "aws_elasticsearch_domain": awsElasticsearchDomain, - "aws_elasticsearch_domain_policy": awsElasticsearchDomainPolicy, - "aws_elb": awsElb, - "aws_elb_attachment": awsElbAttachment, - "aws_emr_cluster": awsEmrCluster, - "aws_emr_managed_scaling_policy": awsEmrManagedScalingPolicy, - "aws_emr_security_configuration": awsEmrSecurityConfiguration, - "aws_flow_log": awsFlowLog, - "aws_fsx_backup": awsFsxBackup, - "aws_fsx_data_repository_association": awsFsxDataRepositoryAssociation, - "aws_fsx_file_cache": awsFsxFileCache, - "aws_fsx_lustre_file_system": awsFsxLustreFileSystem, - "aws_fsx_ontap_file_system": awsFsxOntapFileSystem, - "aws_fsx_ontap_storage_virtual_machine": awsFsxOntapStorageVirtualMachine, - "aws_fsx_ontap_volume": awsFsxOntapVolume, - "aws_fsx_openzfs_file_system": awsFsxOpenzfsFileSystem, - "aws_fsx_openzfs_snapshot": awsFsxOpenzfsSnaphot, - "aws_fsx_openzfs_volume": awsFsxOpenzfsVolume, - "aws_fsx_windows_file_system": awsFsxWindowsFileSystem, - "aws_glacier_vault": awsGlacierVault, - "aws_glacier_vault_lock": awsGlacierVaultLock, - "aws_glue_catalog_database": awsGlueCatalogDatabase, - "aws_glue_catalog_table": awsGlueCatalogTable, - "aws_glue_classifier": awsGlueClassifier, - "aws_glue_connection": awsGlueConnection, - "aws_glue_crawler": awsGlueCrawler, - "aws_glue_data_catalog_encryption_settings": awsGlueDataCatalogEncryptionSettings, - "aws_glue_job": awsGlueJob, - "aws_glue_ml_transform": awsGlueMlTransform, - "aws_glue_registry": awsGlueRegistry, - "aws_glue_resource_policy": awsGlueResourcePolicy, - "aws_glue_schema": awsGlueSchema, - "aws_glue_security_configuration": awsGlueSecurityConfiguration, - "aws_glue_trigger": awsGlueTrigger, - "aws_glue_user_defined_function": awsGlueUserDefinedFunction, - "aws_glue_workflow": awsGlueWorkflow, - "aws_grafana_workspace_api_key": awsGrafanaWorkspaceAPIKey, - "aws_iam_access_key": awsIamAccessKey, - "aws_iam_account_alias": awsIamAccountAlias, - "aws_iam_account_password_policy": awsIamAccountPasswordPolicy, - "aws_iam_group": awsIamGroup, - "aws_iam_group_membership": awsIamGroupMembership, - "aws_iam_group_policy": awsIamGroupPolicy, - "aws_iam_group_policy_attachment": awsIamGroupPolicyAttachment, - "aws_iam_instance_profile": awsIamInstanceProfile, - "aws_iam_openid_connect_provider": awsIamOpenidConnectProvider, - "aws_iam_policy": awsIamPolicy, - "aws_iam_policy_attachment": awsIamPolicyAttachment, - "aws_iam_role": awsIamRole, - "aws_iam_role_policy": awsIamRolePolicy, - "aws_iam_role_policy_attachment": awsIamRolePolicyAttachment, - "aws_iam_saml_provider": awsIamSamlProvider, - "aws_iam_security_token_service_preferences": awsIamSecurityTokenServicePreferences, - "aws_iam_server_certificate": awsIamServerCertificate, - "aws_iam_service_linked_role": awsIamServiceLinkedRole, - "aws_iam_service_specific_credential": awsIamServiceSpecificCredential, - "aws_iam_signing_certificate": awsIamSigningCertificate, - "aws_iam_user": awsIamUser, - "aws_iam_user_group_membership": awsIamUserGroupMembership, - "aws_iam_user_login_profile": awsIamUserLoginProfile, - "aws_iam_user_policy": awsIamUserPolicy, - "aws_iam_user_policy_attachment": awsIamUserPolicyAttachment, - "aws_iam_user_ssh_key": awsIamUserSSHKey, - "aws_iam_virtual_mfa_device": awsIamVirtualMfaDevice, - "aws_imagebuilder_component": awsImagebuilderComponent, - "aws_imagebuilder_container_recipe": awsImagebuilderContainerRecipe, - "aws_imagebuilder_distribution_configuration": awsImagebuilderDistributionConfiguration, - "aws_imagebuilder_image": awsImagebuilderImage, - "aws_imagebuilder_image_pipeline": awsImagebuilderImagePipeline, - "aws_imagebuilder_image_recipe": awsImagebuilderImageRecipe, - "aws_imagebuilder_infrastructure_configuration": awsImagebuilderInstrastructureConfiguration, - "aws_inspector2_delegated_admin_account": awsInspector2DelegatedAdminAccount, - "aws_inspector2_enabler": awsInspector2Enabler, - "aws_inspector2_member_association": awsInspector2MemberAssociation, - "aws_inspector2_organization_configuration": awsInspector2OrganizationConfiguration, - "aws_inspector_assessment_target": awsInspectorAssessmentTarget, - "aws_inspector_assessment_template": awsInspectorAssessmentTemplate, - "aws_inspector_resource_group": awsInspectorResouceGroup, - "aws_instance": awsInstance, - "aws_internet_gateway": awsInternetGateway, - "aws_internetmonitor_monitor": awsInternetmonitorMonitor, - "aws_key_pair": awsKeyPair, - "aws_kinesis_firehose_delivery_stream": awsKinesisFirehoseDeliveryStream, - "aws_kinesis_stream": awsKinesisStream, - "aws_kinesis_stream_consumer": awsKinesisStreamConsumer, - "aws_kinesis_video_stream": awsKinesisVideoStream, - "aws_kms_alias": awsKmsAlias, - "aws_kms_ciphertext": awsKmsCiphertext, - "aws_kms_custom_key_store": awsKmsCustomKeyStore, - "aws_kms_external_key": awsKmsExternalKey, - "aws_kms_grant": awsKmsGrant, - "aws_kms_key": awsKmsKey, - "aws_kms_key_policy": awsKmsKeyPolicy, - "aws_kms_replica_external_key": awsKmsReplicaExternalKey, - "aws_kms_replica_key": awsKmsReplicaKey, - "aws_lambda_alias": awsLambdaAlias, - "aws_lambda_code_signing_config": awsLambdaCodeSigningConfig, - "aws_lambda_event_source_mapping": awsLambdaEventSourceMapping, - "aws_lambda_function": awsLambdaFunction, - "aws_lambda_function_event_invoke_config": awsLambdaFunctionEventInvokeConfig, - "aws_lambda_function_url": awsLambdaFunctionURL, - "aws_lambda_invocation": awsLambdaInvocation, - "aws_lambda_layer_version": awsLambdaLayerVersion, - "aws_lambda_layer_version_permission": awsLambdaLayerVersionPermission, - "aws_lambda_permission": awsLambdaPermission, - "aws_lambda_provisioned_concurrency_config": awsLambdaProvisionedConcurrencyConfig, - "aws_launch_configuration": awsLaunchConfiguration, - "aws_launch_template": awsLaunchTemplate, - "aws_lb": awsLb, - "aws_lb_cookie_stickiness_policy": awsLbCookieStickinessPolicy, - "aws_lb_listener": awsLbListener, - "aws_lb_listener_rule": awsLbListenerRule, - "aws_lb_target_group": awsLbTargetGroup, - "aws_lb_target_group_attachment": awsLbTargetGroupAttachment, - "aws_lightsail_instance": awsLightsailInstance, - "aws_lightsail_instance_public_ports": awsLightsailInstancePublicPorts, - "aws_lightsail_key_pair": awsLightsailKeyPair, - "aws_lightsail_static_ip": awsLightsailStaticIP, - "aws_lightsail_static_ip_attachment": awsLightsailStaticIPAttachment, - "aws_load_balancer_backend_server_policy": awsLoadBalancerBackendServerPolicy, - "aws_load_balancer_listener_policy": awsLoadBalancerListenerPolicy, - "aws_load_balancer_policy": awsLoadBalancerPolicy, - "aws_location_geofence_collection": awsLocationGeofenceCollection, - "aws_location_map": awsLocationMap, - "aws_location_place_index": awsLocationPlaceIndex, - "aws_location_route_calculator": awsLocationRouteCalculator, - "aws_location_tracker": awsLocationTracker, - "aws_location_tracker_association": awsLocationTrackerAssociation, - "aws_media_convert_queue": awsMediaConvertQueue, - "aws_medialive_input": awsMedialiveInput, - "aws_medialive_input_security_group": awsMedialiveInputSecurityGroup, - "aws_memorydb_cluster": awsMemorydbCluster, - "aws_memorydb_snapshot": awsMemorydbSnapshot, - "aws_memorydb_subnet_group": awsMemorydbSubnetGroup, - "aws_mq_broker": awsMqBroker, - "aws_mq_configuration": awsMqConfiguration, - "aws_msk_cluster": awsMskCluster, - "aws_msk_configuration": awsMskConfiguration, - "aws_msk_scram_secret_association": awsMskScramSecretAssociation, - "aws_msk_serverless_cluster": awsMskServerlessCluster, - "aws_nat_gateway": awsNatGateway, - "aws_neptune_cluster": awsNeptuneCluster, - "aws_neptune_cluster_endpoint": awsNeptuneClusterEndpoint, - "aws_neptune_cluster_instance": awsNeptuneClusterInstance, - "aws_neptune_cluster_parameter_group": awsRdsClusterParameterGroup, - "aws_neptune_cluster_snapshot": awsNeptuneClusterSnapshot, - "aws_neptune_event_subscription": awsNeptuneEventSubscription, - "aws_neptune_parameter_group": awsDBParameterGroup, - "aws_neptune_subnet_group": awsDBSubnetGroup, - "aws_network_acl": awsNetworkACL, - "aws_network_acl_rule": awsNetworkACLRule, - "aws_network_interface": awsNetworkInterface, - "aws_networkfirewall_firewall": awsNetworkfirewallFirewall, - "aws_networkfirewall_firewall_policy": awsNetworkfirewallFirewallPolicy, - "aws_networkfirewall_logging_configuration": awsNetworkfirewallLoggingConfiguration, - "aws_networkfirewall_resource_policy": awsNetworkfirewallResourcePolicy, - "aws_networkfirewall_rule_group": awsNetworkfirewallRuleGroup, - "aws_oam_link": awsOamLink, - "aws_oam_sink": awsOamSink, - "aws_oam_sink_policy": awsOamSinkPolicy, - "aws_opensearch_domain": awsElasticsearchDomain, - "aws_opensearch_domain_policy": awsElasticsearchDomainPolicy, - "aws_opensearchserverless_access_policy": awsOpenseachserverlessAccessPolicy, - "aws_opensearchserverless_collection": awsOpenseachserverlessCollection, - "aws_opensearchserverless_lifecycle_policy": awsOpenseachserverlessLifecyclePolicy, - "aws_opensearchserverless_security_config": awsOpenseachserverlessSecurityConfig, - "aws_opensearchserverless_security_policy": awsOpenseachserverlessSecurityPolicy, - "aws_opensearchserverless_vpc_endpoint": awsOpenseachserverlessVpcEndpoint, - "aws_organizations_policy": awsOrganizationsPolicy, - "aws_organizations_policy_attachment": awsOrganizationsPolicyAttachment, - "aws_placement_group": awsPlacementGroup, - "aws_proxy_protocol_policy": awsProxyProtocolPolicy, - "aws_ram_principal_association": awsRAMPrincipleAssociation, - "aws_ram_resource_association": awsRAMResourceAssociation, - "aws_ram_resource_share": awsRAMResourceShare, - "aws_rds_cluster": awsRdsCluster, - "aws_rds_cluster_activity_stream": awsRdsClusterActivityStream, - "aws_rds_cluster_endpoint": awsRdsClusterEndpoint, - "aws_rds_cluster_instance": awsDBInstance, - "aws_rds_cluster_parameter_group": awsRdsClusterParameterGroup, - "aws_rds_cluster_role_association": awsRdsClusterRoleAssociation, - "aws_rds_global_cluster": awsRdsGlobalCluster, - "aws_redshift_authentication_profile": awsRedshiftAuthenticationProfile, - "aws_redshift_cluster": awsRedshiftCluster, - "aws_redshift_cluster_iam_roles": awsRedshiftClusterIamRoles, - "aws_redshift_event_subscription": awsRedshiftEventSubscription, - "aws_redshift_hsm_client_certificate": awsRedshiftHsmClientCertififcate, - "aws_redshift_hsm_configuration": awsRedshiftHsmConfiguration, - "aws_redshift_parameter_group": awsRedshiftParameterGroup, - "aws_redshift_scheduled_action": awsRedshiftScheduledAction, - "aws_redshift_snapshot_copy_grant": awsRedshiftSnapshotCopyGrant, - "aws_redshift_snapshot_schedule": awsRedshiftSnapshotSchedule, - "aws_redshift_snapshot_schedule_association": awsRedshiftSnapshotScheduleAssociation, - "aws_redshift_subnet_group": awsRedshiftSubnetGroup, - "aws_redshift_usage_limit": awsRedshiftUsageLimit, - "aws_resourcegroups_group": awsResourcegroupsGroup, - "aws_route": awsRoute, - "aws_route53_cidr_collection": awsRoute53CidrCollection, - "aws_route53_cidr_location": awsRoute53CidrLocation, - "aws_route53_delegation_set": awsRoute53DelegationSet, - "aws_route53_health_check": awsRoute53HealthCheck, - "aws_route53_hosted_zone_dnssec": awsRoute53HostedZoneDnssec, - "aws_route53_key_signing_key": awsRoute53KeySiginingKey, - "aws_route53_query_log": awsRoute53QueryLog, - "aws_route53_record": awsRoute53Record, - "aws_route53_resolver_config": awsRoute53ResolverConfig, - "aws_route53_resolver_dnssec_config": awsRoute53ResolverDnssecConfig, - "aws_route53_resolver_endpoint": awsRoute53ResolverEndpoint, - "aws_route53_resolver_firewall_config": awsRoute53ResolverFirewallConfig, - "aws_route53_resolver_firewall_domain_list": awsRoute53ResolverFirewallDomainList, - "aws_route53_resolver_firewall_rule": awsRoute53ResolverFirewallRule, - "aws_route53_resolver_firewall_rule_group": awsRoute53ResolverFirewallRuleGroup, - "aws_route53_resolver_firewall_rule_group_association": awsRoute53ResolverFirewallRuleGroupAssociation, - "aws_route53_resolver_query_log_config": awsRoute53ResolverQueryLogConfig, - "aws_route53_resolver_query_log_config_association": awsRoute53ResolverQueryLogConfigAssociation, - "aws_route53_resolver_rule": awsRoute53ResolverRule, - "aws_route53_resolver_rule_association": awsRoute53ResolverRuleAssociation, - "aws_route53_traffic_policy": awsRoute53TrafficPolicy, - "aws_route53_traffic_policy_instance": awsRoute53TrafficPolicyInstance, - "aws_route53_vpc_association_authorization": awsRoute53VpcAssociationAuthorization, - "aws_route53_zone": awsRoute53Zone, - "aws_route53_zone_association": awsRoute53ZoneAssociation, - "aws_route_table": awsRouteTable, - "aws_route_table_association": awsRouteTableAssociation, - "aws_s3_bucket": awsS3Bucket, - "aws_s3_bucket_accelerate_configuration": awsS3BucketAccelerateConfiguration, - "aws_s3_bucket_acl": awsS3BucketACL, - "aws_s3_bucket_cors_configuration": awsS3BucketCorsConfiguration, - "aws_s3_bucket_intelligent_tiering_configuration": awsS3BucketIntelligentTieringConfiguration, - "aws_s3_bucket_inventory": awsS3BucketInventory, - "aws_s3_bucket_lifecycle_configuration": awsS3BucketLifecycleConfiguration, - "aws_s3_bucket_logging": awsS3BucketLogging, - "aws_s3_bucket_metric": awsS3BucketMetric, - "aws_s3_bucket_notification": awsS3BucketNotification, - "aws_s3_bucket_object": awsS3Object, - "aws_s3_bucket_object_lock_configuration": awsS3BucketObjectLockCOnfiguration, - "aws_s3_bucket_ownership_controls": awsS3BucketOwnershipControls, - "aws_s3_bucket_policy": awsS3BucketPolicy, - "aws_s3_bucket_public_access_block": awsS3BucketPublicAccessBlock, - "aws_s3_bucket_replication_configuration": awsS3BucketReplicationConfiguration, - "aws_s3_bucket_request_payment_configuration": awsS3BucketRequestPaymentConfiguration, - "aws_s3_bucket_server_side_encryption_configuration": awsS3BucketServerSideEncryptionConfiguration, - "aws_s3_bucket_versioning": awsS3BucketVersioning, - "aws_s3_bucket_website_configuration": awsS3BucketWebsiteConfiguration, - "aws_s3_object": awsS3Object, - "aws_sagemaker_app": awsSagemakerApp, - "aws_sagemaker_app_image_config": awsSagemakerAppImageConfig, - "aws_sagemaker_code_repository": awsSagemakerCodeRepository, - "aws_sagemaker_data_quality_job_definition": awsSagemakerDataQualityJobDefinition, - "aws_sagemaker_device": awsSagemakerDevice, - "aws_sagemaker_device_fleet": awsSagemakerDeviceFleet, - "aws_sagemaker_domain": awsSagemakerDomain, - "aws_sagemaker_endpoint": awsSagemakerEndpoint, - "aws_sagemaker_endpoint_configuration": awsSagemakerEndpointConfiguration, - "aws_sagemaker_feature_group": awsSagemakerFeatureGroup, - "aws_sagemaker_image": awsSagemakerImage, - "aws_sagemaker_image_version": awsSagemakerImageVersion, - "aws_sagemaker_model": awsSagemakerModel, - "aws_sagemaker_model_package_group": awsSagemakerModelPackageGroup, - "aws_sagemaker_model_package_group_policy": awsSagemakerModelPackageGroupPolicy, - "aws_sagemaker_monitoring_schedule": awsSagemakerMonitoringSchedule, - "aws_sagemaker_notebook_instance": awsSagemakerNotebookInstance, - "aws_sagemaker_notebook_instance_lifecycle_configuration": awsSagemakerNotebookInstanceLifecycleConfiguration, - "aws_sagemaker_pipeline": awsSagemakerPipeline, - "aws_sagemaker_project": awsSagemakerProject, - "aws_sagemaker_servicecatalog_portfolio_status": awsSagemakerServicecatalogPortfolioStatus, - "aws_sagemaker_space": awsSagemakerSpace, - "aws_sagemaker_studio_lifecycle_config": awsSagemakerStudioLifecycleConfig, - "aws_sagemaker_user_profile": awsSagemakerUserProfile, - "aws_sagemaker_workforce": awsSagemakerWorkforce, - "aws_sagemaker_workteam": awsSagemakerWorkteam, - "aws_secretsmanager_secret": awsSecretsmanagerSecret, - "aws_secretsmanager_secret_policy": awsSecretsmanagerSecretPolicy, - "aws_secretsmanager_secret_rotation": awsSecretsmanagerSecretRotation, - "aws_secretsmanager_secret_version": awsSecretsmanagerSecretVersion, - "aws_security_group": awsSecurityGroup, - "aws_security_group_rule": awsSecurityGroupRule, - "aws_servicecatalog_budget_resource_association": awsServicecatalogBudgetResourceAssociation, - "aws_servicecatalog_constraint": awsServicecatalogConstraint, - "aws_servicecatalog_organizations_access": awsServicecatalogOrganizationAccess, - "aws_servicecatalog_portfolio": awsServicecatalogPortfolio, - "aws_servicecatalog_portfolio_share": awsServicecatalogPortfolioShare, - "aws_servicecatalog_principal_portfolio_association": awsServicecatalogPrincipalPortfolioAssociation, - "aws_servicecatalog_product": awsServicecatalogProduct, - "aws_servicecatalog_product_portfolio_association": awsServicecatalogProductPortfolioAssociation, - "aws_servicecatalog_provisioned_product": awsServicecatalogProvisionedProduct, - "aws_servicecatalog_service_action": awsServicecatalogServiceAction, - "aws_servicecatalog_tag_option": awsServicecatalogTagOption, - "aws_servicecatalog_tag_option_resource_association": awsServicecatalogTagOptionResourceAssociation, - "aws_servicequotas_service_quota": awsServicequotasServiceQuota, - "aws_servicequotas_template": awsServiceQuotasTemplate, - "aws_servicequotas_template_association": awsServiceQuotasTemplateAssociation, - "aws_ses_active_receipt_rule_set": awsSesActiveReceiptRuleSet, - "aws_ses_configuration_set": awsSesConfigurationSet, - "aws_ses_domain_dkim": awsSesDomainDkim, - "aws_ses_domain_identity": awsSesDomainIdentity, - "aws_ses_domain_identity_verification": awsSesDomainIdentityVerification, - "aws_ses_domain_mail_from": awsSesDomainMailFrom, - "aws_ses_email_identity": awsSesEmailIdentity, - "aws_ses_event_destination": awsSesEventDestination, - "aws_ses_identity_notification_topic": awsSesIdentityNotificationTopic, - "aws_ses_identity_policy": awsSesIdentityPolicy, - "aws_ses_receipt_filter": awsSesReceiptFilter, - "aws_ses_receipt_rule": awsSesReceiptRule, - "aws_ses_receipt_rule_set": awsSesReceiptRuleSet, - "aws_ses_template": awsSesTemplate, - "aws_sfn_activity": awsSfnActivity, - "aws_sfn_alias": awsSfnAlias, - "aws_sfn_state_machine": awsSfnStateMachine, - "aws_signer_signing_job": awsSignerSigningJob, - "aws_signer_signing_profile": awsSignerSigningProfile, - "aws_signer_signing_profile_permission": awsSignerSigningProfilePermission, - "aws_simpledb_domain": awsSimpledbDomain, - "aws_snapshot_create_volume_permission": awsSnapshotCreateVolumePermission, - "aws_sns_platform_application": awsSnsPlatformApplication, - "aws_sns_sms_preferences": awsSnsSmsPreferences, - "aws_sns_topic": awsSnsTopic, - "aws_sns_topic_data_protection_policy": awsSnsTopicDataProtection, - "aws_sns_topic_policy": awsSnsTopicPolicy, - "aws_sns_topic_subscription": awsSnsTopicSubscription, - "aws_spot_instance_request": awsSpotInstanceRequest, - "aws_sqs_queue": awsSqsQueue, - "aws_sqs_queue_policy": awsSqsQueuePolicy, - "aws_sqs_queue_redrive_allow_policy": awsSqsQueueRedriveAllowPolicy, - "aws_sqs_queue_redrive_policy": awsSqsQueueRedrivePolicy, - "aws_ssm_document": awsSsmDocument, - "aws_ssm_maintenance_window": awsSsmMaintenanceWindow, - "aws_ssm_maintenance_window_target": awsSsmMaintenanceWindowTarget, - "aws_ssm_maintenance_window_task": awsSsmMaintenanceWindowTask, - "aws_ssm_parameter": awsSsmParameter, - "aws_ssm_patch_baseline": awsSsmPatchBaseline, - "aws_ssm_patch_group": awsSsmPatchGroup, - "aws_ssmcontacts_contact": awsSsmcontactsContact, - "aws_ssmcontacts_contact_channel": awsSsmcontactContactChannel, - "aws_ssmcontacts_plan": awsSsmcontactsPlan, - "aws_ssmincidents_replication_set": awsSsmincidentsReplicationSet, - "aws_storagegateway_cache": awsStoragegatewayCache, - "aws_storagegateway_cached_iscsi_volume": awsStoragegatewayCachedIscsiVolume, - "aws_storagegateway_file_system_association": awsStoragegatewayFileSystemAssociation, - "aws_storagegateway_gateway": awsStoragegatewayGateway, - "aws_storagegateway_nfs_file_share": awsStoragegatewayNfsFileShare, - "aws_storagegateway_smb_file_share": awsStoragegatewaySmbFileShare, - "aws_storagegateway_stored_iscsi_volume": awsStoragegatewayStoredIscsiVolume, - "aws_storagegateway_tape_pool": awsStoragegatewayTapePool, - "aws_storagegateway_upload_buffer": awsStoragegatewayUploadBuffer, - "aws_storagegateway_working_storage": awsStoragegatewayWorkingStorage, - "aws_subnet": awsSubnet, - "aws_swf_domain": awsSwfDomain, - "aws_synthetics_canary": awsSyntheticsCanary, - "aws_synthetics_group": awsSyntheticsGroup, - "aws_synthetics_group_association": awsSyntheticsGroupAssociation, - "aws_timestreamwrite_database": awsTimestreamwriteDatabase, - "aws_timestreamwrite_table": awsTimestreamwriteTable, - "aws_transcribe_language_model": awsTranscribeLanguageModel, - "aws_transcribe_medical_vocabulary": awsTranscribeMedicalVocabulary, - "aws_transcribe_vocabulary": awsTranscribeVocabulary, - "aws_transcribe_vocabulary_filter": awsTranscribeVocabularyFilter, - "aws_verifiedaccess_endpoint": awsVerifiedaccessEndpoint, - "aws_verifiedaccess_group": awsVerifiedaccessGroup, - "aws_verifiedaccess_instance": awsVerifiedaccessInstance, - "aws_verifiedaccess_instance_logging_configuration": awsVerifiedaccessInstanceLoggingConfiguration, - "aws_verifiedaccess_trust_provider": awsVerifiedaccessTrustProvider, - "aws_volume_attachment": awsVolumeAttachment, - "aws_vpc": awsVpc, - "aws_vpc_dhcp_options": awsVpcDhcpOptions, - "aws_vpc_dhcp_options_association": awsVpcDhcpOptionsAssociation, - "aws_vpc_endpoint": awsVpcEndpoint, - "aws_vpc_endpoint_route_table_association": awsVpcEndpointRouteTableAssociation, - "aws_vpc_endpoint_service": awsVpcEndpointService, - "aws_vpc_endpoint_subnet_association": awsVpcEndpointSubnetAssociation, - "aws_vpc_ipam": awsVpcIpam, - "aws_vpc_ipam_pool": awsVpcIpamPool, - "aws_vpc_ipam_pool_cidr": awsVpcIpamPoolCidr, - "aws_vpc_ipam_pool_cidr_allocation": awsVpcIpamPoolCidrAllocation, - "aws_vpc_ipam_preview_next_cidr": awsVpcIpamPreviewNextCidr, - "aws_vpc_ipam_resource_discovery": awsVpcIpamResourceDiscovery, - "aws_vpc_ipam_resource_discovery_association": awsVpcIpamResourceDiscoveryAssociation, - "aws_vpc_ipam_scope": awsVpcIpamScope, - "aws_vpc_ipv4_cidr_block_association": awsVpcIpv4CidrBlockAssociation, - "aws_vpc_peering_connection": awsVpcPeeringConnection, - "aws_vpc_peering_connection_accepter": awsVpcPeeringConnectionAccepter, - "aws_vpc_peering_connection_options": awsVpcPeeringConnectionOptions, - "aws_vpc_security_group_egress_rule": awsVpcSecurityGroupEgressRule, - "aws_vpc_security_group_ingress_rule": awsVpcSecurityGroupIngressRule, - "aws_vpclattice_access_log_subscription": awsVpclatticeAccesLogSubscription, - "aws_vpclattice_auth_policy": awsVpclatticeAuthPolicy, - "aws_vpclattice_listener": awsVpclatticeListener, - "aws_vpclattice_listener_rule": awsVpclatticeListernerRule, - "aws_vpclattice_resource_policy": awsVpclatticeResourcePolicy, - "aws_vpclattice_service": awsVpclatticeService, - "aws_vpclattice_service_network": awsVpclatticeServiceNetwork, - "aws_vpclattice_service_network_service_association": awsVpclatticeServiceNetworkServiceAssocation, - "aws_vpclattice_service_network_vpc_association": awsVpclatticeServiceNetworkVpcAssociation, - "aws_vpclattice_target_group": awsVpclatticeTargetGroup, - "aws_vpclattice_target_group_attachment": awsVpclatticeTargetGroupAssociation, - "aws_vpn_connection": awsVpnConnection, - "aws_vpn_gateway": awsVpnGateway, - "aws_vpn_gateway_attachment": awsVpnGatewayAttachment, - "aws_vpn_gateway_route_propagation": awsVpnGatewayRoutePropagation, - "aws_waf_byte_match_set": awsWafByteMatchSet, - "aws_waf_geo_match_set": awsWafGeoMatchSet, - "aws_waf_ipset": awsWafIpset, - "aws_waf_rate_based_rule": awsWafRateBasedRule, - "aws_waf_regex_match_set": awsWafRegexMatchSet, - "aws_waf_regex_pattern_set": awsWafRegexPatternSet, - "aws_waf_rule": awsWafRule, - "aws_waf_rule_group": awsWafRuleGroup, - "aws_waf_size_constraint_set": awsWafSizeConstraintSet, - "aws_waf_sql_injection_match_set": awsWafSQLInjectionMatchSet, - "aws_waf_web_acl": awsWafWebACL, - "aws_waf_xss_match_set": awsWafXSSNatchSet, - "aws_wafregional_byte_match_set": awsWafregionalByteMatchSet, - "aws_wafregional_geo_match_set": awsWafregionalGeoMatchSet, - "aws_wafregional_ipset": awsWafregionalIpset, - "aws_wafregional_rate_based_rule": awsWafregionalRateBasedRule, - "aws_wafregional_regex_match_set": awsWafregionalRegexMatchSet, - "aws_wafregional_regex_pattern_set": awsWafregionalRegexPatternSet, - "aws_wafregional_rule": awsWafregionalRule, - "aws_wafregional_rule_group": awsWafregionalRuleGroup, - "aws_wafregional_size_constraint_set": awsWafregionalSizeConstraintSet, - "aws_wafregional_sql_injection_match_set": awsWafregionalSQLInjectionMatchSet, - "aws_wafregional_web_acl": awsWafregionalWebACL, - "aws_wafregional_xss_match_set": awsWafregionalXSSNatchSet, - "aws_wafv2_ip_set": awsWafv2IpSet, - "aws_wafv2_regex_pattern_set": awsWafv2RegexPatternSet, - "aws_wafv2_rule_group": awsWafv2RuleGroup, - "aws_wafv2_web_acl": awsWafv2WebACL, - "aws_wafv2_web_acl_association": awsWafv2WebACLAssociation, - "aws_wafv2_web_acl_logging_configuration": awsWafv2WebACLLoggingConfiguration, - "aws_workspaces_directory": awsWorkspacesDirectory, - "aws_workspaces_workspace": awsWorkspacesWorkspace, - "aws_xray_encryption_config": awsXrayEncryptionConfig, - "aws_xray_group": awsXrayGroup, - "aws_xray_sampling_rule": awsXraySamplingRule, - "backend": s3backend, - "aws_amplify_app": awsAmplifyApp, - "aws_amplify_branch": awsAmplifyBranch, - "aws_amplify_domain_association": awsAmplifyDomainAssociation, - "aws_workspaces_connection_alias": awsWorkspacesConnectionAlias, - "aws_workspaces_ip_group": awsWorkspacesIpGroup, - "aws_chime_voice_connector": awsChimeVoiceConnector, - "aws_chime_voice_connector_group": awsChimeVoiceConnectorGroup, - "aws_chime_voice_connector_logging": awsChimeVoiceConnectorLogging, - "aws_chime_voice_connector_origination": awsChimeVoiceConnectorOrigination, - "aws_chime_voice_connector_streaming": awsChimeVoiceConnectorStreaming, - "aws_chime_voice_connector_termination": awsChimeVoiceConnectorTermination, - "aws_chime_voice_connector_termination_credentials": awsChimeVoiceConnectorTerminationCredentials, - "aws_chimesdkmediapipelines_media_insights_pipeline_configuration": awsChimesdkmediapipelinesMediaInsightsPipelineConfiguration, - "aws_chimesdkvoice_global_settings": awsChimesdkvoiceGlobalSettings, - "aws_chimesdkvoice_sip_media_application": awsChimesdkvoiceSipMediaApplication, - "aws_chimesdkvoice_sip_rule": awsChimesdkvoiceSipRule, - "aws_chimesdkvoice_voice_profile_domain": awsChimesdkvoiceVoiceProfileDomain, + if name == "" { + return nil } - return TFLookup[name] + return tFLookup[name] } // Contains looks if slice contains string. @@ -871,48 +1625,115 @@ func Contains(s []string, e string) bool { // GetPermissionMap Anonymous parsing. func GetPermissionMap(raw []byte, attributes []string, resource string) ([]string, error) { + if !json.Valid(raw) || len(raw) == 0 { + return nil, &invalidJSONError{} + } + var mappings []interface{} err := json.Unmarshal(raw, &mappings) + if err != nil { - return nil, fmt.Errorf("failed to unmarshal json %w for %s", err, resource) + return nil, &unmarshallJSONError{err, resource} } if mappings == nil { - return nil, errors.New("mappings are empty") + return nil, &mappingsEmptyError{} } - temp, ok := mappings[0].(map[string]interface{}) - - if !ok { - return nil, fmt.Errorf("assertion to map[string]interface{} failed") + temp, err := IsTypeOK(mappings[0]) + if err != nil { + return nil, err } - myAttributes, ok := temp["attributes"].(map[string]interface{}) + if temp["attributes"] == nil { + return nil, &attributesFieldMissingError{} + } - if !ok { - _ = fmt.Errorf("assertion failed") + resourceAttributes, err := IsTypeOK(temp["attributes"]) + if err != nil { + return nil, &assertionFailedError{"temp[\"attributes\"]", err} } var found []string for _, attribute := range attributes { - if myAttributes[attribute] != nil { - for _, entry := range myAttributes[attribute].([]interface{}) { + if resourceAttributes[attribute] != nil { + for _, entry := range resourceAttributes[attribute].([]interface{}) { + value, ok := entry.(string) + + if !ok { + log.Error().Msg("failed to cast to string") + + continue + } + found = append( found, - entry.(string), + value, ) } } } - for _, action := range []string{"apply", "plan", "modify", "destroy"} { - if temp[action] != nil { - for _, entry := range temp[action].([]interface{}) { - found = append(found, entry.(string)) + found, err = getActionPermissions(temp, found) + if err != nil { + return found, fmt.Errorf("getActionPermissions: %w", err) + } + + return found, nil +} + +const ( + apply = "apply" + plan = "plan" + modify = "modify" + destroy = "destroy" +) + +type parameterNilError struct { + parameter string +} + +func (m *parameterNilError) Error() string { + return fmt.Sprintf("%s was nil", m.parameter) +} + +func getActionPermissions(permissionMap map[string]interface{}, found []string) ([]string, error) { + if permissionMap == nil { + return nil, ¶meterNilError{parameter: "permissionMap"} + } + + for _, action := range []string{apply, plan, modify, destroy} { + if permissionMap[action] != nil { + + temp, ok := permissionMap[action].([]interface{}) + + if !ok { + log.Error().Msg("failed to cast permission map to list") + } + + for _, entry := range temp { + value, ok := entry.(string) + if !ok { + log.Error().Msg("failed to cast string") + + continue + } + + found = append(found, value) } } } return found, nil } + +func IsTypeOK(mappings interface{}) (map[string]interface{}, error) { + temp, ok := mappings.(map[string]interface{}) + + if !ok { + return nil, &assertionError{"mappings to map[string]Interface{}"} + } + + return temp, nil +} diff --git a/src/aws_datasource.go b/src/aws_datasource.go index ed8f7acf..f4085bb1 100644 --- a/src/aws_datasource.go +++ b/src/aws_datasource.go @@ -1,5 +1,645 @@ package pike +//goland:noinspection GoLinter +var tFLookupDataAWS = map[string]interface{}{ + "backend": dataBackend, + "aws_acm_certificate": dataAwsAcmCertificate, + "aws_acmpca_certificate": dataAwsAcmpcaCertificate, + "aws_acmpca_certificate_authority": dataAwsAcmpcaCertificateAuthority, + "aws_alb": dataAwsLb, + "aws_alb_trust_store": dataAwsLbTrustStore, + "aws_ami": dataAwsAmi, + "aws_ami_ids": dataAwsAmiIDs, + "aws_api_gateway_api_key": dataAwsAPIGateway, + "aws_api_gateway_api_keys": dataAwsAPIGateway, + "aws_api_gateway_authorizer": dataAwsAPIGateway, + "aws_api_gateway_authorizers": dataAwsAPIGateway, + "aws_api_gateway_domain_name": dataAwsAPIGateway, + "aws_api_gateway_export": dataAwsAPIGateway, + "aws_api_gateway_resource": dataAwsAPIGateway, + "aws_api_gateway_rest_api": dataAwsAPIGateway, + "aws_api_gateway_sdk": dataAwsAPIGateway, + "aws_api_gateway_vpc_link": dataAwsAPIGateway, + "aws_apigateway_api_keys": dataAwsAPIGateway, + "aws_apigatewayv2_api": dataAwsAPIGateway, + "aws_apigatewayv2_apis": dataAwsAPIGateway, + "aws_apigatewayv2_export": dataAwsAPIGateway, + "aws_apigatewayv2_vpc_link": dataAwsApigatewayv2VpcLink, + "aws_appconfig_configuration_profile": dataAwsAppconfigConfigurationProfile, + "aws_appconfig_configuration_profiles": dataAwsAppconfigConfigurationProfiles, + "aws_appconfig_environment": dataAwsAppconfigEnvironment, + "aws_appconfig_environments": dataAwsAppconfigEnvironments, + "aws_appintegrations_event_integration": dataAwsAppintergrationsEventIntegration, + "aws_appmesh_gateway_route": dataAwsAppmeshGatewayRoute, + "aws_appmesh_mesh": dataAwsAppmeshMesh, + "aws_appmesh_route": dataAwsAppmeshRoute, + "aws_appmesh_virtual_gateway": dataAwsAppmeshVirtualGateway, + "aws_appmesh_virtual_node": dataAwsAppmeshVirtualNode, + "aws_appmesh_virtual_router": dataAwsAppmeshVirtualRouter, + "aws_appmesh_virtual_service": dataAppmeshVirtualService, + "aws_apprunner_hosted_zone_id": placeholder, + "aws_appstream_image": dataAwsAppstreamImage, + "aws_arn": placeholder, + "aws_athena_named_query": dataAwsAthenaNamedQuery, + "aws_auditmanager_control": dataAwsAuditmanagerControl, + "aws_auditmanager_framework": dataAwsAuditmanagerFramework, + "aws_autoscaling_group": dataAwsAutoscalingGroup, + "aws_autoscaling_groups": dataAwsAutoscalingGroups, + "aws_availability_zone": dataAwsAvailabilityZone, + "aws_availability_zones": dataAwsAvailabilityZones, + "aws_backup_framework": dataBackupFramework, + "aws_backup_plan": dataBackupPlan, + "aws_backup_report_plan": dataBackupReportPlan, + "aws_backup_selection": dataBackupSelection, + "aws_backup_vault": dataAwsBackupVault, + "aws_batch_compute_environment": dataAwsBatchComputeEnvironment, + "aws_batch_job_definition": dataAwsBatchJobDefinition, + "aws_batch_job_queue": dataAwsBatchJobQueue, + "aws_batch_scheduling_policy": dataAwsBatchSchedulingPolicy, + "aws_bedrock_custom_model": dataAwsBedrockCustomModel, + "aws_bedrock_custom_models": dataAwsBedrockCustomModels, + "aws_bedrock_foundation_model": dataAwsBedrockFoundationModel, + "aws_bedrock_foundation_models": dataAwsBedrockFoundationModels, + "aws_bedrock_inference_profile": dataAwsBedrockInferenceProfile, + "aws_bedrock_inference_profiles": dataAwsBedrockInferenceProfiles, + "aws_bedrockagent_agent_versions": dataAwsBedrockAgentVersions, + "aws_billing_service_account": placeholder, + "aws_budgets_budget": dataAwsBudgetsBudget, + "aws_caller_identity": placeholder, + "aws_canonical_user_id": placeholder, + "aws_ce_cost_category": dataAwsCeCostCategory, + "aws_ce_tags": dataAwsCeTags, + "aws_chatbot_slack_workspace": dataAwsChatbotSlackWorkspace, + "aws_cloudcontrolapi_resource": dataAwsCloudcontrolapiResource, + "aws_cloudformation_export": dataAwsCloudformationExport, + "aws_cloudformation_stack": dataAwsCloudformationStack, + "aws_cloudformation_type": dataAwsCloudformationType, + "aws_cloudfront_cache_policy": dataAwsCloudfrontCachePolicy, + "aws_cloudfront_distribution": dataAwsCloudfrontDistribution, + "aws_cloudfront_function": dataAwsCloudfrontFunction, + "aws_cloudfront_log_delivery_canonical_user_id": placeholder, + "aws_cloudfront_origin_access_control": dataAwsCloudfrontOriginAccessControl, + "aws_cloudfront_origin_access_identities": dataAwsCloudfrontOriginAccessIdentities, + "aws_cloudfront_origin_access_identity": dataAwsCloudfrontOriginAccessIdentity, + "aws_cloudfront_origin_request_policy": dataAwsCloudfrontOriginRequestPolicy, + "aws_cloudfront_realtime_log_config": dataAwsCloudfrontRealtimeLogConfig, + "aws_cloudfront_response_headers_policy": dataAwsCloudfrontResponseHeadersPolicy, + "aws_cloudhsm_v2_cluster": dataAwsCloudhsmV2Cluster, + "aws_cloudtrail_service_account": placeholder, + "aws_cloudwatch_contributor_managed_insight_rules": dataAwsCloudwatchContributorManagedInsightRules, + "aws_cloudwatch_event_bus": dataCloudwatchEventBus, + "aws_cloudwatch_event_buses": dataAwsCloudwatchEventBuses, + "aws_cloudwatch_event_connection": dataCloudwatchEventConnection, + "aws_cloudwatch_event_source": dataCloudwatchEventSource, + "aws_cloudwatch_log_data_protection_policy_document": placeholder, + "aws_cloudwatch_log_group": dataAwsCloudwatchLogGroup, + "aws_cloudwatch_log_groups": dataAwsCloudwatchLogGroups, + "aws_codeartifact_authorization_token": datAwsCodeartifactAutorization, + "aws_codeartifact_repository_endpoint": dataAwsCodeartifactRepositoryEndpoint, + "aws_codebuild_fleet": dataAwsCodebuildFleet, + "aws_codecatalyst_dev_environment": placeholder, + "aws_codecommit_approval_rule_template": dataAwsCodecommitApprovalRuleTemplate, + "aws_codecommit_repository": dataAwsCodecommitRepository, + "aws_codeguruprofiler_profiling_group": dataAwsCodeguruprofilerProfilingGroup, + "aws_codestarconnections_connection": dataAwsCodestarconnectionsConnection, + "aws_cognito_identity_pool": dataAwsCognitoIdentityPool, + "aws_cognito_user_group": dataAwsCognitoUserGroup, + "aws_cognito_user_groups": dataAwsCognitoUserGroups, + "aws_cognito_user_pool": dataAwsCognitoUserPool, + "aws_cognito_user_pool_client": dataAwsCognitoUserPoolClient, + "aws_cognito_user_pool_clients": dataAwsCognitoUserPoolClients, + "aws_cognito_user_pool_signing_certificate": dataAwsCognitoUserPoolSigningCertificate, + "aws_cognito_user_pools": dataAwsCognitoUserPools, + "aws_connect_bot_association": dataAwsConnectBotAssociation, + "aws_connect_contact_flow": dataAwsConnectContactFlow, + "aws_connect_contact_flow_module": dataAwsConnectContactFlowModule, + "aws_connect_hours_of_operation": dataAwsConnectHoursOfOperation, + "aws_connect_instance": dataAwsConnectInstance, + "aws_connect_instance_storage_config": dataAwsConnectInstanceStorageConfig, + "aws_connect_lambda_function_association": dataAwsConnectLambdaFunctionAssociation, + "aws_connect_prompt": dataAwsConnectPrompt, + "aws_connect_queue": dataAwsConnectQueue, + "aws_connect_quick_connect": dataAwsConnectQuickConnect, + "aws_connect_routing_profile": dataAwsConnectRoutingProfile, + "aws_connect_security_profile": dataAwsConnectSecurityProfile, + "aws_connect_user": dataAwsConnectUser, + "aws_connect_user_hierarchy_group": dataAwsConnectUserHierarchyGroup, + "aws_connect_user_hierarchy_structure": dataAwsConnectUserHierarchyStructure, + "aws_connect_vocabulary": dataAwsConnectVocabulary, + "aws_controltower_controls": dataAwsControltowerControls, + "aws_cur_report_definition": placeholder, + "aws_customer_gateway": dataAwsCustomerGateway, + "aws_datapipeline_pipeline": dataAwsDatapipelinePipeline, + "aws_datapipeline_pipeline_definition": dataAwsDatapipelinePipelineDefinition, + "aws_datazone_domain": dataAwsDatazoneDomain, + "aws_datazone_environment_blueprint": dataAwsDatazoneEnvironmentBlueprint, + "aws_db_cluster_snapshot": dataAwsDBClusterSnapshot, + "aws_db_event_categories": dataAwsDBEventCategories, + "aws_db_instance": dataAwsDBInstance, + "aws_db_instances": dataAwsDBInstances, + "aws_db_parameter_group": dataAwsDBParameterGroup, + "aws_db_proxy": placeholder, + "aws_db_snapshot": dataAwsDBSnapshot, + "aws_db_subnet_group": dataAwsDBSubnetGroup, + "aws_default_tags": placeholder, + "aws_devopsguru_notification_channel": dataAwsDevopsguruNotificationChannel, + "aws_devopsguru_resource_collection": dataAwsDevopsguruResourceCollection, + "aws_directory_service_directory": dataAwsDirectoryServiceDirectory, + "aws_dms_certificate": dataAwsDmsCertificate, + "aws_dms_endpoint": dataAwsDmsEndpoint, + "aws_dms_replication_instance": dataAwsDmsReplicationInstance, + "aws_dms_replication_subnet_group": dataAwsDmsReplicationSubnetGroup, + "aws_dms_replication_task": dataAwsDmsReplicationTask, + "aws_docdb_engine_version": dataAwsDocDBEngineVersion, + "aws_docdb_orderable_db_instance": dataAwsDocDBOrderableDBInstance, + "aws_dx_connection": dataAwsDxConnection, + "aws_dx_gateway": dataAwsDxGateway, + "aws_dx_location": dataAwsDxLocation, + "aws_dx_locations": dataAwsDxLocations, + "aws_dx_router_configuration": dataAwsDxRouterConfiguration, + "aws_dynamodb_table": dataAwsDynamodbTable, + "aws_dynamodb_table_item": dataAwsDynamodbTableItem, + "aws_ebs_default_kms_key": dataAwsEbsDefaultKmsKey, + "aws_ebs_encryption_by_default": dataAwsEbsEncryptionByDefault, + "aws_ebs_snapshot": dataAwsEbsSnapshot, + "aws_ebs_snapshot_ids": dataAwsEbsSnapshotIDs, + "aws_ebs_volume": dataAwsEbsVolume, + "aws_ebs_volumes": dataAwsEbsVolumes, + "aws_ec2_capacity_block_offering": dataAwsEc2CapacityBlockOffering, + "aws_ec2_client_vpn_endpoint": dataAwsEc2ClientVpnEndpoint, + "aws_ec2_coip_pool": dataAwsEc2CoipPool, + "aws_ec2_coip_pools": dataAwsEc2CoipPools, + "aws_ec2_host": dataAwsEc2Host, + "aws_ec2_instance_type": dataAwsEc2InstanceType, + "aws_ec2_instance_type_offering": dataAwsEc2InstanceTypeOffering, + "aws_ec2_instance_type_offerings": dataAwsEc2InstanceTypeOfferings, + "aws_ec2_instance_types": dataAwsEc2InstanceTypes, + "aws_ec2_local_gateway": dataAwsEc2LocalGateway, + "aws_ec2_local_gateway_route_table": dataAwsEc2LocalGatewayRouteTable, + "aws_ec2_local_gateway_route_tables": dataAwsEc2LocalGatewayRouteTables, + "aws_ec2_local_gateway_virtual_interface": dataAwsEc2LocalGatewayVirtualInterface, + "aws_ec2_local_gateway_virtual_interface_group": dataAwsEc2LocalGatewayVirtualInterfaceGroup, + "aws_ec2_local_gateway_virtual_interface_groups": dataAwsEc2LocalGatewayVirtualInterfaceGroups, + "aws_ec2_local_gateways": dataAwsEc2LocalGateways, + "aws_ec2_managed_prefix_list": dataAwsEc2ManagedPrefixList, + "aws_ec2_managed_prefix_lists": dataAwsEc2ManagedPrefixLists, + "aws_ec2_network_insights_analysis": dataAwsEc2NetworkInsightsAnalysis, + "aws_ec2_network_insights_path": dataAwsEc2NetworkInsightsPath, + "aws_ec2_public_ipv4_pool": dataAwsEc2PublicIpv4Pool, + "aws_ec2_public_ipv4_pools": dataAwsEc2PublicIpv4Pools, + "aws_ec2_serial_console_access": dataAwsEc2SerialConsoleAccess, + "aws_ec2_spot_price": dataAwsEc2SpotPrice, + "aws_ec2_transit_gateway": dataAwsEc2Transitgateway, + "aws_ec2_transit_gateway_attachment": dataAwsEc2TransitGatewayAttachment, + "aws_ec2_transit_gateway_attachments": dataAwsEc2TransitGatewayAttachments, + "aws_ec2_transit_gateway_connect": dataAwsEc2TransitGatewayConnect, + "aws_ec2_transit_gateway_connect_peer": dataAwsEc2TransitGatewayConnectPeer, + "aws_ec2_transit_gateway_dx_gateway_attachment": dataAwsEc2TransitGatewayDxGatewayAttachment, + "aws_ec2_transit_gateway_multicast_domain": dataAwsEc2TransitGatewayMulticastDomain, + "aws_ec2_transit_gateway_peering_attachment": dataAwsEc2TransitGatewayPeeringAttachment, + "aws_ec2_transit_gateway_peering_attachments": dataAwsEc2TransitGatewayPeeringAttachments, + "aws_ec2_transit_gateway_route_table": dataAwsEc2TransitGatewayRouteTable, + "aws_ec2_transit_gateway_route_table_associations": dataAwsEc2TransitGatewayRouteTableAssociations, + "aws_ec2_transit_gateway_route_table_propagations": dataAwsEc2TransitGatewayRouteTablePropagations, + "aws_ec2_transit_gateway_route_table_routes": dataAwsEc2TransitGatewayRouteTableRoutes, + "aws_ec2_transit_gateway_route_tables": dataAwsEc2TransitGatewayRouteTables, + "aws_ec2_transit_gateway_vpc_attachment": dataAwsEc2TransitGatewayVpcAttachment, + "aws_ec2_transit_gateway_vpc_attachments": dataAwsEc2TransitGatewayVpcAttachments, + "aws_ec2_transit_gateway_vpn_attachment": dataAwsEc2TransitGatewayVPNAttachment, + "aws_ec2_transitgateway_route_table_propagations": placeholder, + "aws_ecr_authorization": dataAwsEcrAuthorization, + "aws_ecr_authorization_token": dataAwsEcrAuthorizationToken, + "aws_ecr_image": dataAwsEcrImage, + "aws_ecr_lifecycle_policy_document": placeholder, + "aws_ecr_pull_through_cache_rule": dataAwsEcrPullThroughCacheRule, + "aws_ecr_repositories": dataAwsEcrRepositories, + "aws_ecr_repository": dataAwsEcrRepository, + "aws_ecr_repository_creation_template": dataAwsEcrRepositoryCreationTemplate, + "aws_ecrpublic_authorization_token": dataEcrpublicAuthorizationToken, + "aws_ecs_cluster": dataAwsEcsCluster, + "aws_ecs_clusters": dataAwsEcsClusters, + "aws_ecs_container_definition": dataAwsEcsContainerDefinition, + "aws_ecs_service": dataDataEcsService, + "aws_ecs_task_definition": dataAwsEcsTaskDefinition, + "aws_ecs_task_execution": dataAwsEcsTaskExecution, + "aws_efs_access_point": dataAwsEfsAccessPoint, + "aws_efs_access_points": dataAwsEfsAccessPoints, + "aws_efs_file_system": dataAwsEfsFileSystem, + "aws_efs_mount_target": dataAwsEfsMountTarget, + "aws_eip": dataAwsEip, + "aws_eips": dataAwsEips, + "aws_eks_access_entry": dataAwsEksAccessEntry, + "aws_eks_addon": dataAwsEksAddon, + "aws_eks_addon_version": dataAwsEksAddonVersion, + "aws_eks_cluster": dataAwsEksCluster, + "aws_eks_cluster_auth": placeholder, + "aws_eks_cluster_versions": dataAwsEksClusterVersions, + "aws_eks_clusters": dataAwsEksClusters, + "aws_eks_node_group": dataAwsEksNodeGroup, + "aws_eks_node_groups": dataAwsEksNodeGroups, + "aws_elastic_beanstalk_application": dataAwsElasticBeanstalkApplication, + "aws_elastic_beanstalk_hosted_zone": placeholder, + "aws_elastic_beanstalk_solution_stack": dataAwsElasticBeanstalkSolutionStack, + "aws_elasticache_cluster": dataAwsElasticacheCluster, + "aws_elasticache_replication_group": dataAwsElasticacheReplicationGroup, + "aws_elasticache_reserved_cache_node_offering": dataAwsElasticacheReservedCacheNodeOffering, + "aws_elasticache_serverless_cache": dataAwsElasticacheServerlessCache, + "aws_elasticache_subnet_group": dataAwsElasticacheSubnetGroup, + "aws_elasticache_user": dataAwsElasticacheUser, + "aws_elasticsearch_domain": dataAwsElasticsearchDomain, + "aws_elb_hosted_zone_id": placeholder, + "aws_elb_service_account": placeholder, + "aws_emr_release_labels": dataAwsEmrReleaseLabels, + "aws_emr_supported_instance_types": dataAwsEmrSupportedInstanceTypes, + "aws_emrcontainers_virtual_cluster": placeholder, + "aws_fsx_ontap_file_system": dataAwsFsxOntapFileSystem, + "aws_fsx_ontap_storage_virtual_machine": dataAwsFsxOntapStorageVirtualMachine, + "aws_fsx_ontap_storage_virtual_machines": dataAwsFsxOntapStorageVirtualMachines, + "aws_fsx_openzfs_snapshot": dataAwsFsxOpenzfsSnapshot, + "aws_fsx_windows_file_system": dataAwsFsxWindowsFileSystem, + "aws_globalaccelerator_accelerator": dataAwsGlobalAccelerator, + "aws_globalaccelerator_custom_routing_accelerator": dataAwsGlobalAcceleratorCustomRoutingAccelerator, + "aws_glue_catalog_table": dataAwsGlueCatalogTable, + "aws_glue_connection": dataAwsGlueConnection, + "aws_glue_data_catalog_encryption_settings": dataAwsDataCatalogEncryptionSettings, + "aws_glue_registry": dataAwsGlueRegistry, + "aws_glue_script": dataAwsGlueScript, + "aws_grafana_workspace": dataAwsGrafanaWorkspace, + "aws_guardduty_detector": dataAwsGuarddutyDetector, + "aws_guardduty_finding_ids": dataAwsGuarddutyFindingIDs, + "aws_iam_access_keys": dataAwsIamAccessKeys, + "aws_iam_account_alias": dataAwsIamAccountAlias, + "aws_iam_group": dataAwsIamGroup, + "aws_iam_instance_profile": dataAwsIamInstanceProfile, + "aws_iam_instance_profiles": dataAwsIamInstanceProfiles, + "aws_iam_openid_connect_provider": dataAwsIamOpenIDConnectProvider, + "aws_iam_policy": dataAwsIamPolicy, + "aws_iam_policy_document": placeholder, + "aws_iam_principal_policy_simulation": dataAwsIamPrincipalPolicySimulation, + "aws_iam_role": dataAwsIamRole, + "aws_iam_roles": dataAwsIamRoles, + "aws_iam_saml_provider": dataAwsIamSamlProvider, + "aws_iam_server_certificate": dataAwsIamServerCertificate, + "aws_iam_session_context": placeholder, + "aws_iam_user": dataAwsIamUser, + "aws_iam_user_ssh_key": dataAwsIamUserSSHKey, + "aws_iam_users": dataAwsIamUsers, + "aws_identitystore_group": dataAwsIdentitystoreGroup, + "aws_identitystore_group_memberships": dataAwsIdentitystoreGroupMembership, + "aws_identitystore_groups": dataAwsIdentitystoreGroups, + "aws_identitystore_user": dataAwsIdentitystoreUser, + "aws_identitystore_users": dataAwsIdentitystoreGroupUsers, + "aws_imagebuilder_component": dataAwsImagebuilderComponent, + "aws_imagebuilder_components": dataAwsImagebuilderComponets, + "aws_imagebuilder_container_recipe": dataAwsImagebuilderContainerRecipe, + "aws_imagebuilder_container_recipes": dataAwsImagebuilderContainerRecipes, + "aws_imagebuilder_distribution_configuration": dataAwsImagebuilderDistributionConfiguration, + "aws_imagebuilder_distribution_configurations": dataAwsImagebuilderDistributionConfigurations, + "aws_imagebuilder_image": dataAwsImagebuilderImage, + "aws_imagebuilder_image_pipeline": dataAwsImagebuilderImagePipeline, + "aws_imagebuilder_image_pipelines": dataAwsImagebuilderImagePipelines, + "aws_imagebuilder_image_recipe": dataAwsImagebuilderImageRecipe, + "aws_imagebuilder_image_recipes": dataAwsImagebuilderImageRecipes, + "aws_imagebuilder_infrastructure_configuration": dataAwsImagebuilderInfrastructureConfiguration, + "aws_imagebuilder_infrastructure_configurations": dataAwsImagebuilderInfrastructureConfigurations, + "aws_inspector_rules_packages": dataAwsInspectorRulesPackages, + "aws_instance": dataAwsInstance, + "aws_instances": dataAwsInstances, + "aws_internet_gateway": dataAwsInternetGateway, + "aws_iot_endpoint": dataAwsIotEndpoint, + "aws_iot_registration_code": dataAwsIotRegistrationCode, + "aws_ip_ranges": placeholder, + "aws_ivs_stream_key": dataAwsIvsStreamKey, + "aws_kendra_experience": dataAwsKendraExperience, + "aws_kendra_faq": dataAwsKendraFaq, + "aws_kendra_index": dataAwsKendraIndex, + "aws_kendra_query_suggestions_block_list": dataAwsKendraQuerySuggestionsBlockList, + "aws_kendra_thesaurus": dataAwsKendraThesaurus, + "aws_key_pair": dataAwsKeyPair, + "aws_kinesis_firehose_delivery_stream": dataAwsKinesisFirehoseDeliveryStream, + "aws_kinesis_stream": dataAwsKinesisStream, + "aws_kinesis_stream_consumer": dataAwsKinesisStreamConsumer, + "aws_kms_alias": dataAwsKmsAlias, + "aws_kms_ciphertext": dataAwsKmsCiphertext, + "aws_kms_custom_key_store": dataAwsKmsCustomKeyStore, + "aws_kms_key": dataAwsKmsKey, + "aws_kms_secret": placeholder, + "aws_kms_secrets": dataAwsKmsSecrets, + "aws_lakeformation_data_lake_settings": dataAwsLakeformationDataLakeSettings, + "aws_lakeformation_permissions": dataAwsLakeformationPermissions, + "aws_lakeformation_resource": dataAwsLakeformationResource, + "aws_lambda_alias": placeholder, + "aws_lambda_code_signing_config": dataAwsLambdaCodeSigningConfig, + "aws_lambda_function": dataAwsLambdaFunction, + "aws_lambda_invocation": dataAwsLambdaInvocation, + "aws_launch_configuration": dataAwsLaunchConfiguration, + "aws_launch_template": dataAwsLaunchTemplate, + "aws_lb": dataAwsLb, + "aws_lb_hosted_zone_id": placeholder, + "aws_lb_listener": dataAwsLbListener, + "aws_lb_listener_rule": dataAwsLbListenerRule, + "aws_lb_target_group": dataAwsLbTargetGroup, + "aws_lb_trust_store": dataAwsLbTrustStore, + "aws_lbs": dataAwsLbs, + "aws_lex_bot": dataAwsLexBot, + "aws_lex_bot_alias": dataAwsLexBotAlias, + "aws_lex_intent": dataAwsLexIntent, + "aws_lex_slot_type": dataAwsLexSlotType, + "aws_licensemanager_grants": dataAwsLicensemanagerGrants, + "aws_licensemanager_received_license": dataAwsLicensemanagerReceivedLicense, + "aws_licensemanager_received_licenses": dataAwsLicensemanagerReceivedLicenses, + "aws_location_geofence_collection": dataAwsLocationGeofenceCollection, + "aws_location_map": dataAwsLocationMap, + "aws_location_place_index": dataAwsLocationPlaceIndex, + "aws_location_route_calculator": dataAwsLocationRouteCalculator, + "aws_location_tracker": dataAwsLocationTracker, + "aws_location_tracker_association": dataAwsLocationTrackerAssociation, + "aws_location_tracker_associations": dataAwsLocationTrackerAssociations, + "aws_medialive_input": dataAwsMedialiveInput, + "aws_mq_broker": dataAwsMqBroker, + "aws_mq_broker_engine_types": dataMqBrokerEngineTypes, + "aws_mq_broker_instance_type_offerings": dataAwsMqBrokerInstanceTypeOfferings, + "aws_msk_bootstrap_brokers": dataAwsMskBoostrapBrokers, + "aws_msk_broker_nodes": dataAwsBrokerNodes, + "aws_msk_cluster": dataAwsMskCluster, + "aws_msk_configuration": dataAwsMskConfiguration, + "aws_msk_kafka_version": dataAwsMskKafkaVersion, + "aws_msk_vpc_connection": dataAwsMskVpcConnection, + "aws_mskconnect_connector": dataAwsMskconnectConnector, + "aws_mskconnect_custom_plugin": dataAwsMskconnectCustomPlugin, + "aws_mskconnect_worker_configuration": dataAwsMskconnectWorkerConfiguration, + "aws_nat_gateway": dataAwsNatGateway, + "aws_nat_gateways": dataAwsNatGateways, + "aws_neptune_engine_version": dataAwsNeptuneEngineVersion, + "aws_neptune_orderable_db_instance": dataAwsNeptuneOrderableDBInstance, + "aws_network_acls": dataAwsNetworkAcls, + "aws_network_interfaces": dataAwsNetworkInterfaces, + "aws_networkfirewall_firewall": dataAwsNetworkfirewallFirewall, + "aws_networkfirewall_firewall_policy": dataAwsNetworkfirewallFirewallPolicy, + "aws_networkfirewall_resource_policy": dataAwsNetworkfirewallResourcePolicy, + "aws_networkmanager_connection": dataAwsNetworkManagerConnection, + "aws_networkmanager_connections": dataAwsNetworkManagerConnections, + "aws_networkmanager_core_network_policy_document": placeholder, + "aws_networkmanager_device": dataAwsNetworkManagerDevice, + "aws_networkmanager_devices": dataAwsNetworkManagerDevices, + "aws_networkmanager_global_network": dataAwsNetworkManagerGlobalNetwork, + "aws_networkmanager_global_networks": dataAwsNetworkManagerGlobalNetworks, + "aws_networkmanager_link": dataAwsNetworkManagerLink, + "aws_networkmanager_links": dataAwsNetworkManagerLinks, + "aws_networkmanager_site": dataAwsNetworkManagerSite, + "aws_networkmanager_sites": dataAwsNetworkManagerSites, + "aws_oam_link": dataAwsOamLink, + "aws_oam_links": dataAwsOamLinks, + "aws_oam_sink": dataAwsOamSink, + "aws_oam_sinks": dataAwsOamSinks, + "aws_opensearch_domain": placeholder, + "aws_opensearchserverless_access_policy": dataAwsOpensearchserverlessAccessPolicy, + "aws_opensearchserverless_collection": dataAwsOpensearchserverlessCollection, + "aws_opensearchserverless_lifecycle_policy": dataAwsOpensearchserverlessLifecyclePolicy, + "aws_opensearchserverless_security_config": dataAwsOpensearchserverlessSecurityConfig, + "aws_opensearchserverless_security_policy": dataAwsOpensearchserverlessSecurityPolicy, + "aws_opensearchserverless_vpc_endpoint": dataAwsOpensearchserverlessVpcEndpoint, + "aws_organizations_delegated_administrators": dataAwsOrganizationsDelegatedAdministrators, + "aws_organizations_delegated_services": dataAwsOrganizationsDelegatedServices, + "aws_organizations_organization": dataAwsOrganizationsOrganization, + "aws_organizations_organizational_unit": dataAwsOrganizationsOrganizationalUnit, + "aws_organizations_organizational_unit_child_accounts": dataAwsOrganizationsOrganizationalUnitChildsAccounts, + "aws_organizations_organizational_unit_descendant_accounts": dataAwsOrganizationsOrganizationalUnitDescendantAccounts, + "aws_organizations_organizational_unit_descendant_organizational_units": dataAwsOrganizationsOrganizationalUnitDescendantOrganizationalUnits, //nolint:lll + "aws_organizations_organizational_units": dataAwsOrganizationsOrganizationalUnits, + "aws_organizations_policies": dataAwsOrganizationsPolicies, + "aws_organizations_policies_for_target": dataAwsOrganizationsPoliciesForTarget, + "aws_organizations_policy": dataAwsOrganizationsPolicy, + "aws_organizations_resource_tags": dataAwsOrganizationsResourceTags, + "aws_outposts_asset": dataAwsOutpostsAsset, + "aws_outposts_assets": dataAwsOutpostsAssets, + "aws_outposts_outpost": dataAwsOutpostsOutpost, + "aws_outposts_outpost_instance_type": dataAwsOutpostsOutpostInstanceType, + "aws_outposts_outpost_instance_types": dataAwsOutpostsOutpostInstanceTypes, + "aws_outposts_outposts": dataAwsOutpostsOutpost, + "aws_outposts_site": dataAwsOutpostSites, + "aws_outposts_sites": dataAwsOutpostsSites, + "aws_partition": placeholder, + "aws_polly_voices": dataAwsPollyVoices, + "aws_prefix_list": dataAwsPrefixList, + "aws_pricing_product": placeholder, + "aws_prometheus_default_scraper_configuration": dataAwsPrometheusDefaultScarperConfiguration, + "aws_prometheus_workspace": dataAwsPrometheusWorkspace, + "aws_prometheus_workspaces": dataAwsPrometheusWorkspaces, + "aws_qldb_ledger": dataAwsQldbLedger, + "aws_quicksight_analysis": dataAwsQuicksightAnalysis, + "aws_quicksight_data_set": placeholder, + "aws_quicksight_group": dataAwsQuicksightGroup, + "aws_quicksight_theme": dataAwsQuicksightTheme, + "aws_quicksight_user": dataAwsQuicksightUser, + "aws_ram_resource_share": dataAwsRAMResourceShare, + "aws_rds_certificate": dataAwsRdsCertificate, + "aws_rds_cluster": dataAwsRdsCluster, + "aws_rds_cluster_parameter_group": dataAwsRdsClusterParameterGroup, + "aws_rds_clusters": dataAwsRdsClusters, + "aws_rds_engine_version": dataAwsRdsEngineVersion, + "aws_rds_orderable_db_instance": dataAwsRdsOrderableDBInstance, + "aws_rds_reserved_instance_offering": dataAwsRdsReservedInstanceOffering, + "aws_redshift_cluster": dataAwsRedshiftCluster, + "aws_redshift_cluster_credentials": dataAwsRedshiftClusterCredentials, + "aws_redshift_data_shares": dataAwsRedshiftDataShares, + "aws_redshift_orderable_cluster": dataAwsRedshiftOrderableCluster, + "aws_redshift_producer_data_shares": dataAwsRedshiftProducerDataShares, + "aws_redshift_service_account": placeholder, + "aws_redshift_subnet_group": dataAwsRedshiftSubnetGroup, + "aws_redshiftserverless_credentials": placeholder, + "aws_redshiftserverless_namespace": dataAwsRedshiftserverlessNamespace, + "aws_redshiftserverless_workgroup": dataAwsRedshiftserverlessWorkgroup, + "aws_region": placeholder, + "aws_regions": dataAwsRegions, + "aws_resourceexplorer2_search": dataAwsResourceexplorer2Search, + "aws_resourcegroupstaggingapi_resources": dataAwsResourcegroupstaggingapiResources, + "aws_route": dataAwsRoute, + "aws_route53_delegation_set": dataAwsRoute53DelegationSet, + "aws_route53_records": dataAwsRoute53Records, + "aws_route53_resolver_endpoint": dataAwsRoute53ResolverEndpoint, + "aws_route53_resolver_firewall_config": dataAwsRoute53ResolverFirewallConfig, + "aws_route53_resolver_firewall_domain_list": dataAwsRoute53ResolverFirewallDomainList, + "aws_route53_resolver_firewall_rule_group": dataAwsRoute53ResolverFirewallRuleGroup, + "aws_route53_resolver_firewall_rule_group_association": dataAwsRoute53ResolverFirewallGroupAssociation, //nolint:lll + "aws_route53_resolver_firewall_rules": dataAwsRoute53ResolverFirewallRules, + "aws_route53_resolver_query_log_config": dataAwsRoute53ResolverQueryLogConfig, + "aws_route53_resolver_rule": dataAwsRoute53ResolverRule, + "aws_route53_resolver_rules": dataAwsRoute53ResolverRules, + "aws_route53_traffic_policy_document": placeholder, + "aws_route53_zone": dataAwsRoute53Zone, + "aws_route53_zones": dataAwsRoute53Zones, + "aws_route53profiles_profiles": dataAwsRoute53profilesProfiles, + "aws_route_table": dataAwsRouteTable, + "aws_route_tables": dataAwsRouteTables, + "aws_s3_account_public_access_block": dataAwsS3AccountPublicAccessBlock, + "aws_s3_bucket": dataAwsS3Bucket, + "aws_s3_bucket_object": placeholder, + "aws_s3_bucket_objects": placeholder, + "aws_s3_bucket_policy": dataAwsS3BucketPolicy, + "aws_s3_directory_buckets": dataAwsS3DirectoryBuckets, + "aws_s3_object": placeholder, + "aws_s3_objects": dataAwsS3Objects, + "aws_s3control_multi_region_access_point": dataAwsS3controlMultiRegionAccessPoint, + "aws_sagemaker_prebuilt_ecr_image": placeholder, + "aws_saml_provider": dataAwsIamSamlProvider, + "aws_secretsmanager_random_password": dataAwsSecretsmanagerRandomPassword, + "aws_secretsmanager_secret": dataAwsSecretsmanagerSecret, + "aws_secretsmanager_secret_rotation": dataAwsSecretsmanagerSecretRotation, + "aws_secretsmanager_secret_version": dataAwsSecretsmanagerSecretVersion, + "aws_secretsmanager_secret_versions": dataAwsSecretsmanagerSecretVersions, + "aws_secretsmanager_secrets": dataAwsSecretsmanagerSecrets, + "aws_security_group": dataAwsSecurityGroup, + "aws_security_groups": dataAwsSecurityGroup, + "aws_serverlessapplicationrepository_application": dataAwsServerlessapplicationrepositoryApplication, //nolint:lll + "aws_service": placeholder, + "aws_service_discovery_dns_namespace": dataAwsServiceDiscoveryDNSNamespace, + "aws_service_discovery_http_namespace": dataAwsServiceDiscoveryHTTPNamespace, + "aws_service_discovery_service": dataAwsServiceDiscoveryService, + "aws_service_principal": placeholder, + "aws_servicecatalog_constraint": dataAwsSevicecatalogConstraint, + "aws_servicecatalog_launch_paths": dataAwsSevicecatalogLaunchPaths, + "aws_servicecatalog_portfolio": dataAwsSevicecatalogPortfolio, + "aws_servicecatalog_portfolio_constraints": dataAwsSevicecatalogPortfolioConstraints, + "aws_servicecatalog_product": dataAwsSevicecatalogProduct, + "aws_servicecatalog_provisioning_artifacts": dataAwsSevicecatalogProvisioningArtifacts, + "aws_servicecatalogappregistry_application": dataAwsServicecatalogappregistryApplication, + "aws_servicecatalogappregistry_attribute_group": dataServicecatalogappregistryAttributeGroup, + "aws_servicecatalogappregistry_attribute_group_associations": dataServicecatalogappregistryAttributeGroupAssociations, //nolint:lll + "aws_servicequotas_service": dataAwsServicequotasService, + "aws_servicequotas_service_quota": dataAwsServicequotaServiceQuota, + "aws_servicequotas_templates": dataAwsServicequotasTemplates, + "aws_ses_active_receipt_rule_set": dataAwsSesActiveReceiptRuleSet, + "aws_ses_domain_identity": dataAwsSesDomainIdentity, + "aws_ses_email_identity": dataAwsSesEmailIdentity, + "aws_sesv2_configuration_set": dataAwsSesv2ConfigurationSet, + "aws_sesv2_dedicated_ip_pool": dataAwsSesv2DedicatedIPPool, + "aws_sesv2_email_identity": dataAwsSesv2EmailIdentity, + "aws_sesv2_email_identity_mail_from_attributes": placeholder, + "aws_sfn_activity": dataAwsSfnActivity, + "aws_sfn_alias": dataAwsSfnAlias, + "aws_sfn_state_machine": dataAwsSfnStateMachine, + "aws_sfn_state_machine_versions": dataAwsSfnStateMachineVersion, + "aws_shield_protection": dataAwsShieldProtection, + "aws_signer_signing_job": dataAwsSignerSigningJob, + "aws_signer_signing_profile": dataAwsSignerSigningProfile, + "aws_sns_topic": dataAwsSnsTopic, + "aws_spot_datafeed_subscription": dataAwsSpotDatafeedSubscription, + "aws_sqs_queue": dataAwsSqsQueue, + "aws_sqs_queues": dataAwsSqsQueues, + "aws_ssm_document": dataAwsSsmDocument, + "aws_ssm_instances": dataAwsSsmInstances, + "aws_ssm_maintenance_windows": dataAwsSsmMaintenanceWindows, + "aws_ssm_parameter": dataAwsSsmParameter, + "aws_ssm_parameters_by_path": dataAwsSsmParametersByPath, + "aws_ssm_patch_baseline": dataAwsSsmPatchBaseline, + "aws_ssm_patch_baselines": dataAwsSsmPatchBaselines, + "aws_ssmcontacts_contact": placeholder, + "aws_ssmcontacts_contact_channel": placeholder, + "aws_ssmcontacts_plan": placeholder, + "aws_ssmcontacts_rotation": dataAwsSsmcontactsRotation, + "aws_ssmincidents_replication_set": dataAwsSsmincidentsReplicationSet, + "aws_ssmincidents_response_plan": placeholder, + "aws_ssoadmin_application": placeholder, + "aws_ssoadmin_application_assignments": dataAwsSsoadminApplicationAssignments, + "aws_ssoadmin_application_providers": dataAwsSsoadminApplicationProviders, + "aws_ssoadmin_instances": dataAwsSsoadminInstances, + "aws_ssoadmin_permission_set": dataAwsSsoadminPermissionSet, + "aws_ssoadmin_permission_sets": dataAwsSsoadminPermissionSets, + "aws_ssoadmin_principal_application_assignments": dataAwsSsoadminPrincipalApplicationAssignments, //nolint:lll + "aws_storagegateway_local_disk": placeholder, + "aws_subnet": dataAwsSubnetIDs, + "aws_subnet_ids": dataAwsSubnetIDs, + "aws_subnets": dataAwsSubnetIDs, + "aws_synthetics_runtime_version": dataAwsSyntheticsRuntimeVersion, + "aws_synthetics_runtime_versions": dataAwsSytheticsRuntimeVersions, + "aws_timestreamwrite_database": dataAwsTimestreamwriteDatabase, + "aws_timestreamwrite_table": dataAwsTimestreamwriteTable, + "aws_transfer_connector": dataAwsTransferConnector, + "aws_transfer_server": dataAwsTransferServer, + "aws_verifiedpermissions_policy_store": dataVerifiedpermissionsPolicyStore, + "aws_vpc": dataAwsVpc, + "aws_vpc_dhcp_options": dataAwsVpcDhcpOptions, + "aws_vpc_endpoint": dataAwsVpcEndpoint, + "aws_vpc_endpoint_service": dataAwsVpcEndpointService, + "aws_vpc_ipam": dataAwsVpcIpam, + "aws_vpc_ipam_pool": dataAwsVpcIpamPoolCidrs, + "aws_vpc_ipam_pool_cidrs": dataAwsVpcIpamPoolCidrs, + "aws_vpc_ipam_pools": dataAwsVpcIpamPools, + "aws_vpc_ipam_preview_next_cidr": placeholder, + "aws_vpc_ipams": dataAwsVpcIpam, + "aws_vpc_peering_connection": dataAwsVpcPeeringConnection, + "aws_vpc_peering_connections": dataAwsVpcPeeringConnections, + "aws_vpc_security_group_rule": dataAwsVpcSecurityGroupRule, + "aws_vpc_security_group_rules": dataAwsVpcSecurityGroupRules, + "aws_vpclattice_auth_policy": dataAwsVpclatticeAuthPolicy, + "aws_vpclattice_listener": dataAwsVpclatticeListener, + "aws_vpclattice_resource_policy": dataAwsVpclatticeResourcePolicy, + "aws_vpclattice_service": dataAwsVpclatticeService, + "aws_vpclattice_service_network": dataAwsVpclatticeServiceNetwork, + "aws_vpcs": dataAwsVpcs, + "aws_vpn_gateway": dataAwsVpnGateway, + "aws_waf_ipset": dataAwsWafIpset, + "aws_waf_rate_based_rule": dataAwsWafRateBasedRule, + "aws_waf_rule": dataAwsWafRule, + "aws_waf_web_acl": dataAwsWafWebACL, + "aws_wafregional_ipset": dataAwsWafregionalIpset, + "aws_wafregional_rate_based_rule": dataAwsWafregionalRateBasedRule, + "aws_wafregional_rule": dataAwsWafregionalRule, + "aws_wafregional_web_acl": dataAwsWafregionalWebACL, + "aws_wafv2_ip_set": dataAwsWafv2IpSet, + "aws_wafv2_regex_pattern_set": dataAwsWafv2RegexPatternSet, + "aws_wafv2_rule_group": dataAwsWafv2RuleGroup, + "aws_wafv2_web_acl": dataAwsWafv2WebACL, + "aws_workspaces_bundle": dataAwsWorkspacesBundle, + "aws_workspaces_directory": dataAwsWorkspaceDirectory, + "aws_workspaces_image": dataAwsWorkspaceImage, + "aws_vpc_endpoint_associations": dataAwsVpcEndpointAssociations, + "aws_fis_experiment_templates": dataAwsFisExperimentTemplates, + "aws_kms_public_key": dataAwsKmsPublicKey, + "aws_lambda_function_url": dataAwsLambdaFunctionUrl, + "aws_lambda_functions": dataAwsLambdaFunctions, + "aws_lambda_layer_version": dataAwsLambdaLayerVersion, + "aws_network_interface": dataAwsNetworkInterface, + "aws_waf_subscribed_rule_group": dataAwsWafSubscribedRuleGroup, + "aws_wafregional_subscribed_rule_group": dataAwsWafRegionalSubscribedRuleGroup, + "aws_elb": dataAwsElb, + "aws_account_primary_contact": dataAwsAccountPrimaryContact, + "aws_dynamodb_tables": dataAwsDynamodbTables, + "aws_ecr_images": dataAwsEcrImages, + "aws_s3_access_point": dataAwsS3AccessPoint, + "aws_billing_views": dataAwsBillingViews, + "aws_media_convert_queue": dataAwsMediaConvertQueue, + "aws_memorydb_acl": dataAwsMemorydbAcl, + "aws_memorydb_cluster": dataAwsMemorydbCluster, + "aws_memorydb_parameter_group": dataAwsMemorydbParameterGroup, + "aws_memorydb_snapshot": dataAwsMemorydbSnapshot, + "aws_memorydb_subnet_group": dataAwsMemorydbSubnetGroup, + "aws_memorydb_user": dataAwsMemorydbUser, + "aws_securityhub_standards_control_associations": dataAwsSecurityhubStandardsControlAssociations, + "aws_workspaces_workspace": dataAwsWorkspacesWorkspace, + "aws_appconfig_application": dataAwsAppconfigApplication, + "aws_odb_cloud_autonomous_vm_cluster": dataAwsOdbCloudAutonomousVmCluster, + "aws_odb_cloud_autonomous_vm_clusters": dataAwsOdbCloudAutonomousVmClusters, + "aws_odb_cloud_exadata_infrastructure": dataAwsOdbCloudExadataInfrastructure, + "aws_odb_cloud_exadata_infrastructures": dataAwsOdbCloudExadataInfrastructures, + "aws_odb_cloud_vm_cluster": dataAwsOdbCloudVmCluster, + "aws_odb_cloud_vm_clusters": dataAwsOdbCloudVmClusters, + "aws_odb_db_node": dataAwsOdbDbNode, + "aws_odb_db_nodes": dataAwsOdbDbNodes, + "aws_odb_db_server": dataAwsOdbServer, + "aws_odb_db_servers": dataAwsOdbServers, + "aws_odb_db_system_shapes": dataAwsOdbDbSystemShapes, + "aws_odb_gi_versions": dataAwsOdbGiVersions, + "aws_odb_network": dataAwsOdbNetwork, + "aws_odb_network_peering_connection": dataAwsOdbNetworkPeeringConnection, + "aws_odb_network_peering_connections": dataAwsOdbNetworkPeeringConnections, + "aws_odb_networks": dataAwsOdbNetworks, + "aws_ecrpublic_images": dataAwsEcrPublicImages, + "aws_rds_global_cluster": dataAwsRdsGlobalCluster, + "aws_vpn_connection": dataAwsVpnConnection, +} + // GetAWSDataPermissions gets permissions required for datasource's. // //goland:noinspection GoLinter @@ -18,569 +658,7 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { return Permissions, err } -// AwsDataLookup is a map to connect resource name to an object map -// -//nolint:funlen -func AwsDataLookup(find string) interface{} { //nolint:maintidx - //goland:noinspection LongLine - TFLookup := map[string]interface{}{ - "aws_acm_certificate": dataAwsAcmCertificate, - "aws_acmpca_certificate": dataAwsAcmpcaCertificate, - "aws_acmpca_certificate_authority": dataAwsAcmpcaCertificateAuthority, - "aws_alb": dataAwsLb, - "aws_ami": dataAwsAmi, - "aws_ami_ids": dataAwsAmiIDs, - "aws_api_gateway_api_key": dataAwsAPIGateway, - "aws_api_gateway_authorizer": dataAwsAPIGateway, - "aws_api_gateway_authorizers": dataAwsAPIGateway, - "aws_api_gateway_domain_name": dataAwsAPIGateway, - "aws_api_gateway_export": dataAwsAPIGateway, - "aws_api_gateway_resource": dataAwsAPIGateway, - "aws_api_gateway_rest_api": dataAwsAPIGateway, - "aws_api_gateway_sdk": dataAwsAPIGateway, - "aws_api_gateway_vpc_link": dataAwsAPIGateway, - "aws_apigatewayv2_api": dataAwsAPIGateway, - "aws_apigatewayv2_apis": dataAwsAPIGateway, - "aws_apigatewayv2_export": dataAwsAPIGateway, - "aws_appconfig_configuration_profile": dataAwsAppconfigConfigurationProfile, - "aws_appconfig_configuration_profiles": dataAwsAppconfigConfigurationProfiles, - "aws_appconfig_environment": dataAwsAppconfigEnvironment, - "aws_appconfig_environments": dataAwsAppconfigEnvironments, - "aws_appintegrations_event_integration": dataAwsAppintergrationsEventIntegration, - "aws_appmesh_gateway_route": dataAwsAppmeshGatewayRoute, - "aws_appmesh_mesh": dataAwsAppmeshMesh, - "aws_appmesh_route": dataAwsAppmeshRoute, - "aws_appmesh_virtual_gateway": dataAwsAppmeshVirtualGateway, - "aws_appmesh_virtual_node": dataAwsAppmeshVirtualNode, - "aws_appmesh_virtual_router": dataAwsAppmeshVirtualRouter, - "aws_appmesh_virtual_service": dataAppmeshVirtualService, - "aws_arn": placeholder, - "aws_auditmanager_control": dataAwsAuditmanagerControl, - "aws_auditmanager_framework": dataAwsAuditmanagerFramework, - "aws_autoscaling_group": dataAwsAutoscalingGroup, - "aws_autoscaling_groups": dataAwsAutoscalingGroups, - "aws_availability_zone": dataAwsAvailabilityZone, - "aws_availability_zones": dataAwsAvailabilityZones, - "aws_backup_framework": dataBackupFramework, - "aws_backup_plan": dataBackupPlan, - "aws_backup_report_plan": dataBackupReportPlan, - "aws_backup_selection": dataBackupSelection, - "aws_backup_vault": dataAwsBackupVault, - "aws_batch_compute_environment": dataAwsBatchComputeEnvironment, - "aws_batch_job_queue": dataAwsBatchJobQueue, - "aws_batch_scheduling_policy": dataAwsBatchSchedulingPolicy, - "aws_billing_service_account": placeholder, - "aws_budgets_budget": dataAwsBudgetsBudget, - "aws_caller_identity": placeholder, - "aws_canonical_user_id": placeholder, - "aws_ce_cost_category": dataAwsCeCostCategory, - "aws_ce_tags": dataAwsCeTags, - "aws_cloudcontrolapi_resource": dataAwsCloudcontrolapiResource, - "aws_cloudformation_export": dataAwsCloudformationExport, - "aws_cloudformation_stack": dataAwsCloudformationStack, - "aws_cloudformation_type": dataAwsCloudformationType, - "aws_cloudfront_cache_policy": dataAwsCloudfrontCachePolicy, - "aws_cloudfront_distribution": dataAwsCloudfrontDistribution, - "aws_cloudfront_function": dataAwsCloudfrontFunction, - "aws_cloudfront_log_delivery_canonical_user_id": placeholder, - "aws_cloudfront_origin_access_identities": dataAwsCloudfrontOriginAccessIdentities, - "aws_cloudfront_origin_access_identity": dataAwsCloudfrontOriginAccessIdentity, - "aws_cloudfront_origin_request_policy": dataAwsCloudfrontOriginRequestPolicy, - "aws_cloudfront_realtime_log_config": dataAwsCloudfrontRealtimeLogConfig, - "aws_cloudfront_response_headers_policy": dataAwsCloudfrontResponseHeadersPolicy, - "aws_cloudhsm_v2_cluster": dataAwsCloudhsmV2Cluster, - "aws_cloudtrail_service_account": placeholder, - "aws_cloudwatch_event_bus": dataCloudwatchEventBus, - "aws_cloudwatch_event_connection": dataCloudwatchEventConnection, - "aws_cloudwatch_event_source": dataCloudwatchEventSource, - "aws_cloudwatch_log_data_protection_policy_document": placeholder, - "aws_cloudwatch_log_group": dataAwsCloudwatchLogGroup, - "aws_cloudwatch_log_groups": dataAwsCloudwatchLogGroups, - "aws_codeartifact_authorization_token": datAwsCodeartifactAutorization, - "aws_codeartifact_repository_endpoint": dataAwsCodeartifactRepositoryEndpoint, - "aws_codecommit_approval_rule_template": dataAwsCodecommitApprovalRuleTemplate, - "aws_codecommit_repository": dataAwsCodecommitRepository, - "aws_codestarconnections_connection": dataAwsCodestarconnectionsConnection, - "aws_cognito_user_pool_client": dataAwsCognitoUserPoolClient, - "aws_cognito_user_pool_clients": dataAwsCognitoUserPoolClients, - "aws_cognito_user_pool_signing_certificate": dataAwsCognitoUserPoolSigningCertificate, - "aws_cognito_user_pools": dataAwsCognitoUserPools, - "aws_connect_bot_association": dataAwsConnectBotAssociation, - "aws_connect_contact_flow": dataAwsConnectContactFlow, - "aws_connect_contact_flow_module": dataAwsConnectContactFlowModule, - "aws_connect_hours_of_operation": dataAwsConnectHoursOfOperation, - "aws_connect_instance": dataAwsConnectInstance, - "aws_connect_instance_storage_config": dataAwsConnectInstanceStorageConfig, - "aws_connect_lambda_function_association": dataAwsConnectLambdaFunctionAssociation, - "aws_connect_prompt": dataAwsConnectPrompt, - "aws_connect_queue": dataAwsConnectQueue, - "aws_connect_quick_connect": dataAwsConnectQuickConnect, - "aws_connect_routing_profile": dataAwsConnectRoutingProfile, - "aws_connect_security_profile": dataAwsConnectSecurityProfile, - "aws_connect_user": dataAwsConnectUser, - "aws_connect_user_hierarchy_group": dataAwsConnectUserHierarchyGroup, - "aws_connect_user_hierarchy_structure": dataAwsConnectUserHierarchyStructure, - "aws_connect_vocabulary": dataAwsConnectVocabulary, - "aws_controltower_controls": dataAwsControltowerControls, - "aws_cur_report_definition": placeholder, - "aws_customer_gateway": dataAwsCustomerGateway, - "aws_datapipeline_pipeline": dataAwsDatapipelinePipeline, - "aws_datapipeline_pipeline_definition": dataAwsDatapipelinePipelineDefinition, - "aws_db_cluster_snapshot": dataAwsDBClusterSnapshot, - "aws_db_event_categories": dataAwsDBEventCategories, - "aws_db_instance": dataAwsDBInstance, - "aws_db_instances": dataAwsDBInstances, - "aws_db_proxy": placeholder, - "aws_db_snapshot": dataAwsDBSnapshot, - "aws_db_subnet_group": dataAwsDBSubnetGroup, - "aws_default_tags": placeholder, - "aws_directory_service_directory": dataAwsDirectoryServiceDirectory, - "aws_dms_endpoint": dataAwsDmsEndpoint, - "aws_dms_replication_instance": dataAwsDmsReplicationInstance, - "aws_dms_replication_subnet_group": dataAwsDmsReplicationSubnetGroup, - "aws_dms_replication_task": dataAwsDmsReplicationTask, - "aws_docdb_engine_version": dataAwsDocDBEngineVersion, - "aws_docdb_orderable_db_instance": dataAwsDocDBOrderableDBInstance, - "aws_dx_connection": dataAwsDxConnection, - "aws_dx_gateway": dataAwsDxGateway, - "aws_dx_location": dataAwsDxLocation, - "aws_dx_locations": dataAwsDxLocations, - "aws_dx_router_configuration": dataAwsDxRouterConfiguration, - "aws_dynamodb_table": dataAwsDynamodbTable, - "aws_dynamodb_table_item": dataAwsDynamodbTableItem, - "aws_ebs_default_kms_key": dataAwsEbsDefaultKmsKey, - "aws_ebs_encryption_by_default": dataAwsEbsEncryptionByDefault, - "aws_ebs_snapshot": dataAwsEbsSnapshot, - "aws_ebs_snapshot_ids": dataAwsEbsSnapshotIDs, - "aws_ebs_volume": dataAwsEbsVolume, - "aws_ebs_volumes": dataAwsEbsVolumes, - "aws_ec2_client_vpn_endpoint": dataAwsEc2ClientVpnEndpoint, - "aws_ec2_coip_pool": dataAwsEc2CoipPool, - "aws_ec2_coip_pools": dataAwsEc2CoipPools, - "aws_ec2_host": dataAwsEc2Host, - "aws_ec2_instance_type": dataAwsEc2InstanceType, - "aws_ec2_instance_type_offering": dataAwsEc2InstanceTypeOffering, - "aws_ec2_instance_type_offerings": dataAwsEc2InstanceTypeOfferings, - "aws_ec2_instance_types": dataAwsEc2InstanceTypes, - "aws_ec2_local_gateway": dataAwsEc2LocalGateway, - "aws_ec2_local_gateway_route_table": dataAwsEc2LocalGatewayRouteTable, - "aws_ec2_local_gateway_route_tables": dataAwsEc2LocalGatewayRouteTables, - "aws_ec2_local_gateway_virtual_interface": dataAwsEc2LocalGatewayVirtualInterface, - "aws_ec2_local_gateway_virtual_interface_group": dataAwsEc2LocalGatewayVirtualInterfaceGroup, - "aws_ec2_local_gateway_virtual_interface_groups": dataAwsEc2LocalGatewayVirtualInterfaceGroups, - "aws_ec2_local_gateways": dataAwsEc2LocalGateways, - "aws_ec2_managed_prefix_list": dataAwsEc2ManagedPrefixList, - "aws_ec2_managed_prefix_lists": dataAwsEc2ManagedPrefixLists, - "aws_ec2_network_insights_analysis": dataAwsEc2NetworkInsightsAnalysis, - "aws_ec2_network_insights_path": dataAwsEc2NetworkInsightsPath, - "aws_ec2_public_ipv4_pool": dataAwsEc2PublicIpv4Pool, - "aws_ec2_public_ipv4_pools": dataAwsEc2PublicIpv4Pools, - "aws_ec2_serial_console_access": dataAwsEc2SerialConsoleAccess, - "aws_ec2_spot_price": dataAwsEc2SpotPrice, - "aws_ec2_transit_gateway": dataAwsEc2Transitgateway, - "aws_ec2_transit_gateway_attachment": dataAwsEc2TransitGatewayAttachment, - "aws_ec2_transit_gateway_attachments": dataAwsEc2TransitGatewayAttachments, - "aws_ec2_transit_gateway_connect": dataAwsEc2TransitGatewayConnect, - "aws_ec2_transit_gateway_connect_peer": dataAwsEc2TransitGatewayConnectPeer, - "aws_ec2_transit_gateway_dx_gateway_attachment": dataAwsEc2TransitGatewayDxGatewayAttachment, - "aws_ec2_transit_gateway_multicast_domain": dataAwsEc2TransitGatewayMulticastDomain, - "aws_ec2_transit_gateway_peering_attachment": dataAwsEc2TransitGatewayPeeringAttachment, - "aws_ec2_transit_gateway_route_table": dataAwsEc2TransitGatewayRouteTable, - "aws_ec2_transit_gateway_route_table_associations": dataAwsEc2TransitGatewayRouteTableAssociations, - "aws_ec2_transit_gateway_route_table_propagations": dataAwsEc2TransitGatewayRouteTablePropagations, - "aws_ec2_transit_gateway_route_table_routes": dataAwsEc2TransitGatewayRouteTableRoutes, - "aws_ec2_transit_gateway_route_tables": dataAwsEc2TransitGatewayRouteTables, - "aws_ec2_transit_gateway_vpc_attachment": dataAwsEc2TransitGatewayVpcAttachment, - "aws_ec2_transit_gateway_vpc_attachments": dataAwsEc2TransitGatewayVpcAttachments, - "aws_ec2_transit_gateway_vpn_attachment": dataAwsEc2TransitGatewayVPNAttachment, - "aws_ecr_authorization": dataAwsEcrAuthorization, - "aws_ecr_authorization_token": dataAwsEcrAuthorizationToken, - "aws_ecr_image": dataAwsEcrImage, - "aws_ecr_pull_through_cache_rule": dataAwsEcrPullThroughCacheRule, - "aws_ecr_repository": dataAwsEcrRepository, - "aws_ecrpublic_authorization_token": dataEcrpublicAuthorizationToken, - "aws_ecs_cluster": dataAwsEcsCluster, - "aws_ecs_container_definition": dataAwsEcsContainerDefinition, - "aws_ecs_service": dataDataEcsService, - "aws_ecs_task_definition": dataAwsEcsTaskDefinition, - "aws_ecs_task_execution": dataAwsEcsTaskExecution, - "aws_efs_access_point": dataAwsEfsAccessPoint, - "aws_efs_access_points": dataAwsEfsAccessPoints, - "aws_efs_file_system": dataAwsEfsFileSystem, - "aws_efs_mount_target": dataAwsEfsMountTarget, - "aws_eip": dataAwsEip, - "aws_eips": dataAwsEips, - "aws_eks_addon": dataAwsEksAddon, - "aws_eks_addon_version": dataAwsEksAddonVersion, - "aws_eks_cluster": dataAwsEksCluster, - "aws_eks_cluster_auth": placeholder, - "aws_eks_clusters": dataAwsEksClusters, - "aws_eks_node_group": dataAwsEksNodeGroup, - "aws_eks_node_groups": dataAwsEksNodeGroups, - "aws_elastic_beanstalk_application": dataAwsElasticBeanstalkApplication, - "aws_elastic_beanstalk_hosted_zone": placeholder, - "aws_elastic_beanstalk_solution_stack": dataAwsElasticBeanstalkSolutionStack, - "aws_elasticache_cluster": dataAwsElasticacheCluster, - "aws_elasticache_replication_group": dataAwsElasticacheReplicationGroup, - "aws_elasticache_subnet_group": dataAwsElasticacheSubnetGroup, - "aws_elasticache_user": dataAwsElasticacheUser, - "aws_elasticsearch_domain": dataAwsElasticsearchDomain, - "aws_elb_hosted_zone_id": placeholder, - "aws_elb_service_account": placeholder, - "aws_emr_release_labels": dataAwsEmrReleaseLabels, - "aws_emrcontainers_virtual_cluster": placeholder, - "aws_fsx_openzfs_snapshot": dataAwsFsxOpenzfsSnapshot, - "aws_fsx_windows_file_system": dataAwsFsxWindowsFileSystem, - "aws_globalaccelerator_accelerator": dataAwsGlobalAccelerator, - "aws_globalaccelerator_custom_routing_accelerator": dataAwsGlobalAcceleratorCustomRoutingAccelerator, - "aws_glue_catalog_table": dataAwsGlueCatalogTable, - "aws_glue_connection": dataAwsGlueConnection, - "aws_glue_data_catalog_encryption_settings": dataAwsDataCatalogEncryptionSettings, - "aws_glue_script": dataAwsGlueScript, - "aws_grafana_workspace": dataAwsGrafanaWorkspace, - "aws_guardduty_detector": dataAwsGuarddutyDetector, - "aws_guardduty_finding_ids": dataAwsGuarddutyFindingIDs, - "aws_iam_access_keys": dataAwsIamAccessKeys, - "aws_iam_account_alias": dataAwsIamAccountAlias, - "aws_iam_group": dataAwsIamGroup, - "aws_iam_instance_profile": dataAwsIamInstanceProfile, - "aws_iam_instance_profiles": dataAwsIamInstanceProfiles, - "aws_iam_openid_connect_provider": dataAwsIamOpenIDConnectProvider, - "aws_iam_policy": dataAwsIamPolicy, - "aws_iam_policy_document": placeholder, - "aws_iam_principal_policy_simulation": dataAwsIamPrincipalPolicySimulation, - "aws_iam_role": dataAwsIamRole, - "aws_iam_roles": dataAwsIamRoles, - "aws_iam_saml_provider": dataAwsIamSamlProvider, - "aws_iam_server_certificate": dataAwsIamServerCertificate, - "aws_iam_session_context": placeholder, - "aws_iam_user": dataAwsIamUser, - "aws_iam_user_ssh_key": dataAwsIamUserSSHKey, - "aws_iam_users": dataAwsIamUsers, - "aws_identitystore_group": dataAwsIdentitystoreGroup, - "aws_identitystore_user": dataAwsIdentitystoreUser, - "aws_inspector_rules_packages": dataAwsInspectorRulesPackages, - "aws_instance": dataAwsInstance, - "aws_instances": dataAwsInstances, - "aws_internet_gateway": dataAwsInternetGateway, - "aws_iot_endpoint": dataAwsIotEndpoint, - "aws_ip_ranges": placeholder, - "aws_ivs_stream_key": dataAwsIvsStreamKey, - "aws_key_pair": dataAwsKeyPair, - "aws_kinesis_firehose_delivery_stream": dataAwsKinesisFirehoseDeliveryStream, - "aws_kinesis_stream": dataAwsKinesisStream, - "aws_kinesis_stream_consumer": dataAwsKinesisStreamConsumer, - "aws_kms_alias": dataAwsKmsAlias, - "aws_kms_ciphertext": dataAwsKmsCiphertext, - "aws_kms_custom_key_store": dataAwsKmsCustomKeyStore, - "aws_kms_key": dataAwsKmsKey, - "aws_kms_secrets": dataAwsKmsSecrets, - "aws_lakeformation_data_lake_settings": dataAwsLakeformationDataLakeSettings, - "aws_lakeformation_permissions": dataAwsLakeformationPermissions, - "aws_lakeformation_resource": dataAwsLakeformationResource, - "aws_lambda_code_signing_config": dataAwsLambdaCodeSigningConfig, - "aws_lambda_function": dataAwsLambdaFunction, - "aws_lambda_invocation": dataAwsLambdaInvocation, - "aws_launch_configuration": dataAwsLaunchConfiguration, - "aws_launch_template": dataAwsLaunchTemplate, - "aws_lb": dataAwsLb, - "aws_lb_hosted_zone_id": placeholder, - "aws_lb_listener": dataAwsLbListener, - "aws_lb_target_group": dataAwsLbTargetGroup, - "aws_lbs": dataAwsLbs, - "aws_licensemanager_grants": dataAwsLicensemanagerGrants, - "aws_licensemanager_received_license": dataAwsLicensemanagerReceivedLicense, - "aws_licensemanager_received_licenses": dataAwsLicensemanagerReceivedLicenses, - "aws_location_tracker_association": dataAwsLocationTrackerAssociation, - "aws_location_tracker_associations": dataAwsLocationTrackerAssociations, - "aws_mq_broker": dataAwsMqBroker, - "aws_mq_broker_instance_type_offerings": dataAwsMqBrokerInstanceTypeOfferings, - "aws_msk_broker_nodes": dataAwsBrokerNodes, - "aws_msk_cluster": dataAwsMskCluster, - "aws_msk_configuration": dataAwsMskConfiguration, - "aws_msk_kafka_version": dataAwsMskKafkaVersion, - "aws_msk_vpc_connection": dataAwsMskVpcConnection, - "aws_mskconnect_connector": dataAwsMskconnectConnector, - "aws_mskconnect_custom_plugin": dataAwsMskconnectCustomPlugin, - "aws_mskconnect_worker_configuration": dataAwsMskconnectWorkerConfiguration, - "aws_nat_gateway": dataAwsNatGateway, - "aws_nat_gateways": dataAwsNatGateways, - "aws_neptune_engine_version": dataAwsNeptuneEngineVersion, - "aws_neptune_orderable_db_instance": dataAwsNeptuneOrderableDBInstance, - "aws_network_acls": dataAwsNetworkAcls, - "aws_network_interfaces": dataAwsNetworkInterfaces, - "aws_networkfirewall_firewall": dataAwsNetworkfirewallFirewall, - "aws_networkfirewall_firewall_policy": dataAwsNetworkfirewallFirewallPolicy, - "aws_networkfirewall_resource_policy": dataAwsNetworkfirewallResourcePolicy, - "aws_opensearch_domain": placeholder, - "aws_organizations_organization": dataAwsOrganizationsOrganization, - "aws_outposts_outpost": dataAwsOutpostsOutpost, - "aws_partition": placeholder, - "aws_prefix_list": dataAwsPrefixList, - "aws_pricing_product": placeholder, - "aws_prometheus_workspace": dataAwsPrometheusWorkspace, - "aws_prometheus_workspaces": dataAwsPrometheusWorkspaces, - "aws_qldb_ledger": dataAwsQldbLedger, - "aws_quicksight_data_set": placeholder, - "aws_quicksight_group": dataAwsQuicksightGroup, - "aws_quicksight_theme": dataAwsQuicksightTheme, - "aws_quicksight_user": dataAwsQuicksightUser, - "aws_ram_resource_share": dataAwsRAMResourceShare, - "aws_rds_certificate": dataAwsRdsCertificate, - "aws_rds_cluster": dataAwsRdsCluster, - "aws_rds_clusters": dataAwsRdsClusters, - "aws_rds_engine_version": dataAwsRdsEngineVersion, - "aws_rds_orderable_db_instance": dataAwsRdsOrderableDBInstance, - "aws_rds_reserved_instance_offering": dataAwsRdsReservedInstanceOffering, - "aws_redshift_cluster": dataAwsRedshiftCluster, - "aws_redshift_cluster_credentials": dataAwsRedshiftClusterCredentials, - "aws_redshift_orderable_cluster": dataAwsRedshiftOrderableCluster, - "aws_redshift_service_account": placeholder, - "aws_redshift_subnet_group": dataAwsRedshiftSubnetGroup, - "aws_redshiftserverless_credentials": placeholder, - "aws_redshiftserverless_namespace": dataAwsRedshiftserverlessNamespace, - "aws_redshiftserverless_workgroup": dataAwsRedshiftserverlessWorkgroup, - "aws_region": placeholder, - "aws_regions": dataAwsRegions, - "aws_resourcegroupstaggingapi_resources": dataAwsResourcegroupstaggingapiResources, - "aws_route": dataAwsRoute, - "aws_route53_resolver_firewall_config": dataAwsRoute53ResolverFirewallConfig, - "aws_route53_resolver_firewall_domain_list": dataAwsRoute53ResolverFirewallDomainList, - "aws_route53_resolver_firewall_rule_group": dataAwsRoute53ResolverFirewallRuleGroup, - "aws_route53_resolver_firewall_rule_group_association": dataAwsRoute53ResolverFirewallGroupAssociation, - "aws_route53_resolver_firewall_rules": dataAwsRoute53ResolverFirewallRules, - "aws_route53_resolver_rule": dataAwsRoute53ResolverRule, - "aws_route53_traffic_policy_document": placeholder, - "aws_route53_zone": dataAwsRoute53Zone, - "aws_route_table": dataAwsRouteTable, - "aws_route_tables": dataAwsRouteTables, - "aws_s3_account_public_access_block": dataAwsS3AccountPublicAccessBlock, - "aws_s3_bucket": dataAwsS3Bucket, - "aws_s3_bucket_object": placeholder, - "aws_s3_bucket_policy": dataAwsS3BucketPolicy, - "aws_s3_object": placeholder, - "aws_s3_objects": dataAwsS3Objects, - "aws_s3control_multi_region_access_point": dataAwsS3controlMultiRegionAccessPoint, - "aws_sagemaker_prebuilt_ecr_image": placeholder, - "aws_secretsmanager_random_password": dataAwsSecretsmanagerRandomPassword, - "aws_secretsmanager_secret": dataAwsSecretsmanagerSecret, - "aws_secretsmanager_secret_rotation": dataAwsSecretsmanagerSecretRotation, - "aws_secretsmanager_secret_version": dataAwsSecretsmanagerSecretVersion, - "aws_secretsmanager_secrets": dataAwsSecretsmanagerSecrets, - "aws_security_group": dataAwsSecurityGroup, - "aws_security_groups": dataAwsSecurityGroup, - "aws_serverlessapplicationrepository_application": dataAwsServerlessapplicationrepositoryApplication, - "aws_service": placeholder, - "aws_service_discovery_dns_namespace": dataAwsServiceDiscoveryDNSNamespace, - "aws_service_discovery_http_namespace": dataAwsServiceDiscoveryHTTPNamespace, - "aws_service_discovery_service": dataAwsServiceDiscoveryService, - "aws_servicequotas_service": dataAwsServicequotasService, - "aws_servicequotas_service_quota": dataAwsServicequotaServiceQuota, - "aws_sesv2_dedicated_ip_pool": dataAwsSesv2DedicatedIPPool, - "aws_sfn_activity": dataAwsSfnActivity, - "aws_sfn_alias": dataAwsSfnAlias, - "aws_sfn_state_machine": dataAwsSfnStateMachine, - "aws_sfn_state_machine_versions": dataAwsSfnStateMachineVersion, - "aws_signer_signing_job": dataAwsSignerSigningJob, - "aws_signer_signing_profile": dataAwsSignerSigningProfile, - "aws_sns_topic": dataAwsSnsTopic, - "aws_sqs_queue": dataAwsSqsQueue, - "aws_sqs_queues": dataAwsSqsQueues, - "aws_ssm_document": dataAwsSsmDocument, - "aws_ssm_instances": dataAwsSsmInstances, - "aws_ssm_maintenance_windows": dataAwsSsmMaintenanceWindows, - "aws_ssm_parameter": dataAwsSsmParameter, - "aws_ssm_parameters_by_path": dataAwsSsmParametersByPath, - "aws_ssm_patch_baseline": dataAwsSsmPatchBaseline, - "aws_ssmcontacts_contact": placeholder, - "aws_ssmcontacts_contact_channel": placeholder, - "aws_ssmcontacts_plan": placeholder, - "aws_ssmincidents_replication_set": dataAwsSsmincidentsReplicationSet, - "aws_ssmincidents_response_plan": placeholder, - "aws_ssoadmin_instances": dataAwsSsoadminInstances, - "aws_ssoadmin_permission_set": dataAwsSsoadminPermissionSet, - "aws_storagegateway_local_disk": placeholder, - "aws_subnet": dataAwsSubnetIDs, - "aws_subnet_ids": dataAwsSubnetIDs, - "aws_subnets": dataAwsSubnetIDs, - "aws_transfer_server": dataAwsTransferServer, - "aws_vpc": dataAwsVpc, - "aws_vpc_dhcp_options": dataAwsVpcDhcpOptions, - "aws_vpc_endpoint": dataAwsVpcEndpoint, - "aws_vpc_endpoint_service": dataAwsVpcEndpointService, - "aws_vpc_ipam_pool": dataAwsVpcIpamPoolCidrs, - "aws_vpc_ipam_pool_cidrs": dataAwsVpcIpamPoolCidrs, - "aws_vpc_ipam_pools": dataAwsVpcIpamPools, - "aws_vpc_ipam_preview_next_cidr": placeholder, - "aws_vpc_peering_connection": dataAwsVpcPeeringConnection, - "aws_vpc_peering_connections": dataAwsVpcPeeringConnections, - "aws_vpc_security_group_rule": dataAwsVpcSecurityGroupRule, - "aws_vpc_security_group_rules": dataAwsVpcSecurityGroupRules, - "aws_vpcs": dataAwsVpcs, - "aws_vpn_gateway": dataAwsVpnGateway, - "aws_waf_ipset": dataAwsWafIpset, - "aws_waf_rate_based_rule": dataAwsWafRateBasedRule, - "aws_waf_rule": dataAwsWafRule, - "aws_waf_web_acl": dataAwsWafWebACL, - "aws_wafregional_ipset": dataAwsWafregionalIpset, - "aws_wafregional_rate_based_rule": dataAwsWafregionalRateBasedRule, - "aws_wafregional_rule": dataAwsWafregionalRule, - "aws_wafregional_web_acl": dataAwsWafregionalWebACL, - "aws_wafv2_ip_set": dataAwsWafv2IpSet, - "aws_wafv2_regex_pattern_set": dataAwsWafv2RegexPatternSet, - "aws_wafv2_rule_group": dataAwsWafv2RuleGroup, - "aws_wafv2_web_acl": dataAwsWafv2WebACL, - "aws_workspaces_bundle": dataAwsWorkspacesBundle, - "aws_workspaces_directory": dataAwsWorkspaceDirectory, - "aws_workspaces_image": dataAwsWorkspaceImage, - "aws_location_geofence_collection": dataAwsLocationGeofenceCollection, - "aws_location_map": dataAwsLocationMap, - "aws_location_place_index": dataAwsLocationPlaceIndex, - "aws_location_route_calculator": dataAwsLocationRouteCalculator, - "aws_location_tracker": dataAwsLocationTracker, - "aws_vpclattice_auth_policy": dataAwsVpclatticeAuthPolicy, - "aws_vpclattice_listener": dataAwsVpclatticeListener, - "aws_vpclattice_resource_policy": dataAwsVpclatticeResourcePolicy, - "aws_vpclattice_service": dataAwsVpclatticeService, - "aws_vpclattice_service_network": dataAwsVpclatticeServiceNetwork, - "aws_codecatalyst_dev_environment": placeholder, - "aws_dms_certificate": dataAwsDmsCertificate, - "aws_kms_secret": placeholder, - "aws_s3_bucket_objects": placeholder, - "aws_ses_active_receipt_rule_set": dataAwsSesActiveReceiptRuleSet, - "aws_ses_domain_identity": dataAwsSesDomainIdentity, - "aws_ses_email_identity": dataAwsSesEmailIdentity, - "aws_imagebuilder_component": dataAwsImagebuilderComponent, - "aws_imagebuilder_components": dataAwsImagebuilderComponets, - "aws_imagebuilder_container_recipe": dataAwsImagebuilderContainerRecipe, - "aws_imagebuilder_container_recipes": dataAwsImagebuilderContainerRecipes, - "aws_imagebuilder_distribution_configuration": dataAwsImagebuilderDistributionConfiguration, - "aws_imagebuilder_distribution_configurations": dataAwsImagebuilderDistributionConfigurations, - "aws_imagebuilder_image": dataAwsImagebuilderImage, - "aws_imagebuilder_image_pipeline": dataAwsImagebuilderImagePipeline, - "aws_imagebuilder_image_pipelines": dataAwsImagebuilderImagePipelines, - "aws_imagebuilder_image_recipe": dataAwsImagebuilderImageRecipe, - "aws_imagebuilder_image_recipes": dataAwsImagebuilderImageRecipes, - "aws_imagebuilder_infrastructure_configuration": dataAwsImagebuilderInfrastructureConfiguration, - "aws_imagebuilder_infrastructure_configurations": dataAwsImagebuilderInfrastructureConfigurations, - "aws_kendra_experience": dataAwsKendraExperience, - "aws_kendra_faq": dataAwsKendraFaq, - "aws_kendra_index": dataAwsKendraIndex, - "aws_kendra_query_suggestions_block_list": dataAwsKendraQuerySuggestionsBlockList, - "aws_kendra_thesaurus": dataAwsKendraThesaurus, - "aws_lambda_alias": placeholder, - "aws_lex_bot": dataAwsLexBot, - "aws_lex_bot_alias": dataAwsLexBotAlias, - "aws_lex_intent": dataAwsLexIntent, - "aws_lex_slot_type": dataAwsLexSlotType, - "aws_networkmanager_connection": dataAwsNetworkManagerConnection, - "aws_networkmanager_connections": dataAwsNetworkManagerConnections, - "aws_networkmanager_core_network_policy_document": placeholder, - "aws_networkmanager_device": dataAwsNetworkManagerDevice, - "aws_networkmanager_devices": dataAwsNetworkManagerDevices, - "aws_networkmanager_global_network": dataAwsNetworkManagerGlobalNetwork, - "aws_networkmanager_global_networks": dataAwsNetworkManagerGlobalNetworks, - "aws_networkmanager_link": dataAwsNetworkManagerLink, - "aws_networkmanager_links": dataAwsNetworkManagerLinks, - "aws_networkmanager_site": dataAwsNetworkManagerSite, - "aws_networkmanager_sites": dataAwsNetworkManagerSites, - "aws_oam_link": dataAwsOamLink, - "aws_oam_links": dataAwsOamLinks, - "aws_oam_sink": dataAwsOamSink, - "aws_oam_sinks": dataAwsOamSinks, - "aws_opensearchserverless_access_policy": dataAwsOpensearchserverlessAccessPolicy, - "aws_opensearchserverless_collection": dataAwsOpensearchserverlessCollection, - "aws_opensearchserverless_security_config": dataAwsOpensearchserverlessSecurityConfig, - "aws_opensearchserverless_security_policy": dataAwsOpensearchserverlessSecurityPolicy, - "aws_opensearchserverless_vpc_endpoint": dataAwsOpensearchserverlessVpcEndpoint, - "aws_organizations_delegated_administrators": dataAwsOrganizationsDelegatedAdministrators, - "aws_organizations_delegated_services": dataAwsOrganizationsDelegatedServices, - "aws_organizations_organizational_unit_child_accounts": dataAwsOrganizationsOrganizationalUnitChildsAccounts, - "aws_organizations_organizational_unit_descendant_accounts": dataAwsOrganizationsOrganizationalUnitDescendantAccounts, - "aws_organizations_organizational_units": dataAwsOrganizationsOrganizationalUnits, - "aws_organizations_policies": dataAwsOrganizationsPolicies, - "aws_organizations_policies_for_target": dataAwsOrganizationsPoliciesForTarget, - "aws_organizations_resource_tags": dataAwsOrganizationsResourceTags, - "aws_outposts_asset": dataAwsOutpostsAsset, - "aws_outposts_assets": dataAwsOutpostsAssets, - "aws_outposts_outpost_instance_type": dataAwsOutpostsOutpostInstanceType, - "aws_outposts_outpost_instance_types": dataAwsOutpostsOutpostInstanceTypes, - "aws_outposts_outposts": dataAwsOutpostsOutpost, - "aws_outposts_site": dataAwsOutpostSites, - "aws_outposts_sites": dataAwsOutpostsSites, - "aws_route53_delegation_set": dataAwsRoute53DelegationSet, - "aws_route53_resolver_endpoint": dataAwsRoute53ResolverEndpoint, - "aws_route53_resolver_query_log_config": dataAwsRoute53ResolverQueryLogConfig, - "aws_route53_resolver_rules": dataAwsRoute53ResolverRules, - "aws_servicecatalog_constraint": dataAwsSevicecatalogConstraint, - "aws_servicecatalog_launch_paths": dataAwsSevicecatalogLaunchPaths, - "aws_servicecatalog_portfolio": dataAwsSevicecatalogPortfolio, - "aws_servicecatalog_portfolio_constraints": dataAwsSevicecatalogPortfolioConstraints, - "aws_servicecatalog_product": dataAwsSevicecatalogProduct, - "aws_servicecatalog_provisioning_artifacts": dataAwsSevicecatalogProvisioningArtifacts, - "aws_sesv2_configuration_set": dataAwsSesv2ConfigurationSet, - "aws_sesv2_email_identity": dataAwsSesv2EmailIdentity, - "aws_sesv2_email_identity_mail_from_attributes": placeholder, - "aws_cognito_identity_pool": dataAwsCognitoIdentityPool, - "aws_fsx_ontap_file_system": dataAwsFsxOntapFileSystem, - "aws_fsx_ontap_storage_virtual_machine": dataAwsFsxOntapStorageVirtualMachine, - "aws_fsx_ontap_storage_virtual_machines": dataAwsFsxOntapStorageVirtualMachines, - "aws_organizations_organizational_unit": dataAwsOrganizationsOrganizationalUnit, - "aws_organizations_policy": dataAwsOrganizationsPolicy, - "aws_servicequotas_templates": dataAwsServicequotasTemplates, - "aws_ec2_transitgateway_route_table_propagations": placeholder, - "aws_saml_provider": dataAwsIamSamlProvider, - "aws_apigatewayv2_vpc_link": dataAwsApigatewayv2VpcLink, - "aws_athena_named_query": dataAwsAthenaNamedQuery, - "aws_bedrock_foundation_model": dataAwsBedrockFoundationModel, - "aws_bedrock_foundation_models": dataAwsBedrockFoundationModels, - "aws_iot_registration_code": dataAwsIotRegistrationCode, - "aws_opensearchserverless_lifecycle_policy": dataAwsOpensearchserverlessLifecyclePolicy, - "aws_emr_supported_instance_types": dataAwsEmrSupportedInstanceTypes, - "aws_lb_trust_store": dataAwsLbTrustStore, - "aws_alb_trust_store": dataAwsLbTrustStore, - "aws_codeguruprofiler_profiling_group": dataAwsCodeguruprofilerProfilingGroup, - "aws_ecr_repositories": dataAwsEcrRepositories, - "aws_ssoadmin_application": placeholder, - "aws_ssoadmin_application_providers": dataAwsSsoadminApplicationProviders, - "aws_polly_voices": dataAwsPollyVoices, - "aws_s3_directory_buckets": dataAwsS3DirectoryBuckets, - "aws_ssoadmin_application_assignments": dataAwsSsoadminApplicationAssignments, - "aws_ssoadmin_principal_application_assignments": dataAwsSsoadminPrincipalApplicationAssignments, - "aws_verifiedpermissions_policy_store": dataVerifiedpermissionsPolicyStore, - "aws_msk_bootstrap_brokers": dataAwsMskBoostrapBrokers, - "aws_mq_broker_engine_types": dataMqBrokerEngineTypes, - "aws_eks_access_entry": dataAwsEksAccessEntry, - "aws_bedrock_custom_model": dataAwsBedrockCustomModel, - "aws_bedrock_custom_models": dataAwsBedrockCustomModels, - "aws_ssmcontacts_rotation": dataAwsSsmcontactsRotation, - "aws_apprunner_hosted_zone_id": placeholder, - "aws_batch_job_definition": dataAwsBatchJobDefinition, - "aws_cognito_user_group": dataAwsCognitoUserGroup, - "aws_cognito_user_groups": dataAwsCognitoUserGroups, - "aws_db_parameter_group": dataAwsDBParameterGroup, - "aws_medialive_input": dataAwsMedialiveInput, - "aws_redshift_data_shares": dataAwsRedshiftDataShares, - "aws_redshift_producer_data_shares": dataAwsRedshiftProducerDataShares, - "aws_resourceexplorer2_search": dataAwsResourceexplorer2Search, - "aws_servicecatalogappregistry_application": dataAwsServicecatalogappregistryApplication, - "aws_devopsguru_notification_channel": dataAwsDevopsguruNotificationChannel, - "aws_devopsguru_resource_collection": dataAwsDevopsguruResourceCollection, - "aws_ecr_lifecycle_policy_document": placeholder, - "aws_identitystore_groups": dataAwsIdentitystoreGroups, - "aws_datazone_environment_blueprint": dataAwsDatazoneEnvironmentBlueprint, - "aws_chatbot_slack_workspace": dataAwsChatbotSlackWorkspace, - "aws_ec2_capacity_block_offering": dataAwsEc2CapacityBlockOffering, - "aws_appstream_image": dataAwsAppstreamImage, - "aws_cloudfront_origin_access_control": dataAwsCloudfrontOriginAccessControl, - "aws_cognito_user_pool": dataAwsCognitoUserPool, - "aws_ec2_transit_gateway_peering_attachments": dataAwsEc2TransitGatewayPeeringAttachments, - "aws_timestreamwrite_database": dataAwsTimestreamwriteDatabase, - "aws_timestreamwrite_table": dataAwsTimestreamwriteTable, - "aws_transfer_connector": dataAwsTransferConnector, - "aws_service_principal": placeholder, - "aws_ecr_repository_creation_template": dataAwsEcrRepositoryCreationTemplate, - } - - return TFLookup[find] +// AwsDataLookup is a map to connect resource name to an object map. +func AwsDataLookup(find string) interface{} { + return tFLookupDataAWS[find] } diff --git a/src/aws_datasource_test.go b/src/aws_datasource_test.go index 593de56b..ad871bdd 100644 --- a/src/aws_datasource_test.go +++ b/src/aws_datasource_test.go @@ -64,12 +64,15 @@ func TestGetAWSDataPermissions(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetAWSDataPermissions(tt.args.result) + if (err != nil) != tt.wantErr { t.Errorf("GetAWSDataPermissions() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetAWSDataPermissions() = %v, want %v", got, tt.want) } diff --git a/src/aws_test.go b/src/aws_test.go index b653e6c3..ff1f1411 100644 --- a/src/aws_test.go +++ b/src/aws_test.go @@ -104,18 +104,91 @@ func TestGetAWSPermissions(t *testing.T) { }, wantErr: true, }, + { + name: "empty type name", + args: args{pike.ResourceV2{ + Name: "aws_s3_bucket", + TypeName: "", + }}, + wantErr: true, + }, + { + name: "empty resource name", + args: args{pike.ResourceV2{ + Name: "", + TypeName: "resource", + }}, + wantErr: true, + }, + { + name: "valid resource type", + args: args{pike.ResourceV2{ + Name: "aws_s3_bucket", + TypeName: "resource", + }}, + want: []string{ + "s3:DeleteBucket", + "s3:CreateBucket", + "s3:GetLifecycleConfiguration", + "s3:GetBucketTagging", + "s3:GetBucketWebsite", + "s3:GetBucketLogging", + "s3:ListBucket", + "s3:GetAccelerateConfiguration", + "s3:GetBucketVersioning", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:GetReplicationConfiguration", + "s3:GetBucketObjectLockConfiguration", + "s3:GetObjectAcl", + "s3:GetObject", + "s3:GetEncryptionConfiguration", + "s3:GetBucketRequestPayment", + "s3:GetBucketCORS", + "s3:DeleteBucket", + }, + wantErr: false, + }, + { + name: "valid data type", + args: args{pike.ResourceV2{ + Name: "aws_s3_bucket", + TypeName: "data", + }}, + want: []string{"s3:ListBucket"}, + wantErr: false, + }, + { + name: "module type", + args: args{pike.ResourceV2{ + Name: "s3_module", + TypeName: "module", + }}, + wantErr: false, + }, + { + name: "unknown type", + args: args{pike.ResourceV2{ + Name: "aws_s3_bucket", + TypeName: "unknown", + }}, + wantErr: true, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetAWSPermissions(tt.args.result) + if (err != nil) != tt.wantErr { t.Errorf("GetAWSPermissions() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetAWSPermissions() = %v, want %v", got, tt.want) } @@ -169,18 +242,57 @@ func TestGetAWSResourcePermissions(t *testing.T) { }, wantErr: true, }, + { + name: "valid resource", + args: args{pike.ResourceV2{ + Name: "aws_s3_bucket", + Attributes: []string{"bucket"}, + }}, + want: []string{ + "s3:DeleteBucket", + "s3:CreateBucket", + "s3:GetLifecycleConfiguration", + "s3:GetBucketTagging", + "s3:GetBucketWebsite", + "s3:GetBucketLogging", + "s3:ListBucket", + "s3:GetAccelerateConfiguration", + "s3:GetBucketVersioning", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:GetReplicationConfiguration", + "s3:GetBucketObjectLockConfiguration", + "s3:GetObjectAcl", + "s3:GetObject", + "s3:GetEncryptionConfiguration", + "s3:GetBucketRequestPayment", + "s3:GetBucketCORS", + "s3:DeleteBucket", + }, + wantErr: false, + }, + { + name: "non-existent resource", + args: args{pike.ResourceV2{ + Name: "aws_nonexistent_resource", + }}, + wantErr: true, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetAWSResourcePermissions(tt.args.result) + if (err != nil) != tt.wantErr { t.Errorf("GetAWSResourcePermissions() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetAWSResourcePermissions() = %v, want %v", got, tt.want) } @@ -220,6 +332,7 @@ func Test_contains(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + if got := pike.Contains(tt.args.s, tt.args.e); got != tt.want { t.Errorf("Contains() = %v, want %v", got, tt.want) } @@ -274,15 +387,140 @@ func TestGetPermissionMap(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetPermissionMap(tt.args.raw, tt.args.attributes, tt.args.resource) + if (err != nil) != tt.wantErr { t.Errorf("GetPermissionMap() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetPermissionMap() = %v, want %v", got, tt.want) } }) } } + +func TestIsTypeOK(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + args interface{} + want map[string]interface{} + wantErr bool + }{ + { + name: "valid_map", + args: map[string]interface{}{ + "key1": "value1", + "key2": 123, + "key3": true, + }, + want: map[string]interface{}{ + "key1": "value1", + "key2": 123, + "key3": true, + }, + wantErr: false, + }, + { + name: "nil_input", + args: nil, + want: nil, + wantErr: true, + }, + { + name: "string_input", + args: "not a map", + want: nil, + wantErr: true, + }, + { + name: "slice_input", + args: []string{"not", "a", "map"}, + want: nil, + wantErr: true, + }, + { + name: "empty_map", + args: map[string]interface{}{}, + want: map[string]interface{}{}, + wantErr: false, + }, + { + name: "nested_map", + args: map[string]interface{}{ + "outer": map[string]interface{}{ + "inner": "value", + }, + }, + want: map[string]interface{}{ + "outer": map[string]interface{}{ + "inner": "value", + }, + }, + wantErr: false, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + got, err := pike.IsTypeOK(tt.args) + + if (err != nil) != tt.wantErr { + t.Errorf("IsTypeOK() error = %v, wantErr %v", err, tt.wantErr) + + return + } + + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("IsTypeOK() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestAwsLookup(t *testing.T) { + tests := []struct { + name string + resourceName string + expectNil bool + }{ + { + name: "empty resource name", + resourceName: "", + expectNil: true, + }, + { + name: "valid resource", + resourceName: "aws_s3_bucket", + expectNil: false, + }, + { + name: "non-existent resource", + resourceName: "aws_nonexistent_resource", + expectNil: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + result := pike.AwsLookup(tt.resourceName) + + if tt.expectNil && result != nil { + t.Errorf("expected nil but got %v", result) + } + + if !tt.expectNil && result == nil { + t.Errorf("expected non-nil result but got nil") + } + }) + } +} diff --git a/src/azure.go b/src/azure.go index a8d9f9f6..2610035e 100644 --- a/src/azure.go +++ b/src/azure.go @@ -1,5 +1,61 @@ package pike +var tFLookupAzure = map[string]interface{}{ + "azurerm_api_management": azurermAPIManagement, + "azurerm_app_configuration": azurermAppConfiguration, + "azurerm_app_service": azurermAppService, + "azurerm_app_service_plan": azurermAppServicePlan, + "azurerm_cognitive_account": azurermCognitiveAccount, + "azurerm_container_registry": azurermContainerRegistry, + "azurerm_cosmosdb_account": azurermCosmosdbAccount, + "azurerm_cosmosdb_table": azurermCosmosdbTable, + "azurerm_disk_encryption_set": azurermDiskEncryptionSet, + "azurerm_dns_zone": azurermDNSZone, + "azurerm_key_vault": azurermKeyVault, + "azurerm_key_vault_access_policy": azurermKeyVaultAccessPolicy, + "azurerm_key_vault_key": azurermKeyVaultKey, + "azurerm_linux_virtual_machine": azurermVirtualMachine, + "azurerm_linux_virtual_machine_scale_set": azurermLinuxVirtualMachineScaleSet, + "azurerm_log_analytics_solution": azurermLogAnalyticsSolution, + "azurerm_log_analytics_workspace": azurermLogAnalyticsWorkspace, + "azurerm_managed_disk": azurermManagedDisk, + "azurerm_management_group": azurermManagementGroup, + "azurerm_mariadb_configuration": azurermMariadbConfiguration, + "azurerm_mariadb_database": azurermMariadbDatabase, + "azurerm_mariadb_firewall_rule": azurermMariadbFirewallRule, + "azurerm_mariadb_server": azurermMariadbServer, + "azurerm_network_interface": azurermNetworkInterface, + "azurerm_network_security_group": azurermNetworkSecurityGroup, + "azurerm_network_security_rule": azurermNetworkSecurityRule, + "azurerm_network_watcher": azurermNetworkWatcher, + "azurerm_network_watcher_flow_log": azurermNetworkWatcherFlowLog, + "azurerm_private_dns_zone": azurermPrivateDNSZone, + "azurerm_private_endpoint": azurermPrivateEndpoint, + "azurerm_redis_cache": azurermRedisCache, + "azurerm_resource_group": azurermResourceGroup, + "azurerm_role_assignment": azurermRoleAssignment, + "azurerm_search_service": azurermSearchService, + "azurerm_security_center_contact": azurermSecurityCenterContact, + "azurerm_security_center_setting": azurermSecurityCenterSetting, + "azurerm_security_center_workspace": azurermSecurityCenterWorkspace, + "azurerm_service_plan": azurermServicePlan, + "azurerm_storage_account": azurermStorageAccount, + "azurerm_storage_account_customer_managed_key": azurermStorageAccountCustomerManagedKey, + "azurerm_storage_account_network_rules": azurermStorageAccountNetworkRules, + "azurerm_storage_container": azurermStorageContainer, + "azurerm_storage_sync": azurermStorageSync, + "azurerm_storage_sync_group": azurermStorageSyncGroup, + "azurerm_subnet": azurermSubnet, + "azurerm_user_assigned_identity": azurermUserAssignedIdentity, + "azurerm_virtual_machine": azurermVirtualMachine, + "azurerm_virtual_machine_scale_set": azurermLinuxVirtualMachineScaleSet, + "azurerm_virtual_network": azurermVirtualNetwork, + "azurerm_virtual_network_peering": azurermVirtualNetworkPeering, + "azurerm_web_pubsub": azurermWebPubsub, + "azurerm_windows_virtual_machine": azurermVirtualMachine, + "azurerm_windows_virtual_machine_scale_set": azurermLinuxVirtualMachineScaleSet, +} + // GetAZUREPermissions for GCP resources. func GetAZUREPermissions(result ResourceV2) ([]string, error) { var ( @@ -7,7 +63,7 @@ func GetAZUREPermissions(result ResourceV2) ([]string, error) { Permissions []string ) - if result.TypeName == "resource" { + if result.TypeName == resource { Permissions, err = GetAZUREResourcePermissions(result) if err != nil { return Permissions, err @@ -42,61 +98,5 @@ func GetAZUREResourcePermissions(result ResourceV2) ([]string, error) { } func AzureLookup(name string) interface{} { - TFLookup := map[string]interface{}{ - "azurerm_api_management": azurermAPIManagement, - "azurerm_app_configuration": azurermAppConfiguration, - "azurerm_app_service": azurermAppService, - "azurerm_app_service_plan": azurermAppServicePlan, - "azurerm_cognitive_account": azurermCognitiveAccount, - "azurerm_container_registry": azurermContainerRegistry, - "azurerm_cosmosdb_account": azurermCosmosdbAccount, - "azurerm_cosmosdb_table": azurermCosmosdbTable, - "azurerm_disk_encryption_set": azurermDiskEncryptionSet, - "azurerm_dns_zone": azurermDNSZone, - "azurerm_key_vault": azurermKeyVault, - "azurerm_key_vault_access_policy": azurermKeyVaultAccessPolicy, - "azurerm_key_vault_key": azurermKeyVaultKey, - "azurerm_linux_virtual_machine": azurermVirtualMachine, - "azurerm_linux_virtual_machine_scale_set": azurermLinuxVirtualMachineScaleSet, - "azurerm_log_analytics_solution": azurermLogAnalyticsSolution, - "azurerm_log_analytics_workspace": azurermLogAnalyticsWorkspace, - "azurerm_managed_disk": azurermManagedDisk, - "azurerm_management_group": azurermManagementGroup, - "azurerm_mariadb_configuration": azurermMariadbConfiguration, - "azurerm_mariadb_database": azurermMariadbDatabase, - "azurerm_mariadb_firewall_rule": azurermMariadbFirewallRule, - "azurerm_mariadb_server": azurermMariadbServer, - "azurerm_network_interface": azurermNetworkInterface, - "azurerm_network_security_group": azurermNetworkSecurityGroup, - "azurerm_network_security_rule": azurermNetworkSecurityRule, - "azurerm_network_watcher": azurermNetworkWatcher, - "azurerm_network_watcher_flow_log": azurermNetworkWatcherFlowLog, - "azurerm_private_dns_zone": azurermPrivateDNSZone, - "azurerm_private_endpoint": azurermPrivateEndpoint, - "azurerm_redis_cache": azurermRedisCache, - "azurerm_resource_group": azurermResourceGroup, - "azurerm_role_assignment": azurermRoleAssignment, - "azurerm_search_service": azurermSearchService, - "azurerm_security_center_contact": azurermSecurityCenterContact, - "azurerm_security_center_setting": azurermSecurityCenterSetting, - "azurerm_security_center_workspace": azurermSecurityCenterWorkspace, - "azurerm_service_plan": azurermServicePlan, - "azurerm_storage_account": azurermStorageAccount, - "azurerm_storage_account_customer_managed_key": azurermStorageAccountCustomerManagedKey, - "azurerm_storage_account_network_rules": azurermStorageAccountNetworkRules, - "azurerm_storage_container": azurermStorageContainer, - "azurerm_storage_sync": azurermStorageSync, - "azurerm_storage_sync_group": azurermStorageSyncGroup, - "azurerm_subnet": azurermSubnet, - "azurerm_user_assigned_identity": azurermUserAssignedIdentity, - "azurerm_virtual_machine": azurermVirtualMachine, - "azurerm_virtual_machine_scale_set": azurermLinuxVirtualMachineScaleSet, - "azurerm_virtual_network": azurermVirtualNetwork, - "azurerm_virtual_network_peering": azurermVirtualNetworkPeering, - "azurerm_web_pubsub": azurermWebPubsub, - "azurerm_windows_virtual_machine": azurermVirtualMachine, - "azurerm_windows_virtual_machine_scale_set": azurermLinuxVirtualMachineScaleSet, - } - - return TFLookup[name] + return tFLookupAzure[name] } diff --git a/src/azure_datasource.go b/src/azure_datasource.go index 39601623..03d791e0 100644 --- a/src/azure_datasource.go +++ b/src/azure_datasource.go @@ -19,7 +19,7 @@ func GetAZUREDataPermissions(result ResourceV2) ([]string, error) { } func AzureDataLookup(name string) interface{} { - TFLookup := map[string]interface{}{ + TFLookupAzureData := map[string]interface{}{ "azurerm_app_service": dataAzurermAppService, "azurerm_app_service_certificate": dataAzurermAppServiceCertificate, "azurerm_app_service_certificate_order": dataAzurermAppServiceCertificateOrder, @@ -71,9 +71,9 @@ func AzureDataLookup(name string) interface{} { "azurerm_source_control_token": placeholder, "azurerm_spring_cloud_app": dataAzurermSpringCloudApp, "azurerm_spring_cloud_service": dataAzurermSpringCloudService, - "azurerm_sql_database": dataAzurermSqlDatabase, - "azurerm_sql_managed_instance": dataAzurermSqlManagedInstance, - "azurerm_sql_server": dataAzurermSqlServer, + "azurerm_sql_database": dataAzurermSQLDatabase, + "azurerm_sql_managed_instance": dataAzurermSQLManagedInstance, + "azurerm_sql_server": dataAzurermSQLServer, "azurerm_ssh_public_key": dataAzurermSSHPublicKey, "azurerm_stack_hci_cluster": dataAzurermStackHCICluster, "azurerm_storage_account": dataAzurermStorageAccount, @@ -116,14 +116,14 @@ func AzureDataLookup(name string) interface{} { "azurerm_web_pubsub_private_link_resource": placeholder, "azurerm_windows_function_app": dataAzurermWindowsFunctionApp, "azurerm_windows_web_app": dataAzurermWindowsWebApp, - "azurerm_api_management": dataAzurermApiManagement, - "azurerm_api_management_api": dataAzurermApiManagementApi, - "azurerm_api_management_api_version_set": dataAzurermApiManagementVersionSet, - "azurerm_api_management_gateway": dataAzurermApiManagementGateway, - "azurerm_api_management_gateway_host_name_configuration": dataAzurermApiManagementGatewayHostNameConfiguration, - "azurerm_api_management_group": dataAzurermApiManagementGroup, - "azurerm_api_management_product": dataAzurermApiManagmentProduct, - "azurerm_api_management_user": dataAzurermApiManagementUser, + "azurerm_api_management": dataAzurermAPIManagement, + "azurerm_api_management_api": dataAzurermAPIManagementAPI, + "azurerm_api_management_api_version_set": dataAzurermAPIManagementVersionSet, + "azurerm_api_management_gateway": dataAzurermAPIManagementGateway, + "azurerm_api_management_gateway_host_name_configuration": dataAzurermAPIManagementGatewayHostNameConfiguration, + "azurerm_api_management_group": dataAzurermAPIManagementGroup, + "azurerm_api_management_product": dataAzurermAPIManagmentProduct, + "azurerm_api_management_user": dataAzurermAPIManagementUser, "azurerm_app_configuration": dataAzurermAppConfiguration, "azurerm_app_configuration_key": dataAzurermAppConfigurationKey, "azurerm_app_configuration_keys": dataAzurermAppConfigurationKeys, @@ -140,7 +140,7 @@ func AzureDataLookup(name string) interface{} { "azurerm_automation_variables": dataAzurermAutomationVariable, "azurerm_availability_set": dataAzurermAvailabilitySet, "azurerm_backup_policy_file_share": dataAzurermBackupPolicyFileShare, - "azurerm_backup_policy_vm": dataAzurermBackupPolicyVm, + "azurerm_backup_policy_vm": dataAzurermBackupPolicyVM, "azurerm_bastion_host": dataAzurermBastionHost, "azurerm_batch_account": dataAzurermBatchAccount, "azurerm_batch_application": dataAzurermBatchApplication, @@ -148,5 +148,5 @@ func AzureDataLookup(name string) interface{} { "azurerm_batch_pool": dataAzurermBatchPool, } - return TFLookup[name] + return TFLookupAzureData[name] } diff --git a/src/azure_datasource_test.go b/src/azure_datasource_test.go index fc7726cb..1d19b54d 100644 --- a/src/azure_datasource_test.go +++ b/src/azure_datasource_test.go @@ -20,16 +20,26 @@ func TestGetAZUREDataPermissions(t *testing.T) { want []string wantErr bool }{ - {name: "pass", args: args{ - result: pike.ResourceV2{ - TypeName: "data", - Name: "azurerm_resource_group", - ResourceName: "pike", - Provider: "azurerm", - Attributes: []string{"name", "location", "tags"}, + { + name: "pass", + args: args{ + result: pike.ResourceV2{ + TypeName: "data", + Name: "azurerm_resource_group", + ResourceName: "pike", + Provider: "azurerm", + Attributes: []string{"name", "location", "tags"}, + }, }, - }, want: []string{"Microsoft.Resources/subscriptions/resourcegroups/read"}}, - {name: "empty", wantErr: true}, + want: []string{"Microsoft.Resources/subscriptions/resourcegroups/read"}, + wantErr: false, + }, + { + name: "empty", + args: args{}, + want: nil, + wantErr: true, + }, { name: "guff", args: args{result: pike.ResourceV2{ @@ -47,12 +57,15 @@ func TestGetAZUREDataPermissions(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetAZUREDataPermissions(tt.args.result) + if (err != nil) != tt.wantErr { t.Errorf("GetAZUREDataPermissions() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetAZUREDataPermissions() = %v, want %v", got, tt.want) } diff --git a/src/azure_policy.go b/src/azure_policy.go index 08e3bf0d..5de30eb3 100644 --- a/src/azure_policy.go +++ b/src/azure_policy.go @@ -3,7 +3,6 @@ package pike import ( "bytes" _ "embed" // required for embed - "fmt" "strings" "text/template" ) @@ -12,15 +11,24 @@ import ( var policyAZURETemplate []byte // AZUREPolicy creates an Azure role definition. -func AZUREPolicy(permissions []string) (string, error) { +// permissions: slice of Azure permission strings in format "action:resource" +// Returns the policy definition as a string or an error if generation fails. +func AZUREPolicy(permissions []string, policyName string) (string, error) { + // Add validation for empty permissions slice + if len(permissions) == 0 { + return "", &emptyPermissionsError{} + } + test := strings.Join(permissions, "\",\n \"") type azurePolicyDetails struct { - Name string - Permissions string + Name string `json:"name"` + Permissions string `json:"permissions"` } - policyName := "terraform_pike" + if policyName == "" { + policyName = defaultPolicyName + } theDetails := azurePolicyDetails{policyName, test} @@ -28,13 +36,12 @@ func AZUREPolicy(permissions []string) (string, error) { tmpl, err := template.New("test").Parse(string(policyAZURETemplate)) if err != nil { - return "", fmt.Errorf("failed to create template %w", err) + return "", &templateParseError{err} } err = tmpl.Execute(&output, theDetails) - if err != nil { - return "", fmt.Errorf("failed to execute template %w", err) + return "", &templateExecuteError{err} } return output.String(), nil diff --git a/src/azure_policy_test.go b/src/azure_policy_test.go index eb337e71..3e4b0426 100644 --- a/src/azure_policy_test.go +++ b/src/azure_policy_test.go @@ -1,17 +1,17 @@ -package pike_test +package pike import ( _ "embed" "testing" - - pike "github.com/jameswoolfenden/pike/src" ) +//nolint:funlen func TestAZUREPolicy(t *testing.T) { t.Parallel() type args struct { permissions []string + policyName string } tests := []struct { @@ -22,12 +22,29 @@ func TestAZUREPolicy(t *testing.T) { }{ { name: "pass", - args: args{[]string{"woof"}}, + args: args{[]string{"woof"}, ""}, want: "resource \"azurerm_role_definition\" \"terraform_pike\" {\n role_definition_id = local.uuid\n" + " name = \"terraform_pike\"\n scope = data.azurerm_subscription.primary.id\n\n" + " permissions {\n actions = [\n \"woof\"]\n not_actions = []\n }\n\n assignable_scopes = [\n" + " data.azurerm_subscription.primary.id,\n ]\n}\n\nlocals {\n uuid = uuid()\n}\n\ndata" + " \"azurerm_subscription\" \"primary\" {\n}\n", + wantErr: false, + }, + { + name: "fail", + args: args{[]string{}, ""}, + want: "", + wantErr: true, + }, + { + name: "Policy named", + args: args{[]string{"woof"}, "pike"}, + want: "resource \"azurerm_role_definition\" \"pike\" {\n role_definition_id = local.uuid\n" + + " name = \"pike\"\n scope = data.azurerm_subscription.primary.id\n\n" + + " permissions {\n actions = [\n \"woof\"]\n not_actions = []\n }\n\n assignable_scopes = [\n" + + " data.azurerm_subscription.primary.id,\n ]\n}\n\nlocals {\n uuid = uuid()\n}\n\ndata" + + " \"azurerm_subscription\" \"primary\" {\n}\n", + wantErr: false, }, } @@ -35,16 +52,20 @@ func TestAZUREPolicy(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.AZUREPolicy(tt.args.permissions) + + got, err := AZUREPolicy(tt.args.permissions, tt.args.policyName) + if (err != nil) != tt.wantErr { t.Errorf("AZUREPolicy() error = %v, wantErr %v", err, tt.wantErr) return } - mingot := Minify(got) - minwant := Minify(tt.want) - if mingot != minwant { - t.Errorf("AZUREPolicy() = %v, want %v", mingot, minwant) + + minGot := Minify(got) + minWant := Minify(tt.want) + + if minGot != minWant { + t.Errorf("AZUREPolicy() = %v, want %v", minGot, minWant) } }) } diff --git a/src/azure_test.go b/src/azure_test.go index d12c18ea..e4a38957 100644 --- a/src/azure_test.go +++ b/src/azure_test.go @@ -98,6 +98,7 @@ func TestGetAZUREPermissions(t *testing.T) { return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetAZUREPermissions() = %v, want %v", got, tt.want) } @@ -151,7 +152,9 @@ func TestGetAZUREResourcePermissions(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetAZUREResourcePermissions(tt.args.result) + if (err != nil) != tt.wantErr { t.Errorf("GetAZUREResourcePermissions() error = %v, wantErr %v", err, tt.wantErr) diff --git a/src/compare.go b/src/compare.go index 4685af9a..f7fa0067 100644 --- a/src/compare.go +++ b/src/compare.go @@ -3,80 +3,395 @@ package pike import ( "context" "encoding/json" + "errors" "fmt" + "os" + "regexp" + "slices" + "strings" + "time" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/iam" + "github.com/google/go-cmp/cmp" "github.com/rs/zerolog/log" diff "github.com/yudai/gojsondiff" "github.com/yudai/gojsondiff/formatter" + gcpiam "google.golang.org/api/iam/v1" + "google.golang.org/api/serviceusage/v1" ) +// Replace hardcoded values with constants +const ( + defaultTimeout = 30 * time.Second + gcpIAMAPIName = "iam.googleapis.com" + awsARNPrefix = "arn:" + gcpProjectPrefix = "projects/" +) + +type invalidCloudError struct { + arn string +} + +func (e *invalidCloudError) Error() string { + return fmt.Sprintf("Invalid Cloud: %v", e.arn) +} + // Compare IAC codebase to AWS policy. func Compare(directory string, arn string, init bool) (bool, error) { - var theSame bool + var result bool + + result, err := inputValidationCompare(directory, arn) + if err != nil { + log.Error().Msgf("Failed to validate input %v", err) + return false, &inputValidationError{err: err} + } + + switch getCloudFromRole(arn) { + case "aws": + { + result, err = compareAWSRole(directory, arn, init) + } + case "gcp": + { + result, err = compareGCPRole(directory, arn, init) + } + default: + { + err = &invalidCloudError{arn} + } + } + + return result, err +} + +func getCloudFromRole(arn string) string { + + var result string + + if strings.Contains(arn, "arn:") { + result = "aws" + } else if strings.Contains(arn, "projects") { + result = "gcp" + } else { + result = "unknown" + } + + return result +} + +type apiNotFoundError struct { + API string +} + +func (m *apiNotFoundError) Error() string { + return fmt.Sprintf("API %s not found", m.API) +} + +type apiNotEnabledError struct { + API string +} + +func (m *apiNotEnabledError) Error() string { + return fmt.Sprintf("API %s not enabled", m.API) +} + +func compareGCPRole(directory string, arn string, init bool) (bool, error) { + // The resource name of the role in one of the following formats: + // `roles/{ROLE_NAME}` + // `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` + // `projects/{PROJECT_ID}/roles/{ROLE_NAME}` + err := verifyGCPRole(arn) + + if err != nil { + return false, &gcpRoleNotVerified{arn} + } + + iacPolicy, err := makePermissionBag(directory, nil, init, "") + if err != nil { + return false, &getIAMVersionError{err} + } + + var projectID *string + projectID, err = GetEnv("GCP_PROJECT") + + if err != nil { + return false, &EnvVariableNotSetError{"GCP_PROJECT"} + } + + var API string + API = gcpIAMAPIName + + enabled, err := isGCPAPIEnabled(*projectID, API) + + if err != nil { + return enabled, &apiNotFoundError{API} + } + + if !enabled { + return enabled, &apiNotEnabledError{API} + } + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + iamService, err := gcpiam.NewService(ctx) + if err != nil { + return false, &iamServiceError{err} + } + + Roles, err := iamService.Roles.Get(arn).Context(ctx).Do() + + if Roles == nil { + return false, &gcpRoleNotFound{arn} + } + + if err != nil { + return false, &gcpIAMRoleError{err} + } + + return compareGCPPolicy(Roles, iacPolicy), nil +} + +func compareGCPPolicy(Roles *gcpiam.Role, iacPolicy Sorted) bool { + slices.Sort(Roles.IncludedPermissions) + slices.Sort(iacPolicy.GCP) + + results := cmp.Diff(Unique(Roles.IncludedPermissions), Unique(iacPolicy.GCP)) + if results != "" { + replacer := strings.NewReplacer("[]string{", "", "}", "") + results = replacer.Replace(results) + fmt.Print("Policy Comparison mismatch mismatch (-excess +needs):") + fmt.Print(results) + return false + } + return true +} + +type gcpIAMRoleError struct { + err error +} + +func (m *gcpIAMRoleError) Error() string { + return fmt.Sprintf("IAM Role Error: %v", m.err) +} + +type gcpRoleNotFound struct { + role string +} + +func (e *gcpRoleNotFound) Error() string { + return fmt.Sprintf("IAM Role Error: %v", e.role) +} + +type iamServiceError struct { + err error +} + +func (m *iamServiceError) Error() string { + return m.err.Error() +} + +func isGCPAPIEnabled(projectID string, want string) (bool, error) { + enabledAPIs, err := listEnabledAPIs(projectID) + + if err != nil || enabledAPIs == nil { + log.Error().Msgf("Failed to list enabled APIs %v", err) + } + + if !slices.Contains(enabledAPIs, want) { + return false, errors.New("API not enabled") + } + + return true, nil +} + +func compareAWSRole(directory string, arn string, init bool) (bool, error) { + // Load the Shared AWS Configuration (~/.aws/config) - cfg, err := config.LoadDefaultConfig(context.TODO()) + ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout) + + defer cancel() + + cfg, err := config.LoadDefaultConfig(ctx) if err != nil { - log.Fatal().Err(err) + return false, &awsConfigError{err} } client := iam.NewFromConfig(cfg) - Version, err := GetVersion(client, arn) + version, err := getVersion(client, arn) if err != nil { - return theSame, err + return false, &getVersionError{err} } - Policy, _ := GetPolicyVersion(client, arn, *Version) + policy, err := getPolicyVersion(client, arn, *version) + if err != nil { + return false, &getPolicyVersionError{err} + } - iacPolicy, err := MakePolicy(directory, nil, init, false) + iacPolicy, err := MakePolicy(directory, nil, init, false, "", "") if err != nil { - return theSame, err + return false, &getIAMVersionError{err} } - Sorted, err := SortActions(iacPolicy.AWS.JSONOut) + sorted, err := sortActions(iacPolicy.AWS.JSONOut) if err != nil { - return theSame, err + return false, &sortActionsError{iacPolicy.AWS.JSONOut} } // iam versus iac fmt.Printf("IAM Policy %s versus Local %s \n", arn, directory) - return CompareIAMPolicy(*Policy, *Sorted) + return compareIAMPolicy(*policy, *sorted) } -// CompareIAMPolicy takes two IAM policies and compares. -func CompareIAMPolicy(policy string, oldPolicy string) (bool, error) { +func inputValidationCompare(directory string, arn string) (bool, error) { + if directory == "" { + log.Error().Msg("Directory cannot be empty") + return false, &emptyDirectoryError{} + } + + if arn == "" { + log.Error().Msg("ARN cannot be empty") + return false, &arnEmptyError{} + } + + if _, err := os.Stat(directory); os.IsNotExist(err) { + log.Error().Msgf("Directory %s does not exist", directory) + return false, &directoryNotFoundError{directory} + } + + if !strings.HasPrefix(arn, awsARNPrefix) && !strings.HasPrefix(arn, gcpProjectPrefix) { + log.Error().Msgf("Invalid ARN %s cant determine cloud in use", arn) + return false, &invalidARNError{arn} + } + + return true, nil +} + +type compareDifferenceError struct { + err error +} + +func (m *compareDifferenceError) Error() string { + return fmt.Sprintf("compare difference failed: %v", m.err) +} + +// compareIAMPolicy takes two IAM policies and compares. +func compareIAMPolicy(policy string, oldPolicy string) (bool, error) { differ := diff.New() compare, err := differ.Compare([]byte(policy), []byte(oldPolicy)) + if err != nil { - return false, err + return false, &compareDifferenceError{err} } if compare.Modified() { - var aJSON map[string]interface{} - err = json.Unmarshal([]byte(policy), &aJSON) + return showDifferences(policy, compare) + } - if err != nil { - return false, err - } + return true, nil +} - myConfig := formatter.AsciiFormatterConfig{ - ShowArrayIndex: true, - Coloring: true, - } +type formatterError struct { + err error +} + +func (m *formatterError) Error() string { + return fmt.Sprintf("formatter failed: %v", m.err) +} + +func showDifferences(policy string, compare diff.Diff) (bool, error) { + var aJSON map[string]interface{} + err := json.Unmarshal([]byte(policy), &aJSON) + + if err != nil { + return false, &marshallPolicyError{err} + } + + myConfig := formatter.AsciiFormatterConfig{ + ShowArrayIndex: true, + Coloring: true, + } + + myFormatter := formatter.NewAsciiFormatter(aJSON, myConfig) + diffString, err := myFormatter.Format(compare) + + if err != nil { + return false, &formatterError{err} + } + + fmt.Print(diffString) + + return false, nil +} + +func listEnabledAPIs(projectID string) ([]string, error) { + ctx := context.Background() + serviceUsageService, err := serviceusage.NewService(ctx) + if err != nil { + return nil, fmt.Errorf("failed to create Service Usage client: %v", err) + } + + parent := fmt.Sprintf("projects/%s", projectID) + req := serviceUsageService.Services.List(parent).Filter("state:ENABLED") - myFormatter := formatter.NewAsciiFormatter(aJSON, myConfig) - diffString, err := myFormatter.Format(compare) - if err != nil { - return false, err + var services []string + if err := req.Pages(ctx, func(page *serviceusage.ListServicesResponse) error { + for _, service := range page.Services { + services = append(services, service.Config.Name) } + return nil + }); err != nil { + return nil, fmt.Errorf("failed to list services: %v", err) + } + + return services, nil +} + +type arnNotVerified struct { + arn string +} + +func (e *arnNotVerified) Error() string { + fmt.Print("ARN must be in the following format:") + fmt.Print("arn:aws:iam::123456789012:role/role-name") + return fmt.Sprintf("ARN %s not verified", e.arn) +} - fmt.Print(diffString) +type gcpRoleNotVerified struct { + role string +} + +func (e *gcpRoleNotVerified) Error() string { + fmt.Print( + `The resource name of the role in one of the following formats: + roles/{ROLE_NAME} + organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME} + projects/{PROJECT_ID}/roles/{ROLE_NAME}`) + return e.role +} - return false, nil +func verifyGCPRole(role string) error { + r, err := regexp.Compile("projects/(.*\\S)/roles/(.*\\S)") + // Regex should be compiled once as package variable + if err == nil { + if r.MatchString(role) { + return nil + } } - return true, nil + return &gcpRoleNotVerified{role} +} + +func verifyAWSARN(ARN string) error { + r, err := regexp.Compile("arn:aws:iam::(.*\\S):role/(.*\\S)") + // Regex should be compiled once as package variable + if err == nil { + if r.MatchString(ARN) { + return nil + } + } + return &arnNotVerified{ARN} } diff --git a/src/compare_internal_test.go b/src/compare_internal_test.go new file mode 100644 index 00000000..c213f8e5 --- /dev/null +++ b/src/compare_internal_test.go @@ -0,0 +1,442 @@ +package pike + +import ( + "errors" + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" + diff "github.com/yudai/gojsondiff" + gcpiam "google.golang.org/api/iam/v1" +) + +type mockDiff struct { + diff.Diff +} + +func (m mockDiff) Modified() bool { + return true +} + +func TestCompareIAMPolicy(t *testing.T) { + t.Parallel() + + type args struct { + Policy string + OldPolicy string + } + + tests := []struct { + name string + args args + want bool + wantErr bool + }{ + { + "same", + args{ + "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", + "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", + }, + true, + false, + }, + { + "different", + args{ + "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", + "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:bogus\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", + }, + false, + false, + }, + { + "not-json", + args{ + "guff", + "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:bogus\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", + }, + false, + true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, err := compareIAMPolicy(tt.args.Policy, tt.args.OldPolicy) + if (err != nil) != tt.wantErr { + t.Errorf("CompareIAMPolicy() error = %v, wantErr %v", err, tt.wantErr) + + return + } + if got != tt.want { + t.Errorf("CompareIAMPolicy() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestShowDifferences(t *testing.T) { + tests := []struct { + name string + policy string + diff diff.Diff + wantBool bool + wantErr bool + description string + }{ + { + name: "Invalid JSON policy", + policy: `{invalid-json}`, + diff: &mockDiff{}, + wantBool: false, + wantErr: true, + description: "Should return error for invalid JSON", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotBool, err := showDifferences(tt.policy, tt.diff) + + if (err != nil) != tt.wantErr { + t.Errorf("ShowDifferences() error = %v, wantErr %v", err, tt.wantErr) + return + } + + if gotBool != tt.wantBool { + t.Errorf("ShowDifferences() = %v, want %v", gotBool, tt.wantBool) + } + }) + } +} + +func TestInputValidationCompare(t *testing.T) { + // Create a temporary directory for testing + tmpDir, err := os.MkdirTemp("", "pike-test-*") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tmpDir) + + tests := []struct { + name string + directory string + arn string + wantBool bool + wantErr error + }{ + { + name: "empty directory", + directory: "", + arn: "arn:aws:iam::123456789012:policy/test", + wantBool: false, + wantErr: &emptyDirectoryError{}, + }, + { + name: "non-existent directory", + directory: filepath.Join(tmpDir, "nonexistent"), + arn: "arn:aws:iam::123456789012:policy/test", + wantBool: false, + wantErr: &directoryNotFoundError{filepath.Join(tmpDir, "nonexistent")}, + }, + { + name: "empty ARN", + directory: tmpDir, + arn: "", + wantBool: false, + wantErr: &arnEmptyError{}, + }, + { + name: "invalid ARN format", + directory: tmpDir, + arn: "invalid:arn", + wantBool: false, + wantErr: &invalidARNError{"invalid:arn"}, + }, + { + name: "valid inputs", + directory: tmpDir, + arn: "arn:aws:iam::123456789012:policy/test", + wantBool: true, + wantErr: nil, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotBool, gotErr := inputValidationCompare(tt.directory, tt.arn) + if gotBool != tt.wantBool { + t.Errorf("inputValidationCompare() bool = %v, want %v", gotBool, tt.wantBool) + } + if (gotErr == nil && tt.wantErr != nil) || (gotErr != nil && tt.wantErr == nil) { + t.Errorf("inputValidationCompare() error = %v, want %v", gotErr, tt.wantErr) + } + if gotErr != nil && tt.wantErr != nil && gotErr.Error() != tt.wantErr.Error() { + t.Errorf("inputValidationCompare() error = %v, want %v", gotErr, tt.wantErr) + } + }) + } +} + +func TestGetCloudFromRole(t *testing.T) { + tests := []struct { + name string + arn string + expected string + }{ + { + name: "AWS ARN", + arn: "arn:aws:iam::123456789012:role/MyRole", + expected: "aws", + }, + { + name: "GCP project role", + arn: "projects/my-project/roles/my-role", + expected: "gcp", + }, + { + name: "Unknown format", + arn: "invalid-role-format", + expected: "unknown", + }, + { + name: "Empty string", + arn: "", + expected: "unknown", + }, + { + name: "Partial AWS ARN", + arn: "arn:something", + expected: "aws", + }, + { + name: "Partial GCP format", + arn: "projects/test", + expected: "gcp", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := getCloudFromRole(tt.arn) + assert.Equal(t, tt.expected, result) + }) + } +} + +func TestVerifyGCPRole(t *testing.T) { + tests := []struct { + name string + role string + expectError bool + }{ + { + name: "valid GCP role format", + role: "projects/my-project/roles/my-custom-role", + expectError: false, + }, + { + name: "valid GCP role with numbers and hyphens", + role: "projects/my-project-123/roles/custom-role-456", + expectError: false, + }, + { + name: "valid GCP role with underscores", + role: "projects/my_project/roles/my_role", + expectError: false, + }, + { + name: "invalid role - missing projects prefix", + role: "my-project/roles/my-role", + expectError: true, + }, + { + name: "invalid role - missing roles section", + role: "projects/my-project/my-role", + expectError: true, + }, + { + name: "invalid role - empty project name", + role: "projects//roles/my-role", + expectError: true, + }, + { + name: "invalid role - empty role name", + role: "projects/my-project/roles/", + expectError: true, + }, + { + name: "invalid role - completely empty", + role: "", + expectError: true, + }, + { + name: "invalid role - wrong format", + role: "organizations/123456789/roles/my-role", + expectError: true, + }, + { + name: "invalid role - predefined role format", + role: "roles/viewer", + expectError: true, + }, + { + name: "invalid role - trailing whitespace in project", + role: "projects/my-project /roles/my-role", + expectError: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := verifyGCPRole(tt.role) + + if tt.expectError { + if err == nil { + t.Errorf("expected error for role %q, but got nil", tt.role) + } else { + // Verify it's the correct error type + if _, ok := err.(*gcpRoleNotVerified); !ok { + t.Errorf("expected gcpRoleNotVerified error type, got %T", err) + } + } + } else { + if err != nil { + t.Errorf("expected no error for role %q, but got: %v", tt.role, err) + } + } + }) + } +} + +func TestVerifyGCPRole_ErrorMessage(t *testing.T) { + invalidRole := "invalid-role-format" + err := verifyGCPRole(invalidRole) + + if err == nil { + t.Fatal("expected error but got nil") + } + + gcpErr, ok := err.(*gcpRoleNotVerified) + if !ok { + t.Fatalf("expected gcpRoleNotVerified error type, got %T", err) + } + + if gcpErr.role != invalidRole { + t.Errorf("expected error to contain role %q, got %q", invalidRole, gcpErr.role) + } +} + +func Test_gcpIAMRoleError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"invoke", fields{err: &gcpRoleNotVerified{role: "test"}}, "IAM Role Error: test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &gcpIAMRoleError{ + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_gcpRoleNotFound_Error(t *testing.T) { + type fields struct { + role string + } + tests := []struct { + name string + fields fields + want string + }{ + {"Invoke", fields{role: "test"}, "IAM Role Error: test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &gcpRoleNotFound{ + role: tt.fields.role, + } + assert.Equalf(t, tt.want, e.Error(), "Error()") + }) + } +} + +func Test_compareDifferenceError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"Invoke", fields{errors.New("test")}, "compare difference failed: test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &compareDifferenceError{ + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_iamServiceError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"invoke", fields{errors.New("test")}, "test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &iamServiceError{ + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_compareGCPPolicy(t *testing.T) { + type args struct { + Roles *gcpiam.Role + iacPolicy Sorted + } + tests := []struct { + name string + args args + want bool + }{ + {"Pass", + args{Roles: &gcpiam.Role{IncludedPermissions: []string{"Fred"}}, + iacPolicy: Sorted{GCP: []string{"Fred"}}}, + true}, + {"False", + args{Roles: &gcpiam.Role{IncludedPermissions: []string{"Fred"}}, + iacPolicy: Sorted{GCP: []string{"Jane"}}}, + false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equalf(t, tt.want, compareGCPPolicy(tt.args.Roles, tt.args.iacPolicy), "compareGCPPolicy(%v, %v)", tt.args.Roles, tt.args.iacPolicy) + }) + } +} diff --git a/src/compare_test.go b/src/compare_test.go index 4b74368e..11237457 100644 --- a/src/compare_test.go +++ b/src/compare_test.go @@ -1,20 +1,23 @@ //go:build auth -package pike_test +package pike import ( + "os" + "reflect" "testing" - - pike "github.com/jameswoolfenden/pike/src" ) -func TestCompareIAMPolicy(t *testing.T) { +func TestCompare(t *testing.T) { t.Parallel() type args struct { - Policy string - OldPolicy string + directory string + arn string + init bool } + os.Setenv("AWS_DEFAULT_PROFILE", "personal") + os.Setenv("GCP_PROJECT", "pike-412922") tests := []struct { name string @@ -22,83 +25,127 @@ func TestCompareIAMPolicy(t *testing.T) { want bool wantErr bool }{ - { - "same", - args{ - "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", - "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", - }, - true, - false, - }, - { - "different", - args{ - "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", - "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:bogus\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", - }, - false, - false, - }, - { - "not-json", - args{ - "guff", - "{\"Statement\":[{\"Action\":[\"cognito-idp:ListUserPoolClients\",\"cognito-idp:GetSigningCertificate\",\"cognito-idp:bogus\",\"cognito-idp:DescribeUserPoolClient\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"0\"}],\"Version\":\"2012-10-17\"}", - }, - false, - true, - }, + {"fail arn is empty", args{"./testdata/init/nicconf", "", false}, false, true}, + {"fail arn is not policy", args{"./testdata/init/nicconf", "arn:aws:iam::680235478471:user/readonly", false}, false, true}, + {"works but fails", args{"./testdata/init/nicconf", "arn:aws:iam::680235478471:policy/allows3", false}, false, false}, + //code is not aws + {"gcp-basic-fail", args{"./testdata/gcp/basic", "basic", false}, false, true}, + {"gcp-basic-exist-fail", args{"./testdata/gcp/basic", "projects/pike-412922/roles/terraform_pike", false}, false, false}, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.CompareIAMPolicy(tt.args.Policy, tt.args.OldPolicy) + got, err := Compare(tt.args.directory, tt.args.arn, tt.args.init) if (err != nil) != tt.wantErr { - t.Errorf("CompareIAMPolicy() error = %v, wantErr %v", err, tt.wantErr) - + t.Errorf("Compare() error = %v, wantErr %v", err, tt.wantErr) return } if got != tt.want { - t.Errorf("CompareIAMPolicy() = %v, want %v", got, tt.want) + t.Errorf("Compare() got = %v, want %v", got, tt.want) } }) } } -func TestCompare(t *testing.T) { - t.Parallel() +func Test_listEnabledAPIs(t *testing.T) { + type args struct { + projectID string + } + tests := []struct { + name string + args args + want []string + wantErr bool + }{ + {"All", args{"pike-"}, nil, true}, + {"Enabled", args{"488072219970"}, []string{"analyticshub.googleapis.com", + "artifactregistry.googleapis.com", "autoscaling.googleapis.com", "bigquery.googleapis.com", + "bigqueryconnection.googleapis.com", "bigquerydatapolicy.googleapis.com", "bigquerymigration.googleapis.com", + "bigqueryreservation.googleapis.com", "bigquerystorage.googleapis.com", "bigtable.googleapis.com", + "bigtableadmin.googleapis.com", "cloudapis.googleapis.com", "cloudbuild.googleapis.com", + "cloudfunctions.googleapis.com", "cloudkms.googleapis.com", "cloudresourcemanager.googleapis.com", + "cloudtrace.googleapis.com", "composer.googleapis.com", "compute.googleapis.com", "container.googleapis.com", + "containerfilesystem.googleapis.com", "containerregistry.googleapis.com", "dataform.googleapis.com", + "dataplex.googleapis.com", "datastore.googleapis.com", "dns.googleapis.com", "gkebackup.googleapis.com", + "iam.googleapis.com", "iamcredentials.googleapis.com", "logging.googleapis.com", "monitoring.googleapis.com", + "networkconnectivity.googleapis.com", "oslogin.googleapis.com", "pubsub.googleapis.com", "run.googleapis.com", + "servicehealth.googleapis.com", "servicemanagement.googleapis.com", "serviceusage.googleapis.com", + "source.googleapis.com", "sql-component.googleapis.com", "sqladmin.googleapis.com", "storage-api.googleapis.com", + "storage-component.googleapis.com", + "storage.googleapis.com"}, false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := listEnabledAPIs(tt.args.projectID) + if (err != nil) != tt.wantErr { + t.Errorf("listEnabledAPIs() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("listEnabledAPIs() got = %v, want %v", got, tt.want) + } + }) + } +} +func Test_compareGCPRole(t *testing.T) { type args struct { directory string arn string init bool } + os.Setenv("GCP_PROJECT", "pike-412922") tests := []struct { name string args args want bool wantErr bool }{ - {"fail arn is empty", args{"./testdata/init/nicconf", "", false}, false, true}, - {"fail arn is not policy", args{"./testdata/init/nicconf", "arn:aws:iam::680235478471:user/readonly", false}, false, true}, - {"pass", args{"./testdata/init/nicconf", "arn:aws:iam::680235478471:policy/testdata", false}, true, false}, + {"pass", args{"./testdata/gcp/basic", "projects/pike-412922/roles/terraform_pike", false}, false, false}, } - for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { - t.Parallel() - got, err := pike.Compare(tt.args.directory, tt.args.arn, tt.args.init) + got, err := compareGCPRole(tt.args.directory, tt.args.arn, tt.args.init) if (err != nil) != tt.wantErr { - t.Errorf("Compare() error = %v, wantErr %v", err, tt.wantErr) + t.Errorf("compareGCPRole() error = %v, wantErr %v", err, tt.wantErr) return } if got != tt.want { - t.Errorf("Compare() got = %v, want %v", got, tt.want) + t.Errorf("compareGCPRole() got = %v, want %v", got, tt.want) + } + }) + } +} + +func TestVerifyRole(t *testing.T) { + type args struct { + role string + } + tests := []struct { + name string + args args + want bool + wantErr bool + }{ + {"Fail", args{"projectsmine/duff/roles/mine"}, false, true}, + {"Fail2", args{"projects/duff/noroles/mine"}, false, true}, + {"Fail3", args{"projects/duff/roles"}, false, true}, + {"Fail4", args{"projects/roles/a"}, false, true}, + {"Fail5", args{"mine/duff/roles/mine"}, false, true}, + + {"Pass", args{"projects/a/roles/a"}, false, false}, + {"Pass2", args{"projects/duff/roles/mine"}, false, false}, + {"Pass3", args{role: "projects/pike-412922/roles/terraform_pike"}, false, false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := verifyGCPRole(tt.args.role) + if (err != nil) != tt.wantErr { + t.Errorf("VerifyRole() error = %v, wantErr %v", err, tt.wantErr) + return } }) } diff --git a/src/coverage/aws.md b/src/coverage/aws.md index 9cd47a00..91a8c024 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -1,617 +1,72 @@ -# todo aws +# AWS Resource Status -Resource percentage coverage 56.16 -Datasource percentage coverage 100.00 +| Terraform | Coverage % | Resources | Total Resources | +|------------|------------|-----------|-----------------| +| Resources | 95.96 | 1498 | 1561 | +| Datasource | 100.00 | 628 | 628 | -./resource.ps1 aws_amplify_backend_environment -./resource.ps1 aws_amplify_webhook -./resource.ps1 aws_appconfig_deployment -./resource.ps1 aws_appconfig_deployment_strategy -./resource.ps1 aws_appconfig_environment -./resource.ps1 aws_appconfig_extension -./resource.ps1 aws_appconfig_extension_association -./resource.ps1 aws_appconfig_hosted_configuration_version -./resource.ps1 aws_appfabric_app_authorization -./resource.ps1 aws_appfabric_app_authorization_connection -./resource.ps1 aws_appfabric_app_bundle -./resource.ps1 aws_appfabric_ingestion -./resource.ps1 aws_appfabric_ingestion_destination -./resource.ps1 aws_appflow_connector_profile -./resource.ps1 aws_appflow_flow -./resource.ps1 aws_appintegrations_data_integration -./resource.ps1 aws_appintegrations_event_integration -./resource.ps1 aws_appmesh_gateway_route -./resource.ps1 aws_appmesh_mesh -./resource.ps1 aws_appmesh_route -./resource.ps1 aws_appmesh_virtual_gateway -./resource.ps1 aws_appmesh_virtual_node -./resource.ps1 aws_appmesh_virtual_router -./resource.ps1 aws_appmesh_virtual_service -./resource.ps1 aws_apprunner_auto_scaling_configuration_version -./resource.ps1 aws_apprunner_connection -./resource.ps1 aws_apprunner_custom_domain_association -./resource.ps1 aws_apprunner_default_auto_scaling_configuration_version -./resource.ps1 aws_apprunner_deployment -./resource.ps1 aws_apprunner_observability_configuration -./resource.ps1 aws_apprunner_service -./resource.ps1 aws_apprunner_vpc_connector -./resource.ps1 aws_apprunner_vpc_ingress_connection -./resource.ps1 aws_appstream_directory_config -./resource.ps1 aws_appstream_fleet -./resource.ps1 aws_appstream_fleet_stack_association -./resource.ps1 aws_appstream_image_builder -./resource.ps1 aws_appstream_stack -./resource.ps1 aws_appstream_user -./resource.ps1 aws_appstream_user_stack_association -./resource.ps1 aws_appsync_api_cache -./resource.ps1 aws_appsync_api_key -./resource.ps1 aws_appsync_datasource -./resource.ps1 aws_appsync_domain_name -./resource.ps1 aws_appsync_domain_name_api_association -./resource.ps1 aws_appsync_function -./resource.ps1 aws_appsync_graphql_api -./resource.ps1 aws_appsync_resolver -./resource.ps1 aws_appsync_type -./resource.ps1 aws_athena_prepared_statement -./resource.ps1 aws_bcmdataexports_export -./resource.ps1 aws_bedrockagent_agent_knowledge_base_association -./resource.ps1 aws_bedrockagent_data_source -./resource.ps1 aws_bedrockagent_knowledge_base -./resource.ps1 aws_chatbot_slack_channel_configuration -./resource.ps1 aws_chatbot_teams_channel_configuration -./resource.ps1 aws_cleanrooms_collaboration -./resource.ps1 aws_cleanrooms_configured_table -./resource.ps1 aws_cloud9_environment_membership -./resource.ps1 aws_cloudcontrolapi_resource -./resource.ps1 aws_cloudfront_key_value_store -./resource.ps1 aws_cloudfront_realtime_log_config -./resource.ps1 aws_cloudfrontkeyvaluestore_key -./resource.ps1 aws_cloudhsm_v2_cluster -./resource.ps1 aws_cloudhsm_v2_hsm -./resource.ps1 aws_cloudwatch_log_account_policy -./resource.ps1 aws_cognito_identity_pool_provider_principal_tag -./resource.ps1 aws_cognito_identity_pool_roles_attachment -./resource.ps1 aws_cognito_managed_user_pool_client -./resource.ps1 aws_comprehend_document_classifier -./resource.ps1 aws_comprehend_entity_recognizer -./resource.ps1 aws_config_aggregate_authorization -./resource.ps1 aws_config_conformance_pack -./resource.ps1 aws_config_organization_conformance_pack -./resource.ps1 aws_config_organization_custom_policy_rule -./resource.ps1 aws_config_organization_custom_rule -./resource.ps1 aws_config_organization_managed_rule -./resource.ps1 aws_config_remediation_configuration -./resource.ps1 aws_config_retention_configuration -./resource.ps1 aws_connect_lambda_function_association -./resource.ps1 aws_controltower_control -./resource.ps1 aws_controltower_landing_zone -./resource.ps1 aws_cur_report_definition -./resource.ps1 aws_customerprofiles_domain -./resource.ps1 aws_customerprofiles_profile -./resource.ps1 aws_dataexchange_data_set -./resource.ps1 aws_dataexchange_revision -./resource.ps1 aws_datazone_glossary -./resource.ps1 aws_datazone_project -./resource.ps1 aws_detective_graph -./resource.ps1 aws_detective_invitation_accepter -./resource.ps1 aws_detective_member -./resource.ps1 aws_detective_organization_admin_account -./resource.ps1 aws_detective_organization_configuration -./resource.ps1 aws_devicefarm_device_pool -./resource.ps1 aws_devicefarm_instance_profile -./resource.ps1 aws_devicefarm_network_profile -./resource.ps1 aws_devicefarm_project -./resource.ps1 aws_devicefarm_upload -./resource.ps1 aws_devopsguru_event_sources_config -./resource.ps1 aws_devopsguru_notification_channel -./resource.ps1 aws_devopsguru_resource_collection -./resource.ps1 aws_devopsguru_service_integration -./resource.ps1 aws_directory_service_conditional_forwarder -./resource.ps1 aws_directory_service_radius_settings -./resource.ps1 aws_directory_service_region -./resource.ps1 aws_directory_service_shared_directory -./resource.ps1 aws_directory_service_shared_directory_accepter -./resource.ps1 aws_directory_service_trust -./resource.ps1 aws_docdbelastic_cluster -./resource.ps1 aws_drs_replication_configuration_template -./resource.ps1 aws_dx_bgp_peer -./resource.ps1 aws_dx_connection -./resource.ps1 aws_dx_connection_association -./resource.ps1 aws_dx_connection_confirmation -./resource.ps1 aws_dx_gateway_association_proposal -./resource.ps1 aws_dx_hosted_connection -./resource.ps1 aws_dx_hosted_private_virtual_interface -./resource.ps1 aws_dx_hosted_private_virtual_interface_accepter -./resource.ps1 aws_dx_hosted_public_virtual_interface -./resource.ps1 aws_dx_hosted_public_virtual_interface_accepter -./resource.ps1 aws_dx_hosted_transit_virtual_interface -./resource.ps1 aws_dx_lag -./resource.ps1 aws_dx_macsec_key_association -./resource.ps1 aws_dx_private_virtual_interface -./resource.ps1 aws_dx_public_virtual_interface -./resource.ps1 aws_dx_transit_virtual_interface -./resource.ps1 aws_dynamodb_kinesis_streaming_destination -./resource.ps1 aws_dynamodb_resource_policy -./resource.ps1 aws_dynamodb_table_export -./resource.ps1 aws_dynamodb_table_replica -./resource.ps1 aws_ebs_fast_snapshot_restore -./resource.ps1 aws_ebs_snapshot_block_public_access -./resource.ps1 aws_ebs_snapshot_import -./resource.ps1 aws_ec2_capacity_block_reservation -./resource.ps1 aws_ec2_image_block_public_access -./resource.ps1 aws_ec2_instance -./resource.ps1 aws_ec2_instance_connect_endpoint -./resource.ps1 aws_ec2_instance_metadata_defaults -./resource.ps1 aws_ec2_instance_state -./resource.ps1 aws_ec2_local_gateway_route -./resource.ps1 aws_ec2_local_gateway_route_table_vpc_association -./resource.ps1 aws_ec2_managed_prefix_list -./resource.ps1 aws_ec2_managed_prefix_list_entry -./resource.ps1 aws_ec2_serial_console_access -./resource.ps1 aws_ec2_subnet_cidr_reservation -./resource.ps1 aws_ec2_traffic_mirror_filter -./resource.ps1 aws_ec2_traffic_mirror_filter_rule -./resource.ps1 aws_ec2_traffic_mirror_session -./resource.ps1 aws_ec2_traffic_mirror_target -./resource.ps1 aws_ec2_transit_gateway_connect -./resource.ps1 aws_ec2_transit_gateway_connect_peer -./resource.ps1 aws_ec2_transit_gateway_multicast_domain -./resource.ps1 aws_ec2_transit_gateway_multicast_domain_association -./resource.ps1 aws_ec2_transit_gateway_multicast_group_member -./resource.ps1 aws_ec2_transit_gateway_multicast_group_source -./resource.ps1 aws_ec2_transit_gateway_peering_attachment -./resource.ps1 aws_ec2_transit_gateway_peering_attachment_accepter -./resource.ps1 aws_ec2_transit_gateway_policy_table -./resource.ps1 aws_ec2_transit_gateway_policy_table_association -./resource.ps1 aws_ec2_transit_gateway_prefix_list_reference -./resource.ps1 aws_ec2_transit_gateway_vpc_attachment_accepter -./resource.ps1 aws_ecr_repository_creation_template -./resource.ps1 aws_ecs_account_setting_default -./resource.ps1 aws_ecs_capacity_provider -./resource.ps1 aws_ecs_cluster_capacity_providers -./resource.ps1 aws_ecs_tag -./resource.ps1 aws_ecs_task_set -./resource.ps1 aws_eip_domain_name -./resource.ps1 aws_eks_access_entry -./resource.ps1 aws_eks_access_policy_association -./resource.ps1 aws_eks_fargate_profile -./resource.ps1 aws_eks_identity_provider_config -./resource.ps1 aws_eks_pod_identity_association -./resource.ps1 aws_elasticache_global_replication_group -./resource.ps1 aws_elasticache_serverless_cache -./resource.ps1 aws_elasticache_user_group_association -./resource.ps1 aws_elasticsearch_domain_saml_options -./resource.ps1 aws_elasticsearch_vpc_endpoint -./resource.ps1 aws_elastictranscoder_pipeline -./resource.ps1 aws_elastictranscoder_preset -./resource.ps1 aws_emr_block_public_access_configuration -./resource.ps1 aws_emr_instance_fleet -./resource.ps1 aws_emr_instance_group -./resource.ps1 aws_emr_studio -./resource.ps1 aws_emr_studio_session_mapping -./resource.ps1 aws_emrcontainers_job_template -./resource.ps1 aws_emrcontainers_virtual_cluster -./resource.ps1 aws_emrserverless_application -./resource.ps1 aws_evidently_feature -./resource.ps1 aws_evidently_launch -./resource.ps1 aws_evidently_project -./resource.ps1 aws_evidently_segment -./resource.ps1 aws_finspace_kx_cluster -./resource.ps1 aws_finspace_kx_database -./resource.ps1 aws_finspace_kx_dataview -./resource.ps1 aws_finspace_kx_environment -./resource.ps1 aws_finspace_kx_scaling_group -./resource.ps1 aws_finspace_kx_user -./resource.ps1 aws_finspace_kx_volume -./resource.ps1 aws_fis_experiment_template -./resource.ps1 aws_fms_admin_account -./resource.ps1 aws_fms_policy -./resource.ps1 aws_fms_resource_set -./resource.ps1 aws_gamelift_alias -./resource.ps1 aws_gamelift_build -./resource.ps1 aws_gamelift_fleet -./resource.ps1 aws_gamelift_game_server_group -./resource.ps1 aws_gamelift_game_session_queue -./resource.ps1 aws_gamelift_script -./resource.ps1 aws_globalaccelerator_accelerator -./resource.ps1 aws_globalaccelerator_cross_account_attachment -./resource.ps1 aws_globalaccelerator_custom_routing_accelerator -./resource.ps1 aws_globalaccelerator_custom_routing_endpoint_group -./resource.ps1 aws_globalaccelerator_custom_routing_listener -./resource.ps1 aws_globalaccelerator_endpoint_group -./resource.ps1 aws_globalaccelerator_listener -./resource.ps1 aws_glue_data_quality_ruleset -./resource.ps1 aws_glue_dev_endpoint -./resource.ps1 aws_glue_partition -./resource.ps1 aws_glue_partition_index -./resource.ps1 aws_grafana_license_association -./resource.ps1 aws_grafana_role_association -./resource.ps1 aws_grafana_workspace -./resource.ps1 aws_grafana_workspace_saml_configuration -./resource.ps1 aws_grafana_workspace_service_account -./resource.ps1 aws_grafana_workspace_service_account_token -./resource.ps1 aws_guardduty_detector -./resource.ps1 aws_guardduty_detector_feature -./resource.ps1 aws_guardduty_filter -./resource.ps1 aws_guardduty_invite_accepter -./resource.ps1 aws_guardduty_ipset -./resource.ps1 aws_guardduty_malware_protection_plan -./resource.ps1 aws_guardduty_member -./resource.ps1 aws_guardduty_organization_admin_account -./resource.ps1 aws_guardduty_organization_configuration -./resource.ps1 aws_guardduty_organization_configuration_feature -./resource.ps1 aws_guardduty_publishing_destination -./resource.ps1 aws_guardduty_threatintelset -./resource.ps1 aws_identitystore_group -./resource.ps1 aws_identitystore_group_membership -./resource.ps1 aws_identitystore_user -./resource.ps1 aws_imagebuilder_workflow -./resource.ps1 aws_internet_gateway_attachment -./resource.ps1 aws_iot_authorizer -./resource.ps1 aws_iot_billing_group -./resource.ps1 aws_iot_ca_certificate -./resource.ps1 aws_iot_certificate -./resource.ps1 aws_iot_domain_configuration -./resource.ps1 aws_iot_event_configurations -./resource.ps1 aws_iot_indexing_configuration -./resource.ps1 aws_iot_logging_options -./resource.ps1 aws_iot_policy -./resource.ps1 aws_iot_policy_attachment -./resource.ps1 aws_iot_provisioning_template -./resource.ps1 aws_iot_role_alias -./resource.ps1 aws_iot_thing -./resource.ps1 aws_iot_thing_group -./resource.ps1 aws_iot_thing_group_membership -./resource.ps1 aws_iot_thing_principal_attachment -./resource.ps1 aws_iot_thing_type -./resource.ps1 aws_iot_topic_rule -./resource.ps1 aws_iot_topic_rule_destination -./resource.ps1 aws_ivs_channel -./resource.ps1 aws_ivs_playback_key_pair -./resource.ps1 aws_ivs_recording_configuration -./resource.ps1 aws_ivschat_logging_configuration -./resource.ps1 aws_ivschat_room -./resource.ps1 aws_kendra_data_source -./resource.ps1 aws_kendra_experience -./resource.ps1 aws_kendra_faq -./resource.ps1 aws_kendra_index -./resource.ps1 aws_kendra_query_suggestions_block_list -./resource.ps1 aws_kendra_thesaurus -./resource.ps1 aws_keyspaces_keyspace -./resource.ps1 aws_keyspaces_table -./resource.ps1 aws_kinesis_analytics_application -./resource.ps1 aws_kinesis_resource_policy -./resource.ps1 aws_kinesisanalyticsv2_application -./resource.ps1 aws_kinesisanalyticsv2_application_snapshot -./resource.ps1 aws_lakeformation_data_cells_filter -./resource.ps1 aws_lakeformation_data_lake_settings -./resource.ps1 aws_lakeformation_lf_tag -./resource.ps1 aws_lakeformation_permissions -./resource.ps1 aws_lakeformation_resource -./resource.ps1 aws_lakeformation_resource_lf_tag -./resource.ps1 aws_lakeformation_resource_lf_tags -./resource.ps1 aws_lambda_runtime_management_config -./resource.ps1 aws_lb_listener_certificate -./resource.ps1 aws_lb_ssl_negotiation_policy -./resource.ps1 aws_lb_trust_store -./resource.ps1 aws_lb_trust_store_revocation -./resource.ps1 aws_lex_bot -./resource.ps1 aws_lex_bot_alias -./resource.ps1 aws_lex_intent -./resource.ps1 aws_lex_slot_type -./resource.ps1 aws_lexv2models_bot -./resource.ps1 aws_lexv2models_bot_locale -./resource.ps1 aws_lexv2models_bot_version -./resource.ps1 aws_lexv2models_intent -./resource.ps1 aws_lexv2models_slot -./resource.ps1 aws_lexv2models_slot_type -./resource.ps1 aws_licensemanager_association -./resource.ps1 aws_licensemanager_grant -./resource.ps1 aws_licensemanager_grant_accepter -./resource.ps1 aws_licensemanager_license_configuration -./resource.ps1 aws_lightsail_bucket -./resource.ps1 aws_lightsail_bucket_access_key_access_key -./resource.ps1 aws_lightsail_bucket_resource_access -./resource.ps1 aws_lightsail_certificate -./resource.ps1 aws_lightsail_container_service -./resource.ps1 aws_lightsail_container_service_deployment_version -./resource.ps1 aws_lightsail_database -./resource.ps1 aws_lightsail_disk -./resource.ps1 aws_lightsail_disk_attachment -./resource.ps1 aws_lightsail_distribution -./resource.ps1 aws_lightsail_domain -./resource.ps1 aws_lightsail_domain_entry -./resource.ps1 aws_lightsail_lb -./resource.ps1 aws_lightsail_lb_attachment -./resource.ps1 aws_lightsail_lb_certificate -./resource.ps1 aws_lightsail_lb_certificate_attachment -./resource.ps1 aws_lightsail_lb_https_redirection_policy -./resource.ps1 aws_lightsail_lb_stickiness_policy -./resource.ps1 aws_m2_application -./resource.ps1 aws_m2_deployment -./resource.ps1 aws_m2_environment -./resource.ps1 aws_macie2_account -./resource.ps1 aws_macie2_classification_export_configuration -./resource.ps1 aws_macie2_classification_job -./resource.ps1 aws_macie2_custom_data_identifier -./resource.ps1 aws_macie2_findings_filter -./resource.ps1 aws_macie2_invitation_accepter -./resource.ps1 aws_macie2_member -./resource.ps1 aws_macie2_organization_admin_account -./resource.ps1 aws_main_route_table_association -./resource.ps1 aws_media_package_channel -./resource.ps1 aws_media_store_container -./resource.ps1 aws_media_store_container_policy -./resource.ps1 aws_medialive_channel -./resource.ps1 aws_medialive_multiplex -./resource.ps1 aws_medialive_multiplex_program -./resource.ps1 aws_memorydb_acl -./resource.ps1 aws_memorydb_parameter_group -./resource.ps1 aws_memorydb_user -./resource.ps1 aws_msk_cluster_policy -./resource.ps1 aws_msk_replicator -./resource.ps1 aws_msk_vpc_connection -./resource.ps1 aws_mskconnect_connector -./resource.ps1 aws_mskconnect_custom_plugin -./resource.ps1 aws_mskconnect_worker_configuration -./resource.ps1 aws_mwaa_environment -./resource.ps1 aws_neptune_global_cluster -./resource.ps1 aws_network_acl_association -./resource.ps1 aws_network_interface_attachment -./resource.ps1 aws_network_interface_sg_attachment -./resource.ps1 aws_networkfirewall_tls_inspection_configuration -./resource.ps1 aws_networkmanager_attachment_accepter -./resource.ps1 aws_networkmanager_connect_attachment -./resource.ps1 aws_networkmanager_connect_peer -./resource.ps1 aws_networkmanager_connection -./resource.ps1 aws_networkmanager_core_network -./resource.ps1 aws_networkmanager_core_network_policy_attachment -./resource.ps1 aws_networkmanager_customer_gateway_association -./resource.ps1 aws_networkmanager_device -./resource.ps1 aws_networkmanager_global_network -./resource.ps1 aws_networkmanager_link -./resource.ps1 aws_networkmanager_link_association -./resource.ps1 aws_networkmanager_site -./resource.ps1 aws_networkmanager_site_to_site_vpn_attachment -./resource.ps1 aws_networkmanager_transit_gateway_connect_peer_association -./resource.ps1 aws_networkmanager_transit_gateway_peering -./resource.ps1 aws_networkmanager_transit_gateway_registration -./resource.ps1 aws_networkmanager_transit_gateway_route_table_attachment -./resource.ps1 aws_networkmanager_vpc_attachment -./resource.ps1 aws_networkmonitor_monitor -./resource.ps1 aws_networkmonitor_probe -./resource.ps1 aws_opensearch_domain_saml_options -./resource.ps1 aws_opensearch_inbound_connection_accepter -./resource.ps1 aws_opensearch_outbound_connection -./resource.ps1 aws_opensearch_package -./resource.ps1 aws_opensearch_package_association -./resource.ps1 aws_opensearch_vpc_endpoint -./resource.ps1 aws_opsworks_application -./resource.ps1 aws_opsworks_custom_layer -./resource.ps1 aws_opsworks_ecs_cluster_layer -./resource.ps1 aws_opsworks_ganglia_layer -./resource.ps1 aws_opsworks_haproxy_layer -./resource.ps1 aws_opsworks_instance -./resource.ps1 aws_opsworks_java_app_layer -./resource.ps1 aws_opsworks_memcached_layer -./resource.ps1 aws_opsworks_mysql_layer -./resource.ps1 aws_opsworks_nodejs_app_layer -./resource.ps1 aws_opsworks_permission -./resource.ps1 aws_opsworks_php_app_layer -./resource.ps1 aws_opsworks_rails_app_layer -./resource.ps1 aws_opsworks_rds_db_instance -./resource.ps1 aws_opsworks_stack -./resource.ps1 aws_opsworks_static_web_layer -./resource.ps1 aws_opsworks_user_profile -./resource.ps1 aws_organizations_account -./resource.ps1 aws_organizations_delegated_administrator -./resource.ps1 aws_organizations_organization -./resource.ps1 aws_organizations_organizational_unit -./resource.ps1 aws_organizations_resource_policy -./resource.ps1 aws_osis_pipeline -./resource.ps1 aws_paymentcryptography_key -./resource.ps1 aws_paymentcryptography_key_alias -./resource.ps1 aws_pinpoint_adm_channel -./resource.ps1 aws_pinpoint_apns_channel -./resource.ps1 aws_pinpoint_apns_sandbox_channel -./resource.ps1 aws_pinpoint_apns_voip_channel -./resource.ps1 aws_pinpoint_apns_voip_sandbox_channel -./resource.ps1 aws_pinpoint_app -./resource.ps1 aws_pinpoint_baidu_channel -./resource.ps1 aws_pinpoint_email_channel -./resource.ps1 aws_pinpoint_event_stream -./resource.ps1 aws_pinpoint_gcm_channel -./resource.ps1 aws_pinpoint_sms_channel -./resource.ps1 aws_pipes_pipe -./resource.ps1 aws_prometheus_alert_manager_definition -./resource.ps1 aws_prometheus_rule_group_namespace -./resource.ps1 aws_prometheus_scraper -./resource.ps1 aws_prometheus_workspace -./resource.ps1 aws_qldb_ledger -./resource.ps1 aws_qldb_stream -./resource.ps1 aws_quicksight_account_subscription -./resource.ps1 aws_quicksight_analysis -./resource.ps1 aws_quicksight_dashboard -./resource.ps1 aws_quicksight_data_set -./resource.ps1 aws_quicksight_data_source -./resource.ps1 aws_quicksight_folder -./resource.ps1 aws_quicksight_folder_membership -./resource.ps1 aws_quicksight_group -./resource.ps1 aws_quicksight_group_membership -./resource.ps1 aws_quicksight_iam_policy_assignment -./resource.ps1 aws_quicksight_ingestion -./resource.ps1 aws_quicksight_namespace -./resource.ps1 aws_quicksight_refresh_schedule -./resource.ps1 aws_quicksight_template -./resource.ps1 aws_quicksight_template_alias -./resource.ps1 aws_quicksight_theme -./resource.ps1 aws_quicksight_user -./resource.ps1 aws_quicksight_vpc_connection -./resource.ps1 aws_ram_resource_share_accepter -./resource.ps1 aws_ram_sharing_with_organization -./resource.ps1 aws_rbin_rule -./resource.ps1 aws_rds_certificate -./resource.ps1 aws_rds_custom_db_engine_version -./resource.ps1 aws_rds_export_task -./resource.ps1 aws_rds_reserved_instance -./resource.ps1 aws_redshift_cluster_snapshot -./resource.ps1 aws_redshift_data_share_authorization -./resource.ps1 aws_redshift_data_share_consumer_association -./resource.ps1 aws_redshift_endpoint_access -./resource.ps1 aws_redshift_endpoint_authorization -./resource.ps1 aws_redshift_logging -./resource.ps1 aws_redshift_partner -./resource.ps1 aws_redshift_resource_policy -./resource.ps1 aws_redshift_snapshot_copy -./resource.ps1 aws_redshiftdata_statement -./resource.ps1 aws_redshiftserverless_custom_domain_association -./resource.ps1 aws_redshiftserverless_endpoint_access -./resource.ps1 aws_redshiftserverless_namespace -./resource.ps1 aws_redshiftserverless_resource_policy -./resource.ps1 aws_redshiftserverless_snapshot -./resource.ps1 aws_redshiftserverless_usage_limit -./resource.ps1 aws_redshiftserverless_workgroup -./resource.ps1 aws_rekognition_collection -./resource.ps1 aws_rekognition_project -./resource.ps1 aws_rekognition_stream_processor -./resource.ps1 aws_resourceexplorer2_index -./resource.ps1 aws_resourceexplorer2_view -./resource.ps1 aws_resourcegroups_resource -./resource.ps1 aws_rolesanywhere_profile -./resource.ps1 aws_rolesanywhere_trust_anchor -./resource.ps1 aws_route53domains_delegation_signer_record -./resource.ps1 aws_route53domains_registered_domain -./resource.ps1 aws_route53recoverycontrolconfig_cluster -./resource.ps1 aws_route53recoverycontrolconfig_control_panel -./resource.ps1 aws_route53recoverycontrolconfig_routing_control -./resource.ps1 aws_route53recoverycontrolconfig_safety_rule -./resource.ps1 aws_route53recoveryreadiness_cell -./resource.ps1 aws_route53recoveryreadiness_readiness_check -./resource.ps1 aws_route53recoveryreadiness_recovery_group -./resource.ps1 aws_route53recoveryreadiness_resource_set -./resource.ps1 aws_rum_app_monitor -./resource.ps1 aws_rum_metrics_destination -./resource.ps1 aws_s3_access_point -./resource.ps1 aws_s3_account_public_access_block -./resource.ps1 aws_s3_bucket_analytics_configuration -./resource.ps1 aws_s3_directory_bucket -./resource.ps1 aws_s3_object_copy -./resource.ps1 aws_s3control_access_grant -./resource.ps1 aws_s3control_access_grants_instance -./resource.ps1 aws_s3control_access_grants_instance_resource_policy -./resource.ps1 aws_s3control_access_grants_location -./resource.ps1 aws_s3control_access_point_policy -./resource.ps1 aws_s3control_bucket -./resource.ps1 aws_s3control_bucket_lifecycle_configuration -./resource.ps1 aws_s3control_bucket_policy -./resource.ps1 aws_s3control_multi_region_access_point -./resource.ps1 aws_s3control_multi_region_access_point_policy -./resource.ps1 aws_s3control_object_lambda_access_point -./resource.ps1 aws_s3control_object_lambda_access_point_policy -./resource.ps1 aws_s3control_storage_lens_configuration -./resource.ps1 aws_s3outposts_endpoint -./resource.ps1 aws_sagemaker_flow_definition -./resource.ps1 aws_sagemaker_human_task_ui -./resource.ps1 aws_scheduler_schedule -./resource.ps1 aws_scheduler_schedule_group -./resource.ps1 aws_schemas_discoverer -./resource.ps1 aws_schemas_registry -./resource.ps1 aws_schemas_registry_policy -./resource.ps1 aws_schemas_schema -./resource.ps1 aws_securityhub_account -./resource.ps1 aws_securityhub_action_target -./resource.ps1 aws_securityhub_automation_rule -./resource.ps1 aws_securityhub_configuration_policy -./resource.ps1 aws_securityhub_configuration_policy_association -./resource.ps1 aws_securityhub_finding_aggregator -./resource.ps1 aws_securityhub_insight -./resource.ps1 aws_securityhub_invite_accepter -./resource.ps1 aws_securityhub_member -./resource.ps1 aws_securityhub_organization_admin_account -./resource.ps1 aws_securityhub_organization_configuration -./resource.ps1 aws_securityhub_product_subscription -./resource.ps1 aws_securityhub_standards_control -./resource.ps1 aws_securityhub_standards_subscription -./resource.ps1 aws_securitylake_aws_log_source -./resource.ps1 aws_securitylake_custom_log_source -./resource.ps1 aws_securitylake_data_lake -./resource.ps1 aws_securitylake_subscriber -./resource.ps1 aws_securitylake_subscriber_notification -./resource.ps1 aws_serverlessapplicationrepository_cloudformation_stack -./resource.ps1 aws_service_discovery_http_namespace -./resource.ps1 aws_service_discovery_instance -./resource.ps1 aws_service_discovery_private_dns_namespace -./resource.ps1 aws_service_discovery_public_dns_namespace -./resource.ps1 aws_service_discovery_service -./resource.ps1 aws_servicecatalog_provisioning_artifact -./resource.ps1 aws_servicecatalogappregistry_application -./resource.ps1 aws_sesv2_account_vdm_attributes -./resource.ps1 aws_sesv2_configuration_set -./resource.ps1 aws_sesv2_configuration_set_event_destination -./resource.ps1 aws_sesv2_contact_list -./resource.ps1 aws_sesv2_dedicated_ip_assignment -./resource.ps1 aws_sesv2_dedicated_ip_pool -./resource.ps1 aws_sesv2_email_identity -./resource.ps1 aws_sesv2_email_identity_feedback_attributes -./resource.ps1 aws_sesv2_email_identity_mail_from_attributes -./resource.ps1 aws_sesv2_email_identity_policy -./resource.ps1 aws_shield_application_layer_automatic_response -./resource.ps1 aws_shield_drt_access_log_bucket_association -./resource.ps1 aws_shield_drt_access_role_arn_association -./resource.ps1 aws_shield_proactive_engagement -./resource.ps1 aws_shield_protection -./resource.ps1 aws_shield_protection_group -./resource.ps1 aws_shield_protection_health_check_association -./resource.ps1 aws_shield_subscription -./resource.ps1 aws_spot_datafeed_subscription -./resource.ps1 aws_spot_fleet_request -./resource.ps1 aws_ssm_activation -./resource.ps1 aws_ssm_association -./resource.ps1 aws_ssm_default_patch_baseline -./resource.ps1 aws_ssm_resource_data_sync -./resource.ps1 aws_ssm_service_setting -./resource.ps1 aws_ssmcontacts_rotation -./resource.ps1 aws_ssmincidents_response_plan -./resource.ps1 aws_ssoadmin_account_assignment -./resource.ps1 aws_ssoadmin_application -./resource.ps1 aws_ssoadmin_application_access_scope -./resource.ps1 aws_ssoadmin_application_assignment -./resource.ps1 aws_ssoadmin_application_assignment_configuration -./resource.ps1 aws_ssoadmin_customer_managed_policy_attachment -./resource.ps1 aws_ssoadmin_instance_access_control_attributes -./resource.ps1 aws_ssoadmin_managed_policy_attachment -./resource.ps1 aws_ssoadmin_permission_set -./resource.ps1 aws_ssoadmin_permission_set_inline_policy -./resource.ps1 aws_ssoadmin_permissions_boundary_attachment -./resource.ps1 aws_ssoadmin_trusted_token_issuer -./resource.ps1 aws_timestreaminfluxdb_db_instance -./resource.ps1 aws_transfer_access -./resource.ps1 aws_transfer_agreement -./resource.ps1 aws_transfer_certificate -./resource.ps1 aws_transfer_connector -./resource.ps1 aws_transfer_profile -./resource.ps1 aws_transfer_server -./resource.ps1 aws_transfer_ssh_key -./resource.ps1 aws_transfer_tag -./resource.ps1 aws_transfer_user -./resource.ps1 aws_transfer_workflow -./resource.ps1 aws_verifiedaccess_instance_trust_provider_attachment -./resource.ps1 aws_verifiedpermissions_identity_source -./resource.ps1 aws_verifiedpermissions_policy -./resource.ps1 aws_verifiedpermissions_policy_store -./resource.ps1 aws_verifiedpermissions_policy_template -./resource.ps1 aws_verifiedpermissions_schema -./resource.ps1 aws_vpc_endpoint_connection_accepter -./resource.ps1 aws_vpc_endpoint_connection_notification -./resource.ps1 aws_vpc_endpoint_policy -./resource.ps1 aws_vpc_endpoint_private_dns -./resource.ps1 aws_vpc_endpoint_security_group_association -./resource.ps1 aws_vpc_endpoint_service_allowed_principal -./resource.ps1 aws_vpc_endpoint_service_private_dns_verification -./resource.ps1 aws_vpc_ipam_organization_admin_account -./resource.ps1 aws_vpc_ipv6_cidr_block_association -./resource.ps1 aws_vpc_network_performance_metric_subscription -./resource.ps1 aws_vpn_connection_route -./resource.ps1 aws_wafregional_web_acl_association -./resource.ps1 aws_worklink_fleet -./resource.ps1 aws_worklink_website_certificate_authority_association +```shell +./resource.ps1 aws_appsync_api +./resource.ps1 aws_appsync_channel_namespace +./resource.ps1 aws_bedrockagent_flow +./resource.ps1 aws_bedrockagentcore_agent_runtime +./resource.ps1 aws_bedrockagentcore_agent_runtime_endpoint +./resource.ps1 aws_bedrockagentcore_api_key_credential_provider +./resource.ps1 aws_bedrockagentcore_browser +./resource.ps1 aws_bedrockagentcore_code_interpreter +./resource.ps1 aws_bedrockagentcore_gateway +./resource.ps1 aws_bedrockagentcore_gateway_target +./resource.ps1 aws_bedrockagentcore_memory +./resource.ps1 aws_bedrockagentcore_memory_strategy +./resource.ps1 aws_bedrockagentcore_oauth2_credential_provider +./resource.ps1 aws_bedrockagentcore_token_vault_cmk +./resource.ps1 aws_bedrockagentcore_workload_identity +./resource.ps1 aws_cognito_log_delivery_configuration +./resource.ps1 aws_cognito_managed_login_branding +./resource.ps1 aws_connect_phone_number_contact_flow_association +./resource.ps1 aws_controltower_baseline +./resource.ps1 aws_ec2_allowed_images_settings +./resource.ps1 aws_fis_target_account_configuration +./resource.ps1 aws_fsx_s3_access_point_attachment +./resource.ps1 aws_invoicing_invoice_unit +./resource.ps1 aws_lakeformation_identity_center_configuration +./resource.ps1 aws_lakeformation_lf_tag_expression +./resource.ps1 aws_nat_gateway_eip_association +./resource.ps1 aws_networkfirewall_firewall_transit_gateway_attachment_accepter +./resource.ps1 aws_networkfirewall_vpc_endpoint_association +./resource.ps1 aws_networkflowmonitor_monitor +./resource.ps1 aws_networkflowmonitor_scope +./resource.ps1 aws_observabilityadmin_centralization_rule_for_organization +./resource.ps1 aws_odb_cloud_autonomous_vm_cluster +./resource.ps1 aws_odb_cloud_exadata_infrastructure +./resource.ps1 aws_odb_cloud_vm_cluster +./resource.ps1 aws_odb_network +./resource.ps1 aws_odb_network_peering_connection +./resource.ps1 aws_prometheus_query_logging_configuration +./resource.ps1 aws_prometheus_resource_policy +./resource.ps1 aws_quicksight_custom_permissions +./resource.ps1 aws_quicksight_ip_restriction +./resource.ps1 aws_quicksight_key_registration +./resource.ps1 aws_quicksight_role_custom_permission +./resource.ps1 aws_quicksight_user_custom_permission +./resource.ps1 aws_s3_bucket_metadata_configuration +./resource.ps1 aws_timestreaminfluxdb_db_cluster +./resource.ps1 aws_transfer_host_key +./resource.ps1 aws_transfer_web_app +./resource.ps1 aws_transfer_web_app_customization +./resource.ps1 aws_vpc_route_server_endpoint +./resource.ps1 aws_vpc_route_server_peer +./resource.ps1 aws_wafv2_web_acl_rule_group_association +./resource.ps1 aws_workspacesweb_browser_settings_association +./resource.ps1 aws_workspacesweb_data_protection_settings_association +./resource.ps1 aws_workspacesweb_identity_provider +./resource.ps1 aws_workspacesweb_ip_access_settings_association +./resource.ps1 aws_workspacesweb_network_settings_association +./resource.ps1 aws_workspacesweb_portal +./resource.ps1 aws_workspacesweb_session_logger +./resource.ps1 aws_workspacesweb_session_logger_association +./resource.ps1 aws_workspacesweb_trust_store +./resource.ps1 aws_workspacesweb_trust_store_association +./resource.ps1 aws_workspacesweb_user_access_logging_settings_association +./resource.ps1 aws_workspacesweb_user_settings_association +``` diff --git a/src/coverage/azure.md b/src/coverage/azure.md index b8735b53..c991e42e 100755 --- a/src/coverage/azure.md +++ b/src/coverage/azure.md @@ -1,13 +1,20 @@ -# todo azure +# Azure Resource Status -Resource percentage coverage 4.85 -Datasource percentage coverage 37.84 +| Terraform | Coverage % | Resources | Total Resources | +|------------|------------|-----------|-----------------| +| Resources | 4.39 | 49 | 1115 | +| Datasource | 30.65 | 122 | 398 | +```shell ./resource.ps1 azurerm_aadb2c_directory ./resource.ps1 azurerm_active_directory_domain_service ./resource.ps1 azurerm_active_directory_domain_service_replica_set ./resource.ps1 azurerm_active_directory_domain_service_trust ./resource.ps1 azurerm_advanced_threat_protection +./resource.ps1 azurerm_advisor_suppression +./resource.ps1 azurerm_ai_foundry +./resource.ps1 azurerm_ai_foundry_project +./resource.ps1 azurerm_ai_services ./resource.ps1 azurerm_analysis_services_server ./resource.ps1 azurerm_api_connection ./resource.ps1 azurerm_api_management_api @@ -53,9 +60,15 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_api_management_product_policy ./resource.ps1 azurerm_api_management_product_tag ./resource.ps1 azurerm_api_management_redis_cache +./resource.ps1 azurerm_api_management_standalone_gateway ./resource.ps1 azurerm_api_management_subscription ./resource.ps1 azurerm_api_management_tag ./resource.ps1 azurerm_api_management_user +./resource.ps1 azurerm_api_management_workspace +./resource.ps1 azurerm_api_management_workspace_api_version_set +./resource.ps1 azurerm_api_management_workspace_certificate +./resource.ps1 azurerm_api_management_workspace_policy +./resource.ps1 azurerm_api_management_workspace_policy_fragment ./resource.ps1 azurerm_app_configuration_feature ./resource.ps1 azurerm_app_configuration_key ./resource.ps1 azurerm_app_service_active_slot @@ -64,7 +77,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_app_service_certificate_order ./resource.ps1 azurerm_app_service_connection ./resource.ps1 azurerm_app_service_custom_hostname_binding -./resource.ps1 azurerm_app_service_environment ./resource.ps1 azurerm_app_service_environment_v3 ./resource.ps1 azurerm_app_service_hybrid_connection ./resource.ps1 azurerm_app_service_managed_certificate @@ -85,11 +97,15 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_application_insights_workbook_template ./resource.ps1 azurerm_application_load_balancer ./resource.ps1 azurerm_application_load_balancer_frontend +./resource.ps1 azurerm_application_load_balancer_security_policy ./resource.ps1 azurerm_application_load_balancer_subnet_association ./resource.ps1 azurerm_application_security_group ./resource.ps1 azurerm_arc_kubernetes_cluster ./resource.ps1 azurerm_arc_kubernetes_cluster_extension ./resource.ps1 azurerm_arc_kubernetes_flux_configuration +./resource.ps1 azurerm_arc_kubernetes_provisioned_cluster +./resource.ps1 azurerm_arc_machine +./resource.ps1 azurerm_arc_machine_automanage_configuration_assignment ./resource.ps1 azurerm_arc_machine_extension ./resource.ps1 azurerm_arc_private_link_scope ./resource.ps1 azurerm_arc_resource_bridge_appliance @@ -163,7 +179,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_cdn_frontdoor_origin_group ./resource.ps1 azurerm_cdn_frontdoor_profile ./resource.ps1 azurerm_cdn_frontdoor_route -./resource.ps1 azurerm_cdn_frontdoor_route_disable_link_to_default_domain ./resource.ps1 azurerm_cdn_frontdoor_rule ./resource.ps1 azurerm_cdn_frontdoor_rule_set ./resource.ps1 azurerm_cdn_frontdoor_secret @@ -173,8 +188,11 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_chaos_studio_experiment ./resource.ps1 azurerm_chaos_studio_target ./resource.ps1 azurerm_cognitive_account_customer_managed_key +./resource.ps1 azurerm_cognitive_account_rai_blocklist +./resource.ps1 azurerm_cognitive_account_rai_policy ./resource.ps1 azurerm_cognitive_deployment ./resource.ps1 azurerm_communication_service +./resource.ps1 azurerm_communication_service_email_domain_association ./resource.ps1 azurerm_confidential_ledger ./resource.ps1 azurerm_consumption_budget_management_group ./resource.ps1 azurerm_consumption_budget_resource_group @@ -191,6 +209,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_container_group ./resource.ps1 azurerm_container_registry_agent_pool ./resource.ps1 azurerm_container_registry_cache_rule +./resource.ps1 azurerm_container_registry_credential_set ./resource.ps1 azurerm_container_registry_scope_map ./resource.ps1 azurerm_container_registry_task ./resource.ps1 azurerm_container_registry_task_schedule_run_now @@ -207,7 +226,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_cosmosdb_mongo_database ./resource.ps1 azurerm_cosmosdb_mongo_role_definition ./resource.ps1 azurerm_cosmosdb_mongo_user_definition -./resource.ps1 azurerm_cosmosdb_notebook_workspace ./resource.ps1 azurerm_cosmosdb_postgresql_cluster ./resource.ps1 azurerm_cosmosdb_postgresql_coordinator_configuration ./resource.ps1 azurerm_cosmosdb_postgresql_firewall_rule @@ -227,10 +245,12 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_custom_provider ./resource.ps1 azurerm_dashboard ./resource.ps1 azurerm_dashboard_grafana +./resource.ps1 azurerm_dashboard_grafana_managed_private_endpoint ./resource.ps1 azurerm_data_factory ./resource.ps1 azurerm_data_factory_credential_service_principal ./resource.ps1 azurerm_data_factory_credential_user_managed_identity ./resource.ps1 azurerm_data_factory_custom_dataset +./resource.ps1 azurerm_data_factory_customer_managed_key ./resource.ps1 azurerm_data_factory_data_flow ./resource.ps1 azurerm_data_factory_dataset_azure_blob ./resource.ps1 azurerm_data_factory_dataset_azure_sql_table @@ -247,7 +267,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_data_factory_flowlet_data_flow ./resource.ps1 azurerm_data_factory_integration_runtime_azure ./resource.ps1 azurerm_data_factory_integration_runtime_azure_ssis -./resource.ps1 azurerm_data_factory_integration_runtime_managed ./resource.ps1 azurerm_data_factory_integration_runtime_self_hosted ./resource.ps1 azurerm_data_factory_linked_custom_service ./resource.ps1 azurerm_data_factory_linked_service_azure_blob_storage @@ -280,14 +299,17 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_data_protection_backup_instance_blob_storage ./resource.ps1 azurerm_data_protection_backup_instance_disk ./resource.ps1 azurerm_data_protection_backup_instance_kubernetes_cluster +./resource.ps1 azurerm_data_protection_backup_instance_mysql_flexible_server ./resource.ps1 azurerm_data_protection_backup_instance_postgresql ./resource.ps1 azurerm_data_protection_backup_instance_postgresql_flexible_server ./resource.ps1 azurerm_data_protection_backup_policy_blob_storage ./resource.ps1 azurerm_data_protection_backup_policy_disk ./resource.ps1 azurerm_data_protection_backup_policy_kubernetes_cluster +./resource.ps1 azurerm_data_protection_backup_policy_mysql_flexible_server ./resource.ps1 azurerm_data_protection_backup_policy_postgresql ./resource.ps1 azurerm_data_protection_backup_policy_postgresql_flexible_server ./resource.ps1 azurerm_data_protection_backup_vault +./resource.ps1 azurerm_data_protection_backup_vault_customer_managed_key ./resource.ps1 azurerm_data_protection_resource_guard ./resource.ps1 azurerm_data_share ./resource.ps1 azurerm_data_share_account @@ -298,7 +320,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_database_migration_project ./resource.ps1 azurerm_database_migration_service ./resource.ps1 azurerm_databox_edge_device -./resource.ps1 azurerm_databox_edge_order ./resource.ps1 azurerm_databricks_access_connector ./resource.ps1 azurerm_databricks_virtual_network_peering ./resource.ps1 azurerm_databricks_workspace @@ -310,22 +331,21 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_dedicated_host ./resource.ps1 azurerm_dedicated_host_group ./resource.ps1 azurerm_dev_center +./resource.ps1 azurerm_dev_center_attached_network ./resource.ps1 azurerm_dev_center_catalog ./resource.ps1 azurerm_dev_center_dev_box_definition ./resource.ps1 azurerm_dev_center_environment_type ./resource.ps1 azurerm_dev_center_gallery ./resource.ps1 azurerm_dev_center_network_connection ./resource.ps1 azurerm_dev_center_project +./resource.ps1 azurerm_dev_center_project_environment_type +./resource.ps1 azurerm_dev_center_project_pool ./resource.ps1 azurerm_digital_twins_endpoint_eventgrid ./resource.ps1 azurerm_digital_twins_endpoint_eventhub ./resource.ps1 azurerm_digital_twins_endpoint_servicebus ./resource.ps1 azurerm_digital_twins_instance ./resource.ps1 azurerm_digital_twins_time_series_database_connection ./resource.ps1 azurerm_disk_access -./resource.ps1 azurerm_disk_pool -./resource.ps1 azurerm_disk_pool_iscsi_target -./resource.ps1 azurerm_disk_pool_iscsi_target_lun -./resource.ps1 azurerm_disk_pool_managed_disk_attachment ./resource.ps1 azurerm_dns_a_record ./resource.ps1 azurerm_dns_aaaa_record ./resource.ps1 azurerm_dns_caa_record @@ -335,15 +355,22 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_dns_ptr_record ./resource.ps1 azurerm_dns_srv_record ./resource.ps1 azurerm_dns_txt_record +./resource.ps1 azurerm_dynatrace_monitor +./resource.ps1 azurerm_dynatrace_tag_rules ./resource.ps1 azurerm_elastic_cloud_elasticsearch ./resource.ps1 azurerm_elastic_san ./resource.ps1 azurerm_elastic_san_volume ./resource.ps1 azurerm_elastic_san_volume_group ./resource.ps1 azurerm_email_communication_service ./resource.ps1 azurerm_email_communication_service_domain +./resource.ps1 azurerm_email_communication_service_domain_sender_username ./resource.ps1 azurerm_eventgrid_domain ./resource.ps1 azurerm_eventgrid_domain_topic ./resource.ps1 azurerm_eventgrid_event_subscription +./resource.ps1 azurerm_eventgrid_namespace +./resource.ps1 azurerm_eventgrid_partner_configuration +./resource.ps1 azurerm_eventgrid_partner_namespace +./resource.ps1 azurerm_eventgrid_partner_registration ./resource.ps1 azurerm_eventgrid_system_topic ./resource.ps1 azurerm_eventgrid_system_topic_event_subscription ./resource.ps1 azurerm_eventgrid_topic @@ -364,6 +391,8 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_express_route_gateway ./resource.ps1 azurerm_express_route_port ./resource.ps1 azurerm_express_route_port_authorization +./resource.ps1 azurerm_extended_location_custom_location +./resource.ps1 azurerm_fabric_capacity ./resource.ps1 azurerm_federated_identity_credential ./resource.ps1 azurerm_firewall ./resource.ps1 azurerm_firewall_application_rule_collection @@ -379,12 +408,12 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_function_app ./resource.ps1 azurerm_function_app_active_slot ./resource.ps1 azurerm_function_app_connection +./resource.ps1 azurerm_function_app_flex_consumption ./resource.ps1 azurerm_function_app_function ./resource.ps1 azurerm_function_app_hybrid_connection ./resource.ps1 azurerm_function_app_slot ./resource.ps1 azurerm_gallery_application ./resource.ps1 azurerm_gallery_application_version -./resource.ps1 azurerm_graph_account ./resource.ps1 azurerm_graph_services_account ./resource.ps1 azurerm_hdinsight_hadoop_cluster ./resource.ps1 azurerm_hdinsight_hbase_cluster @@ -404,15 +433,8 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_hpc_cache_blob_target ./resource.ps1 azurerm_hpc_cache_nfs_target ./resource.ps1 azurerm_image -./resource.ps1 azurerm_integration_service_environment ./resource.ps1 azurerm_iot_security_device_group ./resource.ps1 azurerm_iot_security_solution -./resource.ps1 azurerm_iot_time_series_insights_access_policy -./resource.ps1 azurerm_iot_time_series_insights_event_source_eventhub -./resource.ps1 azurerm_iot_time_series_insights_event_source_iothub -./resource.ps1 azurerm_iot_time_series_insights_gen2_environment -./resource.ps1 azurerm_iot_time_series_insights_reference_data_set -./resource.ps1 azurerm_iot_time_series_insights_standard_environment ./resource.ps1 azurerm_iotcentral_application ./resource.ps1 azurerm_iotcentral_application_network_rule_set ./resource.ps1 azurerm_iotcentral_organization @@ -441,6 +463,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_key_vault_certificate_issuer ./resource.ps1 azurerm_key_vault_managed_hardware_security_module ./resource.ps1 azurerm_key_vault_managed_hardware_security_module_key +./resource.ps1 azurerm_key_vault_managed_hardware_security_module_key_rotation_policy ./resource.ps1 azurerm_key_vault_managed_hardware_security_module_role_assignment ./resource.ps1 azurerm_key_vault_managed_hardware_security_module_role_definition ./resource.ps1 azurerm_key_vault_managed_storage_account @@ -467,10 +490,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_kusto_eventhub_data_connection ./resource.ps1 azurerm_kusto_iothub_data_connection ./resource.ps1 azurerm_kusto_script -./resource.ps1 azurerm_lab_service_lab -./resource.ps1 azurerm_lab_service_plan -./resource.ps1 azurerm_lab_service_schedule -./resource.ps1 azurerm_lab_service_user ./resource.ps1 azurerm_lb ./resource.ps1 azurerm_lb_backend_address_pool ./resource.ps1 azurerm_lb_backend_address_pool_address @@ -514,10 +533,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_logic_app_trigger_http_request ./resource.ps1 azurerm_logic_app_trigger_recurrence ./resource.ps1 azurerm_logic_app_workflow -./resource.ps1 azurerm_logz_monitor -./resource.ps1 azurerm_logz_sub_account -./resource.ps1 azurerm_logz_sub_account_tag_rule -./resource.ps1 azurerm_logz_tag_rule ./resource.ps1 azurerm_machine_learning_compute_cluster ./resource.ps1 azurerm_machine_learning_compute_instance ./resource.ps1 azurerm_machine_learning_datastore_blobstorage @@ -526,6 +541,9 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_machine_learning_inference_cluster ./resource.ps1 azurerm_machine_learning_synapse_spark ./resource.ps1 azurerm_machine_learning_workspace +./resource.ps1 azurerm_machine_learning_workspace_network_outbound_rule_fqdn +./resource.ps1 azurerm_machine_learning_workspace_network_outbound_rule_private_endpoint +./resource.ps1 azurerm_machine_learning_workspace_network_outbound_rule_service_tag ./resource.ps1 azurerm_maintenance_assignment_dedicated_host ./resource.ps1 azurerm_maintenance_assignment_dynamic_scope ./resource.ps1 azurerm_maintenance_assignment_virtual_machine @@ -535,28 +553,20 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_managed_application_definition ./resource.ps1 azurerm_managed_disk_sas_token ./resource.ps1 azurerm_managed_lustre_file_system +./resource.ps1 azurerm_managed_redis +./resource.ps1 azurerm_managed_redis_geo_replication ./resource.ps1 azurerm_management_group_policy_assignment ./resource.ps1 azurerm_management_group_policy_exemption ./resource.ps1 azurerm_management_group_policy_remediation +./resource.ps1 azurerm_management_group_policy_set_definition ./resource.ps1 azurerm_management_group_subscription_association ./resource.ps1 azurerm_management_group_template_deployment ./resource.ps1 azurerm_management_lock ./resource.ps1 azurerm_maps_account ./resource.ps1 azurerm_maps_creator -./resource.ps1 azurerm_mariadb_virtual_network_rule ./resource.ps1 azurerm_marketplace_agreement ./resource.ps1 azurerm_marketplace_role_assignment -./resource.ps1 azurerm_media_asset -./resource.ps1 azurerm_media_asset_filter -./resource.ps1 azurerm_media_content_key_policy -./resource.ps1 azurerm_media_job -./resource.ps1 azurerm_media_live_event -./resource.ps1 azurerm_media_live_event_output ./resource.ps1 azurerm_media_services_account -./resource.ps1 azurerm_media_services_account_filter -./resource.ps1 azurerm_media_streaming_endpoint -./resource.ps1 azurerm_media_streaming_locator -./resource.ps1 azurerm_media_streaming_policy ./resource.ps1 azurerm_media_transform ./resource.ps1 azurerm_mobile_network ./resource.ps1 azurerm_mobile_network_attached_data_network @@ -569,10 +579,10 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_mobile_network_sim_policy ./resource.ps1 azurerm_mobile_network_site ./resource.ps1 azurerm_mobile_network_slice +./resource.ps1 azurerm_mongo_cluster +./resource.ps1 azurerm_mongo_cluster_firewall_rule ./resource.ps1 azurerm_monitor_aad_diagnostic_setting ./resource.ps1 azurerm_monitor_action_group -./resource.ps1 azurerm_monitor_action_rule_action_group -./resource.ps1 azurerm_monitor_action_rule_suppression ./resource.ps1 azurerm_monitor_activity_log_alert ./resource.ps1 azurerm_monitor_alert_processing_rule_action_group ./resource.ps1 azurerm_monitor_alert_processing_rule_suppression @@ -582,7 +592,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_monitor_data_collection_rule ./resource.ps1 azurerm_monitor_data_collection_rule_association ./resource.ps1 azurerm_monitor_diagnostic_setting -./resource.ps1 azurerm_monitor_log_profile ./resource.ps1 azurerm_monitor_metric_alert ./resource.ps1 azurerm_monitor_private_link_scope ./resource.ps1 azurerm_monitor_private_link_scoped_service @@ -597,13 +606,18 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_mssql_elasticpool ./resource.ps1 azurerm_mssql_failover_group ./resource.ps1 azurerm_mssql_firewall_rule +./resource.ps1 azurerm_mssql_job ./resource.ps1 azurerm_mssql_job_agent ./resource.ps1 azurerm_mssql_job_credential +./resource.ps1 azurerm_mssql_job_schedule +./resource.ps1 azurerm_mssql_job_step +./resource.ps1 azurerm_mssql_job_target_group ./resource.ps1 azurerm_mssql_managed_database ./resource.ps1 azurerm_mssql_managed_instance ./resource.ps1 azurerm_mssql_managed_instance_active_directory_administrator ./resource.ps1 azurerm_mssql_managed_instance_failover_group ./resource.ps1 azurerm_mssql_managed_instance_security_alert_policy +./resource.ps1 azurerm_mssql_managed_instance_start_stop_schedule ./resource.ps1 azurerm_mssql_managed_instance_transparent_data_encryption ./resource.ps1 azurerm_mssql_managed_instance_vulnerability_assessment ./resource.ps1 azurerm_mssql_outbound_firewall_rule @@ -618,27 +632,23 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_mssql_virtual_machine_availability_group_listener ./resource.ps1 azurerm_mssql_virtual_machine_group ./resource.ps1 azurerm_mssql_virtual_network_rule -./resource.ps1 azurerm_mysql_active_directory_administrator -./resource.ps1 azurerm_mysql_configuration -./resource.ps1 azurerm_mysql_database -./resource.ps1 azurerm_mysql_firewall_rule ./resource.ps1 azurerm_mysql_flexible_database ./resource.ps1 azurerm_mysql_flexible_server ./resource.ps1 azurerm_mysql_flexible_server_active_directory_administrator ./resource.ps1 azurerm_mysql_flexible_server_configuration ./resource.ps1 azurerm_mysql_flexible_server_firewall_rule -./resource.ps1 azurerm_mysql_server -./resource.ps1 azurerm_mysql_server_key -./resource.ps1 azurerm_mysql_virtual_network_rule ./resource.ps1 azurerm_nat_gateway ./resource.ps1 azurerm_nat_gateway_public_ip_association ./resource.ps1 azurerm_nat_gateway_public_ip_prefix_association ./resource.ps1 azurerm_netapp_account ./resource.ps1 azurerm_netapp_account_encryption +./resource.ps1 azurerm_netapp_backup_policy +./resource.ps1 azurerm_netapp_backup_vault ./resource.ps1 azurerm_netapp_pool ./resource.ps1 azurerm_netapp_snapshot ./resource.ps1 azurerm_netapp_snapshot_policy ./resource.ps1 azurerm_netapp_volume +./resource.ps1 azurerm_netapp_volume_group_oracle ./resource.ps1 azurerm_netapp_volume_group_sap_hana ./resource.ps1 azurerm_netapp_volume_quota_rule ./resource.ps1 azurerm_network_connection_monitor @@ -655,22 +665,37 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_network_manager_admin_rule_collection ./resource.ps1 azurerm_network_manager_connectivity_configuration ./resource.ps1 azurerm_network_manager_deployment +./resource.ps1 azurerm_network_manager_ipam_pool +./resource.ps1 azurerm_network_manager_ipam_pool_static_cidr ./resource.ps1 azurerm_network_manager_management_group_connection ./resource.ps1 azurerm_network_manager_network_group +./resource.ps1 azurerm_network_manager_routing_configuration +./resource.ps1 azurerm_network_manager_routing_rule +./resource.ps1 azurerm_network_manager_routing_rule_collection ./resource.ps1 azurerm_network_manager_scope_connection ./resource.ps1 azurerm_network_manager_security_admin_configuration ./resource.ps1 azurerm_network_manager_static_member ./resource.ps1 azurerm_network_manager_subscription_connection -./resource.ps1 azurerm_network_packet_capture +./resource.ps1 azurerm_network_manager_verifier_workspace +./resource.ps1 azurerm_network_manager_verifier_workspace_reachability_analysis_intent ./resource.ps1 azurerm_network_profile ./resource.ps1 azurerm_new_relic_monitor ./resource.ps1 azurerm_new_relic_tag_rule +./resource.ps1 azurerm_nginx_api_key ./resource.ps1 azurerm_nginx_certificate ./resource.ps1 azurerm_nginx_configuration ./resource.ps1 azurerm_nginx_deployment ./resource.ps1 azurerm_notification_hub ./resource.ps1 azurerm_notification_hub_authorization_rule ./resource.ps1 azurerm_notification_hub_namespace +./resource.ps1 azurerm_oracle_autonomous_database +./resource.ps1 azurerm_oracle_autonomous_database_backup +./resource.ps1 azurerm_oracle_autonomous_database_clone_from_backup +./resource.ps1 azurerm_oracle_autonomous_database_clone_from_database +./resource.ps1 azurerm_oracle_cloud_vm_cluster +./resource.ps1 azurerm_oracle_exadata_infrastructure +./resource.ps1 azurerm_oracle_exascale_database_storage_vault +./resource.ps1 azurerm_oracle_resource_anchor ./resource.ps1 azurerm_orbital_contact ./resource.ps1 azurerm_orbital_contact_profile ./resource.ps1 azurerm_orbital_spacecraft @@ -701,9 +726,11 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_postgresql_firewall_rule ./resource.ps1 azurerm_postgresql_flexible_server ./resource.ps1 azurerm_postgresql_flexible_server_active_directory_administrator +./resource.ps1 azurerm_postgresql_flexible_server_backup ./resource.ps1 azurerm_postgresql_flexible_server_configuration ./resource.ps1 azurerm_postgresql_flexible_server_database ./resource.ps1 azurerm_postgresql_flexible_server_firewall_rule +./resource.ps1 azurerm_postgresql_flexible_server_virtual_endpoint ./resource.ps1 azurerm_postgresql_server ./resource.ps1 azurerm_postgresql_server_key ./resource.ps1 azurerm_postgresql_virtual_network_rule @@ -729,6 +756,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_public_ip ./resource.ps1 azurerm_public_ip_prefix ./resource.ps1 azurerm_purview_account +./resource.ps1 azurerm_qumulo_file_system ./resource.ps1 azurerm_recovery_services_vault ./resource.ps1 azurerm_recovery_services_vault_resource_guard_association ./resource.ps1 azurerm_redhat_openshift_cluster @@ -769,7 +797,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_security_center_assessment_policy ./resource.ps1 azurerm_security_center_auto_provisioning ./resource.ps1 azurerm_security_center_automation -./resource.ps1 azurerm_security_center_server_vulnerability_assessment ./resource.ps1 azurerm_security_center_server_vulnerability_assessment_virtual_machine ./resource.ps1 azurerm_security_center_server_vulnerability_assessments_setting ./resource.ps1 azurerm_security_center_storage_defender @@ -810,8 +837,8 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_service_fabric_managed_cluster ./resource.ps1 azurerm_servicebus_namespace ./resource.ps1 azurerm_servicebus_namespace_authorization_rule +./resource.ps1 azurerm_servicebus_namespace_customer_managed_key ./resource.ps1 azurerm_servicebus_namespace_disaster_recovery_config -./resource.ps1 azurerm_servicebus_namespace_network_rule_set ./resource.ps1 azurerm_servicebus_queue ./resource.ps1 azurerm_servicebus_queue_authorization_rule ./resource.ps1 azurerm_servicebus_subscription @@ -842,7 +869,6 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_site_recovery_vmware_replication_policy_association ./resource.ps1 azurerm_snapshot ./resource.ps1 azurerm_source_control_token -./resource.ps1 azurerm_spatial_anchors_account ./resource.ps1 azurerm_spring_cloud_accelerator ./resource.ps1 azurerm_spring_cloud_active_deployment ./resource.ps1 azurerm_spring_cloud_api_portal @@ -873,26 +899,26 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_spring_cloud_new_relic_application_performance_monitoring ./resource.ps1 azurerm_spring_cloud_service ./resource.ps1 azurerm_spring_cloud_storage -./resource.ps1 azurerm_sql_active_directory_administrator -./resource.ps1 azurerm_sql_database -./resource.ps1 azurerm_sql_elasticpool -./resource.ps1 azurerm_sql_failover_group ./resource.ps1 azurerm_sql_firewall_rule -./resource.ps1 azurerm_sql_managed_database -./resource.ps1 azurerm_sql_managed_instance -./resource.ps1 azurerm_sql_managed_instance_active_directory_administrator -./resource.ps1 azurerm_sql_managed_instance_failover_group ./resource.ps1 azurerm_sql_server ./resource.ps1 azurerm_sql_virtual_network_rule ./resource.ps1 azurerm_ssh_public_key ./resource.ps1 azurerm_stack_hci_cluster +./resource.ps1 azurerm_stack_hci_deployment_setting +./resource.ps1 azurerm_stack_hci_extension ./resource.ps1 azurerm_stack_hci_logical_network +./resource.ps1 azurerm_stack_hci_marketplace_gallery_image +./resource.ps1 azurerm_stack_hci_network_interface +./resource.ps1 azurerm_stack_hci_storage_path +./resource.ps1 azurerm_stack_hci_virtual_hard_disk ./resource.ps1 azurerm_static_site ./resource.ps1 azurerm_static_site_custom_domain ./resource.ps1 azurerm_static_web_app ./resource.ps1 azurerm_static_web_app_custom_domain ./resource.ps1 azurerm_static_web_app_function_app_registration ./resource.ps1 azurerm_storage_account_local_user +./resource.ps1 azurerm_storage_account_queue_properties +./resource.ps1 azurerm_storage_account_static_website ./resource.ps1 azurerm_storage_blob ./resource.ps1 azurerm_storage_blob_inventory_policy ./resource.ps1 azurerm_storage_container_immutability_policy @@ -920,6 +946,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_stream_analytics_function_javascript_udf ./resource.ps1 azurerm_stream_analytics_job ./resource.ps1 azurerm_stream_analytics_job_schedule +./resource.ps1 azurerm_stream_analytics_job_storage_account ./resource.ps1 azurerm_stream_analytics_managed_private_endpoint ./resource.ps1 azurerm_stream_analytics_output_blob ./resource.ps1 azurerm_stream_analytics_output_cosmosdb @@ -973,16 +1000,17 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_system_center_virtual_machine_manager_availability_set ./resource.ps1 azurerm_system_center_virtual_machine_manager_cloud ./resource.ps1 azurerm_system_center_virtual_machine_manager_server +./resource.ps1 azurerm_system_center_virtual_machine_manager_virtual_machine_instance +./resource.ps1 azurerm_system_center_virtual_machine_manager_virtual_machine_instance_guest_agent ./resource.ps1 azurerm_system_center_virtual_machine_manager_virtual_machine_template ./resource.ps1 azurerm_system_center_virtual_machine_manager_virtual_network -./resource.ps1 azurerm_template_deployment ./resource.ps1 azurerm_tenant_template_deployment ./resource.ps1 azurerm_traffic_manager_azure_endpoint ./resource.ps1 azurerm_traffic_manager_external_endpoint ./resource.ps1 azurerm_traffic_manager_nested_endpoint ./resource.ps1 azurerm_traffic_manager_profile -./resource.ps1 azurerm_video_analyzer -./resource.ps1 azurerm_video_analyzer_edge_module +./resource.ps1 azurerm_trusted_signing_account +./resource.ps1 azurerm_video_indexer_account ./resource.ps1 azurerm_virtual_desktop_application ./resource.ps1 azurerm_virtual_desktop_application_group ./resource.ps1 azurerm_virtual_desktop_host_pool @@ -1010,6 +1038,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_virtual_machine_run_command ./resource.ps1 azurerm_virtual_machine_scale_set_extension ./resource.ps1 azurerm_virtual_machine_scale_set_packet_capture +./resource.ps1 azurerm_virtual_machine_scale_set_standby_pool ./resource.ps1 azurerm_virtual_network_dns_servers ./resource.ps1 azurerm_virtual_network_gateway ./resource.ps1 azurerm_virtual_network_gateway_connection @@ -1035,6 +1064,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_web_pubsub_network_acl ./resource.ps1 azurerm_web_pubsub_service ./resource.ps1 azurerm_web_pubsub_shared_private_link_resource +./resource.ps1 azurerm_web_pubsub_socketio ./resource.ps1 azurerm_windows_function_app ./resource.ps1 azurerm_windows_function_app_slot ./resource.ps1 azurerm_windows_web_app @@ -1045,8 +1075,10 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_aadb2c_directory -type data ./resource.ps1 azurerm_active_directory_domain_service -type data ./resource.ps1 azurerm_advisor_recommendations -type data +./resource.ps1 azurerm_api_connection -type data +./resource.ps1 azurerm_api_management_subscription -type data ./resource.ps1 azurerm_arc_resource_bridge_appliance -type data -./resource.ps1 azurerm_attestation -type data +./resource.ps1 azurerm_attestation_provider -type data ./resource.ps1 azurerm_automation_runbook -type data ./resource.ps1 azurerm_billing_enrollment_account_scope -type data ./resource.ps1 azurerm_billing_mca_account_scope -type data @@ -1067,8 +1099,8 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_consumption_budget_resource_group -type data ./resource.ps1 azurerm_consumption_budget_subscription -type data ./resource.ps1 azurerm_container_app -type data -./resource.ps1 azurerm_container_app_environment. -type data -./resource.ps1 azurerm_container_app_environment_certificate. -type data +./resource.ps1 azurerm_container_app_environment -type data +./resource.ps1 azurerm_container_app_environment_certificate -type data ./resource.ps1 azurerm_container_app_environment_dapr_component. -type data ./resource.ps1 azurerm_container_group -type data ./resource.ps1 azurerm_container_registry -type data @@ -1079,6 +1111,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_cosmosdb_mongo_database -type data ./resource.ps1 azurerm_cosmosdb_restorable_database_accounts -type data ./resource.ps1 azurerm_cosmosdb_sql_database -type data +./resource.ps1 azurerm_cosmosdb_sql_role_definition -type data ./resource.ps1 azurerm_dashboard_grafana -type data ./resource.ps1 azurerm_data_factory -type data ./resource.ps1 azurerm_data_factory_trigger_schedule -type data @@ -1094,11 +1127,22 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_data_share_dataset_kusto_database -type data ./resource.ps1 azurerm_database_migration_project -type data ./resource.ps1 azurerm_database_migration_service -type data +./resource.ps1 azurerm_databox_edge_device -type data ./resource.ps1 azurerm_databricks_access_connector -type data ./resource.ps1 azurerm_databricks_workspace -type data ./resource.ps1 azurerm_databricks_workspace_private_endpoint_connection -type data ./resource.ps1 azurerm_dedicated_host -type data ./resource.ps1 azurerm_dedicated_host_group -type data +./resource.ps1 azurerm_dev_center -type data +./resource.ps1 azurerm_dev_center_attached_network -type data +./resource.ps1 azurerm_dev_center_catalog -type data +./resource.ps1 azurerm_dev_center_dev_box_definition -type data +./resource.ps1 azurerm_dev_center_environment_type -type data +./resource.ps1 azurerm_dev_center_gallery -type data +./resource.ps1 azurerm_dev_center_network_connection -type data +./resource.ps1 azurerm_dev_center_project -type data +./resource.ps1 azurerm_dev_center_project_environment_type -type data +./resource.ps1 azurerm_dev_center_project_pool -type data ./resource.ps1 azurerm_digital_twins_instance -type data ./resource.ps1 azurerm_disk_access -type data ./resource.ps1 azurerm_disk_encryption_set -type data @@ -1113,15 +1157,19 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_dns_srv_record -type data ./resource.ps1 azurerm_dns_txt_record -type data ./resource.ps1 azurerm_dns_zone -type data +./resource.ps1 azurerm_dynatrace_monitor -type data ./resource.ps1 azurerm_elastic_cloud_elasticsearch -type data ./resource.ps1 azurerm_elastic_san -type data ./resource.ps1 azurerm_elastic_san_volume_group -type data ./resource.ps1 azurerm_elastic_san_volume_snapshot -type data ./resource.ps1 azurerm_eventgrid_domain -type data ./resource.ps1 azurerm_eventgrid_domain_topic -type data +./resource.ps1 azurerm_eventgrid_partner_namespace -type data +./resource.ps1 azurerm_eventgrid_partner_registration -type data ./resource.ps1 azurerm_eventgrid_system_topic -type data ./resource.ps1 azurerm_eventgrid_topic -type data ./resource.ps1 azurerm_eventhub -type data +./resource.ps1 azurerm_eventhub_authorization_rule -type data ./resource.ps1 azurerm_eventhub_cluster -type data ./resource.ps1 azurerm_eventhub_consumer_group -type data ./resource.ps1 azurerm_eventhub_namespace -type data @@ -1129,18 +1177,19 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_eventhub_sas -type data ./resource.ps1 azurerm_express_route_circuit -type data ./resource.ps1 azurerm_express_route_circuit_peering -type data +./resource.ps1 azurerm_extended_location_custom_location -type data ./resource.ps1 azurerm_extended_locations -type data ./resource.ps1 azurerm_firewall -type data ./resource.ps1 azurerm_firewall_policy -type data ./resource.ps1 azurerm_function_app -type data ./resource.ps1 azurerm_function_app_host_keys -type data +./resource.ps1 azurerm_graph_services_account -type data ./resource.ps1 azurerm_hdinsight_cluster -type data ./resource.ps1 azurerm_healthcare_dicom_service -type data ./resource.ps1 azurerm_healthcare_fhir_service -type data ./resource.ps1 azurerm_healthcare_medtech_service -type data ./resource.ps1 azurerm_healthcare_service -type data ./resource.ps1 azurerm_healthcare_workspace -type data -./resource.ps1 azurerm_hybrid_compute_machine -type data ./resource.ps1 azurerm_image -type data ./resource.ps1 azurerm_images -type data ./resource.ps1 azurerm_iothub -type data @@ -1149,9 +1198,11 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_iothub_shared_access_policy -type data ./resource.ps1 azurerm_ip_group -type data ./resource.ps1 azurerm_ip_groups -type data +./resource.ps1 azurerm_key_vault_managed_hardware_security_module_key -type data ./resource.ps1 azurerm_key_vault_managed_hardware_security_module_role_definition -type data ./resource.ps1 azurerm_kubernetes_cluster -type data ./resource.ps1 azurerm_kubernetes_cluster_node_pool -type data +./resource.ps1 azurerm_kubernetes_fleet_manager -type data ./resource.ps1 azurerm_kubernetes_node_pool_snapshot -type data ./resource.ps1 azurerm_kubernetes_service_versions -type data ./resource.ps1 azurerm_kusto_cluster -type data @@ -1165,6 +1216,7 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_local_network_gateway -type data ./resource.ps1 azurerm_location -type data ./resource.ps1 azurerm_log_analytics_workspace -type data +./resource.ps1 azurerm_log_analytics_workspace_table -type data ./resource.ps1 azurerm_logic_app_integration_account -type data ./resource.ps1 azurerm_logic_app_standard -type data ./resource.ps1 azurerm_logic_app_workflow -type data @@ -1173,42 +1225,80 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_managed_api -type data ./resource.ps1 azurerm_managed_application_definition -type data ./resource.ps1 azurerm_managed_disk -type data +./resource.ps1 azurerm_managed_disks -type data +./resource.ps1 azurerm_managed_redis -type data ./resource.ps1 azurerm_management_group -type data ./resource.ps1 azurerm_management_group_template_deployment -type data ./resource.ps1 azurerm_maps_account -type data -./resource.ps1 azurerm_mariadb_server -type data +./resource.ps1 azurerm_marketplace_agreement -type data +./resource.ps1 azurerm_mobile_network -type data +./resource.ps1 azurerm_mobile_network_attached_data_network -type data +./resource.ps1 azurerm_mobile_network_data_network -type data +./resource.ps1 azurerm_mobile_network_packet_core_control_plane -type data +./resource.ps1 azurerm_mobile_network_packet_core_data_plane -type data +./resource.ps1 azurerm_mobile_network_service -type data +./resource.ps1 azurerm_mobile_network_sim -type data +./resource.ps1 azurerm_mobile_network_sim_group -type data +./resource.ps1 azurerm_mobile_network_sim_policy -type data +./resource.ps1 azurerm_mobile_network_site -type data +./resource.ps1 azurerm_mobile_network_slice -type data ./resource.ps1 azurerm_monitor_action_group -type data ./resource.ps1 azurerm_monitor_data_collection_endpoint -type data ./resource.ps1 azurerm_monitor_data_collection_rule -type data ./resource.ps1 azurerm_monitor_diagnostic_categories -type data -./resource.ps1 azurerm_monitor_log_profile -type data ./resource.ps1 azurerm_monitor_scheduled_query_rules_alert -type data ./resource.ps1 azurerm_monitor_scheduled_query_rules_log -type data ./resource.ps1 azurerm_monitor_workspace -type data ./resource.ps1 azurerm_mssql_database -type data ./resource.ps1 azurerm_mssql_elasticpool -type data +./resource.ps1 azurerm_mssql_failover_group -type data +./resource.ps1 azurerm_mssql_managed_database -type data ./resource.ps1 azurerm_mssql_managed_instance -type data ./resource.ps1 azurerm_mssql_server -type data +./resource.ps1 azurerm_mysql_flexible_server -type data ./resource.ps1 azurerm_nat_gateway -type data ./resource.ps1 azurerm_netapp_account -type data ./resource.ps1 azurerm_netapp_account_encryption -type data +./resource.ps1 azurerm_netapp_backup_policy -type data +./resource.ps1 azurerm_netapp_backup_vault -type data ./resource.ps1 azurerm_netapp_pool -type data ./resource.ps1 azurerm_netapp_snapshot -type data ./resource.ps1 azurerm_netapp_snapshot_policy -type data ./resource.ps1 azurerm_netapp_volume -type data +./resource.ps1 azurerm_netapp_volume_group_oracle -type data ./resource.ps1 azurerm_netapp_volume_group_sap_hana -type data ./resource.ps1 azurerm_netapp_volume_quota_rule -type data ./resource.ps1 azurerm_network_ddos_protection_plan -type data ./resource.ps1 azurerm_network_interface -type data +./resource.ps1 azurerm_network_manager -type data ./resource.ps1 azurerm_network_manager_connectivity_configuration -type data +./resource.ps1 azurerm_network_manager_ipam_pool -type data +./resource.ps1 azurerm_network_manager_network_group -type data ./resource.ps1 azurerm_network_security_group -type data ./resource.ps1 azurerm_network_service_tags -type data +./resource.ps1 azurerm_nginx_api_key -type data ./resource.ps1 azurerm_nginx_certificate -type data ./resource.ps1 azurerm_nginx_configuration -type data ./resource.ps1 azurerm_nginx_deployment -type data ./resource.ps1 azurerm_notification_hub -type data ./resource.ps1 azurerm_notification_hub_namespace -type data +./resource.ps1 azurerm_oracle_adbs_character_sets -type data +./resource.ps1 azurerm_oracle_adbs_national_character_sets -type data +./resource.ps1 azurerm_oracle_autonomous_database -type data +./resource.ps1 azurerm_oracle_autonomous_database_backup -type data +./resource.ps1 azurerm_oracle_autonomous_database_backups -type data +./resource.ps1 azurerm_oracle_autonomous_database_clone_from_backup -type data +./resource.ps1 azurerm_oracle_autonomous_database_clone_from_database -type data +./resource.ps1 azurerm_oracle_cloud_vm_cluster -type data +./resource.ps1 azurerm_oracle_db_nodes -type data +./resource.ps1 azurerm_oracle_db_servers -type data +./resource.ps1 azurerm_oracle_db_system_shapes -type data +./resource.ps1 azurerm_oracle_exadata_infrastructure -type data +./resource.ps1 azurerm_oracle_exascale_database_storage_vault -type data +./resource.ps1 azurerm_oracle_gi_versions -type data +./resource.ps1 azurerm_oracle_resource_anchor -type data ./resource.ps1 azurerm_orchestrated_virtual_machine_scale_set -type data +./resource.ps1 azurerm_palo_alto_local_rulestack -type data ./resource.ps1 azurerm_platform_image -type data ./resource.ps1 azurerm_policy_assignment -type data ./resource.ps1 azurerm_policy_definition -type data @@ -1240,12 +1330,22 @@ Datasource percentage coverage 37.84 ./resource.ps1 azurerm_proximity_placement_group -type data ./resource.ps1 azurerm_public_maintenance_configurations -type data ./resource.ps1 azurerm_recovery_services_vault -type data +./resource.ps1 azurerm_role_assignments -type data ./resource.ps1 azurerm_role_management_policy -type data +./resource.ps1 azurerm_search_service -type data ./resource.ps1 azurerm_sentinel_alert_rule_anomaly -type data +./resource.ps1 azurerm_servicebus_namespace_disaster_recovery_config -type data ./resource.ps1 azurerm_servicebus_topic_authorization_rule -type data +./resource.ps1 azurerm_site_recovery_replication_recovery_plan -type data +./resource.ps1 azurerm_stack_hci_storage_path -type data ./resource.ps1 azurerm_static_web_app -type data ./resource.ps1 azurerm_storage_queue -type data ./resource.ps1 azurerm_storage_table -type data +./resource.ps1 azurerm_storage_table_entities -type data ./resource.ps1 azurerm_system_center_virtual_machine_manager_inventory_items -type data +./resource.ps1 azurerm_trusted_signing_account -type data ./resource.ps1 azurerm_virtual_desktop_application_group -type data ./resource.ps1 azurerm_virtual_desktop_workspace -type data +./resource.ps1 azurerm_virtual_network_peering -type data +./resource.ps1 azurerm_vpn_server_configuration -type data +``` diff --git a/src/coverage/coverage.go b/src/coverage/coverage.go index 8f12fa3a..a70dcd66 100644 --- a/src/coverage/coverage.go +++ b/src/coverage/coverage.go @@ -19,7 +19,7 @@ type members struct { func coverageAWS() error { data := importMembers("../parse/aws-members.json") missing := members{} - target := "" + target := "```shell\n" for _, myData := range data.Resources { if temp := pike.AwsLookup(myData); temp == nil { @@ -38,26 +38,32 @@ func coverageAWS() error { } } } + target += "```\n" - Prepend := "# todo aws \n\n" - - Prepend += fmt.Sprintf("Resource percentage coverage %3.2f \n", percent(missing.Resources, data.Resources)) - Prepend += fmt.Sprintf("Datasource percentage coverage %3.2f \n\n", percent(missing.DataSources, data.DataSources)) + Prepend := resourceTable(missing, data, "AWS") target = Prepend + target err := os.WriteFile("aws.md", []byte(target), 0o700) if err != nil { - return err + return &fileWriteError{err} } return nil } +type fileWriteError struct { + err error +} + +func (e *fileWriteError) Error() string { + return e.err.Error() +} + //goland:noinspection GoUnusedFunction func coverageAzure() error { data := importMembers("../parse/azurerm-members.json") missing := members{} - target := "" + target := "```shell\n" for _, myData := range data.Resources { if temp := pike.AzureLookup(myData); temp == nil { @@ -72,16 +78,14 @@ func coverageAzure() error { target += "./resource.ps1 " + myData + " -type data\n" } } + target += "```\n" - Prepend := "# todo azure \n\n" - - Prepend += fmt.Sprintf("Resource percentage coverage %3.2f \n", percent(missing.Resources, data.Resources)) - Prepend += fmt.Sprintf("Datasource percentage coverage %3.2f \n\n", percent(missing.DataSources, data.DataSources)) - + Prepend := resourceTable(missing, data, "Azure") target = Prepend + target err := os.WriteFile("azure.md", []byte(target), 0o700) + if err != nil { - return err + return &fileWriteError{err} } return nil @@ -91,7 +95,7 @@ func coverageAzure() error { func coverageGcp() error { data := importMembers("../parse/google-members.json") missing := members{} - target := "" + target := "```shell\n" for _, myData := range data.Resources { if temp := pike.GCPLookup(myData); temp == nil { @@ -106,21 +110,34 @@ func coverageGcp() error { target += "./resource.ps1 " + myData + " -type data\n" } } + target += "```\n" - Prepend := "# todo google \n\n" - - Prepend += fmt.Sprintf("Resource percentage coverage %3.2f \n", percent(missing.Resources, data.Resources)) - Prepend += fmt.Sprintf("Datasource percentage coverage %3.2f \n\n", percent(missing.DataSources, data.DataSources)) + Prepend := resourceTable(missing, data, "Google") target = Prepend + target err := os.WriteFile("google.md", []byte(target), 0o700) + if err != nil { - return err + + return &fileWriteError{err} } return nil } +func resourceTable(missing members, data members, cloud string) string { + Prepend := fmt.Sprintf("# %s Resource Status\n\n", cloud) + Prepend += fmt.Sprintf("| Terraform | Coverage %% | Resources | Total Resources |\n") + Prepend += fmt.Sprintf("|------------|------------|-----------|-----------------|\n") + Prepend += fmt.Sprintf("| Resources | %3.2f | %5d | %5d |\n", + percent(missing.Resources, data.Resources), + len(data.Resources)-len(missing.Resources), len(data.Resources)) + Prepend += fmt.Sprintf("| Datasource | %3.2f | %5d | %5d |\n\n", + percent(missing.DataSources, data.DataSources), + len(data.DataSources)-len(missing.DataSources), len(data.DataSources)) + return Prepend +} + func importMembers(targetMembers string) members { fileName, _ := filepath.Abs(targetMembers) file, _ := os.ReadFile(fileName) diff --git a/src/coverage/coverage_internal_test.go b/src/coverage/coverage_internal_test.go new file mode 100644 index 00000000..93b3e1d1 --- /dev/null +++ b/src/coverage/coverage_internal_test.go @@ -0,0 +1,213 @@ +package coverage + +import ( + "encoding/json" + "os" + "path/filepath" + "strings" + "testing" + + pike "github.com/jameswoolfenden/pike/src" +) + +// Helper function to create test JSON file +func createTestMembersFile(t *testing.T, data members) string { + tempDir := t.TempDir() + filePath := filepath.Join(tempDir, "test-members.json") + + jsonData, err := json.Marshal(data) + if err != nil { + t.Fatalf("Failed to marshal test data: %v", err) + } + + err = os.WriteFile(filePath, jsonData, 0644) + if err != nil { + t.Fatalf("Failed to write test file: %v", err) + } + + return filePath +} + +// Test the data sources processing logic specifically +func TestCoverageAWS_DataSourcesProcessing(t *testing.T) { + tests := []struct { + name string + dataSources []string + expectedMissing []string + expectedTargetLines int + }{ + { + name: "empty data sources", + dataSources: []string{}, + expectedMissing: []string{}, + expectedTargetLines: 0, + }, + { + name: "aws data source not in pike lookup", + dataSources: []string{"aws_s3_bucket_duff"}, + expectedMissing: []string{"aws_s3_bucket_duff"}, + expectedTargetLines: 1, + }, + { + name: "non-aws data source not in pike lookup", + dataSources: []string{"google_storage_bucket"}, + expectedMissing: []string{}, + expectedTargetLines: 0, + }, + { + name: "mixed aws and non-aws data sources", + dataSources: []string{"aws_s3_bucket_duff", "google_storage_bucket", "aws_ec2_instance"}, + expectedMissing: []string{"aws_s3_bucket_duff", "aws_ec2_instance"}, + expectedTargetLines: 2, + }, + { + name: "data source containing aws in middle", + dataSources: []string{"terraform_aws_s3_bucket"}, + expectedMissing: []string{"terraform_aws_s3_bucket"}, + expectedTargetLines: 1, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Create test data + testData := members{ + DataSources: tt.dataSources, + Resources: []string{}, // Empty for this test + } + + // Create temporary test file + testFile := createTestMembersFile(t, testData) + + // Load test data + data := members{} + fileName, _ := filepath.Abs(testFile) + file, err := os.ReadFile(fileName) + if err != nil { + t.Fatalf("Failed to read test file: %v", err) + } + err = json.Unmarshal(file, &data) + if err != nil { + t.Fatalf("Failed to unmarshal test data: %v", err) + } + + // Simulate the data sources processing logic from lines 34-40 + missing := members{} + target := "" + + for _, myData := range data.DataSources { + // Simulate pike.AwsDataLookup returning nil (not found) + if temp := pike.AwsDataLookup(myData); temp == nil { + if strings.Contains(myData, "aws") { + missing.DataSources = append(missing.DataSources, myData) + target += "./resource.ps1 " + myData + " -type data\n" + } + } + } + + // Verify results + if len(missing.DataSources) != len(tt.expectedMissing) { + t.Errorf("Expected %d missing data sources, got %d", len(tt.expectedMissing), len(missing.DataSources)) + } + + for i, expected := range tt.expectedMissing { + if i >= len(missing.DataSources) || missing.DataSources[i] != expected { + t.Errorf("Expected missing data source %s, got %s", expected, missing.DataSources[i]) + } + } + + // Count target lines + targetLines := 0 + if target != "" { + targetLines = strings.Count(target, "\n") + } + + if targetLines != tt.expectedTargetLines { + t.Errorf("Expected %d target lines, got %d", tt.expectedTargetLines, targetLines) + } + + // Verify target format for aws data sources + for _, expectedDS := range tt.expectedMissing { + expectedLine := "./resource.ps1 " + expectedDS + " -type data\n" + if !strings.Contains(target, expectedLine) { + t.Errorf("Expected target to contain %s", expectedLine) + } + } + }) + } +} + +func TestCoverageAWS_DataSourcesTargetFormat(t *testing.T) { + testData := members{ + DataSources: []string{"aws_s3_bucket", "aws_ec2_instance"}, + Resources: []string{}, + } + + testFile := createTestMembersFile(t, testData) + + data := members{} + fileName, _ := filepath.Abs(testFile) + file, _ := os.ReadFile(fileName) + _ = json.Unmarshal(file, &data) + + target := "" + for _, myData := range data.DataSources { + if temp := pike.AwsDataLookup(myData); temp == nil { + if strings.Contains(myData, "aws") { + target += "./resource.ps1 " + myData + " -type data\n" + } + } + } + + expectedTarget := "./resource.ps1 aws_ec2_instance -type data\n" + if target != expectedTarget { + t.Errorf("Expected target format:\n%s\nGot:\n%s", expectedTarget, target) + } +} + +func TestCoverageAWS_DataSourcesCaseInsensitive(t *testing.T) { + testCases := []struct { + name string + dataSource string + shouldAdd bool + }{ + {"lowercase aws", "aws_ec2_instance", true}, + {"uppercase AWS", "AWS_EC2_INSTANCE", false}, + {"mixed case", "Aws_EC2_Bucket", false}, + {"aws in middle", "terraform_aws_s3", true}, + {"no aws", "google_storage", false}, + {"aws substring", "awesome_bucket", false}, // contains "aws" + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + testData := members{ + DataSources: []string{tc.dataSource}, + Resources: []string{}, + } + + testFile := createTestMembersFile(t, testData) + + data := members{} + fileName, _ := filepath.Abs(testFile) + file, _ := os.ReadFile(fileName) + _ = json.Unmarshal(file, &data) + + missing := members{} + for _, myData := range data.DataSources { + if temp := pike.AwsDataLookup(myData); temp == nil { + if strings.Contains(myData, "aws") { + missing.DataSources = append(missing.DataSources, myData) + } + } + } + + if tc.shouldAdd && len(missing.DataSources) == 0 { + t.Errorf("Expected %s to be added to missing data sources", tc.dataSource) + } + if !tc.shouldAdd && len(missing.DataSources) > 0 { + t.Errorf("Expected %s not to be added to missing data sources", tc.dataSource) + } + }) + } +} diff --git a/src/coverage/coverage_test.go b/src/coverage/coverage_test.go index 149d160d..76009001 100644 --- a/src/coverage/coverage_test.go +++ b/src/coverage/coverage_test.go @@ -1,6 +1,7 @@ package coverage import ( + "errors" "testing" pike "github.com/jameswoolfenden/pike/src" @@ -20,6 +21,7 @@ func Test_coverageAws(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + if err := coverageAWS(); (err != nil) != tt.wantErr { t.Errorf("coverageAWS() error = %v, wantErr %v", err, tt.wantErr) } @@ -47,6 +49,7 @@ func Test_percent(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got := percent(tt.args.missing, tt.args.data) if !pike.AlmostEqual(got, tt.want) { @@ -99,3 +102,26 @@ func Test_coverageGcp(t *testing.T) { }) } } + +func Test_fileWriteError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"invoke", fields{err: errors.New("fail")}, "fail"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &fileWriteError{ + err: tt.fields.err, + } + if got := e.Error(); got != tt.want { + t.Errorf("Error() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/src/coverage/google.md b/src/coverage/google.md index 5437ddfc..2275cfd5 100755 --- a/src/coverage/google.md +++ b/src/coverage/google.md @@ -1,9 +1,14 @@ -# todo google +# Google Resource Status -Resource percentage coverage 20.44 -Datasource percentage coverage 82.65 +| Terraform | Coverage % | Resources | Total Resources | +|------------|------------|-----------|-----------------| +| Resources | 62.39 | 783 | 1255 | +| Datasource | 99.01 | 399 | 403 | +```shell ./resource.ps1 google_access_context_manager_access_level_condition +./resource.ps1 google_access_context_manager_service_perimeter_dry_run_egress_policy +./resource.ps1 google_access_context_manager_service_perimeter_dry_run_ingress_policy ./resource.ps1 google_access_context_manager_service_perimeter_dry_run_resource ./resource.ps1 google_access_context_manager_service_perimeter_egress_policy ./resource.ps1 google_access_context_manager_service_perimeter_ingress_policy @@ -12,14 +17,20 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_active_directory_domain_trust ./resource.ps1 google_active_directory_peering ./resource.ps1 google_apigee_addons_config -./resource.ps1 google_apigee_endpoint_attachment +./resource.ps1 google_apigee_api +./resource.ps1 google_apigee_api_deployment +./resource.ps1 google_apigee_api_product +./resource.ps1 google_apigee_app_group +./resource.ps1 google_apigee_control_plane_access +./resource.ps1 google_apigee_developer +./resource.ps1 google_apigee_developer_app +./resource.ps1 google_apigee_dns_zone ./resource.ps1 google_apigee_env_keystore ./resource.ps1 google_apigee_envgroup ./resource.ps1 google_apigee_envgroup_attachment ./resource.ps1 google_apigee_environment -./resource.ps1 google_apigee_environment_iam_binding -./resource.ps1 google_apigee_environment_iam_member -./resource.ps1 google_apigee_environment_iam_policy +./resource.ps1 google_apigee_environment_addons_config +./resource.ps1 google_apigee_environment_api_revision_deployment ./resource.ps1 google_apigee_environment_keyvaluemaps ./resource.ps1 google_apigee_environment_keyvaluemaps_entries ./resource.ps1 google_apigee_instance @@ -27,6 +38,9 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_apigee_keystores_aliases_self_signed_cert ./resource.ps1 google_apigee_nat_address ./resource.ps1 google_apigee_organization +./resource.ps1 google_apigee_security_action +./resource.ps1 google_apigee_security_monitoring_condition +./resource.ps1 google_apigee_security_profile_v2 ./resource.ps1 google_apigee_sync_authorization ./resource.ps1 google_apigee_target_server ./resource.ps1 google_apikeys_key @@ -38,148 +52,94 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_app_engine_service_network_settings ./resource.ps1 google_app_engine_service_split_traffic ./resource.ps1 google_app_engine_standard_app_version -./resource.ps1 google_apphub_application -./resource.ps1 google_apphub_service -./resource.ps1 google_apphub_service_project_attachment -./resource.ps1 google_apphub_workload +./resource.ps1 google_artifact_registry_package ./resource.ps1 google_artifact_registry_vpcsc_config ./resource.ps1 google_assured_workloads_workload -./resource.ps1 google_backup_dr_management_server -./resource.ps1 google_beyondcorp_app_connection -./resource.ps1 google_beyondcorp_app_connector -./resource.ps1 google_beyondcorp_app_gateway -./resource.ps1 google_biglake_catalog -./resource.ps1 google_biglake_database -./resource.ps1 google_biglake_table -./resource.ps1 google_bigquery_datapolicy_data_policy -./resource.ps1 google_bigquery_datapolicy_data_policy_iam_binding -./resource.ps1 google_bigquery_datapolicy_data_policy_iam_member -./resource.ps1 google_bigquery_datapolicy_data_policy_iam_policy -./resource.ps1 google_bigquery_dataset_access -./resource.ps1 google_bigtable_authorized_view -./resource.ps1 google_billing_account_iam_binding -./resource.ps1 google_billing_account_iam_member -./resource.ps1 google_billing_account_iam_policy -./resource.ps1 google_billing_budget -./resource.ps1 google_billing_project_info +./resource.ps1 google_bigquery_analytics_hub_data_exchange_subscription +./resource.ps1 google_bigquery_datapolicyv2_data_policy +./resource.ps1 google_bigquery_datapolicyv2_data_policy_iam_binding +./resource.ps1 google_bigquery_datapolicyv2_data_policy_iam_member +./resource.ps1 google_bigquery_datapolicyv2_data_policy_iam_policy ./resource.ps1 google_billing_subaccount ./resource.ps1 google_binary_authorization_attestor -./resource.ps1 google_binary_authorization_attestor_iam_binding -./resource.ps1 google_binary_authorization_attestor_iam_member -./resource.ps1 google_binary_authorization_attestor_iam_policy ./resource.ps1 google_binary_authorization_policy ./resource.ps1 google_blockchain_node_engine_blockchain_nodes ./resource.ps1 google_certificate_manager_certificate ./resource.ps1 google_certificate_manager_certificate_issuance_config ./resource.ps1 google_certificate_manager_certificate_map ./resource.ps1 google_certificate_manager_certificate_map_entry -./resource.ps1 google_certificate_manager_dns_authorization ./resource.ps1 google_certificate_manager_trust_config +./resource.ps1 google_ces_agent +./resource.ps1 google_ces_app +./resource.ps1 google_ces_deployment +./resource.ps1 google_ces_example +./resource.ps1 google_ces_guardrail +./resource.ps1 google_ces_tool +./resource.ps1 google_ces_toolset ./resource.ps1 google_cloud_asset_folder_feed ./resource.ps1 google_cloud_asset_organization_feed ./resource.ps1 google_cloud_asset_project_feed ./resource.ps1 google_cloud_identity_group ./resource.ps1 google_cloud_identity_group_membership ./resource.ps1 google_cloud_ids_endpoint +./resource.ps1 google_cloud_quotas_quota_adjuster_settings ./resource.ps1 google_cloud_quotas_quota_preference -./resource.ps1 google_cloud_run_domain_mapping -./resource.ps1 google_cloud_run_service -./resource.ps1 google_cloud_run_service_iam_binding -./resource.ps1 google_cloud_run_service_iam_member -./resource.ps1 google_cloud_run_service_iam_policy +./resource.ps1 google_cloud_security_compliance_cloud_control +./resource.ps1 google_cloud_security_compliance_framework +./resource.ps1 google_cloud_security_compliance_framework_deployment ./resource.ps1 google_cloud_tasks_queue -./resource.ps1 google_cloud_tasks_queue_iam_binding -./resource.ps1 google_cloud_tasks_queue_iam_member -./resource.ps1 google_cloud_tasks_queue_iam_policy ./resource.ps1 google_cloudbuild_bitbucket_server_config ./resource.ps1 google_cloudbuild_worker_pool -./resource.ps1 google_cloudbuildv2_connection -./resource.ps1 google_cloudbuildv2_connection_iam_binding -./resource.ps1 google_cloudbuildv2_connection_iam_member -./resource.ps1 google_cloudbuildv2_connection_iam_policy -./resource.ps1 google_cloudbuildv2_repository ./resource.ps1 google_clouddeploy_automation ./resource.ps1 google_clouddeploy_custom_target_type -./resource.ps1 google_clouddeploy_custom_target_type_iam_binding -./resource.ps1 google_clouddeploy_custom_target_type_iam_member -./resource.ps1 google_clouddeploy_custom_target_type_iam_policy ./resource.ps1 google_clouddeploy_delivery_pipeline -./resource.ps1 google_clouddeploy_delivery_pipeline_iam_binding -./resource.ps1 google_clouddeploy_delivery_pipeline_iam_member -./resource.ps1 google_clouddeploy_delivery_pipeline_iam_policy +./resource.ps1 google_clouddeploy_deploy_policy ./resource.ps1 google_clouddeploy_target -./resource.ps1 google_clouddeploy_target_iam_binding -./resource.ps1 google_clouddeploy_target_iam_member -./resource.ps1 google_clouddeploy_target_iam_policy ./resource.ps1 google_clouddomains_registration -./resource.ps1 google_cloudfunctions2_function -./resource.ps1 google_cloudfunctions2_function_iam_binding -./resource.ps1 google_cloudfunctions2_function_iam_member -./resource.ps1 google_cloudfunctions2_function_iam_policy -./resource.ps1 google_cloudfunctions_function_iam_binding ./resource.ps1 google_cloudiot_registry -./resource.ps1 google_composer_environment -./resource.ps1 google_composer_user_workloads_config_map -./resource.ps1 google_composer_user_workloads_secret +./resource.ps1 google_colab_notebook_execution +./resource.ps1 google_colab_runtime +./resource.ps1 google_colab_runtime_template +./resource.ps1 google_colab_schedule ./resource.ps1 google_compute_attached_disk ./resource.ps1 google_compute_autoscaler -./resource.ps1 google_compute_backend_bucket -./resource.ps1 google_compute_backend_bucket_iam_binding -./resource.ps1 google_compute_backend_bucket_iam_member -./resource.ps1 google_compute_backend_bucket_iam_policy ./resource.ps1 google_compute_backend_bucket_signed_url_key -./resource.ps1 google_compute_backend_service -./resource.ps1 google_compute_backend_service_iam_binding -./resource.ps1 google_compute_backend_service_iam_member -./resource.ps1 google_compute_backend_service_iam_policy ./resource.ps1 google_compute_backend_service_signed_url_key +./resource.ps1 google_compute_cross_site_network ./resource.ps1 google_compute_disk ./resource.ps1 google_compute_disk_async_replication -./resource.ps1 google_compute_disk_iam_binding -./resource.ps1 google_compute_disk_iam_member -./resource.ps1 google_compute_disk_iam_policy ./resource.ps1 google_compute_disk_resource_policy_attachment ./resource.ps1 google_compute_external_vpn_gateway ./resource.ps1 google_compute_firewall_policy ./resource.ps1 google_compute_firewall_policy_association ./resource.ps1 google_compute_firewall_policy_rule -./resource.ps1 google_compute_forwarding_rule -./resource.ps1 google_compute_global_forwarding_rule +./resource.ps1 google_compute_firewall_policy_with_rules +./resource.ps1 google_compute_future_reservation ./resource.ps1 google_compute_global_network_endpoint -./resource.ps1 google_compute_global_network_endpoint_group ./resource.ps1 google_compute_ha_vpn_gateway -./resource.ps1 google_compute_health_check -./resource.ps1 google_compute_http_health_check -./resource.ps1 google_compute_https_health_check ./resource.ps1 google_compute_image -./resource.ps1 google_compute_image_iam_binding -./resource.ps1 google_compute_image_iam_member -./resource.ps1 google_compute_image_iam_policy ./resource.ps1 google_compute_instance_from_machine_image ./resource.ps1 google_compute_instance_from_template ./resource.ps1 google_compute_instance_group ./resource.ps1 google_compute_instance_group_manager ./resource.ps1 google_compute_instance_group_membership ./resource.ps1 google_compute_instance_group_named_port -./resource.ps1 google_compute_instance_iam_binding -./resource.ps1 google_compute_instance_iam_member -./resource.ps1 google_compute_instance_iam_policy ./resource.ps1 google_compute_instance_settings +./resource.ps1 google_compute_instant_snapshot ./resource.ps1 google_compute_interconnect ./resource.ps1 google_compute_interconnect_attachment +./resource.ps1 google_compute_interconnect_attachment_group +./resource.ps1 google_compute_interconnect_group ./resource.ps1 google_compute_machine_image -./resource.ps1 google_compute_machine_image_iam_binding -./resource.ps1 google_compute_machine_image_iam_member -./resource.ps1 google_compute_machine_image_iam_policy ./resource.ps1 google_compute_managed_ssl_certificate -./resource.ps1 google_compute_network_attachment ./resource.ps1 google_compute_network_edge_security_service ./resource.ps1 google_compute_network_endpoint -./resource.ps1 google_compute_network_endpoint_group ./resource.ps1 google_compute_network_endpoints ./resource.ps1 google_compute_network_firewall_policy ./resource.ps1 google_compute_network_firewall_policy_association +./resource.ps1 google_compute_network_firewall_policy_packet_mirroring_rule ./resource.ps1 google_compute_network_firewall_policy_rule +./resource.ps1 google_compute_network_firewall_policy_with_rules ./resource.ps1 google_compute_network_peering ./resource.ps1 google_compute_network_peering_routes_config ./resource.ps1 google_compute_node_group @@ -189,44 +149,37 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_compute_organization_security_policy_rule ./resource.ps1 google_compute_packet_mirroring ./resource.ps1 google_compute_per_instance_config +./resource.ps1 google_compute_preview_feature ./resource.ps1 google_compute_project_cloud_armor_tier ./resource.ps1 google_compute_project_default_network_tier ./resource.ps1 google_compute_project_metadata ./resource.ps1 google_compute_public_advertised_prefix ./resource.ps1 google_compute_public_delegated_prefix ./resource.ps1 google_compute_region_autoscaler -./resource.ps1 google_compute_region_backend_service -./resource.ps1 google_compute_region_backend_service_iam_binding -./resource.ps1 google_compute_region_backend_service_iam_member -./resource.ps1 google_compute_region_backend_service_iam_policy ./resource.ps1 google_compute_region_commitment ./resource.ps1 google_compute_region_disk -./resource.ps1 google_compute_region_disk_iam_binding -./resource.ps1 google_compute_region_disk_iam_member -./resource.ps1 google_compute_region_disk_iam_policy ./resource.ps1 google_compute_region_disk_resource_policy_attachment -./resource.ps1 google_compute_region_health_check +./resource.ps1 google_compute_region_health_aggregation_policy ./resource.ps1 google_compute_region_instance_group_manager ./resource.ps1 google_compute_region_instance_template ./resource.ps1 google_compute_region_network_endpoint -./resource.ps1 google_compute_region_network_endpoint_group ./resource.ps1 google_compute_region_network_firewall_policy ./resource.ps1 google_compute_region_network_firewall_policy_association ./resource.ps1 google_compute_region_network_firewall_policy_rule +./resource.ps1 google_compute_region_network_firewall_policy_with_rules ./resource.ps1 google_compute_region_per_instance_config +./resource.ps1 google_compute_region_resize_request ./resource.ps1 google_compute_region_security_policy ./resource.ps1 google_compute_region_security_policy_rule -./resource.ps1 google_compute_region_target_http_proxy -./resource.ps1 google_compute_region_target_https_proxy -./resource.ps1 google_compute_region_target_tcp_proxy -./resource.ps1 google_compute_region_url_map ./resource.ps1 google_compute_reservation ./resource.ps1 google_compute_resize_request ./resource.ps1 google_compute_resource_policy +./resource.ps1 google_compute_resource_policy_attachment ./resource.ps1 google_compute_route ./resource.ps1 google_compute_router ./resource.ps1 google_compute_router_interface ./resource.ps1 google_compute_router_nat +./resource.ps1 google_compute_router_nat_address ./resource.ps1 google_compute_router_peer ./resource.ps1 google_compute_router_route_policy ./resource.ps1 google_compute_security_policy_rule @@ -234,28 +187,19 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_compute_shared_vpc_host_project ./resource.ps1 google_compute_shared_vpc_service_project ./resource.ps1 google_compute_snapshot -./resource.ps1 google_compute_snapshot_iam_binding -./resource.ps1 google_compute_snapshot_iam_member -./resource.ps1 google_compute_snapshot_iam_policy +./resource.ps1 google_compute_snapshot_settings ./resource.ps1 google_compute_ssl_certificate ./resource.ps1 google_compute_ssl_policy -./resource.ps1 google_compute_subnetwork_iam_binding -./resource.ps1 google_compute_subnetwork_iam_member -./resource.ps1 google_compute_subnetwork_iam_policy +./resource.ps1 google_compute_storage_pool ./resource.ps1 google_compute_target_grpc_proxy -./resource.ps1 google_compute_target_http_proxy -./resource.ps1 google_compute_target_https_proxy ./resource.ps1 google_compute_target_instance ./resource.ps1 google_compute_target_pool ./resource.ps1 google_compute_target_ssl_proxy ./resource.ps1 google_compute_target_tcp_proxy -./resource.ps1 google_compute_url_map ./resource.ps1 google_compute_vpn_gateway ./resource.ps1 google_compute_vpn_tunnel +./resource.ps1 google_compute_wire_group ./resource.ps1 google_container_analysis_note -./resource.ps1 google_container_analysis_note_iam_binding -./resource.ps1 google_container_analysis_note_iam_member -./resource.ps1 google_container_analysis_note_iam_policy ./resource.ps1 google_container_analysis_occurrence ./resource.ps1 google_container_attached_cluster ./resource.ps1 google_container_aws_cluster @@ -264,28 +208,7 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_container_azure_cluster ./resource.ps1 google_container_azure_node_pool ./resource.ps1 google_container_registry -./resource.ps1 google_data_catalog_entry -./resource.ps1 google_data_catalog_entry_group -./resource.ps1 google_data_catalog_entry_group_iam_binding -./resource.ps1 google_data_catalog_entry_group_iam_member -./resource.ps1 google_data_catalog_entry_group_iam_policy -./resource.ps1 google_data_catalog_policy_tag -./resource.ps1 google_data_catalog_policy_tag_iam_binding -./resource.ps1 google_data_catalog_policy_tag_iam_member -./resource.ps1 google_data_catalog_policy_tag_iam_policy -./resource.ps1 google_data_catalog_tag -./resource.ps1 google_data_catalog_tag_template -./resource.ps1 google_data_catalog_tag_template_iam_binding -./resource.ps1 google_data_catalog_tag_template_iam_member -./resource.ps1 google_data_catalog_tag_template_iam_policy -./resource.ps1 google_data_catalog_taxonomy -./resource.ps1 google_data_catalog_taxonomy_iam_binding -./resource.ps1 google_data_catalog_taxonomy_iam_member -./resource.ps1 google_data_catalog_taxonomy_iam_policy ./resource.ps1 google_data_fusion_instance -./resource.ps1 google_data_fusion_instance_iam_binding -./resource.ps1 google_data_fusion_instance_iam_member -./resource.ps1 google_data_fusion_instance_iam_policy ./resource.ps1 google_data_loss_prevention_deidentify_template ./resource.ps1 google_data_loss_prevention_discovery_config ./resource.ps1 google_data_loss_prevention_inspect_template @@ -293,114 +216,41 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_data_loss_prevention_stored_info_type ./resource.ps1 google_data_pipeline_pipeline ./resource.ps1 google_database_migration_service_connection_profile +./resource.ps1 google_database_migration_service_migration_job ./resource.ps1 google_database_migration_service_private_connection ./resource.ps1 google_dataflow_flex_template_job -./resource.ps1 google_dataflow_job -./resource.ps1 google_dataform_repository -./resource.ps1 google_dataform_repository_iam_binding -./resource.ps1 google_dataform_repository_iam_member -./resource.ps1 google_dataform_repository_iam_policy -./resource.ps1 google_dataform_repository_release_config -./resource.ps1 google_dataform_repository_workflow_config -./resource.ps1 google_dataplex_aspect_type -./resource.ps1 google_dataplex_aspect_type_iam_binding -./resource.ps1 google_dataplex_aspect_type_iam_member -./resource.ps1 google_dataplex_aspect_type_iam_policy -./resource.ps1 google_dataplex_asset -./resource.ps1 google_dataplex_asset_iam_binding -./resource.ps1 google_dataplex_asset_iam_member -./resource.ps1 google_dataplex_asset_iam_policy -./resource.ps1 google_dataplex_datascan -./resource.ps1 google_dataplex_datascan_iam_binding -./resource.ps1 google_dataplex_datascan_iam_member -./resource.ps1 google_dataplex_datascan_iam_policy -./resource.ps1 google_dataplex_entry_group -./resource.ps1 google_dataplex_entry_group_iam_binding -./resource.ps1 google_dataplex_entry_group_iam_member -./resource.ps1 google_dataplex_entry_group_iam_policy -./resource.ps1 google_dataplex_entry_type -./resource.ps1 google_dataplex_entry_type_iam_binding -./resource.ps1 google_dataplex_entry_type_iam_member -./resource.ps1 google_dataplex_entry_type_iam_policy -./resource.ps1 google_dataplex_lake -./resource.ps1 google_dataplex_lake_iam_binding -./resource.ps1 google_dataplex_lake_iam_member -./resource.ps1 google_dataplex_lake_iam_policy -./resource.ps1 google_dataplex_task -./resource.ps1 google_dataplex_task_iam_binding -./resource.ps1 google_dataplex_task_iam_member -./resource.ps1 google_dataplex_task_iam_policy -./resource.ps1 google_dataplex_zone -./resource.ps1 google_dataplex_zone_iam_binding -./resource.ps1 google_dataplex_zone_iam_member -./resource.ps1 google_dataplex_zone_iam_policy -./resource.ps1 google_dataproc_autoscaling_policy -./resource.ps1 google_dataproc_autoscaling_policy_iam_binding -./resource.ps1 google_dataproc_autoscaling_policy_iam_member -./resource.ps1 google_dataproc_autoscaling_policy_iam_policy -./resource.ps1 google_dataproc_cluster -./resource.ps1 google_dataproc_cluster_iam_binding -./resource.ps1 google_dataproc_cluster_iam_member -./resource.ps1 google_dataproc_cluster_iam_policy -./resource.ps1 google_dataproc_job -./resource.ps1 google_dataproc_job_iam_binding -./resource.ps1 google_dataproc_job_iam_member -./resource.ps1 google_dataproc_job_iam_policy +./resource.ps1 google_dataplex_entry_link +./resource.ps1 google_dataproc_gdc_application_environment +./resource.ps1 google_dataproc_gdc_service_instance +./resource.ps1 google_dataproc_gdc_spark_application ./resource.ps1 google_dataproc_metastore_federation -./resource.ps1 google_dataproc_metastore_federation_iam_binding -./resource.ps1 google_dataproc_metastore_federation_iam_member -./resource.ps1 google_dataproc_metastore_federation_iam_policy ./resource.ps1 google_dataproc_metastore_service -./resource.ps1 google_dataproc_metastore_service_iam_binding -./resource.ps1 google_dataproc_metastore_service_iam_member -./resource.ps1 google_dataproc_metastore_service_iam_policy -./resource.ps1 google_dataproc_workflow_template -./resource.ps1 google_datastore_index ./resource.ps1 google_datastream_connection_profile ./resource.ps1 google_datastream_private_connection ./resource.ps1 google_datastream_stream -./resource.ps1 google_deployment_manager_deployment -./resource.ps1 google_dialogflow_agent -./resource.ps1 google_dialogflow_cx_agent -./resource.ps1 google_dialogflow_cx_entity_type -./resource.ps1 google_dialogflow_cx_environment -./resource.ps1 google_dialogflow_cx_flow -./resource.ps1 google_dialogflow_cx_intent -./resource.ps1 google_dialogflow_cx_page -./resource.ps1 google_dialogflow_cx_security_settings -./resource.ps1 google_dialogflow_cx_version -./resource.ps1 google_dialogflow_cx_webhook -./resource.ps1 google_dialogflow_entity_type -./resource.ps1 google_dialogflow_fulfillment -./resource.ps1 google_dialogflow_intent +./resource.ps1 google_developer_connect_insights_config +./resource.ps1 google_discovery_engine_acl_config +./resource.ps1 google_discovery_engine_assistant ./resource.ps1 google_discovery_engine_chat_engine +./resource.ps1 google_discovery_engine_cmek_config +./resource.ps1 google_discovery_engine_control +./resource.ps1 google_discovery_engine_data_connector ./resource.ps1 google_discovery_engine_data_store +./resource.ps1 google_discovery_engine_license_config +./resource.ps1 google_discovery_engine_recommendation_engine +./resource.ps1 google_discovery_engine_schema ./resource.ps1 google_discovery_engine_search_engine -./resource.ps1 google_dns_managed_zone_iam_binding -./resource.ps1 google_dns_managed_zone_iam_member -./resource.ps1 google_dns_managed_zone_iam_policy +./resource.ps1 google_discovery_engine_sitemap +./resource.ps1 google_discovery_engine_target_site +./resource.ps1 google_discovery_engine_user_store ./resource.ps1 google_dns_response_policy ./resource.ps1 google_dns_response_policy_rule ./resource.ps1 google_document_ai_processor ./resource.ps1 google_document_ai_processor_default_version ./resource.ps1 google_document_ai_warehouse_document_schema ./resource.ps1 google_document_ai_warehouse_location -./resource.ps1 google_edgecontainer_cluster -./resource.ps1 google_edgecontainer_node_pool -./resource.ps1 google_edgecontainer_vpn_connection -./resource.ps1 google_edgenetwork_network -./resource.ps1 google_edgenetwork_subnet ./resource.ps1 google_endpoints_service -./resource.ps1 google_endpoints_service_consumers_iam_binding -./resource.ps1 google_endpoints_service_consumers_iam_member -./resource.ps1 google_endpoints_service_consumers_iam_policy -./resource.ps1 google_endpoints_service_iam_binding -./resource.ps1 google_endpoints_service_iam_member -./resource.ps1 google_endpoints_service_iam_policy ./resource.ps1 google_essential_contacts_contact -./resource.ps1 google_eventarc_channel -./resource.ps1 google_eventarc_google_channel_config -./resource.ps1 google_eventarc_trigger ./resource.ps1 google_filestore_backup ./resource.ps1 google_filestore_instance ./resource.ps1 google_filestore_snapshot @@ -411,6 +261,12 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_firebase_app_check_recaptcha_enterprise_config ./resource.ps1 google_firebase_app_check_recaptcha_v3_config ./resource.ps1 google_firebase_app_check_service_config +./resource.ps1 google_firebase_app_hosting_backend +./resource.ps1 google_firebase_app_hosting_build +./resource.ps1 google_firebase_app_hosting_default_domain +./resource.ps1 google_firebase_app_hosting_domain +./resource.ps1 google_firebase_app_hosting_traffic +./resource.ps1 google_firebase_data_connect_service ./resource.ps1 google_firebase_extensions_instance ./resource.ps1 google_firebase_project_location ./resource.ps1 google_firestore_backup_schedule @@ -418,108 +274,53 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_firestore_document ./resource.ps1 google_firestore_field ./resource.ps1 google_firestore_index +./resource.ps1 google_firestore_user_creds ./resource.ps1 google_folder ./resource.ps1 google_folder_access_approval_settings ./resource.ps1 google_folder_iam_audit_config -./resource.ps1 google_folder_iam_binding -./resource.ps1 google_folder_iam_member -./resource.ps1 google_folder_iam_policy ./resource.ps1 google_folder_organization_policy +./resource.ps1 google_folder_service_identity +./resource.ps1 google_gke_backup_backup_channel ./resource.ps1 google_gke_backup_backup_plan -./resource.ps1 google_gke_backup_backup_plan_iam_binding -./resource.ps1 google_gke_backup_backup_plan_iam_member -./resource.ps1 google_gke_backup_backup_plan_iam_policy +./resource.ps1 google_gke_backup_restore_channel ./resource.ps1 google_gke_backup_restore_plan -./resource.ps1 google_gke_backup_restore_plan_iam_binding -./resource.ps1 google_gke_backup_restore_plan_iam_member -./resource.ps1 google_gke_backup_restore_plan_iam_policy ./resource.ps1 google_gke_hub_feature -./resource.ps1 google_gke_hub_feature_iam_binding -./resource.ps1 google_gke_hub_feature_iam_member -./resource.ps1 google_gke_hub_feature_iam_policy ./resource.ps1 google_gke_hub_feature_membership ./resource.ps1 google_gke_hub_fleet ./resource.ps1 google_gke_hub_membership ./resource.ps1 google_gke_hub_membership_binding -./resource.ps1 google_gke_hub_membership_iam_binding -./resource.ps1 google_gke_hub_membership_iam_member -./resource.ps1 google_gke_hub_membership_iam_policy ./resource.ps1 google_gke_hub_membership_rbac_role_binding ./resource.ps1 google_gke_hub_namespace ./resource.ps1 google_gke_hub_scope -./resource.ps1 google_gke_hub_scope_iam_binding -./resource.ps1 google_gke_hub_scope_iam_member -./resource.ps1 google_gke_hub_scope_iam_policy ./resource.ps1 google_gke_hub_scope_rbac_role_binding ./resource.ps1 google_gkeonprem_bare_metal_admin_cluster ./resource.ps1 google_gkeonprem_bare_metal_cluster ./resource.ps1 google_gkeonprem_bare_metal_node_pool +./resource.ps1 google_gkeonprem_vmware_admin_cluster ./resource.ps1 google_gkeonprem_vmware_cluster ./resource.ps1 google_gkeonprem_vmware_node_pool ./resource.ps1 google_healthcare_consent_store -./resource.ps1 google_healthcare_consent_store_iam_binding -./resource.ps1 google_healthcare_consent_store_iam_member -./resource.ps1 google_healthcare_consent_store_iam_policy ./resource.ps1 google_healthcare_dataset -./resource.ps1 google_healthcare_dataset_iam_binding -./resource.ps1 google_healthcare_dataset_iam_member -./resource.ps1 google_healthcare_dataset_iam_policy ./resource.ps1 google_healthcare_dicom_store -./resource.ps1 google_healthcare_dicom_store_iam_binding -./resource.ps1 google_healthcare_dicom_store_iam_member -./resource.ps1 google_healthcare_dicom_store_iam_policy ./resource.ps1 google_healthcare_fhir_store -./resource.ps1 google_healthcare_fhir_store_iam_binding -./resource.ps1 google_healthcare_fhir_store_iam_member -./resource.ps1 google_healthcare_fhir_store_iam_policy ./resource.ps1 google_healthcare_hl7_v2_store -./resource.ps1 google_healthcare_hl7_v2_store_iam_binding -./resource.ps1 google_healthcare_hl7_v2_store_iam_member -./resource.ps1 google_healthcare_hl7_v2_store_iam_policy +./resource.ps1 google_healthcare_pipeline_job +./resource.ps1 google_healthcare_workspace ./resource.ps1 google_iam_access_boundary_policy ./resource.ps1 google_iam_deny_policy -./resource.ps1 google_iam_workforce_pool -./resource.ps1 google_iam_workforce_pool_provider -./resource.ps1 google_iam_workload_identity_pool -./resource.ps1 google_iam_workload_identity_pool_provider -./resource.ps1 google_iap_app_engine_service_iam_binding -./resource.ps1 google_iap_app_engine_service_iam_member -./resource.ps1 google_iap_app_engine_service_iam_policy -./resource.ps1 google_iap_app_engine_version_iam_binding -./resource.ps1 google_iap_app_engine_version_iam_member -./resource.ps1 google_iap_app_engine_version_iam_policy -./resource.ps1 google_iap_brand -./resource.ps1 google_iap_client -./resource.ps1 google_iap_tunnel_dest_group -./resource.ps1 google_iap_tunnel_dest_group_iam_binding -./resource.ps1 google_iap_tunnel_dest_group_iam_member -./resource.ps1 google_iap_tunnel_dest_group_iam_policy -./resource.ps1 google_iap_tunnel_iam_binding -./resource.ps1 google_iap_tunnel_iam_member -./resource.ps1 google_iap_tunnel_iam_policy -./resource.ps1 google_iap_tunnel_instance_iam_binding -./resource.ps1 google_iap_tunnel_instance_iam_member -./resource.ps1 google_iap_tunnel_instance_iam_policy -./resource.ps1 google_iap_web_backend_service_iam_binding -./resource.ps1 google_iap_web_backend_service_iam_member -./resource.ps1 google_iap_web_backend_service_iam_policy -./resource.ps1 google_iap_web_iam_binding -./resource.ps1 google_iap_web_iam_member -./resource.ps1 google_iap_web_iam_policy -./resource.ps1 google_iap_web_region_backend_service_iam_binding -./resource.ps1 google_iap_web_region_backend_service_iam_member -./resource.ps1 google_iap_web_region_backend_service_iam_policy -./resource.ps1 google_iap_web_type_app_engine_iam_binding -./resource.ps1 google_iap_web_type_app_engine_iam_member -./resource.ps1 google_iap_web_type_app_engine_iam_policy -./resource.ps1 google_iap_web_type_compute_iam_binding -./resource.ps1 google_iap_web_type_compute_iam_member -./resource.ps1 google_iap_web_type_compute_iam_policy +./resource.ps1 google_iam_folders_policy_binding +./resource.ps1 google_iam_oauth_client +./resource.ps1 google_iam_oauth_client_credential +./resource.ps1 google_iam_organizations_policy_binding +./resource.ps1 google_iam_principal_access_boundary_policy +./resource.ps1 google_iam_projects_policy_binding +./resource.ps1 google_iam_workforce_pool_provider_scim_tenant +./resource.ps1 google_iam_workload_identity_pool_managed_identity +./resource.ps1 google_iam_workload_identity_pool_namespace ./resource.ps1 google_identity_platform_config ./resource.ps1 google_identity_platform_default_supported_idp_config ./resource.ps1 google_identity_platform_inbound_saml_config ./resource.ps1 google_identity_platform_oauth_idp_config -./resource.ps1 google_identity_platform_project_default_config ./resource.ps1 google_identity_platform_tenant ./resource.ps1 google_identity_platform_tenant_default_supported_idp_config ./resource.ps1 google_identity_platform_tenant_inbound_saml_config @@ -530,81 +331,65 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_integrations_auth_config ./resource.ps1 google_integrations_client ./resource.ps1 google_kms_autokey_config -./resource.ps1 google_kms_crypto_key_version ./resource.ps1 google_kms_ekm_connection -./resource.ps1 google_kms_key_handle -./resource.ps1 google_kms_key_ring_iam_binding -./resource.ps1 google_kms_key_ring_iam_member -./resource.ps1 google_kms_key_ring_iam_policy -./resource.ps1 google_kms_key_ring_import_job -./resource.ps1 google_kms_secret_ciphertext +./resource.ps1 google_kms_folder_kaj_policy_config +./resource.ps1 google_kms_organization_kaj_policy_config +./resource.ps1 google_kms_project_kaj_policy_config ./resource.ps1 google_logging_billing_account_bucket_config -./resource.ps1 google_logging_billing_account_exclusion -./resource.ps1 google_logging_billing_account_sink ./resource.ps1 google_logging_folder_bucket_config -./resource.ps1 google_logging_folder_exclusion -./resource.ps1 google_logging_folder_settings -./resource.ps1 google_logging_folder_sink -./resource.ps1 google_logging_linked_dataset -./resource.ps1 google_logging_log_view -./resource.ps1 google_logging_log_view_iam_binding -./resource.ps1 google_logging_log_view_iam_member -./resource.ps1 google_logging_log_view_iam_policy -./resource.ps1 google_logging_metric ./resource.ps1 google_logging_organization_bucket_config -./resource.ps1 google_logging_organization_exclusion -./resource.ps1 google_logging_organization_settings -./resource.ps1 google_logging_organization_sink ./resource.ps1 google_logging_project_bucket_config -./resource.ps1 google_logging_project_exclusion -./resource.ps1 google_logging_project_sink ./resource.ps1 google_looker_instance -./resource.ps1 google_managed_kafka_cluster -./resource.ps1 google_managed_kafka_topic -./resource.ps1 google_memcache_instance +./resource.ps1 google_lustre_instance +./resource.ps1 google_memorystore_instance_desired_user_created_endpoints ./resource.ps1 google_migration_center_group ./resource.ps1 google_migration_center_preference_set ./resource.ps1 google_ml_engine_model -./resource.ps1 google_monitoring_alert_policy -./resource.ps1 google_monitoring_custom_service -./resource.ps1 google_monitoring_dashboard -./resource.ps1 google_monitoring_group -./resource.ps1 google_monitoring_metric_descriptor -./resource.ps1 google_monitoring_monitored_project -./resource.ps1 google_monitoring_notification_channel -./resource.ps1 google_monitoring_service -./resource.ps1 google_monitoring_slo -./resource.ps1 google_monitoring_uptime_check_config ./resource.ps1 google_netapp_active_directory ./resource.ps1 google_netapp_backup ./resource.ps1 google_netapp_backup_policy ./resource.ps1 google_netapp_backup_vault +./resource.ps1 google_netapp_host_group ./resource.ps1 google_netapp_kmsconfig ./resource.ps1 google_netapp_storage_pool ./resource.ps1 google_netapp_volume +./resource.ps1 google_netapp_volume_quota_rule ./resource.ps1 google_netapp_volume_replication ./resource.ps1 google_netapp_volume_snapshot +./resource.ps1 google_network_connectivity_group ./resource.ps1 google_network_connectivity_hub ./resource.ps1 google_network_connectivity_internal_range ./resource.ps1 google_network_connectivity_policy_based_route ./resource.ps1 google_network_connectivity_regional_endpoint ./resource.ps1 google_network_connectivity_service_connection_policy ./resource.ps1 google_network_connectivity_spoke +./resource.ps1 google_network_management_organization_vpc_flow_logs_config +./resource.ps1 google_network_management_vpc_flow_logs_config ./resource.ps1 google_network_security_address_group -./resource.ps1 google_network_security_address_group_iam_binding -./resource.ps1 google_network_security_address_group_iam_member -./resource.ps1 google_network_security_address_group_iam_policy ./resource.ps1 google_network_security_authorization_policy +./resource.ps1 google_network_security_authz_policy +./resource.ps1 google_network_security_backend_authentication_config ./resource.ps1 google_network_security_client_tls_policy +./resource.ps1 google_network_security_dns_threat_detector ./resource.ps1 google_network_security_firewall_endpoint ./resource.ps1 google_network_security_firewall_endpoint_association ./resource.ps1 google_network_security_gateway_security_policy ./resource.ps1 google_network_security_gateway_security_policy_rule +./resource.ps1 google_network_security_intercept_deployment +./resource.ps1 google_network_security_intercept_deployment_group +./resource.ps1 google_network_security_intercept_endpoint_group +./resource.ps1 google_network_security_intercept_endpoint_group_association +./resource.ps1 google_network_security_mirroring_deployment +./resource.ps1 google_network_security_mirroring_deployment_group +./resource.ps1 google_network_security_mirroring_endpoint +./resource.ps1 google_network_security_mirroring_endpoint_group +./resource.ps1 google_network_security_mirroring_endpoint_group_association ./resource.ps1 google_network_security_security_profile ./resource.ps1 google_network_security_security_profile_group ./resource.ps1 google_network_security_server_tls_policy ./resource.ps1 google_network_security_tls_inspection_policy ./resource.ps1 google_network_security_url_lists +./resource.ps1 google_network_services_authz_extension ./resource.ps1 google_network_services_edge_cache_keyset ./resource.ps1 google_network_services_edge_cache_origin ./resource.ps1 google_network_services_edge_cache_service @@ -615,70 +400,46 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_network_services_lb_route_extension ./resource.ps1 google_network_services_lb_traffic_extension ./resource.ps1 google_network_services_mesh +./resource.ps1 google_network_services_multicast_domain ./resource.ps1 google_network_services_service_binding ./resource.ps1 google_network_services_service_lb_policies ./resource.ps1 google_network_services_tcp_route ./resource.ps1 google_network_services_tls_route -./resource.ps1 google_notebooks_environment -./resource.ps1 google_notebooks_instance -./resource.ps1 google_notebooks_instance_iam_binding -./resource.ps1 google_notebooks_instance_iam_member -./resource.ps1 google_notebooks_instance_iam_policy -./resource.ps1 google_notebooks_runtime -./resource.ps1 google_notebooks_runtime_iam_binding -./resource.ps1 google_notebooks_runtime_iam_member -./resource.ps1 google_notebooks_runtime_iam_policy +./resource.ps1 google_network_services_wasm_plugin +./resource.ps1 google_observability_trace_scope +./resource.ps1 google_oracle_database_autonomous_database +./resource.ps1 google_oracle_database_cloud_exadata_infrastructure +./resource.ps1 google_oracle_database_cloud_vm_cluster +./resource.ps1 google_oracle_database_db_system +./resource.ps1 google_oracle_database_exascale_db_storage_vault +./resource.ps1 google_oracle_database_odb_network +./resource.ps1 google_oracle_database_odb_subnet ./resource.ps1 google_org_policy_custom_constraint ./resource.ps1 google_org_policy_policy ./resource.ps1 google_organization_access_approval_settings ./resource.ps1 google_organization_iam_audit_config -./resource.ps1 google_organization_iam_binding ./resource.ps1 google_organization_iam_custom_role -./resource.ps1 google_organization_iam_member -./resource.ps1 google_organization_iam_policy ./resource.ps1 google_organization_policy -./resource.ps1 google_os_config_guest_policies -./resource.ps1 google_os_config_os_policy_assignment -./resource.ps1 google_os_config_patch_deployment ./resource.ps1 google_os_login_ssh_public_key -./resource.ps1 google_parallelstore_instance -./resource.ps1 google_privateca_ca_pool -./resource.ps1 google_privateca_ca_pool_iam_binding -./resource.ps1 google_privateca_ca_pool_iam_member -./resource.ps1 google_privateca_ca_pool_iam_policy -./resource.ps1 google_privateca_certificate -./resource.ps1 google_privateca_certificate_authority -./resource.ps1 google_privateca_certificate_template -./resource.ps1 google_privateca_certificate_template_iam_binding -./resource.ps1 google_privateca_certificate_template_iam_member -./resource.ps1 google_privateca_certificate_template_iam_policy -./resource.ps1 google_privileged_access_manager_entitlement -./resource.ps1 google_project -./resource.ps1 google_project_access_approval_settings -./resource.ps1 google_project_default_service_accounts -./resource.ps1 google_project_iam_audit_config -./resource.ps1 google_project_iam_member_remove -./resource.ps1 google_project_iam_policy -./resource.ps1 google_project_organization_policy -./resource.ps1 google_project_services -./resource.ps1 google_project_usage_export_bucket +./resource.ps1 google_parameter_manager_parameter +./resource.ps1 google_parameter_manager_parameter_version +./resource.ps1 google_parameter_manager_regional_parameter +./resource.ps1 google_parameter_manager_regional_parameter_version +./resource.ps1 google_privileged_access_manager_settings ./resource.ps1 google_public_ca_external_account_key -./resource.ps1 google_pubsub_schema_iam_binding -./resource.ps1 google_pubsub_schema_iam_member -./resource.ps1 google_pubsub_schema_iam_policy -./resource.ps1 google_pubsub_subscription_iam_binding -./resource.ps1 google_pubsub_subscription_iam_member -./resource.ps1 google_pubsub_subscription_iam_policy ./resource.ps1 google_recaptcha_enterprise_key -./resource.ps1 google_redis_cluster +./resource.ps1 google_resource_manager_capability ./resource.ps1 google_resource_manager_lien -./resource.ps1 google_runtimeconfig_config -./resource.ps1 google_runtimeconfig_config_iam_binding -./resource.ps1 google_runtimeconfig_config_iam_member -./resource.ps1 google_runtimeconfig_config_iam_policy -./resource.ps1 google_runtimeconfig_variable +./resource.ps1 google_saas_runtime_release +./resource.ps1 google_saas_runtime_rollout_kind +./resource.ps1 google_saas_runtime_saas +./resource.ps1 google_saas_runtime_tenant +./resource.ps1 google_saas_runtime_unit +./resource.ps1 google_saas_runtime_unit_kind ./resource.ps1 google_scc_event_threat_detection_custom_module ./resource.ps1 google_scc_folder_custom_module +./resource.ps1 google_scc_folder_notification_config +./resource.ps1 google_scc_folder_scc_big_query_export ./resource.ps1 google_scc_management_folder_security_health_analytics_custom_module ./resource.ps1 google_scc_management_organization_event_threat_detection_custom_module ./resource.ps1 google_scc_management_organization_security_health_analytics_custom_module @@ -686,126 +447,39 @@ Datasource percentage coverage 82.65 ./resource.ps1 google_scc_mute_config ./resource.ps1 google_scc_notification_config ./resource.ps1 google_scc_organization_custom_module +./resource.ps1 google_scc_organization_scc_big_query_export ./resource.ps1 google_scc_project_custom_module ./resource.ps1 google_scc_project_notification_config +./resource.ps1 google_scc_project_scc_big_query_export ./resource.ps1 google_scc_source -./resource.ps1 google_scc_source_iam_binding -./resource.ps1 google_scc_source_iam_member -./resource.ps1 google_scc_source_iam_policy ./resource.ps1 google_scc_v2_folder_mute_config +./resource.ps1 google_scc_v2_folder_notification_config +./resource.ps1 google_scc_v2_folder_scc_big_query_export ./resource.ps1 google_scc_v2_organization_mute_config ./resource.ps1 google_scc_v2_organization_notification_config -./resource.ps1 google_secure_source_manager_instance -./resource.ps1 google_secure_source_manager_instance_iam_binding -./resource.ps1 google_secure_source_manager_instance_iam_member -./resource.ps1 google_secure_source_manager_instance_iam_policy -./resource.ps1 google_secure_source_manager_repository -./resource.ps1 google_secure_source_manager_repository_iam_binding -./resource.ps1 google_secure_source_manager_repository_iam_member -./resource.ps1 google_secure_source_manager_repository_iam_policy +./resource.ps1 google_scc_v2_organization_scc_big_query_export +./resource.ps1 google_scc_v2_organization_scc_big_query_exports +./resource.ps1 google_scc_v2_project_mute_config +./resource.ps1 google_scc_v2_project_notification_config +./resource.ps1 google_scc_v2_project_scc_big_query_export +./resource.ps1 google_secure_source_manager_hook ./resource.ps1 google_security_scanner_scan_config ./resource.ps1 google_securityposture_posture ./resource.ps1 google_service_networking_peered_dns_domain ./resource.ps1 google_service_networking_vpc_service_controls ./resource.ps1 google_service_usage_consumer_quota_override -./resource.ps1 google_sourcerepo_repository_iam_binding -./resource.ps1 google_sourcerepo_repository_iam_member -./resource.ps1 google_sourcerepo_repository_iam_policy -./resource.ps1 google_spanner_instance_config ./resource.ps1 google_sql_source_representation_instance -./resource.ps1 google_sql_ssl_cert +./resource.ps1 google_storage_anywhere_cache +./resource.ps1 google_storage_batch_operations_job +./resource.ps1 google_storage_folder +./resource.ps1 google_storage_insights_dataset_config ./resource.ps1 google_storage_managed_folder -./resource.ps1 google_storage_managed_folder_iam_binding -./resource.ps1 google_storage_managed_folder_iam_member -./resource.ps1 google_storage_managed_folder_iam_policy ./resource.ps1 google_storage_notification ./resource.ps1 google_storage_object_acl ./resource.ps1 google_storage_transfer_agent_pool ./resource.ps1 google_storage_transfer_job -./resource.ps1 google_tags_location_tag_binding -./resource.ps1 google_tags_tag_binding -./resource.ps1 google_tags_tag_key -./resource.ps1 google_tags_tag_key_iam_binding -./resource.ps1 google_tags_tag_key_iam_member -./resource.ps1 google_tags_tag_key_iam_policy -./resource.ps1 google_tags_tag_value -./resource.ps1 google_tags_tag_value_iam_binding -./resource.ps1 google_tags_tag_value_iam_member -./resource.ps1 google_tags_tag_value_iam_policy -./resource.ps1 google_tpu_node -./resource.ps1 google_tpu_v2_vm -./resource.ps1 google_vertex_ai_deployment_resource_pool -./resource.ps1 google_vmwareengine_cluster -./resource.ps1 google_vmwareengine_external_access_rule -./resource.ps1 google_vmwareengine_external_address -./resource.ps1 google_vmwareengine_network -./resource.ps1 google_vmwareengine_network_peering -./resource.ps1 google_vmwareengine_network_policy -./resource.ps1 google_vmwareengine_private_cloud -./resource.ps1 google_vmwareengine_subnet -./resource.ps1 google_vpc_access_connector -./resource.ps1 google_workbench_instance -./resource.ps1 google_workbench_instance_iam_binding -./resource.ps1 google_workbench_instance_iam_member -./resource.ps1 google_workbench_instance_iam_policy -./resource.ps1 google_workflows_workflow -./resource.ps1 google_workstations_workstation -./resource.ps1 google_workstations_workstation_cluster -./resource.ps1 google_workstations_workstation_config -./resource.ps1 google_workstations_workstation_config_iam_binding -./resource.ps1 google_workstations_workstation_config_iam_member -./resource.ps1 google_workstations_workstation_config_iam_policy -./resource.ps1 google_workstations_workstation_iam_binding -./resource.ps1 google_workstations_workstation_iam_member -./resource.ps1 google_workstations_workstation_iam_policy -./resource.ps1 google_apphub_application -type data -./resource.ps1 google_apphub_discovered_service -type data -./resource.ps1 google_apphub_discovered_workload -type data -./resource.ps1 google_artifact_registry_docker_image -type data -./resource.ps1 google_cloud_quotas_quota_info -type data -./resource.ps1 google_cloud_quotas_quota_infos -type data -./resource.ps1 google_clouddeploy_custom_target_type_iam_policy -type data -./resource.ps1 google_clouddeploy_delivery_pipeline_iam_policy -type data -./resource.ps1 google_clouddeploy_target_iam_policy -type data -./resource.ps1 google_composer_user_workloads_config_map -type data -./resource.ps1 google_composer_user_workloads_secret -type data -./resource.ps1 google_compute_forwarding_rules -type data -./resource.ps1 google_compute_machine_types -type data -./resource.ps1 google_compute_security_policy -type data -./resource.ps1 google_compute_subnetworks -type data -./resource.ps1 google_container_attached_install_manifest -type data -./resource.ps1 google_container_aws_versions -type data -./resource.ps1 google_container_azure_versions -type data -./resource.ps1 google_dataplex_aspect_type_iam_policy -type data -./resource.ps1 google_dataplex_entry_group_iam_policy -type data -./resource.ps1 google_dataplex_entry_type_iam_policy -type data -./resource.ps1 google_dns_managed_zones -type data -./resource.ps1 google_firebase_web_app_config -type data -./resource.ps1 google_folder -type data -./resource.ps1 google_folder_iam_policy -type data -./resource.ps1 google_folders -type data -./resource.ps1 google_iap_tunnel_dest_group_iam_policy -type data -./resource.ps1 google_kms_crypto_keys -type data -./resource.ps1 google_kms_key_rings -type data -./resource.ps1 google_logging_log_view_iam_policy -type data -./resource.ps1 google_organization_iam_policy -type data -./resource.ps1 google_privateca_ca_pool_iam_policy -type data -./resource.ps1 google_privateca_certificate_authority -type data -./resource.ps1 google_privateca_certificate_template_iam_policy -type data -./resource.ps1 google_project_iam_policy -type data -./resource.ps1 google_project_organization_policy -type data -./resource.ps1 google_pubsub_schema_iam_policy -type data -./resource.ps1 google_runtimeconfig_config -type data -./resource.ps1 google_runtimeconfig_config_iam_policy -type data -./resource.ps1 google_runtimeconfig_variable -type data -./resource.ps1 google_scc_source_iam_policy -type data -./resource.ps1 google_secure_source_manager_instance_iam_policy -type data -./resource.ps1 google_secure_source_manager_repository_iam_policy -type data -./resource.ps1 google_site_verification_token -type data -./resource.ps1 google_storage_bucket_objects -type data -./resource.ps1 google_storage_buckets -type data -./resource.ps1 google_tags_tag_key_iam_policy -type data -./resource.ps1 google_tags_tag_keys -type data -./resource.ps1 google_tags_tag_value -type data -./resource.ps1 google_tags_tag_value_iam_policy -type data -./resource.ps1 google_tags_tag_values -type data +./resource.ps1 google_artifact_registry_python_packages -type data +./resource.ps1 google_cloud_identity_policy -type data +./resource.ps1 google_compute_reservation_block -type data +./resource.ps1 google_compute_reservation_sub_block -type data +``` diff --git a/src/credentials.go b/src/credentials.go index 88be5fba..02b0d836 100644 --- a/src/credentials.go +++ b/src/credentials.go @@ -11,8 +11,28 @@ import ( "github.com/aws/aws-sdk-go/service/sts" ) +const waitForConsistency = 900 + +type emptyRegionError struct{} + +func (m emptyRegionError) Error() string { + return "region cannot be empty" +} + +type iamRoleEmptyError struct{} + +func (m iamRoleEmptyError) Error() string { + return "iamRole cannot be empty" +} + func getAWSCredentials(iamRole string, region string) (*sts.AssumeRoleOutput, error) { - const waitForConsistency = 900 + if iamRole == "" { + return nil, &iamRoleEmptyError{} + } + + if region == "" { + return nil, &emptyRegionError{} + } config := aws.NewConfig() @@ -58,15 +78,23 @@ func getAWSCredentials(iamRole string, region string) (*sts.AssumeRoleOutput, er return result, nil } +type getAWSCredentialsError struct { + err error +} + +func (e getAWSCredentialsError) Error() string { + return fmt.Sprintf("failed to get AWS credentials: %v", e.err) +} + func setAWSAuth(iamRole string, region string) error { - creds, err := getAWSCredentials(iamRole, region) + credentials, err := getAWSCredentials(iamRole, region) if err != nil { - return err + return &getAWSCredentialsError{err} } - _ = os.Setenv("AWS_ACCESS_KEY_ID", *creds.Credentials.AccessKeyId) - _ = os.Setenv("AWS_SECRET_ACCESS_KEY", *creds.Credentials.SecretAccessKey) - _ = os.Setenv("AWS_SESSION_TOKEN", *creds.Credentials.SessionToken) + _ = os.Setenv("AWS_ACCESS_KEY_ID", *credentials.Credentials.AccessKeyId) + _ = os.Setenv("AWS_SECRET_ACCESS_KEY", *credentials.Credentials.SecretAccessKey) + _ = os.Setenv("AWS_SESSION_TOKEN", *credentials.Credentials.SessionToken) return nil } diff --git a/src/credentials_internal_test.go b/src/credentials_internal_test.go new file mode 100644 index 00000000..ecd4e5bb --- /dev/null +++ b/src/credentials_internal_test.go @@ -0,0 +1,37 @@ +package pike + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_emptyRegionError_Error(t *testing.T) { + tests := []struct { + name string + want string + }{ + {"emptyRegionError", "region cannot be empty"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := emptyRegionError{} + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_iamRoleEmptyError_Error(t *testing.T) { + tests := []struct { + name string + want string + }{ + {"iamRoleEmptyError", "iamRole cannot be empty"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := iamRoleEmptyError{} + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} diff --git a/src/data.go b/src/data.go index b51a2295..e3779a36 100644 --- a/src/data.go +++ b/src/data.go @@ -1,7 +1,6 @@ package pike import ( - "errors" "fmt" "os" "path/filepath" @@ -12,36 +11,58 @@ import ( "github.com/rs/zerolog/log" ) +const ( + providerAWS = "aws" + providerAzure = "azurerm" + providerGoogle = "google" + providerGCP = "gcp" +) + +type fileStringEmptyError struct{} + +func (e *fileStringEmptyError) Error() string { + return "no file provided" +} + // GetResources retrieves all the resources in a tf file. func GetResources(file string, dirName string) ([]ResourceV2, error) { var Resources []ResourceV2 + if file == "" { + return Resources, &fileStringEmptyError{} + } + temp, err := GetResourceBlocks(file) if err != nil { return Resources, err } + moduleJson, err := GetModuleJson(filepath.Join(dirName, "/", ".terraform", "modules")) + if err != nil { + return Resources, err + } + for _, block := range temp.Blocks { var resource ResourceV2 resource.TypeName = block.Type switch block.Type { - case "terraform": + case terraform: { Resources, _ = DetectBackend(resource, block, Resources) continue } - case "module": + case module: { - LocalResources, err := GetLocalModules(block, dirName) + LocalResources, err := GetLocalModules(block, dirName, moduleJson) if err == nil { Resources = append(LocalResources, Resources...) } else { log.Info().Msg(err.Error()) } } - case "output", "variable", "locals", "provider": + case "output", "variable", "locals", "provider", "import": { continue } @@ -67,7 +88,7 @@ func GetResources(file string, dirName string) ([]ResourceV2, error) { } else { resource.Provider = "unknown" - log.Print("parsing error for ", block) + log.Info().Msgf("parsing error for %s", block.Type) } Resources = append(Resources, resource) @@ -84,23 +105,37 @@ func DetectBackend(resource ResourceV2, block *hclsyntax.Block, resources []Reso if terraform.Type == "backend" { if terraform.Labels != nil && terraform.Labels[0] == "s3" { resource.Name = "backend" - resource.Provider = "aws" + resource.Provider = providerAWS resource.Attributes = []string{"s3"} resources = append(resources, resource) return resources, nil } + + if terraform.Labels != nil && terraform.Labels[0] == "gcs" { + resource.Name = "backend" + resource.Provider = providerGCP + resource.Attributes = []string{"gcs"} + resources = append(resources, resource) + + return resources, nil + } + } } } } - return nil, errors.New("no Backend found") + return nil, &backendExistsError{} } // GetResourceBlocks breaks down a file into resources. func GetResourceBlocks(file string) (*hclsyntax.Body, error) { - temp, _ := filepath.Abs(file) + temp, err := filepath.Abs(file) + if err != nil { + return nil, fmt.Errorf("failed to get absolute path: %w", err) + } + src, err := os.ReadFile(temp) if err != nil { return nil, fmt.Errorf("failed to read file: %w", err) @@ -117,19 +152,22 @@ func GetResourceBlocks(file string) (*hclsyntax.Body, error) { } // GetLocalModules return resource from a path. -func GetLocalModules(block *hclsyntax.Block, dirName string) ([]ResourceV2, error) { +func GetLocalModules(block *hclsyntax.Block, dirName string, listModulesJson ModuleJson) ([]ResourceV2, error) { var Resources []ResourceV2 modulePath := GetModulePath(block) // not local if strings.Contains(modulePath, "git::") { - return nil, fmt.Errorf("git reference in module source path unsupported") + return nil, &gitReferenceError{modulePath} } + // Module is coming from HCP Terraform Cloud + if strings.HasPrefix(modulePath, "app.terraform.io") { + modulePath = ReturnLocalAddrFromSource(modulePath, listModulesJson) + } // have the path to the module - modulePath = filepath.Join(dirName, "/", modulePath) - + modulePath = filepath.Join(dirName, modulePath) // now process these extras ExtraFiles, err := GetTF(modulePath) if err != nil { @@ -146,7 +184,7 @@ func GetLocalModules(block *hclsyntax.Block, dirName string) ([]ResourceV2, erro return Resources, nil } -// GetModulePath extracts the source location from a module +// GetModulePath extracts the source location from a module. func GetModulePath(block *hclsyntax.Block) string { var modulePath string @@ -203,14 +241,14 @@ func GetBlockAttributes(attributes []string, block *hclsyntax.Block) []string { return attributes } -// GetPermission determines the IAM permissions required and returns a list of permission +// GetPermission determines the IAM permissions required and returns a list of permission. func GetPermission(result ResourceV2) (Sorted, error) { var err error var myPermission Sorted switch result.Provider { - case "aws": + case providerAWS: myPermission.AWS, err = GetAWSPermissions(result) if err != nil { log.Print(err) @@ -219,13 +257,13 @@ func GetPermission(result ResourceV2) (Sorted, error) { log.Printf("Provider %s not yet implemented", result.Provider) return myPermission, nil - case "azurerm", "azuread": + case providerAzure, "azuread": myPermission.AZURE, err = GetAZUREPermissions(result) if err != nil { log.Print(err) } - case "google", "gcp": - myPermission.GCP, err = GetGCPPermissions(result) + case providerGoogle, providerGCP: + myPermission.GCP, err = getGCPPermissions(result) if err != nil { log.Print(err) } @@ -243,3 +281,7 @@ func GetPermission(result ResourceV2) (Sorted, error) { return myPermission, err } + +func GetModuleJson(dir string) (ModuleJson, error) { + return ReadModuleJsonForDir(dir) +} diff --git a/src/data_internal_test.go b/src/data_internal_test.go new file mode 100644 index 00000000..36c785cf --- /dev/null +++ b/src/data_internal_test.go @@ -0,0 +1,22 @@ +package pike + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_fileStringEmptyError_Error(t *testing.T) { + tests := []struct { + name string + want string + }{ + {"Invoke", "no file provided"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &fileStringEmptyError{} + assert.Equalf(t, tt.want, e.Error(), "Error()") + }) + } +} diff --git a/src/data_test.go b/src/data_test.go index ab819ca8..acbd64af 100644 --- a/src/data_test.go +++ b/src/data_test.go @@ -76,12 +76,15 @@ func TestGetResources(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetResources(tt.args.file, tt.args.dirName) + if (err != nil) != tt.wantErr { t.Errorf("GetResources() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetResources() = %v, want %v", got, tt.want) } @@ -104,6 +107,7 @@ func Test_getLocalModules(t *testing.T) { notLocal, _ := filepath.Abs("../testdata/modules/examples/notlocal") notBlock := getInitialBlock(notLocal + "/module.local.tf") + moduleJson := make(pike.ModuleJson) tests := []struct { name string args args @@ -125,14 +129,17 @@ func Test_getLocalModules(t *testing.T) { {name: "rubbish", args: args{duffBlock, duffName}, wantErr: false}, {name: "notLocal", args: args{notBlock, notLocal}, wantErr: false}, } + for _, tt := range tests { + // t.Parallel() t.Run(tt.name, func(t *testing.T) { - got, err := pike.GetLocalModules(tt.args.block, tt.args.dirName) + got, err := pike.GetLocalModules(tt.args.block, tt.args.dirName, moduleJson) if (err != nil) != tt.wantErr { t.Errorf("GetResources() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetLocalModules() = %v, want %v", got, tt.want) } @@ -145,6 +152,7 @@ func getInitialBlock(file string) *hclsyntax.Block { if body != nil { blocks := body.Blocks block := blocks[0] + return block } @@ -366,6 +374,7 @@ func TestGetPermission(t *testing.T) { "compute.subnetworks.useExternalIp", "compute.instances.setMetadata", "compute.instances.delete", + "compute.instances.get", "compute.instances.delete", }}, }, @@ -375,12 +384,15 @@ func TestGetPermission(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetPermission(tt.args.result) + if (err != nil) != tt.wantErr { t.Errorf("GetPermission() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetPermission() = %v, want %v", got, tt.want) } @@ -428,12 +440,15 @@ func TestGetResourceBlocks(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.GetResourceBlocks(tt.args.file) + if (err != nil) != tt.wantErr { t.Errorf("GetResourceBlocks() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got.SrcRange, tt.want) { t.Errorf("GetResourceBlocks() = %v, want %v", got.SrcRange, tt.want) } @@ -510,7 +525,9 @@ func TestDetectBackend(t *testing.T) { } var empty []pike.ResourceV2 + var found []pike.ResourceV2 + var nought []pike.ResourceV2 found = append(found, item) @@ -529,11 +546,15 @@ func TestDetectBackend(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + got, err := pike.DetectBackend(tt.args.resource, tt.args.block, tt.args.resources) + if (err != nil) != tt.wantErr { t.Errorf("DetectBackend() error = %v, wantErr %v", err, tt.wantErr) + return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("DetectBackend() got = %v, want %v", got, tt.want) } diff --git a/src/error.go b/src/error.go index 6a469748..32505bcb 100644 --- a/src/error.go +++ b/src/error.go @@ -1,6 +1,8 @@ package pike -import "fmt" +import ( + "fmt" +) type notImplementedResourceError struct { Name string @@ -25,3 +27,331 @@ type unknownPermissionError struct { func (m *unknownPermissionError) Error() string { return fmt.Sprintf("unknown permission resource type %s", m.Name) } + +type repositoryFormatError struct { + name string +} + +func (m *repositoryFormatError) Error() string { + return fmt.Sprintf("repository not formatted correctly %s", m.name) +} + +type gitReferenceError struct { + name string +} + +func (m *gitReferenceError) Error() string { + return fmt.Sprintf("git reference in module source path unsupported %s", m.name) +} + +type backendExistsError struct{} + +func (m *backendExistsError) Error() string { + return "backend already exists" +} + +type mappingsEmptyError struct{} + +func (m *mappingsEmptyError) Error() string { + return "mappings are empty" +} + +type invalidJSONError struct{} + +func (m *invalidJSONError) Error() string { + return "invalid json, was empty or corrupt" +} + +type emptyTypeNameError struct{} + +func (m *emptyTypeNameError) Error() string { + return "TypeName cannot be empty" +} + +type emptyNameError struct{} + +func (m *emptyNameError) Error() string { + return "Name cannot be empty" +} + +type assertionFailedError struct { + message string + err error +} + +func (m *assertionFailedError) Error() string { + return fmt.Sprintf("assertion failed: %s %v", m.message, m.err) +} + +type getAWSResourcePermissionsError struct { + err error +} + +func (m *getAWSResourcePermissionsError) Error() string { + return fmt.Sprintf("failed to get AWS resource permissions %v", m.err) +} + +type unmarshallJSONError struct { + err error + resource string +} + +func (m *unmarshallJSONError) Error() string { + return fmt.Sprintf("failed to unmarshal json %v for %s", m.err, m.resource) +} + +type attributesFieldMissingError struct{} + +func (m *attributesFieldMissingError) Error() string { + return "attributes field missing" +} + +type assertionError struct { + message string +} + +func (m *assertionError) Error() string { + return fmt.Sprintf("assertion failed for: %s", m.message) +} + +type templateParseError struct { + err error +} + +func (m *templateParseError) Error() string { + return fmt.Sprintf("failed to parse template %v", m.err) +} + +type templateExecuteError struct { + err error +} + +func (m *templateExecuteError) Error() string { + return fmt.Sprintf("failed to execute template %v", m.err) +} + +type emptyPermissionsError struct{} + +func (m *emptyPermissionsError) Error() string { + return "permissions list cannot be empty" +} + +type newAWSPolicyError struct { + err error +} + +func (m *newAWSPolicyError) Error() string { + return fmt.Sprintf("failed to create new AWS policy %v ", m.err) +} + +type marshallAWSPolicyError struct { + err error +} + +func (m *marshallAWSPolicyError) Error() string { + return fmt.Sprintf("failed to marshal policy: %v", m.err) +} + +type emptyActionsError struct{} + +func (m *emptyActionsError) Error() string { + return "actions list cannot be empty" +} + +type emptyDirectoryError struct{} + +func (m *emptyDirectoryError) Error() string { + return "directory value cannot be an empty string" +} + +type directoryNotFoundError struct { + directory string +} + +func (m *directoryNotFoundError) Error() string { + return fmt.Sprintf("directory does not exist: %s", m.directory) +} + +type arnEmptyError struct{} + +func (m *arnEmptyError) Error() string { + return "ARN cannot be empty" +} + +type invalidARNError struct { + arn string +} + +func (m *invalidARNError) Error() string { + return fmt.Sprintf("invalid role or ARN: %s", m.arn) +} + +type awsConfigError struct { + err error +} + +func (m *awsConfigError) Error() string { + return fmt.Sprintf("failed to load AWS config: %v", m.err) +} + +type getIAMVersionError struct { + err error +} + +func (m *getIAMVersionError) Error() string { + return fmt.Sprintf("failed to get IAM version: %v", m.err) +} + +type sortActionsError struct { + json string +} + +func (m *sortActionsError) Error() string { + return fmt.Sprintf("failed to sort actions: %s", m.json) +} + +type getPolicyVersionError struct { + err error +} + +func (m *getPolicyVersionError) Error() string { + return fmt.Sprintf("failed to get policy version: %v", m.err) +} + +type inputValidationError struct { + err error +} + +func (m *inputValidationError) Error() string { + return fmt.Sprintf("input validation failed: %v", m.err) +} + +type marshallPolicyError struct { + err error +} + +func (e *marshallPolicyError) Error() string { + return fmt.Sprintf("failed to marshal policy: %v", e.err) +} + +type makeRoleError struct { + err error +} + +func (e *makeRoleError) Error() string { + return fmt.Sprintf("failed to make role: %v", e.err) +} + +type setRepoSecretError struct { + repository string + err error +} + +func (e *setRepoSecretError) Error() string { + return fmt.Sprintf("failed to set repo secret:%s %v", e.repository, e.err) +} + +type setAWSAuthError struct { + err error +} + +func (m *setAWSAuthError) Error() string { + return fmt.Sprintf("failed to set AWS %v", m.err) +} + +type terraformPlanError struct { + err error +} + +func (m *terraformPlanError) Error() string { + return fmt.Sprintf("failed to plan terraform %v", m.err) +} + +type terraformNewError struct { + err error +} + +func (m *terraformNewError) Error() string { + return fmt.Sprintf("failed to create terraform %v", m.err) +} + +type terraformOutputError struct{} + +func (m *terraformOutputError) Error() string { + return "terraform output is empty" +} + +type terraformApplyError struct { + target string + err error +} + +func (m *terraformApplyError) Error() string { + if m.target == "" { + return fmt.Sprintf("failed to apply terraform %v", m.err) + } + + return fmt.Sprintf("failed to apply terraform %s %v", m.target, m.err) +} + +type getPublicKeyDetailsError struct { + err error +} + +func (e *getPublicKeyDetailsError) Error() string { + return fmt.Sprintf("failed to get public key details: %v", e.err) +} + +type updateSecretError struct { + err error +} + +func (e *updateSecretError) Error() string { + return fmt.Sprintf("failed to update secret: %v", e.err) +} + +type decodeStringError struct { + err error +} + +func (e *decodeStringError) Error() string { + return fmt.Sprintf("failed to decode string: %v", e.err) +} + +type encryptPlaintextError struct { + err error +} + +func (e *encryptPlaintextError) Error() string { + return fmt.Sprintf("failed to encrypt plaintext: %v", e.err) +} + +type emptyKeyError struct{} + +func (e *emptyKeyError) Error() string { + return "empty key" +} + +type encryptError struct { + err error +} + +func (e *encryptError) Error() string { + return fmt.Sprintf("failed to encrypt: %v", e.err) +} + +type getAWSDataPermissionsError struct { + err error +} + +func (m *getAWSDataPermissionsError) Error() string { + return fmt.Sprintf("failed to get AWS data permissions %v", m.err) +} + +type splitHubError struct { + err error +} + +func (e *splitHubError) Error() string { + return fmt.Sprintf("failed to split hub: %v", e.err) +} diff --git a/src/error_test.go b/src/error_test.go index 2ac91377..b02dc7e9 100644 --- a/src/error_test.go +++ b/src/error_test.go @@ -1,8 +1,14 @@ package pike -import "testing" +import ( + "errors" + "fmt" + "testing" +) func Test_notImplementedResourceError_Error(t *testing.T) { + t.Parallel() + type fields struct { Name string } @@ -17,9 +23,12 @@ func Test_notImplementedResourceError_Error(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + t.Parallel() + m := ¬ImplementedResourceError{ Name: tt.fields.Name, } + if got := m.Error(); got != tt.want { t.Errorf("Error() = %v, want %v", got, tt.want) } @@ -28,6 +37,8 @@ func Test_notImplementedResourceError_Error(t *testing.T) { } func Test_notImplementedDatasourceError_Error(t *testing.T) { + t.Parallel() + type fields struct { Name string } @@ -42,9 +53,12 @@ func Test_notImplementedDatasourceError_Error(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + t.Parallel() + m := ¬ImplementedDatasourceError{ Name: tt.fields.Name, } + if got := m.Error(); got != tt.want { t.Errorf("Error() = %v, want %v", got, tt.want) } @@ -53,6 +67,8 @@ func Test_notImplementedDatasourceError_Error(t *testing.T) { } func Test_unknownPermissionError_Error(t *testing.T) { + t.Parallel() + type fields struct { Name string } @@ -67,12 +83,880 @@ func Test_unknownPermissionError_Error(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + t.Parallel() + m := &unknownPermissionError{ Name: tt.fields.Name, } + if got := m.Error(); got != tt.want { t.Errorf("Error() = %v, want %v", got, tt.want) } }) } } + +func TestGitReferenceError_Error(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + m *gitReferenceError + want string + }{ + { + name: "basic git reference", + m: &gitReferenceError{ + name: "refs/heads/main", + }, + want: "git reference in module source path unsupported refs/heads/main", + }, + { + name: "empty reference", + m: &gitReferenceError{ + name: "", + }, + want: "git reference in module source path unsupported ", + }, + { + name: "commit hash reference", + m: &gitReferenceError{ + name: "a1b2c3d4e5f6", + }, + want: "git reference in module source path unsupported a1b2c3d4e5f6", + }, + { + name: "tag reference", + m: &gitReferenceError{ + name: "refs/tags/v1.0.0", + }, + want: "git reference in module source path unsupported refs/tags/v1.0.0", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + if got := tt.m.Error(); got != tt.want { + t.Errorf("gitReferenceError.Error() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestBackendExistsError_Error(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + m *backendExistsError + want string + }{ + { + name: "basic backend error", + m: &backendExistsError{}, + want: "backend already exists", + }, + { + name: "new instance", + m: new(backendExistsError), + want: "backend already exists", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + if got := tt.m.Error(); got != tt.want { + t.Errorf("backendExistsError.Error() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestRepositoryFormatError_Error(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + m *repositoryFormatError + want string + }{ + { + name: "empty repository", + m: &repositoryFormatError{ + name: "", + }, + want: "repository not formatted correctly ", + }, + { + name: "invalid path format", + m: &repositoryFormatError{ + name: "invalid/repo/path///", + }, + want: "repository not formatted correctly invalid/repo/path///", + }, + { + name: "special characters", + m: &repositoryFormatError{ + name: "@#$%^&*", + }, + want: "repository not formatted correctly @#$%^&*", + }, + { + name: "url format", + m: &repositoryFormatError{ + name: "https://github.com/user/repo.git", + }, + want: "repository not formatted correctly https://github.com/user/repo.git", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + if got := tt.m.Error(); got != tt.want { + t.Errorf("repositoryFormatError.Error() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestRepositoryFormatError_Error_Additional(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + m *repositoryFormatError + want string + }{ + { + name: "whitespace only", + m: &repositoryFormatError{ + name: " ", + }, + want: "repository not formatted correctly ", + }, + { + name: "very long path", + m: &repositoryFormatError{ + name: "org/extremely/long/repository/path/that/exceeds/normal/length/limits/and/tests/boundary/conditions", + }, + want: "repository not formatted correctly org/extremely/long/repository/path/that/exceeds/normal/length/limits/and/tests/boundary/conditions", + }, + { + name: "unicode characters", + m: &repositoryFormatError{ + name: "ĐžŅ€ĐŗĐ°ĐŊиСаŅ†Đ¸Ņ/Ņ€ĐĩĐŋОСиŅ‚ĐžŅ€Đ¸Đš", + }, + want: "repository not formatted correctly ĐžŅ€ĐŗĐ°ĐŊиСаŅ†Đ¸Ņ/Ņ€ĐĩĐŋОСиŅ‚ĐžŅ€Đ¸Đš", + }, + { + name: "numeric repository", + m: &repositoryFormatError{ + name: "12345/67890", + }, + want: "repository not formatted correctly 12345/67890", + }, + { + name: "mixed case with symbols", + m: &repositoryFormatError{ + name: "My-Org/Repo_Name-123", + }, + want: "repository not formatted correctly My-Org/Repo_Name-123", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + if got := tt.m.Error(); got != tt.want { + t.Errorf("repositoryFormatError.Error() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestMappingsEmpty_Error(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + m *mappingsEmptyError + want string + }{ + { + name: "basic empty mappings", + m: &mappingsEmptyError{}, + want: "mappings are empty", + }, + { + name: "new instance", + m: new(mappingsEmptyError), + want: "mappings are empty", + }, + { + name: "nil pointer", + m: (*mappingsEmptyError)(nil), + want: "mappings are empty", + }, + { + name: "multiple calls", + m: &mappingsEmptyError{}, + want: "mappings are empty", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + if got := tt.m.Error(); got != tt.want { + t.Errorf("mappingsEmptyError.Error() = %v, want %v", got, tt.want) + } + + // Test multiple calls return the same result + if tt.name == "multiple calls" { + for i := 0; i < 3; i++ { + if got := tt.m.Error(); got != tt.want { + t.Errorf("mappingsEmptyError.Error() iteration %d = %v, want %v", i, got, tt.want) + } + } + } + }) + } +} + +func TestEmptyPermissionsError(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + want string + }{ + { + name: "returns correct error message", + want: "permissions list cannot be empty", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + err := &emptyPermissionsError{} + + if got := err.Error(); got != tt.want { + t.Errorf("emptyPermissionsError.Error() = %v, want %v", got, tt.want) + } + }) + } + + // Verify it implements error interface + var _ error = &emptyPermissionsError{} +} + +func TestEmptyTypeNameError(t *testing.T) { + t.Parallel() + t.Run("returns correct error message", func(t *testing.T) { + t.Parallel() + + err := &emptyTypeNameError{} + + expected := "TypeName cannot be empty" + + if got := err.Error(); got != expected { + t.Errorf("emptyTypeNameError.Error() = %v, want %v", got, expected) + } + }) + + //goland:noinspection GoLinter + t.Run("implements error interface", func(t *testing.T) { + t.Parallel() + var err error = &emptyTypeNameError{} // Verify it satisfies error interface + + //goland:noinspection GoLinter + if err == nil { + t.Error("emptyTypeNameError should implement error interface") + } + }) +} + +func TestEmptyNameError(t *testing.T) { + t.Parallel() + + err := &emptyNameError{} + + expected := "Name cannot be empty" + if got := err.Error(); got != expected { + t.Errorf("emptyNameError.Error() = %v, want %v", got, expected) + } +} + +func TestEmptyNameError_ImplementsError(t *testing.T) { + var _ error = (*emptyNameError)(nil) +} + +func TestAssertionFailedError(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + message string + err error + expected string + }{ + { + name: "basic error message", + message: "test failed", + err: errors.New("invalid input"), + expected: "assertion failed: test failed invalid input", + }, + { + name: "empty message", + message: "", + err: errors.New("error only"), + expected: "assertion failed: error only", + }, + { + name: "nil error", + message: "test message", + err: nil, + expected: "assertion failed: test message ", + }, + { + name: "empty message and nil error", + message: "", + err: nil, + expected: "assertion failed: ", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + err := &assertionFailedError{ + message: tc.message, + err: tc.err, + } + + if got := err.Error(); got != tc.expected { + t.Errorf("assertionFailedError.Error() = %v, want %v", got, tc.expected) + } + }) + } +} + +func TestInvalidJSONError(t *testing.T) { + t.Parallel() + t.Run("implements error interface", func(t *testing.T) { + t.Parallel() + + var _ error = &invalidJSONError{} + }) + + t.Run("returns correct error message", func(t *testing.T) { + t.Parallel() + + err := &invalidJSONError{} + expected := "invalid json, was empty or corrupt" + + if got := err.Error(); got != expected { + t.Errorf("invalidJSONError.Error() = %v, want %v", got, expected) + } + }) +} + +func TestUnmarshallJSONError(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + err error + resource string + want string + }{ + { + name: "basic error", + err: errors.New("parse error"), + resource: "test-resource", + want: "failed to unmarshal json parse error for test-resource", + }, + { + name: "nil error", + err: nil, + resource: "test-resource", + want: "failed to unmarshal json for test-resource", + }, + { + name: "empty resource", + err: errors.New("parse error"), + resource: "", + want: "failed to unmarshal json parse error for ", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + err := &unmarshallJSONError{ + err: tc.err, + resource: tc.resource, + } + + if got := err.Error(); got != tc.want { + t.Errorf("unmarshallJSONError.Error() = %v, want %v", got, tc.want) + } + }) + } +} + +func TestAttributesFieldMissingError(t *testing.T) { + err := &attributesFieldMissingError{} + want := "attributes field missing" + + if got := err.Error(); got != want { + t.Errorf("attributesFieldMissingError.Error() = %v, want %v", got, want) + } +} + +func TestAssertionError(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + message string + want string + }{ + { + name: "basic message", + message: "test failed", + want: "assertion failed for: test failed", + }, + { + name: "empty message", + message: "", + want: "assertion failed for: ", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + err := &assertionError{message: tc.message} + + if got := err.Error(); got != tc.want { + t.Errorf("assertionError.Error() = %v, want %v", got, tc.want) + } + }) + } +} + +func TestTemplateParseError(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + err error + want string + }{ + { + name: "with error", + err: errors.New("invalid syntax"), + want: "failed to parse template invalid syntax", + }, + { + name: "nil error", + err: nil, + want: "failed to parse template ", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + err := &templateParseError{err: tc.err} + + if got := err.Error(); got != tc.want { + t.Errorf("templateParseError.Error() = %v, want %v", got, tc.want) + } + }) + } +} + +func TestTemplateExecuteError(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + err error + want string + }{ + { + name: "with error", + err: errors.New("execution failed"), + want: "failed to execute template execution failed", + }, + { + name: "nil error", + err: nil, + want: "failed to execute template ", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + err := &templateExecuteError{err: tc.err} + + if got := err.Error(); got != tc.want { + t.Errorf("templateExecuteError.Error() = %v, want %v", got, tc.want) + } + }) + } +} + +func TestMarshallAWSPolicyError(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + err error + expected string + }{ + { + name: "with nil error", + err: nil, + expected: "failed to marshal policy: ", + }, + { + name: "with simple error", + err: errors.New("invalid format"), + expected: "failed to marshal policy: invalid format", + }, + { + name: "with wrapped error", + err: fmt.Errorf("wrapped: %w", errors.New("base error")), + expected: "failed to marshal policy: wrapped: base error", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + err := &marshallAWSPolicyError{err: tt.err} + + if got := err.Error(); got != tt.expected { + t.Errorf("marshallAWSPolicyError.Error() = %v, want %v", got, tt.expected) + } + }) + } +} + +func TestDirectoryErrors(t *testing.T) { + t.Parallel() + t.Run("empty directory error", func(t *testing.T) { + t.Parallel() + + err := &emptyDirectoryError{} + expected := "directory value cannot be an empty string" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) + + t.Run("directory not found error", func(t *testing.T) { + t.Parallel() + err := &directoryNotFoundError{directory: "/tmp/nonexistent"} + expected := "directory does not exist: /tmp/nonexistent" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) +} + +func TestARNErrors(t *testing.T) { + t.Run("empty ARN error", func(t *testing.T) { + t.Parallel() + err := &arnEmptyError{} + expected := "ARN cannot be empty" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) + + t.Run("invalid ARN error", func(t *testing.T) { + t.Parallel() + + err := &invalidARNError{arn: "invalid:arn"} + + expected := "invalid role or ARN: invalid:arn" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) +} + +func TestAWSErrors(t *testing.T) { + t.Parallel() + t.Run("AWS config error", func(t *testing.T) { + t.Parallel() + + err := &awsConfigError{err: &emptyNameError{}} + + expected := "failed to load AWS config: Name cannot be empty" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) + + t.Run("get IAM version error", func(t *testing.T) { + t.Parallel() + + err := &getIAMVersionError{err: &emptyNameError{}} + + expected := "failed to get IAM version: Name cannot be empty" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) +} + +func TestPolicyErrors(t *testing.T) { + t.Parallel() + t.Run("sort actions error", func(t *testing.T) { + t.Parallel() + + err := &sortActionsError{json: "invalid-json"} + expected := "failed to sort actions: invalid-json" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) + + t.Run("get policy version error", func(t *testing.T) { + t.Parallel() + + err := &getPolicyVersionError{err: &emptyNameError{}} + expected := "failed to get policy version: Name cannot be empty" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) + + t.Run("input validation error", func(t *testing.T) { + t.Parallel() + + err := &inputValidationError{err: &emptyNameError{}} + expected := "input validation failed: Name cannot be empty" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) + + t.Run("marshall policy error", func(t *testing.T) { + t.Parallel() + + err := &marshallPolicyError{err: &emptyNameError{}} + + expected := "failed to marshal policy: Name cannot be empty" + + if err.Error() != expected { + t.Errorf("expected %q, got %q", expected, err.Error()) + } + }) +} + +func TestTerraformErrors(t *testing.T) { + testErr := errors.New("test error") + + t.Run("terraformPlanError", func(t *testing.T) { + t.Parallel() + + err := &terraformPlanError{err: testErr} + expected := "failed to plan terraform test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("terraformNewError", func(t *testing.T) { + t.Parallel() + + err := &terraformNewError{err: testErr} + expected := "failed to create terraform test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("terraformOutputError", func(t *testing.T) { + t.Parallel() + + err := &terraformOutputError{} + expected := "terraform output is empty" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("terraformApplyError with target", func(t *testing.T) { + t.Parallel() + + err := &terraformApplyError{target: "module.test", err: testErr} + expected := "failed to apply terraform module.test test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("terraformApplyError without target", func(t *testing.T) { + err := &terraformApplyError{target: "", err: testErr} + expected := "failed to apply terraform test error" + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) +} + +func TestSecretAndEncryptionErrors(t *testing.T) { + testErr := errors.New("test error") + + t.Run("getPublicKeyDetailsError", func(t *testing.T) { + err := &getPublicKeyDetailsError{err: testErr} + expected := "failed to get public key details: test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("updateSecretError", func(t *testing.T) { + err := &updateSecretError{err: testErr} + expected := "failed to update secret: test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("decodeStringError", func(t *testing.T) { + t.Parallel() + + err := &decodeStringError{err: testErr} + expected := "failed to decode string: test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("encryptPlaintextError", func(t *testing.T) { + t.Parallel() + + err := &encryptPlaintextError{err: testErr} + expected := "failed to encrypt plaintext: test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("emptyKeyError", func(t *testing.T) { + err := &emptyKeyError{} + expected := "empty key" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) + + t.Run("encryptError", func(t *testing.T) { + err := &encryptError{err: testErr} + expected := "failed to encrypt: test error" + + if err.Error() != expected { + t.Errorf("got %q, want %q", err.Error(), expected) + } + }) +} + +func TestGetAWSDataPermissionsError(t *testing.T) { + originalErr := errors.New("original error") + customErr := &getAWSDataPermissionsError{err: originalErr} + expected := "failed to get AWS data permissions original error" + + if customErr.Error() != expected { + t.Errorf("Expected %s, but got %s", expected, customErr.Error()) + } +} + +func TestSplitHubError(t *testing.T) { + t.Parallel() + + originalErr := errors.New("another error") + customErr := &splitHubError{err: originalErr} + expected := "failed to split hub: another error" + + if customErr.Error() != expected { + t.Errorf("Expected %s, but got %s", expected, customErr.Error()) + } +} + +func TestSetRepoSecretError(t *testing.T) { + originalErr := errors.New("some error") + customErr := &setRepoSecretError{repository: "my-repo", err: originalErr} + expected := "failed to set repo secret:my-repo some error" + + if customErr.Error() != expected { + t.Errorf("Expected %s, but got %s", expected, customErr.Error()) + } +} + +func TestSetAWSAuthError(t *testing.T) { + originalErr := errors.New("auth error") + customErr := &setAWSAuthError{err: originalErr} + expected := "failed to set AWS auth error" + + if customErr.Error() != expected { + t.Errorf("Expected %s, but got %s", expected, customErr.Error()) + } +} + +func TestMakeRoleError(t *testing.T) { + originalErr := errors.New("role error") + customErr := &makeRoleError{err: originalErr} + expected := "failed to make role: role error" + + if customErr.Error() != expected { + t.Errorf("Expected %s, but got %s", expected, customErr.Error()) + } +} diff --git a/src/files.go b/src/files.go index e0746cee..51e3e34d 100644 --- a/src/files.go +++ b/src/files.go @@ -2108,28 +2108,28 @@ var awsDmsS3Endpoint []byte var awsDmsReplicationConfig []byte //go:embed mapping/aws/resource/rds/aws_db_instance_automated_backups_replication.json -var awsDbInstanceAutomatedBackupsReplication []byte +var awsDBInstanceAutomatedBackupsReplication []byte //go:embed mapping/aws/resource/rds/aws_db_instance_role_association.json -var awsDbInstanceRoleAssociation []byte +var awsDBInstanceRoleAssociation []byte //go:embed mapping/aws/resource/rds/aws_db_proxy.json -var awsDbProxy []byte +var awsDBProxy []byte //go:embed mapping/aws/resource/rds/aws_db_proxy_default_target_group.json -var awsDbProxyDefaultTargetGroup []byte +var awsDBProxyDefaultTargetGroup []byte //go:embed mapping/aws/resource/rds/aws_db_proxy_endpoint.json -var awsDbProxyEndpoint []byte +var awsDBProxyEndpoint []byte //go:embed mapping/aws/resource/rds/aws_db_proxy_target.json -var awsDbProxyTarget []byte +var awsDBProxyTarget []byte //go:embed mapping/aws/resource/rds/aws_db_snapshot.json -var awsDbSnapshot []byte +var awsDBSnapshot []byte //go:embed mapping/aws/resource/rds/aws_db_snapshot_copy.json -var awsDbSnapshotCopy []byte +var awsDBSnapshotCopy []byte //go:embed mapping/aws/resource/transcribe/aws_transcribe_language_model.json var awsTranscribeLanguageModel []byte @@ -2165,7 +2165,7 @@ var awsAmplifyDomainAssociation []byte var awsWorkspacesConnectionAlias []byte //go:embed mapping/aws/resource/workspaces/aws_workspaces_ip_group.json -var awsWorkspacesIpGroup []byte +var awsWorkspacesIPGroup []byte //go:embed mapping/aws/resource/chime/aws_chime_voice_connector.json var awsChimeVoiceConnector []byte @@ -2195,10 +2195,1297 @@ var awsChimesdkmediapipelinesMediaInsightsPipelineConfiguration []byte var awsChimesdkvoiceGlobalSettings []byte //go:embed mapping/aws/resource/chime/aws_chimesdkvoice_sip_media_application.json -var awsChimesdkvoiceSipMediaApplication []byte +var awsChimesdkvoiceSIPMediaApplication []byte //go:embed mapping/aws/resource/chime/aws_chimesdkvoice_sip_rule.json -var awsChimesdkvoiceSipRule []byte +var awsChimesdkvoiceSIPRule []byte //go:embed mapping/aws/resource/chime/aws_chimesdkvoice_voice_profile_domain.json var awsChimesdkvoiceVoiceProfileDomain []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_environment.json +var awsAppconfigEnvironment []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_extension.json +var awsAppconfigExtension []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_extension_association.json +var awsAppconfigExtensionAssociation []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrockagent_data_source.json +var awsBedrockagentDatasource []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrockagent_knowledge_base.json +var awsBedrockagentKnowledgeBase []byte + +//go:embed mapping/aws/resource/cleanrooms/aws_cleanrooms_collaboration.json +var awsCleanroomsCollaboration []byte + +//go:embed mapping/aws/resource/cleanrooms/aws_cleanrooms_configured_table.json +var awsCleanroomsConfiguredTable []byte + +//go:embed mapping/aws/resource/ec2/aws_vpn_connection_route.json +var awsVpnConnectionRoute []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_hosted_configuration_version.json +var awsAppconfigHostedConfigurationVersion []byte + +//go:embed mapping/aws/resource/appflow/aws_appflow_connector_profile.json +var awsAppflowConnectorProfile []byte + +//go:embed mapping/aws/resource/appflow/aws_appflow_flow.json +var awsAppflowFlow []byte + +//go:embed mapping/aws/resource/app-integrations/aws_appintegrations_data_integration.json +var awsAppintegrationsDataIntegration []byte + +//go:embed mapping/aws/resource/app-integrations/aws_appintegrations_event_integration.json +var awsAppintegrationsEventIntegration []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_auto_scaling_configuration_version.json +var awsApprunnerAutoScalingConfigurationVersion []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_default_auto_scaling_configuration_version.json +var awsApprunnerDefaultAutoScalingConfigurationVersion []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_observability_configuration.json +var awsApprunnerObservabilityConfiguration []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_service.json +var awsApprunnerService []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_vpc_connector.json +var awsApprunnerVpcConnector []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_vpc_ingress_connection.json +var awsApprunnerVpcIngressConnection []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_image_builder.json +var awsAppstreamImageBuilder []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_domain_name.json +var awsAppsyncDomainName []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_domain_name_api_association.json +var awsAppsyncDomainNameAPIAssociation []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_function.json +var awsAppsyncFunction []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_resolver.json +var awsAppsyncResolver []byte + +//go:embed mapping/aws/resource/athena/aws_athena_prepared_statement.json +var awsAthenaPreparedStatement []byte + +//go:embed mapping/aws/resource/bcm-data-exports/aws_bcmdataexports_export.json +var awsBcmdataexportsExport []byte + +//go:embed mapping/aws/resource/chatbot/aws_chatbot_slack_channel_configuration.json +var awsChatbotSlackChannelConfiguration []byte + +//go:embed mapping/aws/resource/chatbot/aws_chatbot_teams_channel_configuration.json +var awsChatbotTeamsChannelConfiguration []byte + +//go:embed mapping/aws/resource/cloudfront/aws_cloudfront_key_value_store.json +var awsCloudfrontKeyValueStore []byte + +//go:embed mapping/aws/resource/cloudfront/aws_cloudfront_realtime_log_config.json +var awsCloudfrontRealtimeLogConfig []byte + +//go:embed mapping/aws/resource/cassandra/aws_keyspaces_keyspace.json +var awsKeyspacesKeyspace []byte + +//go:embed mapping/aws/resource/cassandra/aws_keyspaces_table.json +var awsKeyspacesTable []byte + +//go:embed mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_provider_principal_tag.json +var awsCognitoIdentityPoolProviderPrincipalTag []byte + +//go:embed mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_roles_attachment.json +var awsCognitoIdentityPoolRolesAttachment []byte + +//go:embed mapping/aws/resource/comprehend/aws_comprehend_document_classifier.json +var awsComprehendDocumentClassifier []byte + +//go:embed mapping/aws/resource/config/aws_config_conformance_pack.json +var awsConfigConformancePack []byte + +//go:embed mapping/aws/resource/config/aws_config_organization_conformance_pack.json +var awsConfigOrganizationConformancePack []byte + +//go:embed mapping/aws/resource/controltower/aws_controltower_control.json +var awsControltowerControl []byte + +//go:embed mapping/aws/resource/controltower/aws_controltower_landing_zone.json +var awsControltowerLandingZone []byte + +//go:embed mapping/aws/resource/cur/aws_cur_report_definition.json +var awsCurReportDefinition []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_project.json +var awsDatazoneProject []byte + +//go:embed mapping/aws/resource/detective/aws_detective_graph.json +var awsDetectiveGraph []byte + +//go:embed mapping/aws/resource/detective/aws_detective_invitation_accepter.json +var awsDetectiveInvitationAccepter []byte + +//go:embed mapping/aws/resource/detective/aws_detective_organization_admin_account.json +var awsDectectiveOrganizationAdminAccount []byte + +//go:embed mapping/aws/resource/devops-guru/aws_devopsguru_notification_channel.json +var awsDevopsguruNotificationChannel []byte + +//go:embed mapping/aws/resource/devops-guru/aws_devopsguru_resource_collection.json +var awsDevopsguruResourceCollection []byte + +//go:embed mapping/aws/resource/docdb-elastic/aws_docdbelastic_cluster.json +var awsDocdbelasticCluster []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_local_gateway_route.json +var awsEc2LocalGatewayRoute []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_local_gateway_route_table_vpc_association.json +var awsEc2LocalGatewayRouteTableVpcAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_managed_prefix_list.json +var awsEc2ManagedPrefixList []byte + +//go:embed mapping/aws/resource/ec2/aws_network_interface_attachment.json +var awsNetworkInterfaceAttachment []byte + +//go:embed mapping/aws/resource/ec2/aws_spot_fleet_request.json +var awsSpotFleetRequest []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect.json +var awsEc2TransitGatewayConnect []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain.json +var awsEc2TransitGatewayMulticastDomain []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain_association.json +var awsEc2TransitGatewayMulticastDomainAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_member.json +var awsEc2TransitGatewayMulticastGroupMember []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_source.json +var awsEc2TransitGatewayMulticastGroupSource []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment.json +var awsEc2TransitGatewayPeeringAttachment []byte + +//go:embed mapping/aws/resource/ecr/aws_ecr_repository_creation_template.json +var awsEcrRepositoryCreationTemplate []byte + +//go:embed mapping/aws/resource/ecs/aws_ecs_capacity_provider.json +var awsEcsCapacityProvider []byte + +//go:embed mapping/aws/resource/ec2/aws_network_acl_association.json +var awsNetworkACLAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_connection_notification.json +var awsVpcEndpointConnectionNotification []byte + +//go:embed mapping/aws/resource/ecs/aws_ecs_task_set.json +var awsEcsTaskSet []byte + +//go:embed mapping/aws/resource/eks/aws_eks_access_entry.json +var awsEksAccessEntry []byte + +//go:embed mapping/aws/resource/eks/aws_eks_fargate_profile.json +var awsEksFargateProfile []byte + +//go:embed mapping/aws/resource/eks/aws_eks_identity_provider_config.json +var awsEksIdentityProviderConfig []byte + +//go:embed mapping/aws/resource/eks/aws_eks_pod_identity_association.json +var awsEksPodIdentityAssociation []byte + +//go:embed mapping/aws/resource/elasticache/aws_elasticache_global_replication_group.json +var awsElasticacheGlobalReplicationGroup []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emr_studio.json +var awsEmrStudio []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emr_studio_session_mapping.json +var awsEmrStudioSessionMapping []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emrcontainers_virtual_cluster.json +var awsEmrcontainersVirtualCluster []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emrserverless_application.json +var awsEmrseverlessApplication []byte + +//go:embed mapping/aws/resource/evidently/aws_evidently_feature.json +var awsEvidentlyFeature []byte + +//go:embed mapping/aws/resource/evidently/aws_evidently_launch.json +var awsEvidentlyLaunch []byte + +//go:embed mapping/aws/resource/evidently/aws_evidently_project.json +var awsEvidentlyProject []byte + +//go:embed mapping/aws/resource/evidently/aws_evidently_segment.json +var awsEvidentlySegment []byte + +//go:embed mapping/aws/resource/schemas/aws_schemas_discoverer.json +var awsSchemasDiscoverer []byte + +//go:embed mapping/aws/resource/schemas/aws_schemas_registry.json +var awsSchemasRegistry []byte + +//go:embed mapping/aws/resource/schemas/aws_schemas_registry_policy.json +var awsSchemasRegistryPolicy []byte + +//go:embed mapping/aws/resource/schemas/aws_schemas_schema.json +var awsSchemasSchema []byte + +//go:embed mapping/aws/resource/finspace/aws_finspace_kx_environment.json +var awsFinspaceKxEnvironment []byte + +//go:embed mapping/aws/resource/fis/aws_fis_experiment_template.json +var awsFisExperimentTemplate []byte + +//go:embed mapping/aws/resource/fms/aws_fms_policy.json +var awsFmsPolicy []byte + +//go:embed mapping/aws/resource/fms/aws_fms_resource_set.json +var awsFmsResourceSet []byte + +//go:embed mapping/aws/resource/gamelift/aws_gamelift_alias.json +var awsGameliftAlias []byte + +//go:embed mapping/aws/resource/gamelift/aws_gamelift_build.json +var awsGameliftBuild []byte + +//go:embed mapping/aws/resource/gamelift/aws_gamelift_fleet.json +var awsGameliftFleet []byte + +//go:embed mapping/aws/resource/gamelift/aws_gamelift_game_server_group.json +var awsGameliftGameServerGroup []byte + +//go:embed mapping/aws/resource/gamelift/aws_gamelift_game_session_queue.json +var awsGameliftGameSessionQueue []byte + +//go:embed mapping/aws/resource/gamelift/aws_gamelift_script.json +var awsGameliftScript []byte + +//go:embed mapping/aws/resource/globalaccelerator/aws_globalaccelerator_accelerator.json +var awsGlobalacceleratorAccelerator []byte + +//go:embed mapping/aws/resource/globalaccelerator/aws_globalaccelerator_cross_account_attachment.json +var awsGlobalacceleratorCrossAccountAttachment []byte + +//go:embed mapping/aws/resource/globalaccelerator/aws_globalaccelerator_endpoint_group.json +var awsGlobalacceleratorEndpointGroup []byte + +//go:embed mapping/aws/resource/globalaccelerator/aws_globalaccelerator_listener.json +var awsGlobalacceleratorListener []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_detector.json +var awsGuarddutyDetector []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_filter.json +var awsGuarddutyFilter []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_ipset.json +var awsGuarddutyIpset []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_malware_protection_plan.json +var awsGuarddutyMalwareProtectionPlan []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_member.json +var awsGuarddutyMember []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_threatintelset.json +var awsGuarddutyThreatintelset []byte + +//go:embed mapping/aws/resource/imagebuilder/aws_imagebuilder_workflow.json +var awsImagebuilderWorkflow []byte + +//go:embed mapping/aws/resource/iot/aws_iot_authorizer.json +var awsIotAuthorizer []byte + +//go:embed mapping/aws/resource/iot/aws_iot_billing_group.json +var awsIotBillingGroup []byte + +//go:embed mapping/aws/resource/iot/aws_iot_ca_certificate.json +var awsIotCaCertificate []byte + +//go:embed mapping/aws/resource/iot/aws_iot_certificate.json +var awsIotCertificate []byte + +//go:embed mapping/aws/resource/iot/aws_iot_policy.json +var awsIotPolicy []byte + +//go:embed mapping/aws/resource/iot/aws_iot_provisioning_template.json +var awsIotProvisioningTemplate []byte + +//go:embed mapping/aws/resource/iot/aws_iot_role_alias.json +var awsIotRoleAlias []byte + +//go:embed mapping/aws/resource/iot/aws_iot_thing.json +var awsIotThing []byte + +//go:embed mapping/aws/resource/iot/aws_iot_thing_group.json +var awsIotThingGroup []byte + +//go:embed mapping/aws/resource/iot/aws_iot_thing_type.json +var awsIotThingType []byte + +//go:embed mapping/aws/resource/iot/aws_iot_topic_rule.json +var awsIotTopicRule []byte + +//go:embed mapping/aws/resource/iot/aws_iot_topic_rule_destination.json +var awsIotTopicRuleDestination []byte + +//go:embed mapping/aws/resource/ivschat/aws_ivs_channel.json +var awsIvsChannel []byte + +//go:embed mapping/aws/resource/ivschat/aws_ivs_playback_key_pair.json +var awsIvsPlaybackKeyPair []byte + +//go:embed mapping/aws/resource/ivschat/aws_ivs_recording_configuration.json +var awsIvsRecordingConfigration []byte + +//go:embed mapping/aws/resource/ivschat/aws_ivschat_logging_configuration.json +var awsIvschatLoggingConfiguration []byte + +//go:embed mapping/aws/resource/ivschat/aws_ivschat_room.json +var awsIvschatRoom []byte + +//go:embed mapping/aws/resource/kendra/aws_kendra_data_source.json +var awsKendraDataSource []byte + +//go:embed mapping/aws/resource/kendra/aws_kendra_faq.json +var awsKendraFaq []byte + +//go:embed mapping/aws/resource/kendra/aws_kendra_index.json +var awsKendraIndex []byte + +//go:embed mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application.json +var awsKinesisanalyticsv2Application []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_data_cells_filter.json +var awsLakeformationDataCellsFilter []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tag.json +var awsLakeformationResourceLfTag []byte + +//go:embed mapping/aws/resource/lex/aws_lex_bot.json +var awsLexBot []byte + +//go:embed mapping/aws/resource/lex/aws_lex_bot_alias.json +var awsLexBotAlias []byte + +//go:embed mapping/aws/resource/lex/aws_lex_intent.json +var awsLexIntent []byte + +//go:embed mapping/aws/resource/lex/aws_lex_slot_type.json +var awsLexSlotType []byte + +//go:embed mapping/aws/resource/license-manager/aws_licensemanager_grant.json +var awsLicencemanagerGrant []byte + +//go:embed mapping/aws/resource/license-manager/aws_licensemanager_license_configuration.json +var awsLicenceManagerLicencenceConfiguration []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_bucket.json +var awsLightsailBucket []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_certificate.json +var awsLightsailCertificate []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_database.json +var awsLightsailDatabase []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_disk.json +var awsLightsailDisk []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_distribution.json +var awsLightsailDistribution []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_lb.json +var awsLightsailLb []byte + +//go:embed mapping/aws/resource/logs/aws_cloudwatch_log_account_policy.json +var awsCloudwatchLogAccountPolicy []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_custom_data_identifier.json +var awsMacie2CustomDataIdentifier []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_findings_filter.json +var awsMacie2FindingsFilter []byte + +//go:embed mapping/aws/resource/mediapackage/aws_media_package_channel.json +var awsMediaPackageChannel []byte + +//go:embed mapping/aws/resource/medialive/aws_medialive_multiplex.json +var awsMedialiveMulitplex []byte + +//go:embed mapping/aws/resource/medialive/aws_medialive_multiplex_program.json +var awsMedialiveMultiplexProgram []byte + +//go:embed mapping/aws/resource/memorydb/aws_memorydb_acl.json +var awsMemorydbACL []byte + +//go:embed mapping/aws/resource/memorydb/aws_memorydb_parameter_group.json +var awsMemorydbParameterGroup []byte + +//go:embed mapping/aws/resource/kafka/aws_msk_cluster_policy.json +var awsMskClusterPolicy []byte + +//go:embed mapping/aws/resource/kafka/aws_msk_replicator.json +var awsMskReplicator []byte + +//go:embed mapping/aws/resource/kafka/aws_msk_vpc_connection.json +var awsMskVpcConnection []byte + +//go:embed mapping/aws/resource/airflow/aws_mwaa_environment.json +var awsMwaaEnvironment []byte + +//go:embed mapping/aws/resource/network-firewall/aws_networkfirewall_tls_inspection_configuration.json +var awsNetworkfirewallTLSInspectionConfiguration []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_connect_attachment.json +var awsNetworkManagerConnectAttachment []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_connect_peer.json +var awsNetworkManagerConnectPeer []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_core_network.json +var awsNetworkmanagerCoreNetwork []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_customer_gateway_association.json +var awsNetworkmanagerCustomerGatewayAssociation []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_device.json +var awsNetworkmanagerDevice []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_global_network.json +var awsNetworkmanagerGlobalNetwork []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_link.json +var awsNetworkmanagerLink []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_link_association.json +var awsNetworkmanagerLinkAssocation []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_site.json +var awsNetworkmanagerSite []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_site_to_site_vpn_attachment.json +var awsNetworkmanagerSiteToSiteVpnAttachment []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_peering.json +var awsNetworkmanagerTransitGatewayPeering []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_registration.json +var awsNetworkmanagerTransitGatewayRegistration []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_route_table_attachment.json +var awsNetworkmanagerTransitGatewayRouteTableAttachment []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_vpc_attachment.json +var awsNetworkmanagerVpcAttachment []byte + +//go:embed mapping/aws/resource/organizations/aws_organizations_account.json +var awsOrganizationsAccount []byte + +//go:embed mapping/aws/resource/organizations/aws_organizations_organization.json +var awsOrganizationsOrganization []byte + +//go:embed mapping/aws/resource/organizations/aws_organizations_organizational_unit.json +var awsOrganizationsOrganizationalUnit []byte + +//go:embed mapping/aws/resource/organizations/aws_organizations_resource_policy.json +var awsOrganizationsResourcePolicy []byte + +//go:embed mapping/aws/resource/osis/aws_osis_pipeline.json +var awsOsisPipeline []byte + +//go:embed mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key.json +var awsPaymentcrytopgraphyKey []byte + +//go:embed mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key_alias.json +var awsPaymentcrytopgraphyKeyAlias []byte + +//go:embed mapping/aws/resource/pipes/aws_pipes_pipe.json +var awsPipesPipe []byte + +//go:embed mapping/aws/resource/qldb/aws_qldb_stream.json +var awsQldbStream []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_analysis.json +var awsQuicksightAnalysis []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_dashboard.json +var awsQuicksightDashboard []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_data_set.json +var awsQuicksightDataSet []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_data_source.json +var awsQuicksightDataSource []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_refresh_schedule.json +var awsQuicksightRefreshSchedule []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_template.json +var awsQuicksightTemplate []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_theme.json +var awsQuicksightTheme []byte + +//go:embed mapping/aws/resource/rds/aws_rds_integration.json +var awsRdsIntegration []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_endpoint_access.json +var awsRedshiftEndpointAccess []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_endpoint_authorization.json +var awsRedshiftEndpointAuthorization []byte + +//go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_namespace.json +var awsRedshiftserverlessNamespace []byte + +//go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_workgroup.json +var awsRedshiftserverlessWorkgroup []byte + +//go:embed mapping/aws/resource/rekognition/aws_rekognition_collection.json +var awsRekognitionCollection []byte + +//go:embed mapping/aws/resource/rekognition/aws_rekognition_project.json +var awsRekognitionProject []byte + +//go:embed mapping/aws/resource/rekognition/aws_rekognition_stream_processor.json +var awsRekognitionStreamProcessor []byte + +//go:embed mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_index.json +var awsResourceexplorer2Index []byte + +//go:embed mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_view.json +var awsResourceexplorer2View []byte + +//go:embed mapping/aws/resource/rolesanywhere/aws_rolesanywhere_profile.json +var awsRolesanywhereProfile []byte + +//go:embed mapping/aws/resource/rolesanywhere/aws_rolesanywhere_trust_anchor.json +var awsRolesanywhereTrustAnchor []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_cluster.json +var awsRoute53recoverycontrolconfigCluster []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_control_panel.json +var awsRoute53recoverycontrolconfigControlPanel []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_routing_control.json +var awsRoute53recoverycontrolconfigRoutingControl []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_safety_rule.json +var awsRoute53recoverycontrolconfigSafetyRule []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_cell.json +var awsRoute53recoveryreadinessCell []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_readiness_check.json +var awsRoute53recoveryreadinessReadinessCheck []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_recovery_group.json +var awsRoute53recoveryreadinessRecoveryGroup []byte + +//go:embed mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_resource_set.json +var awsRoute53recoveryreadinessResourceSet []byte + +//go:embed mapping/aws/resource/rum/aws_rum_app_monitor.json +var awsRumAppMonitor []byte + +//go:embed mapping/aws/resource/s3/aws_s3_access_point.json +var awsS3AccessPoint []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_access_grant.json +var awsS3controlAccessGrant []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_access_grants_instance.json +var awsS3controlAccessGrantInstance []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_access_grants_location.json +var awsS3controlAccessGrantLocation []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_multi_region_access_point.json +var awscontrolMultiRegionAccessPoint []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_multi_region_access_point_policy.json +var awscontrolMultiRegionAccessPointPolicy []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3outposts_endpoint.json +var awsS3outpostsEndpoint []byte + +//go:embed mapping/aws/resource/scheduler/aws_scheduler_schedule.json +var awsSchedulerSchedule []byte + +//go:embed mapping/aws/resource/scheduler/aws_scheduler_schedule_group.json +var awsSchedulerScheduleGroup []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_automation_rule.json +var awsSecurityhubAutomationRule []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_configuration_policy.json +var awsSecurityhubConfigurationPolicy []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_finding_aggregator.json +var awsSecurityhubFindingAggregator []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_permission_set.json +var awsSsoadminPermissionSet []byte + +//go:embed mapping/aws/resource/timestreamwrite/aws_timestreaminfluxdb_db_instance.json +var awsTimestreamhubFindingAggregator []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_insight.json +var awsSecurityhubInsight []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_organization_configuration.json +var awsSecurityhubOrganizationConfiguration []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_product_subscription.json +var awsSecurityhubProductSubscription []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_standards_control.json +var awsSecurityhubStandardsControl []byte + +//go:embed mapping/aws/resource/securitylake/aws_securitylake_aws_log_source.json +var awsSecuritylakeAwsLogSource []byte + +//go:embed mapping/aws/resource/securitylake/aws_securitylake_data_lake.json +var awsSecuritylakeDataLake []byte + +//go:embed mapping/aws/resource/securitylake/aws_securitylake_subscriber.json +var awsSecuritylakeSubscriber []byte + +//go:embed mapping/aws/resource/securitylake/aws_securitylake_subscriber_notification.json +var awsSecuritylakeSubscriberNotification []byte + +//go:embed mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_application.json +var awsServicecatalogappregistryApplication []byte + +//go:embed mapping/aws/resource/shield/aws_shield_proactive_engagement.json +var awsShieldProactiveEngagement []byte + +//go:embed mapping/aws/resource/shield/aws_shield_protection.json +var awsShieldProtection []byte + +//go:embed mapping/aws/resource/shield/aws_shield_protection_group.json +var awsShieldProtectionGroup []byte + +//go:embed mapping/aws/resource/ssm/aws_ssm_association.json +var awsSsmAssociation []byte + +//go:embed mapping/aws/resource/ssm/aws_ssm_resource_data_sync.json +var awsSsmResourceDataSync []byte + +//go:embed mapping/aws/resource/ssm-contacts/aws_ssmcontacts_rotation.json +var awsSsmcontactsRotation []byte + +//go:embed mapping/aws/resource/ssm-incidents/aws_ssmincidents_response_plan.json +var awsSsmincidentsResponsePlan []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_application.json +var awsSsoadminApplication []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_application_assignment.json +var awsSsoadminApplicationAssignment []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_agreement.json +var awsTransferAgreement []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_certificate.json +var awsTransferCertificate []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_connector.json +var awsTransferConnector []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_profile.json +var awsTransferProfile []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_workflow.json +var awsTransferWorkflow []byte + +//go:embed mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_identity_source.json +var awsVerifiedpermissionsIdentitySource []byte + +//go:embed mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy.json +var awsVerifiedpermissionsPolicy []byte + +//go:embed mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_store.json +var awsVerifiedpermissionsPolicyStore []byte + +//go:embed mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_template.json +var awsVerifiedpermissionsPolicyTemplate []byte + +//go:embed mapping/aws/resource/ec2/aws_ebs_snapshot_block_public_access.json +var awsEbsSnapshotBlockPublicAccess []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_image_block_public_access.json +var awsEc2ImageBlockPublicAccess []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_serial_console_access.json +var awsEc2SerialConsoleAccess []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emr_block_public_access_configuration.json +var awsEmrBlockPublicAccessConfiguration []byte + +//go:embed mapping/aws/resource/s3/aws_s3_account_public_access_block.json +var awsS3AccountPublicAccessBlock []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_access_point_policy.json +var awsS3controlAccessPointPolicy []byte + +//go:embed mapping/aws/resource/iam/aws_iam_role_policies_exclusive.json +var awsIamGroupPoliciesExclusive []byte + +//go:embed mapping/aws/resource/iam/aws_iam_role_policies_exclusive.json +var awsIamRolePoliciesExclusive []byte + +//go:embed mapping/aws/resource/iam/aws_iam_user_policies_exclusive.json +var awsIamUserPoliciesExclusive []byte + +//go:embed mapping/aws/resource/m2/aws_m2_application.json +var awsM2Application []byte + +//go:embed mapping/aws/resource/m2/aws_m2_deployment.json +var awsM2Deployment []byte + +//go:embed mapping/aws/resource/m2/aws_m2_environment.json +var awsM2Environment []byte + +//go:embed mapping/aws/resource/memorydb/aws_memorydb_user.json +var awsMemorydbUser []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_human_task_ui.json +var awsSagemakerHumanTaskUI []byte + +//go:embed mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_key.json +var awsCloudfrontkeyvaluestoreKey []byte + +//go:embed mapping/aws/resource/ecs/aws_ecs_tag.json +var awsEcsTag []byte + +//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store.json +var awsLbTrustStore []byte + +//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store_revocation.json +var awsLbTrustStoreRevocation []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_folder.json +var awsQuicksightFolder []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_group.json +var awsQuicksightGroup []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_group_membership.json +var awsQuicksightGroupMembership []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_namespace.json +var awsQuicksightNamespace []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_user.json +var awsQuicksightUser []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_asset_type.json +var awsDatazoneAssetType []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_environment.json +var awsDatazoneEnvironment []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_environment_profile.json +var awsDatazoneEnvironmentProfile []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_form_type.json +var awsDatazoneFormType []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_glossary.json +var awsDatazoneGlossary []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_glossary_term.json +var awsDatazoneGlossaryTerm []byte + +//go:embed mapping/aws/resource/datazone/aws_datazone_user_profile.json +var awsDatazoneUserProfile []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_account_subscription.json +var awsQuicksightAccountSubscription []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_folder_membership.json +var awsQuicksightFolderMembership []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_iam_policy_assignment.json +var awsQuicksightIamPolicyAssignment []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_ingestion.json +var awsQuicksightIngestion []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_template_alias.json +var awsQuicksightTemplateAlias []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_vpc_connection.json +var awsQuicksightVpcConnection []byte + +//go:embed mapping/aws/resource/s3/aws_s3_bucket_analytics_configuration.json +var awsS3BucketAnalyticsConfiguration []byte + +//go:embed mapping/aws/resource/backup/aws_backup_logically_air_gapped_vault.json +var awsBackupLogicallyAirGappedVault []byte + +//go:embed mapping/aws/resource/kinesis/aws_kinesis_resource_policy.json +var awsKinesisResourcePolicy []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_deployment.json +var awsAppconfigDeployment []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_graphql_api.json +var awsAppsyncGraphAPI []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrock_inference_profile.json +var awsBedrockInferenceProfile []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_dx_gateway_attachment.json +var awsNetworkmanagerDxGatewayAttachment []byte + +//go:embed mapping/aws/resource/s3tables/aws_s3tables_namespace.json +var awsS3tablesNamespace []byte + +//go:embed mapping/aws/resource/s3tables/aws_s3tables_table.json +var awsS3tablesTable []byte + +//go:embed mapping/aws/resource/s3tables/aws_s3tables_table_bucket_policy.json +var awsS3tablesTableBucketPolicy []byte + +//go:embed mapping/aws/resource/s3tables/aws_s3tables_table_policy.json +var awsS3tablesTablePolicy []byte + +//go:embed mapping/aws/resource/s3tables/aws_s3tables_table_bucket.json +var awsS3tablesTableBucket []byte + +//go:embed mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json +var awsAPIGatewayDomainNameAccessAssociation []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json +var awsAppconfigDeploymentStrategy []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json +var awsAppmeshGatewayRoute []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_mesh.json +var awsAppmeshMesh []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_route.json +var awsAppmeshRoute []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json +var awsAppmeshVirtualGateway []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json +var awsAppmeshVirtualNode []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json +var awsAppmeshVirtualRouter []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json +var awsAppmeshVirtualService []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_directory_config.json +var awsAppstreamDirectoryConfig []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_fleet.json +var awsAppstreamFleet []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json +var awsAppstreamFleetStackAssociation []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_stack.json +var awsAppstreamStack []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_user.json +var awsAppstreamUser []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_user_stack_association.json +var awsAppstreamUserStackAssociation []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_api_cache.json +var awsAppsyncAPICache []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_api_key.json +var awsAppsyncAPIKey []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_datasource.json +var awsAppsyncDatasource []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_source_api_association.json +var awsAppsyncSourceAPIAssociation []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_type.json +var awsAppsyncType []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrock_guardrail.json +var awsBedrockGuardrail []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrock_guardrail_version.json +var awsBedrockGuardrailVersion []byte + +//go:embed mapping/aws/resource/cleanrooms/aws_cleanrooms_membership.json +var awsCleanroomsMembership []byte + +//go:embed mapping/aws/resource/codeconnections/aws_codeconnections_connection.json +var awsCodeconnectionsConnection []byte + +//go:embed mapping/aws/resource/profile/aws_customerprofiles_domain.json +var awsCustomerprofilesDomain []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emr_instance_fleet.json +var awsEmrInstanceFleet []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emr_instance_group.json +var awsEmrInstanceGroup []byte + +//go:embed mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_accelerator.json +var awsGlobalacceleratorCustomRoutingAccelerator []byte + +//go:embed mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_endpoint_group.json +var awsGlobalacceleratorCustomRoutingEndpointGroup []byte + +//go:embed mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_listener.json +var awsGlobalacceleratorCustomRoutingListener []byte + +//go:embed mapping/aws/resource/glue/aws_glue_partition.json +var awsGluePartition []byte + +//go:embed mapping/aws/resource/identitystore/aws_identitystore_group.json +var awsIdentitystoreGroup []byte + +//go:embed mapping/aws/resource/identitystore/aws_identitystore_user.json +var awsIdentitystoreUser []byte + +//go:embed mapping/aws/resource/identitystore/aws_identitystore_group_membership.json +var awsIdentitystoreGroupMembership []byte + +//go:embed mapping/aws/resource/imagebuilder/aws_imagebuilder_lifecycle_policy.json +var awsImagebuilderLifecyclePolicy []byte + +//go:embed mapping/aws/resource/iot/aws_iot_domain_configuration.json +var awsIotDomainConfiguration []byte + +//go:embed mapping/aws/resource/codebuild/aws_codebuild_fleet.json +var awsCodeBuildFleet []byte + +//go:embed mapping/aws/resource/config/aws_config_aggregate_authorization.json +var awsConfigAggregateAuthorization []byte + +//go:embed mapping/aws/resource/config/aws_config_organization_managed_rule.json +var awsConfigOrganizationManagedRule []byte + +//go:embed mapping/aws/resource/config/aws_config_remediation_configuration.json +var awsConfigRemediationConfiguration []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_instance_connect_endpoint.json +var awsEc2InstanceConnectEndpoint []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter_rule.json +var awsEc2TrafficMirrorFilterRule []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_traffic_mirror_session.json +var awsEc2TrafficMirrorSession []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter.json +var awsEc2TrafficMirrorFilter []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_traffic_mirror_target.json +var awsEc2TrafficMirrorTarget []byte + +//go:embed mapping/aws/resource/glue/aws_glue_data_quality_ruleset.json +var awsGlueDataQualityRuleset []byte + +//go:embed mapping/aws/resource/glue/aws_glue_dev_endpoint.json +var awsGlueDevEndpoint []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_workspace.json +var awsGrafanaWorkspace []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_data_lake_settings.json +var awsLakeformationDataLakeSettings []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_permissions.json +var awsLakeformationPermissions []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_resource.json +var awsLakeformationResource []byte + +//go:embed mapping/aws/resource/logs/aws_cloudwatch_log_delivery.json +var awsCloudwatchLogDelivery []byte + +//go:embed mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination.json +var awsCloudwatchLogDeliveryDestination []byte + +//go:embed mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination_policy.json +var awsCloudwatchLogDeliveryDestinationPolicy []byte + +//go:embed mapping/aws/resource/logs/aws_cloudwatch_log_delivery_source.json +var awsCloudwatchLogDeliverySource []byte + +//go:embed mapping/aws/resource/logs/aws_cloudwatch_log_index_policy.json +var awsCloudwatchLogIndexPolicy []byte + +//go:embed mapping/aws/resource/logs/aws_cloudwatch_log_anomaly_detector.json +var awsCloudwatchLogAnomalyDetector []byte + +//go:embed mapping/aws/resource/route53profiles/aws_route53profiles_association.json +var awsRoute53profilesAssociation []byte + +//go:embed mapping/aws/resource/route53profiles/aws_route53profiles_profile.json +var awsRoute53profilesProfile []byte + +//go:embed mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group.json +var awsServicecatalogappregistryAttributeGroup []byte + +//go:embed mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group_association.json +var awsServicecatalogappregistryAttributeGroupAssociation []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_server.json +var awsTransferServer []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_ssh_key.json +var awsTransferSSHKey []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_user.json +var awsTransferUser []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_block_public_access_exclusion.json +var awsVpcBlockPublicAccessExclusion []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_block_public_access_options.json +var awsVpcBlockPublicAccessOptions []byte + +//go:embed mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_configuration.json +var awsVpclatticeResourceConfiguration []byte + +//go:embed mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_gateway.json +var awsVpclatticeResourceGateway []byte + +//go:embed mapping/aws/resource/amplify/aws_amplify_backend_environment.json +var awsAmplifyBackendEnvironment []byte + +//go:embed mapping/aws/resource/amplify/aws_amplify_webhook.json +var awsAmplifyWebhook []byte + +//go:embed mapping/aws/resource/appfabric/aws_appfabric_app_authorization.json +var awsAppfabricAppAuthorization []byte + +//go:embed mapping/aws/resource/appfabric/aws_appfabric_app_authorization_connection.json +var awsAppfabricAppAuthorizationConnection []byte + +//go:embed mapping/aws/resource/appfabric/aws_appfabric_app_bundle.json +var awsAppfabricAppBundle []byte + +//go:embed mapping/aws/resource/appfabric/aws_appfabric_ingestion.json +var awsAppfabricIngestion []byte + +//go:embed mapping/aws/resource/appfabric/aws_appfabric_ingestion_destination.json +var awsAppfabricIngestionDestination []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_connection.json +var awsApprunnerConnection []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_custom_domain_association.json +var awsApprunnerCustomDomainAssociation []byte + +//go:embed mapping/aws/resource/apprunner/aws_apprunner_deployment.json +var awsApprunnerDeployment []byte + +//go:embed mapping/aws/resource/cloud9/aws_cloud9_environment_membership.json +var awsCloud9EnvironmentMembership []byte + +//go:embed mapping/aws/resource/cloudformation/aws_cloudcontrolapi_resource.json +var awsCloudcontrolapiResource []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_flow_definition.json +var awsSagemakerFlowDefinition []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_hub.json +var awsSagemakerHub []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_mlflow_tracking_server.json +var awsSagemakerMlflowTrackingServer []byte + +//go:embed mapping/aws/resource/shield/aws_shield_subscription.json +var awsShieldSubscription []byte + +//go:embed mapping/aws/resource/ec2/aws_spot_datafeed_subscription.json +var awsSpotDatafeedSubscription []byte + +//go:embed mapping/aws/resource/ssm/aws_ssm_activation.json +var awsSsmActivation []byte + +//go:embed mapping/aws/resource/ssm/aws_ssm_default_patch_baseline.json +var awsSsmDefaultPatchBaseline []byte + +//go:embed mapping/aws/resource/ssm/aws_ssm_service_setting.json +var awsSsmServiceSetting []byte + +//go:embed mapping/aws/resource/ssm-quicksetup/aws_ssmquicksetup_configuration_manager.json +var awsSsmquicksetupConfigurationManager []byte + +//go:embed mapping/aws/resource/wafregional/aws_wafregional_web_acl_association.json +var awsWafregionalWebACLAssociation []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrockagent_agent_collaborator.json +var awsBedrockagentAgentCollaborator []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrockagent_agent_knowledge_base_association.json +var awsBedrockagentKnowledgeBaseAssociation []byte + +//go:embed mapping/aws/resource/cloudformation/aws_cloudformation_stack_instances.json +var awsCloudformationStackInstances []byte + +//go:embed mapping/aws/resource/cloudfront/aws_cloudfront_vpc_origin.json +var awsCloudfrontVpcOrigin []byte + +//go:embed mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_cluster.json +var awsCloudhsmV2Vluster []byte + +//go:embed mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_hsm.json +var awsCloudhsmV2Hsm []byte + +//go:embed mapping/aws/resource/cloudtrail/aws_cloudtrail_organization_delegated_admin_account.json +var awsCloudtrailOrganizationDelegatedAdminAccount []byte + +//go:embed mapping/aws/resource/codeconnections/aws_codeconnections_host.json +var awsCodeconnectionsHost []byte + +//go:embed mapping/aws/resource/comprehend/aws_comprehend_entity_recognizer.json +var awsComprehendEntityRecognizer []byte + +//go:embed mapping/aws/resource/compute-optimizer/aws_computeoptimizer_enrollment_status.json +var awsComputeoptimizerEnrollmentStatus []byte + +//go:embed mapping/aws/resource/compute-optimizer/aws_computeoptimizer_recommendation_preferences.json +var awsComputeoptimizerRecommendationPreferences []byte + +//go:embed mapping/aws/resource/config/aws_config_organization_custom_policy_rule.json +var awsConfigOrganizationCustomPolicyRule []byte + +//go:embed mapping/aws/resource/config/aws_config_organization_custom_rule.json +var awsConfigOrganizationCustomRule []byte + +//go:embed mapping/aws/resource/config/aws_config_retention_configuration.json +var awsConfigRetentionConfiguration []byte + +//go:embed mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json +var awsCostoptimizationhubEnrollmentStatus []byte + +//go:embed mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json +var awsCostoptimizationhubPreferences []byte + +//go:embed mapping/aws/resource/profile/aws_customerprofiles_profile.json +var awsCustomerprofilesProfile []byte + +//go:embed mapping/aws/resource/connect/aws_connect_lambda_function_association.json +var awsConnectLambdaFunctionAssociation []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_account.json +var awsSecurityhubAccount []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_action_target.json +var awsSecurityhubActionTarget []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_configuration_policy_association.json +var awsSecurityhubConfigurationPolicyAssociation []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_organization_admin_account.json +var awsSecurityhubOrganizationAdminAccount []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_standards_control_association.json +var awsSecurityhubStandardsControlAssociation []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_standards_subscription.json +var awsSecurityhubStandardsSubscription []byte + +//go:embed mapping/aws/resource/securitylake/aws_securitylake_custom_log_source.json +var awsSecuritylakeCustomLogSource []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_access.json +var awsTransferAccess []byte + +//go:embed mapping/aws/resource/transfer/aws_transfer_tag.json +var awsTransferTag []byte + +//go:embed mapping/aws/resource/detective/aws_detective_member.json +var awsDetectiveMember []byte + +//go:embed mapping/aws/resource/detective/aws_detective_organization_configuration.json +var awsDetectiveOrganizationConfiguration []byte + +//go:embed mapping/aws/resource/eks/aws_eks_access_policy_association.json +var awsEksAccessPolicyAssociation []byte + +//go:embed mapping/aws/resource/elasticmapreduce/aws_emrcontainers_job_template.json +var awsEmrcontainersJobTemplate []byte + +//go:embed mapping/aws/resource/fms/aws_fms_admin_account.json +var awsFmsAdminAccount []byte + +//go:embed mapping/aws/resource/glue/aws_glue_catalog_table_optimizer.json +var awsGlueCatalogTableOptimizer []byte + +//go:embed mapping/aws/resource/glue/aws_glue_partition_index.json +var awsGluePartitionIndex []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_license_association.json +var awsGrafanaLicenseAssociation []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_workspace_service_account.json +var awsGrafanaWorkspaceServiceAccount []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_workspace_service_account_token.json +var awsGrafanaWorkspaceServiceAccountToken []byte + +//go:embed mapping/aws/resource/ec2/aws_internet_gateway_attachment.json +var awsInternetGatewayAttachment []byte + +//go:embed mapping/aws/resource/kendra/aws_kendra_experience.json +var awsKendraExperience []byte + +//go:embed mapping/aws/resource/kendra/aws_kendra_query_suggestions_block_list.json +var awsKendraQuerySuggestionsBlockList []byte + +//go:embed mapping/aws/resource/kendra/aws_kendra_thesaurus.json +var awsKendraThesaurus []byte + +//go:embed mapping/aws/resource/aps/aws_prometheus_alert_manager_definition.json +var awsPrometheusAlertManagerDefinition []byte + +//go:embed mapping/aws/resource/aps/aws_prometheus_scraper.json +var awsPrometheusScraper []byte + +//go:embed mapping/aws/resource/aps/aws_prometheus_workspace.json +var awsPrometheusWorkspace []byte + +//go:embed mapping/aws/resource/rds/aws_rds_certificate.json +var awsRdsCertificate []byte + +//go:embed mapping/aws/resource/rds/aws_rds_cluster_snapshot_copy.json +var awsRdsClusterSnapshotCopy []byte + +//go:embed mapping/aws/resource/rds/aws_rds_custom_db_engine_version.json +var awsRdsCustomDBEngineVersion []byte + +//go:embed mapping/aws/resource/rds/aws_rds_export_task.json +var awsRdsExportTask []byte + +//go:embed mapping/aws/resource/rds/aws_rds_reserved_instance.json +var awsRdsReservedInstance []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_opt_in.json +var awsLakeformationOptIn []byte diff --git a/src/files_aws.go b/src/files_aws.go new file mode 100644 index 00000000..6544f1a6 --- /dev/null +++ b/src/files_aws.go @@ -0,0 +1,908 @@ +package pike + +import ( + _ "embed" // required for embed +) + +//go:embed mapping/aws/resource/dataexchange/aws_dataexchange_data_set.json +var awsDataexchangeDataSet []byte + +//go:embed mapping/aws/resource/dataexchange/aws_dataexchange_revision.json +var awsDataexchangeRevision []byte + +//go:embed mapping/aws/resource/devops-guru/aws_devopsguru_event_sources_config.json +var awsDevopsguruEventSourcesConfig []byte + +//go:embed mapping/aws/resource/devops-guru/aws_devopsguru_service_integration.json +var awsDevopsguruServiceIntegration []byte + +//go:embed mapping/aws/resource/drs/aws_drs_replication_configuration_template.json +var awsDrsReplicationConfigurationTemplate []byte + +//go:embed mapping/aws/resource/elastictranscoder/aws_elastictranscoder_pipeline.json +var awsElastictranscoderPipeline []byte + +//go:embed mapping/aws/resource/elastictranscoder/aws_elastictranscoder_preset.json +var awsElastictranscoderPreset []byte + +//go:embed mapping/aws/resource/kinesisanalytics/aws_kinesis_analytics_application.json +var awsKinesisanalyticsApplication []byte + +//go:embed mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application_snapshot.json +var awsKinesisanalyticsv2ApplicationSnapshot []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_lf_tag.json +var awsLakeformationLfTag []byte + +//go:embed mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tags.json +var awsLakeformationResourceLfTags []byte + +//go:embed mapping/aws/resource/lambda/aws_lambda_function_recursion_config.json +var awsLambdaFunctionRecursionConfig []byte + +//go:embed mapping/aws/resource/lambda/aws_lambda_runtime_management_config.json +var awsLambdaRuntimeManagementConfig []byte + +//go:embed mapping/aws/resource/license-manager/aws_licensemanager_association.json +var awsLicensemanagerAssociation []byte + +//go:embed mapping/aws/resource/license-manager/aws_licensemanager_grant_accepter.json +var awsLicensemanagerGrantAccepter []byte + +//go:embed mapping/aws/resource/mediapackagev2/aws_media_packagev2_channel_group.json +var awsMediaPackagev2ChannelGroup []byte + +//go:embed mapping/aws/resource/mediastore/aws_media_store_container.json +var awsMediaStoreContainer []byte + +//go:embed mapping/aws/resource/mediastore/aws_media_store_container_policy.json +var awsMediaStoreContainerPolicy []byte + +//go:embed mapping/aws/resource/medialive/aws_medialive_channel.json +var awsMedialiveChannel []byte + +//go:embed mapping/aws/resource/devicefarm/aws_devicefarm_device_pool.json +var awsDevicefarmDevicePool []byte + +//go:embed mapping/aws/resource/devicefarm/aws_devicefarm_instance_profile.json +var awsDevicefarmInstanceProfile []byte + +//go:embed mapping/aws/resource/devicefarm/aws_devicefarm_network_profile.json +var awsDevicefarmNetworkProfile []byte + +//go:embed mapping/aws/resource/devicefarm/aws_devicefarm_project.json +var awsDevicefarmProject []byte + +//go:embed mapping/aws/resource/devicefarm/aws_devicefarm_upload.json +var awsDevicefarmUpload []byte + +//go:embed mapping/aws/resource/finspace/aws_finspace_kx_cluster.json +var awsFinspaceKxCluster []byte + +//go:embed mapping/aws/resource/finspace/aws_finspace_kx_database.json +var awsFinspaceKxDatabase []byte + +//go:embed mapping/aws/resource/finspace/aws_finspace_kx_dataview.json +var awsFinspaceKxDataview []byte + +//go:embed mapping/aws/resource/finspace/aws_finspace_kx_scaling_group.json +var awsFinspaceKxScalingGroup []byte + +//go:embed mapping/aws/resource/finspace/aws_finspace_kx_user.json +var awsFinspaceKxUser []byte + +//go:embed mapping/aws/resource/finspace/aws_finspace_kx_volume.json +var awsFinspaceKxVolume []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key_access_key.json +var awsLightsailBucketAccessKeyAccessKey []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_bucket_resource_access.json +var awsLightsailBucketResourceAccess []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_container_service.json +var awsLightsailContainerService []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_container_service_deployment_version.json +var awsLightsailContainerServiceDeploymentVersion []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_disk_attachment.json +var awsLightsailDiskAttachment []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_domain.json +var awsLightsailDomain []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_domain_entry.json +var awsLightsailDomainEntry []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_lb_attachment.json +var awsLightsailLbAttachment []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_lb_certificate.json +var awsLightsailLbCertificate []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_lb_certificate_attachment.json +var awsLightsailLbCertificateAttachment []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_lb_https_redirection_policy.json +var awsLightsailLbHTTPSRedirectionPolicy []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_lb_stickiness_policy.json +var awsLightsailLbStickinessPolicy []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_bgp_peer.json +var awsDxBgpPeer []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_connection.json +var awsDxConnection []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_connection_association.json +var awsDxConnectionAssociation []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_connection_confirmation.json +var awsDxConnectionConfirmation []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_gateway_association_proposal.json +var awsDxGatewayAssociationProposal []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_hosted_connection.json +var awsDxHostedConnection []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface.json +var awsDxHostedPrivateVirtualInterface []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface_accepter.json +var awsDxHostedPrivateVirtualInterfaceAccepter []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface.json +var awsDxHostedPublicVirtualInterface []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface_accepter.json +var awsDxHostedPublicVirtualInterfaceAccepter []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_hosted_transit_virtual_interface.json +var awsDxHostedTransitVirtualInterface []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_lag.json +var awsDxLag []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_macsec_key_association.json +var awsDxMacsecKeyAssociation []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_private_virtual_interface.json +var awsDxPrivateVirtualInterface []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_public_virtual_interface.json +var awsDxPublicVirtualInterface []byte + +//go:embed mapping/aws/resource/directconnect/aws_dx_transit_virtual_interface.json +var awsDxTransitVirtualInterface []byte + +//go:embed mapping/aws/resource/directoryservice/aws_directory_service_conditional_forwarder.json +var awsDirectoryServiceConditionalForwarder []byte + +//go:embed mapping/aws/resource/directoryservice/aws_directory_service_radius_settings.json +var awsDirectoryServiceRadiusSettings []byte + +//go:embed mapping/aws/resource/directoryservice/aws_directory_service_region.json +var awsDirectoryServiceRegion []byte + +//go:embed mapping/aws/resource/directoryservice/aws_directory_service_shared_directory.json +var awsDirectoryServiceSharedDirectory []byte + +//go:embed mapping/aws/resource/directoryservice/aws_directory_service_shared_directory_accepter.json +var awsDirectoryServiceSharedDirectoryAccepter []byte + +//go:embed mapping/aws/resource/directoryservice/aws_directory_service_trust.json +var awsDirectoryServiceTrust []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_application.json +var awsOpsworksApplication []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_custom_layer.json +var awsOpsworksCustomLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_ecs_cluster_layer.json +var awsOpsworksEcsClusterLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_ganglia_layer.json +var awsOpsworksGangliaLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_haproxy_layer.json +var awsOpsworksHaproxyLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_instance.json +var awsOpsworksInstance []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_java_app_layer.json +var awsOpsworksJavaAppLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_memcached_layer.json +var awsOpsworksMemcachedLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_mysql_layer.json +var awsOpsworksMysqlLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_nodejs_app_layer.json +var awsOpsworksNodejsAppLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_permission.json +var awsOpsworksPermission []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_php_app_layer.json +var awsOpsworksPhpAppLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_rails_app_layer.json +var awsOpsworksRailsAppLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_rds_db_instance.json +var awsOpsworksRdsDBInstance []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_stack.json +var awsOpsworksStack []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_static_web_layer.json +var awsOpsworksStaticWebLayer []byte + +//go:embed mapping/aws/resource/opsworks/aws_opsworks_user_profile.json +var awsOpsworksUserProfile []byte + +//go:embed mapping/aws/resource/kafka/aws_mskconnect_connector.json +var awsMskconnectConnector []byte + +//go:embed mapping/aws/resource/dynamodb/aws_dynamodb_kinesis_streaming_destination.json +var awsDynamodbKinesisStreamingDestination []byte + +//go:embed mapping/aws/resource/dynamodb/aws_dynamodb_resource_policy.json +var awsDynamodbResourcePolicy []byte + +//go:embed mapping/aws/resource/dynamodb/aws_dynamodb_table_export.json +var awsDynamodbTableExport []byte + +//go:embed mapping/aws/resource/dynamodb/aws_dynamodb_table_replica.json +var awsDynamodbTableReplica []byte + +//go:embed mapping/aws/resource/ec2/aws_ebs_snapshot_import.json +var awsEbsSnapshotImport []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_capacity_block_reservation.json +var awsEc2CapacityBlockReservation []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_instance_metadata_defaults.json +var awsEc2InstanceMetadataDefaults []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_instance_state.json +var awsEc2InstanceState []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_managed_prefix_list_entry.json +var awsEc2ManagedPrefixListEntry []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_subnet_cidr_reservation.json +var awsEc2SubnetCidrReservation []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect.json +var awsEc2TransitGatewayConnectPeer []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_default_route_table_association.json +var awsEc2TransitGatewayDefaultRouteTableAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_propagation.json +var awsEc2TransitGatewayDefaultRouteTablePropagation []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment_accepter.json +var awsEc2TransitGatewayPeeringAttachmentAccepter []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table.json +var awsEc2TransitGatewayPolicyTable []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table_association.json +var awsEc2TransitGatewayPolicyTableAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_prefix_list_reference.json +var awsEc2TransitGatewayPrefixListReference []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment_accepter.json +var awsEc2TransitGatewayVpcAttachmentAccepter []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_detector_feature.json +var awsGuarddutyDetectorFeature []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_invite_accepter.json +var awsGuarddutyInviteAcceptor []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_member_detector_feature.json +var awsGuarddutyMemberDetectorFeature []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_organization_admin_account.json +var awsGuarddutyOrganizationAdminAccount []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_organization_configuration.json +var awsGuarddutyOrganizationConfiguration []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_publishing_destination.json +var awsGuarddutyPublishingDestination []byte + +//go:embed mapping/aws/resource/lex/aws_lexv2models_bot.json +var awsLexv2ModelsBot []byte + +//go:embed mapping/aws/resource/lex/aws_lexv2models_bot_locale.json +var awsLexv2ModelsBotLocale []byte + +//go:embed mapping/aws/resource/lex/aws_lexv2models_bot_version.json +var awsLexv2ModelsBotVersion []byte + +//go:embed mapping/aws/resource/lex/aws_lexv2models_intent.json +var awsLexv2ModelsIntent []byte + +//go:embed mapping/aws/resource/lex/aws_lexv2models_slot.json +var awsLexv2ModelsSlot []byte + +//go:embed mapping/aws/resource/lex/aws_lexv2models_slot_type.json +var awsLexv2ModelsSlotType []byte + +//go:embed mapping/aws/resource/guardduty/aws_guardduty_organization_configuration_feature.json +var awsGuarddutyOrganizationConfigurationFeature []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_adm_channel.json +var awsPinpointAdmChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_channel.json +var awsPinpointApnsChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_sandbox_channel.json +var awsPinpointApnsSandboxChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_channel.json +var awsPinpointApnsVoipChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_sandbox_channel.json +var awsPinpointApnsVoipSandboxChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_app.json +var awsPinpointApp []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_baidu_channel.json +var awsPinpointBaiduChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_email_channel.json +var awsPinpointEmailChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_email_template.json +var awsPinpointEmailTemplate []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_event_stream.json +var awsPinpointEventStream []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_gcm_channel.json +var awsPinpointGcmChannel []byte + +//go:embed mapping/aws/resource/mobiletargeting/aws_pinpoint_sms_channel.json +var awsPinpointSmsChannel []byte + +//go:embed mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_configuration_set.json +var awsPinpointsmsvoicev2ConfigurationSet []byte + +//go:embed mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_opt_out_list.json +var awsPinpointsmsvoicev2OptOutList []byte + +//go:embed mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_phone_number.json +var awsPinpointsmsvoicev2PhoneNumber []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_account_assignment.json +var awsSsoadminAccountAssignment []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_application_access_scope.json +var awsSsoadminApplicationAccessScope []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_application_assignment_configuration.json +var awsSsoadminApplicationAssignmentConfiguration []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_customer_managed_policy_attachment.json +var awsSsoadminCustomerManagedPolicyAttachment []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_instance_access_control_attributes.json +var awsSsoadminInstanceAccessControlAttributes []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_managed_policy_attachment.json +var awsSsoadminManagedPolicyAttachment []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_permission_set_inline_policy.json +var awsSsoadminPermissionSetInlinePolicy []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_permissions_boundary_attachment.json +var awsSsoadminPermissionsBoundaryAttachment []byte + +//go:embed mapping/aws/resource/sso/aws_ssoadmin_trusted_token_issuer.json +var awsSsoadminTrustedTokenIssuer []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_account_suppression_attributes.json +var awsSesv2AccountSuppressionAttributes []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_account_vdm_attributes.json +var awsSesv2AccountVdmAttributes []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_configuration_set.json +var awsSesv2ConfigurationSet []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_configuration_set_event_destination.json +var awsSesv2ConfigurationSetEventDestination []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_contact_list.json +var awsSesv2ContactList []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_dedicated_ip_assignment.json +var awsSesv2DedicatedIPAssignment []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_dedicated_ip_pool.json +var awsSesv2DedicatedIPPool []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_email_identity.json +var awsSesv2EmailIdentity []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_email_identity_feedback_attributes.json +var awsSesv2EmailIdentityFeedbackAttributes []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_email_identity_mail_from_attributes.json +var awsSesv2EmailIdentityMailFromAttributes []byte + +//go:embed mapping/aws/resource/ses/aws_sesv2_email_identity_policy.json +var awsSesv2EmailIdentityPolicy []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_cluster_snapshot.json +var awsRedshiftClusterSnapshot []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_data_share_authorization.json +var awsRedshiftDataShareAuthorization []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_data_share_consumer_association.json +var awsRedshiftDataShareConsumerAssociation []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_logging.json +var awsRedshiftLogging []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_partner.json +var awsRedshiftPartner []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_resource_policy.json +var awsRedshiftResourcePolicy []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_snapshot_copy.json +var awsRedshiftSnapshotCopy []byte + +//go:embed mapping/aws/resource/redshift-data/aws_redshiftdata_statement.json +var awsRedshiftdataStatement []byte + +//go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_custom_domain_association.json +var awsRedshiftserverlessCustomDomainAssociation []byte + +//go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_endpoint_access.json +var awsRedshiftserverlessEndpointAccess []byte + +//go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_resource_policy.json +var awsRedshiftserverlessResourcePolicy []byte + +//go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_snapshot.json +var awsRedshiftserverlessSnapshot []byte + +//go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_usage_limit.json +var awsRedshiftserverlessUsageLimit []byte + +//go:embed mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json +var awsRoute53DomainsDelegationSignerRecord []byte + +//go:embed mapping/aws/resource/route53domains/aws_route53domains_domain.json +var awsRoute53DomainsDomain []byte + +//go:embed mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json +var awsRoute53DomainsRegisteredDomain []byte + +//go:embed mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json +var awsRoute53profilesResourceAssociation []byte + +//go:embed mapping/aws/resource/s3-express/aws_s3_directory_bucket.json +var awsS3DirectoryBucket []byte + +//go:embed mapping/aws/resource/s3/aws_s3_object_copy.json +var awsS3ObjectCopy []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json +var awsS3controlAccessGrantInstanceResourcePolicy []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_bucket.json +var awsS3ControlBucket []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json +var awsS3ControlBucketLifecycleAssociation []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json +var awsS3ControlBucketPolicy []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json +var awsS3ControlObjectLambdaAccessPoint []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json +var awsS3ControlObjectLambdaAccessPointPolicy []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json +var awsS3ControlStorageLensConfiguration []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json +var awsOpensearchAuthorizeVpcEndpointAccess []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_domain_saml_options.json +var awsOpensearchDomainSamlOptions []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json +var awsOpensearchInboundConnectionAccepter []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_outbound_connection.json +var awsOpensearchOutboundConnection []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_package.json +var awsOpensearchPackage []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_package_association.json +var awsOpensearchPackageAssociation []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json +var awsOpensearchVPCEndpoint []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json +var awsServiceDiscoveryHttpNamespace []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json +var awsServiceDiscoveryInstance []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json +var awsServiceDiscoveryPrivateDNSNamespace []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json +var awsServiceDiscoveryPublicDNSNamespace []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_service.json +var awsServiceDiscoveryService []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_account.json +var awsMacieAccount []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json +var awsMacieClassificationExportConfiguration []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_classification_job.json +var awsMacieClassificationJob []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json +var awsMacieInvitationAccepter []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_member.json +var awsMacieMember []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json +var awsMacieOrganizationAdminAccount []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json +var awsVpcEndpointPolicy []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json +var awsVpcEndpointPrivateDns []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json +var awsVpcEndpointSecurityGroupAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json +var awsVpcEndpointServiceAllowedPrincipal []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json +var awsVpcEndpointServicePrivateDnsVerification []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json +var awsVpcIpamOrganizationAdminAccount []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json +var awsVpcIpv6CidrBlockAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json +var awsVpcNetworkPerformanceMetricSubscription []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json +var awsVpcSecurityGroupAssociation []byte + +//go:embed mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json +var awsVpclatticeServiceNetworkResourceAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json +var awsVpcEndpointConnectionAccepter []byte + +//go:embed mapping/aws/resource/iot/aws_iot_event_configurations.json +var awsIotEventConfigurations []byte + +//go:embed mapping/aws/resource/iot/aws_iot_indexing_configuration.json +var awsIotIndexingConfiguration []byte + +//go:embed mapping/aws/resource/iot/aws_iot_logging_options.json +var awsIotLoggingOptions []byte + +//go:embed mapping/aws/resource/iot/aws_iot_policy_attachment.json +var awsIotPolicyAttachment []byte + +//go:embed mapping/aws/resource/iot/aws_iot_thing_group_membership.json +var awsIotThingGroupMembership []byte + +//go:embed mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json +var awsIotThingPrincipalAttachment []byte + +//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json +var awsLbListenerCertificate []byte + +//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json +var awsLbSslNegotiationPolicy []byte + +//go:embed mapping/aws/resource/ec2/aws_main_route_table_association.json +var awsMainRouteTableAssociation []byte + +//go:embed mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json +var awsMemorydbMultiRegionCluster []byte + +//go:embed mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json +var awsMskSingleScramSecretAssociation []byte + +//go:embed mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json +var awsMskconnectCustomPlugin []byte + +//go:embed mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json +var awsMskconnectWorkerConfiguration []byte + +//go:embed mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json +var awsNetworkInterfaceSgAttachment []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json +var awsNetworkmanagerAttachmentAccepter []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_connection.json +var awsNetworkmanagerConnection []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json +var awsNetworkmanagerCoreNetworkPolicyAttachment []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json +var awsNetworkmanagerTransitGatewayConnectPeerAssociation []byte + +//go:embed mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json +var awsNetworkmonitorMonitor []byte + +//go:embed mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json +var awsNetworkmonitorProbe []byte + +//go:embed mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json +var awsOrganizationsDelegatedAdministrator []byte + +//go:embed mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json +var awsPrometheusRuleGroupNamespace []byte + +//go:embed mapping/aws/resource/qldb/aws_qldb_ledger.json +var awsQlbdLedger []byte + +//go:embed mapping/aws/resource/ram/aws_ram_resource_share_accepter.json +var awsRamResourceShareAccepter []byte + +//go:embed mapping/aws/resource/ram/aws_ram_sharing_with_organization.json +var awsRamSharingWithOrganization []byte + +//go:embed mapping/aws/resource/rbin/aws_rbin_rule.json +var awsRbinRule []byte + +//go:embed mapping/aws/resource/rds/aws_rds_instance_state.json +var awsRdsInstanceState []byte + +//go:embed mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json +var awsResilienceResiliencePolicy []byte + +//go:embed mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json +var awsResourcegroupsResource []byte + +//go:embed mapping/aws/resource/rum/aws_rum_metrics_destination.json +var awsRumMetricsDestination []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_invite_accepter.json +var awsSecurityHubInviteAccepter []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_member.json +var awsSecurityhubMember []byte + +//go:embed mapping/aws/resource/serverlessrepo/aws_serverlessapplicationrepository_cloudformation_stack.json +var awsServerlessapplicationrepositoryCloudformationStack []byte + +//go:embed mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json +var awsServiceCatalogProvisioningArtifact []byte + +//go:embed mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json +var awsShieldApplicationLayerAutomaticsResponse []byte + +//go:embed mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json +var awsShieldDrtAccessLogBucketAssociation []byte + +//go:embed mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json +var awsShieldDrtAccessRoleArnAssociation []byte + +//go:embed mapping/aws/resource/shield/aws_shield_protection_health_check_association.json +var awsShieldProtectionHealthCheckAssociation []byte + +//go:embed mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json +var awsTimestreamqueryScheduledQuery []byte + +//go:embed mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json +var awsVerifiedaccessInstanceTrustProviderAttachment []byte + +//go:embed mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json +var awsVerifiedpermissionsSchema []byte + +//go:embed mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json +var awsCognitoManagedUserPoolClient []byte + +//go:embed mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json +var awsEbsFastSnapshotRestore []byte + +//go:embed mapping/aws/resource/ecr/aws_ecr_account_setting.json +var awsEcrAccountSetting []byte + +//go:embed mapping/aws/resource/ecs/aws_ecs_account_setting_default.json +var awsEcsAccountSettingDefault []byte + +//go:embed mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json +var awsEcsClusterCapacityProviders []byte + +//go:embed mapping/aws/resource/ec2/aws_eip_domain_name.json +var awsEipDomainName []byte + +//go:embed mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json +var awsElasticacheReservedCacheNode []byte + +//go:embed mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json +var awsElasticacheServerlessCache []byte + +//go:embed mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json +var awsElasticacheUserGroupAssociation []byte + +//go:embed mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json +var awsIamGroupPolicyAttachmentExclusive []byte + +//go:embed mapping/aws/resource/iam/aws_iam_organizations_features.json +var awsIamOrganizationsFeatures []byte + +//go:embed mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json +var awsIamRolePolicyAttachmentsExclusive []byte + +//go:embed mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json +var awsIamUserPolicyAttachmentsExclusive []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json +var awsGrafanaWorkspaceSamlConfiguration []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_role_association.json +var awsGrafanaRoleAssociation []byte + +//go:embed mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json +var awsElasticsearchDomainSamlOptions []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json +var awsElasticsearchVpcEndpoint []byte + +//go:embed mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_insight_rule.json +var awsCloudwatchContributorInsightRule []byte + +//go:embed mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_managed_insight_rule.json +var awsCloudwatchContributorManagedInsightRule []byte + +//go:embed mapping/aws/resource/qbusiness/aws_qbusiness_application.json +var awsQbusinessApplication []byte + +//go:embed mapping/aws/resource/dataexchange/aws_dataexchange_event_action.json +var awsDataexchangeEventAction []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_organization_configuration.json +var awsMacie2OrganizationConfiguration []byte + +//go:embed mapping/aws/resource/neptune-graph/aws_neptunegraph_graph.json +var awsNeptunegraphGraph []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_role_membership.json +var awsQuicksightRoleMembership []byte + +//go:embed mapping/aws/resource/rds/aws_rds_shard_group.json +var awsRdsShardGroup []byte + +//go:embed mapping/aws/resource/xray/aws_xray_resource_policy.json +var awsXrayResourcePolicy []byte + +//go:embed mapping/aws/resource/ec2/aws_network_interface_permission.json +var awsNetworkInterfacePermission []byte + +//go:embed mapping/aws/resource/route53/aws_route53_records_exclusive.json +var awsRoute53RecordsExclusive []byte + +//go:embed mapping/aws/resource/athena/aws_athena_capacity_reservation.json +var awsAthenaCapacityReservation []byte + +//go:embed mapping/aws/resource/redshift/aws_redshift_integration.json +var awsRedshiftIntegration []byte + +//go:embed mapping/aws/resource/backup/aws_backup_restore_testing_plan.json +var awsBackupRestoreTestingPlan []byte + +//go:embed mapping/aws/resource/ec2/aws_ec2_default_credit_specification.json +var awsEc2DefaultCreditSpecification []byte + +//go:embed mapping/aws/resource/bedrock/aws_bedrockagent_prompt.json +var awsBedrockagentPrompt []byte + +//go:embed mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_keys_exclusive.json +var awsCloudfrontkeyvaluestoreKeysExclusive []byte + +//go:embed mapping/aws/resource/dataexchange/aws_dataexchange_revision_assets.json +var awsDataexchangeRevisionAssets []byte + +//go:embed mapping/aws/resource/inspector2/aws_inspector2_filter.json +var awsInspector2Filter []byte + +//go:embed mapping/aws/resource/wafv2/aws_wafv2_api_key.json +var awsWafv2ApiKey []byte + +//go:embed mapping/aws/resource/notifications/aws_notifications_channel_association.json +var awsNotificationsChannelAssociation []byte + +//go:embed mapping/aws/resource/notifications/aws_notifications_event_rule.json +var awsNotificationsEventRule []byte + +//go:embed mapping/aws/resource/notifications/aws_notifications_notification_configuration.json +var awsNotificationsNotificationConfiguration []byte + +//go:embed mapping/aws/resource/notifications/aws_notifications_notification_hub.json +var awsNotificationsNotificationHub []byte + +//go:embed mapping/aws/resource/notifications-contacts/aws_notificationscontacts_email_contact.json +var awsNotificationscontactsEmailContact []byte + +//go:embed mapping/aws/resource/quicksight/aws_quicksight_account_settings.json +var awsQuicksightAccountSettings []byte + +//go:embed mapping/aws/resource/workspaces-web/aws_workspacesweb_browser_settings.json +var awsWorkspaceswebBrowserSettings []byte + +//go:embed mapping/aws/resource/workspaces-web/aws_workspacesweb_network_settings.json +var awsWorkspaceswebNetworkSettings []byte + +//go:embed mapping/aws/resource/workspaces-web/aws_workspacesweb_user_settings.json +var awsWorkspaceswebUserSettings []byte + +//go:embed mapping/aws/resource/dsql/aws_dsql_cluster.json +var awsDsqlCluster []byte + +//go:embed mapping/aws/resource/dsql/aws_dsql_cluster_peering.json +var awsDsqlClusterPeering []byte + +//go:embed mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key_access_key.json +var awsLightsailBucketAccessKey []byte + +//go:embed mapping/aws/resource/aps/aws_prometheus_workspace_configuration.json +var awsPrometheusWorkspaceConfiguration []byte + +//go:embed mapping/aws/resource/s3control/aws_s3control_directory_bucket_access_point_scope.json +var awsS3controlDirectoryBucketAccessPointScope []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_route_server.json +var awsVpcRouteServer []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_route_server_propagation.json +var awsVpcRouteServerPropagation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_route_server_vpc_association.json +var awsVpcRouteServerVpcAssociation []byte + +//go:embed mapping/aws/resource/workspaces-web/aws_workspacesweb_data_protection_settings.json +var awsWorkspaceswebDataProtectionSettings []byte + +//go:embed mapping/aws/resource/workspaces-web/aws_workspacesweb_ip_access_settings.json +var awsWorkspaceswebIpAccessSettings []byte + +//go:embed mapping/aws/resource/workspaces-web/aws_workspacesweb_user_access_logging_settings.json +var awsWorkspaceswebUserAccessLoggingSettings []byte diff --git a/src/files_azure_datasource.go b/src/files_azure_datasource.go index 8960fe75..050d189a 100644 --- a/src/files_azure_datasource.go +++ b/src/files_azure_datasource.go @@ -233,46 +233,40 @@ var dataAzurermSpringCloudApp []byte var dataAzurermSpringCloudService []byte //go:embed mapping/azurerm/data/sql/azurerm_sql_database.json -var dataAzurermSqlDatabase []byte +var dataAzurermSQLDatabase []byte //go:embed mapping/azurerm/data/sql/azurerm_sql_managed_instance.json -var dataAzurermSqlManagedInstance []byte +var dataAzurermSQLManagedInstance []byte //go:embed mapping/azurerm/data/sql/azurerm_sql_server.json -var dataAzurermSqlServer []byte +var dataAzurermSQLServer []byte //go:embed mapping/azurerm/data/azurestackhci/azurerm_stack_hci_cluster.json var dataAzurermStackHCICluster []byte -////go:embed mapping/azurerm/data/ -//var dataAzurermSnapshot []byte -// -////go:embed mapping/azurerm/data/ -//var dataAzurermSourceControlToken []byte - //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management.json -var dataAzurermApiManagement []byte +var dataAzurermAPIManagement []byte //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management_api.json -var dataAzurermApiManagementApi []byte +var dataAzurermAPIManagementAPI []byte //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management_api_version_set.json -var dataAzurermApiManagementVersionSet []byte +var dataAzurermAPIManagementVersionSet []byte //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management_gateway.json -var dataAzurermApiManagementGateway []byte +var dataAzurermAPIManagementGateway []byte //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management_gateway_host_name_configuration.json -var dataAzurermApiManagementGatewayHostNameConfiguration []byte +var dataAzurermAPIManagementGatewayHostNameConfiguration []byte //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management_group.json -var dataAzurermApiManagementGroup []byte +var dataAzurermAPIManagementGroup []byte //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management_product.json -var dataAzurermApiManagmentProduct []byte +var dataAzurermAPIManagmentProduct []byte //go:embed mapping/azurerm/data/apimanagement/azurerm_api_management_user.json -var dataAzurermApiManagementUser []byte +var dataAzurermAPIManagementUser []byte //go:embed mapping/azurerm/data/appconfiguration/azurerm_app_configuration.json var dataAzurermAppConfiguration []byte @@ -308,7 +302,7 @@ var dataAzurermAvailabilitySet []byte var dataAzurermBackupPolicyFileShare []byte //go:embed mapping/azurerm/data/recoveryservices/azurerm_backup_policy_vm.json -var dataAzurermBackupPolicyVm []byte +var dataAzurermBackupPolicyVM []byte //go:embed mapping/azurerm/data/network/azurerm_bastion_host.json var dataAzurermBastionHost []byte diff --git a/src/files_datasource.go b/src/files_datasource.go index 82645d90..fc15840f 100644 --- a/src/files_datasource.go +++ b/src/files_datasource.go @@ -1473,3 +1473,234 @@ var dataAwsTransferConnector []byte //go:embed mapping/aws/data/ecr/aws_ecr_repository_creation_template.json var dataAwsEcrRepositoryCreationTemplate []byte + +//go:embed mapping/aws/data/rds/aws_rds_cluster_parameter_group.json +var dataAwsRdsClusterParameterGroup []byte + +//go:embed mapping/aws/data/secretsmanager/aws_secretsmanager_secret_versions.json +var dataAwsSecretsmanagerSecretVersions []byte + +//go:embed mapping/aws/data/bedrock/aws_bedrockagent_agent_versions.json +var dataAwsBedrockAgentVersions []byte + +//go:embed mapping/aws/data/glue/aws_glue_registry.json +var dataAwsGlueRegistry []byte + +//go:embed mapping/aws/data/organizations/aws_organizations_organizational_unit_descendant_organizational_units.json +var dataAwsOrganizationsOrganizationalUnitDescendantOrganizationalUnits []byte + +//go:embed mapping/aws/data/quicksight/aws_quicksight_analysis.json +var dataAwsQuicksightAnalysis []byte + +//go:embed mapping/aws/data/route53/aws_route53_zones.json +var dataAwsRoute53Zones []byte + +//go:embed mapping/aws/data/shield/aws_shield_protection.json +var dataAwsShieldProtection []byte + +//go:embed mapping/aws/data/sso/aws_ssoadmin_permission_sets.json +var dataAwsSsoadminPermissionSets []byte + +//go:embed mapping/aws/data/codebuild/aws_codebuild_fleet.json +var dataAwsCodebuildFleet []byte + +//go:embed mapping/aws/data/elasticache/aws_elasticache_reserved_cache_node_offering.json +var dataAwsElasticacheReservedCacheNodeOffering []byte + +//go:embed mapping/aws/data/synthetics/aws_synthetics_runtime_version.json +var dataAwsSyntheticsRuntimeVersion []byte + +//go:embed mapping/aws/data/synthetics/aws_synthetics_runtime_versions.json +var dataAwsSytheticsRuntimeVersions []byte + +//go:embed mapping/aws/data/bedrock/aws_bedrock_inference_profile.json +var dataAwsBedrockInferenceProfile []byte + +//go:embed mapping/aws/data/bedrock/aws_bedrock_inference_profiles.json +var dataAwsBedrockInferenceProfiles []byte + +//go:embed mapping/aws/data/elasticache/aws_elasticache_serverless_cache.json +var dataAwsElasticacheServerlessCache []byte + +//go:embed mapping/aws/data/aps/aws_prometheus_default_scraper_configuration.json +var dataAwsPrometheusDefaultScarperConfiguration []byte + +//go:embed mapping/aws/data/route53profiles/aws_route53profiles_profiles.json +var dataAwsRoute53profilesProfiles []byte + +//go:embed mapping/aws/data/ssm/aws_ssm_patch_baselines.json +var dataAwsSsmPatchBaselines []byte + +//go:embed mapping/aws/data/elasticloadbalancing/aws_lb_listener_rule.json +var dataAwsLbListenerRule []byte + +//go:embed mapping/aws/data/ec2/aws_spot_datafeed_subscription.json +var dataAwsSpotDatafeedSubscription []byte + +//go:embed mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group.json +var dataServicecatalogappregistryAttributeGroup []byte + +//go:embed mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group_associations.json +var dataServicecatalogappregistryAttributeGroupAssociations []byte + +//go:embed mapping/aws/data/route53/aws_route53_records.json +var dataAwsRoute53Records []byte + +//go:embed mapping/aws/data/cloudwatch/aws_cloudwatch_event_buses.json +var dataAwsCloudwatchEventBuses []byte + +//go:embed mapping/aws/data/ecs/aws_ecs_clusters.json +var dataAwsEcsClusters []byte + +//go:embed mapping/aws/data/ec2/aws_vpc_ipam.json +var dataAwsVpcIpam []byte + +//go:embed mapping/aws/data/cloudwatch/aws_cloudwatch_contributor_managed_insight_rules.json +var dataAwsCloudwatchContributorManagedInsightRules []byte + +//go:embed mapping/aws/data/datazone/aws_datazone_domain.json +var dataAwsDatazoneDomain []byte + +//go:embed mapping/aws/data/eks/aws_eks_cluster_versions.json +var dataAwsEksClusterVersions []byte + +//go:embed mapping/aws/data/identitystore/aws_identitystore_group_memberships.json +var dataAwsIdentitystoreGroupMembership []byte + +//go:embed mapping/aws/data/identitystore/aws_identitystore_user.json +var dataAwsIdentitystoreGroupUsers []byte + +//go:embed mapping/aws/data/ec2/aws_vpc_endpoint_associations.json +var dataAwsVpcEndpointAssociations []byte + +//go:embed mapping/aws/data/fis/aws_fis_experiment_templates.json +var dataAwsFisExperimentTemplates []byte + +//go:embed mapping/aws/data/kms/aws_kms_public_key.json +var dataAwsKmsPublicKey []byte + +//go:embed mapping/aws/data/lambda/aws_lambda_function_url.json +var dataAwsLambdaFunctionUrl []byte + +//go:embed mapping/aws/data/lambda/aws_lambda_functions.json +var dataAwsLambdaFunctions []byte + +//go:embed mapping/aws/data/lambda/aws_lambda_layer_version.json +var dataAwsLambdaLayerVersion []byte + +//go:embed mapping/aws/data/ec2/aws_network_interface.json +var dataAwsNetworkInterface []byte + +//go:embed mapping/aws/data/waf/aws_waf_subscribed_rule_group.json +var dataAwsWafSubscribedRuleGroup []byte + +//go:embed mapping/aws/data/wafregional/aws_wafregional_subscribed_rule_group.json +var dataAwsWafRegionalSubscribedRuleGroup []byte + +//go:embed mapping/aws/data/elasticloadbalancing/aws_elb.json +var dataAwsElb []byte + +//go:embed mapping/aws/data/account/aws_account_primary_contact.json +var dataAwsAccountPrimaryContact []byte + +//go:embed mapping/aws/data/dynamodb/aws_dynamodb_tables.json +var dataAwsDynamodbTables []byte + +//go:embed mapping/aws/data/backend/s3.json +var dataBackend []byte + +//go:embed mapping/aws/data/ecr/aws_ecr_images.json +var dataAwsEcrImages []byte + +//go:embed mapping/aws/data/s3/aws_s3_access_point.json +var dataAwsS3AccessPoint []byte + +//go:embed mapping/aws/data/billing/aws_billing_views.json +var dataAwsBillingViews []byte + +//go:embed mapping/aws/data/mediaconvert/aws_media_convert_queue.json +var dataAwsMediaConvertQueue []byte + +//go:embed mapping/aws/data/memorydb/aws_memorydb_acl.json +var dataAwsMemorydbAcl []byte + +//go:embed mapping/aws/data/memorydb/aws_memorydb_cluster.json +var dataAwsMemorydbCluster []byte + +//go:embed mapping/aws/data/memorydb/aws_memorydb_parameter_group.json +var dataAwsMemorydbParameterGroup []byte + +//go:embed mapping/aws/data/memorydb/aws_memorydb_snapshot.json +var dataAwsMemorydbSnapshot []byte + +//go:embed mapping/aws/data/memorydb/aws_memorydb_subnet_group.json +var dataAwsMemorydbSubnetGroup []byte + +//go:embed mapping/aws/data/memorydb/aws_memorydb_user.json +var dataAwsMemorydbUser []byte + +//go:embed mapping/aws/data/securityhub/aws_securityhub_standards_control_associations.json +var dataAwsSecurityhubStandardsControlAssociations []byte + +//go:embed mapping/aws/data/workspaces/aws_workspaces_workspace.json +var dataAwsWorkspacesWorkspace []byte + +//go:embed mapping/aws/data/appconfig/aws_appconfig_application.json +var dataAwsAppconfigApplication []byte + +//go:embed mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_cluster.json +var dataAwsOdbCloudAutonomousVmCluster []byte + +//go:embed mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_clusters.json +var dataAwsOdbCloudAutonomousVmClusters []byte + +//go:embed mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructure.json +var dataAwsOdbCloudExadataInfrastructure []byte + +//go:embed mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructures.json +var dataAwsOdbCloudExadataInfrastructures []byte + +//go:embed mapping/aws/data/odb/aws_odb_cloud_vm_cluster.json +var dataAwsOdbCloudVmCluster []byte + +//go:embed mapping/aws/data/odb/aws_odb_cloud_vm_clusters.json +var dataAwsOdbCloudVmClusters []byte + +//go:embed mapping/aws/data/odb/aws_odb_db_node.json +var dataAwsOdbDbNode []byte + +//go:embed mapping/aws/data/odb/aws_odb_db_nodes.json +var dataAwsOdbDbNodes []byte + +//go:embed mapping/aws/data/odb/aws_odb_db_server.json +var dataAwsOdbServer []byte + +//go:embed mapping/aws/data/odb/aws_odb_db_servers.json +var dataAwsOdbServers []byte + +//go:embed mapping/aws/data/odb/aws_odb_db_system_shapes.json +var dataAwsOdbDbSystemShapes []byte + +//go:embed mapping/aws/data/odb/aws_odb_gi_versions.json +var dataAwsOdbGiVersions []byte + +//go:embed mapping/aws/data/odb/aws_odb_network.json +var dataAwsOdbNetwork []byte + +//go:embed mapping/aws/data/odb/aws_odb_network_peering_connection.json +var dataAwsOdbNetworkPeeringConnection []byte + +//go:embed mapping/aws/data/odb/aws_odb_network_peering_connections.json +var dataAwsOdbNetworkPeeringConnections []byte + +//go:embed mapping/aws/data/odb/aws_odb_networks.json +var dataAwsOdbNetworks []byte + +//go:embed mapping/aws/data/ecr-public/aws_ecrpublic_images.json +var dataAwsEcrPublicImages []byte + +//go:embed mapping/aws/data/rds/aws_rds_global_cluster.json +var dataAwsRdsGlobalCluster []byte + +//go:embed mapping/aws/data/ec2/aws_vpn_connection.json +var dataAwsVpnConnection []byte diff --git a/src/files_gcp.go b/src/files_gcp.go index d89c7e19..236176c1 100644 --- a/src/files_gcp.go +++ b/src/files_gcp.go @@ -298,9 +298,6 @@ var googleFirebaseProject []byte //go:embed mapping/google/resource/firebasestorage/google_firebase_storage_bucket.json var googleFirebaseStorageBucket []byte -//go:embed mapping/google/resource/firebase/google_firebase_android_app.json -var googleFirebaseWebApp []byte - //go:embed mapping/google/resource/firebaserules/google_firebaserules_release.json var googleFirebaserulesRelease []byte @@ -313,6 +310,7 @@ var googleBigtableAppProfile []byte //go:embed mapping/google/resource/bigtable/google_bigtable_gc_policy.json var googleBigtableGcPolicy []byte +//go:embed mapping/google/resource/apigateway/google_api_gateway_api.json var googleAPIGatewayAPI []byte //go:embed mapping/google/resource/apigateway/google_api_gateway_api_config.json @@ -331,16 +329,16 @@ var googleAPIGatewayGateway []byte var googleAPIGatewayGatewayIam []byte //go:embed mapping/google/resource/spanner/google_spanner_database.json -var GoogleSpannerDatabase []byte +var googleSpannerDatabase []byte //go:embed mapping/google/resource/spanner/google_spanner_database_iam.json -var GoogleSpannerDatabaseIam []byte +var googleSpannerDatabaseIam []byte //go:embed mapping/google/resource/spanner/google_spanner_instance.json -var GoogleSpannerInstance []byte +var googleSpannerInstance []byte //go:embed mapping/google/resource/spanner/google_spanner_instance_iam.json -var GoogleSpannerInstanceIam []byte +var googleSpannerInstanceIam []byte //go:embed mapping/google/resource/run/google_cloud_run_v2_service.json var googleCloudRunV2Service []byte @@ -440,3 +438,1761 @@ var googleBigqueryRoutine []byte //go:embed mapping/google/resource/bigquery/google_bigquery_table_iam.json var googleBigqueryTableIam []byte + +//go:embed mapping/google/resource/composer/google_composer_environment.json +var googleComposerEnvironment []byte + +//go:embed mapping/google/resource/iam/google_iam_workload_identity_pool.json +var googleIamWorkloadIdentityPool []byte + +//go:embed mapping/google/resource/iam/google_iam_workload_identity_pool_provider.json +var googleIamWorkloadIdentityPoolProvider []byte + +//go:embed mapping/google/resource/iam/google_project_iam_audit_config.json +var googleProjectIamAuditConfig []byte + +//go:embed mapping/google/resource/bigquery/google_bigquery_table.json +var googleBigQueryTable []byte + +//go:embed mapping/google/resource/backend/gcs.json +var gcsBackend []byte + +//go:embed mapping/google/resource/privateca/google_privateca_ca_pool.json +var googlePrivateCaPool []byte + +//go:embed mapping/google/resource/privateca/google_privateca_ca_pool_iam_binding.json +var googlePrivateCaPoolIamBinding []byte + +//go:embed mapping/google/resource/privateca/google_privateca_ca_pool_iam_member.json +var googlePrivateCaPoolIamMember []byte + +//go:embed mapping/google/resource/privateca/google_privateca_ca_pool_iam_policy.json +var googlePrivateCaPoolIamPolicy []byte + +//go:embed mapping/google/resource/privateca/google_privateca_certificate_template.json +var googlePrivatecaCertificateTemplate []byte + +//go:embed mapping/google/resource/privateca/google_privateca_certificate_template_iam_binding.json +var googlePrivatecaCertificateTemplateIamBinding []byte + +//go:embed mapping/google/resource/privateca/google_privateca_certificate_template_iam_member.json +var googlePrivatecaCertificateTemplateIamMember []byte + +//go:embed mapping/google/resource/privateca/google_privateca_certificate_template_iam_policy.json +var googlePrivatecaCertificateTemplateIamPolicy []byte + +//go:embed mapping/google/resource/privilegedaccessmanager/google_privileged_access_manager_entitlement.json +var googlePrivilegedAccessManagerEntitlement []byte + +//go:embed mapping/google/resource/run/google_cloud_run_domain_mapping.json +var googleCloudRunDomainMapping []byte + +//go:embed mapping/google/resource/run/google_cloud_run_service.json +var googleCloudRunService []byte + +//go:embed mapping/google/resource/run/google_cloud_run_service_iam_binding.json +var googleCloudRunServiceIamBinding []byte + +//go:embed mapping/google/resource/run/google_cloud_run_service_iam_member.json +var googleCloudRunServiceIamMember []byte + +//go:embed mapping/google/resource/run/google_cloud_run_service_iam_policy.json +var googleCloudRunServiceIamPolicy []byte + +//go:embed mapping/google/resource/run/google_cloud_run_v2_worker_pool.json +var googleCloudRunV2WorkerPool []byte + +//go:embed mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_binding.json +var googleCloudRunV2WorkerPoolIamBinding []byte + +//go:embed mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_member.json +var googleCloudRunV2WorkerPoolIamMember []byte + +//go:embed mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_policy.json +var googleCloudRunV2WorkerPoolIamPolicy []byte + +//go:embed mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy.json +var googleBigqueryDatapolicyDataPolicy []byte + +//go:embed mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_binding.json +var googleBigqueryDatapolicyDataPolicyIamBinding []byte + +//go:embed mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_member.json +var googleBigqueryDatapolicyDataPolicyIamMember []byte + +//go:embed mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_policy.json +var googleBigqueryDatapolicyDataPolicyIamPolicy []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_entry.json +var googleDataCatalogEntry []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_entry_group.json +var googleDataCatalogEntryGroup []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_member.json +var googleDataCatalogEntryGroupIamMember []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_policy.json +var googleDataCatalogEntryGroupIamPolicy []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_policy_tag.json +var googleDataCatalogPolicyTag []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_member.json +var googleDataCatalogPolicyTagIamMember []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_policy.json +var googleDataCatalogPolicyTagIamPolicy []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_tag.json +var googleDataCatalogTag []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_tag_template.json +var googleDataCatalogTagTemplate []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_policy.json +var googleDataCatalogTagTemplateIamPolicy []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_taxonomy.json +var googleDataCatalogTaxonomy []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_policy.json +var googleDataCatalogTaxonomyIamBinding []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_member.json +var googleDataCatalogTaxonomyIamMember []byte + +//go:embed mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_policy.json +var googleDataCatalogTaxonomyIamPolicy []byte + +//go:embed mapping/google/resource/cloudfunctions/google_cloudfunctions2_function.json +var googleCloudfunction2Function []byte + +//go:embed mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_binding.json +var googleCloudfunction2FunctionIamBinding []byte + +//go:embed mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_member.json +var googleCloudfunction2FunctionIamMember []byte + +//go:embed mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_policy.json +var googleCloudfunction2FunctionIamPolicy []byte + +//go:embed mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_binding.json +var googleCloudfunctionsFunctionIamBinding []byte + +//go:embed mapping/google/resource/cloudkms/google_kms_crypto_key_version.json +var googleKmsCryptoKeyVersions []byte + +//go:embed mapping/google/resource/cloudkms/google_kms_key_handle.json +var googleKmsKeyHandle []byte + +//go:embed mapping/google/resource/cloudkms/google_kms_key_ring_iam_binding.json +var googleKmsKeyRingIamBinding []byte + +//go:embed mapping/google/resource/cloudkms/google_kms_key_ring_iam_member.json +var googleKmsKeyRingIamMember []byte + +//go:embed mapping/google/resource/cloudkms/google_kms_key_ring_iam_policy.json +var googleKmsKeyRingIamPolicy []byte + +//go:embed mapping/google/resource/cloudkms/google_kms_key_ring_import_job.json +var googleKmsKeyRingImportJob []byte + +//go:embed mapping/google/resource/cloudkms/google_kms_secret_ciphertext.json +var googleKmsSecretCiphertext []byte + +//go:embed mapping/google/resource/compute/google_project_usage_export_bucket.json +var googleProjectUsageExportBucket []byte + +//go:embed mapping/google/resource/iam/google_default_service_accounts.json +var googleDefaultServiceAccounts []byte + +//go:embed mapping/google/resource/iam/google_project_default_service_accounts.json +var googleProjectDefaultServiceAccounts []byte + +//go:embed mapping/google/resource/secretmanager/google_secret_manager_regional_secret.json +var googleSecretManagerRegionalSecret []byte + +//go:embed mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_binding.json +var googleSecretManagerRegionalSecretsIamBinding []byte + +//go:embed mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_member.json +var googleSecretManagerRegionalSecretIamMember []byte + +//go:embed mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_policy.json +var googleSecretManagerRegionalSecretIamPolicy []byte + +//go:embed mapping/google/resource/secretmanager/google_secret_manager_regional_secret_version.json +var googleSecretManagerRegionalSecretVersion []byte + +//go:embed mapping/google/resource/spanner/google_spanner_backup_schedule.json +var googleSpannerBackupSchedule []byte + +//go:embed mapping/google/resource/spanner/google_spanner_instance_config.json +var googleSpannerInstanceConfig []byte + +//go:embed mapping/google/resource/spanner/google_spanner_instance_partition.json +var googleSpannerInstancePartition []byte + +//go:embed mapping/google/resource/biglake/google_biglake_catalog.json +var googleBiglakeCatalog []byte + +//go:embed mapping/google/resource/biglake/google_biglake_database.json +var googleBiglakeDatabase []byte + +//go:embed mapping/google/resource/biglake/google_biglake_table.json +var googleBiglakeTable []byte + +//go:embed mapping/google/resource/analyticshub/google_bigquery_analytics_hub_listing_subscription.json +var googleBigqueryAnalyticsHubListingSubscription []byte + +//go:embed mapping/google/resource/bigquery/google_bigquery_dataset_access.json +var googleBigqueryDatasetAccess []byte + +//go:embed mapping/google/resource/bigquery/google_bigquery_row_access_policy.json +var googleBigqueryRowAccessPolicy []byte + +//go:embed mapping/google/resource/bigtable/google_bigtable_authorized_view.json +var googleBigtableAuthorizedView []byte + +//go:embed mapping/google/resource/bigtable/google_bigtable_logical_view.json +var googleBigtableLogicalView []byte + +//go:embed mapping/google/resource/bigtable/google_bigtable_materialized_view.json +var googleBigtableMaterializedView []byte + +//go:embed mapping/google/resource/cloudbuild/google_cloudbuildv2_connection.json +var googleCloudbuildv2Connection []byte + +//go:embed mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_binding.json +var googleCloudbuildv2ConnectionIamBinding []byte + +//go:embed mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_member.json +var googleCloudbuildv2ConnectionIamMember []byte + +//go:embed mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_policy.json +var googleCloudbuildv2ConnectionIamPolicy []byte + +//go:embed mapping/google/resource/cloudbuild/google_cloudbuildv2_repository.json +var googleCloudbuildv2Repository []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_asset.json +var googleDataplexAsset []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_asset_iam_binding.json +var googleDataplexAssetIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_asset_iam_member.json +var googleDataplexAssetIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_asset_iam_policy.json +var googleDataplexAssetIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_datascan.json +var googleDataplexDatascan []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_datascan_iam_binding.json +var googleDataplexDatascanIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_datascan_iam_member.json +var googleDataplexDatascanIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_datascan_iam_policy.json +var googleDataplexDatascanIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_glossary.json +var googleDataplexGlossary []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_glossary_category.json +var googleDataplexGlossaryCategory []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_glossary_term.json +var googleDataplexGlossaryTerm []byte + +//go:embed mapping/google/resource/apigee/google_apigee_environment_iam_binding.json +var googleApigeeEnvironmentIamBinding []byte + +//go:embed mapping/google/resource/apigee/google_apigee_environment_iam_member.json +var googleApigeeEnvironmentIamMember []byte + +//go:embed mapping/google/resource/apigee/google_apigee_environment_iam_policy.json +var googleApigeeEnvironmentIamPolicy []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_binding.json +var googleBeyondcorpApplicationIamBinding []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_member.json +var googleBeyondcorpApplicationIamMember []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_policy.json +var googleBeyondcorpApplicationIamPolicy []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding.json +var googleBeyondcorpSecurityGatewayApplicationIamBinding []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_member.json +var googleBeyondcorpSecurityGatewayApplicationIamMember []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json +var googleBeyondcorpSecurityGatewayApplicationIamPolicy []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_binding.json +var googleBeyondcorpSecurityGatewayIamBinding []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_member.json +var googleBeyondcorpSecurityGatewayIamMember []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json +var googleBeyondcorpSecurityGatewayIamPolicy []byte + +//go:embed mapping/google/resource/billing/google_billing_account_iam_binding.json +var googleBillingAccountIamBinding []byte + +//go:embed mapping/google/resource/billing/google_billing_account_iam_member.json +var googleBillingAccountIamMember []byte + +//go:embed mapping/google/resource/billing/google_billing_account_iam_policy.json +var googleBillingAccountIamPolicy []byte + +//go:embed mapping/google/resource/pubsub/google_pubsub_schema_iam_binding.json +var googlePubsubSchemaIamBinding []byte + +//go:embed mapping/google/resource/pubsub/google_pubsub_schema_iam_member.json +var googlePubsubSchemaIamMember []byte + +//go:embed mapping/google/resource/pubsub/google_pubsub_schema_iam_policy.json +var googlePubsubSchemaIamPolicy []byte + +//go:embed mapping/google/resource/pubsub/google_pubsub_subscription_iam_binding.json +var googlePubsubSubscriptionIamBinding []byte + +//go:embed mapping/google/resource/pubsub/google_pubsub_subscription_iam_member.json +var googlePubsubSubscriptionIamMember []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_binding.json +var googleSecureSourceManagerInstanceIamBinding []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_member.json +var googleSecureSourceManagerInstanceIamMember []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_policy.json +var googleSecureSourceManagerInstanceIamPolicy []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_binding.json +var googleSecureSourceManagerRepositoryIamBinding []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_member.json +var googleSecureSourceManagerRepositoryIamMember []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_policy.json +var googleSecureSourceManagerRepositoryIamPolicy []byte + +//go:embed mapping/google/resource/source/google_sourcerepo_repository_iam_binding.json +var googleSourcerepoRepositoryIamBinding []byte + +//go:embed mapping/google/resource/source/google_sourcerepo_repository_iam_member.json +var googleSourcerepoRepositoryIamMember []byte + +//go:embed mapping/google/resource/source/google_sourcerepo_repository_iam_policy.json +var googleSourcerepoRepositoryIamPolicy []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_key_iam_binding.json +var googleTagsTagKeyIamBinding []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_key_iam_member.json +var googleTagsTagKeyIamMember []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_key_iam_policy.json +var googleTagsTagKeyIamPolicy []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_value_iam_binding.json +var googleTagsTagValueIamBinding []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_value_iam_member.json +var googleTagsTagValueIamMember []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_value_iam_policy.json +var googleTagsTagValueIamPolicy []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_binding.json +var googleVertexAIFeatureGroupIamBinding []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_member.json +var googleVertexAIFeatureGroupIamMember []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_policy.json +var googleVertexAIFeatureGroupIamPolicy []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_binding.json +var googleVertexAIFeatureOnlineStoreFeatureviewIamBinding []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_member.json +var googleVertexAIFeatureOnlineStoreFeatureviewIamMember []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json +var googleVertexAIFeatureOnlineStoreFeatureviewIamPolicy []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_binding.json +var googleVertexAIFeatureOnlineStoreIamBinding []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_member.json +var googleVertexAIFeatureOnlineStoreIamMember []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json +var googleVertexAIFeatureOnlineStoreIamPolicy []byte + +//go:embed mapping/google/resource/notebooks/google_workbench_instance_iam_binding.json +var googleWorkbenchInstanceIamBinding []byte + +//go:embed mapping/google/resource/notebooks/google_workbench_instance_iam_member.json +var googleWorkbenchInstanceIamMember []byte + +//go:embed mapping/google/resource/notebooks/google_workbench_instance_iam_policy.json +var googleWorkbenchInstanceIamPolicy []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_config_iam_binding.json +var googleWorkstationsWorkstationConfigIamBinding []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_config_iam_member.json +var googleWorkstationsWorkstationConfigIamMember []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_config_iam_policy.json +var googleWorkstationsWorkstationConfigIamPolicy []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_iam_binding.json +var googleWorkstationsWorkstationIamBinding []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_iam_member.json +var googleWorkstationsWorkstationIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_instance_template_iam_binding.json +var googleComputeInstanceTemplateIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_instance_template_iam_member.json +var googleComputeInstanceTemplateIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_instance_template_iam_policy.json +var googleComputeInstanceTemplateIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_instant_snapshot_iam_binding.json +var googleComputeInstanceSnapshotIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_instant_snapshot_iam_member.json +var googleComputeInstanceSnapshotIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_instant_snapshot_iam_policy.json +var googleComputeInstanceSnapshotIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_machine_image_iam_binding.json +var googleComputeMachineImageIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_machine_image_iam_member.json +var googleComputeMachineImageIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_machine_image_iam_policy.json +var googleComputeMachineImageIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_region_backend_service_iam_binding.json +var googleComputeRegionBackendServiceIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_region_backend_service_iam_member.json +var googleComputeRegionBackendServiceIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_region_backend_service_iam_policy.json +var googleComputeRegionBackendServiceIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_region_disk_iam_binding.json +var googleComputeRegionDiskIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_region_disk_iam_member.json +var googleComputeRegionDiskIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_region_disk_iam_policy.json +var googleComputeRegionDiskIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_snapshot_iam_binding.json +var googleComputeSnapshotIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_snapshot_iam_member.json +var googleComputeSnapshotIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_snapshot_iam_policy.json +var googleComputeSnapshotIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_storage_pool_iam_binding.json +var googleComputeStoragePoolIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_storage_pool_iam_member.json +var googleComputeStoragePoolIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_storage_pool_iam_policy.json +var googleComputeStoragePoolIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_subnetwork_iam_binding.json +var googleComputeSubnetworkIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_subnetwork_iam_member.json +var googleComputeSubnetworkIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_subnetwork_iam_policy.json +var googleComputeSubnetworkIamPolicy []byte + +//go:embed mapping/google/resource/containeranalysis/google_container_analysis_note_iam_binding.json +var googleContainerAnalysisNoteIamBinding []byte + +//go:embed mapping/google/resource/containeranalysis/google_container_analysis_note_iam_member.json +var googleContainerAnalysisNoteIamMember []byte + +//go:embed mapping/google/resource/containeranalysis/google_container_analysis_note_iam_policy.json +var googleContainerAnalysisNoteIamPolicy []byte + +//go:embed mapping/google/resource/dataform/google_dataform_repository_iam_binding.json +var googleDataformRepositoryIamBinding []byte + +//go:embed mapping/google/resource/dataform/google_dataform_repository_iam_member.json +var googleDataformRepositoryIamMember []byte + +//go:embed mapping/google/resource/dataform/google_dataform_repository_iam_policy.json +var googleDataformRepositoryIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_binding.json +var googleDataplexAspectTypeIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_member.json +var googleDataplexAspectTypeIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_policy.json +var googleDataplexAspectTypeIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_group_iam_binding.json +var googleDataplexEntryGroupIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_group_iam_member.json +var googleDataplexEntryGroupIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_group_iam_policy.json +var googleDataplexEntryGroupIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_group_iam_binding.json +var googleDataplexEntryTypeIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_group_iam_member.json +var googleDataplexEntryTypeIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_group_iam_policy.json +var googleDataplexEntryTypeIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_glossary_iam_binding.json +var googleDataplexGlossaryIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_glossary_iam_member.json +var googleDataplexGlossaryIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_glossary_iam_policy.json +var googleDataplexGlossaryIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_lake_iam_binding.json +var googleDataplexLakeIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_lake_iam_member.json +var googleDataplexLakeIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_lake_iam_policy.json +var googleDataplexLakeIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_task_iam_member.json +var googleDataplexTaskIamMember []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_task_iam_policy.json +var googleDataplexTaskIamPolicy []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_zone_iam_binding.json +var googleDataplexZoneIamBinding []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_zone_iam_member.json +var googleDataplexZoneIamMember []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_binding.json +var googleDataprocAutoscalingPolicyIamBinding []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_member.json +var googleDataprocAutoscalingPolicyIamMember []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_binding.json +var googleDataprocAutoscalingPolicyIamPolicy []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_cluster_iam_binding.json +var googleDataprocClusterIamBinding []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_cluster_iam_member.json +var googleDataprocClusterIamMember []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_cluster_iam_policy.json +var googleDataprocClusterIamPolicy []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_job_iam_binding.json +var googleDataprocJobIamBinding []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_job_iam_member.json +var googleDataprocJobIamMember []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_job_iam_policy.json +var googleDataprocJobIamPolicy []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_database_iam_binding.json +var googleDataprocMetastoreDatabaseIamBinding []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_database_iam_member.json +var googleDataprocMetastoreDatabaseIamMember []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_database_iam_policy.json +var googleDataprocMetastoreDatabaseIamPolicy []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_binding.json +var googleDataprocMetastoreFederationIamBinding []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_member.json +var googleDataprocMetastoreFederationIamMember []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_policy.json +var googleDataprocMetastoreFederationIamPolicy []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_binding.json +var googleDataprocMetastoreServiceIamBinding []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_service_iam_member.json +var googleDataprocMetastoreServiceIamMember []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_policy.json +var googleDataprocMetastoreServiceIamPolicy []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_binding.json +var googleDataprocMetastoreTableIamBinding []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_table_iam_member.json +var googleDataprocMetastoreTableIamMember []byte + +//go:embed mapping/google/resource/metastore/google_dataproc_metastore_table_iam_policy.json +var googleDataprocMetastoreTableIamPolicy []byte + +//go:embed mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_binding.json +var googleBinaryAuthorizationAttestorIamBinding []byte + +//go:embed mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_member.json +var googleBinaryAuthorizationAttestorIamMember []byte + +//go:embed mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_policy.json +var googleBinaryAuthorizationAttestorIamPolicy []byte + +//go:embed mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_binding.json +var googleCloudTasksQueueIamBinding []byte + +//go:embed mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_member.json +var googleCloudTasksQueueIamMember []byte + +//go:embed mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_policy.json +var googleCloudTasksQueueIamPolicy []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_binding.json +var googleClouddeployCustomTargetTypeIamBinding []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_member.json +var googleClouddeployCustomTargetTypeIamMember []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json +var googleClouddeployCustomTargetTypeIamPolicy []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_binding.json +var googleClouddeployDeliveryPipelineIamBinding []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_member.json +var googleClouddeployDeliveryPipelineIamMember []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json +var googleClouddeployDeliveryPipelineIamPolicy []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_binding.json +var googleClouddeployTargetIamBinding []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_member.json +var googleClouddeployTargetIamMember []byte + +//go:embed mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_policy.json +var googleClouddeployTargetIamPolicy []byte + +//go:embed mapping/google/resource/aiplatform/google_colab_runtime_template_iam_member.json +var googleColabRuntimeTemplateIamBinding []byte + +//go:embed mapping/google/resource/aiplatform/google_colab_runtime_template_iam_member.json +var googleColabRuntimeTemplateIamMember []byte + +//go:embed mapping/google/resource/aiplatform/google_colab_runtime_template_iam_policy.json +var googleColabRuntimeTemplateIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_bucket_iam_binding.json +var googleComputeBackendBucketIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_bucket_iam_member.json +var googleComputeBackendBucketIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_bucket_iam_policy.json +var googleComputeBackendBucketIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_service_iam_binding.json +var googleComputeBackendServiceIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_service_iam_member.json +var googleComputeBackendServiceIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_service_iam_policy.json +var googleComputeBackendServiceIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_disk_iam_binding.json +var googleComputeDiskIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_disk_iam_member.json +var googleComputeDiskIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_image_iam_binding.json +var googleComputeImageIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_image_iam_member.json +var googleComputeImageIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_image_iam_policy.json +var googleComputeImageIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_instance_iam_binding.json +var googleComputeInstanceIamBinding []byte + +//go:embed mapping/google/resource/compute/google_compute_instance_iam_member.json +var googleComputeInstanceIamMember []byte + +//go:embed mapping/google/resource/compute/google_compute_instance_iam_policy.json +var googleComputeInstanceIamPolicy []byte + +//go:embed mapping/google/resource/datafusion/google_data_fusion_instance_iam_binding.json +var googleDataFusionInstanceIamBinding []byte + +//go:embed mapping/google/resource/datafusion/google_data_fusion_instance_iam_member.json +var googleDataFusionInstanceIamMember []byte + +//go:embed mapping/google/resource/datafusion/google_data_fusion_instance_iam_policy.json +var googleDataFusionInstanceIamPolicy []byte + +//go:embed mapping/google/resource/dns/google_dns_managed_zone_iam_binding.json +var googleDNSManagedZoneIamBinding []byte + +//go:embed mapping/google/resource/dns/google_dns_managed_zone_iam_member.json +var googleDNSManagedZoneIamMember []byte + +//go:embed mapping/google/resource/dns/google_dns_managed_zone_iam_policy.json +var googleDNSManagedZoneIamPolicy []byte + +//go:embed mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_binding.json +var googleEndpointsServiceConsumersIamBinding []byte + +//go:embed mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_member.json +var googleEndpointsServiceConsumersIamMember []byte + +//go:embed mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_policy.json +var googleEndpointsServiceConsumersIamPolicy []byte + +//go:embed mapping/google/resource/servicemanagement/google_endpoints_service_iam_binding.json +var googleEndpointsServiceIamBinding []byte + +//go:embed mapping/google/resource/servicemanagement/google_endpoints_service_iam_member.json +var googleEndpointsServiceIamMember []byte + +//go:embed mapping/google/resource/servicemanagement/google_endpoints_service_iam_policy.json +var googleEndpointsServiceIamPolicy []byte + +//go:embed mapping/google/resource/resourcemanager/google_folder_iam_binding.json +var googleFolderIamBinding []byte + +//go:embed mapping/google/resource/resourcemanager/google_folder_iam_member.json +var googleFolderIamMember []byte + +//go:embed mapping/google/resource/resourcemanager/google_folder_iam_policy.json +var googleFolderIamPolicy []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_binding.json +var googleGeminiRepositoryGroupIamBinding []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_member.json +var googleGeminiRepositoryGroupIamMember []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_policy.json +var googleGeminiRepositoryGroupIamPolicy []byte + +//go:embed mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_binding.json +var googleGkeBackupBackupPlanIamBinding []byte + +//go:embed mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_member.json +var googleGkeBackupBackupPlanIamMember []byte + +//go:embed mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_policy.json +var googleGkeBackupBackupPlanIamPolicy []byte + +//go:embed mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_binding.json +var googleGkeBackupRestorePlanIamBinding []byte + +//go:embed mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_member.json +var googleGkeBackupRestorePlanIamMember []byte + +//go:embed mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_policy.json +var googleGkeBackupRestorePlanIamPolicy []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_feature_iam_binding.json +var googleGkeHubFeatureIamBinding []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_feature_iam_member.json +var googleGkeHubFeatureIamMember []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_feature_iam_policy.json +var googleGkeHubFeatureIamPolicy []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_membership_iam_binding.json +var googleGkeHubMembershipIamBinding []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_membership_iam_member.json +var googleGkeHubMembershipIamMember []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_membership_iam_policy.json +var googleGkeHubMembershipIamPolicy []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_scope_iam_binding.json +var googleGkeHubScopeIamBinding []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_scope_iam_member.json +var googleGkeHubScopeIamMember []byte + +//go:embed mapping/google/resource/gkehub/google_gke_hub_scope_iam_policy.json +var googleGkeHubScopeIamPolicy []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_consent_store_iam_binding.json +var googleHealthcareConsentStoreIamBinding []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_consent_store_iam_member.json +var googleHealthcareConsentStoreIamMember []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_consent_store_iam_policy.json +var googleHealthcareConsentStoreIamPolicy []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_dataset_iam_binding.json +var googleHealthcareDatasetIamBinding []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_dataset_iam_member.json +var googleHealthcareDatasetIamMember []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_dataset_iam_policy.json +var googleHealthcareDatasetIamPolicy []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_binding.json +var googleHealthcareDicomStoreIamBinding []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_member.json +var googleHealthcareDicomStoreIamMember []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_policy.json +var googleHealthcareDicomStoreIamPolicy []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_binding.json +var googleHealthcareFhirStoreIamBinding []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_member.json +var googleHealthcareFhirStoreIamMember []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_policy.json +var googleHealthcareFhirStoreIamPolicy []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_binding.json +var googleHealthcareHl7V2StoreIamBinding []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_member.json +var googleHealthcareHl7V2StoreIamMember []byte + +//go:embed mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_policy.json +var googleHealthcareHl7V2StoreIamPolicy []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_binding.json +var googleIamWorkloadIdentityPoolIamBinding []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_member.json +var googleIamWorkloadIdentityPoolIamMember []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json +var googleIamWorkloadIdentityPoolIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_app_engine_service_iam_binding.json +var googleIapAppEngineServiceIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_app_engine_service_iam_member.json +var googleIapAppEngineServiceIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_app_engine_service_iam_policy.json +var googleIapAppEngineServiceIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_app_engine_version_iam_binding.json +var googleIapAppEngineVersionIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_app_engine_version_iam_member.json +var googleIapAppEngineVersionIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_app_engine_version_iam_policy.json +var googleIapAppEngineVersionIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_binding.json +var googleIapTunnelDestGroupIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_member.json +var googleIapTunnelDestGroupIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_policy.json +var googleIapTunnelDestGroupIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_iam_binding.json +var googleIapTunnelIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_iam_member.json +var googleIapTunnelIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_iam_policy.json +var googleIapTunnelIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_instance_iam_binding.json +var googleIapTunnelInstanceIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_instance_iam_member.json +var googleIapTunnelInstanceIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_instance_iam_policy.json +var googleIapTunnelInstanceIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_web_backend_service_iam_binding.json +var googleIapWebBackendServiceIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_backend_service_iam_member.json +var googleIapWebBackendServiceIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_backend_service_iam_policy.json +var googleIapWebBackendServiceIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_binding.json +var googleIapWebCloudRunServiceIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_member.json +var googleIapWebCloudRunServiceIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_policy.json +var googleIapWebCloudRunServiceIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_web_iam_binding.json +var googleIapWebIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_iam_member.json +var googleIapWebIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_iam_policy.json +var googleIapWebIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_web_region_backend_service_iam_binding.json +var googleIapWebRegionBackendServiceIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_region_backend_service_iam_member.json +var googleIapWebRegionBackendServiceIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_region_backend_service_iam_policy.json +var googleIapWebRegionBackendServiceIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_web_type_app_engine_iam_binding.json +var googleIapWebTypeAppEngineIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_type_app_engine_iam_member.json +var googleIapWebTypeAppEngineIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_type_app_engine_iam_policy.json +var googleIapWebTypeAppEngineIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_web_type_compute_iam_binding.json +var googleIapWebTypeComputeIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_type_compute_iam_member.json +var googleIapWebTypeComputeIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_type_compute_iam_policy.json +var googleIapWebTypeComputeIamPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_disk_iam_policy.json +var googleComputeDiskIamPolicy []byte + +//go:embed mapping/google/resource/kms/google_kms_ekm_connection_iam_binding.json +var googleKmsEkmConnectionIamBinding []byte + +//go:embed mapping/google/resource/kms/google_kms_ekm_connection_iam_member.json +var googleKmsEkmConnectionIamMember []byte + +//go:embed mapping/google/resource/kms/google_kms_ekm_connection_iam_policy.json +var googleKmsEkmConnectionIamPolicy []byte + +//go:embed mapping/google/resource/logging/google_logging_log_view_iam_binding.json +var googleLoggingLogViewIamBinding []byte + +//go:embed mapping/google/resource/logging/google_logging_log_view_iam_member.json +var googleLoggingLogViewIamMember []byte + +//go:embed mapping/google/resource/networksecurity/google_network_security_address_group_iam_binding.json +var googleNetworkSecurityAddressGroupIamBinding []byte + +//go:embed mapping/google/resource/networksecurity/google_network_security_address_group_iam_member.json +var googleNetworkSecurityAddressGroupIamMember []byte + +//go:embed mapping/google/resource/networksecurity/google_network_security_address_group_iam_policy.json +var googleNetworkSecurityAddressGroupIamPolicy []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_instance_iam_binding.json +var googleNotebooksInstanceIamBinding []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_instance_iam_member.json +var googleNotebooksInstanceIamMember []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_instance_iam_policy.json +var googleNotebooksInstanceIamPolicy []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_runtime_iam_binding.json +var googleNotebooksRuntimeIamBinding []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_runtime_iam_member.json +var googleNotebooksRuntimeIamMember []byte + +//go:embed mapping/google/resource/logging/google_logging_log_view_iam_policy.json +var googleLoggingLogViewIamPolicy []byte + +//go:embed mapping/google/resource/pubsub/google_pubsub_subscription_iam_policy.json +var googlePubsubSubscriptionIamPolicy []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_iam_policy.json +var googleWorkstationsWorkstationIamPolicy []byte + +//go:embed mapping/google/resource/resourcemanager/google_organization_iam_binding.json +var googleOrganizationIamBinding []byte + +//go:embed mapping/google/resource/resourcemanager/google_organization_iam_member.json +var googleOrganizationIamMember []byte + +//go:embed mapping/google/resource/resourcemanager/google_organization_iam_policy.json +var googleOrganizationIamPolicy []byte + +//go:embed mapping/google/resource/resourcemanager/google_project_iam_policy.json +var googleProjectIamPolicy []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_runtime_iam_policy.json +var googleNotebooksRuntimeIamPolicy []byte + +//go:embed mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_binding.json +var googleRuntimeconfigConfigIamBinding []byte + +//go:embed mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_member.json +var googleRuntimeconfigConfigIamMember []byte + +//go:embed mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_policy.json +var googleRuntimeconfigConfigIamPolicy []byte + +//go:embed mapping/google/resource/securitycenter/google_scc_source_iam_binding.json +var googleSccSourceIamBinding []byte + +//go:embed mapping/google/resource/securitycenter/google_scc_source_iam_member.json +var googleSccSourceIamMember []byte + +//go:embed mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_binding.json +var googleSccV2OrganizationSourceIamBinding []byte + +//go:embed mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_member.json +var googleSccV2OrganizationSourceIamMember []byte + +//go:embed mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_policy.json +var googleSccV2OrganizationSourceIamPolicy []byte + +//go:embed mapping/google/resource/storage/google_storage_managed_folder_iam_binding.json +var googleStorageManagedFolderIamBinding []byte + +//go:embed mapping/google/resource/storage/google_storage_managed_folder_iam_member.json +var googleStorageManagedFolderIamMember []byte + +//go:embed mapping/google/resource/storage/google_storage_managed_folder_iam_policy.json +var googleStorageManagedFolderIamPolicy []byte + +//go:embed mapping/google/resource/securitycenter/google_scc_source_iam_policy.json +var googleSccSourceIamPolicy []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_location_tag_binding.json +var googleTagsLocationTagBinding []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_binding.json +var googleTagsTagBinding []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_key.json +var googleTagsTagKey []byte + +//go:embed mapping/google/resource/resourcemanager/google_tags_tag_value.json +var googleTagsTagValue []byte + +//go:embed mapping/google/resource/storage/google_storage_control_folder_intelligence_config.json +var googleStorageControlFolderIntelligenceConfig []byte + +//go:embed mapping/google/resource/storage/google_storage_control_organization_intelligence_config.json +var googleStorageControlOrganizationIntelligenceConfig []byte + +//go:embed mapping/google/resource/storage/google_storage_control_project_intelligence_config.json +var googleStorageControlProjectIntelligenceConfig []byte + +//go:embed mapping/google/resource/runtimeconfig/google_runtimeconfig_config.json +var googleRuntimeconfigConfig []byte + +//go:embed mapping/google/resource/runtimeconfig/google_runtimeconfig_variable.json +var googleRuntimeconfigVariable []byte + +//go:embed mapping/google/resource/redis/google_redis_cluster.json +var googleRedisCluster []byte + +//go:embed mapping/google/resource/redis/google_redis_cluster_user_created_connections.json +var googleRedisClusterUserCreatedConnections []byte + +//go:embed mapping/google/resource/resourcemanager/google_project.json +var gooleProject []byte + +//go:embed mapping/google/resource/accessapproval/google_project_access_approval_settings.json +var googleProjectAccessApprovalSettings []byte + +//go:embed mapping/google/resource/resourcemanager/google_project_iam_member_remove.json +var googleProjectIamMemberRemove []byte + +//go:embed mapping/google/resource/orgpolicy/google_project_organization_policy.json +var googleProjectOrganizationPolicy []byte + +//go:embed mapping/google/resource/compute/google_compute_forwarding_rule.json +var googleComputeForwardingRule []byte + +//go:embed mapping/google/resource/compute/google_compute_global_forwarding_rule.json +var googleComputeGlobalForwardingRule []byte + +//go:embed mapping/google/resource/compute/google_compute_health_check.json +var googleComputeHealthcheck []byte + +//go:embed mapping/google/resource/compute/google_compute_http_health_check.json +var googleComputeHttpHealthCheck []byte + +//go:embed mapping/google/resource/compute/google_compute_https_health_check.json +var googleComputeHttpsHealthCheck []byte + +//go:embed mapping/google/resource/compute/google_compute_region_backend_service.json +var googleComputeRgionBackendService []byte + +//go:embed mapping/google/resource/compute/google_compute_region_health_check.json +var googleComputeRegioHealthCheck []byte + +//go:embed mapping/google/resource/compute/google_compute_region_target_http_proxy.json +var googleComputeRegionTargetHttpProxy []byte + +//go:embed mapping/google/resource/compute/google_compute_region_target_https_proxy.json +var googleComputeRegionTargetHttpsProxy []byte + +//go:embed mapping/google/resource/compute/google_compute_region_target_tcp_proxy.json +var googleComputeRegionTargetTcpProxy []byte + +//go:embed mapping/google/resource/compute/google_compute_region_url_map.json +var googleComputeRegionUrlMap []byte + +//go:embed mapping/google/resource/compute/google_compute_target_http_proxy.json +var googleComputeTargetHttpProxy []byte + +//go:embed mapping/google/resource/compute/google_compute_target_https_proxy.json +var googleComputeTargetHttpsProxy []byte + +//go:embed mapping/google/resource/compute/google_compute_url_map.json +var googleComputeUrlMap []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_service.json +var googleComputeBackendService []byte + +//go:embed mapping/google/resource/compute/google_compute_backend_bucket.json +var googleComputeBackendBucket []byte + +//go:embed mapping/google/resource/compute/google_compute_global_network_endpoint_group.json +var googleComputeGlobalNetworkEndpointGroup []byte + +//go:embed mapping/google/resource/compute/google_compute_network_endpoint_group.json +var googleComputeNetworkEndpointGroup []byte + +//go:embed mapping/google/resource/compute/google_compute_region_network_endpoint_group.json +var googleComputeRegionNetworkEndpointGroup []byte + +//go:embed mapping/google/resource/firebase/google_firebase_web_app.json +var googleFirebaseWebApp []byte + +//go:embed mapping/google/resource/dataflow/google_dataflow_job.json +var googleDataflowJob []byte + +//go:embed mapping/google/resource/dataform/google_dataform_repository.json +var googleDataformRepository []byte + +//go:embed mapping/google/resource/dataform/google_dataform_repository_release_config.json +var googleDataformRepositoryReleaseConfig []byte + +//go:embed mapping/google/resource/dataform/google_dataform_repository_workflow_config.json +var googleDataformRepositoryWorkflowConfig []byte + +//go:embed mapping/google/resource/compute/google_compute_network_attachment.json +var googleComputeNetworkAttachment []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_environment.json +var googleNotebooksEnvironment []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_instance.json +var googleNotebooksInstance []byte + +//go:embed mapping/google/resource/notebooks/google_notebooks_runtime.json +var googleNotebooksRuntime []byte + +//go:embed mapping/google/resource/logging/google_logging_billing_account_exclusion.json +var googleLoggingBillingAccountExclusion []byte + +//go:embed mapping/google/resource/logging/google_logging_billing_account_sink.json +var googleLoggingBillingAccountSink []byte + +//go:embed mapping/google/resource/logging/google_logging_folder_exclusion.json +var googleLoggingFolderExclusion []byte + +//go:embed mapping/google/resource/logging/google_logging_folder_settings.json +var googleLoggingFolderSettings []byte + +//go:embed mapping/google/resource/logging/google_logging_folder_sink.json +var googleLoggingFolderSink []byte + +//go:embed mapping/google/resource/logging/google_logging_linked_dataset.json +var googleLoggingLinkedDataset []byte + +//go:embed mapping/google/resource/logging/google_logging_log_scope.json +var googleLoggingLogScope []byte + +//go:embed mapping/google/resource/logging/google_logging_log_view.json +var googleLoggingLogView []byte + +//go:embed mapping/google/resource/logging/google_logging_metric.json +var googleLoggingMetric []byte + +//go:embed mapping/google/resource/logging/google_logging_organization_exclusion.json +var googleLoggingOrganizationExclusion []byte + +//go:embed mapping/google/resource/logging/google_logging_organization_settings.json +var googleLoggingOrganizationSettings []byte + +//go:embed mapping/google/resource/logging/google_logging_organization_sink.json +var googleLoggingOrganizationSink []byte + +//go:embed mapping/google/resource/logging/google_logging_project_exclusion.json +var googleLoggingProjectExclusion []byte + +//go:embed mapping/google/resource/logging/google_logging_project_sink.json +var googleLoggingProjectSink []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_alert_policy.json +var googleMonitoringAlertPolicy []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_custom_service.json +var googleMonitoringCustomService []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_dashboard.json +var googleMonitoringDashboard []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_group.json +var googleMonitoringGroup []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_metric_descriptor.json +var googleMonitoringMetricDescriptor []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_monitored_project.json +var googleMonitoringMonitoredProject []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_notification_channel.json +var googleMonitoringNotificationChannel []byte + +//go:embed mapping/google/resource/backupdr/google_backup_dr_backup_plan.json +var googleBackupDRBackupPlan []byte + +//go:embed mapping/google/resource/backupdr/google_backup_dr_backup_plan_association.json +var googleBackupDRBackupPlanAssociation []byte + +//go:embed mapping/google/resource/backupdr/google_backup_dr_backup_vault.json +var googleBackupDRBackupVault []byte + +//go:embed mapping/google/resource/backupdr/google_backup_dr_management_server.json +var googleBackupDRManagementServer []byte + +//go:embed mapping/google/resource/backupdr/google_backup_dr_service_config.json +var googleBackupDRServiceConfig []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_service.json +var googleMonitoringService []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_slo.json +var googleMonitoringSLO []byte + +//go:embed mapping/google/resource/monitoring/google_monitoring_uptime_check_config.json +var googleMonitoringUptimeCheckConfig []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_app_connection.json +var googleBeyondcorpAppConnection []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_app_connector.json +var googleBeyondcorpAppConnector []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_app_gateway.json +var googleBeyondcorpAppGateway []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_application.json +var googleBeyondcorpApplication []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway.json +var googleBeyondcorpSecurityGateway []byte + +//go:embed mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application.json +var googleBeyondcorpSecurityGatewayApplication []byte + +//go:embed mapping/google/resource/billing/google_billing_budget.json +var googleBillingBudget []byte + +//go:embed mapping/google/resource/resourcemanager/google_billing_project_info.json +var googleBillingProjectInfo []byte + +//go:embed mapping/google/resource/apihub/google_apihub_api_hub_instance.json +var googleApihubInstance []byte + +//go:embed mapping/google/resource/apihub/google_apihub_curation.json +var googleApihubCuration []byte + +//go:embed mapping/google/resource/apihub/google_apihub_host_project_registration.json +var googleApihubHostProjectRegistration []byte + +//go:embed mapping/google/resource/apihub/google_apihub_plugin.json +var googleApihubPlugin []byte + +//go:embed mapping/google/resource/apihub/google_apihub_plugin_instance.json +var googleApihubPluginInstance []byte + +//go:embed mapping/google/resource/apphub/google_apphub_application.json +var googleApphubApplication []byte + +//go:embed mapping/google/resource/apphub/google_apphub_service.json +var googleApphubService []byte + +//go:embed mapping/google/resource/apphub/google_apphub_service_project_attachment.json +var googleApphubServiceProjectAttachment []byte + +//go:embed mapping/google/resource/apphub/google_apphub_workload.json +var googleApphubWorkload []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_aspect_type.json +var googleDataplexAspectType []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry.json +var googleDataplexEntry []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_group.json +var googleDataplexEntryGroup []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_entry_type.json +var googleDataplexEntryType []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_lake.json +var googleDataplexLake []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_task.json +var googleDataplexTask []byte + +//go:embed mapping/google/resource/dataplex/google_dataplex_zone.json +var googleDataplexZone []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_cluster.json +var googleVmwareengineCluster []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_external_access_rule.json +var googleVmwareengineExternalAccessRule []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_external_address.json +var googleVmwareengineExternalAddress []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_network.json +var googleVmwareengineNetwork []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_network_peering.json +var googleVmwareengineNetworkPeering []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_network_policy.json +var googleVmwareengineNetworkPolicy []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_private_cloud.json +var googleVmwareenginePrivateCloud []byte + +//go:embed mapping/google/resource/vmwareengine/google_vmwareengine_subnet.json +var googleVmwareengineSubnet []byte + +//go:embed mapping/google/resource/workflows/google_workflows_workflow.json +var googleWorkflowsWorkflow []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation.json +var googleWorkstationsWorkstation []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_cluster.json +var googleWorkstationsWorkstationCluster []byte + +//go:embed mapping/google/resource/workstations/google_workstations_workstation_config.json +var googleWorkstationsWorkstationConfig []byte + +//go:embed mapping/google/resource/chronicle/google_chronicle_data_access_label.json +var googleChronicleDataAccessLabel []byte + +//go:embed mapping/google/resource/chronicle/google_chronicle_data_access_scope.json +var googleChronicleDataAccessScope []byte + +//go:embed mapping/google/resource/chronicle/google_chronicle_reference_list.json +var googleChronicleReferenceList []byte + +//go:embed mapping/google/resource/chronicle/google_chronicle_retrohunt.json +var googleChronicleRetrohunt []byte + +//go:embed mapping/google/resource/chronicle/google_chronicle_rule.json +var googleChronicleRule []byte + +//go:embed mapping/google/resource/chronicle/google_chronicle_rule_deployment.json +var googleChronicleRuleDeployment []byte + +//go:embed mapping/google/resource/chronicle/google_chronicle_watchlist.json +var googleChronicleWatchlist []byte + +//go:embed mapping/google/resource/composer/google_composer_user_workloads_config_map.json +var googleComposerUserWorkloadsConfigMap []byte + +//go:embed mapping/google/resource/composer/google_composer_user_workloads_secret.json +var googleComposerUserWorkloadsSecret []byte + +//go:embed mapping/google/resource/contactcenterinsights/google_contact_center_insights_analysis_rule.json +var googleContactCenterInsightsAnalysisRule []byte + +//go:embed mapping/google/resource/contactcenterinsights/google_contact_center_insights_view.json +var googleContactCenterInsightsView []byte + +//go:embed mapping/google/resource/developerconnect/google_developer_connect_account_connector.json +var googleDeveloperConnectAccountConnector []byte + +//go:embed mapping/google/resource/developerconnect/google_developer_connect_connection.json +var googleDeveloperConnectConnection []byte + +//go:embed mapping/google/resource/developerconnect/google_developer_connect_git_repository_link.json +var googleDeveloperConnectGitRepositoryLink []byte + +//go:embed mapping/google/resource/bigtable/google_bigtable_schema_bundle.json +var googleBigtableSchemaBundle []byte + +//go:embed mapping/google/resource/memcache/google_memcache_instance.json +var googleMemcacheInstance []byte + +//go:embed mapping/google/resource/memorystore/google_memorystore_instance.json +var googleMemorystoreInstance []byte + +//go:embed mapping/google/resource/osconfig/google_os_config_guest_policies.json +var googleOsConfigGuestPolicies []byte + +//go:embed mapping/google/resource/osconfig/google_os_config_os_policy_assignment.json +var googleOsConfigOsPolicyAssignment []byte + +//go:embed mapping/google/resource/osconfig/google_os_config_patch_deployment.json +var googleOsConfigPatchDeployment []byte + +//go:embed mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator.json +var googleOsConfigV2PolicyOrchestrator []byte + +//go:embed mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_folder.json +var googleOsConfigV2PolicyOrchestratorForFolder []byte + +//go:embed mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_organization.json +var googleOsConfigV2PolicyOrchestratorForOrganization []byte + +//go:embed mapping/google/resource/parallelstore/google_parallelstore_instance.json +var googleParallelstoreInstance []byte + +//go:embed mapping/google/resource/privateca/google_privateca_certificate.json +var googlePrivatecaCertificate []byte + +//go:embed mapping/google/resource/privateca/google_privateca_certificate_authority.json +var googlePrivatecaCertificateAuthority []byte + +//go:embed mapping/google/resource/cloudsql/google_sql_ssl_cert.json +var googleSqlSslCert []byte + +//go:embed mapping/google/resource/tpu/google_tpu_node.json +var googleTpuNode []byte + +//go:embed mapping/google/resource/tpu/google_tpu_v2_queued_resource.json +var googleTpuV2QueuedResource []byte + +//go:embed mapping/google/resource/tpu/google_tpu_v2_vm.json +var googleTpuV2Vm []byte + +//go:embed mapping/google/resource/transcoder/google_transcoder_job.json +var googleTranscoderJob []byte + +//go:embed mapping/google/resource/transcoder/google_transcoder_job_template.json +var googleTranscoderJobTemplate []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool.json +var googleIamWorkforcePool []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_binding.json +var googleIamWorkforcePoolIamBinding []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_member.json +var googleIamWorkforcePoolIamMember []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json +var googleIamWorkforcePoolIamPolicy []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider.json +var googleIamWorkforcePoolProvider []byte + +//go:embed mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider_key.json +var googleIamWorkforcePoolProviderKey []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_autoscaling_policy.json +var googleDataprocAutoscalingPolicy []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_batch.json +var googleDataprocBatch []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_cluster.json +var googleDataprocCluster []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_job.json +var googleDataprocJob []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_session_template.json +var googleDataprocSessionTemplate []byte + +//go:embed mapping/google/resource/dataproc/google_dataproc_workflow_template.json +var googleDataprocWorkflowTemplate []byte + +//go:embed mapping/google/resource/deploymentmanager/google_deployment_manager_deployment.json +var googleDeploymentManagerDeployment []byte + +//go:embed mapping/google/resource/edgecontainer/google_edgecontainer_cluster.json +var googleEdgecontainerCluster []byte + +//go:embed mapping/google/resource/edgecontainer/google_edgecontainer_node_pool.json +var googleEdgecontainerNodePool []byte + +//go:embed mapping/google/resource/edgecontainer/google_edgecontainer_vpn_connection.json +var googleEdgecontainerVpnConnection []byte + +//go:embed mapping/google/resource/edgenetwork/google_edgenetwork_interconnect_attachment.json +var googleEdgecontainerInterconnectAttachment []byte + +//go:embed mapping/google/resource/edgenetwork/google_edgenetwork_network.json +var googleEdgecontainerNetwork []byte + +//go:embed mapping/google/resource/edgenetwork/google_edgenetwork_subnet.json +var googleEdgecontainerSubnet []byte + +//go:embed mapping/google/resource/eventarc/google_eventarc_channel.json +var googleEventarcChannel []byte + +//go:embed mapping/google/resource/eventarc/google_eventarc_enrollment.json +var googleEventarcEnrollment []byte + +//go:embed mapping/google/resource/eventarc/google_eventarc_google_api_source.json +var googleEventarcGoogleApiSource []byte + +//go:embed mapping/google/resource/eventarc/google_eventarc_google_channel_config.json +var googleEventarcGoogleChannelConfig []byte + +//go:embed mapping/google/resource/eventarc/google_eventarc_message_bus.json +var googleEventarcMessageBus []byte + +//go:embed mapping/google/resource/eventarc/google_eventarc_pipeline.json +var googleEventarcPipeline []byte + +//go:embed mapping/google/resource/eventarc/google_eventarc_trigger.json +var googleEventarcTrigger []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_branch_rule.json +var googleSecureSourceManagerBranchRule []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_instance.json +var googleSecureSourceManagerInstance []byte + +//go:embed mapping/google/resource/securesourcemanager/google_secure_source_manager_repository.json +var googleSecureSourceManagerRepository []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_agent.json +var googleDialogflowAgent []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_conversation_profile.json +var googleDialogflowConversationProfile []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_agent.json +var googleDialogflowCxAgent []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_entity_type.json +var googleDialogflowCxEntityType []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_environment.json +var googleDialogflowCxEnvironment []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_flow.json +var googleDialogflowCxFlow []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_generative_settings.json +var googleDialogflowCxGenerativeSettings []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_generator.json +var googleDialogflowCxGenerator []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_intent.json +var googleDialogflowCxIntent []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_page.json +var googleDialogflowCxPage []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_playbook.json +var googleDialogflowCxPlaybook []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_security_settings.json +var googleDialogflowCxSecuritySettings []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_tool.json +var googleDialogflowCxTool []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_version.json +var googleDialogflowCxVersion []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_cx_webhook.json +var googleDialogflowCxWebhook []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_encryption_spec.json +var googleDialogflowEncryptionSpec []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_entity_type.json +var googleDialogflowEntityType []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_fulfillment.json +var googleDialogflowFulfillment []byte + +//go:embed mapping/google/resource/dialogflow/google_dialogflow_intent.json +var googleDialogflowIntent []byte + +//go:embed mapping/google/resource/managedkafka/google_managed_kafka_cluster.json +var googleManagedKafkaCluster []byte + +//go:embed mapping/google/resource/managedkafka/google_managed_kafka_connect_cluster.json +var googleManagedKafkaConnectCluster []byte + +//go:embed mapping/google/resource/managedkafka/google_managed_kafka_connector.json +var googleManagedKafkaConnector []byte + +//go:embed mapping/google/resource/managedkafka/google_managed_kafka_topic.json +var googleManagedKafkaTopics []byte + +//go:embed mapping/google/resource/modelarmor/google_model_armor_floorsetting.json +var googleModelArmorFloorsetting []byte + +//go:embed mapping/google/resource/modelarmor/google_model_armor_template.json +var googleModelArmorTemplate []byte + +//go:embed mapping/google/resource/managedkafka/google_managed_kafka_acl.json +var googleManagedKafkaAcl []byte + +//go:embed mapping/google/resource/certificatemanager/google_certificate_manager_dns_authorization.json +var googleCertificateManagerDnsAuthorization []byte + +//go:embed mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_binding.json +var googleIapWebRegionForwardingRuleServiceIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_member.json +var googleIapWebRegionForwardingRuleServiceIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json +var googleIapWebRegionForwardingRuleServiceIamPolicy []byte + +//go:embed mapping/google/resource/iap/google_iap_settings.json +var googleIapSettings []byte + +//go:embed mapping/google/resource/iap/google_iap_tunnel_dest_group.json +var googleIapTunnelDestGroup []byte + +//go:embed mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_binding.json +var googleIapWebForwardingRuleServiceIamBinding []byte + +//go:embed mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_member.json +var googleIapWebForwardingRuleServiceIamMember []byte + +//go:embed mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_policy.json +var googleIapWebForwardingRuleServiceIamPolicy []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_code_repository_index.json +var googleGeminiCodeRepositoryIndex []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting.json +var googleGeminiCodeToolsSetting []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting_binding.json +var googleGeminiCodeToolsSettingBinding []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting.json +var googleGeminiDataSharingWithGoogleSetting []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting_binding.json +var googleGeminiDataSharingWithGoogleSettingBinding []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting.json +var googleGeminiGeminiGcpEnablementSetting []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting_binding.json +var googleGeminiGeminiGcpEnablementSettingBinding []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_logging_setting.json +var googleGeminiLoggingSetting []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_logging_setting_binding.json +var googleGeminiLoggingSettingBinding []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting.json +var googleGeminiReleaseChannelSetting []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting_binding.json +var googleGeminiReleaseChannelSettingBinding []byte + +//go:embed mapping/google/resource/cloudaicompanion/google_gemini_repository_group.json +var googleGeminiRepositoryGroup []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_cache_config.json +var googleVertexAiCacheConfig []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_deployment_resource_pool.json +var googleVertexAiDeploymentResourcePool []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_rag_engine_config.json +var googleVertexAiRagEngineConfig []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_reasoning_engine.json +var googleVertexAiReasoningEngine []byte + +//go:embed mapping/google/resource/vpcaccess/google_vpc_access_connector.json +var googleVpcAccessConnector []byte + +//go:embed mapping/google/resource/notebooks/google_workbench_instance.json +var googleWorkbenchInstance []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_endpoint_with_model_garden_deployment.json +var googleVertexAiEndpointWithModelGardenDeployment []byte + +//go:embed mapping/google/resource/aiplatform/google_vertex_ai_index_endpoint_deployed_index.json +var googleVertexAiIndexEndpointDeployedIndex []byte diff --git a/src/files_gcp_datasource.go b/src/files_gcp_datasource.go index 2c09c66e..fdd48fc0 100644 --- a/src/files_gcp_datasource.go +++ b/src/files_gcp_datasource.go @@ -445,10 +445,10 @@ var dataGoogleIapAppEngineVersionIamPolicy []byte //go:embed mapping/google/data/iap/google_iap_app_engine_service_iam_policy.json var dataGoogleIapAppEngineServiceIamPolicy []byte -//go:embed mapping/google/data/iam/google_iam_workload_identity_pool_provider.json +//go:embed mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool_provider.json var dataGoogleIamWorkloadIdentityPoolProvider []byte -//go:embed mapping/google/data/iam/google_iam_workload_identity_pool.json +//go:embed mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool.json var dataGoogleIamWorkloadIdentityPool []byte //go:embed mapping/google/data/dataplex/google_dataplex_asset_iam_policy.json @@ -567,3 +567,432 @@ var dataGoogleDataformRepositoryIamPolicy []byte //go:embed mapping/google/data/servicemanagement/google_endpoints_service_iam_policy.json var dataGoogleEndpointsServiceIamPolicy []byte + +//go:embed mapping/google/data/secretmanager/google_secret_manager_regional_secret.json +var dataGoogleSecretManagerRegionalSecret []byte + +//go:embed mapping/google/data/secretmanager/google_secret_manager_regional_secret_iam_policy.json +var dataGoogleSecretManagerRegionalSecretIamPolicy []byte + +//go:embed mapping/google/data/secretmanager/google_secret_manager_regional_secret_version.json +var dataGoogleSecretManagerRegionalSecretVersion []byte + +//go:embed mapping/google/data/secretmanager/google_secret_manager_regional_secret_version_access.json +var dataGoogleSecretManagerRegionalSecretVersionAccess []byte + +//go:embed mapping/google/data/secretmanager/google_secret_manager_secrets.json +var dataGoogleSecretManagerRegionalSecrets []byte + +//go:embed mapping/google/data/iam/google_service_accounts.json +var dataGoogleServiceAccounts []byte + +//go:embed mapping/google/data/spanner/google_spanner_database.json +var dataGoogleSpannerDatabase []byte + +//go:embed mapping/google/data/storage/google_storage_bucket_objects.json +var dataGoogleStorageBucketObjects []byte + +//go:embed mapping/google/data/storage/google_storage_buckets.json +var dataGoogleStorageBuckets []byte + +//go:embed mapping/google/data/privateca/google_privateca_ca_pool_iam_policy.json +var dataGooglePrivatecaCaPoolIamPolicy []byte + +//go:embed mapping/google/data/privateca/google_privateca_certificate_authority.json +var dataGooglePrivatecaCertificateAuthority []byte + +//go:embed mapping/google/data/privateca/google_privateca_certificate_template_iam_policy.json +var dataGooglePrivatecaCertificateTemplateIamPolicy []byte + +//go:embed mapping/google/data/iam/google_project_iam_custom_role.json +var dataGoogleProjectIamCustomRole []byte + +//go:embed mapping/google/data/iam/google_project_iam_custom_roles.json +var dataGoogleProjectIamCustomRoles []byte + +//go:embed mapping/google/data/privilegedaccessmanager/google_privileged_access_manager_entitlement.json +var dataGooglePrivilegedAccessManagerEntitlement []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_docker_image.json +var dataGoogleArtifactRegistryDockerImage []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_locations.json +var dataGoogleArtifactRegistryLocations []byte + +//go:embed mapping/google/data/certificatemanager/google_certificate_manager_certificates.json +var dataGoogleCertificateManagerCertificates []byte + +//go:embed mapping/google/data/composer/google_composer_user_workloads_config_map.json +var dataGoogleComposerUserWorkloadsConfigMap []byte + +//go:embed mapping/google/data/composer/google_composer_user_workloads_secret.json +var dataGoogleComposerUserWorkloadsSecret []byte + +//go:embed mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json +var dataGoogleIamWorkloadIdentityPoolIamPolicy []byte + +//go:embed mapping/google/data/cloudkms/google_kms_key_handle.json +var dataGoogleKmsKeyHandle []byte + +//go:embed mapping/google/data/cloudkms/google_kms_key_handles.json +var dataGoogleKmsKeyHandles []byte + +//go:embed mapping/google/data/cloudkms/google_kms_key_rings.json +var dataGoogleKmsKeyRings []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_parameter.json +var dataGoogleParameterManagerParameter []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_parameter_version.json +var dataGoogleParameterManagerParameterVersion []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_parameter_version_render.json +var dataGoogleParameterManagerParameterVersionRender []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_parameters.json +var dataGoogleParameterManagerParameters []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_regional_parameter.json +var dataGoogleParameterManagerRegionalParameter []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version.json +var dataGoogleParameterManagerRegionalParameterVersion []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version_render.json +var dataGoogleParameterManagerRegionalParameterVersionRender []byte + +//go:embed mapping/google/data/parametermanager/google_parameter_manager_regional_parameters.json +var dataGoogleParameterManagerRegionalParameters []byte + +//go:embed mapping/google/data/cloudkms/google_kms_ekm_connection_iam_policy.json +var dataGoogleEkmConnectionIamPolicy []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_autonomous_database.json +var dataGoogleOracleDatabaseAutonomousDatabase []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_autonomous_databases.json +var dataGoogleOracleDatabaseAutonomousDatabases []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructure.json +var dataGoogleOracleDatabaseCloudExadataInfrastructure []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructures.json +var dataGoogleOracleDatabaseCloudExadataInfrastructures []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_cluster.json +var dataGoogleOracleDatabaseCloudVMCluster []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_clusters.json +var dataGoogleOracleDatabaseCloudVMClusters []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_db_nodes.json +var dataGoogleOracleDatabaseDBNodes []byte + +//go:embed mapping/google/data/oracledatabase/google_oracle_database_db_servers.json +var dataGoogleOracleDatabaseDBServers []byte + +//go:embed mapping/google/data/compute/google_compute_forwarding_rules.json +var dataGoogleComputeForwardingRules []byte + +//go:embed mapping/google/data/compute/google_compute_images.json +var dataGoogleComputeImages []byte + +//go:embed mapping/google/data/compute/google_compute_instance_guest_attributes.json +var dataGoogleComputeInstanceGuestAttributes []byte + +//go:embed mapping/google/data/compute/google_compute_instance_template_iam_policy.json +var dataGoogleComputeInstanceTemplateIamPolicy []byte + +//go:embed mapping/google/data/compute/google_compute_instant_snapshot_iam_policy.json +var dataGoogleComputeInstantSnapshotIamPolicy []byte + +//go:embed mapping/google/data/compute/google_compute_machine_types.json +var dataGoogleComputeMachineTypes []byte + +//go:embed mapping/google/data/compute/google_compute_region_backend_service.json +var dataGoogleComputeRegionBackendService []byte + +//go:embed mapping/google/data/compute/google_compute_region_instance_group_manager.json +var dataGoogleComputeRegionInstanceGroupManager []byte + +//go:embed mapping/google/data/compute/google_compute_security_policy.json +var dataGoogleComputeSecurityPolicy []byte + +//go:embed mapping/google/data/compute/google_compute_storage_pool_iam_policy.json +var dataGoogleComputeStoragePoolIamPolicy []byte + +//go:embed mapping/google/data/compute/google_compute_storage_pool_types.json +var dataGoogleComputeStoragePoolTypes []byte + +//go:embed mapping/google/data/compute/google_compute_subnetworks.json +var dataGoogleComputeSubnetworks []byte + +//go:embed mapping/google/data/alloydb/google_alloydb_cluster.json +var dataGoogleAlloydbCluster []byte + +//go:embed mapping/google/data/alloydb/google_alloydb_instance.json +var dataGoogleAlloydbInstance []byte + +//go:embed mapping/google/data/apphub/google_apphub_application.json +var dataGoogleApphubApplication []byte + +//go:embed mapping/google/data/apphub/google_apphub_discovered_service.json +var dataGoogleApphubDiscoveredService []byte + +//go:embed mapping/google/data/apphub/google_apphub_discovered_workload.json +var dataGoogleApphubDiscoveredWorkload []byte + +//go:embed mapping/google/data/backupdr/google_backup_dr_backup.json +var dataGoogleBackupDrBackup []byte + +//go:embed mapping/google/data/backupdr/google_backup_dr_backup_plan_association.json +var dataGoogleBackupDrPlanAssociation []byte + +//go:embed mapping/google/data/backupdr/google_backup_dr_backup_vault.json +var dataGoogleBackupDrBackupVault []byte + +//go:embed mapping/google/data/backupdr/google_backup_dr_data_source.json +var dataGoogleBackupDrDataSource []byte + +//go:embed mapping/google/data/beyondcorp/google_beyondcorp_application_iam_policy.json +var dataGoogleBeyondcorpApplicationIamPolicy []byte + +//go:embed mapping/google/data/beyondcorp/google_beyondcorp_security_gateway.json +var dataGoogleBeyondcorpSecurityGateway []byte + +//go:embed mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json +var dataGoogleBeyondcorpSecurityGatewayApplicationIamPolicy []byte + +//go:embed mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json +var dataGoogleBeyondcorpSecurityGatewayIamPolicy []byte + +//go:embed mapping/google/data/run/google_cloud_run_v2_worker_pool.json +var dataGoogleCloudRunV2WorkerPool []byte + +//go:embed mapping/google/data/run/google_cloud_run_v2_worker_pool_iam_policy.json +var dataGoogleCloudRunWorkerPoolIamPolicy []byte + +//go:embed mapping/google/data/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json +var dataGoogleClouddeployCustomTargetTypeIamPolicy []byte + +//go:embed mapping/google/data/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json +var dataGoogleClouddeployDeliveryPipelineIamPolicy []byte + +//go:embed mapping/google/data/clouddeploy/google_clouddeploy_target_iam_policy.json +var dataGoogleClouddeployTargetIamPolicy []byte + +//go:embed mapping/google/data/aiplatform/google_colab_runtime_template_iam_policy.json +var dataGoogleColabRuntimeTemplateIamPolicy []byte + +//go:embed mapping/google/data/gkemulticloud/google_container_attached_install_manifest.json +var dataGoogleContainerAttachedInstallManifest []byte + +//go:embed mapping/google/data/gkemulticloud/google_container_aws_versions.json +var dataGoogleContainerAwsVersions []byte + +//go:embed mapping/google/data/gkemulticloud/google_container_azure_versions.json +var dataGoogleContainerAzureVersions []byte + +//go:embed mapping/google/data/dataplex/google_dataplex_aspect_type_iam_policy.json +var dataGoogleDataplexAspectTypeIamPolicy []byte + +//go:embed mapping/google/data/dataplex/google_dataplex_entry_group_iam_policy.json +var dataGoogleDataplexEntryGroupIamPolicy []byte + +//go:embed mapping/google/data/dataplex/google_dataplex_entry_type_iam_policy.json +var dataGoogleDataplexEntryTypeIamPolicy []byte + +//go:embed mapping/google/data/dataplex/google_dataplex_glossary_iam_policy.json +var dataGoogleDataplexGlossaryIamPolicy []byte + +//go:embed mapping/google/data/metastore/google_dataproc_metastore_database_iam_policy.json +var dataGoogleDataprocMetastoreDatabaseIamPolicy []byte + +//go:embed mapping/google/data/metastore/google_dataproc_metastore_table_iam_policy.json +var dataGoogleDataprocMetastoreTableIamPolicy []byte + +//go:embed mapping/google/data/resourcemanager/google_folder.json +var dataGoogleFolder []byte + +//go:embed mapping/google/data/resourcemanager/google_folder_iam_policy.json +var dataGoogleFolderIamPolicy []byte + +//go:embed mapping/google/data/resourcemanager/google_folders.json +var dataGoogleFolders []byte + +//go:embed mapping/google/data/cloudaicompanion/google_gemini_repository_group_iam_policy.json +var dataGoogleGeminiRepositoryGroupIamPolicy []byte + +//go:embed mapping/google/data/gkehub/google_gke_hub_feature.json +var dataGoogleGkeHubFeature []byte + +//go:embed mapping/google/data/gkehub/google_gke_hub_membership.json +var dataGoogleGkeHubMembership []byte + +//go:embed mapping/google/data/iap/google_iap_tunnel_dest_group_iam_policy.json +var dataGoogleIapTunnelDestGroupIamPolicy []byte + +//go:embed mapping/google/data/iap/google_iap_web_cloud_run_service_iam_policy.json +var dataGoogleIapWebCloudRunServiceIamPolicy []byte + +//go:embed mapping/google/data/lustre/google_lustre_instance.json +var dataGoogleLustreInstance []byte + +//go:embed mapping/google/data/memcache/google_memcache_instance.json +var dataGoogleMemcacheInstance []byte + +//go:embed mapping/google/data/memorystore/google_memorystore_instance.json +var dataGoogleMemorystoreInstance []byte + +//go:embed mapping/google/data/orgpolicy/google_project_organization_policy.json +var dataGoogleProjectOrganizationPolicy []byte + +//go:embed mapping/google/data/resourcemanager/google_organization_iam_policy.json +var dataGoogleOrganizationIamPolicy []byte + +//go:embed mapping/google/data/resourcemanager/google_project_iam_policy.json +var dataGoogleProjectIamPolicy []byte + +//go:embed mapping/google/data/runtimeconfig/google_runtimeconfig_config_iam_policy.json +var dataGoogleRuntimeconfigConfigIamPolicy []byte + +//go:embed mapping/google/data/securitycenter/google_scc_source_iam_policy.json +var dataGoogleSccSourceIamPolicy []byte + +//go:embed mapping/google/data/securitycenter/google_scc_v2_organization_source_iam_policy.json +var dataGoogleSccV2OrganizationSourceIamPolicy []byte + +//go:embed mapping/google/data/securesourcemanager/google_secure_source_manager_instance_iam_policy.json +var dataGoogleSecureSourceManagerInstanceIamPolicy []byte + +//go:embed mapping/google/data/securesourcemanager/google_secure_source_manager_repository_iam_policy.json +var dataGoogleSecureSourceManagerRepositoryIamPolicy []byte + +//go:embed mapping/google/data/resourcemanager/google_tags_tag_key_iam_policy.json +var dataGoogleTagsTagKeyIamPolicy []byte + +//go:embed mapping/google/data/aiplatform/google_vertex_ai_feature_group_iam_policy.json +var dataGoogleVertexAiFeatureGroupIamPolicy []byte + +//go:embed mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json +var dataGoogleVertexAiFeatureOnlineStoreFeatureviewIamPolicy []byte + +//go:embed mapping/google/data/tags/google_tags_tag_value_iam_policy.json +var dataGoogleTagsTagValueIamPolicy []byte + +//go:embed mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json +var dataGoogleVertexAiFeatureOnlineStoreIamPolicy []byte + +//go:embed mapping/google/data/resourcemanager/google_tags_tag_keys.json +var dataGoogleTagsTagKeys []byte + +//go:embed mapping/google/data/resourcemanager/google_tags_tag_value.json +var dataGoogleTagsTagValue []byte + +//go:embed mapping/google/data/resourcemanager/google_tags_tag_values.json +var dataGoogleTagsTagValues []byte + +//go:embed mapping/google/data/storage/google_storage_control_folder_intelligence_config.json +var dataGoogleStorageControlFolderIntelligenceConfig []byte + +//go:embed mapping/google/data/storage/google_storage_control_organization_intelligence_config.json +var dataGoogleStorageControlOrganizationIntelligenceConfig []byte + +//go:embed mapping/google/data/storage/google_storage_control_project_intelligence_config.json +var dataGoogleStorageControlProjectIntelligenceConfig []byte + +//go:embed mapping/google/resource/runtimeconfig/google_runtimeconfig_config.json +var dataGoogleRuntimeconfigConfig []byte + +//go:embed mapping/google/resource/runtimeconfig/google_runtimeconfig_variable.json +var dataGoogleRuntimeconfigVariable []byte + +//go:embed mapping/google/data/redis/google_redis_cluster.json +var dataGoogleRedisCluster []byte + +//go:embed mapping/google/data/resourcemanager/google_project_ancestry.json +var dataGoogleProjectAncestry []byte + +//go:embed mapping/google/data/dns/google_dns_managed_zones.json +var dataGoogleDNSManagedZones []byte + +//go:embed mapping/google/data/accesscontextmanager/google_access_context_manager_access_policy.json +var dataGoogleAccessContextManagerAccessPolicy []byte + +//go:embed mapping/google/data/dataplex/google_dataplex_data_quality_rules.json +var dataGoogleDataplexDataQualityRules []byte + +//go:embed mapping/google/data/iam/google_organization_iam_custom_role.json +var dataGoogleOrganizationIamCustomRole []byte + +//go:embed mapping/google/data/iam/google_organization_iam_custom_roles.json +var dataGoogleOrganizationIamCustomRoles []byte + +//go:embed mapping/google/data/compute/google_compute_network_attachment.json +var dataGoogleComputeNetworkAttachment []byte + +//go:embed mapping/google/data/storageinsights/google_storage_insights_dataset_config.json +var dataGoogleStorageInsightsDatasetConfig []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_docker_images.json +var dataGoogleArtifactRegistryDockerImages []byte + +//go:embed mapping/google/data/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json +var dataGoogleIamWorkforcePoolIamPolicy []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_repositories.json +var dataGoogleArtifactRegistryRepositories []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_version.json +var dataGoogleArtifactRegistryVersion []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_versions.json +var dataGoogleArtifactRegistryVersions []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_npm_package.json +var dataGoogleArtifactRegistryNpmPackage []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_tags.json +var dataGoogleArtifactRegistryTags []byte + +//go:embed mapping/google/data/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json +var dataGoogleIapWebRegionForwardingRuleServiceIamPolicy []byte + +//go:embed mapping/google/data/certificatemanager/google_certificate_manager_dns_authorization.json +var dataGoogleCertificateManagerDnsAuthorization []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_python_package.json +var dataGoogleArtifactRegistryPythonPackage []byte + +//go:embed mapping/google/data/backupdr/google_backup_dr_backup_plan_associations.json +var dataGoogleBackupDrPlanAssociations []byte + +//go:embed mapping/google/data/backupdr/google_backup_dr_data_source_reference.json +var dataGoogleBackupDrDataSourceReference []byte + +//go:embed mapping/google/data/backupdr/google_backup_dr_data_source_references.json +var dataGoogleBackupDrDataSourceReferences []byte + +//go:embed mapping/google/data/bigquery/google_bigquery_datapolicyv2_data_policy_iam_policy.json +var dataGoogleBigqueryDatapolicyv2DataPolicyIamPolicy []byte + +//go:embed mapping/google/data/iap/google_iap_web_forwarding_rule_service_iam_policy.json +var dataGoogleIapForwardingRuleServiceIamPolicy []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_maven_artifact.json +var dataGoogleArtifactRegistryMavenArtifact []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_maven_artifacts.json +var dataGoogleArtifactRegistryMavenArtifacts []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_npm_packages.json +var dataGoogleArtifactRegistryNpmPackages []byte + +//go:embed mapping/google/data/compute/google_compute_interconnect_location.json +var dataGoogleComputeInterconnectLocation []byte + +//go:embed mapping/google/data/compute/google_compute_interconnect_locations.json +var dataGoogleComputeInterconnectLocations []byte + +//go:embed mapping/google/data/artifactregistry/google_artifact_registry_packages.json +var dataGoogleArtifactRegistryPackages []byte diff --git a/src/gcp.go b/src/gcp.go index e1412557..4193c863 100644 --- a/src/gcp.go +++ b/src/gcp.go @@ -1,244 +1,844 @@ package pike -// GetGCPPermissions for GCP resources. -func GetGCPPermissions(result ResourceV2) ([]string, error) { - var ( - err error - Permissions []string - ) +import "fmt" - if result.TypeName == "resource" { - Permissions, err = GetGCPResourcePermissions(result) - if err != nil { - return Permissions, err - } - } else { - Permissions, err = GetGCPDataPermissions(result) - if err != nil { - return Permissions, err - } +type invalidGCPResourceError struct { + resource string +} + +func (m invalidGCPResourceError) Error() string { + return fmt.Sprintf("Invalid GCP lookup sourceData type for resource %s", m.resource) +} + +type invalidPermissionMapError struct { + err error +} + +func (m invalidPermissionMapError) Error() string { + return fmt.Sprintf("Invalid Permission Map %v", m.err) +} + +// getGCPPermissions for GCP resources. +func getGCPPermissions(result ResourceV2) ([]string, error) { + if result.TypeName == resource || result.TypeName == "terraform" { + return getGCPResourcePermissions(result) } - return Permissions, err + return GetGCPDataPermissions(result) } -// GetGCPResourcePermissions looks up permissions required for resources. -func GetGCPResourcePermissions(result ResourceV2) ([]string, error) { - var ( - Permissions []string - err error - ) +func getGCPResourcePermissions(sourceData ResourceV2) ([]string, error) { + lookup := GCPLookup(sourceData.Name) + if lookup == nil { + return nil, ¬ImplementedResourceError{sourceData.Name} + } - if temp := GCPLookup(result.Name); temp != nil { - myTemp, ok := temp.([]byte) - if ok && myTemp != nil { - Permissions, err = GetPermissionMap(myTemp, result.Attributes, result.Name) - } + temp, ok := lookup.([]byte) + if !ok || temp == nil { + return nil, &invalidGCPResourceError{sourceData.Name} + } - } else { - return nil, ¬ImplementedResourceError{result.Name} + permissions, err := GetPermissionMap(temp, sourceData.Attributes, sourceData.Name) + if err != nil { + return nil, &invalidPermissionMapError{err} } - return Permissions, err + return permissions, nil } func GCPLookup(result string) interface{} { - TFLookup := map[string]interface{}{ - "google_access_context_manager_access_level": googleAccessContextManagerAccessLevel, - "google_access_context_manager_access_levels": googleAccessContextManagerAccessLevels, - "google_access_context_manager_access_policy": googleAccessContextManagerAccessPolicy, - "google_access_context_manager_access_policy_iam_binding": googleAccessContextManagerAccessPolicyIam, - "google_access_context_manager_access_policy_iam_member": googleAccessContextManagerAccessPolicyIam, - "google_access_context_manager_access_policy_iam_policy": googleAccessContextManagerAccessPolicyIam, - "google_access_context_manager_authorized_orgs_desc": googleAccessContextManagerAuthorizedOrgsDesc, - "google_access_context_manager_gcp_user_access_binding": googleAccessContextManagerGcpUserAccessBinding, - "google_access_context_manager_service_perimeter": googleAccessContextManagerServicePerimeter, - "google_access_context_manager_service_perimeters": googleAccessContextManagerServicePerimeters, - "google_alloydb_backup": googleAlloydbBackup, - "google_alloydb_cluster": googleAlloydbCluster, - "google_alloydb_instance": googleAlloydbInstance, - "google_alloydb_user": googleAlloydbUser, - "google_api_gateway_api": googleAPIGatewayAPI, - "google_api_gateway_api_config": googleAPIGatewayAPIConfig, - "google_api_gateway_api_config_iam_binding": googleAPIGatewayAPIConfigIam, - "google_api_gateway_api_config_iam_member": googleAPIGatewayAPIConfigIam, - "google_api_gateway_api_config_iam_policy": googleAPIGatewayAPIConfigIam, - "google_api_gateway_api_iam_binding": googleAPIGatewayAPIIam, - "google_api_gateway_api_iam_member": googleAPIGatewayAPIIam, - "google_api_gateway_api_iam_policy": googleAPIGatewayAPIIam, - "google_api_gateway_gateway": googleAPIGatewayGateway, - "google_api_gateway_gateway_iam_binding": googleAPIGatewayGatewayIam, - "google_api_gateway_gateway_iam_member": googleAPIGatewayGatewayIam, - "google_api_gateway_gateway_iam_policy": googleAPIGatewayGatewayIam, - "google_artifact_registry_repository": googleArtifactRegistryRepository, - "google_artifact_registry_repository_iam_binding": googleArtifactRegistryRepositoryIamBinding, - "google_artifact_registry_repository_iam_member": googleArtifactRegistryRepositoryIamMember, - "google_artifact_registry_repository_iam_policy": googleArtifactRegistryRepositoryIamPolicy, - "google_bigquery_dataset": googleBigqueryDataset, - "google_bigquery_job": googleBigqueryJob, - "google_bigquery_table": placeholder, - "google_bigtable_app_profile": googleBigtableAppProfile, - "google_bigtable_gc_policy": googleBigtableGcPolicy, - "google_bigtable_instance": googleBigtableInstance, - "google_bigtable_instance_iam_binding": googleBigTableInstanceIam, - "google_bigtable_instance_iam_member": googleBigTableInstanceIam, - "google_bigtable_instance_iam_policy": googleBigTableInstanceIam, - "google_bigtable_table": googleBigtableTable, - "google_bigtable_table_iam_binding": googleBigTableTableIam, - "google_bigtable_table_iam_member": googleBigTableTableIam, - "google_bigtable_table_iam_policy": googleBigTableTableIam, - "google_cloud_run_v2_job": googleCloudRunV2Job, - "google_cloud_run_v2_job_iam_binding": googleCloudRunV2JobIam, - "google_cloud_run_v2_job_iam_member": googleCloudRunV2JobIam, - "google_cloud_run_v2_job_iam_policy": googleCloudRunV2JobIam, - "google_cloud_run_v2_service": googleCloudRunV2Service, - "google_cloud_run_v2_service_iam_binding": googleCloudRunV2ServiceIam, - "google_cloud_run_v2_service_iam_member": googleCloudRunV2ServiceIam, - "google_cloud_run_v2_service_iam_policy": googleCloudRunV2ServiceIam, - "google_cloud_scheduler_job": googleCloudSchedulerJob, - "google_cloudbuild_trigger": googleCloudbuildTrigger, - "google_cloudfunctions_function": googleCloudfunctionsFunction, - "google_cloudfunctions_function_iam_member": googleCloudfunctionsFunctionIamPolicy, - "google_cloudfunctions_function_iam_policy": googleCloudfunctionsFunctionIamPolicy, - "google_compute_address": googleComputeAddress, - "google_compute_firewall": googleComputeFirewall, - "google_compute_global_address": googleComputeGlobalAddress, - "google_compute_instance": googleComputeInstance, - "google_compute_instance_template": googleComputeInstanceTemplate, - "google_compute_network": googleComputeNetwork, - "google_compute_project_metadata_item": googleComputeProjectMetadataItem, - "google_compute_region_ssl_certificate": googleComputeRegionSslCertificate, - "google_compute_security_policy": googleComputeSecurityPolicy, - "google_compute_subnetwork": googleComputeSubnetwork, - "google_container_cluster": googleContainerCluster, - "google_container_node_pool": googleContainerNodePool, - "google_dns_managed_zone": googleDnsmanagedZone, - "google_dns_policy": googleDNSPolicy, - "google_dns_record_set": googleDNSRecordSet, - "google_firebase_android_app": googleFirebaseAndroidApp, - "google_firebase_apple_app": googleFirebaseAppleApp, - "google_firebase_database_instance": googleFirebaseDatabaseInstance, - "google_firebase_hosting_channel": googleFirebaseHostingSite, - "google_firebase_hosting_custom_domain": googleFirebaseHostingSite, - "google_firebase_hosting_release": googleFirebaseHostingSite, - "google_firebase_hosting_site": googleFirebaseHostingSite, - "google_firebase_hosting_version": googleFirebaseHostingSite, - "google_firebase_project": googleFirebaseProject, - "google_firebase_storage_bucket": googleFirebaseStorageBucket, - "google_firebase_web_app": googleFirebaseWebApp, - "google_firebaserules_release": googleFirebaserulesRelease, - "google_firebaserules_ruleset": googleFirebaserulesRuleset, - "google_kms_crypto_key": googleKmsCryptoKey, - "google_kms_crypto_key_iam_binding": googlekmsCryptoKeyIamBinding, - "google_kms_crypto_key_iam_member": googlekmsCryptoKeyIamMember, - "google_kms_crypto_key_iam_policy": googlekmsCryptoKeyIamPolicy, - "google_kms_key_ring": googleKmsKeyRing, - "google_project_iam_binding": googleProjectIamBinding, - "google_project_iam_custom_role": googleProjectIamCustomRole, - "google_project_iam_member": googleProjectIamBinding, - "google_project_service": googleProjectService, - "google_project_service_identity": placeholder, - "google_pubsub_lite_reservation": googlePubsubLiteReservation, - "google_pubsub_lite_subscription": googlePubsubLiteSubscription, - "google_pubsub_lite_topic": googlePubsubLiteTopic, - "google_pubsub_schema": googlePubsubSchema, - "google_pubsub_subscription": googlePubsubSubscription, - "google_pubsub_topic": googlePubsubTopic, - "google_pubsub_topic_iam_binding": googlePubsubTopicIam, - "google_pubsub_topic_iam_member": googlePubsubTopicIam, - "google_pubsub_topic_iam_policy": googlePubsubTopicIam, - "google_redis_instance": googleRedisInstance, - "google_secret_manager_secret": googleSecretManagerSecret, - "google_secret_manager_secret_iam_binding": googleSecretManagerSecretIam, - "google_secret_manager_secret_iam_member": googleSecretManagerSecretIam, - "google_secret_manager_secret_iam_policy": googleSecretManagerSecretIam, - "google_secret_manager_secret_version": googleSecretManagerSecretVersion, - "google_service_account": googleServiceAccount, - "google_service_account_iam_binding": googleServiceAccountIamBinding, - "google_service_account_iam_member": googleServiceAccountIamMember, - "google_service_account_iam_policy": googleServiceAccountIamPolicy, - "google_service_account_key": googleServiceAccountKey, - "google_service_directory_endpoint": googleServiceDirectoryEndpoint, - "google_service_directory_namespace": googleServiceDirectoryNamespace, - "google_service_directory_namespace_iam_binding": googleServiceDirectoryNamespaceIamBinding, - "google_service_directory_namespace_iam_member": googleServiceDirectoryNamespaceIamMember, - "google_service_directory_namespace_iam_policy": googleServiceDirectoryNamespaceIamPolicy, - "google_service_directory_service": googleServiceDirectoryService, - "google_service_directory_service_iam_binding": googleServiceDirectoryServiceIamBinding, - "google_service_directory_service_iam_member": googleServiceDirectoryServiceIamMember, - "google_service_directory_service_iam_policy": googleServiceDirectoryServiceIamPolicy, - "google_service_networking_connection": googleServiceNetworkingConnection, - "google_sourcerepo_repository": googleSourcerepoRepository, - "google_spanner_database": GoogleSpannerDatabase, - "google_spanner_database_iam_binding": GoogleSpannerDatabaseIam, - "google_spanner_database_iam_member": GoogleSpannerDatabaseIam, - "google_spanner_database_iam_policy": GoogleSpannerDatabaseIam, - "google_spanner_instance": GoogleSpannerInstance, - "google_spanner_instance_iam_binding": GoogleSpannerInstanceIam, - "google_spanner_instance_iam_member": GoogleSpannerInstanceIam, - "google_spanner_instance_iam_policy": GoogleSpannerInstanceIam, - "google_sql_database": googleSQLDatabase, - "google_sql_database_instance": googleSQLDatabaseInstance, - "google_sql_user": googleSQLUser, - "google_storage_bucket": googleStorageBucket, - "google_storage_bucket_access_control": googleStorageBucketAccessControl, - "google_storage_bucket_acl": googleStorageBucketACL, - "google_storage_bucket_iam_binding": googleStorageBucketIamBinding, - "google_storage_bucket_iam_member": googleStorageBucketIamMember, - "google_storage_bucket_iam_policy": googleStorageBucketIamPolicy, - "google_storage_bucket_object": googleStorageBucketObject, - "google_storage_default_object_access_control": googleStorageDefaultObjectAccessControl, - "google_storage_default_object_acl": googleStorageDefaultObjectACL, - "google_storage_hmac_key": googleStorageHmacKey, - "google_storage_insights_report_config": googleStorageInsightsReportConfig, - "google_storage_object_access_control": googleStorageObjectAccessControl, - "google_vertex_ai_dataset": googleVertexAiDataset, - "google_vertex_ai_endpoint": googleVertexAiEndpoint, - "google_vertex_ai_endpoint_iam_binding": googleVertexAiEndpointIam, - "google_vertex_ai_endpoint_iam_member": googleVertexAiEndpointIam, - "google_vertex_ai_endpoint_iam_policy": googleVertexAiEndpointIam, - "google_vertex_ai_feature_group": googleVertexAiFeatureGroup, - "google_vertex_ai_feature_group_feature": googleVertexAiFeatureGroupFeature, - "google_vertex_ai_feature_online_store": googleVertexAiFeatureOnlineStore, - "google_vertex_ai_feature_online_store_featureview": googleVertexAiFeatureOnlineStoreFeatureview, - "google_vertex_ai_featurestore": googleVertexAiFeaturestore, - "google_vertex_ai_featurestore_entitytype": googleVertexAiFeaturestoreEntitytype, - "google_vertex_ai_featurestore_entitytype_feature": googleVertexAiFeaturestoreEntitytypeFeature, - "google_vertex_ai_featurestore_entitytype_iam_binding": googleVertexAiFeaturestoreEntitytypeIam, - "google_vertex_ai_featurestore_entitytype_iam_member": googleVertexAiFeaturestoreEntitytypeIam, - "google_vertex_ai_featurestore_entitytype_iam_policy": googleVertexAiFeaturestoreEntitytypeIam, - "google_vertex_ai_featurestore_iam_binding": googleVertexAiFeaturestoreIam, - "google_vertex_ai_featurestore_iam_member": googleVertexAiFeaturestoreIam, - "google_vertex_ai_featurestore_iam_policy": googleVertexAiFeaturestoreIam, - "google_vertex_ai_index": googleVertexAiIndex, - "google_vertex_ai_index_endpoint": googleVertexAiIndexEndpoint, - "google_vertex_ai_metadata_store": googleVertexAiMetadataStore, - "google_vertex_ai_tensorboard": googleVertexAiTensorboard, - "google_bigquery_analytics_hub_data_exchange": googleBigqueryAnalyticsHubDataExchange, - "google_bigquery_analytics_hub_data_exchange_iam_binding": googleBigqueryAnalyticsHubDataExchangeIam, - "google_bigquery_analytics_hub_data_exchange_iam_member": googleBigqueryAnalyticsHubDataExchangeIam, - "google_bigquery_analytics_hub_data_exchange_iam_policy": googleBigqueryAnalyticsHubDataExchangeIam, - "google_bigquery_analytics_hub_listing": googleBigqueryAnalyticsHubListing, - "google_bigquery_analytics_hub_listing_iam_binding": googleBigqueryAnalyticsHubListingIam, - "google_bigquery_analytics_hub_listing_iam_member": googleBigqueryAnalyticsHubListingIam, - "google_bigquery_analytics_hub_listing_iam_policy": googleBigqueryAnalyticsHubListingIam, - "google_bigquery_bi_reservation": googleBigqueryBiReservation, - "google_bigquery_capacity_commitment": googleBigqueryCapacityCommitment, - "google_bigquery_connection": googleBigqueryConnection, - "google_bigquery_connection_iam_binding": googleBigqueryConnectionIam, - "google_bigquery_connection_iam_member": googleBigqueryConnectionIam, - "google_bigquery_connection_iam_policy": googleBigqueryConnectionIam, - "google_bigquery_data_transfer_config": googleBigqueryDataTransferConfig, - "google_bigquery_dataset_iam_binding": googleBigqueryDatasetIam, - "google_bigquery_dataset_iam_member": googleBigqueryDatasetIam, - "google_bigquery_dataset_iam_policy": googleBigqueryDatasetIam, - "google_bigquery_reservation": googleBigqueryReservation, - "google_bigquery_reservation_assignment": googleBigqueryReservationAssignment, - "google_bigquery_routine": googleBigqueryRoutine, - "google_bigquery_table_iam_binding": googleBigqueryTableIam, - "google_bigquery_table_iam_member": googleBigqueryTableIam, - "google_bigquery_table_iam_policy": googleBigqueryTableIam, - } + return gCPTfLookup[result] +} + +var gCPTfLookup = map[string]interface{}{ + "backend": gcsBackend, - return TFLookup[result] + "google_access_context_manager_access_level": googleAccessContextManagerAccessLevel, + "google_access_context_manager_access_levels": googleAccessContextManagerAccessLevels, + "google_access_context_manager_access_policy": googleAccessContextManagerAccessPolicy, + "google_access_context_manager_access_policy_iam_binding": googleAccessContextManagerAccessPolicyIam, + "google_access_context_manager_access_policy_iam_member": googleAccessContextManagerAccessPolicyIam, + "google_access_context_manager_access_policy_iam_policy": googleAccessContextManagerAccessPolicyIam, + "google_access_context_manager_authorized_orgs_desc": googleAccessContextManagerAuthorizedOrgsDesc, + "google_access_context_manager_gcp_user_access_binding": googleAccessContextManagerGcpUserAccessBinding, + "google_access_context_manager_service_perimeter": googleAccessContextManagerServicePerimeter, + "google_access_context_manager_service_perimeters": googleAccessContextManagerServicePerimeters, + "google_alloydb_backup": googleAlloydbBackup, + "google_alloydb_cluster": googleAlloydbCluster, + "google_alloydb_instance": googleAlloydbInstance, + "google_alloydb_user": googleAlloydbUser, + "google_api_gateway_api": googleAPIGatewayAPI, + "google_api_gateway_api_config": googleAPIGatewayAPIConfig, + "google_api_gateway_api_config_iam_binding": googleAPIGatewayAPIConfigIam, + "google_api_gateway_api_config_iam_member": googleAPIGatewayAPIConfigIam, + "google_api_gateway_api_config_iam_policy": googleAPIGatewayAPIConfigIam, + "google_api_gateway_api_iam_binding": googleAPIGatewayAPIIam, + "google_api_gateway_api_iam_member": googleAPIGatewayAPIIam, + "google_api_gateway_api_iam_policy": googleAPIGatewayAPIIam, + "google_api_gateway_gateway": googleAPIGatewayGateway, + "google_api_gateway_gateway_iam_binding": googleAPIGatewayGatewayIam, + "google_api_gateway_gateway_iam_member": googleAPIGatewayGatewayIam, + "google_api_gateway_gateway_iam_policy": googleAPIGatewayGatewayIam, + "google_apigee_environment_iam_binding": googleApigeeEnvironmentIamBinding, + "google_apigee_environment_iam_member": googleApigeeEnvironmentIamMember, + "google_apigee_environment_iam_policy": googleApigeeEnvironmentIamPolicy, + "google_apihub_api_hub_instance": googleApihubInstance, + "google_apihub_curation": googleApihubCuration, + "google_apihub_host_project_registration": googleApihubHostProjectRegistration, + "google_apihub_plugin": googleApihubPlugin, + "google_apihub_plugin_instance": googleApihubPluginInstance, + "google_apphub_application": googleApphubApplication, + "google_apphub_service": googleApphubService, + "google_apphub_service_project_attachment": googleApphubServiceProjectAttachment, + "google_apphub_workload": googleApphubWorkload, + "google_artifact_registry_repository": googleArtifactRegistryRepository, + "google_artifact_registry_repository_iam_binding": googleArtifactRegistryRepositoryIamBinding, + "google_artifact_registry_repository_iam_member": googleArtifactRegistryRepositoryIamMember, + "google_artifact_registry_repository_iam_policy": googleArtifactRegistryRepositoryIamPolicy, + "google_backup_dr_backup_plan": googleBackupDRBackupPlan, + "google_backup_dr_backup_plan_association": googleBackupDRBackupPlanAssociation, + "google_backup_dr_backup_vault": googleBackupDRBackupVault, + "google_backup_dr_management_server": googleBackupDRManagementServer, + "google_backup_dr_service_config": googleBackupDRServiceConfig, + "google_beyondcorp_app_connection": googleBeyondcorpAppConnection, + "google_beyondcorp_app_connector": googleBeyondcorpAppConnector, + "google_beyondcorp_app_gateway": googleBeyondcorpAppGateway, + "google_beyondcorp_application": googleBeyondcorpApplication, + "google_beyondcorp_application_iam_binding": googleBeyondcorpApplicationIamBinding, + "google_beyondcorp_application_iam_member": googleBeyondcorpApplicationIamMember, + "google_beyondcorp_application_iam_policy": googleBeyondcorpApplicationIamPolicy, + "google_beyondcorp_security_gateway": googleBeyondcorpSecurityGateway, + "google_beyondcorp_security_gateway_application": googleBeyondcorpSecurityGatewayApplication, + "google_beyondcorp_security_gateway_application_iam_binding": googleBeyondcorpSecurityGatewayApplicationIamBinding, + "google_beyondcorp_security_gateway_application_iam_member": googleBeyondcorpSecurityGatewayApplicationIamMember, + "google_beyondcorp_security_gateway_application_iam_policy": googleBeyondcorpSecurityGatewayApplicationIamPolicy, + "google_beyondcorp_security_gateway_iam_binding": googleBeyondcorpSecurityGatewayIamBinding, + "google_beyondcorp_security_gateway_iam_member": googleBeyondcorpSecurityGatewayIamMember, + "google_beyondcorp_security_gateway_iam_policy": googleBeyondcorpSecurityGatewayIamPolicy, + "google_biglake_catalog": googleBiglakeCatalog, + "google_biglake_database": googleBiglakeDatabase, + "google_biglake_table": googleBiglakeTable, + "google_bigquery_analytics_hub_data_exchange": googleBigqueryAnalyticsHubDataExchange, + "google_bigquery_analytics_hub_data_exchange_iam_binding": googleBigqueryAnalyticsHubDataExchangeIam, + "google_bigquery_analytics_hub_data_exchange_iam_member": googleBigqueryAnalyticsHubDataExchangeIam, + "google_bigquery_analytics_hub_data_exchange_iam_policy": googleBigqueryAnalyticsHubDataExchangeIam, + "google_bigquery_analytics_hub_listing": googleBigqueryAnalyticsHubListing, + "google_bigquery_analytics_hub_listing_iam_binding": googleBigqueryAnalyticsHubListingIam, + "google_bigquery_analytics_hub_listing_iam_member": googleBigqueryAnalyticsHubListingIam, + "google_bigquery_analytics_hub_listing_iam_policy": googleBigqueryAnalyticsHubListingIam, + "google_bigquery_analytics_hub_listing_subscription": googleBigqueryAnalyticsHubListingSubscription, + "google_bigquery_bi_reservation": googleBigqueryBiReservation, + "google_bigquery_capacity_commitment": googleBigqueryCapacityCommitment, + "google_bigquery_connection": googleBigqueryConnection, + "google_bigquery_connection_iam_binding": googleBigqueryConnectionIam, + "google_bigquery_connection_iam_member": googleBigqueryConnectionIam, + "google_bigquery_connection_iam_policy": googleBigqueryConnectionIam, + "google_bigquery_data_transfer_config": googleBigqueryDataTransferConfig, + "google_bigquery_datapolicy_data_policy": googleBigqueryDatapolicyDataPolicy, + "google_bigquery_datapolicy_data_policy_iam_binding": googleBigqueryDatapolicyDataPolicyIamBinding, + "google_bigquery_datapolicy_data_policy_iam_member": googleBigqueryDatapolicyDataPolicyIamMember, + "google_bigquery_datapolicy_data_policy_iam_policy": googleBigqueryDatapolicyDataPolicyIamPolicy, + "google_bigquery_dataset": googleBigqueryDataset, + "google_bigquery_dataset_access": googleBigqueryDatasetAccess, + "google_bigquery_dataset_iam_binding": googleBigqueryDatasetIam, + "google_bigquery_dataset_iam_member": googleBigqueryDatasetIam, + "google_bigquery_dataset_iam_policy": googleBigqueryDatasetIam, + "google_bigquery_job": googleBigqueryJob, + "google_bigquery_reservation": googleBigqueryReservation, + "google_bigquery_reservation_assignment": googleBigqueryReservationAssignment, + "google_bigquery_routine": googleBigqueryRoutine, + "google_bigquery_row_access_policy": googleBigqueryRowAccessPolicy, + "google_bigquery_table": googleBigQueryTable, + "google_bigquery_table_iam_binding": googleBigqueryTableIam, + "google_bigquery_table_iam_member": googleBigqueryTableIam, + "google_bigquery_table_iam_policy": googleBigqueryTableIam, + "google_bigtable_app_profile": googleBigtableAppProfile, + "google_bigtable_authorized_view": googleBigtableAuthorizedView, + "google_bigtable_gc_policy": googleBigtableGcPolicy, + "google_bigtable_instance": googleBigtableInstance, + "google_bigtable_instance_iam_binding": googleBigTableInstanceIam, + "google_bigtable_instance_iam_member": googleBigTableInstanceIam, + "google_bigtable_instance_iam_policy": googleBigTableInstanceIam, + "google_bigtable_logical_view": googleBigtableLogicalView, + "google_bigtable_materialized_view": googleBigtableMaterializedView, + "google_bigtable_schema_bundle": googleBigtableSchemaBundle, + "google_bigtable_table": googleBigtableTable, + "google_bigtable_table_iam_binding": googleBigTableTableIam, + "google_bigtable_table_iam_member": googleBigTableTableIam, + "google_bigtable_table_iam_policy": googleBigTableTableIam, + "google_billing_account_iam_binding": googleBillingAccountIamBinding, + "google_billing_account_iam_member": googleBillingAccountIamMember, + "google_billing_account_iam_policy": googleBillingAccountIamPolicy, + "google_billing_budget": googleBillingBudget, + "google_billing_project_info": googleBillingProjectInfo, + "google_binary_authorization_attestor_iam_binding": googleBinaryAuthorizationAttestorIamBinding, + "google_binary_authorization_attestor_iam_member": googleBinaryAuthorizationAttestorIamMember, + "google_binary_authorization_attestor_iam_policy": googleBinaryAuthorizationAttestorIamPolicy, + "google_chronicle_data_access_label": googleChronicleDataAccessLabel, + "google_chronicle_data_access_scope": googleChronicleDataAccessScope, + "google_chronicle_reference_list": googleChronicleReferenceList, + "google_chronicle_retrohunt": googleChronicleRetrohunt, + "google_chronicle_rule": googleChronicleRule, + "google_chronicle_rule_deployment": googleChronicleRuleDeployment, + "google_chronicle_watchlist": googleChronicleWatchlist, + "google_cloud_run_domain_mapping": googleCloudRunDomainMapping, + "google_cloud_run_service": googleCloudRunService, + "google_cloud_run_service_iam_binding": googleCloudRunServiceIamBinding, + "google_cloud_run_service_iam_member": googleCloudRunServiceIamMember, + "google_cloud_run_service_iam_policy": googleCloudRunServiceIamPolicy, + "google_cloud_run_v2_job": googleCloudRunV2Job, + "google_cloud_run_v2_job_iam_binding": googleCloudRunV2JobIam, + "google_cloud_run_v2_job_iam_member": googleCloudRunV2JobIam, + "google_cloud_run_v2_job_iam_policy": googleCloudRunV2JobIam, + "google_cloud_run_v2_service": googleCloudRunV2Service, + "google_cloud_run_v2_service_iam_binding": googleCloudRunV2ServiceIam, + "google_cloud_run_v2_service_iam_member": googleCloudRunV2ServiceIam, + "google_cloud_run_v2_service_iam_policy": googleCloudRunV2ServiceIam, + "google_cloud_run_v2_worker_pool": googleCloudRunV2WorkerPool, + "google_cloud_run_v2_worker_pool_iam_binding": googleCloudRunV2WorkerPoolIamBinding, + "google_cloud_run_v2_worker_pool_iam_member": googleCloudRunV2WorkerPoolIamMember, + "google_cloud_run_v2_worker_pool_iam_policy": googleCloudRunV2WorkerPoolIamPolicy, + "google_cloud_scheduler_job": googleCloudSchedulerJob, + "google_cloud_tasks_queue_iam_binding": googleCloudTasksQueueIamBinding, + "google_cloud_tasks_queue_iam_member": googleCloudTasksQueueIamMember, + "google_cloud_tasks_queue_iam_policy": googleCloudTasksQueueIamPolicy, + "google_cloudbuild_trigger": googleCloudbuildTrigger, + "google_cloudbuildv2_connection": googleCloudbuildv2Connection, + "google_cloudbuildv2_connection_iam_binding": googleCloudbuildv2ConnectionIamBinding, + "google_cloudbuildv2_connection_iam_member": googleCloudbuildv2ConnectionIamMember, + "google_cloudbuildv2_connection_iam_policy": googleCloudbuildv2ConnectionIamPolicy, + "google_cloudbuildv2_repository": googleCloudbuildv2Repository, + "google_clouddeploy_custom_target_type_iam_binding": googleClouddeployCustomTargetTypeIamBinding, + "google_clouddeploy_custom_target_type_iam_member": googleClouddeployCustomTargetTypeIamMember, + "google_clouddeploy_custom_target_type_iam_policy": googleClouddeployCustomTargetTypeIamPolicy, + "google_clouddeploy_delivery_pipeline_iam_binding": googleClouddeployDeliveryPipelineIamBinding, + "google_clouddeploy_delivery_pipeline_iam_member": googleClouddeployDeliveryPipelineIamMember, + "google_clouddeploy_delivery_pipeline_iam_policy": googleClouddeployDeliveryPipelineIamPolicy, + "google_clouddeploy_target_iam_binding": googleClouddeployTargetIamBinding, + "google_clouddeploy_target_iam_member": googleClouddeployTargetIamMember, + "google_clouddeploy_target_iam_policy": googleClouddeployTargetIamPolicy, + "google_cloudfunctions2_function": googleCloudfunction2Function, + "google_cloudfunctions2_function_iam_binding": googleCloudfunction2FunctionIamBinding, + "google_cloudfunctions2_function_iam_member": googleCloudfunction2FunctionIamMember, + "google_cloudfunctions2_function_iam_policy": googleCloudfunction2FunctionIamPolicy, + "google_cloudfunctions_function": googleCloudfunctionsFunction, + "google_cloudfunctions_function_iam_binding": googleCloudfunctionsFunctionIamBinding, + "google_cloudfunctions_function_iam_member": googleCloudfunctionsFunctionIamPolicy, + "google_cloudfunctions_function_iam_policy": googleCloudfunctionsFunctionIamPolicy, + "google_colab_runtime_template_iam_binding": googleColabRuntimeTemplateIamBinding, + "google_colab_runtime_template_iam_member": googleColabRuntimeTemplateIamMember, + "google_colab_runtime_template_iam_policy": googleColabRuntimeTemplateIamPolicy, + "google_composer_environment": googleComposerEnvironment, + "google_composer_user_workloads_config_map": googleComposerUserWorkloadsConfigMap, + "google_composer_user_workloads_secret": googleComposerUserWorkloadsSecret, + "google_compute_address": googleComputeAddress, + "google_compute_backend_bucket": googleComputeBackendBucket, + "google_compute_backend_bucket_iam_binding": googleComputeBackendBucketIamBinding, + "google_compute_backend_bucket_iam_member": googleComputeBackendBucketIamMember, + "google_compute_backend_bucket_iam_policy": googleComputeBackendBucketIamPolicy, + "google_compute_backend_service": googleComputeBackendService, + "google_compute_backend_service_iam_binding": googleComputeBackendServiceIamBinding, + "google_compute_backend_service_iam_member": googleComputeBackendServiceIamMember, + "google_compute_backend_service_iam_policy": googleComputeBackendServiceIamPolicy, + "google_compute_disk_iam_binding": googleComputeDiskIamBinding, + "google_compute_disk_iam_member": googleComputeDiskIamMember, + "google_compute_disk_iam_policy": googleComputeDiskIamPolicy, + "google_compute_firewall": googleComputeFirewall, + "google_compute_forwarding_rule": googleComputeForwardingRule, + "google_compute_global_address": googleComputeGlobalAddress, + "google_compute_global_forwarding_rule": googleComputeGlobalForwardingRule, + "google_compute_global_network_endpoint_group": googleComputeGlobalNetworkEndpointGroup, + "google_compute_health_check": googleComputeHealthcheck, + "google_compute_http_health_check": googleComputeHttpHealthCheck, + "google_compute_https_health_check": googleComputeHttpsHealthCheck, + "google_compute_image_iam_binding": googleComputeImageIamBinding, + "google_compute_image_iam_member": googleComputeImageIamMember, + "google_compute_image_iam_policy": googleComputeImageIamPolicy, + "google_compute_instance": googleComputeInstance, + "google_compute_instance_iam_binding": googleComputeInstanceIamBinding, + "google_compute_instance_iam_member": googleComputeInstanceIamMember, + "google_compute_instance_iam_policy": googleComputeInstanceIamPolicy, + "google_compute_instance_template": googleComputeInstanceTemplate, + "google_compute_instance_template_iam_binding": googleComputeInstanceTemplateIamBinding, + "google_compute_instance_template_iam_member": googleComputeInstanceTemplateIamMember, + "google_compute_instance_template_iam_policy": googleComputeInstanceTemplateIamPolicy, + "google_compute_instant_snapshot_iam_binding": googleComputeInstanceSnapshotIamBinding, + "google_compute_instant_snapshot_iam_member": googleComputeInstanceSnapshotIamMember, + "google_compute_instant_snapshot_iam_policy": googleComputeInstanceSnapshotIamPolicy, + "google_compute_machine_image_iam_binding": googleComputeMachineImageIamBinding, + "google_compute_machine_image_iam_member": googleComputeMachineImageIamMember, + "google_compute_machine_image_iam_policy": googleComputeMachineImageIamPolicy, + "google_compute_network": googleComputeNetwork, + "google_compute_network_attachment": googleComputeNetworkAttachment, + "google_compute_network_endpoint_group": googleComputeNetworkEndpointGroup, + "google_compute_project_metadata_item": googleComputeProjectMetadataItem, + "google_compute_region_backend_service": googleComputeRgionBackendService, + "google_compute_region_backend_service_iam_binding": googleComputeRegionBackendServiceIamBinding, + "google_compute_region_backend_service_iam_member": googleComputeRegionBackendServiceIamMember, + "google_compute_region_backend_service_iam_policy": googleComputeRegionBackendServiceIamPolicy, + "google_compute_region_disk_iam_binding": googleComputeRegionDiskIamBinding, + "google_compute_region_disk_iam_member": googleComputeRegionDiskIamMember, + "google_compute_region_disk_iam_policy": googleComputeRegionDiskIamPolicy, + "google_compute_region_health_check": googleComputeRegioHealthCheck, + "google_compute_region_network_endpoint_group": googleComputeRegionNetworkEndpointGroup, + "google_compute_region_ssl_certificate": googleComputeRegionSslCertificate, + "google_compute_region_target_http_proxy": googleComputeRegionTargetHttpProxy, + "google_compute_region_target_https_proxy": googleComputeRegionTargetHttpsProxy, + "google_compute_region_target_tcp_proxy": googleComputeRegionTargetTcpProxy, + "google_compute_region_url_map": googleComputeRegionUrlMap, + "google_compute_security_policy": googleComputeSecurityPolicy, + "google_compute_snapshot_iam_binding": googleComputeSnapshotIamBinding, + "google_compute_snapshot_iam_member": googleComputeSnapshotIamMember, + "google_compute_snapshot_iam_policy": googleComputeSnapshotIamPolicy, + "google_compute_storage_pool_iam_binding": googleComputeStoragePoolIamBinding, + "google_compute_storage_pool_iam_member": googleComputeStoragePoolIamMember, + "google_compute_storage_pool_iam_policy": googleComputeStoragePoolIamPolicy, + "google_compute_subnetwork": googleComputeSubnetwork, + "google_compute_subnetwork_iam_binding": googleComputeSubnetworkIamBinding, + "google_compute_subnetwork_iam_member": googleComputeSubnetworkIamMember, + "google_compute_subnetwork_iam_policy": googleComputeSubnetworkIamPolicy, + "google_compute_target_http_proxy": googleComputeTargetHttpProxy, + "google_compute_target_https_proxy": googleComputeTargetHttpsProxy, + "google_compute_url_map": googleComputeUrlMap, + "google_contact_center_insights_analysis_rule": googleContactCenterInsightsAnalysisRule, + "google_contact_center_insights_view": googleContactCenterInsightsView, + "google_container_analysis_note_iam_binding": googleContainerAnalysisNoteIamBinding, + "google_container_analysis_note_iam_member": googleContainerAnalysisNoteIamMember, + "google_container_analysis_note_iam_policy": googleContainerAnalysisNoteIamPolicy, + "google_container_cluster": googleContainerCluster, + "google_container_node_pool": googleContainerNodePool, + "google_data_catalog_entry": googleDataCatalogEntry, + "google_data_catalog_entry_group": googleDataCatalogEntryGroup, + "google_data_catalog_entry_group_iam_binding": googleDataCatalogEntryGroupIamPolicy, + "google_data_catalog_entry_group_iam_member": googleDataCatalogEntryGroupIamMember, + "google_data_catalog_entry_group_iam_policy": googleDataCatalogEntryGroupIamPolicy, + "google_data_catalog_policy_tag": googleDataCatalogPolicyTag, + "google_data_catalog_policy_tag_iam_binding": googleDataCatalogPolicyTagIamPolicy, + "google_data_catalog_policy_tag_iam_member": googleDataCatalogPolicyTagIamMember, + "google_data_catalog_policy_tag_iam_policy": googleDataCatalogPolicyTagIamPolicy, + "google_data_catalog_tag": googleDataCatalogTag, + "google_data_catalog_tag_template": googleDataCatalogTagTemplate, + "google_data_catalog_tag_template_iam_binding": googleDataCatalogTagTemplateIamPolicy, + "google_data_catalog_tag_template_iam_member": googleDataCatalogTagTemplateIamPolicy, + "google_data_catalog_tag_template_iam_policy": googleDataCatalogTagTemplateIamPolicy, + "google_data_catalog_taxonomy": googleDataCatalogTaxonomy, + "google_data_catalog_taxonomy_iam_binding": googleDataCatalogTaxonomyIamBinding, + "google_data_catalog_taxonomy_iam_member": googleDataCatalogTaxonomyIamMember, + "google_data_catalog_taxonomy_iam_policy": googleDataCatalogTaxonomyIamPolicy, + "google_data_fusion_instance_iam_binding": googleDataFusionInstanceIamBinding, + "google_data_fusion_instance_iam_member": googleDataFusionInstanceIamMember, + "google_data_fusion_instance_iam_policy": googleDataFusionInstanceIamPolicy, + "google_dataflow_job": googleDataflowJob, + "google_dataform_repository": googleDataformRepository, + "google_dataform_repository_iam_binding": googleDataformRepositoryIamBinding, + "google_dataform_repository_iam_member": googleDataformRepositoryIamMember, + "google_dataform_repository_iam_policy": googleDataformRepositoryIamPolicy, + "google_dataform_repository_release_config": googleDataformRepositoryReleaseConfig, + "google_dataform_repository_workflow_config": googleDataformRepositoryWorkflowConfig, + "google_dataplex_aspect_type": googleDataplexAspectType, + "google_dataplex_aspect_type_iam_binding": googleDataplexAspectTypeIamBinding, + "google_dataplex_aspect_type_iam_member": googleDataplexAspectTypeIamMember, + "google_dataplex_aspect_type_iam_policy": googleDataplexAspectTypeIamPolicy, + "google_dataplex_asset": googleDataplexAsset, + "google_dataplex_asset_iam_binding": googleDataplexAssetIamBinding, + "google_dataplex_asset_iam_member": googleDataplexAssetIamMember, + "google_dataplex_asset_iam_policy": googleDataplexAssetIamPolicy, + "google_dataplex_datascan": googleDataplexDatascan, + "google_dataplex_datascan_iam_binding": googleDataplexDatascanIamBinding, + "google_dataplex_datascan_iam_member": googleDataplexDatascanIamMember, + "google_dataplex_datascan_iam_policy": googleDataplexDatascanIamPolicy, + "google_dataplex_entry": googleDataplexEntry, + "google_dataplex_entry_group": googleDataplexEntryGroup, + "google_dataplex_entry_group_iam_binding": googleDataplexEntryGroupIamBinding, + "google_dataplex_entry_group_iam_member": googleDataplexEntryGroupIamMember, + "google_dataplex_entry_group_iam_policy": googleDataplexEntryGroupIamPolicy, + "google_dataplex_entry_type": googleDataplexEntryType, + "google_dataplex_entry_type_iam_binding": googleDataplexEntryTypeIamBinding, + "google_dataplex_entry_type_iam_member": googleDataplexEntryTypeIamMember, + "google_dataplex_entry_type_iam_policy": googleDataplexEntryTypeIamPolicy, + "google_dataplex_glossary": googleDataplexGlossary, + "google_dataplex_glossary_category": googleDataplexGlossaryCategory, + "google_dataplex_glossary_iam_binding": googleDataplexGlossaryIamBinding, + "google_dataplex_glossary_iam_member": googleDataplexGlossaryIamMember, + "google_dataplex_glossary_iam_policy": googleDataplexGlossaryIamPolicy, + "google_dataplex_glossary_term": googleDataplexGlossaryTerm, + "google_dataplex_lake": googleDataplexLake, + "google_dataplex_lake_iam_binding": googleDataplexLakeIamBinding, + "google_dataplex_lake_iam_member": googleDataplexLakeIamMember, + "google_dataplex_lake_iam_policy": googleDataplexLakeIamPolicy, + "google_dataplex_task": googleDataplexTask, + "google_dataplex_task_iam_binding": googleDataplexLakeIamBinding, + "google_dataplex_task_iam_member": googleDataplexTaskIamMember, + "google_dataplex_task_iam_policy": googleDataplexTaskIamPolicy, + "google_dataplex_zone": googleDataplexZone, + "google_dataplex_zone_iam_binding": googleDataplexZoneIamBinding, + "google_dataplex_zone_iam_member": googleDataplexZoneIamMember, + "google_dataplex_zone_iam_policy": googleDataplexLakeIamPolicy, + "google_dataproc_autoscaling_policy": googleDataprocAutoscalingPolicy, + "google_dataproc_autoscaling_policy_iam_binding": googleDataprocAutoscalingPolicyIamBinding, + "google_dataproc_autoscaling_policy_iam_member": googleDataprocAutoscalingPolicyIamMember, + "google_dataproc_autoscaling_policy_iam_policy": googleDataprocAutoscalingPolicyIamPolicy, + "google_dataproc_batch": googleDataprocBatch, + "google_dataproc_cluster": googleDataprocCluster, + "google_dataproc_cluster_iam_binding": googleDataprocClusterIamBinding, + "google_dataproc_cluster_iam_member": googleDataprocClusterIamMember, + "google_dataproc_cluster_iam_policy": googleDataprocClusterIamPolicy, + "google_dataproc_job": googleDataprocJob, + "google_dataproc_job_iam_binding": googleDataprocJobIamBinding, + "google_dataproc_job_iam_member": googleDataprocJobIamMember, + "google_dataproc_job_iam_policy": googleDataprocJobIamPolicy, + "google_dataproc_metastore_database_iam_binding": googleDataprocMetastoreDatabaseIamBinding, + "google_dataproc_metastore_database_iam_member": googleDataprocMetastoreDatabaseIamMember, + "google_dataproc_metastore_database_iam_policy": googleDataprocMetastoreDatabaseIamPolicy, + "google_dataproc_metastore_federation_iam_binding": googleDataprocMetastoreFederationIamBinding, + "google_dataproc_metastore_federation_iam_member": googleDataprocMetastoreFederationIamMember, + "google_dataproc_metastore_federation_iam_policy": googleDataprocMetastoreFederationIamPolicy, + "google_dataproc_metastore_service_iam_binding": googleDataprocMetastoreServiceIamBinding, + "google_dataproc_metastore_service_iam_member": googleDataprocMetastoreServiceIamMember, + "google_dataproc_metastore_service_iam_policy": googleDataprocMetastoreServiceIamPolicy, + "google_dataproc_metastore_table_iam_binding": googleDataprocMetastoreTableIamBinding, + "google_dataproc_metastore_table_iam_member": googleDataprocMetastoreTableIamMember, + "google_dataproc_metastore_table_iam_policy": googleDataprocMetastoreTableIamPolicy, + "google_dataproc_session_template": googleDataprocSessionTemplate, + "google_dataproc_workflow_template": googleDataprocWorkflowTemplate, + "google_default_service_accounts": googleDefaultServiceAccounts, + "google_deployment_manager_deployment": googleDeploymentManagerDeployment, + "google_developer_connect_account_connector": googleDeveloperConnectAccountConnector, + "google_developer_connect_connection": googleDeveloperConnectConnection, + "google_developer_connect_git_repository_link": googleDeveloperConnectGitRepositoryLink, + "google_dialogflow_agent": googleDialogflowAgent, + "google_dialogflow_conversation_profile": googleDialogflowConversationProfile, + "google_dialogflow_cx_agent": googleDialogflowCxAgent, + "google_dialogflow_cx_entity_type": googleDialogflowCxEntityType, + "google_dialogflow_cx_environment": googleDialogflowCxEnvironment, + "google_dialogflow_cx_flow": googleDialogflowCxFlow, + "google_dialogflow_cx_generative_settings": googleDialogflowCxGenerativeSettings, + "google_dialogflow_cx_generator": googleDialogflowCxGenerator, + "google_dialogflow_cx_intent": googleDialogflowCxIntent, + "google_dialogflow_cx_page": googleDialogflowCxPage, + "google_dialogflow_cx_playbook": googleDialogflowCxPlaybook, + "google_dialogflow_cx_security_settings": googleDialogflowCxSecuritySettings, + "google_dialogflow_cx_tool": googleDialogflowCxTool, + "google_dialogflow_cx_version": googleDialogflowCxVersion, + "google_dialogflow_cx_webhook": googleDialogflowCxWebhook, + "google_dialogflow_encryption_spec": googleDialogflowEncryptionSpec, + "google_dialogflow_entity_type": googleDialogflowEntityType, + "google_dialogflow_fulfillment": googleDialogflowFulfillment, + "google_dialogflow_intent": googleDialogflowIntent, + "google_dns_managed_zone": googleDnsmanagedZone, + "google_dns_managed_zone_iam_binding": googleDNSManagedZoneIamBinding, + "google_dns_managed_zone_iam_member": googleDNSManagedZoneIamMember, + "google_dns_managed_zone_iam_policy": googleDNSManagedZoneIamPolicy, + "google_dns_policy": googleDNSPolicy, + "google_dns_record_set": googleDNSRecordSet, + "google_edgecontainer_cluster": googleEdgecontainerCluster, + "google_edgecontainer_node_pool": googleEdgecontainerNodePool, + "google_edgecontainer_vpn_connection": googleEdgecontainerVpnConnection, + "google_edgenetwork_interconnect_attachment": googleEdgecontainerInterconnectAttachment, + "google_edgenetwork_network": googleEdgecontainerNetwork, + "google_edgenetwork_subnet": googleEdgecontainerSubnet, + "google_endpoints_service_consumers_iam_binding": googleEndpointsServiceConsumersIamBinding, + "google_endpoints_service_consumers_iam_member": googleEndpointsServiceConsumersIamMember, + "google_endpoints_service_consumers_iam_policy": googleEndpointsServiceConsumersIamPolicy, + "google_endpoints_service_iam_binding": googleEndpointsServiceIamBinding, + "google_endpoints_service_iam_member": googleEndpointsServiceIamMember, + "google_endpoints_service_iam_policy": googleEndpointsServiceIamPolicy, + "google_eventarc_channel": googleEventarcChannel, + "google_eventarc_enrollment": googleEventarcEnrollment, + "google_eventarc_google_api_source": googleEventarcGoogleApiSource, + "google_eventarc_google_channel_config": googleEventarcGoogleChannelConfig, + "google_eventarc_message_bus": googleEventarcMessageBus, + "google_eventarc_pipeline": googleEventarcPipeline, + "google_eventarc_trigger": googleEventarcTrigger, + "google_firebase_android_app": googleFirebaseAndroidApp, + "google_firebase_apple_app": googleFirebaseAppleApp, + "google_firebase_database_instance": googleFirebaseDatabaseInstance, + "google_firebase_hosting_channel": googleFirebaseHostingSite, + "google_firebase_hosting_custom_domain": googleFirebaseHostingSite, + "google_firebase_hosting_release": googleFirebaseHostingSite, + "google_firebase_hosting_site": googleFirebaseHostingSite, + "google_firebase_hosting_version": googleFirebaseHostingSite, + "google_firebase_project": googleFirebaseProject, + "google_firebase_storage_bucket": googleFirebaseStorageBucket, + "google_firebase_web_app": googleFirebaseWebApp, + "google_firebaserules_release": googleFirebaserulesRelease, + "google_firebaserules_ruleset": googleFirebaserulesRuleset, + "google_folder_iam_binding": googleFolderIamBinding, + "google_folder_iam_member": googleFolderIamMember, + "google_folder_iam_policy": googleFolderIamPolicy, + "google_gemini_repository_group_iam_binding": googleGeminiRepositoryGroupIamBinding, + "google_gemini_repository_group_iam_member": googleGeminiRepositoryGroupIamMember, + "google_gemini_repository_group_iam_policy": googleGeminiRepositoryGroupIamPolicy, + "google_gke_backup_backup_plan_iam_binding": googleGkeBackupBackupPlanIamBinding, + "google_gke_backup_backup_plan_iam_member": googleGkeBackupBackupPlanIamMember, + "google_gke_backup_backup_plan_iam_policy": googleGkeBackupBackupPlanIamPolicy, + "google_gke_backup_restore_plan_iam_binding": googleGkeBackupRestorePlanIamBinding, + "google_gke_backup_restore_plan_iam_member": googleGkeBackupRestorePlanIamMember, + "google_gke_backup_restore_plan_iam_policy": googleGkeBackupRestorePlanIamPolicy, + "google_gke_hub_feature_iam_binding": googleGkeHubFeatureIamBinding, + "google_gke_hub_feature_iam_member": googleGkeHubFeatureIamMember, + "google_gke_hub_feature_iam_policy": googleGkeHubFeatureIamPolicy, + "google_gke_hub_membership_iam_binding": googleGkeHubMembershipIamBinding, + "google_gke_hub_membership_iam_member": googleGkeHubMembershipIamMember, + "google_gke_hub_membership_iam_policy": googleGkeHubMembershipIamPolicy, + "google_gke_hub_scope_iam_binding": googleGkeHubScopeIamBinding, + "google_gke_hub_scope_iam_member": googleGkeHubScopeIamMember, + "google_gke_hub_scope_iam_policy": googleGkeHubScopeIamPolicy, + "google_healthcare_consent_store_iam_binding": googleHealthcareConsentStoreIamBinding, + "google_healthcare_consent_store_iam_member": googleHealthcareConsentStoreIamMember, + "google_healthcare_consent_store_iam_policy": googleHealthcareConsentStoreIamPolicy, + "google_healthcare_dataset_iam_binding": googleHealthcareDatasetIamBinding, + "google_healthcare_dataset_iam_member": googleHealthcareDatasetIamMember, + "google_healthcare_dataset_iam_policy": googleHealthcareDatasetIamPolicy, + "google_healthcare_dicom_store_iam_binding": googleHealthcareDicomStoreIamBinding, + "google_healthcare_dicom_store_iam_member": googleHealthcareDicomStoreIamMember, + "google_healthcare_dicom_store_iam_policy": googleHealthcareDicomStoreIamPolicy, + "google_healthcare_fhir_store_iam_binding": googleHealthcareFhirStoreIamBinding, + "google_healthcare_fhir_store_iam_member": googleHealthcareFhirStoreIamMember, + "google_healthcare_fhir_store_iam_policy": googleHealthcareFhirStoreIamPolicy, + "google_healthcare_hl7_v2_store_iam_binding": googleHealthcareHl7V2StoreIamBinding, + "google_healthcare_hl7_v2_store_iam_member": googleHealthcareHl7V2StoreIamMember, + "google_healthcare_hl7_v2_store_iam_policy": googleHealthcareHl7V2StoreIamPolicy, + "google_iam_workforce_pool": googleIamWorkforcePool, + "google_iam_workforce_pool_iam_binding": googleIamWorkforcePoolIamBinding, + "google_iam_workforce_pool_iam_member": googleIamWorkforcePoolIamMember, + "google_iam_workforce_pool_iam_policy": googleIamWorkforcePoolIamPolicy, + "google_iam_workforce_pool_provider": googleIamWorkforcePoolProvider, + "google_iam_workforce_pool_provider_key": googleIamWorkforcePoolProviderKey, + "google_iam_workload_identity_pool": googleIamWorkloadIdentityPool, + "google_iam_workload_identity_pool_iam_binding": googleIamWorkloadIdentityPoolIamBinding, + "google_iam_workload_identity_pool_iam_member": googleIamWorkloadIdentityPoolIamMember, + "google_iam_workload_identity_pool_iam_policy": googleIamWorkloadIdentityPoolIamPolicy, + "google_iam_workload_identity_pool_provider": googleIamWorkloadIdentityPoolProvider, + "google_iap_app_engine_service_iam_binding": googleIapAppEngineServiceIamBinding, + "google_iap_app_engine_service_iam_member": googleIapAppEngineServiceIamMember, + "google_iap_app_engine_service_iam_policy": googleIapAppEngineServiceIamPolicy, + "google_iap_app_engine_version_iam_binding": googleIapAppEngineVersionIamBinding, + "google_iap_app_engine_version_iam_member": googleIapAppEngineVersionIamMember, + "google_iap_app_engine_version_iam_policy": googleIapAppEngineVersionIamPolicy, + "google_iap_tunnel_dest_group_iam_binding": googleIapTunnelDestGroupIamBinding, + "google_iap_tunnel_dest_group_iam_member": googleIapTunnelDestGroupIamMember, + "google_iap_tunnel_dest_group_iam_policy": googleIapTunnelDestGroupIamPolicy, + "google_iap_tunnel_iam_binding": googleIapTunnelIamBinding, + "google_iap_tunnel_iam_member": googleIapTunnelIamMember, + "google_iap_tunnel_iam_policy": googleIapTunnelIamPolicy, + "google_iap_tunnel_instance_iam_binding": googleIapTunnelInstanceIamBinding, + "google_iap_tunnel_instance_iam_member": googleIapTunnelInstanceIamMember, + "google_iap_tunnel_instance_iam_policy": googleIapTunnelInstanceIamPolicy, + "google_iap_web_backend_service_iam_binding": googleIapWebBackendServiceIamBinding, + "google_iap_web_backend_service_iam_member": googleIapWebBackendServiceIamMember, + "google_iap_web_backend_service_iam_policy": googleIapWebBackendServiceIamPolicy, + "google_iap_web_cloud_run_service_iam_binding": googleIapWebCloudRunServiceIamBinding, + "google_iap_web_cloud_run_service_iam_member": googleIapWebCloudRunServiceIamMember, + "google_iap_web_cloud_run_service_iam_policy": googleIapWebCloudRunServiceIamPolicy, + "google_iap_web_iam_binding": googleIapWebIamBinding, + "google_iap_web_iam_member": googleIapWebIamMember, + "google_iap_web_iam_policy": googleIapWebIamPolicy, + "google_iap_web_region_backend_service_iam_binding": googleIapWebRegionBackendServiceIamBinding, + "google_iap_web_region_backend_service_iam_member": googleIapWebRegionBackendServiceIamMember, + "google_iap_web_region_backend_service_iam_policy": googleIapWebRegionBackendServiceIamPolicy, + "google_iap_web_type_app_engine_iam_binding": googleIapWebTypeAppEngineIamBinding, + "google_iap_web_type_app_engine_iam_member": googleIapWebTypeAppEngineIamMember, + "google_iap_web_type_app_engine_iam_policy": googleIapWebTypeAppEngineIamPolicy, + "google_iap_web_type_compute_iam_binding": googleIapWebTypeComputeIamBinding, + "google_iap_web_type_compute_iam_member": googleIapWebTypeComputeIamMember, + "google_iap_web_type_compute_iam_policy": googleIapWebTypeComputeIamPolicy, + "google_kms_crypto_key": googleKmsCryptoKey, + "google_kms_crypto_key_iam_binding": googlekmsCryptoKeyIamBinding, + "google_kms_crypto_key_iam_member": googlekmsCryptoKeyIamMember, + "google_kms_crypto_key_iam_policy": googlekmsCryptoKeyIamPolicy, + "google_kms_crypto_key_version": googleKmsCryptoKeyVersions, + "google_kms_ekm_connection_iam_binding": googleKmsEkmConnectionIamBinding, + "google_kms_ekm_connection_iam_member": googleKmsEkmConnectionIamMember, + "google_kms_ekm_connection_iam_policy": googleKmsEkmConnectionIamPolicy, + "google_kms_key_handle": googleKmsKeyHandle, + "google_kms_key_ring": googleKmsKeyRing, + "google_kms_key_ring_iam_binding": googleKmsKeyRingIamBinding, + "google_kms_key_ring_iam_member": googleKmsKeyRingIamMember, + "google_kms_key_ring_iam_policy": googleKmsKeyRingIamPolicy, + "google_kms_key_ring_import_job": googleKmsKeyRingImportJob, + "google_kms_secret_ciphertext": googleKmsSecretCiphertext, + "google_logging_billing_account_exclusion": googleLoggingBillingAccountExclusion, + "google_logging_billing_account_sink": googleLoggingBillingAccountSink, + "google_logging_folder_exclusion": googleLoggingFolderExclusion, + "google_logging_folder_settings": googleLoggingFolderSettings, + "google_logging_folder_sink": googleLoggingFolderSink, + "google_logging_linked_dataset": googleLoggingLinkedDataset, + "google_logging_log_scope": googleLoggingLogScope, + "google_logging_log_view": googleLoggingLogView, + "google_logging_log_view_iam_binding": googleLoggingLogViewIamBinding, + "google_logging_log_view_iam_member": googleLoggingLogViewIamMember, + "google_logging_log_view_iam_policy": googleLoggingLogViewIamPolicy, + "google_logging_metric": googleLoggingMetric, + "google_logging_organization_exclusion": googleLoggingOrganizationExclusion, + "google_logging_organization_settings": googleLoggingOrganizationSettings, + "google_logging_organization_sink": googleLoggingOrganizationSink, + "google_logging_project_exclusion": googleLoggingProjectExclusion, + "google_logging_project_sink": googleLoggingProjectSink, + "google_managed_kafka_acl": googleManagedKafkaAcl, + "google_managed_kafka_cluster": googleManagedKafkaCluster, + "google_managed_kafka_connect_cluster": googleManagedKafkaConnectCluster, + "google_managed_kafka_connector": googleManagedKafkaConnector, + "google_managed_kafka_topic": googleManagedKafkaTopics, + "google_memcache_instance": googleMemcacheInstance, + "google_memorystore_instance": googleMemorystoreInstance, + "google_model_armor_floorsetting": googleModelArmorFloorsetting, + "google_model_armor_template": googleModelArmorTemplate, + "google_monitoring_alert_policy": googleMonitoringAlertPolicy, + "google_monitoring_custom_service": googleMonitoringCustomService, + "google_monitoring_dashboard": googleMonitoringDashboard, + "google_monitoring_group": googleMonitoringGroup, + "google_monitoring_metric_descriptor": googleMonitoringMetricDescriptor, + "google_monitoring_monitored_project": googleMonitoringMonitoredProject, + "google_monitoring_notification_channel": googleMonitoringNotificationChannel, + "google_monitoring_service": googleMonitoringService, + "google_monitoring_slo": googleMonitoringSLO, + "google_monitoring_uptime_check_config": googleMonitoringUptimeCheckConfig, + "google_network_security_address_group_iam_binding": googleNetworkSecurityAddressGroupIamBinding, + "google_network_security_address_group_iam_member": googleNetworkSecurityAddressGroupIamMember, + "google_network_security_address_group_iam_policy": googleNetworkSecurityAddressGroupIamPolicy, + "google_notebooks_environment": googleNotebooksEnvironment, + "google_notebooks_instance": googleNotebooksInstance, + "google_notebooks_instance_iam_binding": googleNotebooksInstanceIamBinding, + "google_notebooks_instance_iam_member": googleNotebooksInstanceIamMember, + "google_notebooks_instance_iam_policy": googleNotebooksInstanceIamPolicy, + "google_notebooks_runtime": googleNotebooksRuntime, + "google_notebooks_runtime_iam_binding": googleNotebooksRuntimeIamBinding, + "google_notebooks_runtime_iam_member": googleNotebooksRuntimeIamMember, + "google_notebooks_runtime_iam_policy": googleNotebooksRuntimeIamPolicy, + "google_organization_iam_binding": googleOrganizationIamBinding, + "google_organization_iam_member": googleOrganizationIamMember, + "google_organization_iam_policy": googleOrganizationIamPolicy, + "google_os_config_guest_policies": googleOsConfigGuestPolicies, + "google_os_config_os_policy_assignment": googleOsConfigOsPolicyAssignment, + "google_os_config_patch_deployment": googleOsConfigPatchDeployment, + "google_os_config_v2_policy_orchestrator": googleOsConfigV2PolicyOrchestrator, + "google_os_config_v2_policy_orchestrator_for_folder": googleOsConfigV2PolicyOrchestratorForFolder, + "google_os_config_v2_policy_orchestrator_for_organization": googleOsConfigV2PolicyOrchestratorForOrganization, + "google_parallelstore_instance": googleParallelstoreInstance, + "google_privateca_ca_pool": googlePrivateCaPool, + "google_privateca_ca_pool_iam_binding": googlePrivateCaPoolIamBinding, + "google_privateca_ca_pool_iam_member": googlePrivateCaPoolIamMember, + "google_privateca_ca_pool_iam_policy": googlePrivateCaPoolIamPolicy, + "google_privateca_certificate": googlePrivatecaCertificate, + "google_privateca_certificate_authority": googlePrivatecaCertificateAuthority, + "google_privateca_certificate_template": googlePrivatecaCertificateTemplate, + "google_privateca_certificate_template_iam_binding": googlePrivatecaCertificateTemplateIamBinding, + "google_privateca_certificate_template_iam_member": googlePrivatecaCertificateTemplateIamMember, + "google_privateca_certificate_template_iam_policy": googlePrivatecaCertificateTemplateIamPolicy, + "google_privileged_access_manager_entitlement": googlePrivilegedAccessManagerEntitlement, + "google_project": gooleProject, + "google_project_access_approval_settings": googleProjectAccessApprovalSettings, + "google_project_default_service_accounts": googleProjectDefaultServiceAccounts, + "google_project_iam_audit_config": googleProjectIamAuditConfig, + "google_project_iam_binding": googleProjectIamBinding, + "google_project_iam_custom_role": googleProjectIamCustomRole, + "google_project_iam_member": googleProjectIamBinding, + "google_project_iam_member_remove": googleProjectIamMemberRemove, + "google_project_iam_policy": googleProjectIamPolicy, + "google_project_organization_policy": googleProjectOrganizationPolicy, + "google_project_service": googleProjectService, + "google_project_service_identity": placeholder, + "google_project_services": placeholder, + "google_project_usage_export_bucket": googleProjectUsageExportBucket, + "google_pubsub_lite_reservation": googlePubsubLiteReservation, + "google_pubsub_lite_subscription": googlePubsubLiteSubscription, + "google_pubsub_lite_topic": googlePubsubLiteTopic, + "google_pubsub_schema": googlePubsubSchema, + "google_pubsub_schema_iam_binding": googlePubsubSchemaIamBinding, + "google_pubsub_schema_iam_member": googlePubsubSchemaIamMember, + "google_pubsub_schema_iam_policy": googlePubsubSchemaIamPolicy, + "google_pubsub_subscription": googlePubsubSubscription, + "google_pubsub_subscription_iam_binding": googlePubsubSubscriptionIamBinding, + "google_pubsub_subscription_iam_member": googlePubsubSubscriptionIamMember, + "google_pubsub_subscription_iam_policy": googlePubsubSubscriptionIamPolicy, + "google_pubsub_topic": googlePubsubTopic, + "google_pubsub_topic_iam_binding": googlePubsubTopicIam, + "google_pubsub_topic_iam_member": googlePubsubTopicIam, + "google_pubsub_topic_iam_policy": googlePubsubTopicIam, + "google_redis_cluster": googleRedisCluster, + "google_redis_cluster_user_created_connections": googleRedisClusterUserCreatedConnections, + "google_redis_instance": googleRedisInstance, + "google_runtimeconfig_config": googleRuntimeconfigConfig, + "google_runtimeconfig_config_iam_binding": googleRuntimeconfigConfigIamBinding, + "google_runtimeconfig_config_iam_member": googleRuntimeconfigConfigIamMember, + "google_runtimeconfig_config_iam_policy": googleRuntimeconfigConfigIamPolicy, + "google_runtimeconfig_variable": googleRuntimeconfigVariable, + "google_scc_source_iam_binding": googleSccSourceIamBinding, + "google_scc_source_iam_member": googleSccSourceIamMember, + "google_scc_source_iam_policy": googleSccSourceIamPolicy, + "google_scc_v2_organization_source_iam_binding": googleSccV2OrganizationSourceIamBinding, + "google_scc_v2_organization_source_iam_member": googleSccV2OrganizationSourceIamMember, + "google_scc_v2_organization_source_iam_policy": googleSccV2OrganizationSourceIamPolicy, + "google_secret_manager_regional_secret": googleSecretManagerRegionalSecret, + "google_secret_manager_regional_secret_iam_binding": googleSecretManagerRegionalSecretsIamBinding, + "google_secret_manager_regional_secret_iam_member": googleSecretManagerRegionalSecretIamMember, + "google_secret_manager_regional_secret_iam_policy": googleSecretManagerRegionalSecretIamPolicy, + "google_secret_manager_regional_secret_version": googleSecretManagerRegionalSecretVersion, + "google_secret_manager_secret": googleSecretManagerSecret, + "google_secret_manager_secret_iam_binding": googleSecretManagerSecretIam, + "google_secret_manager_secret_iam_member": googleSecretManagerSecretIam, + "google_secret_manager_secret_iam_policy": googleSecretManagerSecretIam, + "google_secret_manager_secret_version": googleSecretManagerSecretVersion, + "google_secure_source_manager_branch_rule": googleSecureSourceManagerBranchRule, + "google_secure_source_manager_instance": googleSecureSourceManagerInstance, + "google_secure_source_manager_instance_iam_binding": googleSecureSourceManagerInstanceIamBinding, + "google_secure_source_manager_instance_iam_member": googleSecureSourceManagerInstanceIamMember, + "google_secure_source_manager_instance_iam_policy": googleSecureSourceManagerInstanceIamPolicy, + "google_secure_source_manager_repository": googleSecureSourceManagerRepository, + "google_secure_source_manager_repository_iam_binding": googleSecureSourceManagerRepositoryIamBinding, + "google_secure_source_manager_repository_iam_member": googleSecureSourceManagerRepositoryIamMember, + "google_secure_source_manager_repository_iam_policy": googleSecureSourceManagerRepositoryIamPolicy, + "google_service_account": googleServiceAccount, + "google_service_account_iam_binding": googleServiceAccountIamBinding, + "google_service_account_iam_member": googleServiceAccountIamMember, + "google_service_account_iam_policy": googleServiceAccountIamPolicy, + "google_service_account_key": googleServiceAccountKey, + "google_service_directory_endpoint": googleServiceDirectoryEndpoint, + "google_service_directory_namespace": googleServiceDirectoryNamespace, + "google_service_directory_namespace_iam_binding": googleServiceDirectoryNamespaceIamBinding, + "google_service_directory_namespace_iam_member": googleServiceDirectoryNamespaceIamMember, + "google_service_directory_namespace_iam_policy": googleServiceDirectoryNamespaceIamPolicy, + "google_service_directory_service": googleServiceDirectoryService, + "google_service_directory_service_iam_binding": googleServiceDirectoryServiceIamBinding, + "google_service_directory_service_iam_member": googleServiceDirectoryServiceIamMember, + "google_service_directory_service_iam_policy": googleServiceDirectoryServiceIamPolicy, + "google_service_networking_connection": googleServiceNetworkingConnection, + "google_site_verification_owner": placeholder, + "google_site_verification_web_resource": placeholder, + "google_sourcerepo_repository": googleSourcerepoRepository, + "google_sourcerepo_repository_iam_binding": googleSourcerepoRepositoryIamBinding, + "google_sourcerepo_repository_iam_member": googleSourcerepoRepositoryIamMember, + "google_sourcerepo_repository_iam_policy": googleSourcerepoRepositoryIamPolicy, + "google_spanner_backup_schedule": googleSpannerBackupSchedule, + "google_spanner_database": googleSpannerDatabase, + "google_spanner_database_iam_binding": googleSpannerDatabaseIam, + "google_spanner_database_iam_member": googleSpannerDatabaseIam, + "google_spanner_database_iam_policy": googleSpannerDatabaseIam, + "google_spanner_instance": googleSpannerInstance, + "google_spanner_instance_config": googleSpannerInstanceConfig, + "google_spanner_instance_iam_binding": googleSpannerInstanceIam, + "google_spanner_instance_iam_member": googleSpannerInstanceIam, + "google_spanner_instance_iam_policy": googleSpannerInstanceIam, + "google_spanner_instance_partition": googleSpannerInstancePartition, + "google_sql_database": googleSQLDatabase, + "google_sql_database_instance": googleSQLDatabaseInstance, + "google_sql_ssl_cert": googleSqlSslCert, + "google_sql_user": googleSQLUser, + "google_storage_bucket": googleStorageBucket, + "google_storage_bucket_access_control": googleStorageBucketAccessControl, + "google_storage_bucket_acl": googleStorageBucketACL, + "google_storage_bucket_iam_binding": googleStorageBucketIamBinding, + "google_storage_bucket_iam_member": googleStorageBucketIamMember, + "google_storage_bucket_iam_policy": googleStorageBucketIamPolicy, + "google_storage_bucket_object": googleStorageBucketObject, + "google_storage_control_folder_intelligence_config": googleStorageControlFolderIntelligenceConfig, + "google_storage_control_organization_intelligence_config": googleStorageControlOrganizationIntelligenceConfig, + "google_storage_control_project_intelligence_config": googleStorageControlProjectIntelligenceConfig, + "google_storage_default_object_access_control": googleStorageDefaultObjectAccessControl, + "google_storage_default_object_acl": googleStorageDefaultObjectACL, + "google_storage_hmac_key": googleStorageHmacKey, + "google_storage_insights_report_config": googleStorageInsightsReportConfig, + "google_storage_managed_folder_iam_binding": googleStorageManagedFolderIamBinding, + "google_storage_managed_folder_iam_member": googleStorageManagedFolderIamMember, + "google_storage_managed_folder_iam_policy": googleStorageManagedFolderIamPolicy, + "google_storage_object_access_control": googleStorageObjectAccessControl, + "google_tags_location_tag_binding": googleTagsLocationTagBinding, + "google_tags_tag_binding": googleTagsTagBinding, + "google_tags_tag_key": googleTagsTagKey, + "google_tags_tag_key_iam_binding": googleTagsTagKeyIamBinding, + "google_tags_tag_key_iam_member": googleTagsTagKeyIamMember, + "google_tags_tag_key_iam_policy": googleTagsTagKeyIamPolicy, + "google_tags_tag_value": googleTagsTagValue, + "google_tags_tag_value_iam_binding": googleTagsTagValueIamBinding, + "google_tags_tag_value_iam_member": googleTagsTagValueIamMember, + "google_tags_tag_value_iam_policy": googleTagsTagValueIamPolicy, + "google_tpu_node": googleTpuNode, + "google_tpu_v2_queued_resource": googleTpuV2QueuedResource, + "google_tpu_v2_vm": googleTpuV2Vm, + "google_transcoder_job": googleTranscoderJob, + "google_transcoder_job_template": googleTranscoderJobTemplate, + "google_vertex_ai_dataset": googleVertexAiDataset, + "google_vertex_ai_endpoint": googleVertexAiEndpoint, + "google_vertex_ai_endpoint_iam_binding": googleVertexAiEndpointIam, + "google_vertex_ai_endpoint_iam_member": googleVertexAiEndpointIam, + "google_vertex_ai_endpoint_iam_policy": googleVertexAiEndpointIam, + "google_vertex_ai_feature_group": googleVertexAiFeatureGroup, + "google_vertex_ai_feature_group_feature": googleVertexAiFeatureGroupFeature, + "google_vertex_ai_feature_group_iam_binding": googleVertexAIFeatureGroupIamBinding, + "google_vertex_ai_feature_group_iam_member": googleVertexAIFeatureGroupIamMember, + "google_vertex_ai_feature_group_iam_policy": googleVertexAIFeatureGroupIamPolicy, + "google_vertex_ai_feature_online_store": googleVertexAiFeatureOnlineStore, + "google_vertex_ai_feature_online_store_featureview": googleVertexAiFeatureOnlineStoreFeatureview, + "google_vertex_ai_feature_online_store_featureview_iam_binding": googleVertexAIFeatureOnlineStoreFeatureviewIamBinding, + "google_vertex_ai_feature_online_store_featureview_iam_member": googleVertexAIFeatureOnlineStoreFeatureviewIamMember, + "google_vertex_ai_feature_online_store_featureview_iam_policy": googleVertexAIFeatureOnlineStoreFeatureviewIamPolicy, + "google_vertex_ai_feature_online_store_iam_binding": googleVertexAIFeatureOnlineStoreIamBinding, + "google_vertex_ai_feature_online_store_iam_member": googleVertexAIFeatureOnlineStoreIamMember, + "google_vertex_ai_feature_online_store_iam_policy": googleVertexAIFeatureOnlineStoreIamPolicy, + "google_vertex_ai_featurestore": googleVertexAiFeaturestore, + "google_vertex_ai_featurestore_entitytype": googleVertexAiFeaturestoreEntitytype, + "google_vertex_ai_featurestore_entitytype_feature": googleVertexAiFeaturestoreEntitytypeFeature, + "google_vertex_ai_featurestore_entitytype_iam_binding": googleVertexAiFeaturestoreEntitytypeIam, + "google_vertex_ai_featurestore_entitytype_iam_member": googleVertexAiFeaturestoreEntitytypeIam, + "google_vertex_ai_featurestore_entitytype_iam_policy": googleVertexAiFeaturestoreEntitytypeIam, + "google_vertex_ai_featurestore_iam_binding": googleVertexAiFeaturestoreIam, + "google_vertex_ai_featurestore_iam_member": googleVertexAiFeaturestoreIam, + "google_vertex_ai_featurestore_iam_policy": googleVertexAiFeaturestoreIam, + "google_vertex_ai_index": googleVertexAiIndex, + "google_vertex_ai_index_endpoint": googleVertexAiIndexEndpoint, + "google_vertex_ai_metadata_store": googleVertexAiMetadataStore, + "google_vertex_ai_tensorboard": googleVertexAiTensorboard, + "google_vmwareengine_cluster": googleVmwareengineCluster, + "google_vmwareengine_external_access_rule": googleVmwareengineExternalAccessRule, + "google_vmwareengine_external_address": googleVmwareengineExternalAddress, + "google_vmwareengine_network": googleVmwareengineNetwork, + "google_vmwareengine_network_peering": googleVmwareengineNetworkPeering, + "google_vmwareengine_network_policy": googleVmwareengineNetworkPolicy, + "google_vmwareengine_private_cloud": googleVmwareenginePrivateCloud, + "google_vmwareengine_subnet": googleVmwareengineSubnet, + "google_workbench_instance_iam_binding": googleWorkbenchInstanceIamBinding, + "google_workbench_instance_iam_member": googleWorkbenchInstanceIamMember, + "google_workbench_instance_iam_policy": googleWorkbenchInstanceIamPolicy, + "google_workflows_workflow": googleWorkflowsWorkflow, + "google_workstations_workstation": googleWorkstationsWorkstation, + "google_workstations_workstation_cluster": googleWorkstationsWorkstationCluster, + "google_workstations_workstation_config": googleWorkstationsWorkstationConfig, + "google_workstations_workstation_config_iam_binding": googleWorkstationsWorkstationConfigIamBinding, + "google_workstations_workstation_config_iam_member": googleWorkstationsWorkstationConfigIamMember, + "google_workstations_workstation_config_iam_policy": googleWorkstationsWorkstationConfigIamPolicy, + "google_workstations_workstation_iam_binding": googleWorkstationsWorkstationIamBinding, + "google_workstations_workstation_iam_member": googleWorkstationsWorkstationIamMember, + "google_workstations_workstation_iam_policy": googleWorkstationsWorkstationIamPolicy, + "google_certificate_manager_dns_authorization": googleCertificateManagerDnsAuthorization, + "google_iap_web_region_forwarding_rule_service_iam_binding": googleIapWebRegionForwardingRuleServiceIamBinding, + "google_iap_web_region_forwarding_rule_service_iam_member": googleIapWebRegionForwardingRuleServiceIamMember, + "google_iap_web_region_forwarding_rule_service_iam_policy": googleIapWebRegionForwardingRuleServiceIamPolicy, + "google_iap_brand": placeholder, //being deprecated + "google_iap_client": placeholder, //being deprecated + "google_iap_settings": googleIapSettings, + "google_iap_tunnel_dest_group": googleIapTunnelDestGroup, + "google_iap_web_forwarding_rule_service_iam_binding": googleIapWebForwardingRuleServiceIamBinding, + "google_iap_web_forwarding_rule_service_iam_member": googleIapWebForwardingRuleServiceIamMember, + "google_iap_web_forwarding_rule_service_iam_policy": googleIapWebForwardingRuleServiceIamPolicy, + "google_gemini_code_repository_index": googleGeminiCodeRepositoryIndex, + "google_gemini_code_tools_setting": googleGeminiCodeToolsSetting, + "google_gemini_code_tools_setting_binding": googleGeminiCodeToolsSettingBinding, + "google_gemini_data_sharing_with_google_setting": googleGeminiDataSharingWithGoogleSetting, + "google_gemini_data_sharing_with_google_setting_binding": googleGeminiDataSharingWithGoogleSettingBinding, + "google_gemini_gemini_gcp_enablement_setting": googleGeminiGeminiGcpEnablementSetting, + "google_gemini_gemini_gcp_enablement_setting_binding": googleGeminiGeminiGcpEnablementSettingBinding, + "google_gemini_logging_setting": googleGeminiLoggingSetting, + "google_gemini_logging_setting_binding": googleGeminiLoggingSettingBinding, + "google_gemini_release_channel_setting": googleGeminiReleaseChannelSetting, + "google_gemini_release_channel_setting_binding": googleGeminiReleaseChannelSettingBinding, + "google_gemini_repository_group": googleGeminiRepositoryGroup, + "google_vertex_ai_cache_config": googleVertexAiCacheConfig, + "google_vertex_ai_deployment_resource_pool": googleVertexAiDeploymentResourcePool, + "google_vertex_ai_rag_engine_config": googleVertexAiRagEngineConfig, + "google_vertex_ai_reasoning_engine": googleVertexAiReasoningEngine, + "google_vpc_access_connector": googleVpcAccessConnector, + "google_workbench_instance": googleWorkbenchInstance, + "google_vertex_ai_endpoint_with_model_garden_deployment": googleVertexAiEndpointWithModelGardenDeployment, + "google_vertex_ai_index_endpoint_deployed_index": googleVertexAiIndexEndpointDeployedIndex, } diff --git a/src/gcp_datasource.go b/src/gcp_datasource.go index 35604ebc..56a9a275 100644 --- a/src/gcp_datasource.go +++ b/src/gcp_datasource.go @@ -20,249 +20,409 @@ func GetGCPDataPermissions(result ResourceV2) ([]string, error) { func GCPDataLookup(result string) interface{} { TFLookup := map[string]interface{}{ - "google_alloydb_locations": dataGoogleAlloydbLocations, - "google_alloydb_supported_database_flags": dataGoogleAlloydbSupportedDatabaseFlags, - "google_api_gateway_api_config_iam_policy": placeholder, - "google_api_gateway_api_iam_policy": placeholder, - "google_api_gateway_gateway_iam_policy": placeholder, - "google_apigee_environment_iam_policy": placeholder, - "google_app_engine_default_service_account": dataGoogleAppEngineDefaultServiceAccount, - "google_artifact_registry_repository": dataGoogleArtifactRegistryRepository, - "google_artifact_registry_repository_iam_policy": dataGoogleArtifactRegistryRepositoryIamPolicy, - "google_beyondcorp_app_connection": dataGoogleBeyondcorpAppConnection, - "google_beyondcorp_app_connector": dataGoogleBeyondcorpAppConnector, - "google_beyondcorp_app_gateway": dataGoogleBeyondcorpAppGateway, - "google_bigquery_analytics_hub_data_exchange_iam_policy": dataGoogleBigqueryHubDataExchangeIamPolicy, - "google_bigquery_analytics_hub_listing_iam_policy": dataGoogleBigqueryAnalyticsHubListingIamPolicy, - "google_bigquery_connection_iam_policy": placeholder, - "google_bigquery_datapolicy_data_policy_iam_policy": dataGoogleBigqueryDatapolicyDataPolicyIamPolicy, - "google_bigquery_dataset_iam_policy": placeholder, - "google_bigquery_default_service_account": dataGoogleBigqueryDefaultServiceAccount, - "google_bigquery_table_iam_policy": placeholder, - "google_bigtable_instance_iam_policy": dataGoogleBigtableInstanceIamPolicy, - "google_bigtable_table_iam_policy": placeholder, - "google_client_config": placeholder, - "google_client_openid_userinfo": placeholder, - "google_cloud_run_locations": dataGoogleCloudRunLocations, - "google_cloud_run_service": dataGoogleCloudRunService, - "google_cloud_run_service_iam_policy": dataGoogleCloudRunServiceIamPolicy, - "google_cloud_run_v2_job": dataGoogleCloudRunV2Job, - "google_cloud_run_v2_job_iam_policy": dataGoogleCloudRunV2JobIamPolicy, - "google_cloud_run_v2_service": dataGoogleCloudRunV2Service, - "google_cloud_run_v2_service_iam_policy": dataGoogleCloudRunV2ServiceIamPolicy, - "google_cloudfunctions2_function": dataGoogleCloudfunctionsFunction, - "google_cloudfunctions2_function_iam_policy": dataGoogleCloudfunctionsFunctionIamPolicy, - "google_cloudfunctions_function": dataGoogleCloudfunctionsFunction, - "google_cloudfunctions_function_iam_policy": dataGoogleCloudfunctionsFunctionIamPolicy, - "google_compute_address": dataGoogleComputeAddress, - "google_compute_addresses": dataGoogleComputeAddresses, - "google_compute_backend_bucket": dataGoogleComputeBackendBucket, - "google_compute_backend_bucket_iam_policy": dataGoogleComputeBackendBucketIamPolicy, - "google_compute_backend_service": dataGoogleComputeBackendService, - "google_compute_backend_service_iam_policy": dataGoogleComputeBackendServiceIamPolicy, - "google_compute_default_service_account": dataGoogleComputeDefaultServiceAccount, - "google_compute_disk": dataGoogleComputeDisk, - "google_compute_disk_iam_policy": dataGoogleComputeDiskIamPolicy, - "google_compute_forwarding_rule": dataGoogleComputeForwardingRule, - "google_compute_global_address": dataGoogleComputeGlobalAddress, - "google_compute_global_forwarding_rule": dataGoogleComputeGlobalForwardingRule, - "google_compute_ha_vpn_gateway": dataGoogleComputeHaVpnGateway, - "google_compute_health_check": dataGoogleComputeHealthCheck, - "google_compute_image": placeholder, - "google_compute_image_iam_policy": dataGoogleComputeImageIamPolicy, - "google_compute_instance": dataGoogleComputeInstance, - "google_compute_instance_group": dataGoogleComputeInstanceGroup, - "google_compute_instance_group_manager": dataGoogleComputeInstanceGroupManager, - "google_compute_instance_iam_policy": placeholder, - "google_compute_instance_serial_port": dataGoogleComputeInstanceSerialPort, - "google_compute_instance_template": dataGoogleComputeInstanceTemplate, - "google_compute_lb_ip_ranges": placeholder, - "google_compute_machine_image_iam_policy": dataGoogleComputeMachineImageIamPolicy, - "google_compute_network": dataGoogleComputeNetwork, - "google_compute_network_endpoint_group": dataGoogleComputeNetworkEndpointGroup, - "google_compute_network_peering": placeholder, - "google_compute_networks": dataGoogleComputeNetworks, - "google_compute_node_types": dataGoogleComputeNodeTypes, - "google_compute_region_backend_service_iam_policy": dataGoogleComputeRegionBackendServiceIamPolicy, - "google_compute_region_disk_iam_policy": dataGoogleComputeRegionDiskIamPolicy, - "google_compute_region_instance_group": dataGoogleComputeRegionInstanceGroup, - "google_compute_region_instance_template": dataGoogleComputeRegionInstanceTemplate, - "google_compute_region_network_endpoint_group": dataGoogleComputeRegionNetworkEndpointGroup, - "google_compute_region_ssl_certificate": placeholder, - "google_compute_regions": dataGoogleComputeRegions, - "google_compute_resource_policy": dataGoogleComputeResourcePolicy, - "google_compute_router": dataGoogleComputeRouter, - "google_compute_router_nat": dataGoogleComputeRouterNat, - "google_compute_router_status": dataGoogleComputeRouterStatus, - "google_compute_snapshot": dataGoogleComputeSnapshot, - "google_compute_snapshot_iam_policy": dataGoogleComputeSnapshotIamPolicy, - "google_compute_ssl_certificate": dataGoogleComputeSslCertificate, - "google_compute_ssl_policy": dataGoogleComputeSslPolicy, - "google_compute_subnetwork": dataGoogleComputeSubnetwork, - "google_compute_subnetwork_iam_policy": dataGoogleComputeSubnetworkIamPolicy, - "google_compute_vpn_gateway": dataGoogleComputeVpnGateway, - "google_compute_zones": dataGoogleComputeZones, - "google_container_analysis_note_iam_policy": dataGoogleContainerAnalysisNoteIamPolicy, - "google_container_cluster": dataGoogleContainerCluster, - "google_container_engine_versions": placeholder, - "google_container_registry_image": placeholder, - "google_container_registry_repository": placeholder, - "google_dns_keys": dataGoogleDNSKeys, - "google_dns_managed_zone": dataGoogleDNSManagedZone, - "google_dns_managed_zone_iam_policy": dataGoogleDNSManagedZoneIamPolicy, - "google_dns_record_set": dataGoogleDNSRecordSet, - "google_gke_backup_backup_plan_iam_policy": dataGoogleGkeBackupBackupPlanIamPolicy, - "google_gke_backup_restore_plan_iam_policy": dataGoogleGkeBackupRestorePlanIamPolicy, - "google_gke_hub_feature_iam_policy": dataGoogleGkeHubFeatureIamPolicy, - "google_gke_hub_membership_iam_policy": dataGoogleGkeHubMembershipIamPolicy, - "google_gke_hub_scope_iam_policy": dataGoogleGkeHubScopeIamPolicy, - "google_iam_policy": placeholder, - "google_iam_role": placeholder, - "google_kms_crypto_key": dataGoogleKmsCryptoKey, - "google_kms_crypto_key_iam_policy": dataGoogleKmsCryptoKeyIamPolicy, - "google_kms_crypto_key_version": dataGoogleKmsCryptoKeyVersion, - "google_kms_key_ring": dataGoogleKmsKeyRing, - "google_kms_key_ring_iam_policy": dataGoogleKmsKeyRingIamPolicy, - "google_kms_secret": dataGoogleKmsSecret, - "google_kms_secret_asymmetric": dataGoogleKmsSecretAsymnetric, - "google_kms_secret_ciphertext": placeholder, - "google_project": dataGoogleProject, - "google_project_service": dataGoogleProjectService, - "google_projects": placeholder, - "google_pubsub_subscription": dataGooglePubsubSubscription, - "google_pubsub_subscription_iam_policy": dataGooglePubsubSubscriptionIamPolicy, - "google_pubsub_topic": dataGooglePubsubTopic, - "google_pubsub_topic_iam_policy": dataGooglePubsubTopicIamPolicy, - "google_redis_instance": dataGoogleRedisInstance, - "google_secret_manager_secret": dataGoogleSecretManagerSecret, - "google_secret_manager_secret_iam_policy": dataGoogleSecretManagerSecretIamPolicy, - "google_secret_manager_secret_version": dataGoogleSecretManagerSecretVersion, - "google_secret_manager_secret_version_access": dataGoogleManagerSecretVersionAccess, - "google_service_account": dataGoogleServiceAccount, - "google_service_account_access_token": dataGoogleServiceAccountAccessToken, - "google_service_account_iam_policy": dataGoogleServiceAccountIamPolicy, - "google_service_account_id_token": placeholder, - "google_service_account_jwt": dataGoogleServiceAccountJwt, - "google_service_account_key": dataGoogleServiceAccountKey, - "google_sourcerepo_repository": dataGoogleSourcerepoRepository, - "google_sourcerepo_repository_iam_policy": dataGoogleSourcerepoRepositoryIamPolicy, - "google_spanner_database_iam_policy": dataGoogleSpannerDatabaseIamPolicy, - "google_spanner_instance": dataGoogleSpannerInstance, - "google_spanner_instance_iam_policy": dataGoogleSpannerInstanceIamPolicy, - "google_sql_database": dataGoogleSQLDatabase, - "google_sql_database_instance": dataGoogleSQLDatabaseInstance, - "google_sql_database_instances": dataGoogleSQLDatabaseInstances, - "google_sql_databases": dataGoogleSQLDatabases, - "google_sql_tiers": placeholder, - "google_storage_bucket": dataGoogleStorageBucket, - "google_storage_bucket_iam_policy": dataGoogleStorageBucketIamPolicy, - "google_storage_bucket_object": dataGoogleStorageBucketObject, - "google_storage_bucket_object_content": dataGoogleStorageBucketObjectContent, - "google_storage_object_signed_url": placeholder, - "google_storage_project_service_account": dataGoogleStorageProjectServiceAccount, - "google_storage_transfer_project_service_account": dataGoogleStorageTransferProjectServiceAccount, - "google_vertex_ai_featurestore_entitytype_iam_policy": dataGoogleVertexAiFeaturestoreEntitytypeIamPolicy, - "google_vertex_ai_featurestore_iam_policy": dataGoogleVertexAiFeaturestoreIamPolicy, - "google_cloudbuild_trigger": dataGoogleCloudbuildTrigger, - "google_cloudbuildv2_connection_iam_policy": dataGoogleCloudbuildv2ConnectionIamPolicy, - "google_monitoring_istio_canonical_service": dataGoogleMonitoringIstioCanonicalService, - "google_monitoring_mesh_istio_service": dataGoogleMonitoringMeshIstioService, - "google_monitoring_notification_channel": dataGoogleMonitoringNotificationChannel, - "google_monitoring_uptime_check_ips": placeholder, - "google_tpu_tensorflow_versions": dataGoogleTpuTensorflowVersions, - "google_tpu_v2_accelerator_types": dataGoogleTpuV2AcceleratorTypes, - "google_tpu_v2_runtime_versions": dataGoogleTpuV2RuntimeVersions, - "google_vmwareengine_cluster": placeholder, - "google_vmwareengine_network": dataGoogleVmwareengineNetwork, - "google_vmwareengine_private_cloud": dataGoogleVmwareenginePrivateCloud, - "google_vpc_access_connector": dataGoogleVpcAccessConnector, - "google_workstations_workstation_config_iam_policy": dataGoogleWorkstationsWorkstationConfigIamPolicy, - "google_workstations_workstation_iam_policy": dataGoogleWorkstationsWorkstationIamPolicy, - "google_netblock_ip_ranges": placeholder, - "google_notebooks_instance_iam_policy": dataGoogleNotebooksInstanceIamPolicy, - "google_notebooks_runtime_iam_policy": dataGoogleNotebooksRuntimeIamPolicy, - "google_organization": placeholder, - "google_secret_manager_secrets": dataGoogleSecretManagerSecrets, - "google_tags_tag_key": dataGoogleTagsTagKey, - "google_access_approval_folder_service_account": placeholder, - "google_access_approval_organization_service_account": placeholder, - "google_access_approval_project_service_account": placeholder, - "google_access_context_manager_access_policy_iam_policy": placeholder, - "google_active_folder": placeholder, - "google_bigquery_dataset": placeholder, - "google_billing_account_iam_policy": placeholder, - "google_binary_authorization_attestor_iam_policy": dataGoogleBinaryAuthorizationAttestorIamPolicy, - "google_certificate_manager_certificate_map": dataGoogleCertificateManagerCertificateMap, - "google_cloud_identity_group_lookup": placeholder, - "google_cloud_identity_group_memberships": placeholder, - "google_cloud_identity_groups": placeholder, - "google_cloud_tasks_queue_iam_policy": dataGoogleCloudTasksQueueIamPolicy, - "google_composer_environment": dataGoogleComposerEnvironment, - "google_composer_image_versions": dataGoogleComposerImageVersions, - "google_container_attached_versions": dataGoogleContainerAttachedVersions, - "google_data_catalog_entry_group_iam_policy": placeholder, - "google_data_catalog_policy_tag_iam_policy": placeholder, - "google_data_catalog_tag_template_iam_policy": placeholder, - "google_data_fusion_instance_iam_policy": dataGoogleDataFusionInstanceIamPolicy, - "google_dataplex_asset_iam_policy": dataGoogleDataplexAssetIamPolicy, - "google_dataplex_datascan_iam_policy": dataGoogleDataplexDatascanIamPolicy, - "google_dataplex_lake_iam_policy": dataGoogleDataplexLakeIamPolicy, - "google_dataplex_task_iam_policy": dataGoogleDataplexTaskIamPolicy, - "google_dataplex_zone_iam_policy": dataGoogleDataplexZoneIamPolicy, - "google_dataproc_autoscaling_policy_iam_policy": placeholder, - "google_dataproc_cluster_iam_policy": placeholder, - "google_dataproc_job_iam_policy": placeholder, - "google_dataproc_metastore_federation_iam_policy": dataGoogleDataprocMetaStoreFederationIamPolicy, - "google_dataproc_metastore_service": dataGoogleDataprocMetastoreService, - "google_dataproc_metastore_service_iam_policy": dataGoogleDataprocMetastoreServiceIamPolicy, - "google_datastream_static_ips": dataGoogleDataStreamStaticIps, - "google_endpoints_service_consumers_iam_policy": placeholder, - "google_folder_organization_policy": placeholder, - "google_healthcare_consent_store_iam_policy": dataGoogleHealthcareConsentStoreIamPolicy, - "google_healthcare_dataset_iam_policy": dataGoogleHealthcareDatasetStoreIamPolicy, - "google_healthcare_dicom_store_iam_policy": dataGoogleHealthcareDicomStoreIamPolicy, - "google_healthcare_fhir_store_iam_policy": dataGoogleHealthcareFhirStoreIamPolicy, - "google_healthcare_hl7_v2_store_iam_policy": dataGoogleHealthcareHl7V2StoreIamPolicy, - "google_iam_workload_identity_pool": dataGoogleIamWorkloadIdentityPool, - "google_iam_workload_identity_pool_provider": dataGoogleIamWorkloadIdentityPoolProvider, - "google_iap_app_engine_service_iam_policy": dataGoogleIapAppEngineServiceIamPolicy, - "google_iap_app_engine_version_iam_policy": dataGoogleIapAppEngineVersionIamPolicy, - "google_iap_client": placeholder, - "google_iap_tunnel_iam_policy": dataGoogleIapTunnelIamPolicy, - "google_iap_tunnel_instance_iam_policy": dataGoogleIapTunnelInstanceIamPolicy, - "google_iap_web_backend_service_iam_policy": dataGoogleIapWebBackendServiceIamPolicy, - "google_iap_web_iam_policy": dataGoogleIapWebIamPolicy, - "google_iap_web_region_backend_service_iam_policy": dataGoogleIapWebRegionBackendServiceIamPolicy, - "google_iap_web_type_app_engine_iam_policy": dataGoogleIapWebTypeAppEngineIamPolicy, - "google_iap_web_type_compute_iam_policy": dataGoogleIapWebTypeComputeIamPolicy, - "google_logging_project_cmek_settings": dataGoogleLoggingProjectCmekSettings, - "google_monitoring_app_engine_service": dataGoogleMonitoringAppEngineService, - "google_monitoring_cluster_istio_service": dataGoogleMonitoringClusterIstioService, - "google_vmwareengine_network_policy": dataGoogleVmwareengineNetworkPolicy, - "google_vmwareengine_network_peering": dataGoogleVmwareengineNetworkPeering, - "google_vertex_ai_endpoint_iam_policy": dataGoogleVertexAiEndpointIamPolicy, - "google_vmwareengine_external_address": dataGoogleVmwareengineExternalAddress, - "google_vmwareengine_nsx_credentials": dataGoogleVmwareengineNsxCredentials, - "google_vmwareengine_subnet": dataGoogleVmwareengineSubnet, - "google_vmwareengine_vcenter_credentials": dataGoogleVmwareengineVcenterCredentials, - "google_workbench_instance_iam_policy": dataGoogleWorkbenchInstanceIamPolicy, - "google_vmwareengine_external_access_rule": placeholder, - "google_compute_region_disk": dataGoogleComputeRegionDisk, - "google_compute_reservation": dataGoogleComputeReservation, - "google_filestore_instance": dataGoogleFilestoreInstance, - "google_logging_project_settings": dataGoogleLoggingProjectSettings, - "google_billing_account": placeholder, - "google_logging_folder_settings": placeholder, - "google_logging_organization_settings": placeholder, - "google_network_security_address_group_iam_policy": dataGoogleSecurityAddressGroupIamPolicy, - "google_service_directory_namespace_iam_policy": dataGoogleServiceDirectoryNamespaceIamPolicy, - "google_service_directory_service_iam_policy": dataGoogleServiceDirectoryServiceIamPolicy, - "google_sql_backup_run": dataGoogleSQLBackupRun, - "google_sql_ca_certs": placeholder, - "google_sql_database_instance_latest_recovery_time": dataGoogleSQLDatabaseInstanceLatestRecoveryTime, - "google_data_catalog_taxonomy_iam_policy": dataGoogleDataCatalogTaxonomyIamPolicy, - "google_dataform_repository_iam_policy": dataGoogleDataformRepositoryIamPolicy, - "google_endpoints_service_iam_policy": dataGoogleEndpointsServiceIamPolicy, + "google_access_approval_folder_service_account": placeholder, + "google_access_approval_organization_service_account": placeholder, + "google_access_approval_project_service_account": placeholder, + "google_access_context_manager_access_policy_iam_policy": placeholder, + "google_active_folder": placeholder, + "google_alloydb_cluster": dataGoogleAlloydbCluster, + "google_alloydb_instance": dataGoogleAlloydbInstance, + "google_alloydb_locations": dataGoogleAlloydbLocations, + "google_alloydb_supported_database_flags": dataGoogleAlloydbSupportedDatabaseFlags, + "google_api_gateway_api_config_iam_policy": placeholder, + "google_api_gateway_api_iam_policy": placeholder, + "google_api_gateway_gateway_iam_policy": placeholder, + "google_apigee_environment_iam_policy": placeholder, + "google_app_engine_default_service_account": dataGoogleAppEngineDefaultServiceAccount, + "google_apphub_application": dataGoogleApphubApplication, + "google_apphub_discovered_service": dataGoogleApphubDiscoveredService, + "google_apphub_discovered_workload": dataGoogleApphubDiscoveredWorkload, + "google_artifact_registry_docker_image": dataGoogleArtifactRegistryDockerImage, + "google_artifact_registry_locations": dataGoogleArtifactRegistryLocations, + "google_artifact_registry_repository": dataGoogleArtifactRegistryRepository, + "google_artifact_registry_repository_iam_policy": dataGoogleArtifactRegistryRepositoryIamPolicy, + "google_backup_dr_backup": dataGoogleBackupDrBackup, + "google_backup_dr_backup_plan_association": dataGoogleBackupDrPlanAssociation, + "google_backup_dr_backup_vault": dataGoogleBackupDrBackupVault, + "google_backup_dr_data_source": dataGoogleBackupDrDataSource, + "google_beyondcorp_app_connection": dataGoogleBeyondcorpAppConnection, + "google_beyondcorp_app_connector": dataGoogleBeyondcorpAppConnector, + "google_beyondcorp_app_gateway": dataGoogleBeyondcorpAppGateway, + "google_beyondcorp_application_iam_policy": dataGoogleBeyondcorpApplicationIamPolicy, + "google_beyondcorp_security_gateway": dataGoogleBeyondcorpSecurityGateway, + "google_beyondcorp_security_gateway_application_iam_policy": dataGoogleBeyondcorpSecurityGatewayApplicationIamPolicy, + "google_beyondcorp_security_gateway_iam_policy": dataGoogleBeyondcorpSecurityGatewayIamPolicy, + "google_bigquery_analytics_hub_data_exchange_iam_policy": dataGoogleBigqueryHubDataExchangeIamPolicy, + "google_bigquery_analytics_hub_listing_iam_policy": dataGoogleBigqueryAnalyticsHubListingIamPolicy, + "google_bigquery_connection_iam_policy": placeholder, + "google_bigquery_datapolicy_data_policy_iam_policy": dataGoogleBigqueryDatapolicyDataPolicyIamPolicy, + "google_bigquery_dataset": placeholder, + "google_bigquery_dataset_iam_policy": placeholder, + "google_bigquery_datasets": placeholder, + "google_bigquery_default_service_account": dataGoogleBigqueryDefaultServiceAccount, + "google_bigquery_table": placeholder, + "google_bigquery_table_iam_policy": placeholder, + "google_bigquery_tables": placeholder, + "google_bigtable_instance_iam_policy": dataGoogleBigtableInstanceIamPolicy, + "google_bigtable_table_iam_policy": placeholder, + "google_billing_account": placeholder, + "google_billing_account_iam_policy": placeholder, + "google_binary_authorization_attestor_iam_policy": dataGoogleBinaryAuthorizationAttestorIamPolicy, + "google_certificate_manager_certificate_map": dataGoogleCertificateManagerCertificateMap, + "google_certificate_manager_certificates": dataGoogleCertificateManagerCertificates, + "google_client_config": placeholder, + "google_client_openid_userinfo": placeholder, + "google_cloud_identity_group_lookup": placeholder, + "google_cloud_identity_group_memberships": placeholder, + "google_cloud_identity_groups": placeholder, + "google_cloud_quotas_quota_info": placeholder, + "google_cloud_quotas_quota_infos": placeholder, + "google_cloud_run_locations": dataGoogleCloudRunLocations, + "google_cloud_run_service": dataGoogleCloudRunService, + "google_cloud_run_service_iam_policy": dataGoogleCloudRunServiceIamPolicy, + "google_cloud_run_v2_job": dataGoogleCloudRunV2Job, + "google_cloud_run_v2_job_iam_policy": dataGoogleCloudRunV2JobIamPolicy, + "google_cloud_run_v2_service": dataGoogleCloudRunV2Service, + "google_cloud_run_v2_service_iam_policy": dataGoogleCloudRunV2ServiceIamPolicy, + "google_cloud_run_v2_worker_pool": dataGoogleCloudRunV2WorkerPool, + "google_cloud_run_v2_worker_pool_iam_policy": dataGoogleCloudRunWorkerPoolIamPolicy, + "google_cloud_tasks_queue_iam_policy": dataGoogleCloudTasksQueueIamPolicy, + "google_cloudbuild_trigger": dataGoogleCloudbuildTrigger, + "google_cloudbuildv2_connection_iam_policy": dataGoogleCloudbuildv2ConnectionIamPolicy, + "google_clouddeploy_custom_target_type_iam_policy": dataGoogleClouddeployCustomTargetTypeIamPolicy, + "google_clouddeploy_delivery_pipeline_iam_policy": dataGoogleClouddeployDeliveryPipelineIamPolicy, + "google_clouddeploy_target_iam_policy": dataGoogleClouddeployTargetIamPolicy, + "google_cloudfunctions2_function": dataGoogleCloudfunctionsFunction, + "google_cloudfunctions2_function_iam_policy": dataGoogleCloudfunctionsFunctionIamPolicy, + "google_cloudfunctions_function": dataGoogleCloudfunctionsFunction, + "google_cloudfunctions_function_iam_policy": dataGoogleCloudfunctionsFunctionIamPolicy, + "google_colab_runtime_template_iam_policy": dataGoogleColabRuntimeTemplateIamPolicy, + "google_composer_environment": dataGoogleComposerEnvironment, + "google_composer_image_versions": dataGoogleComposerImageVersions, + "google_composer_user_workloads_config_map": dataGoogleComposerUserWorkloadsConfigMap, + "google_composer_user_workloads_secret": dataGoogleComposerUserWorkloadsSecret, + "google_compute_address": dataGoogleComputeAddress, + "google_compute_addresses": dataGoogleComputeAddresses, + "google_compute_backend_bucket": dataGoogleComputeBackendBucket, + "google_compute_backend_bucket_iam_policy": dataGoogleComputeBackendBucketIamPolicy, + "google_compute_backend_service": dataGoogleComputeBackendService, + "google_compute_backend_service_iam_policy": dataGoogleComputeBackendServiceIamPolicy, + "google_compute_default_service_account": dataGoogleComputeDefaultServiceAccount, + "google_compute_disk": dataGoogleComputeDisk, + "google_compute_disk_iam_policy": dataGoogleComputeDiskIamPolicy, + "google_compute_forwarding_rule": dataGoogleComputeForwardingRule, + "google_compute_forwarding_rules": dataGoogleComputeForwardingRules, + "google_compute_global_address": dataGoogleComputeGlobalAddress, + "google_compute_global_forwarding_rule": dataGoogleComputeGlobalForwardingRule, + "google_compute_ha_vpn_gateway": dataGoogleComputeHaVpnGateway, + "google_compute_health_check": dataGoogleComputeHealthCheck, + "google_compute_image": placeholder, + "google_compute_image_iam_policy": dataGoogleComputeImageIamPolicy, + "google_compute_images": dataGoogleComputeImages, + "google_compute_instance": dataGoogleComputeInstance, + "google_compute_instance_group": dataGoogleComputeInstanceGroup, + "google_compute_instance_group_manager": dataGoogleComputeInstanceGroupManager, + "google_compute_instance_guest_attributes": dataGoogleComputeInstanceGuestAttributes, + "google_compute_instance_iam_policy": placeholder, + "google_compute_instance_serial_port": dataGoogleComputeInstanceSerialPort, + "google_compute_instance_template": dataGoogleComputeInstanceTemplate, + "google_compute_instance_template_iam_policy": dataGoogleComputeInstanceTemplateIamPolicy, + "google_compute_instant_snapshot_iam_policy": dataGoogleComputeInstantSnapshotIamPolicy, + "google_compute_lb_ip_ranges": placeholder, + "google_compute_machine_image_iam_policy": dataGoogleComputeMachineImageIamPolicy, + "google_compute_machine_types": dataGoogleComputeMachineTypes, + "google_compute_network": dataGoogleComputeNetwork, + "google_compute_network_endpoint_group": dataGoogleComputeNetworkEndpointGroup, + "google_compute_network_peering": placeholder, + "google_compute_networks": dataGoogleComputeNetworks, + "google_compute_node_types": dataGoogleComputeNodeTypes, + "google_compute_region_backend_service": dataGoogleComputeRegionBackendService, + "google_compute_region_backend_service_iam_policy": dataGoogleComputeRegionBackendServiceIamPolicy, + "google_compute_region_disk": dataGoogleComputeRegionDisk, + "google_compute_region_disk_iam_policy": dataGoogleComputeRegionDiskIamPolicy, + "google_compute_region_instance_group": dataGoogleComputeRegionInstanceGroup, + "google_compute_region_instance_group_manager": dataGoogleComputeRegionInstanceGroupManager, + "google_compute_region_instance_template": dataGoogleComputeRegionInstanceTemplate, + "google_compute_region_network_endpoint_group": dataGoogleComputeRegionNetworkEndpointGroup, + "google_compute_region_ssl_certificate": placeholder, + "google_compute_regions": dataGoogleComputeRegions, + "google_compute_reservation": dataGoogleComputeReservation, + "google_compute_resource_policy": dataGoogleComputeResourcePolicy, + "google_compute_router": dataGoogleComputeRouter, + "google_compute_router_nat": dataGoogleComputeRouterNat, + "google_compute_router_status": dataGoogleComputeRouterStatus, + "google_compute_security_policy": dataGoogleComputeSecurityPolicy, + "google_compute_snapshot": dataGoogleComputeSnapshot, + "google_compute_snapshot_iam_policy": dataGoogleComputeSnapshotIamPolicy, + "google_compute_ssl_certificate": dataGoogleComputeSslCertificate, + "google_compute_ssl_policy": dataGoogleComputeSslPolicy, + "google_compute_storage_pool_iam_policy": dataGoogleComputeStoragePoolIamPolicy, + "google_compute_storage_pool_types": dataGoogleComputeStoragePoolTypes, + "google_compute_subnetwork": dataGoogleComputeSubnetwork, + "google_compute_subnetwork_iam_policy": dataGoogleComputeSubnetworkIamPolicy, + "google_compute_subnetworks": dataGoogleComputeSubnetworks, + "google_compute_vpn_gateway": dataGoogleComputeVpnGateway, + "google_compute_zones": dataGoogleComputeZones, + "google_container_analysis_note_iam_policy": dataGoogleContainerAnalysisNoteIamPolicy, + "google_container_attached_install_manifest": dataGoogleContainerAttachedInstallManifest, + "google_container_attached_versions": dataGoogleContainerAttachedVersions, + "google_container_aws_versions": dataGoogleContainerAwsVersions, + "google_container_azure_versions": dataGoogleContainerAzureVersions, + "google_container_cluster": dataGoogleContainerCluster, + "google_container_engine_versions": placeholder, + "google_container_registry_image": placeholder, + "google_container_registry_repository": placeholder, + "google_data_catalog_entry_group_iam_policy": placeholder, + "google_data_catalog_policy_tag_iam_policy": placeholder, + "google_data_catalog_tag_template_iam_policy": placeholder, + "google_data_catalog_taxonomy_iam_policy": dataGoogleDataCatalogTaxonomyIamPolicy, + "google_data_fusion_instance_iam_policy": dataGoogleDataFusionInstanceIamPolicy, + "google_dataform_repository_iam_policy": dataGoogleDataformRepositoryIamPolicy, + "google_dataplex_aspect_type_iam_policy": dataGoogleDataplexAspectTypeIamPolicy, + "google_dataplex_asset_iam_policy": dataGoogleDataplexAssetIamPolicy, + "google_dataplex_datascan_iam_policy": dataGoogleDataplexDatascanIamPolicy, + "google_dataplex_entry_group_iam_policy": dataGoogleDataplexEntryGroupIamPolicy, + "google_dataplex_entry_type_iam_policy": dataGoogleDataplexEntryTypeIamPolicy, + "google_dataplex_glossary_iam_policy": dataGoogleDataplexGlossaryIamPolicy, + "google_dataplex_lake_iam_policy": dataGoogleDataplexLakeIamPolicy, + "google_dataplex_task_iam_policy": dataGoogleDataplexTaskIamPolicy, + "google_dataplex_zone_iam_policy": dataGoogleDataplexZoneIamPolicy, + "google_dataproc_autoscaling_policy_iam_policy": placeholder, + "google_dataproc_cluster_iam_policy": placeholder, + "google_dataproc_job_iam_policy": placeholder, + "google_dataproc_metastore_database_iam_policy": dataGoogleDataprocMetastoreDatabaseIamPolicy, + "google_dataproc_metastore_federation_iam_policy": dataGoogleDataprocMetaStoreFederationIamPolicy, + "google_dataproc_metastore_service": dataGoogleDataprocMetastoreService, + "google_dataproc_metastore_service_iam_policy": dataGoogleDataprocMetastoreServiceIamPolicy, + "google_dataproc_metastore_table_iam_policy": dataGoogleDataprocMetastoreTableIamPolicy, + "google_datastream_static_ips": dataGoogleDataStreamStaticIps, + "google_dns_keys": dataGoogleDNSKeys, + "google_dns_managed_zone": dataGoogleDNSManagedZone, + "google_dns_managed_zones": dataGoogleDNSManagedZones, + "google_dns_managed_zone_iam_policy": dataGoogleDNSManagedZoneIamPolicy, + "google_dns_record_set": dataGoogleDNSRecordSet, + "google_endpoints_service_consumers_iam_policy": placeholder, + "google_endpoints_service_iam_policy": dataGoogleEndpointsServiceIamPolicy, + "google_filestore_instance": dataGoogleFilestoreInstance, + "google_folder": dataGoogleFolder, + "google_folder_iam_policy": dataGoogleFolderIamPolicy, + "google_folder_organization_policy": placeholder, + "google_folders": dataGoogleFolders, + "google_gemini_repository_group_iam_policy": dataGoogleGeminiRepositoryGroupIamPolicy, + "google_gke_backup_backup_plan_iam_policy": dataGoogleGkeBackupBackupPlanIamPolicy, + "google_gke_backup_restore_plan_iam_policy": dataGoogleGkeBackupRestorePlanIamPolicy, + "google_gke_hub_feature": dataGoogleGkeHubFeature, + "google_gke_hub_feature_iam_policy": dataGoogleGkeHubFeatureIamPolicy, + "google_gke_hub_membership": dataGoogleGkeHubMembership, + "google_gke_hub_membership_iam_policy": dataGoogleGkeHubMembershipIamPolicy, + "google_gke_hub_scope_iam_policy": dataGoogleGkeHubScopeIamPolicy, + "google_healthcare_consent_store_iam_policy": dataGoogleHealthcareConsentStoreIamPolicy, + "google_healthcare_dataset_iam_policy": dataGoogleHealthcareDatasetStoreIamPolicy, + "google_healthcare_dicom_store_iam_policy": dataGoogleHealthcareDicomStoreIamPolicy, + "google_healthcare_fhir_store_iam_policy": dataGoogleHealthcareFhirStoreIamPolicy, + "google_healthcare_hl7_v2_store_iam_policy": dataGoogleHealthcareHl7V2StoreIamPolicy, + "google_iam_policy": placeholder, + "google_iam_role": placeholder, + "google_iam_workload_identity_pool": dataGoogleIamWorkloadIdentityPool, + "google_iam_workload_identity_pool_iam_policy": dataGoogleIamWorkloadIdentityPoolIamPolicy, + "google_iam_workload_identity_pool_provider": dataGoogleIamWorkloadIdentityPoolProvider, + "google_iap_app_engine_service_iam_policy": dataGoogleIapAppEngineServiceIamPolicy, + "google_iap_app_engine_version_iam_policy": dataGoogleIapAppEngineVersionIamPolicy, + "google_iap_client": placeholder, + "google_iap_tunnel_dest_group_iam_policy": dataGoogleIapTunnelDestGroupIamPolicy, + "google_iap_tunnel_iam_policy": dataGoogleIapTunnelIamPolicy, + "google_iap_tunnel_instance_iam_policy": dataGoogleIapTunnelInstanceIamPolicy, + "google_iap_web_backend_service_iam_policy": dataGoogleIapWebBackendServiceIamPolicy, + "google_iap_web_cloud_run_service_iam_policy": dataGoogleIapWebCloudRunServiceIamPolicy, + "google_iap_web_iam_policy": dataGoogleIapWebIamPolicy, + "google_iap_web_region_backend_service_iam_policy": dataGoogleIapWebRegionBackendServiceIamPolicy, + "google_iap_web_type_app_engine_iam_policy": dataGoogleIapWebTypeAppEngineIamPolicy, + "google_iap_web_type_compute_iam_policy": dataGoogleIapWebTypeComputeIamPolicy, + "google_kms_autokey_config": placeholder, + "google_kms_crypto_key": dataGoogleKmsCryptoKey, + "google_kms_crypto_key_iam_policy": dataGoogleKmsCryptoKeyIamPolicy, + "google_kms_crypto_key_latest_version": placeholder, + "google_kms_crypto_key_version": dataGoogleKmsCryptoKeyVersion, + "google_kms_crypto_key_versions": placeholder, + "google_kms_crypto_keys": placeholder, + "google_kms_ekm_connection_iam_policy": dataGoogleEkmConnectionIamPolicy, + "google_kms_key_handle": dataGoogleKmsKeyHandle, + "google_kms_key_handles": dataGoogleKmsKeyHandles, + "google_kms_key_ring": dataGoogleKmsKeyRing, + "google_kms_key_ring_iam_policy": dataGoogleKmsKeyRingIamPolicy, + "google_kms_key_rings": dataGoogleKmsKeyRings, + "google_kms_secret": dataGoogleKmsSecret, + "google_kms_secret_asymmetric": dataGoogleKmsSecretAsymnetric, + "google_kms_secret_ciphertext": placeholder, + "google_logging_folder_settings": placeholder, + "google_logging_log_view_iam_policy": placeholder, + "google_logging_organization_settings": placeholder, + "google_logging_project_cmek_settings": dataGoogleLoggingProjectCmekSettings, + "google_logging_project_settings": dataGoogleLoggingProjectSettings, + "google_lustre_instance": dataGoogleLustreInstance, + "google_memcache_instance": dataGoogleMemcacheInstance, + "google_memorystore_instance": dataGoogleMemorystoreInstance, + "google_monitoring_app_engine_service": dataGoogleMonitoringAppEngineService, + "google_monitoring_cluster_istio_service": dataGoogleMonitoringClusterIstioService, + "google_monitoring_istio_canonical_service": dataGoogleMonitoringIstioCanonicalService, + "google_monitoring_mesh_istio_service": dataGoogleMonitoringMeshIstioService, + "google_monitoring_notification_channel": dataGoogleMonitoringNotificationChannel, + "google_monitoring_uptime_check_ips": placeholder, + "google_netblock_ip_ranges": placeholder, + "google_network_security_address_group_iam_policy": dataGoogleSecurityAddressGroupIamPolicy, + "google_notebooks_instance_iam_policy": dataGoogleNotebooksInstanceIamPolicy, + "google_notebooks_runtime_iam_policy": dataGoogleNotebooksRuntimeIamPolicy, + "google_oracle_database_autonomous_database": dataGoogleOracleDatabaseAutonomousDatabase, + "google_oracle_database_autonomous_databases": dataGoogleOracleDatabaseAutonomousDatabases, + "google_oracle_database_cloud_exadata_infrastructure": dataGoogleOracleDatabaseCloudExadataInfrastructure, + "google_oracle_database_cloud_exadata_infrastructures": dataGoogleOracleDatabaseCloudExadataInfrastructures, + "google_oracle_database_cloud_vm_cluster": dataGoogleOracleDatabaseCloudVMCluster, + "google_oracle_database_cloud_vm_clusters": dataGoogleOracleDatabaseCloudVMClusters, + "google_oracle_database_db_nodes": dataGoogleOracleDatabaseDBNodes, + "google_oracle_database_db_servers": dataGoogleOracleDatabaseDBServers, + "google_organization": placeholder, + "google_organization_iam_policy": dataGoogleOrganizationIamPolicy, + "google_parameter_manager_parameter": dataGoogleParameterManagerParameter, + "google_parameter_manager_parameter_version": dataGoogleParameterManagerParameterVersion, + "google_parameter_manager_parameter_version_render": dataGoogleParameterManagerParameterVersionRender, + "google_parameter_manager_parameters": dataGoogleParameterManagerParameters, + "google_parameter_manager_regional_parameter": dataGoogleParameterManagerRegionalParameter, + "google_parameter_manager_regional_parameter_version": dataGoogleParameterManagerRegionalParameterVersion, + "google_parameter_manager_regional_parameter_version_render": dataGoogleParameterManagerRegionalParameterVersionRender, + "google_parameter_manager_regional_parameters": dataGoogleParameterManagerRegionalParameters, + "google_privateca_ca_pool_iam_policy": dataGooglePrivatecaCaPoolIamPolicy, + "google_privateca_certificate_authority": dataGooglePrivatecaCertificateAuthority, + "google_privateca_certificate_template_iam_policy": dataGooglePrivatecaCertificateTemplateIamPolicy, + "google_privileged_access_manager_entitlement": dataGooglePrivilegedAccessManagerEntitlement, + "google_project": dataGoogleProject, + "google_project_iam_custom_role": dataGoogleProjectIamCustomRole, + "google_project_iam_custom_roles": dataGoogleProjectIamCustomRoles, + "google_project_iam_policy": dataGoogleProjectIamPolicy, + "google_project_organization_policy": dataGoogleProjectOrganizationPolicy, + "google_project_service": dataGoogleProjectService, + "google_projects": placeholder, + "google_pubsub_schema_iam_policy": placeholder, + "google_pubsub_subscription": dataGooglePubsubSubscription, + "google_pubsub_subscription_iam_policy": dataGooglePubsubSubscriptionIamPolicy, + "google_pubsub_topic": dataGooglePubsubTopic, + "google_pubsub_topic_iam_policy": dataGooglePubsubTopicIamPolicy, + "google_redis_instance": dataGoogleRedisInstance, + "google_runtimeconfig_config_iam_policy": dataGoogleRuntimeconfigConfigIamPolicy, + "google_scc_source_iam_policy": dataGoogleSccSourceIamPolicy, + "google_scc_v2_organization_source_iam_policy": dataGoogleSccV2OrganizationSourceIamPolicy, + "google_secret_manager_regional_secret": dataGoogleSecretManagerRegionalSecret, + "google_secret_manager_regional_secret_iam_policy": dataGoogleSecretManagerRegionalSecretIamPolicy, + "google_secret_manager_regional_secret_version": dataGoogleSecretManagerRegionalSecretVersion, + "google_secret_manager_regional_secret_version_access": dataGoogleSecretManagerRegionalSecretVersionAccess, + "google_secret_manager_regional_secrets": dataGoogleSecretManagerRegionalSecrets, + "google_secret_manager_secret": dataGoogleSecretManagerSecret, + "google_secret_manager_secret_iam_policy": dataGoogleSecretManagerSecretIamPolicy, + "google_secret_manager_secret_version": dataGoogleSecretManagerSecretVersion, + "google_secret_manager_secret_version_access": dataGoogleManagerSecretVersionAccess, + "google_secret_manager_secrets": dataGoogleSecretManagerSecrets, + "google_secure_source_manager_instance_iam_policy": dataGoogleSecureSourceManagerInstanceIamPolicy, + "google_secure_source_manager_repository_iam_policy": dataGoogleSecureSourceManagerRepositoryIamPolicy, + "google_service_account": dataGoogleServiceAccount, + "google_service_account_access_token": dataGoogleServiceAccountAccessToken, + "google_service_account_iam_policy": dataGoogleServiceAccountIamPolicy, + "google_service_account_id_token": placeholder, + "google_service_account_jwt": dataGoogleServiceAccountJwt, + "google_service_account_key": dataGoogleServiceAccountKey, + "google_service_accounts": dataGoogleServiceAccounts, + "google_service_directory_namespace_iam_policy": dataGoogleServiceDirectoryNamespaceIamPolicy, + "google_service_directory_service_iam_policy": dataGoogleServiceDirectoryServiceIamPolicy, + "google_sourcerepo_repository": dataGoogleSourcerepoRepository, + "google_sourcerepo_repository_iam_policy": dataGoogleSourcerepoRepositoryIamPolicy, + "google_spanner_database": dataGoogleSpannerDatabase, + "google_spanner_database_iam_policy": dataGoogleSpannerDatabaseIamPolicy, + "google_spanner_instance": dataGoogleSpannerInstance, + "google_spanner_instance_iam_policy": dataGoogleSpannerInstanceIamPolicy, + "google_sql_backup_run": dataGoogleSQLBackupRun, + "google_sql_ca_certs": placeholder, + "google_sql_database": dataGoogleSQLDatabase, + "google_sql_database_instance": dataGoogleSQLDatabaseInstance, + "google_sql_database_instance_latest_recovery_time": dataGoogleSQLDatabaseInstanceLatestRecoveryTime, + "google_sql_database_instances": dataGoogleSQLDatabaseInstances, + "google_sql_databases": dataGoogleSQLDatabases, + "google_sql_tiers": placeholder, + "google_storage_bucket": dataGoogleStorageBucket, + "google_storage_bucket_iam_policy": dataGoogleStorageBucketIamPolicy, + "google_storage_bucket_object": dataGoogleStorageBucketObject, + "google_storage_bucket_object_content": dataGoogleStorageBucketObjectContent, + "google_storage_bucket_objects": dataGoogleStorageBucketObjects, + "google_storage_buckets": dataGoogleStorageBuckets, + "google_storage_object_signed_url": placeholder, + "google_storage_project_service_account": dataGoogleStorageProjectServiceAccount, + "google_storage_transfer_project_service_account": dataGoogleStorageTransferProjectServiceAccount, + "google_tags_tag_key": dataGoogleTagsTagKey, + "google_tags_tag_key_iam_policy": dataGoogleTagsTagKeyIamPolicy, + "google_tags_tag_value_iam_policy": dataGoogleTagsTagValueIamPolicy, + "google_tpu_tensorflow_versions": dataGoogleTpuTensorflowVersions, + "google_tpu_v2_accelerator_types": dataGoogleTpuV2AcceleratorTypes, + "google_tpu_v2_runtime_versions": dataGoogleTpuV2RuntimeVersions, + "google_vertex_ai_endpoint_iam_policy": dataGoogleVertexAiEndpointIamPolicy, + "google_vertex_ai_feature_group_iam_policy": dataGoogleVertexAiFeatureGroupIamPolicy, + "google_vertex_ai_feature_online_store_featureview_iam_policy": dataGoogleVertexAiFeatureOnlineStoreFeatureviewIamPolicy, + "google_vertex_ai_feature_online_store_iam_policy": dataGoogleVertexAiFeatureOnlineStoreIamPolicy, + "google_vertex_ai_featurestore_entitytype_iam_policy": dataGoogleVertexAiFeaturestoreEntitytypeIamPolicy, + "google_vertex_ai_featurestore_iam_policy": dataGoogleVertexAiFeaturestoreIamPolicy, + "google_vmwareengine_cluster": placeholder, + "google_vmwareengine_external_access_rule": placeholder, + "google_vmwareengine_external_address": dataGoogleVmwareengineExternalAddress, + "google_vmwareengine_network": dataGoogleVmwareengineNetwork, + "google_vmwareengine_network_peering": dataGoogleVmwareengineNetworkPeering, + "google_vmwareengine_network_policy": dataGoogleVmwareengineNetworkPolicy, + "google_vmwareengine_nsx_credentials": dataGoogleVmwareengineNsxCredentials, + "google_vmwareengine_private_cloud": dataGoogleVmwareenginePrivateCloud, + "google_vmwareengine_subnet": dataGoogleVmwareengineSubnet, + "google_vmwareengine_vcenter_credentials": dataGoogleVmwareengineVcenterCredentials, + "google_vpc_access_connector": dataGoogleVpcAccessConnector, + "google_workbench_instance_iam_policy": dataGoogleWorkbenchInstanceIamPolicy, + "google_workstations_workstation_config_iam_policy": dataGoogleWorkstationsWorkstationConfigIamPolicy, + "google_workstations_workstation_iam_policy": dataGoogleWorkstationsWorkstationIamPolicy, + "google_tags_tag_keys": dataGoogleTagsTagKeys, + "google_tags_tag_value": dataGoogleTagsTagValue, + "google_tags_tag_values": dataGoogleTagsTagValues, + "google_storage_control_folder_intelligence_config": dataGoogleStorageControlFolderIntelligenceConfig, + "google_storage_control_organization_intelligence_config": dataGoogleStorageControlOrganizationIntelligenceConfig, + "google_storage_control_project_intelligence_config": dataGoogleStorageControlProjectIntelligenceConfig, + "google_site_verification_token": placeholder, + "google_runtimeconfig_config": dataGoogleRuntimeconfigConfig, + "google_runtimeconfig_variable": dataGoogleRuntimeconfigVariable, + "google_redis_cluster": dataGoogleRedisCluster, + "google_project_ancestry": dataGoogleProjectAncestry, + "google_access_context_manager_access_policy": dataGoogleAccessContextManagerAccessPolicy, + "google_cloud_identity_group_transitive_memberships": placeholder, + "google_dataplex_data_quality_rules": dataGoogleDataplexDataQualityRules, + "google_firebase_android_app_config": placeholder, + "google_firebase_apple_app_config": placeholder, + "google_firebase_web_app_config": placeholder, + "google_organizations": placeholder, + "google_organization_iam_custom_role": dataGoogleOrganizationIamCustomRole, + "google_organization_iam_custom_roles": dataGoogleOrganizationIamCustomRoles, + "google_compute_network_attachment": dataGoogleComputeNetworkAttachment, + "google_storage_insights_dataset_config": dataGoogleStorageInsightsDatasetConfig, + "google_artifact_registry_docker_images": dataGoogleArtifactRegistryDockerImages, + "google_iam_workforce_pool_iam_policy": dataGoogleIamWorkforcePoolIamPolicy, + "google_artifact_registry_repositories": dataGoogleArtifactRegistryRepositories, + "google_artifact_registry_version": dataGoogleArtifactRegistryVersion, + "google_artifact_registry_versions": dataGoogleArtifactRegistryVersions, + "google_artifact_registry_npm_package": dataGoogleArtifactRegistryNpmPackage, + "google_artifact_registry_tags": dataGoogleArtifactRegistryTags, + "google_iap_web_region_forwarding_rule_service_iam_policy": dataGoogleIapWebRegionForwardingRuleServiceIamPolicy, + "google_certificate_manager_dns_authorization": dataGoogleCertificateManagerDnsAuthorization, + "google_artifact_registry_python_package": dataGoogleArtifactRegistryPythonPackage, + "google_backup_dr_backup_plan_associations": dataGoogleBackupDrPlanAssociations, + "google_backup_dr_data_source_reference": dataGoogleBackupDrDataSourceReference, + "google_backup_dr_data_source_references": dataGoogleBackupDrDataSourceReferences, + "google_bigquery_datapolicyv2_data_policy_iam_policy": dataGoogleBigqueryDatapolicyv2DataPolicyIamPolicy, + "google_iap_web_forwarding_rule_service_iam_policy": dataGoogleIapForwardingRuleServiceIamPolicy, + "google_artifact_registry_maven_artifact": dataGoogleArtifactRegistryMavenArtifact, + "google_artifact_registry_maven_artifacts": dataGoogleArtifactRegistryMavenArtifacts, + "google_artifact_registry_npm_packages": dataGoogleArtifactRegistryNpmPackages, + "google_compute_interconnect_location": dataGoogleComputeInterconnectLocation, + "google_compute_interconnect_locations": dataGoogleComputeInterconnectLocations, + "google_artifact_registry_packages": dataGoogleArtifactRegistryPackages, } return TFLookup[result] diff --git a/src/gcp_policy.go b/src/gcp_policy.go index 0ac71779..7dd80fd8 100644 --- a/src/gcp_policy.go +++ b/src/gcp_policy.go @@ -2,41 +2,118 @@ package pike import ( "bytes" + "context" _ "embed" // required for embed - "fmt" + "os" + "path/filepath" + "runtime" "strings" "text/template" + + //"github.com/go-git/go-git/v5/plumbing/format/config" + "golang.org/x/oauth2/google" + "google.golang.org/api/compute/v1" + "gopkg.in/ini.v1" +) + +const ( + defaultPolicyName = "terraform_pike" + defaultProject = "pike" + defaultRoleID = "terraform_pike" ) //go:embed terraform.gcppolicy.template var policyGCPTemplate []byte // GCPPolicy create an IAM policy. -func GCPPolicy(permissions []string) (string, error) { +func GCPPolicy(permissions []string, policyName string) (string, error) { + if permissions == nil || len(permissions) == 0 { + return "", &emptyPermissionsError{} + } + test := strings.Join(permissions, "\",\n \"") - type GCPPolicyDetails struct { - Name string - Project string - RoleID string - Permissions string + // gCPPolicyDetails contains the configuration for generating a GCP IAM policy + type gCPPolicyDetails struct { + Name string // Custom name for the policy + Project string // GCP project identifier + RoleID string // Unique role identifier + Permissions string // Comma-separated list of permissions } - PolicyName := "terraform_pike" - theDetails := GCPPolicyDetails{PolicyName, "pike", "terraform_pike", test} + var PolicyName string + + if policyName != "" { + PolicyName = policyName + } else { + PolicyName = defaultPolicyName + } + + project, err := getCurrentProject() + if err != nil { + project = defaultProject + } + + theDetails := gCPPolicyDetails{ + Name: PolicyName, + Project: project, + RoleID: PolicyName, + Permissions: test, + } var output bytes.Buffer tmpl, err := template.New("test").Parse(string(policyGCPTemplate)) if err != nil { - return "", fmt.Errorf("failed to parse template %w", err) + return "", &templateParseError{err} } err = tmpl.Execute(&output, theDetails) - if err != nil { - return "", err + return "", &templateExecuteError{err} } return output.String(), nil } + +func getCurrentProject() (string, error) { + //many different ways to ensure that a value for a GCP project is found + if os.Getenv("GOOGLE_CLOUD_PROJECT") != "" { + return os.Getenv("GOOGLE_CLOUD_PROJECT"), nil + } + + if os.Getenv("GOOGLE_PROJECT") != "" { + return os.Getenv("GOOGLE_PROJECT"), nil + } + + if os.Getenv("GCP_PROJECT") != "" { + return os.Getenv("GCP_PROJECT"), nil + } + + ctx := context.Background() + credentials, err := google.FindDefaultCredentials(ctx, compute.ComputeScope) + + var configPath string + if err != nil || credentials.ProjectID == "" { + //gcloud info --format='value(config.paths.global_config_dir)' + if runtime.GOOS != "windows" { + configPath = filepath.Join(os.Getenv("HOME"), ".config", "gcloud", "configurations", "config_default") + } else { + configPath = filepath.Join(os.Getenv("APPDATA"), "gcloud", "configurations", "config_default") + } + + config, err := ini.Load(configPath) + + if err != nil { + return "", err + } + + projectID := config.Section("core").Key("project").String() + + return projectID, nil + } + result := credentials.ProjectID + + return result, nil + +} diff --git a/src/gcp_policy_test.go b/src/gcp_policy_test.go index 22db8534..16fdab3d 100644 --- a/src/gcp_policy_test.go +++ b/src/gcp_policy_test.go @@ -1,15 +1,16 @@ -package pike_test +package pike import ( _ "embed" + "os" + "path/filepath" + "runtime" "testing" - - pike "github.com/jameswoolfenden/pike/src" ) func TestGCPPolicy(t *testing.T) { t.Parallel() - + _ = os.Setenv("GCP_PROJECT", "pike-412922") type args struct { permissions []string } @@ -23,15 +24,23 @@ func TestGCPPolicy(t *testing.T) { { "basic", args{[]string{"bigquery.datasets.create", "bigquery.jobs.create"}}, - "resource\"google_project_iam_custom_role\"\"terraform_pike\"{project=\"pike\"role_id=\"terraform_pike\"title=\"terraform_pike\"description=\"Auserwithleastprivileges\"permissions=[\"bigquery.datasets.create\",\"bigquery.jobs.create\"]}", + "resource\"google_project_iam_custom_role\"\"terraform_pike\"{project=\"pike-412922\"role_id=\"terraform_pike\"title=\"terraform_pike\"description=\"Auserwithleastprivileges\"permissions=[\"bigquery.datasets.create\",\"bigquery.jobs.create\"]}", false, }, + { + "empty", + args{[]string{}}, + "", + true, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.GCPPolicy(tt.args.permissions) + + got, err := GCPPolicy(tt.args.permissions, "") + if (err != nil) != tt.wantErr { t.Errorf("GCPPolicy() error = %v, wantErr %v", err, tt.wantErr) @@ -40,6 +49,7 @@ func TestGCPPolicy(t *testing.T) { original := Minify(got) target := Minify(tt.want) + if original != target { t.Errorf("GCPPolicy() = %v, want %v", got, tt.want) t.Errorf("GCPPolicy() = %v, want %v", original, target) @@ -47,3 +57,324 @@ func TestGCPPolicy(t *testing.T) { }) } } + +func TestGetCurrentProject_EnvironmentVariables(t *testing.T) { + // Save original environment + originalGoogleCloudProject := os.Getenv("GOOGLE_CLOUD_PROJECT") + originalGoogleProject := os.Getenv("GOOGLE_PROJECT") + originalGcpProject := os.Getenv("GCP_PROJECT") + + // Clean up after test + defer func() { + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", originalGoogleCloudProject) + _ = os.Setenv("GOOGLE_PROJECT", originalGoogleProject) + _ = os.Setenv("GCP_PROJECT", originalGcpProject) + }() + + tests := []struct { + name string + googleCloudProject string + googleProject string + gcpProject string + expectedProject string + }{ + { + name: "GOOGLE_CLOUD_PROJECT takes precedence", + googleCloudProject: "test-project-1", + googleProject: "test-project-2", + gcpProject: "test-project-3", + expectedProject: "test-project-1", + }, + { + name: "GOOGLE_PROJECT when GOOGLE_CLOUD_PROJECT empty", + googleProject: "test-project-2", + gcpProject: "test-project-3", + expectedProject: "test-project-2", + }, + { + name: "GCP_PROJECT when others empty", + gcpProject: "test-project-3", + expectedProject: "test-project-3", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Clear all environment variables + _ = os.Unsetenv("GOOGLE_CLOUD_PROJECT") + _ = os.Unsetenv("GOOGLE_PROJECT") + _ = os.Unsetenv("GCP_PROJECT") + + // Set test values + if tt.googleCloudProject != "" { + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", tt.googleCloudProject) + } + if tt.googleProject != "" { + _ = os.Setenv("GOOGLE_PROJECT", tt.googleProject) + } + if tt.gcpProject != "" { + _ = os.Setenv("GCP_PROJECT", tt.gcpProject) + } + + project, err := getCurrentProject() + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + if project != tt.expectedProject { + t.Errorf("Expected project %s, got %s", tt.expectedProject, project) + } + }) + } +} + +func TestGetCurrentProject_GcloudConfigFile(t *testing.T) { + // Save original environment + originalGoogleCloudProject := os.Getenv("GOOGLE_CLOUD_PROJECT") + originalGoogleProject := os.Getenv("GOOGLE_PROJECT") + originalGcpProject := os.Getenv("GCP_PROJECT") + originalHome := os.Getenv("HOME") + originalAppData := os.Getenv("APPDATA") + + // Clean up after test + defer func() { + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", originalGoogleCloudProject) + _ = os.Setenv("GOOGLE_PROJECT", originalGoogleProject) + _ = os.Setenv("GCP_PROJECT", originalGcpProject) + _ = os.Setenv("HOME", originalHome) + _ = os.Setenv("APPDATA", originalAppData) + }() + + // Clear environment variables to force config file reading + _ = os.Unsetenv("GOOGLE_CLOUD_PROJECT") + _ = os.Unsetenv("GOOGLE_PROJECT") + _ = os.Unsetenv("GCP_PROJECT") + + // Create temporary directory structure + tempDir := t.TempDir() + + var configPath string + if runtime.GOOS != "windows" { + _ = os.Setenv("HOME", tempDir) + configPath = filepath.Join(tempDir, ".config", "gcloud", "configurations", "config_default") + } else { + _ = os.Setenv("APPDATA", tempDir) + configPath = filepath.Join(tempDir, "gcloud", "configurations", "config_default") + } + + // Create directory structure + err := os.MkdirAll(filepath.Dir(configPath), 0755) + if err != nil { + t.Fatalf("Failed to create config directory: %v", err) + } + + // Create config file with project + configContent := `[core] +project = test-config-project +account = test@example.com + +[compute] +region = us-central1 +zone = us-central1-a +` + + err = os.WriteFile(configPath, []byte(configContent), 0644) + if err != nil { + t.Fatalf("Failed to write config file: %v", err) + } + + project, err := getCurrentProject() + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + if project != "test-config-project" { + t.Errorf("Expected project 'test-config-project', got '%s'", project) + } +} + +func TestGetCurrentProject_EmptyEnvironmentVariables(t *testing.T) { + // Save original environment + originalGoogleCloudProject := os.Getenv("GOOGLE_CLOUD_PROJECT") + originalGoogleProject := os.Getenv("GOOGLE_PROJECT") + originalGcpProject := os.Getenv("GCP_PROJECT") + + // Clean up after test + defer func() { + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", originalGoogleCloudProject) + _ = os.Setenv("GOOGLE_PROJECT", originalGoogleProject) + _ = os.Setenv("GCP_PROJECT", originalGcpProject) + }() + + // Test empty string environment variables (should be treated as not set) + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", "") + _ = os.Setenv("GOOGLE_PROJECT", "") + _ = os.Setenv("GCP_PROJECT", "") + + // This will likely fail due to no credentials or config file, but we're testing the logic + _, err := getCurrentProject() + // We expect an error since no valid project source is available + if err == nil { + t.Log("No error returned - likely found valid credentials or config file") + } +} + +func TestGetCurrentProject_MissingConfigFile(t *testing.T) { + // Save original environment + originalGoogleCloudProject := os.Getenv("GOOGLE_CLOUD_PROJECT") + originalGoogleProject := os.Getenv("GOOGLE_PROJECT") + originalGcpProject := os.Getenv("GCP_PROJECT") + originalHome := os.Getenv("HOME") + originalAppData := os.Getenv("APPDATA") + + // Clean up after test + defer func() { + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", originalGoogleCloudProject) + _ = os.Setenv("GOOGLE_PROJECT", originalGoogleProject) + _ = os.Setenv("GCP_PROJECT", originalGcpProject) + _ = os.Setenv("HOME", originalHome) + _ = os.Setenv("APPDATA", originalAppData) + }() + + // Clear environment variables + _ = os.Unsetenv("GOOGLE_CLOUD_PROJECT") + _ = os.Unsetenv("GOOGLE_PROJECT") + _ = os.Unsetenv("GCP_PROJECT") + + // Set HOME/APPDATA to non-existent directory + tempDir := t.TempDir() + nonExistentDir := filepath.Join(tempDir, "nonexistent") + + if runtime.GOOS != "windows" { + _ = os.Setenv("HOME", nonExistentDir) + } else { + _ = os.Setenv("APPDATA", nonExistentDir) + } + + _, err := getCurrentProject() + if err == nil { + t.Log("No error returned - likely found valid credentials") + } +} + +func TestGetCurrentProject_InvalidConfigFile(t *testing.T) { + // Save original environment + originalGoogleCloudProject := os.Getenv("GOOGLE_CLOUD_PROJECT") + originalGoogleProject := os.Getenv("GOOGLE_PROJECT") + originalGcpProject := os.Getenv("GCP_PROJECT") + originalHome := os.Getenv("HOME") + originalAppData := os.Getenv("APPDATA") + + // Clean up after test + defer func() { + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", originalGoogleCloudProject) + _ = os.Setenv("GOOGLE_PROJECT", originalGoogleProject) + _ = os.Setenv("GCP_PROJECT", originalGcpProject) + _ = os.Setenv("HOME", originalHome) + _ = os.Setenv("APPDATA", originalAppData) + }() + + // Clear environment variables + _ = os.Unsetenv("GOOGLE_CLOUD_PROJECT") + _ = os.Unsetenv("GOOGLE_PROJECT") + _ = os.Unsetenv("GCP_PROJECT") + + // Create temporary directory structure + tempDir := t.TempDir() + + var configPath string + if runtime.GOOS != "windows" { + _ = os.Setenv("HOME", tempDir) + configPath = filepath.Join(tempDir, ".config", "gcloud", "configurations", "config_default") + } else { + _ = os.Setenv("APPDATA", tempDir) + configPath = filepath.Join(tempDir, "gcloud", "configurations", "config_default") + } + + // Create directory structure + err := os.MkdirAll(filepath.Dir(configPath), 0755) + if err != nil { + t.Fatalf("Failed to create config directory: %v", err) + } + + // Create invalid config file + invalidConfigContent := `[core +project = test-project +invalid ini format +` + + err = os.WriteFile(configPath, []byte(invalidConfigContent), 0644) + if err != nil { + t.Fatalf("Failed to write invalid config file: %v", err) + } + + _, err = getCurrentProject() + if err == nil { + t.Log("No error returned - likely found valid credentials or ini parser was lenient") + } +} + +func TestGetCurrentProject_ConfigFileWithoutProject(t *testing.T) { + // Save original environment + originalGoogleCloudProject := os.Getenv("GOOGLE_CLOUD_PROJECT") + originalGoogleProject := os.Getenv("GOOGLE_PROJECT") + originalGcpProject := os.Getenv("GCP_PROJECT") + originalHome := os.Getenv("HOME") + originalAppData := os.Getenv("APPDATA") + + // Clean up after test + defer func() { + _ = os.Setenv("GOOGLE_CLOUD_PROJECT", originalGoogleCloudProject) + _ = os.Setenv("GOOGLE_PROJECT", originalGoogleProject) + _ = os.Setenv("GCP_PROJECT", originalGcpProject) + _ = os.Setenv("HOME", originalHome) + _ = os.Setenv("APPDATA", originalAppData) + }() + + // Clear environment variables + _ = os.Unsetenv("GOOGLE_CLOUD_PROJECT") + _ = os.Unsetenv("GOOGLE_PROJECT") + _ = os.Unsetenv("GCP_PROJECT") + + // Create temporary directory structure + tempDir := t.TempDir() + + var configPath string + if runtime.GOOS != "windows" { + _ = os.Setenv("HOME", tempDir) + configPath = filepath.Join(tempDir, ".config", "gcloud", "configurations", "config_default") + } else { + _ = os.Setenv("APPDATA", tempDir) + configPath = filepath.Join(tempDir, "gcloud", "configurations", "config_default") + } + + // Create directory structure + err := os.MkdirAll(filepath.Dir(configPath), 0755) + if err != nil { + t.Fatalf("Failed to create config directory: %v", err) + } + + // Create config file without project + configContent := `[core] +account = test@example.com + +[compute] +region = us-central1 +zone = us-central1-a +` + + err = os.WriteFile(configPath, []byte(configContent), 0644) + if err != nil { + t.Fatalf("Failed to write config file: %v", err) + } + + project, err := getCurrentProject() + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + // Should return empty string when no project is set in config + if project != "" { + t.Errorf("Expected empty project, got '%s'", project) + } +} diff --git a/src/gcp_test.go b/src/gcp_test.go index 1a803a50..455a2a36 100644 --- a/src/gcp_test.go +++ b/src/gcp_test.go @@ -1,17 +1,17 @@ -package pike_test +package pike import ( + "errors" + "fmt" "reflect" "testing" - - pike "github.com/jameswoolfenden/pike/src" ) func TestGetGCPPermissions(t *testing.T) { t.Parallel() type args struct { - result pike.ResourceV2 + result ResourceV2 } tests := []struct { @@ -21,21 +21,23 @@ func TestGetGCPPermissions(t *testing.T) { wantErr bool }{ {name: "missing", args: args{ - result: pike.ResourceV2{ + result: ResourceV2{ TypeName: "bogus", Name: "bogus", }, }, wantErr: true}, {name: "notype", args: args{ - result: pike.ResourceV2{ - TypeName: "bogus", Name: "google_compute_duff", ResourceName: "pike", Provider: "azurerm", Attributes: []string{ + result: ResourceV2{ + TypeName: "bogus", Name: "google_compute_duff", ResourceName: "pike", Provider: "azurerm", + Attributes: []string{ "name", "machine_type", "zone", }, }, }, wantErr: true}, {name: "not implemented", args: args{ - result: pike.ResourceV2{ - TypeName: "data", Name: "google_compute_duff", ResourceName: "pike", Provider: "azurerm", Attributes: []string{ + result: ResourceV2{ + TypeName: "data", Name: "google_compute_duff", ResourceName: "pike", Provider: "azurerm", + Attributes: []string{ "name", "machine_type", "zone", }, @@ -44,7 +46,7 @@ func TestGetGCPPermissions(t *testing.T) { { name: "resource", args: args{ - result: pike.ResourceV2{ + result: ResourceV2{ TypeName: "resource", Name: "google_compute_instance", Attributes: []string{"name", "machine_type", "zone"}, }, @@ -59,6 +61,7 @@ func TestGetGCPPermissions(t *testing.T) { "compute.subnetworks.useExternalIp", "compute.instances.setMetadata", "compute.instances.delete", + "compute.instances.get", "compute.instances.delete", }, }, @@ -68,14 +71,17 @@ func TestGetGCPPermissions(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.GetGCPPermissions(tt.args.result) + + got, err := getGCPPermissions(tt.args.result) + if (err != nil) != tt.wantErr { - t.Errorf("GetGCPPermissions() error = %v, wantErr %v", err, tt.wantErr) + t.Errorf("getGCPPermissions() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetGCPPermissions() = %v, want %v", got, tt.want) + t.Errorf("getGCPPermissions() = %v, want %v", got, tt.want) } }) } @@ -85,7 +91,7 @@ func TestGetGCPResourcePermissions(t *testing.T) { t.Parallel() type args struct { - result pike.ResourceV2 + result ResourceV2 } tests := []struct { @@ -94,10 +100,10 @@ func TestGetGCPResourcePermissions(t *testing.T) { want []string wantErr bool }{ - {name: "missing", args: args{result: pike.ResourceV2{TypeName: "bogus", Name: "bogus"}}}, + {name: "missing", args: args{result: ResourceV2{TypeName: "bogus", Name: "bogus"}}}, { name: "resource", - args: args{result: pike.ResourceV2{TypeName: "resource", Name: "google_compute_instance", Attributes: []string{ + args: args{result: ResourceV2{TypeName: "resource", Name: "google_compute_instance", Attributes: []string{ "name", "machine_type", "zone", }}}, @@ -111,6 +117,7 @@ func TestGetGCPResourcePermissions(t *testing.T) { "compute.subnetworks.useExternalIp", "compute.instances.setMetadata", "compute.instances.delete", + "compute.instances.get", "compute.instances.delete", }, }, @@ -120,8 +127,80 @@ func TestGetGCPResourcePermissions(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got, _ := pike.GetGCPResourcePermissions(tt.args.result); !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetGCPResourcePermissions() = %v, want %v", got, tt.want) + + if got, _ := getGCPResourcePermissions(tt.args.result); !reflect.DeepEqual(got, tt.want) { + t.Errorf("getGCPResourcePermissions() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestInvalidGCPResourceError(t *testing.T) { + tests := []struct { + name string + resource string + want string + }{ + { + name: "empty resource", + resource: "", + want: "Invalid GCP lookup sourceData type for resource ", + }, + { + name: "valid resource", + resource: "google_storage_bucket", + want: "Invalid GCP lookup sourceData type for resource google_storage_bucket", + }, + { + name: "special characters", + resource: "test*&^%", + want: "Invalid GCP lookup sourceData type for resource test*&^%", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + err := invalidGCPResourceError{resource: tt.resource} + if got := err.Error(); got != tt.want { + t.Errorf("invalidGCPResourceError.Error() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestInvalidPermissionMapError(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + err error + want string + }{ + { + name: "nil error", + err: nil, + want: "Invalid Permission Map ", + }, + { + name: "simple error", + err: errors.New("permission denied"), + want: "Invalid Permission Map permission denied", + }, + { + name: "wrapped error", + err: fmt.Errorf("wrapped: %w", errors.New("inner error")), + want: "Invalid Permission Map wrapped: inner error", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + err := invalidPermissionMapError{err: tt.err} + + if got := err.Error(); got != tt.want { + t.Errorf("invalidPermissionMapError.Error() = %v, want %v", got, tt.want) } }) } diff --git a/src/gitHub.go b/src/gitHub.go index d8486385..718aec96 100644 --- a/src/gitHub.go +++ b/src/gitHub.go @@ -2,7 +2,6 @@ package pike import ( "context" - "errors" "fmt" "io" "net/http" @@ -15,31 +14,86 @@ import ( const lastOK = 299 -// InvokeGithubDispatchEvent uses your gitHub api key (if sufficiently enabled) to invoke a gitHub action workflow. +type verifyURLError struct { + url string + err error +} + +func (m *verifyURLError) Error() string { + return fmt.Sprintf("failed to verify URL %s %v", m.url, m.err) +} + +type verifyBranchError struct { + branch string + repo string + owner string + err error +} + +func (m *verifyBranchError) Error() string { + return fmt.Sprintf("failed to verify branch %s %s %s %v", m.branch, m.repo, m.owner, m.err) +} + +type nilResponseError struct{} + +func (m *nilResponseError) Error() string { + return "nil response" +} + +type nonSuccessError struct { + response string + err error +} + +func (m *nonSuccessError) Error() string { + return fmt.Sprintf("non success response %s %v", m.response, m.err) +} + +type workflowInvokeError struct { + err error +} + +func (m *workflowInvokeError) Error() string { + return fmt.Sprintf("failed to invoke workflow %v", m.err) +} + +type gitHubRateLimitingError struct{} + +func (m *gitHubRateLimitingError) Error() string { + return "you are being GitHub Rate-limited" +} + +type insecureProtocolError struct{} + +func (m *insecureProtocolError) Error() string { + return "insecure protocol" +} + +// InvokeGithubDispatchEvent uses your GitHub api key (if sufficiently enabled) to invoke a GitHub action workflow. func InvokeGithubDispatchEvent(repository string, workflowFileName string, branch string) error { owner, repo, err := SplitHub(repository) if err != nil { log.Print(err) - return fmt.Errorf("failed to SplitHub %w", err) + return &splitHubError{err} } url := "https://api.github.com/repos/" + owner + "/" + repo + "/actions/workflows/" + workflowFileName - err2 := VerifyURL(url) - if err2 != nil { - log.Print(err2) + err = verifyURL(url) + if err != nil { + log.Error().Err(err) - return err2 + return &verifyURLError{url, err} } ctx, client := GetGithubClient() - err3 := VerifyBranch(client, owner, repo, branch) - if err3 != nil { - log.Print(err3) + err = verifyBranch(client, owner, repo, branch) + if err != nil { + log.Error().Err(err) - return err3 + return &verifyBranchError{branch, repo, owner, err} } event := github.CreateWorkflowDispatchEventRequest{ @@ -54,17 +108,17 @@ func InvokeGithubDispatchEvent(repository string, workflowFileName string, branc event) if response == nil { - return fmt.Errorf("query failed") + return &nilResponseError{} } if response.StatusCode > lastOK { - return fmt.Errorf("non success status code %s for %s", response.Status, url) + return &nonSuccessError{response.Status, err} } if err != nil { - log.Printf("invoke failed %s", response.Response.Status) + log.Info().Msgf("invoke failed %s", response.Response.Status) - return err + return &workflowInvokeError{err: err} } myResponse := *response.Response @@ -74,22 +128,31 @@ func InvokeGithubDispatchEvent(repository string, workflowFileName string, branc if len(remains) != 0 { if left, err := strconv.Atoi(remains[0]); err == nil { if left == 0 { - return errors.New("you are being gitHub rate limited") + return &gitHubRateLimitingError{} } - log.Printf("Invoked: Github rate limit remaining: %s", remains[0]) + log.Info().Msgf("Invoked: Github rate limit remaining: %s", remains[0]) } } return nil } -// VerifyBranch checks that a branch exists in a repo. -func VerifyBranch(client *github.Client, owner string, repo string, branch string) error { +type listBranchesError struct { + err error +} + +func (m *listBranchesError) Error() string { + return fmt.Sprintf("failed to list branches %v", m.err) +} + +// verifyBranch checks that a branch exists in a repo. +func verifyBranch(client *github.Client, owner string, repo string, branch string) error { ctx := context.Background() branches, _, err := client.Repositories.ListBranches(ctx, owner, repo, nil) + if err != nil { - return err + return &listBranchesError{err} } found := false @@ -105,20 +168,29 @@ func VerifyBranch(client *github.Client, owner string, repo string, branch strin return nil } - return errors.New("branch " + branch + " not found for " + repo) + return &branchNotFoundError{branch, repo} +} + +type branchNotFoundError struct { + branch string + repo string +} + +func (m *branchNotFoundError) Error() string { + return fmt.Sprintf("branch %s not found for repo %s", m.branch, m.repo) } -// VerifyURL tests a url. -func VerifyURL(url string) error { +// verifyURL tests a url. +func verifyURL(url string) error { if //goland:noinspection HttpUrlsUsage strings.Contains(strings.ToLower(url), "http://") { - return errors.New("http is insecure") + return &insecureProtocolError{} } - resp, err := http.Get(url) + resp, err := http.Get(url) //nolint:gosec if resp == nil { - return errors.New("response was nil") + return &nilResponseError{} } defer func(Body io.ReadCloser) { @@ -126,13 +198,13 @@ func VerifyURL(url string) error { }(resp.Body) if resp.StatusCode > lastOK { - return fmt.Errorf("non success status code %s for %s", resp.Status, url) + return &nonSuccessError{response: strconv.Itoa(resp.StatusCode), err: err} } if err != nil { - log.Printf("failed to reach %s for %s", url, resp.Status) + log.Info().Msgf("failed to reach %s for %s", url, resp.Status) - return err + return &verifyURLError{url, err} } return nil diff --git a/src/gitHub_internal_test.go b/src/gitHub_internal_test.go new file mode 100644 index 00000000..33c4c757 --- /dev/null +++ b/src/gitHub_internal_test.go @@ -0,0 +1,170 @@ +package pike + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestVerifyURL(t *testing.T) { + type args struct { + url string + } + //goland:noinspection HttpUrlsUsage + tests := []struct { + name string + args args + wantErr bool + }{ + {"google", args{"www.google.com"}, true}, + {"http", args{"http://www.google.com"}, true}, + {"https", args{"https://www.google.com"}, false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := verifyURL(tt.args.url); (err != nil) != tt.wantErr { + t.Errorf("verifyURL() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} + +func Test_gitHubRateLimitingError_Error(t *testing.T) { + tests := []struct { + name string + want string + }{ + {"Invoke", "you are being GitHub Rate-limited"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &gitHubRateLimitingError{} + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_insecureProtocolError_Error(t *testing.T) { + tests := []struct { + name string + want string + }{ + {"Invoke", "insecure protocol"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &insecureProtocolError{} + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_nilResponseError_Error(t *testing.T) { + tests := []struct { + name string + want string + }{ + {"Invoke", "nil response"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &nilResponseError{} + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_nonSuccessError_Error(t *testing.T) { + type fields struct { + response string + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"Invoke", fields{"test", errors.New("test")}, "non success response test test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &nonSuccessError{ + response: tt.fields.response, + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_verifyBranchError_Error(t *testing.T) { + type fields struct { + branch string + repo string + owner string + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"Invoke", fields{"branchtest", "repotest", "ownertest", errors.New("test")}, "failed to verify branch branchtest repotest ownertest test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &verifyBranchError{ + branch: tt.fields.branch, + repo: tt.fields.repo, + owner: tt.fields.owner, + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_verifyURLError_Error(t *testing.T) { + type fields struct { + url string + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"Invoke", fields{"https://www.google.com", errors.New("test")}, "failed to verify URL https://www.google.com test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &verifyURLError{ + url: tt.fields.url, + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_workflowInvokeError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"Invoke", fields{errors.New("test")}, "failed to invoke workflow test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &workflowInvokeError{ + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} diff --git a/src/gitHub_test.go b/src/gitHub_test.go index 8a78fd02..3f8c6590 100644 --- a/src/gitHub_test.go +++ b/src/gitHub_test.go @@ -38,26 +38,3 @@ func TestInvokeGithubDispatchEvent(t *testing.T) { }) } } - -func TestVerifyURL(t *testing.T) { - type args struct { - url string - } - //goland:noinspection HttpUrlsUsage - tests := []struct { - name string - args args - wantErr bool - }{ - {"google", args{"www.google.com"}, true}, - {"http", args{"http://www.google.com"}, true}, - {"https", args{"https://www.google.com"}, false}, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := pike.VerifyURL(tt.args.url); (err != nil) != tt.wantErr { - t.Errorf("VerifyURL() error = %v, wantErr %v", err, tt.wantErr) - } - }) - } -} diff --git a/src/inspect.go b/src/inspect.go index d44ee944..6367f664 100644 --- a/src/inspect.go +++ b/src/inspect.go @@ -2,6 +2,7 @@ package pike import ( "errors" + "fmt" Identity "github.com/jameswoolfenden/identity/src" "github.com/rs/zerolog/log" @@ -12,27 +13,52 @@ type PolicyDiff struct { Under []string } +const allow = "Allow" + +type identityParseError struct { + err error +} + +func (m *identityParseError) Error() string { + return fmt.Sprintf("Identity parsing error %v", m.err) +} + +type getIAMError struct { + err error +} + +func (m *getIAMError) Error() string { + return fmt.Sprintf("get IAM error %v", m.err) +} + +type compareAllowError struct { + err error +} + +func (m *compareAllowError) Error() string { + return fmt.Sprintf("compare allow error %v", m.err) +} + func Inspect(directory string, init bool) (PolicyDiff, error) { var iacPolicy Identity.Policy var Difference PolicyDiff - rawIACPolicy, err := MakePolicy(directory, nil, init, false) + rawIACPolicy, err := MakePolicy(directory, nil, init, false, "", "") if err != nil { if errors.Is(err, &emptyIACError{}) { log.Info().Msgf("nothing to do for IAC as %s for directory %s", err, directory) } else { - return Difference, err + return Difference, &makePolicyError{err: err} } } iacPolicy, err = Identity.Parse(rawIACPolicy.AWS.JSONOut) - if err != nil { if errors.Is(err, &Identity.EmptyParseError{}) { log.Info().Msgf("nothing to do for IAC as parse for %s was empty", directory) } else { - return Difference, err + return Difference, &identityParseError{err} } } @@ -40,21 +66,35 @@ func Inspect(directory string, init bool) (PolicyDiff, error) { if err != nil { log.Info().Msgf("nothing to do for AWS as %s ", err) - return Difference, err + return Difference, &getIAMError{err: err} } - Difference, err = CompareAllow(iamIdentity, iacPolicy) + Difference, err = compareAllow(iamIdentity, iacPolicy) if err != nil { - return Difference, err + return Difference, &compareAllowError{err: err} } return Difference, nil } -func CompareAllow(identity Identity.IAM, policy Identity.Policy) (PolicyDiff, error) { - var identityAllows []string +type policyDifferenceError struct{} + +func (m *policyDifferenceError) Error() string { + return "invalid input: empty or nil policies/statements" +} + +func compareAllow(identity Identity.IAM, policy Identity.Policy) (PolicyDiff, error) { + // Add at start of function + if identity.Policies == nil || policy.Statements == nil { + return PolicyDiff{}, &policyDifferenceError{} + } + + if len(identity.Policies) == 0 || len(policy.Statements) == 0 { + return PolicyDiff{}, &policyDifferenceError{} + } - var policyAllows []string + identityAllows := make([]string, 0, len(identity.Policies)*2) + policyAllows := make([]string, 0, len(policy.Statements)) var difference PolicyDiff @@ -63,7 +103,7 @@ func CompareAllow(identity Identity.IAM, policy Identity.Policy) (PolicyDiff, er if statements != nil { for _, statement := range identityPolicy.Statements { - if statement.Effect == "Allow" { + if statement.Effect == allow { identityAllows = append(identityAllows, statement.Action...) } } @@ -71,7 +111,7 @@ func CompareAllow(identity Identity.IAM, policy Identity.Policy) (PolicyDiff, er } for _, policyStatement := range policy.Statements { - if policyStatement.Effect == "Allow" { + if policyStatement.Effect == allow { policyAllows = append(policyAllows, policyStatement.Action...) } } diff --git a/src/inspect_internal_test.go b/src/inspect_internal_test.go new file mode 100644 index 00000000..581c16ad --- /dev/null +++ b/src/inspect_internal_test.go @@ -0,0 +1,274 @@ +package pike + +import ( + "errors" + "reflect" + "testing" + + Identity "github.com/jameswoolfenden/identity/src" + "github.com/stretchr/testify/assert" +) + +func Test_compareAllowError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + { + "invoke", fields{errors.New("basic")}, "compare allow error basic", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &compareAllowError{ + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_getIAMError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"invoke", fields{errors.New("test")}, "get IAM error test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &getIAMError{ + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func Test_identityParseError_Error(t *testing.T) { + type fields struct { + err error + } + tests := []struct { + name string + fields fields + want string + }{ + {"invoke", fields{errors.New("test")}, "Identity parsing error test"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + m := &identityParseError{ + err: tt.fields.err, + } + assert.Equalf(t, tt.want, m.Error(), "Error()") + }) + } +} + +func TestCompareAllow(t *testing.T) { + type args struct { + identity Identity.IAM + policy Identity.Policy + } + + var identity Identity.IAM + var moreIdentity Identity.IAM + moreIdentity.Policies = make([]Identity.Policy, 1) + moreIdentity.Policies[0].Statements = make([]Identity.Statement, 1) + moreIdentity.Policies[0].Statements[0] = Identity.Statement{ + Sid: "", + Effect: "Allow", + Action: []string{"s3:*", "s3-object-lambda:*"}, + Resource: []string{"*"}, + } + var policy Identity.Policy + + statements := make([]Identity.Statement, 1) + statements[0] = Identity.Statement{ + Sid: "", + Effect: "Allow", + Action: []string{"s3:*", "s3-object-lambda:*"}, + Resource: []string{"*"}, + } + + var morePolicy Identity.Policy + morePolicy.Statements = statements + + tests := []struct { + name string + args args + want PolicyDiff + wantErr bool + }{ + { + "pass empty", + args{identity, policy}, + PolicyDiff{}, + true, + }, + { + "pass not empty", + args{identity, morePolicy}, + PolicyDiff{nil, nil}, + true, + }, + { + "pass", + args{moreIdentity, morePolicy}, + PolicyDiff{}, + false, + }, + { + "different", + args{moreIdentity, policy}, + PolicyDiff{nil, nil}, + true, + }, + //todo more testcases + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := compareAllow(tt.args.identity, tt.args.policy) + if (err != nil) != tt.wantErr { + t.Errorf("CompareAllow() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("CompareAllow() got = %v, want %v", got, tt.want) + } + }) + } +} + +func Test_contains(t *testing.T) { + type args struct { + s []string + e string + } + tests := []struct { + name string + args args + want bool + }{ + {"found", args{[]string{"foo", "bar"}, "foo"}, true}, + {"not found", args{[]string{"foo", "bar"}, "bart"}, false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := contains(tt.args.s, tt.args.e); got != tt.want { + t.Errorf("contains() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestPolicyDiff_Empty(t *testing.T) { + tests := []struct { + name string + pd PolicyDiff + want bool + }{ + { + name: "both nil", + pd: PolicyDiff{nil, nil}, + want: true, + }, + { + name: "empty slices", + pd: PolicyDiff{[]string{}, []string{}}, + want: true, + }, + { + name: "over nil under empty", + pd: PolicyDiff{nil, []string{}}, + want: true, + }, + { + name: "over empty under nil", + pd: PolicyDiff{[]string{}, nil}, + want: true, + }, + { + name: "over with content", + pd: PolicyDiff{[]string{"s3:GetObject"}, nil}, + want: false, + }, + { + name: "under with content", + pd: PolicyDiff{nil, []string{"s3:PutObject"}}, + want: false, + }, + { + name: "both with content", + pd: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:PutObject"}}, + want: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := len(tt.pd.Over) == 0 && len(tt.pd.Under) == 0 + if got != tt.want { + t.Errorf("PolicyDiff empty check = %v, want %v", got, tt.want) + } + }) + } +} + +func TestPolicyDiff_Equal(t *testing.T) { + tests := []struct { + name string + first PolicyDiff + second PolicyDiff + wantSame bool + }{ + { + name: "identical empty", + first: PolicyDiff{}, + second: PolicyDiff{}, + wantSame: true, + }, + { + name: "identical with content", + first: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:PutObject"}}, + second: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:PutObject"}}, + wantSame: true, + }, + { + name: "different over", + first: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:PutObject"}}, + second: PolicyDiff{[]string{"s3:ListBucket"}, []string{"s3:PutObject"}}, + wantSame: false, + }, + { + name: "different under", + first: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:PutObject"}}, + second: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:DeleteObject"}}, + wantSame: false, + }, + { + name: "different lengths", + first: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:PutObject"}}, + second: PolicyDiff{[]string{"s3:GetObject"}, []string{"s3:PutObject", "s3:DeleteObject"}}, + wantSame: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := reflect.DeepEqual(tt.first, tt.second) + if got != tt.wantSame { + t.Errorf("PolicyDiff equality check = %v, want %v", got, tt.wantSame) + } + }) + } +} diff --git a/src/inspect_test.go b/src/inspect_test.go index df3d0a08..b509db28 100644 --- a/src/inspect_test.go +++ b/src/inspect_test.go @@ -1,3 +1,6 @@ +//go:build auth +// +build auth + package pike import ( @@ -46,13 +49,13 @@ func TestCompareAllow(t *testing.T) { "pass empty", args{identity, policy}, PolicyDiff{}, - false, + true, }, { "pass not empty", args{identity, morePolicy}, - PolicyDiff{nil, []string{"s3:*", "s3-object-lambda:*"}}, - false, + PolicyDiff{nil, nil}, + true, }, { "pass", @@ -63,13 +66,14 @@ func TestCompareAllow(t *testing.T) { { "different", args{moreIdentity, policy}, - PolicyDiff{[]string{"s3:*", "s3-object-lambda:*"}, nil}, - false, + PolicyDiff{nil, nil}, + true, }, + //todo more testcases } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := CompareAllow(tt.args.identity, tt.args.policy) + got, err := compareAllow(tt.args.identity, tt.args.policy) if (err != nil) != tt.wantErr { t.Errorf("CompareAllow() error = %v, wantErr %v", err, tt.wantErr) return @@ -110,23 +114,92 @@ func TestInspect(t *testing.T) { } } -func Test_contains(t *testing.T) { +func TestInspectExtended(t *testing.T) { type args struct { - s []string - e string + directory string + init bool + } + + myDiff := PolicyDiff{ + Over: []string{"ssm:DescribePatchBaselines"}, + Under: []string{ + "dynamodb:DeleteItem", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:PutItem", + "s3:DeleteObject", "s3:GetObject", "s3:ListBucket", "s3:PutObject", + }, } + tests := []struct { - name string - args args - want bool + name string + args args + want PolicyDiff + wantErr bool }{ - {"found", args{[]string{"foo", "bar"}, "foo"}, true}, - {"not found", args{[]string{"foo", "bar"}, "bart"}, false}, + //{ + // name: "empty directory", + // args: args{ + // directory: "", + // init: false, + // }, + // want: PolicyDiff{}, + // wantErr: true, + //}, + { + // its comparing + name: "init true", + args: args{ + directory: "../terraform/aws", + init: true, + }, + want: myDiff, + wantErr: false, + }, + { + name: "directory with spaces", + args: args{ + directory: "../terraform/aws/test dir", + init: false, + }, + want: PolicyDiff{}, + wantErr: true, + }, + { + name: "relative path", + args: args{ + directory: "./test", + init: false, + }, + want: PolicyDiff{}, + wantErr: true, + }, + { + name: "absolute path", + args: args{ + directory: "/absolute/path/test", + init: false, + }, + want: PolicyDiff{}, + wantErr: true, + }, + { + name: "directory with special chars", + args: args{ + directory: "../terraform/aws/test@#$", + init: false, + }, + want: PolicyDiff{}, + wantErr: true, + }, } + for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := contains(tt.args.s, tt.args.e); got != tt.want { - t.Errorf("contains() = %v, want %v", got, tt.want) + got, err := Inspect(tt.args.directory, tt.args.init) + if (err != nil) != tt.wantErr { + t.Errorf("Inspect() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("Inspect() got = %v, want %v", got, tt.want) } }) } diff --git a/src/make.go b/src/make.go index 5af7787e..242e70f8 100644 --- a/src/make.go +++ b/src/make.go @@ -2,10 +2,10 @@ package pike import ( "context" - "errors" "fmt" "os" "os/exec" + "path" "path/filepath" "time" @@ -15,61 +15,93 @@ import ( // Make creates the required role. func Make(directory string) (*string, error) { - err := Scan(directory, "terraform", nil, true, true, false) + if directory == "" { + return nil, &directoryNotFoundError{directory: directory} + } + + err := Scan(directory, "terraform", nil, true, true, false, "", "", "") if err != nil { - return nil, err + return nil, fmt.Errorf("failed to scan directory: %w", err) } directory, err = filepath.Abs(directory) if err != nil { - return nil, fmt.Errorf("failed to find path %w", err) + return nil, &absolutePathError{directory, err} } - policyPath, err := filepath.Abs(directory + "/.pike/") + policyPath, err := filepath.Abs(path.Join(directory, ".pike")) if err != nil { - return nil, err + return nil, &absolutePathError{directory, err} } - tf, err2 := tfApply(policyPath) - if err2 != nil { - return nil, err2 + tf, err := tfApply(policyPath) + if err != nil { + return nil, fmt.Errorf("failed to apply terraform: %w", err) } state, err := tf.Show(context.Background()) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to show terraform state: %w", err) } if (state.Values.Outputs["arn"]) != nil { arn := state.Values.Outputs["arn"] - log.Info().Msgf("aws role create/updated %s", arn.Value.(string)) - role := arn.Value.(string) + + myValue, ok := arn.Value.(string) + if !ok { + return nil, &castToStringError{"arn"} + } + + log.Info().Msgf("aws role create/updated %s", myValue) + + role, ok := arn.Value.(string) + + if !ok { + return nil, &castToStringError{"arn"} + } return &role, nil } - return nil, errors.New("no arn found in state") + return nil, &arnNotFoundInStateError{} +} + +type castToStringError struct { + value string +} + +func (e *castToStringError) Error() string { + return fmt.Sprint("cannot convert ", e.value, " to a string") +} + +type arnNotFoundInStateError struct{} + +func (e *arnNotFoundInStateError) Error() string { + return "no arn found in state" } func tfApply(policyPath string) (*tfexec.Terraform, error) { tfPath, err := LocateTerraform() if err != nil { - return nil, err + return nil, &locateTerraformError{err} } terraform, err := tfexec.NewTerraform(policyPath, tfPath) if err != nil { - return nil, err + return nil, &terraformNewError{err: err} } err = terraform.Init(context.Background(), tfexec.Upgrade(true)) if err != nil { - return nil, err + return nil, &terraformInitError{err} } - err = terraform.Apply(context.Background()) + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Minute) + defer cancel() + + err = terraform.Apply(ctx) if err != nil { - return nil, fmt.Errorf("terraform apply failed %w", err) + return nil, &terraformApplyError{err: err, target: policyPath} } return terraform, nil @@ -82,22 +114,27 @@ func Apply(target string, region string) error { time.Sleep(5 * time.Second) if err != nil { - return err + return &makeRoleError{err} } - // clear any temp creds + // clear any temp credentials unSetAWSAuth() err = setAWSAuth(*iamRole, region) if err != nil { unSetAWSAuth() - return err + return &setAWSAuthError{err} } + log.Debug().Msgf("Starting terraform apply in directory: %s", target) + defer log.Debug().Msg("Completed terraform apply") + _, err = tfApply(target) if err == nil { - log.Printf("provisioned %s", target) + log.Info().Msgf("provisioned %s", target) + } else { + err = &terraformApplyError{target, err} } unSetAWSAuth() @@ -109,37 +146,49 @@ func Apply(target string, region string) error { func tfPlan(policyPath string) error { tfPath, err := LocateTerraform() if err != nil { - return err + return &locateTerraformError{err} } terraform, err := tfexec.NewTerraform(policyPath, tfPath) if err != nil { - return err + return &terraformNewError{err} } err = terraform.Init(context.Background(), tfexec.Upgrade(true)) if err != nil { - return err + return &terraformInitError{err: err} } chdir := "-chdir=" + policyPath cmd := exec.Command(terraform.ExecPath(), chdir, "plan", "--out", "tf.plan") + stdout, err := cmd.Output() + if err != nil { + return &terraformPlanError{err} + } + + if len(stdout) == 0 { + return &terraformOutputError{} + } - cmd = exec.Command(terraform.ExecPath(), chdir, "show", "--json", "tf.plan") + //goland:noinspection GoUnhandledErrorResult + defer os.Remove(filepath.Join(policyPath, "tf.plan")) + + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) + defer cancel() + + cmd = exec.CommandContext(ctx, terraform.ExecPath(), chdir, "show", "--json", "tf.plan") stdout, err = cmd.Output() if err != nil { - fmt.Println(err.Error()) - - return err + return &terraformPlanError{err} } outfile := filepath.Join(policyPath, "tf.json") err = os.WriteFile(outfile, stdout, 0o666) if err != nil { - return fmt.Errorf("terraform show failed %w", err) + return &writeFileError{file: outfile, err: err} } return nil diff --git a/src/make_internal_test.go b/src/make_internal_test.go new file mode 100644 index 00000000..c16d7781 --- /dev/null +++ b/src/make_internal_test.go @@ -0,0 +1,43 @@ +package pike + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_arnNotFoundInStateError_Error(t *testing.T) { + tests := []struct { + name string + want string + }{ + {"Invoke", "no arn found in state"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &arnNotFoundInStateError{} + assert.Equalf(t, tt.want, e.Error(), "Error()") + }) + } +} + +func Test_castToStringError_Error(t *testing.T) { + type fields struct { + value string + } + tests := []struct { + name string + fields fields + want string + }{ + {"Invoke", fields{"test"}, "cannot convert test to a string"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &castToStringError{ + value: tt.fields.value, + } + assert.Equalf(t, tt.want, e.Error(), "Error()") + }) + } +} diff --git a/src/mapping/aws/data/account/aws_account_primary_contact.json b/src/mapping/aws/data/account/aws_account_primary_contact.json new file mode 100644 index 00000000..f47acf5a --- /dev/null +++ b/src/mapping/aws/data/account/aws_account_primary_contact.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "account:GetContactInformation" + ] + } +] diff --git a/src/mapping/aws/data/acm/aws_acm_certificate.json b/src/mapping/aws/data/acm/aws_acm_certificate.json index d765e6ef..2d55af82 100644 --- a/src/mapping/aws/data/acm/aws_acm_certificate.json +++ b/src/mapping/aws/data/acm/aws_acm_certificate.json @@ -1,7 +1,6 @@ [ { "apply": [ - "acm:DescribeCertificate", "acm:DescribeCertificate", "acm:GetCertificate", "acm:ListTagsForCertificate" diff --git a/src/mapping/aws/data/appconfig/aws_appconfig_application.json b/src/mapping/aws/data/appconfig/aws_appconfig_application.json new file mode 100644 index 00000000..d1cdcebd --- /dev/null +++ b/src/mapping/aws/data/appconfig/aws_appconfig_application.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "appconfig:ListApplications" + ] + } +] diff --git a/src/mapping/aws/data/aps/aws_prometheus_default_scraper_configuration.json b/src/mapping/aws/data/aps/aws_prometheus_default_scraper_configuration.json new file mode 100644 index 00000000..b789df21 --- /dev/null +++ b/src/mapping/aws/data/aps/aws_prometheus_default_scraper_configuration.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aps:GetDefaultScraperConfiguration" + ] + } +] diff --git a/src/mapping/aws/data/backend/s3.json b/src/mapping/aws/data/backend/s3.json new file mode 100644 index 00000000..263db0b4 --- /dev/null +++ b/src/mapping/aws/data/backend/s3.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "dynamodb:PutItem", + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:DescribeTable", + "s3:ListBucket", + "s3:PutObject", + "s3:GetObject", + "s3:DeleteObject" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/data/bedrock/aws_bedrock_inference_profile.json b/src/mapping/aws/data/bedrock/aws_bedrock_inference_profile.json new file mode 100644 index 00000000..111eaf67 --- /dev/null +++ b/src/mapping/aws/data/bedrock/aws_bedrock_inference_profile.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "bedrock:GetInferenceProfile" + ] + } +] diff --git a/src/mapping/aws/data/bedrock/aws_bedrock_inference_profiles.json b/src/mapping/aws/data/bedrock/aws_bedrock_inference_profiles.json new file mode 100644 index 00000000..ed6ed0f8 --- /dev/null +++ b/src/mapping/aws/data/bedrock/aws_bedrock_inference_profiles.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "bedrock:ListInferenceProfiles" + ] + } +] diff --git a/src/mapping/aws/data/bedrock/aws_bedrockagent_agent_versions.json b/src/mapping/aws/data/bedrock/aws_bedrockagent_agent_versions.json new file mode 100644 index 00000000..dec94af7 --- /dev/null +++ b/src/mapping/aws/data/bedrock/aws_bedrockagent_agent_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "bedrock:ListAgentVersions" + ] + } +] diff --git a/src/mapping/aws/data/billing/aws_billing_views.json b/src/mapping/aws/data/billing/aws_billing_views.json new file mode 100644 index 00000000..349f67c9 --- /dev/null +++ b/src/mapping/aws/data/billing/aws_billing_views.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "billing:ListBillingViews" + ] + } +] diff --git a/src/mapping/aws/data/cloudwatch/aws_cloudwatch_contributor_managed_insight_rules.json b/src/mapping/aws/data/cloudwatch/aws_cloudwatch_contributor_managed_insight_rules.json new file mode 100644 index 00000000..8ff75631 --- /dev/null +++ b/src/mapping/aws/data/cloudwatch/aws_cloudwatch_contributor_managed_insight_rules.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudwatch:ListManagedInsightRules" + ] + } +] diff --git a/src/mapping/aws/data/cloudwatch/aws_cloudwatch_event_buses.json b/src/mapping/aws/data/cloudwatch/aws_cloudwatch_event_buses.json new file mode 100644 index 00000000..0cfce7a7 --- /dev/null +++ b/src/mapping/aws/data/cloudwatch/aws_cloudwatch_event_buses.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "events:ListEventBuses" + ] + } +] diff --git a/src/mapping/aws/data/codebuild/aws_codebuild_fleet.json b/src/mapping/aws/data/codebuild/aws_codebuild_fleet.json new file mode 100644 index 00000000..3bee6683 --- /dev/null +++ b/src/mapping/aws/data/codebuild/aws_codebuild_fleet.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "codebuild:BatchGetFleets" + ] + } +] diff --git a/src/mapping/aws/data/datazone/aws_datazone_domain.json b/src/mapping/aws/data/datazone/aws_datazone_domain.json new file mode 100644 index 00000000..148bda1f --- /dev/null +++ b/src/mapping/aws/data/datazone/aws_datazone_domain.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "datazone:ListDomains" + ] + } +] diff --git a/src/mapping/aws/data/dynamodb/aws_dynamodb_tables.json b/src/mapping/aws/data/dynamodb/aws_dynamodb_tables.json new file mode 100644 index 00000000..af7469db --- /dev/null +++ b/src/mapping/aws/data/dynamodb/aws_dynamodb_tables.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dynamodb:ListTables" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_ebs_default_kms_key.json b/src/mapping/aws/data/ec2/aws_ebs_default_kms_key.json index b2edc0ff..1611f6c4 100644 --- a/src/mapping/aws/data/ec2/aws_ebs_default_kms_key.json +++ b/src/mapping/aws/data/ec2/aws_ebs_default_kms_key.json @@ -1,13 +1,15 @@ -[ - { - "apply": [ - "ec2:GetEbsDefaultKmsKeyId" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:GetEbsDefaultKmsKeyId" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:GetEbsDefaultKmsKeyId" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_network_interface.json b/src/mapping/aws/data/ec2/aws_network_interface.json new file mode 100644 index 00000000..8abbb17d --- /dev/null +++ b/src/mapping/aws/data/ec2/aws_network_interface.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:DescribeNetworkInterfaces" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_spot_datafeed_subscription.json b/src/mapping/aws/data/ec2/aws_spot_datafeed_subscription.json new file mode 100644 index 00000000..b06e51fb --- /dev/null +++ b/src/mapping/aws/data/ec2/aws_spot_datafeed_subscription.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:DescribeSpotDatafeedSubscription" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_vpc_endpoint_associations.json b/src/mapping/aws/data/ec2/aws_vpc_endpoint_associations.json new file mode 100644 index 00000000..4f8ca3f7 --- /dev/null +++ b/src/mapping/aws/data/ec2/aws_vpc_endpoint_associations.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:DescribeVpcEndpointAssociations" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_vpc_ipam.json b/src/mapping/aws/data/ec2/aws_vpc_ipam.json new file mode 100644 index 00000000..27bd8b6f --- /dev/null +++ b/src/mapping/aws/data/ec2/aws_vpc_ipam.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:DescribeIpams" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_vpn_connection.json b/src/mapping/aws/data/ec2/aws_vpn_connection.json new file mode 100644 index 00000000..8d297004 --- /dev/null +++ b/src/mapping/aws/data/ec2/aws_vpn_connection.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:DescribeVpnConnections" + ] + } +] diff --git a/src/mapping/aws/data/ecr-public/aws_ecrpublic_images.json b/src/mapping/aws/data/ecr-public/aws_ecrpublic_images.json new file mode 100644 index 00000000..007d998a --- /dev/null +++ b/src/mapping/aws/data/ecr-public/aws_ecrpublic_images.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ecr-public:DescribeImages" + ] + } +] diff --git a/src/mapping/aws/data/ecr/aws_ecr_images.json b/src/mapping/aws/data/ecr/aws_ecr_images.json new file mode 100644 index 00000000..f5aaf48e --- /dev/null +++ b/src/mapping/aws/data/ecr/aws_ecr_images.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ecr:ListImages" + ] + } +] diff --git a/src/mapping/aws/data/ecs/aws_ecs_clusters.json b/src/mapping/aws/data/ecs/aws_ecs_clusters.json new file mode 100644 index 00000000..664b7b59 --- /dev/null +++ b/src/mapping/aws/data/ecs/aws_ecs_clusters.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ecs:ListClusters" + ] + } +] diff --git a/src/mapping/aws/data/eks/aws_eks_cluster_versions.json b/src/mapping/aws/data/eks/aws_eks_cluster_versions.json new file mode 100644 index 00000000..71afd7f7 --- /dev/null +++ b/src/mapping/aws/data/eks/aws_eks_cluster_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "eks:DescribeClusterVersions" + ] + } +] diff --git a/src/mapping/aws/data/elasticache/aws_elasticache_reserved_cache_node_offering.json b/src/mapping/aws/data/elasticache/aws_elasticache_reserved_cache_node_offering.json new file mode 100644 index 00000000..dce96c97 --- /dev/null +++ b/src/mapping/aws/data/elasticache/aws_elasticache_reserved_cache_node_offering.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "elasticache:DescribeReservedCacheNodesOfferings" + ] + } +] diff --git a/src/mapping/aws/data/elasticache/aws_elasticache_serverless_cache.json b/src/mapping/aws/data/elasticache/aws_elasticache_serverless_cache.json new file mode 100644 index 00000000..7387d67c --- /dev/null +++ b/src/mapping/aws/data/elasticache/aws_elasticache_serverless_cache.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "elasticache:DescribeServerlessCaches" + ] + } +] diff --git a/src/mapping/aws/data/elasticloadbalancing/aws_elb.json b/src/mapping/aws/data/elasticloadbalancing/aws_elb.json new file mode 100644 index 00000000..9235b33d --- /dev/null +++ b/src/mapping/aws/data/elasticloadbalancing/aws_elb.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "elasticloadbalancing:DescribeLoadBalancers" + ] + } +] diff --git a/src/mapping/aws/data/elasticloadbalancing/aws_lb_listener_rule.json b/src/mapping/aws/data/elasticloadbalancing/aws_lb_listener_rule.json new file mode 100644 index 00000000..da7d7711 --- /dev/null +++ b/src/mapping/aws/data/elasticloadbalancing/aws_lb_listener_rule.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "elasticloadbalancing:DescribeRules" + ] + } +] diff --git a/src/mapping/aws/data/fis/aws_fis_experiment_templates.json b/src/mapping/aws/data/fis/aws_fis_experiment_templates.json new file mode 100644 index 00000000..ed6b1d15 --- /dev/null +++ b/src/mapping/aws/data/fis/aws_fis_experiment_templates.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "fis:ListExperimentTemplates" + ] + } +] diff --git a/src/mapping/aws/data/glue/aws_glue_registry.json b/src/mapping/aws/data/glue/aws_glue_registry.json new file mode 100644 index 00000000..e7cb0355 --- /dev/null +++ b/src/mapping/aws/data/glue/aws_glue_registry.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "glue:GetRegistry" + ] + } +] diff --git a/src/mapping/aws/data/identitystore/aws_identitystore_group_memberships.json b/src/mapping/aws/data/identitystore/aws_identitystore_group_memberships.json new file mode 100644 index 00000000..cecd87ba --- /dev/null +++ b/src/mapping/aws/data/identitystore/aws_identitystore_group_memberships.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "identitystore:ListGroupMemberships" + ] + } +] diff --git a/src/mapping/aws/data/identitystore/aws_identitystore_users.json b/src/mapping/aws/data/identitystore/aws_identitystore_users.json new file mode 100644 index 00000000..55607392 --- /dev/null +++ b/src/mapping/aws/data/identitystore/aws_identitystore_users.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "identitystore:ListUsers" + ] + } +] diff --git a/src/mapping/aws/data/kms/aws_kms_public_key.json b/src/mapping/aws/data/kms/aws_kms_public_key.json new file mode 100644 index 00000000..46cc46bb --- /dev/null +++ b/src/mapping/aws/data/kms/aws_kms_public_key.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "kms:GetPublicKey" + ] + } +] diff --git a/src/mapping/aws/data/lambda/aws_lambda_function_url.json b/src/mapping/aws/data/lambda/aws_lambda_function_url.json new file mode 100644 index 00000000..1a68e69b --- /dev/null +++ b/src/mapping/aws/data/lambda/aws_lambda_function_url.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "lambda:GetFunctionUrlConfig" + ] + } +] diff --git a/src/mapping/aws/data/lambda/aws_lambda_functions.json b/src/mapping/aws/data/lambda/aws_lambda_functions.json new file mode 100644 index 00000000..459333dd --- /dev/null +++ b/src/mapping/aws/data/lambda/aws_lambda_functions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "lambda:ListFunctions" + ] + } +] diff --git a/src/mapping/aws/data/lambda/aws_lambda_layer_version.json b/src/mapping/aws/data/lambda/aws_lambda_layer_version.json new file mode 100644 index 00000000..e209baca --- /dev/null +++ b/src/mapping/aws/data/lambda/aws_lambda_layer_version.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "lambda:ListLayerVersions" + ] + } +] diff --git a/src/mapping/aws/data/mediaconvert/aws_media_convert_queue.json b/src/mapping/aws/data/mediaconvert/aws_media_convert_queue.json new file mode 100644 index 00000000..39894073 --- /dev/null +++ b/src/mapping/aws/data/mediaconvert/aws_media_convert_queue.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "mediaconvert:GetQueue", + "mediaconvert:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/data/memorydb/aws_memorydb_acl.json b/src/mapping/aws/data/memorydb/aws_memorydb_acl.json new file mode 100644 index 00000000..4105d11d --- /dev/null +++ b/src/mapping/aws/data/memorydb/aws_memorydb_acl.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memorydb:DescribeACLs" + ] + } +] diff --git a/src/mapping/aws/data/memorydb/aws_memorydb_cluster.json b/src/mapping/aws/data/memorydb/aws_memorydb_cluster.json new file mode 100644 index 00000000..c71d85b7 --- /dev/null +++ b/src/mapping/aws/data/memorydb/aws_memorydb_cluster.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memorydb:DescribeClusters" + ] + } +] diff --git a/src/mapping/aws/data/memorydb/aws_memorydb_parameter_group.json b/src/mapping/aws/data/memorydb/aws_memorydb_parameter_group.json new file mode 100644 index 00000000..86534bb6 --- /dev/null +++ b/src/mapping/aws/data/memorydb/aws_memorydb_parameter_group.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memorydb:DescribeParameterGroups" + ] + } +] diff --git a/src/mapping/aws/data/memorydb/aws_memorydb_snapshot.json b/src/mapping/aws/data/memorydb/aws_memorydb_snapshot.json new file mode 100644 index 00000000..e566c281 --- /dev/null +++ b/src/mapping/aws/data/memorydb/aws_memorydb_snapshot.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memorydb:DescribeSnapshots" + ] + } +] diff --git a/src/mapping/aws/data/memorydb/aws_memorydb_subnet_group.json b/src/mapping/aws/data/memorydb/aws_memorydb_subnet_group.json new file mode 100644 index 00000000..42557913 --- /dev/null +++ b/src/mapping/aws/data/memorydb/aws_memorydb_subnet_group.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memorydb:DescribeSubnetGroups", + "memorydb:ListTags" + ] + } +] diff --git a/src/mapping/aws/data/memorydb/aws_memorydb_user.json b/src/mapping/aws/data/memorydb/aws_memorydb_user.json new file mode 100644 index 00000000..d02d86d1 --- /dev/null +++ b/src/mapping/aws/data/memorydb/aws_memorydb_user.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memorydb:DescribeUser", + "memorydb:DescribeUsers" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_cluster.json b/src/mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_cluster.json new file mode 100644 index 00000000..8801ad3e --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_cluster.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:GetCloudAutonomousVmCluster" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_clusters.json b/src/mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_clusters.json new file mode 100644 index 00000000..d6618a15 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_cloud_autonomous_vm_clusters.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "odb:ListCloudAutonomousVmClusters" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructure.json b/src/mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructure.json new file mode 100644 index 00000000..82a5d5b9 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructure.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:GetCloudExadataInfrastructure" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructures.json b/src/mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructures.json new file mode 100644 index 00000000..c1bf5b45 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_cloud_exadata_infrastructures.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListCloudExadataInfrastructures" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_cloud_vm_cluster.json b/src/mapping/aws/data/odb/aws_odb_cloud_vm_cluster.json new file mode 100644 index 00000000..ab260bb3 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_cloud_vm_cluster.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:GetCloudVmCluster" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_cloud_vm_clusters.json b/src/mapping/aws/data/odb/aws_odb_cloud_vm_clusters.json new file mode 100644 index 00000000..62411a36 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_cloud_vm_clusters.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListCloudVmClusters" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_db_node.json b/src/mapping/aws/data/odb/aws_odb_db_node.json new file mode 100644 index 00000000..a0623069 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_db_node.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:GetDbNode" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_db_nodes.json b/src/mapping/aws/data/odb/aws_odb_db_nodes.json new file mode 100644 index 00000000..25958de7 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_db_nodes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListDbNodes" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_db_server.json b/src/mapping/aws/data/odb/aws_odb_db_server.json new file mode 100644 index 00000000..f0ac70e7 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_db_server.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:GetDbServer" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_db_servers.json b/src/mapping/aws/data/odb/aws_odb_db_servers.json new file mode 100644 index 00000000..b1f3353b --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_db_servers.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListDbServers" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_db_system_shapes.json b/src/mapping/aws/data/odb/aws_odb_db_system_shapes.json new file mode 100644 index 00000000..242f5197 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_db_system_shapes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListDbSystemShapes" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_gi_versions.json b/src/mapping/aws/data/odb/aws_odb_gi_versions.json new file mode 100644 index 00000000..1d081824 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_gi_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListGiVersions" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_network.json b/src/mapping/aws/data/odb/aws_odb_network.json new file mode 100644 index 00000000..f35f18b9 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_network.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:GetOdbNetwork" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_network_peering_connection.json b/src/mapping/aws/data/odb/aws_odb_network_peering_connection.json new file mode 100644 index 00000000..af5cab86 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_network_peering_connection.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:GetOdbPeeringConnection" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_network_peering_connections.json b/src/mapping/aws/data/odb/aws_odb_network_peering_connections.json new file mode 100644 index 00000000..a20f3921 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_network_peering_connections.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListOdbPeeringConnections" + ] + } +] diff --git a/src/mapping/aws/data/odb/aws_odb_networks.json b/src/mapping/aws/data/odb/aws_odb_networks.json new file mode 100644 index 00000000..b30f96b4 --- /dev/null +++ b/src/mapping/aws/data/odb/aws_odb_networks.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "odb:ListOdbNetworks" + ] + } +] diff --git a/src/mapping/aws/data/organizations/aws_organizations_organizational_unit_descendant_organizational_units.json b/src/mapping/aws/data/organizations/aws_organizations_organizational_unit_descendant_organizational_units.json new file mode 100644 index 00000000..d16ca581 --- /dev/null +++ b/src/mapping/aws/data/organizations/aws_organizations_organizational_unit_descendant_organizational_units.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "organizations:DescribeOrganizationalUnit" + ] + } +] diff --git a/src/mapping/aws/data/quicksight/aws_quicksight_analysis.json b/src/mapping/aws/data/quicksight/aws_quicksight_analysis.json new file mode 100644 index 00000000..6fe1d514 --- /dev/null +++ b/src/mapping/aws/data/quicksight/aws_quicksight_analysis.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "quicksight:DescribeAnalysis" + ] + } +] diff --git a/src/mapping/aws/data/rds/aws_rds_cluster_parameter_group.json b/src/mapping/aws/data/rds/aws_rds_cluster_parameter_group.json new file mode 100644 index 00000000..7b4cf627 --- /dev/null +++ b/src/mapping/aws/data/rds/aws_rds_cluster_parameter_group.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "rds:DescribeDBClusterParameterGroups" + ] + } +] diff --git a/src/mapping/aws/data/rds/aws_rds_global_cluster.json b/src/mapping/aws/data/rds/aws_rds_global_cluster.json new file mode 100644 index 00000000..ca56de67 --- /dev/null +++ b/src/mapping/aws/data/rds/aws_rds_global_cluster.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "rds:DescribeGlobalClusters" + ] + } +] diff --git a/src/mapping/aws/data/route53/aws_route53_records.json b/src/mapping/aws/data/route53/aws_route53_records.json new file mode 100644 index 00000000..b808ec35 --- /dev/null +++ b/src/mapping/aws/data/route53/aws_route53_records.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "route53:ListResourceRecordSets" + ] + } +] diff --git a/src/mapping/aws/data/route53/aws_route53_zones.json b/src/mapping/aws/data/route53/aws_route53_zones.json new file mode 100644 index 00000000..e420a902 --- /dev/null +++ b/src/mapping/aws/data/route53/aws_route53_zones.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "route53:ListHostedZones" + ] + } +] diff --git a/src/mapping/aws/data/route53profiles/aws_route53profiles_profiles.json b/src/mapping/aws/data/route53profiles/aws_route53profiles_profiles.json new file mode 100644 index 00000000..39319bf8 --- /dev/null +++ b/src/mapping/aws/data/route53profiles/aws_route53profiles_profiles.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "route53profiles:ListProfiles" + ] + } +] diff --git a/src/mapping/aws/data/s3/aws_s3_access_point.json b/src/mapping/aws/data/s3/aws_s3_access_point.json new file mode 100644 index 00000000..4015f339 --- /dev/null +++ b/src/mapping/aws/data/s3/aws_s3_access_point.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "s3:ListAccessPoints" + ] + } +] diff --git a/src/mapping/aws/data/secretsmanager/aws_secretsmanager_secret_versions.json b/src/mapping/aws/data/secretsmanager/aws_secretsmanager_secret_versions.json new file mode 100644 index 00000000..53b057cd --- /dev/null +++ b/src/mapping/aws/data/secretsmanager/aws_secretsmanager_secret_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "secretsmanager:ListSecretVersionIds" + ] + } +] diff --git a/src/mapping/aws/data/securityhub/aws_securityhub_standards_control_associations.json b/src/mapping/aws/data/securityhub/aws_securityhub_standards_control_associations.json new file mode 100644 index 00000000..87efd3b5 --- /dev/null +++ b/src/mapping/aws/data/securityhub/aws_securityhub_standards_control_associations.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securityhub:ListStandardsControlAssociations", + "securityhub:DescribeStandardsControls" + ] + } +] diff --git a/src/mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group.json b/src/mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group.json new file mode 100644 index 00000000..042b4363 --- /dev/null +++ b/src/mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "servicecatalog:GetAttributeGroup" + ] + } +] diff --git a/src/mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group_associations.json b/src/mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group_associations.json new file mode 100644 index 00000000..eafb0f5d --- /dev/null +++ b/src/mapping/aws/data/servicecatalog/aws_servicecatalogappregistry_attribute_group_associations.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "servicecatalog:ListAssociatedAttributeGroups" + ] + } +] diff --git a/src/mapping/aws/data/shield/aws_shield_protection.json b/src/mapping/aws/data/shield/aws_shield_protection.json new file mode 100644 index 00000000..4b8106c1 --- /dev/null +++ b/src/mapping/aws/data/shield/aws_shield_protection.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "shield:DescribeProtection" + ] + } +] diff --git a/src/mapping/aws/data/ssm/aws_ssm_patch_baselines.json b/src/mapping/aws/data/ssm/aws_ssm_patch_baselines.json new file mode 100644 index 00000000..c59246f3 --- /dev/null +++ b/src/mapping/aws/data/ssm/aws_ssm_patch_baselines.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ssm:DescribePatchBaselines" + ] + } +] diff --git a/src/mapping/aws/data/sso/aws_ssoadmin_permission_sets.json b/src/mapping/aws/data/sso/aws_ssoadmin_permission_sets.json new file mode 100644 index 00000000..64b300de --- /dev/null +++ b/src/mapping/aws/data/sso/aws_ssoadmin_permission_sets.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "sso:ListInstances" + ] + } +] diff --git a/src/mapping/aws/data/synthetics/aws_synthetics_runtime_version.json b/src/mapping/aws/data/synthetics/aws_synthetics_runtime_version.json new file mode 100644 index 00000000..69a50e06 --- /dev/null +++ b/src/mapping/aws/data/synthetics/aws_synthetics_runtime_version.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "synthetics:DescribeRuntimeVersions" + ] + } +] diff --git a/src/mapping/aws/data/synthetics/aws_synthetics_runtime_versions.json b/src/mapping/aws/data/synthetics/aws_synthetics_runtime_versions.json new file mode 100644 index 00000000..69a50e06 --- /dev/null +++ b/src/mapping/aws/data/synthetics/aws_synthetics_runtime_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "synthetics:DescribeRuntimeVersions" + ] + } +] diff --git a/src/mapping/aws/data/waf/aws_waf_subscribed_rule_group.json b/src/mapping/aws/data/waf/aws_waf_subscribed_rule_group.json new file mode 100644 index 00000000..66e4c99a --- /dev/null +++ b/src/mapping/aws/data/waf/aws_waf_subscribed_rule_group.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "waf:ListSubscribedRuleGroups" + ] + } +] diff --git a/src/mapping/aws/data/wafregional/aws_wafregional_subscribed_rule_group.json b/src/mapping/aws/data/wafregional/aws_wafregional_subscribed_rule_group.json new file mode 100644 index 00000000..98570317 --- /dev/null +++ b/src/mapping/aws/data/wafregional/aws_wafregional_subscribed_rule_group.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "waf-regional:ListSubscribedRuleGroups" + ] + } +] diff --git a/src/mapping/aws/data/wafv2/aws_wafv2_ip_set.json b/src/mapping/aws/data/wafv2/aws_wafv2_ip_set.json index 3ea6c452..56299fd8 100644 --- a/src/mapping/aws/data/wafv2/aws_wafv2_ip_set.json +++ b/src/mapping/aws/data/wafv2/aws_wafv2_ip_set.json @@ -1,13 +1,13 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [ - "wafv2:ListIPSets" - ] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "wafv2:ListIPSets" + ] + } +] diff --git a/src/mapping/aws/data/wafv2/aws_wafv2_regex_pattern_set.json b/src/mapping/aws/data/wafv2/aws_wafv2_regex_pattern_set.json index 74358be5..7338c168 100644 --- a/src/mapping/aws/data/wafv2/aws_wafv2_regex_pattern_set.json +++ b/src/mapping/aws/data/wafv2/aws_wafv2_regex_pattern_set.json @@ -1,13 +1,13 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [ - "wafv2:ListRegexPatternSets" - ] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "wafv2:ListRegexPatternSets" + ] + } +] diff --git a/src/mapping/aws/data/wafv2/aws_wafv2_rule_group.json b/src/mapping/aws/data/wafv2/aws_wafv2_rule_group.json index 666a207d..b5fa6924 100644 --- a/src/mapping/aws/data/wafv2/aws_wafv2_rule_group.json +++ b/src/mapping/aws/data/wafv2/aws_wafv2_rule_group.json @@ -1,13 +1,13 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [ - "wafv2:ListRuleGroups" - ] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "wafv2:ListRuleGroups" + ] + } +] diff --git a/src/mapping/aws/data/wafv2/aws_wafv2_web_acl.json b/src/mapping/aws/data/wafv2/aws_wafv2_web_acl.json index 9d8c9cd4..397bf39c 100644 --- a/src/mapping/aws/data/wafv2/aws_wafv2_web_acl.json +++ b/src/mapping/aws/data/wafv2/aws_wafv2_web_acl.json @@ -1,13 +1,13 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [ - "wafv2:ListWebACLs" - ] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "wafv2:ListWebACLs" + ] + } +] diff --git a/src/mapping/aws/data/workspaces/aws_workspaces_workspace.json b/src/mapping/aws/data/workspaces/aws_workspaces_workspace.json new file mode 100644 index 00000000..19b29c26 --- /dev/null +++ b/src/mapping/aws/data/workspaces/aws_workspaces_workspace.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "workspaces:DescribeWorkspaces" + ] + } +] diff --git a/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_analyzer.json b/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_analyzer.json index 409ae353..dbf52a01 100644 --- a/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_analyzer.json +++ b/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_analyzer.json @@ -4,7 +4,10 @@ "access-analyzer:CreateAnalyzer", "access-analyzer:DeleteAnalyzer", "access-analyzer:GetAnalyzer", + "access-analyzer:UpdateAnalyzer", "access-analyzer:ListAnalyzers", + "access-analyzer:DeleteArchiveRule", + "access-analyzer:UpdateArchiveRule", "iam:CreateServiceLinkedRole" ], "attributes": { @@ -16,7 +19,11 @@ "destroy": [ "access-analyzer:DeleteAnalyzer" ], - "modify": [], + "modify": [ + "access-analyzer:DeleteArchiveRule", + "access-analyzer:UpdateArchiveRule", + "access-analyzer:UpdateAnalyzer" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/acm-pa/aws_acmpca_certificate_authority.json b/src/mapping/aws/resource/acm-pa/aws_acmpca_certificate_authority.json index e6cf2b00..d25838c1 100644 --- a/src/mapping/aws/resource/acm-pa/aws_acmpca_certificate_authority.json +++ b/src/mapping/aws/resource/acm-pa/aws_acmpca_certificate_authority.json @@ -4,10 +4,10 @@ "acm-pca:CreateCertificateAuthority", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:DeleteCertificateAuthority", - "acm-pa:DescribeCertificateAuthority", + "acm-pca:DescribeCertificateAuthority", "acm-pca:UpdateCertificateAuthority", "acm-pca:GetCertificateAuthorityCsr", - "acm-pa:ListTags" + "acm-pca:ListTags" ], "attributes": { "tags": [ @@ -16,11 +16,16 @@ ] }, "destroy": [ - "acm-pca:DeleteCertificateAuthority" + "acm-pca:DeleteCertificateAuthority", + "acm-pca:DescribeCertificateAuthority" ], "modify": [ "acm-pca:UpdateCertificateAuthority" ], - "plan": [] + "plan": [ + "acm-pca:DescribeCertificateAuthority", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:ListTags" + ] } ] diff --git a/src/mapping/aws/resource/airflow/aws_mwaa_environment.json b/src/mapping/aws/resource/airflow/aws_mwaa_environment.json new file mode 100644 index 00000000..49a0f5d7 --- /dev/null +++ b/src/mapping/aws/resource/airflow/aws_mwaa_environment.json @@ -0,0 +1,45 @@ +[ + { + "apply": [ + "airflow:CreateEnvironment", + "airflow:DeleteEnvironment", + "airflow:GetEnvironment", + "airflow:UpdateEnvironment", + "iam:PassRole", + "iam:ListRoles", + "iam:CreatePolicy", + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:CreateServiceLinkedRole", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:CreateBucket", + "s3:PutObject", + "s3:GetEncryptionConfiguration", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:CreateVpcEndpoint", + "ec2:CreateNetworkInterface" + ], + "attributes": { + "kms_key": [ + "kms:CreateGrant", + "kms:DescribeKey", + "kms:ListAliases" + ], + "tags": [ + "airflow:TagResource", + "airflow:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/amplify/aws_amplify_app.json b/src/mapping/aws/resource/amplify/aws_amplify_app.json index f3c3f4ef..1061f509 100644 --- a/src/mapping/aws/resource/amplify/aws_amplify_app.json +++ b/src/mapping/aws/resource/amplify/aws_amplify_app.json @@ -3,7 +3,6 @@ "apply": [ "amplify:GetApp", "amplify:CreateApp", - "amplify:TagResource", "codecommit:GetRepository", "codecommit:PutRepositoryTriggers", "codecommit:GetRepositoryTriggers", @@ -22,12 +21,32 @@ ] }, "destroy": [ + "amplify:GetApp", "amplify:DeleteApp", - "sns:Unsubscribe" + "codecommit:GetRepository", + "codecommit:GetRepositoryTriggers", + "codecommit:PutRepositoryTriggers", + "sns:Unsubscribe", + "iam:PassRole" ], "modify": [ - "amplify:UpdateApp" + "amplify:GetApp", + "amplify:UpdateApp", + "amplify:ListTagsForResource", + "codecommit:GetRepository", + "codecommit:PutRepositoryTriggers", + "codecommit:GetRepositoryTriggers", + "sns:CreateTopic", + "sns:Subscribe", + "sns:Unsubscribe", + "iam:PassRole" ], - "plan": [] + "plan": [ + "amplify:GetApp", + "amplify:ListTagsForResource", + "codecommit:GetRepository", + "codecommit:GetRepositoryTriggers", + "iam:PassRole" + ] } ] diff --git a/src/mapping/aws/resource/amplify/aws_amplify_backend_environment.json b/src/mapping/aws/resource/amplify/aws_amplify_backend_environment.json new file mode 100644 index 00000000..1b387256 --- /dev/null +++ b/src/mapping/aws/resource/amplify/aws_amplify_backend_environment.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "amplify:GetBackendEnvironment", + "amplify:CreateBackendEnvironment", + "amplify:DeleteBackendEnvironment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/amplify/aws_amplify_branch.json b/src/mapping/aws/resource/amplify/aws_amplify_branch.json index 4f033925..38430af5 100644 --- a/src/mapping/aws/resource/amplify/aws_amplify_branch.json +++ b/src/mapping/aws/resource/amplify/aws_amplify_branch.json @@ -3,7 +3,6 @@ "apply": [ "amplify:GetBranch", "amplify:CreateBranch", - "amplify:TagResource", "codecommit:GetRepository", "codecommit:PutRepositoryTriggers", "codecommit:GetRepositoryTriggers", diff --git a/src/mapping/aws/resource/amplify/aws_amplify_domain_association.json b/src/mapping/aws/resource/amplify/aws_amplify_domain_association.json index ad221beb..007f3d9e 100644 --- a/src/mapping/aws/resource/amplify/aws_amplify_domain_association.json +++ b/src/mapping/aws/resource/amplify/aws_amplify_domain_association.json @@ -1,6 +1,7 @@ [ { "apply": [ + "amplify:GetDomainAssociation", "amplify:CreateDomainAssociation", "route53:ListHostedZones", "route53:ChangeResourceRecordSets", @@ -17,12 +18,24 @@ ] }, "destroy": [ - "amplify:DeleteDomainAssociation" + "amplify:GetDomainAssociation", + "amplify:DeleteDomainAssociation", + "route53:ListHostedZones", + "iam:PassRole", + "amplify:ListTagsForResource" ], "modify": [ + "amplify:GetDomainAssociation", "amplify:UpdateDomainAssociation", - "route53:ChangeResourceRecordSets" + "route53:ChangeResourceRecordSets", + "amplify:ListTagsForResource", + "iam:PassRole" ], - "plan": [] + "plan": [ + "amplify:GetDomainAssociation", + "route53:ListHostedZones", + "iam:PassRole", + "amplify:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/amplify/aws_amplify_webhook.json b/src/mapping/aws/resource/amplify/aws_amplify_webhook.json new file mode 100644 index 00000000..dd9e3fb0 --- /dev/null +++ b/src/mapping/aws/resource/amplify/aws_amplify_webhook.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "amplify:GetWebHook", + "amplify:CreateWebHook", + "amplify:DeleteWebHook", + "amplify:UpdateWebHook" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/apigateway/aws_api_gateway_account.json b/src/mapping/aws/resource/apigateway/aws_api_gateway_account.json index 9d3fc17e..7a449a69 100644 --- a/src/mapping/aws/resource/apigateway/aws_api_gateway_account.json +++ b/src/mapping/aws/resource/apigateway/aws_api_gateway_account.json @@ -6,13 +6,22 @@ "apigateway:PATCH", "apigateway:GET", "apigateway:DELETE", - "iam:PassRole" + "iam:PassRole", + "iam:GetRole" ], "attributes": { "tags": [] }, - "destroy": [], - "modify": [], - "plan": [] + "destroy": [ + "apigateway:PATCH" + ], + "modify": [ + "apigateway:PATCH", + "iam:PassRole", + "iam:GetRole" + ], + "plan": [ + "apigateway:GET" + ] } ] diff --git a/src/mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json b/src/mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json new file mode 100644 index 00000000..c9fab3a2 --- /dev/null +++ b/src/mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "apigateway:POST", + "apigateway:GET", + "apigateway:DELETE" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "apigateway:DELETE", + "apigateway:GET" + ], + "modify": [], + "plan": [ + "apigateway:GET" + ] + } +] diff --git a/src/mapping/aws/resource/app-integrations/aws_appintegrations_data_integration.json b/src/mapping/aws/resource/app-integrations/aws_appintegrations_data_integration.json new file mode 100644 index 00000000..c197be72 --- /dev/null +++ b/src/mapping/aws/resource/app-integrations/aws_appintegrations_data_integration.json @@ -0,0 +1,44 @@ +[ + { + "apply": [ + "app-integrations:CreateDataIntegration", + "appflow:DescribeConnectorProfiles", + "appflow:CreateFlow", + "appflow:DeleteFlow", + "appflow:DescribeConnectorEntity", + "appflow:UseConnectorProfile", + "kms:CreateGrant", + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeys", + "s3:GetBucketNotification", + "s3:PutBucketNotification", + "s3:GetEncryptionConfiguration", + "app-integrations:GetDataIntegration", + "app-integrations:UpdateDataIntegration", + "app-integrations:DeleteDataIntegration", + "appflow:DeleteFlow" + ], + "attributes": { + "tags": [ + "appflow:TagResource", + "appflow:UntagResource", + "app-integrations:TagResource", + "app-integrations:UntagResource" + ] + }, + "destroy": [ + "app-integrations:DeleteDataIntegration", + "appflow:DeleteFlow" + ], + "modify": [ + "app-integrations:GetDataIntegration", + "app-integrations:UpdateDataIntegration" + ], + "plan": [ + "app-integrations:GetDataIntegration", + "app-integrations:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/app-integrations/aws_appintegrations_event_integration.json b/src/mapping/aws/resource/app-integrations/aws_appintegrations_event_integration.json new file mode 100644 index 00000000..3106d973 --- /dev/null +++ b/src/mapping/aws/resource/app-integrations/aws_appintegrations_event_integration.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "app-integrations:CreateEventIntegration", + "app-integrations:DeleteEventIntegration", + "app-integrations:GetEventIntegration", + "app-integrations:ListTagsForResource", + "app-integrations:UpdateEventIntegration" + ], + "attributes": { + "tags": [ + "app-integrations:TagResource", + "app-integrations:UntagResource" + ] + }, + "destroy": [ + "app-integrations:DeleteEventIntegration" + ], + "modify": [ + "app-integrations:GetEventIntegration", + "app-integrations:UpdateEventIntegration" + ], + "plan": [ + "app-integrations:GetEventIntegration", + "app-integrations:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws-appconfig-application.json b/src/mapping/aws/resource/appconfig/aws-appconfig-application.json deleted file mode 100644 index 94b68313..00000000 --- a/src/mapping/aws/resource/appconfig/aws-appconfig-application.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "additionalProperties": false, - "definitions": { - "Tags": { - "additionalProperties": false, - "description": "Metadata to assign to the application. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.", - "properties": { - "Key": { - "description": "The key-value string map. The valid character set is [a-zA-Z1-9 +-=._:/-]. The tag key can be up to 128 characters and must not start with aws:.", - "maxLength": 128, - "minLength": 1, - "pattern": "^(?!aws:.)[a-zA-Z1-9+=._:/-]*$", - "type": "string" - }, - "Value": { - "description": "The tag value can be up to 256 characters.", - "maxLength": 256, - "minLength": 0, - "type": "string" - } - }, - "required": [ - "Key", - "Value" - ], - "type": "object" - } - }, - "description": "Resource Type definition for AWS::AppConfig::Application", - "handlers": { - "create": { - "permissions": [ - "appconfig:CreateApplication", - "appconfig:GetApplication", - "appconfig:ListTagsForResource", - "appconfig:TagResource" - ] - }, - "delete": { - "permissions": [ - "appconfig:GetApplication", - "appconfig:DeleteApplication" - ] - }, - "list": { - "permissions": [ - "appconfig:ListApplications" - ] - }, - "read": { - "permissions": [ - "appconfig:GetApplication", - "appconfig:ListTagsForResource" - ] - }, - "update": { - "permissions": [ - "appconfig:UpdateApplication", - "appconfig:TagResource", - "appconfig:UntagResource" - ] - } - }, - "primaryIdentifier": [ - "/properties/ApplicationId" - ], - "properties": { - "ApplicationId": { - "description": "The application Id", - "type": "string" - }, - "Description": { - "description": "A description of the application.", - "type": "string" - }, - "Name": { - "description": "A name for the application.", - "type": "string" - }, - "Tags": { - "description": "Metadata to assign to the application. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.", - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Tags" - }, - "type": "array", - "uniqueItems": true - } - }, - "readOnlyProperties": [ - "/properties/ApplicationId" - ], - "required": [ - "Name" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig.git", - "tagging": { - "cloudFormationSystemTags": true, - "tagOnCreate": true, - "tagProperty": "/properties/Tags", - "tagUpdatable": true, - "taggable": true - }, - "typeName": "AWS::AppConfig::Application" -} diff --git a/src/mapping/aws/resource/appconfig/aws-appconfig-deployment.json b/src/mapping/aws/resource/appconfig/aws-appconfig-deployment.json deleted file mode 100644 index 8e7f2d13..00000000 --- a/src/mapping/aws/resource/appconfig/aws-appconfig-deployment.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/KmsKeyIdentifier", - "/properties/DeploymentStrategyId", - "/properties/ConfigurationVersion", - "/properties/ApplicationId", - "/properties/ConfigurationProfileId", - "/properties/Tags", - "/properties/EnvironmentId", - "/properties/Description", - "/properties/DynamicExtensionParameters" - ], - "definitions": { - "DynamicExtensionParameters": { - "additionalProperties": false, - "properties": { - "ExtensionReference": { - "type": "string" - }, - "ParameterName": { - "type": "string" - }, - "ParameterValue": { - "type": "string" - } - }, - "type": "object" - }, - "Tags": { - "additionalProperties": false, - "properties": { - "Key": { - "type": "string" - }, - "Value": { - "type": "string" - } - }, - "type": "object" - } - }, - "description": "Resource Type definition for AWS::AppConfig::Deployment", - "primaryIdentifier": [ - "/properties/Id" - ], - "properties": { - "ApplicationId": { - "type": "string" - }, - "ConfigurationProfileId": { - "type": "string" - }, - "ConfigurationVersion": { - "type": "string" - }, - "DeploymentStrategyId": { - "type": "string" - }, - "Description": { - "type": "string" - }, - "DynamicExtensionParameters": { - "items": { - "$ref": "#/definitions/DynamicExtensionParameters" - }, - "type": "array", - "uniqueItems": false - }, - "EnvironmentId": { - "type": "string" - }, - "Id": { - "type": "string" - }, - "KmsKeyIdentifier": { - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tags" - }, - "type": "array", - "uniqueItems": false - } - }, - "readOnlyProperties": [ - "/properties/Id" - ], - "required": [ - "DeploymentStrategyId", - "ConfigurationProfileId", - "EnvironmentId", - "ConfigurationVersion", - "ApplicationId" - ], - "typeName": "AWS::AppConfig::Deployment" -} diff --git a/src/mapping/aws/resource/appconfig/aws-appconfig-deploymentstrategy.json b/src/mapping/aws/resource/appconfig/aws-appconfig-deploymentstrategy.json deleted file mode 100644 index 9dc2661b..00000000 --- a/src/mapping/aws/resource/appconfig/aws-appconfig-deploymentstrategy.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/Name", - "/properties/ReplicateTo" - ], - "definitions": { - "Tags": { - "additionalProperties": false, - "properties": { - "Key": { - "type": "string" - }, - "Value": { - "type": "string" - } - }, - "type": "object" - } - }, - "description": "Resource Type definition for AWS::AppConfig::DeploymentStrategy", - "primaryIdentifier": [ - "/properties/Id" - ], - "properties": { - "DeploymentDurationInMinutes": { - "type": "number" - }, - "Description": { - "type": "string" - }, - "FinalBakeTimeInMinutes": { - "type": "number" - }, - "GrowthFactor": { - "type": "number" - }, - "GrowthType": { - "type": "string" - }, - "Id": { - "type": "string" - }, - "Name": { - "type": "string" - }, - "ReplicateTo": { - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tags" - }, - "type": "array", - "uniqueItems": false - } - }, - "readOnlyProperties": [ - "/properties/Id" - ], - "required": [ - "ReplicateTo", - "DeploymentDurationInMinutes", - "GrowthFactor", - "Name" - ], - "typeName": "AWS::AppConfig::DeploymentStrategy" -} diff --git a/src/mapping/aws/resource/appconfig/aws-appconfig-environment.json b/src/mapping/aws/resource/appconfig/aws-appconfig-environment.json deleted file mode 100644 index 95aef1ab..00000000 --- a/src/mapping/aws/resource/appconfig/aws-appconfig-environment.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/ApplicationId" - ], - "definitions": { - "Monitor": { - "additionalProperties": false, - "description": "Amazon CloudWatch alarm to monitor during the deployment process.", - "properties": { - "AlarmArn": { - "description": "Amazon Resource Name (ARN) of the Amazon CloudWatch alarm.", - "maxLength": 2048, - "minLength": 1, - "relationshipRef": { - "propertyPath": "/properties/Arn", - "typeName": "AWS::CloudWatch::Alarm" - }, - "type": "string" - }, - "AlarmRoleArn": { - "description": "ARN of an AWS Identity and Access Management (IAM) role for AWS AppConfig to monitor AlarmArn.", - "maxLength": 2048, - "minLength": 20, - "pattern": "^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):(iam)::\\d{12}:role[/].*)$", - "relationshipRef": { - "propertyPath": "/properties/Arn", - "typeName": "AWS::IAM::Role" - }, - "type": "string" - } - }, - "required": [ - "AlarmArn" - ], - "type": "object" - }, - "Tag": { - "additionalProperties": false, - "description": "Metadata to assign to the environment. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.", - "properties": { - "Key": { - "description": "The key-value string map. The valid character set is [a-zA-Z1-9+-=._:/]. The tag key can be up to 128 characters and must not start with aws:.", - "maxLength": 128, - "minLength": 1, - "pattern": "^(?!aws:.)[a-zA-Z1-9+=._:/-]*$", - "type": "string" - }, - "Value": { - "description": "The tag value can be up to 256 characters.", - "maxLength": 256, - "minLength": 0, - "type": "string" - } - }, - "required": [ - "Key", - "Value" - ], - "type": "object" - } - }, - "description": "Resource Type definition for AWS::AppConfig::Environment", - "handlers": { - "create": { - "permissions": [ - "appconfig:CreateEnvironment", - "appconfig:GetEnvironment", - "appconfig:ListTagsForResource", - "appconfig:TagResource", - "iam:PassRole" - ] - }, - "delete": { - "permissions": [ - "appconfig:GetEnvironment", - "appconfig:DeleteEnvironment" - ] - }, - "list": { - "handlerSchema": { - "properties": { - "ApplicationId": { - "$ref": "resource-schema.json#/properties/ApplicationId" - } - }, - "required": [ - "ApplicationId" - ] - }, - "permissions": [ - "appconfig:ListEnvironments" - ] - }, - "read": { - "permissions": [ - "appconfig:GetEnvironment", - "appconfig:ListTagsForResource" - ] - }, - "update": { - "permissions": [ - "appconfig:UpdateEnvironment", - "appconfig:TagResource", - "appconfig:UntagResource", - "iam:PassRole" - ] - } - }, - "primaryIdentifier": [ - "/properties/ApplicationId", - "/properties/EnvironmentId" - ], - "properties": { - "ApplicationId": { - "description": "The application ID.", - "pattern": "[a-z0-9]{4,7}", - "type": "string" - }, - "Description": { - "description": "A description of the environment.", - "maxLength": 1024, - "minLength": 0, - "type": "string" - }, - "EnvironmentId": { - "description": "The environment ID.", - "pattern": "[a-z0-9]{4,7}", - "type": "string" - }, - "Monitors": { - "description": "Amazon CloudWatch alarms to monitor during the deployment process.", - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Monitor" - }, - "maxItems": 5, - "minItems": 0, - "type": "array" - }, - "Name": { - "description": "A name for the environment.", - "maxLength": 64, - "minLength": 1, - "type": "string" - }, - "Tags": { - "description": "Metadata to assign to the environment. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.", - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Tag" - }, - "type": "array", - "uniqueItems": true - } - }, - "readOnlyProperties": [ - "/properties/EnvironmentId" - ], - "required": [ - "Name", - "ApplicationId" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig.git", - "tagging": { - "cloudFormationSystemTags": true, - "tagOnCreate": true, - "tagProperty": "/properties/Tags", - "tagUpdatable": true, - "taggable": true - }, - "typeName": "AWS::AppConfig::Environment" -} diff --git a/src/mapping/aws/resource/appconfig/aws-appconfig-extension.json b/src/mapping/aws/resource/appconfig/aws-appconfig-extension.json deleted file mode 100644 index e668da3e..00000000 --- a/src/mapping/aws/resource/appconfig/aws-appconfig-extension.json +++ /dev/null @@ -1,209 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/Name", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" - ], - "definitions": { - "Action": { - "additionalProperties": false, - "description": "An action for an extension to take at a specific action point.", - "properties": { - "Description": { - "description": "The description of the extension Action.", - "maxLength": 1024, - "minLength": 0, - "type": "string" - }, - "Name": { - "description": "The name of the extension action.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "RoleArn": { - "description": "The ARN of the role for invoking the extension action.", - "maxLength": 2048, - "minLength": 20, - "type": "string" - }, - "Uri": { - "description": "The URI of the extension action.", - "maxLength": 2048, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "Name", - "Uri" - ], - "type": "object" - }, - "Actions": { - "description": "A list of actions for an extension to take at a specific action point.", - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Action" - }, - "type": "array", - "uniqueItems": true - }, - "Parameter": { - "additionalProperties": false, - "description": "A parameter for the extension to send to a specific action.", - "properties": { - "Description": { - "description": "The description of the extension Parameter.", - "maxLength": 1024, - "minLength": 0, - "type": "string" - }, - "Dynamic": { - "type": "boolean" - }, - "Required": { - "type": "boolean" - } - }, - "required": [ - "Required" - ], - "type": "object" - }, - "Tag": { - "additionalProperties": false, - "description": "A key-value pair to associate with a resource.", - "properties": { - "Key": { - "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "Value": { - "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", - "maxLength": 256, - "minLength": 0, - "type": "string" - } - }, - "required": [ - "Key", - "Value" - ], - "type": "object" - } - }, - "description": "Resource Type definition for AWS::AppConfig::Extension", - "handlers": { - "create": { - "permissions": [ - "appconfig:CreateExtension", - "appconfig:TagResource", - "iam:PassRole" - ] - }, - "delete": { - "permissions": [ - "appconfig:DeleteExtension", - "appconfig:UntagResource" - ] - }, - "list": { - "permissions": [ - "appconfig:ListExtensions" - ] - }, - "read": { - "permissions": [ - "appconfig:GetExtension" - ] - }, - "update": { - "permissions": [ - "appconfig:UpdateExtension", - "appconfig:TagResource", - "appconfig:UntagResource" - ] - } - }, - "primaryIdentifier": [ - "/properties/Id" - ], - "properties": { - "Actions": { - "additionalProperties": false, - "patternProperties": { - "^.+$": { - "$ref": "#/definitions/Actions" - } - }, - "type": "object" - }, - "Arn": { - "type": "string" - }, - "Description": { - "description": "Description of the extension.", - "type": "string" - }, - "Id": { - "type": "string" - }, - "LatestVersionNumber": { - "type": "integer" - }, - "Name": { - "description": "Name of the extension.", - "type": "string" - }, - "Parameters": { - "additionalProperties": false, - "patternProperties": { - "^.+$": { - "$ref": "#/definitions/Parameter" - } - }, - "type": "object" - }, - "Tags": { - "description": "An array of key-value tags to apply to this resource.", - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Tag" - }, - "type": "array", - "uniqueItems": false - }, - "VersionNumber": { - "type": "integer" - } - }, - "readOnlyProperties": [ - "/properties/Id", - "/properties/Arn", - "/properties/VersionNumber" - ], - "required": [ - "Name", - "Actions" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "tagging": { - "cloudFormationSystemTags": true, - "tagOnCreate": true, - "tagProperty": "/properties/Tags", - "tagUpdatable": true, - "taggable": true - }, - "typeName": "AWS::AppConfig::Extension", - "writeOnlyProperties": [ - "/properties/LatestVersionNumber", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" - ] -} diff --git a/src/mapping/aws/resource/appconfig/aws-appconfig-hostedconfigurationversion.json b/src/mapping/aws/resource/appconfig/aws-appconfig-hostedconfigurationversion.json deleted file mode 100644 index e1cf9a2e..00000000 --- a/src/mapping/aws/resource/appconfig/aws-appconfig-hostedconfigurationversion.json +++ /dev/null @@ -1,117 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/ApplicationId", - "/properties/ConfigurationProfileId", - "/properties/Description", - "/properties/Content", - "/properties/ContentType", - "/properties/LatestVersionNumber", - "/properties/VersionLabel" - ], - "description": "Resource Type definition for AWS::AppConfig::HostedConfigurationVersion", - "handlers": { - "create": { - "permissions": [ - "appconfig:CreateHostedConfigurationVersion" - ] - }, - "delete": { - "permissions": [ - "appconfig:DeleteHostedConfigurationVersion" - ] - }, - "list": { - "handlerSchema": { - "properties": { - "ApplicationId": { - "$ref": "resource-schema.json#/properties/ApplicationId" - }, - "ConfigurationProfileId": { - "$ref": "resource-schema.json#/properties/ConfigurationProfileId" - } - }, - "required": [ - "ApplicationId", - "ConfigurationProfileId" - ] - }, - "permissions": [ - "appconfig:ListHostedConfigurationVersions" - ] - }, - "read": { - "permissions": [ - "appconfig:GetHostedConfigurationVersion" - ] - } - }, - "primaryIdentifier": [ - "/properties/ApplicationId", - "/properties/ConfigurationProfileId", - "/properties/VersionNumber" - ], - "properties": { - "ApplicationId": { - "description": "The application ID.", - "pattern": "[a-z0-9]{4,7}", - "type": "string" - }, - "ConfigurationProfileId": { - "description": "The configuration profile ID.", - "pattern": "[a-z0-9]{4,7}", - "type": "string" - }, - "Content": { - "description": "The content of the configuration or the configuration data.", - "type": "string" - }, - "ContentType": { - "description": "A standard MIME type describing the format of the configuration content.", - "maxLength": 255, - "minLength": 1, - "type": "string" - }, - "Description": { - "description": "A description of the hosted configuration version.", - "maxLength": 1024, - "minLength": 0, - "type": "string" - }, - "LatestVersionNumber": { - "description": "An optional locking token used to prevent race conditions from overwriting configuration updates when creating a new version. To ensure your data is not overwritten when creating multiple hosted configuration versions in rapid succession, specify the version number of the latest hosted configuration version.", - "type": "integer" - }, - "VersionLabel": { - "description": "A user-defined label for an AWS AppConfig hosted configuration version.", - "maxLength": 64, - "minLength": 0, - "pattern": "^$|.*[^0-9].*", - "type": "string" - }, - "VersionNumber": { - "description": "Current version number of hosted configuration version.", - "type": "string" - } - }, - "readOnlyProperties": [ - "/properties/VersionNumber" - ], - "required": [ - "ApplicationId", - "ConfigurationProfileId", - "Content", - "ContentType" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig.git", - "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false - }, - "typeName": "AWS::AppConfig::HostedConfigurationVersion", - "writeOnlyProperties": [ - "/properties/LatestVersionNumber" - ] -} diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_deployment.json b/src/mapping/aws/resource/appconfig/aws_appconfig_deployment.json new file mode 100644 index 00000000..26e0191e --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_deployment.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "appconfig:StartDeployment", + "appconfig:GetDeployment", + "appconfig:ListTagsForResource", + "kms:GenerateDataKey", + "appconfig:StopDeployment" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:StopDeployment" + ], + "modify": [], + "plan": [ + "appconfig:GetDeployment" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json b/src/mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json new file mode 100644 index 00000000..4de6880f --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "appconfig:CreateDeploymentStrategy", + "appconfig:DeleteDeploymentStrategy", + "appconfig:GetDeploymentStrategy", + "appconfig:ListTagsForResource", + "appconfig:UpdateDeploymentStrategy" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:DeleteDeploymentStrategy" + ], + "modify": [ + "appconfig:UpdateDeploymentStrategy" + ], + "plan": [ + "appconfig:GetDeploymentStrategy", + "appconfig:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_environment.json b/src/mapping/aws/resource/appconfig/aws_appconfig_environment.json new file mode 100644 index 00000000..91ab843d --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_environment.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "appconfig:CreateEnvironment", + "appconfig:DeleteEnvironment", + "appconfig:GetEnvironment", + "appconfig:UpdateEnvironment", + "appconfig:ListTagsForResource", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:DeleteEnvironment" + ], + "modify": [ + "appconfig:UpdateEnvironment", + "iam:PassRole" + ], + "plan": [ + "appconfig:GetEnvironment" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_extension.json b/src/mapping/aws/resource/appconfig/aws_appconfig_extension.json new file mode 100644 index 00000000..f5eed5c3 --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_extension.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "appconfig:CreateExtension", + "appconfig:DeleteExtension", + "appconfig:UpdateExtension", + "appconfig:GetExtension", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:DeleteExtension" + ], + "modify": [ + "appconfig:UpdateExtension" + ], + "plan": [ + "appconfig:GetExtension", + "appconfig:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_extension_association.json b/src/mapping/aws/resource/appconfig/aws_appconfig_extension_association.json new file mode 100644 index 00000000..4e07402b --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_extension_association.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "appconfig:CreateExtensionAssociation", + "appconfig:DeleteExtensionAssociation", + "appconfig:GetExtensionAssociation", + "appconfig:UpdateExtensionAssociation" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:DeleteExtensionAssociation" + ], + "modify": [ + "appconfig:UpdateExtensionAssociation" + ], + "plan": [ + "appconfig:GetExtensionAssociation", + "appconfig:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_hosted_configuration_version.json b/src/mapping/aws/resource/appconfig/aws_appconfig_hosted_configuration_version.json new file mode 100644 index 00000000..dc0538f3 --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_hosted_configuration_version.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "appconfig:CreateHostedConfigurationVersion", + "appconfig:DeleteHostedConfigurationVersion", + "appconfig:GetHostedConfigurationVersion" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appconfig:DeleteHostedConfigurationVersion" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appfabric/aws_appfabric_app_authorization.json b/src/mapping/aws/resource/appfabric/aws_appfabric_app_authorization.json new file mode 100644 index 00000000..510ad6ae --- /dev/null +++ b/src/mapping/aws/resource/appfabric/aws_appfabric_app_authorization.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "appfabric:GetAppAuthorization", + "appfabric:CreateAppAuthorization", + "appfabric:DeleteAppAuthorization", + "appfabric:UpdateAppAuthorization" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appfabric/aws_appfabric_app_authorization_connection.json b/src/mapping/aws/resource/appfabric/aws_appfabric_app_authorization_connection.json new file mode 100644 index 00000000..20b36b35 --- /dev/null +++ b/src/mapping/aws/resource/appfabric/aws_appfabric_app_authorization_connection.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "appfabric:ConnectAppAuthorization" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appfabric/aws_appfabric_app_bundle.json b/src/mapping/aws/resource/appfabric/aws_appfabric_app_bundle.json new file mode 100644 index 00000000..7d530721 --- /dev/null +++ b/src/mapping/aws/resource/appfabric/aws_appfabric_app_bundle.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "appfabric:GetAppBundle", + "appfabric:CreateAppBundle", + "appfabric:DeleteAppBundle", + "appfabric:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appfabric:TagResource", + "appfabric:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appfabric/aws_appfabric_ingestion.json b/src/mapping/aws/resource/appfabric/aws_appfabric_ingestion.json new file mode 100644 index 00000000..6ef83a46 --- /dev/null +++ b/src/mapping/aws/resource/appfabric/aws_appfabric_ingestion.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "appfabric:GetIngestion", + "appfabric:CreateIngestion", + "appfabric:DeleteIngestion", + "appfabric:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appfabric:TagResource", + "appfabric:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appfabric/aws_appfabric_ingestion_destination.json b/src/mapping/aws/resource/appfabric/aws_appfabric_ingestion_destination.json new file mode 100644 index 00000000..f9334e1c --- /dev/null +++ b/src/mapping/aws/resource/appfabric/aws_appfabric_ingestion_destination.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appfabric:GetIngestionDestination", + "appfabric:CreateIngestionDestination", + "appfabric:DeleteIngestionDestination", + "appfabric:UpdateIngestionDestination", + "appfabric:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appfabric:TagResource", + "appfabric:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appflow/aws_appflow_connector_profile.json b/src/mapping/aws/resource/appflow/aws_appflow_connector_profile.json new file mode 100644 index 00000000..1f611a24 --- /dev/null +++ b/src/mapping/aws/resource/appflow/aws_appflow_connector_profile.json @@ -0,0 +1,33 @@ +[ + { + "apply": [ + "appflow:CreateConnectorProfile", + "iam:PassRole", + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutResourcePolicy", + "appflow:DeleteConnectorProfile", + "appflow:DescribeConnectorProfiles", + "appflow:UpdateConnectorProfile" + ], + "attributes": { + "kms_arn": [ + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListAliases", + "kms:CreateGrant", + "kms:ListGrants" + ], + "tags": [] + }, + "destroy": [ + "appflow:DeleteConnectorProfile" + ], + "modify": [ + "appflow:UpdateConnectorProfile" + ], + "plan": [ + "appflow:DescribeConnectorProfiles" + ] + } +] diff --git a/src/mapping/aws/resource/appflow/aws_appflow_flow.json b/src/mapping/aws/resource/appflow/aws_appflow_flow.json new file mode 100644 index 00000000..d5d4e7fe --- /dev/null +++ b/src/mapping/aws/resource/appflow/aws_appflow_flow.json @@ -0,0 +1,45 @@ +[ + { + "apply": [ + "appflow:CreateFlow", + "appflow:StartFlow", + "appflow:TagResource", + "appflow:ListTagsForResource", + "appflow:UseConnectorProfile", + "iam:PassRole", + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "secretsmanager:CreateSecret", + "secretsmanager:PutResourcePolicy", + "appflow:DeleteFlow", + "appflow:DescribeFlow", + "appflow:UpdateFlow", + "appflow:StopFlow" + ], + "attributes": { + "kms_arn": [ + "kms:ListGrants", + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListAliases", + "kms:CreateGrant" + ], + "tags": [ + "appflow:TagResource", + "appflow:UntagResource" + ] + }, + "destroy": [ + "appflow:DeleteFlow" + ], + "modify": [ + "appflow:UpdateFlow", + "appflow:StopFlow" + ], + "plan": [ + "appflow:DescribeFlow", + "appflow:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_policy.json b/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_policy.json index 3d395256..31ceeb23 100644 --- a/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_policy.json +++ b/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_policy.json @@ -1,17 +1,22 @@ -[ - { - "apply": [ - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:DeleteScalingPolicy" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "application-autoscaling:DeleteScalingPolicy" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DeleteScalingPolicy", + "cloudwatch:GetMetricData" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "application-autoscaling:DeleteScalingPolicy" + ], + "modify": [ + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "cloudwatch:GetMetricData" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_target.json b/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_target.json index 40b6e7b0..90a8705f 100644 --- a/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_target.json +++ b/src/mapping/aws/resource/application-autoscaling/aws_appautoscaling_target.json @@ -1,18 +1,29 @@ -[ - { - "apply": [ - "application-autoscaling:RegisterScalableTarget", - "iam:CreateServiceLinkedRole", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DeregisterScalableTarget" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "application-autoscaling:DeregisterScalableTarget" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "application-autoscaling:RegisterScalableTarget", + "iam:CreateServiceLinkedRole", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:PutScheduledAction", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "lambda:GetProvisionedConcurrencyConfig", + "lambda:PutProvisionedConcurrencyConfig", + "lambda:DeleteProvisionedConcurrencyConfig" + ], + "attributes": { + "role_arn": [ + "iam:PassRole" + ], + "tags": [] + }, + "destroy": [ + "application-autoscaling:DeregisterScalableTarget" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json b/src/mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json new file mode 100644 index 00000000..4a43db13 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeGatewayRoute", + "appmesh:CreateGatewayRoute", + "appmesh:DeleteGatewayRoute", + "appmesh:UpdateGatewayRoute", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_mesh.json b/src/mapping/aws/resource/appmesh/aws_appmesh_mesh.json new file mode 100644 index 00000000..84813f0e --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_mesh.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeMesh", + "appmesh:CreateMesh", + "appmesh:DeleteMesh", + "appmesh:UpdateMesh", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_route.json b/src/mapping/aws/resource/appmesh/aws_appmesh_route.json new file mode 100644 index 00000000..898ec988 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_route.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeRoute", + "appmesh:CreateRoute", + "appmesh:DeleteRoute", + "appmesh:UpdateRoute", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json new file mode 100644 index 00000000..2a3f2b33 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualGateway", + "appmesh:CreateVirtualGateway", + "appmesh:DeleteVirtualGateway", + "appmesh:UpdateVirtualGateway", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json new file mode 100644 index 00000000..1ddf35a5 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualNode", + "appmesh:CreateVirtualNode", + "appmesh:DeleteVirtualNode", + "appmesh:UpdateVirtualNode", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json new file mode 100644 index 00000000..044700d5 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualRouter", + "appmesh:CreateVirtualRouter", + "appmesh:UpdateVirtualRouter", + "appmesh:DeleteVirtualRouter", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json new file mode 100644 index 00000000..237137cc --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualService", + "appmesh:CreateVirtualService", + "appmesh:DeleteVirtualService", + "appmesh:UpdateVirtualService", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_auto_scaling_configuration_version.json b/src/mapping/aws/resource/apprunner/aws_apprunner_auto_scaling_configuration_version.json new file mode 100644 index 00000000..8bf9daed --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_auto_scaling_configuration_version.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "apprunner:CreateAutoScalingConfiguration", + "apprunner:DescribeAutoScalingConfiguration", + "apprunner:DeleteAutoScalingConfiguration" + ], + "attributes": { + "tags": [ + "apprunner:TagResource", + "apprunner:UntagResource" + ] + }, + "destroy": [ + "apprunner:DeleteAutoScalingConfiguration" + ], + "modify": [], + "plan": [ + "apprunner:DescribeAutoScalingConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_connection.json b/src/mapping/aws/resource/apprunner/aws_apprunner_connection.json new file mode 100644 index 00000000..724dc83d --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_connection.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "apprunner:CreateConnection", + "apprunner:DeleteConnection", + "apprunner:ListTagsForResource" + ], + "attributes": { + "tags": [ + "apprunner:TagResource", + "apprunner:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_custom_domain_association.json b/src/mapping/aws/resource/apprunner/aws_apprunner_custom_domain_association.json new file mode 100644 index 00000000..053cd4ac --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_custom_domain_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "apprunner:AssociateCustomDomain", + "apprunner:DisassociateCustomDomain" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_default_auto_scaling_configuration_version.json b/src/mapping/aws/resource/apprunner/aws_apprunner_default_auto_scaling_configuration_version.json new file mode 100644 index 00000000..8bf9daed --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_default_auto_scaling_configuration_version.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "apprunner:CreateAutoScalingConfiguration", + "apprunner:DescribeAutoScalingConfiguration", + "apprunner:DeleteAutoScalingConfiguration" + ], + "attributes": { + "tags": [ + "apprunner:TagResource", + "apprunner:UntagResource" + ] + }, + "destroy": [ + "apprunner:DeleteAutoScalingConfiguration" + ], + "modify": [], + "plan": [ + "apprunner:DescribeAutoScalingConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_deployment.json b/src/mapping/aws/resource/apprunner/aws_apprunner_deployment.json new file mode 100644 index 00000000..30d9a8d6 --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_deployment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "apprunner:StartDeployment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_observability_configuration.json b/src/mapping/aws/resource/apprunner/aws_apprunner_observability_configuration.json new file mode 100644 index 00000000..d937357f --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_observability_configuration.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "apprunner:CreateObservabilityConfiguration", + "apprunner:DescribeObservabilityConfiguration", + "apprunner:DeleteObservabilityConfiguration" + ], + "attributes": { + "tags": [ + "apprunner:TagResource", + "apprunner:UntagResource" + ] + }, + "destroy": [ + "apprunner:DeleteObservabilityConfiguration" + ], + "modify": [], + "plan": [ + "apprunner:DescribeObservabilityConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_service.json b/src/mapping/aws/resource/apprunner/aws_apprunner_service.json new file mode 100644 index 00000000..e03d76df --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_service.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "apprunner:CreateService", + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "logs:CreateLogGroup", + "logs:PutRetentionPolicy", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "events:PutRule", + "events:PutTargets", + "apprunner:DeleteService", + "apprunner:DescribeService", + "apprunner:UpdateService" + ], + "attributes": { + "tags": [ + "apprunner:TagResource", + "apprunner:UntagResource" + ] + }, + "destroy": [ + "apprunner:DeleteService" + ], + "modify": [ + "apprunner:UpdateService" + ], + "plan": [ + "apprunner:DescribeService" + ] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_vpc_connector.json b/src/mapping/aws/resource/apprunner/aws_apprunner_vpc_connector.json new file mode 100644 index 00000000..f29070a8 --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_vpc_connector.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "iam:CreateServiceLinkedRole", + "apprunner:CreateVpcConnector", + "apprunner:DescribeVpcConnector", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "apprunner:DeleteVpcConnector", + "apprunner:DescribeVpcConnector" + ], + "attributes": { + "tags": [ + "apprunner:TagResource", + "apprunner:UntagResource" + ] + }, + "destroy": [ + "apprunner:DeleteVpcConnector" + ], + "modify": [], + "plan": [ + "apprunner:DescribeVpcConnector" + ] + } +] diff --git a/src/mapping/aws/resource/apprunner/aws_apprunner_vpc_ingress_connection.json b/src/mapping/aws/resource/apprunner/aws_apprunner_vpc_ingress_connection.json new file mode 100644 index 00000000..f38653d0 --- /dev/null +++ b/src/mapping/aws/resource/apprunner/aws_apprunner_vpc_ingress_connection.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "apprunner:CreateVpcIngressConnection", + "apprunner:DescribeVpcIngressConnection", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "apprunner:UpdateVpcIngressConnection", + "apprunner:DeleteVpcIngressConnection" + ], + "attributes": { + "tags": [ + "apprunner:TagResource", + "apprunner:UntagResource" + ] + }, + "destroy": [ + "apprunner:DeleteVpcIngressConnection" + ], + "modify": [ + "apprunner:UpdateVpcIngressConnection" + ], + "plan": [ + "apprunner:DescribeVpcIngressConnection" + ] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_directory_config.json b/src/mapping/aws/resource/appstream/aws_appstream_directory_config.json new file mode 100644 index 00000000..5855abd9 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_directory_config.json @@ -0,0 +1,47 @@ +[ + { + "apply": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "modify": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "plan": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_fleet.json b/src/mapping/aws/resource/appstream/aws_appstream_fleet.json new file mode 100644 index 00000000..92ce59bd --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_fleet.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appstream:DescribeFleets", + "appstream:CreateFleet", + "appstream:DeleteFleet", + "appstream:UpdateFleet", + "appstream:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json b/src/mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json new file mode 100644 index 00000000..7ade7a55 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "appstream:AssociateFleet", + "appstream:DisassociateFleet" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_image_builder.json b/src/mapping/aws/resource/appstream/aws_appstream_image_builder.json new file mode 100644 index 00000000..793e6371 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_image_builder.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "appstream:CreateImageBuilder", + "appstream:CreateImageBuilderStreamingURL", + "appstream:CreateStreamingURL", + "appstream:DeleteImageBuilder", + "appstream:DescribeImageBuilders", + "appstream:StartImageBuilder", + "appstream:StopImageBuilder", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appstream:DeleteImageBuilder", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "modify": [], + "plan": [ + "appstream:DescribeImageBuilders" + ] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_stack.json b/src/mapping/aws/resource/appstream/aws_appstream_stack.json new file mode 100644 index 00000000..f1d4a106 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_stack.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "appstream:DescribeStacks", + "appstream:CreateStack", + "appstream:DeleteStack", + "appstream:UpdateStack" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_user.json b/src/mapping/aws/resource/appstream/aws_appstream_user.json new file mode 100644 index 00000000..710d3f2d --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_user.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "appstream:DescribeUsers", + "appstream:CreateUser", + "appstream:DeleteUser" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_user_stack_association.json b/src/mapping/aws/resource/appstream/aws_appstream_user_stack_association.json new file mode 100644 index 00000000..07463646 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_user_stack_association.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "appstream:DescribeUserStackAssociations", + "appstream:BatchAssociateUserStack", + "appstream:BatchDisassociateUserStack" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_api_cache.json b/src/mapping/aws/resource/appsync/aws_appsync_api_cache.json new file mode 100644 index 00000000..8eacce13 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_api_cache.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "appsync:GetApiCache", + "appsync:CreateApiCache", + "appsync:DeleteApiCache", + "appsync:UpdateApiCache" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_api_key.json b/src/mapping/aws/resource/appsync/aws_appsync_api_key.json new file mode 100644 index 00000000..c5de1f92 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_api_key.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "appsync:CreateApiKey", + "appsync:DeleteApiKey", + "appsync:UpdateApiKey" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_datasource.json b/src/mapping/aws/resource/appsync/aws_appsync_datasource.json new file mode 100644 index 00000000..864d5f81 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_datasource.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "appsync:CreateDataSource", + "appsync:GetDataSource", + "appsync:UpdateDataSource", + "iam:PassRole" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:DeleteDataSource", + "appsync:GetDataSource" + ], + "modify": [ + "appsync:UpdateDataSource", + "iam:PassRole" + ], + "plan": [ + "appsync:GetDataSource" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_domain_name.json b/src/mapping/aws/resource/appsync/aws_appsync_domain_name.json new file mode 100644 index 00000000..021ded3c --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_domain_name.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "appsync:CreateDomainName", + "appsync:GetDomainName", + "acm:DescribeCertificate", + "cloudfront:UpdateDistribution", + "appsync:UpdateDomainName", + "appsync:DeleteDomainName", + "appsync:TagResource" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:DeleteDomainName", + "appsync:UntagResource" + ], + "modify": [ + "appsync:UpdateDomainName", + "appsync:GetDomainName", + "appsync:TagResource", + "appsync:UntagResource" + ], + "plan": [ + "appsync:GetDomainName" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_domain_name_api_association.json b/src/mapping/aws/resource/appsync/aws_appsync_domain_name_api_association.json new file mode 100644 index 00000000..78ed8286 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_domain_name_api_association.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "appsync:AssociateApi", + "appsync:GetApiAssociation", + "appsync:DisassociateApi" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:DisassociateApi" + ], + "modify": [ + "appsync:AssociateApi" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_function.json b/src/mapping/aws/resource/appsync/aws_appsync_function.json new file mode 100644 index 00000000..f7be9a18 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_function.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "s3:GetObject", + "appsync:CreateFunction", + "appsync:DeleteFunction", + "appsync:GetFunction", + "appsync:UpdateFunction" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:DeleteFunction" + ], + "modify": [ + "appsync:UpdateFunction" + ], + "plan": [ + "appsync:GetFunction" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_graphql_api.json b/src/mapping/aws/resource/appsync/aws_appsync_graphql_api.json new file mode 100644 index 00000000..47f4e9a4 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_graphql_api.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "appsync:CreateApi", + "appsync:GetApi", + "appsync:ListTagsForResource", + "iam:PassRole", + "appsync:DeleteApi" + ], + "attributes": { + "tags": [ + "appsync:TagResource", + "appsync:UntagResource" + ] + }, + "destroy": [ + "appsync:DeleteApi" + ], + "modify": [ + "appsync:UpdateApi", + "appsync:GetApi", + "iam:PassRole" + ], + "plan": [ + "appsync:GetApi", + "appsync:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_resolver.json b/src/mapping/aws/resource/appsync/aws_appsync_resolver.json new file mode 100644 index 00000000..844f0617 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_resolver.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "s3:GetObject", + "appsync:CreateResolver", + "appsync:GetResolver", + "appsync:DeleteResolver", + "appsync:UpdateResolver" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:DeleteResolver" + ], + "modify": [ + "appsync:UpdateResolver" + ], + "plan": [ + "appsync:GetResolver" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_source_api_association.json b/src/mapping/aws/resource/appsync/aws_appsync_source_api_association.json new file mode 100644 index 00000000..d4348078 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_source_api_association.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "appsync:AssociateSourceGraphqlApi", + "appsync:AssociateMergedGraphqlApi", + "appsync:UpdateSourceApiAssociation", + "appsync:GetSourceApiAssociation", + "appsync:DisassociateSourceGraphqlApi", + "appsync:DisassociateMergedGraphqlApi", + "appsync:ListSourceApiAssociations" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:GetSourceApiAssociation", + "appsync:DisassociateSourceGraphqlApi", + "appsync:DisassociateMergedGraphqlApi", + "appsync:ListSourceApiAssociations" + ], + "modify": [ + "appsync:UpdateSourceApiAssociation", + "appsync:GetSourceApiAssociation" + ], + "plan": [ + "appsync:GetSourceApiAssociation", + "appsync:ListSourceApiAssociations" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_type.json b/src/mapping/aws/resource/appsync/aws_appsync_type.json new file mode 100644 index 00000000..2cc23753 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_type.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "appsync:GetType", + "appsync:CreateType", + "appsync:DeleteType", + "appsync:UpdateType" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/aps/aws_prometheus_alert_manager_definition.json b/src/mapping/aws/resource/aps/aws_prometheus_alert_manager_definition.json new file mode 100644 index 00000000..d19da323 --- /dev/null +++ b/src/mapping/aws/resource/aps/aws_prometheus_alert_manager_definition.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "aps:CreateAlertManagerDefinition", + "aps:DescribeAlertManagerDefinition", + "aps:ListTagsForResource" + ], + "attributes": { + "tags": [ + "aps:TagResource", + "aps:UntagResource" + ] + }, + "destroy": [ + "aps:DeleteAlertManagerDefinition" + ], + "modify": [ + "aps:CreateAlertManagerDefinition", + "aps:PutAlertManagerDefinition", + "aps:DeleteAlertManagerDefinition" + ], + "plan": [ + "aps:DescribeAlertManagerDefinition" + ] + } +] diff --git a/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json b/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json new file mode 100644 index 00000000..5aa299f6 --- /dev/null +++ b/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aps:DescribeRuleGroupsNamespace", + "aps:CreateRuleGroupsNamespace", + "aps:DeleteRuleGroupsNamespace", + "aps:PutRuleGroupsNamespace" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/aps/aws_prometheus_scraper.json b/src/mapping/aws/resource/aps/aws_prometheus_scraper.json new file mode 100644 index 00000000..87094592 --- /dev/null +++ b/src/mapping/aws/resource/aps/aws_prometheus_scraper.json @@ -0,0 +1,48 @@ +[ + { + "apply": [ + "aps:CreateScraper", + "aps:DeleteScraper", + "aps:DescribeScraper", + "aps:DescribeWorkspace", + "aps:ListTagsForResource", + "aps:UpdateScraper", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "eks:AssociateAccessPolicy", + "eks:CreateAccessEntry", + "eks:DescribeCluster", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "aps:TagResource", + "aps:UntagResource" + ] + }, + "destroy": [ + "aps:DeleteScraper", + "aps:DescribeScraper", + "aps:DescribeWorkspace", + "eks:AssociateAccessPolicy", + "eks:DescribeCluster", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "iam:DeleteServiceLinkedRole" + ], + "modify": [ + "aps:CreateScraper", + "aps:DescribeScraper", + "aps:UpdateScraper", + "aps:DescribeWorkspace", + "aps:ListTagsForResource", + "iam:PassRole" + ], + "plan": [ + "aps:DescribeScraper", + "aps:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/aps/aws_prometheus_workspace.json b/src/mapping/aws/resource/aps/aws_prometheus_workspace.json new file mode 100644 index 00000000..e3eccc61 --- /dev/null +++ b/src/mapping/aws/resource/aps/aws_prometheus_workspace.json @@ -0,0 +1,47 @@ +[ + { + "apply": [ + "aps:CreateWorkspace", + "aps:DescribeWorkspace", + "aps:ListTagsForResource", + "aps:DescribeLoggingConfiguration" + ], + "attributes": { + "kms_key_arn": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "logging-configuration": [ + "aps:CreateLoggingConfiguration", + "aps:DeleteLoggingConfiguration", + "aps:DescribeLoggingConfiguration", + "aps:UpdateLoggingConfiguration", + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "tags": [ + "aps:TagResource", + "aps:UntagResource" + ] + }, + "destroy": [ + "aps:DeleteWorkspace", + "aps:DescribeWorkspace" + ], + "modify": [ + "aps:UpdateWorkspaceAlias", + "aps:DescribeWorkspace", + "aps:ListTagsForResource" + ], + "plan": [ + "aps:DescribeWorkspace", + "aps:ListTagsForResource", + "aps:DescribeLoggingConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/aps/aws_prometheus_workspace_configuration.json b/src/mapping/aws/resource/aps/aws_prometheus_workspace_configuration.json new file mode 100644 index 00000000..159f6c28 --- /dev/null +++ b/src/mapping/aws/resource/aps/aws_prometheus_workspace_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aps:UpdateWorkspaceConfiguration", + "aps:DescribeWorkspaceConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/athena/aws_athena_capacity_reservation.json b/src/mapping/aws/resource/athena/aws_athena_capacity_reservation.json new file mode 100644 index 00000000..a7a4f814 --- /dev/null +++ b/src/mapping/aws/resource/athena/aws_athena_capacity_reservation.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "athena:GetCapacityReservation", + "athena:CreateCapacityReservation", + "athena:CancelCapacityReservation", + "athena:DeleteCapacityReservation", + "athena:UpdateCapacityReservation", + "athena:ListTagsForResource" + ], + "attributes": { + "tags": [ + "athena:TagResource", + "athena:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/athena/aws_athena_data_catalog.json b/src/mapping/aws/resource/athena/aws_athena_data_catalog.json index 0879db82..4fbb2061 100644 --- a/src/mapping/aws/resource/athena/aws_athena_data_catalog.json +++ b/src/mapping/aws/resource/athena/aws_athena_data_catalog.json @@ -3,9 +3,41 @@ "apply": [ "athena:CreateDataCatalog", "athena:DeleteDataCatalog", - "ec2:DescribeAccountAttributes", "athena:GetDataCatalog", - "athena:ListTagsForResource" + "athena:ListTagsForResource", + "athena:UpdateDataCatalog", + "s3:ListBucket", + "glue:TagResource", + "glue:CreateConnection", + "glue:DeleteConnection", + "glue:UpdateConnection", + "serverlessrepo:CreateCloudFormationTemplate", + "serverlessrepo:GetCloudFormationTemplate", + "cloudformation:CreateStack", + "cloudformation:CreateChangeSet", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer", + "glue:GetConnection", + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:PassRole", + "iam:PutRolePolicy", + "iam:TagRole", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:TagResource", + "secretsmanager:ListSecrets" ], "attributes": { "tags": [ @@ -14,11 +46,26 @@ ] }, "destroy": [ - "athena:DeleteDataCatalog" + "athena:DeleteDataCatalog", + "athena:GetDataCatalog", + "glue:GetConnection", + "glue:UpdateConnection", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks", + "lambda:DeleteFunction", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "s3:ListBucket" ], "modify": [ - "athena:UpdateDataCatalog" + "athena:UpdateDataCatalog", + "athena:GetDataCatalog", + "athena:ListTagsForResource" ], - "plan": [] + "plan": [ + "athena:GetDataCatalog", + "athena:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/athena/aws_athena_named_query.json b/src/mapping/aws/resource/athena/aws_athena_named_query.json index 51174452..f67e745a 100644 --- a/src/mapping/aws/resource/athena/aws_athena_named_query.json +++ b/src/mapping/aws/resource/athena/aws_athena_named_query.json @@ -13,6 +13,8 @@ "athena:DeleteNamedQuery" ], "modify": [], - "plan": [] + "plan": [ + "athena:GetNamedQuery" + ] } ] diff --git a/src/mapping/aws/resource/athena/aws_athena_prepared_statement.json b/src/mapping/aws/resource/athena/aws_athena_prepared_statement.json new file mode 100644 index 00000000..367d21ba --- /dev/null +++ b/src/mapping/aws/resource/athena/aws_athena_prepared_statement.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "athena:CreatePreparedStatement", + "athena:GetPreparedStatement", + "athena:DeletePreparedStatement", + "athena:UpdatePreparedStatement" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "athena:DeletePreparedStatement" + ], + "modify": [ + "athena:UpdatePreparedStatement" + ], + "plan": [ + "athena:GetPreparedStatement" + ] + } +] diff --git a/src/mapping/aws/resource/athena/aws_athena_workgroup.json b/src/mapping/aws/resource/athena/aws_athena_workgroup.json index c9b20b02..f741e068 100644 --- a/src/mapping/aws/resource/athena/aws_athena_workgroup.json +++ b/src/mapping/aws/resource/athena/aws_athena_workgroup.json @@ -8,6 +8,21 @@ "athena:DeleteWorkGroup" ], "attributes": { + "encryption_configuration": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "execution_role": [ + "iam:PassRole" + ], + "result_configuration": [ + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:AbortMultipartUpload", + "s3:PutObject", + "s3:ListMultipartUploadParts" + ], "tags": [ "athena:TagResource", "athena:UntagResource" @@ -19,6 +34,9 @@ "modify": [ "athena:UpdateWorkGroup" ], - "plan": [] + "plan": [ + "athena:GetWorkGroup", + "athena:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/auditmanager/aws_auditmanager_assessment.json b/src/mapping/aws/resource/auditmanager/aws_auditmanager_assessment.json index 29639c44..0295838c 100644 --- a/src/mapping/aws/resource/auditmanager/aws_auditmanager_assessment.json +++ b/src/mapping/aws/resource/auditmanager/aws_auditmanager_assessment.json @@ -1,20 +1,32 @@ -[ - { - "apply": [ - "auditmanager:GetAssessment", - "auditmanager:CreateAssessment", - "auditmanager:DeleteAssessment", - "auditmanager:UpdateAssessment" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "auditmanager:DeleteAssessment" - ], - "modify": [ - "auditmanager:UpdateAssessment" - ], - "plan": [] - } -] +[ + { + "apply": [ + "auditmanager:GetAssessment", + "auditmanager:CreateAssessment", + "auditmanager:DeleteAssessment", + "auditmanager:UpdateAssessment", + "auditmanager:BatchCreateDelegationByAssessment", + "auditmanager:BatchDeleteDelegationByAssessment" + ], + "attributes": { + "roles": [ + "iam:PassRole" + ], + "tags": [ + "auditmanager:TagResource", + "auditmanager:UntagResource" + ] + }, + "destroy": [ + "auditmanager:DeleteAssessment" + ], + "modify": [ + "auditmanager:UpdateAssessment", + "auditmanager:UpdateAssessmentStatus", + "auditmanager:BatchDeleteDelegationByAssessment" + ], + "plan": [ + "auditmanager:GetAssessment" + ] + } +] diff --git a/src/mapping/aws/resource/autoscaling/aws_autoscaling_group.json b/src/mapping/aws/resource/autoscaling/aws_autoscaling_group.json index 9c5d8420..82894c6b 100644 --- a/src/mapping/aws/resource/autoscaling/aws_autoscaling_group.json +++ b/src/mapping/aws/resource/autoscaling/aws_autoscaling_group.json @@ -1,23 +1,74 @@ [ { "apply": [ + "autoscaling:Describe*", "autoscaling:CreateAutoScalingGroup", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeScalingActivities", "autoscaling:UpdateAutoScalingGroup", - "autoscaling:DeleteAutoScalingGroup" + "autoscaling:DeleteAutoScalingGroup", + "ec2:Describe*", + "ec2:Get*", + "ssm:Get*", + "ec2:RunInstances", + "managed-fleets:Get*", + "managed-fleets:RegisterAutoScalingGroup", + "managed-fleets:UpdateAutoScalingGroup", + "managed-fleets:DeleteAutoScalingGroup", + "managed-fleets:DeregisterAutoScalingGroup" ], "attributes": { + "alarms": [ + "cloudwatch:PutMetricAlarm" + ], + "enabled_metrics": [ + "autoscaling:EnableMetricsCollection", + "autoscaling:DisableMetricsCollection" + ], + "initial_lifecycle_hook": [ + "autoscaling:PutLifecycleHook", + "autoscaling:DeleteLifecycleHook" + ], + "load_balancers": [ + "elasticloadbalancing:Describe*" + ], + "notification_target_arn": [ + "autoscaling:PutNotificationConfiguration", + "autoscaling:DeleteNotificationConfiguration" + ], + "role_arn": [ + "iam:PassRole" + ], + "service_linked_role_arn": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole" + ], "tag": [ "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteTags" + ], + "target_group_arns": [ + "autoscaling:DetachLoadBalancerTargetGroups", + "autoscaling:AttachLoadBalancerTargetGroups" + ], + "traffic_sources": [ + "autoscaling:AttachTrafficSources", + "autoscaling:DetachTrafficSources" ] }, "destroy": [ "autoscaling:UpdateAutoScalingGroup", - "autoscaling:DeleteAutoScalingGroup" + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:Describe*", + "managed-fleets:Get*", + "managed-fleets:DeleteAutoScalingGroup", + "managed-fleets:DeregisterAutoScalingGroup" ], - "modify": [], - "plan": [] + "modify": [ + "managed-fleets:UpdateAutoScalingGroup" + ], + "plan": [ + "autoscaling:Describe*" + ] } ] diff --git a/src/mapping/aws/resource/autoscaling/aws_autoscaling_lifecycle_hook.json b/src/mapping/aws/resource/autoscaling/aws_autoscaling_lifecycle_hook.json index baff016b..6b73d4d2 100644 --- a/src/mapping/aws/resource/autoscaling/aws_autoscaling_lifecycle_hook.json +++ b/src/mapping/aws/resource/autoscaling/aws_autoscaling_lifecycle_hook.json @@ -6,9 +6,19 @@ "autoscaling:DescribeLifecycleHooks", "autoscaling:PutLifecycleHook" ], - "attributes": {}, - "destroy": [], - "modify": [], - "plan": [] + "attributes": { + "role_arn": [ + "iam:PassRole" + ] + }, + "destroy": [ + "autoscaling:DeleteLifecycleHook" + ], + "modify": [ + "autoscaling:PutLifecycleHook" + ], + "plan": [ + "autoscaling:DescribeLifecycleHooks" + ] } ] diff --git a/src/mapping/aws/resource/autoscaling/aws_autoscaling_policy.json b/src/mapping/aws/resource/autoscaling/aws_autoscaling_policy.json index 2f986150..055ad685 100644 --- a/src/mapping/aws/resource/autoscaling/aws_autoscaling_policy.json +++ b/src/mapping/aws/resource/autoscaling/aws_autoscaling_policy.json @@ -7,9 +7,19 @@ "autoscaling:ExecutePolicy", "autoscaling:PutScalingPolicy" ], - "attributes": {}, - "destroy": [], - "modify": [], - "plan": [] + "attributes": { + "predictive_scaling_configuration": [ + "cloudwatch:GetMetricData" + ] + }, + "destroy": [ + "autoscaling:DeletePolicy" + ], + "modify": [ + "autoscaling:PutScalingPolicy" + ], + "plan": [ + "autoscaling:DescribePolicies" + ] } ] diff --git a/src/mapping/aws/resource/autoscaling/aws_autoscaling_schedule.json b/src/mapping/aws/resource/autoscaling/aws_autoscaling_schedule.json index e20885f1..3b1d5faf 100644 --- a/src/mapping/aws/resource/autoscaling/aws_autoscaling_schedule.json +++ b/src/mapping/aws/resource/autoscaling/aws_autoscaling_schedule.json @@ -11,7 +11,11 @@ "destroy": [ "autoscaling:DeleteScheduledAction" ], - "modify": [], - "plan": [] + "modify": [ + "autoscaling:PutScheduledUpdateGroupAction" + ], + "plan": [ + "autoscaling:DescribeScheduledActions" + ] } ] diff --git a/src/mapping/aws/resource/autoscaling/aws_launch_configuration.json b/src/mapping/aws/resource/autoscaling/aws_launch_configuration.json index eeb38b24..2cd9949d 100644 --- a/src/mapping/aws/resource/autoscaling/aws_launch_configuration.json +++ b/src/mapping/aws/resource/autoscaling/aws_launch_configuration.json @@ -1,19 +1,24 @@ -[ - { - "apply": [ - "ec2:DescribeImages", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DeleteLaunchConfiguration" - ], - "attributes": { - "tags": [ - "autoscaling:CreateOrUpdateTags", - "autoscaling:DeleteTags" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DescribeImages", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DeleteLaunchConfiguration" + ], + "attributes": { + "iam_instance_profile": [ + "iam:PassRole" + ], + "tags": [ + "autoscaling:CreateOrUpdateTags", + "autoscaling:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [ + "autoscaling:DeleteLaunchConfiguration" + ] + } +] diff --git a/src/mapping/aws/data/aws_service_principal.json b/src/mapping/aws/resource/aws_prometheus_query_logging_configuration.json similarity index 91% rename from src/mapping/aws/data/aws_service_principal.json rename to src/mapping/aws/resource/aws_prometheus_query_logging_configuration.json index c22551cc..45e4fdaf 100644 --- a/src/mapping/aws/data/aws_service_principal.json +++ b/src/mapping/aws/resource/aws_prometheus_query_logging_configuration.json @@ -1,11 +1,11 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/backup/aws_backup_framework.json b/src/mapping/aws/resource/backup/aws_backup_framework.json index 79dfcb7f..e3aa2df3 100644 --- a/src/mapping/aws/resource/backup/aws_backup_framework.json +++ b/src/mapping/aws/resource/backup/aws_backup_framework.json @@ -2,20 +2,21 @@ { "apply": [ "ec2:DescribeAccountAttributes", - "Backup:CreateFramework", - "Backup:DescribeFramework", - "Backup:DeleteFramework", - "Backup:ListTags" + "backup:CreateFramework", + "backup:DescribeFramework", + "backup:DeleteFramework", + "backup:ListTags", + "iam:CreateServiceLinkedRole" ], "attributes": { "tags": [ - "Backup:UntagResource", - "Backup:TagResource" + "backup:UntagResource", + "backup:TagResource" ] }, "destroy": [], "modify": [ - "Backup:UpdateFramework" + "backup:UpdateFramework" ], "plan": [] } diff --git a/src/mapping/aws/resource/backup/aws_backup_global_settings.json b/src/mapping/aws/resource/backup/aws_backup_global_settings.json index c68cb715..3a679339 100644 --- a/src/mapping/aws/resource/backup/aws_backup_global_settings.json +++ b/src/mapping/aws/resource/backup/aws_backup_global_settings.json @@ -2,8 +2,8 @@ { "apply": [ "ec2:DescribeAccountAttributes", - "Backup:UpdateGlobalSettings", - "Backup:DescribeGlobalSettings" + "backup:UpdateGlobalSettings", + "backup:DescribeGlobalSettings" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/backup/aws_backup_logically_air_gapped_vault.json b/src/mapping/aws/resource/backup/aws_backup_logically_air_gapped_vault.json new file mode 100644 index 00000000..7d66b142 --- /dev/null +++ b/src/mapping/aws/resource/backup/aws_backup_logically_air_gapped_vault.json @@ -0,0 +1,47 @@ +[ + { + "apply": [ + "backup-storage:Mount", + "backup-storage:MountCapsule", + "backup:CreateLogicallyAirGappedBackupVault", + "backup:DeleteBackupVault", + "backup:DeleteBackupVaultAccessPolicy", + "backup:DeleteBackupVaultLockConfiguration", + "backup:DeleteBackupVaultNotifications", + "backup:DescribeBackupVault", + "backup:GetBackupVaultAccessPolicy", + "backup:GetBackupVaultAccessPolicy", + "backup:GetBackupVaultNotifications", + "backup:ListTags", + "backup:PutBackupVaultAccessPolicy", + "backup:PutBackupVaultLockConfiguration", + "backup:PutBackupVaultNotifications" + ], + "attributes": { + "tags": [ + "backup:TagResource", + "backup:UntagResource" + ] + }, + "destroy": [ + "backup:DeleteBackupVault" + ], + "modify": [ + "backup:DescribeBackupVault", + "backup:DeleteBackupVaultAccessPolicy", + "backup:DeleteBackupVaultNotifications", + "backup:DeleteBackupVaultLockConfiguration", + "backup:GetBackupVaultAccessPolicy", + "backup:ListTags", + "backup:PutBackupVaultAccessPolicy", + "backup:PutBackupVaultNotifications", + "backup:PutBackupVaultLockConfiguration" + ], + "plan": [ + "backup:DescribeBackupVault", + "backup:GetBackupVaultNotifications", + "backup:GetBackupVaultAccessPolicy", + "backup:ListTags" + ] + } +] diff --git a/src/mapping/aws/resource/backup/aws_backup_plan.json b/src/mapping/aws/resource/backup/aws_backup_plan.json index bd4a6755..4e976733 100644 --- a/src/mapping/aws/resource/backup/aws_backup_plan.json +++ b/src/mapping/aws/resource/backup/aws_backup_plan.json @@ -2,19 +2,19 @@ { "apply": [ "ec2:DescribeAccountAttributes", - "Backup:CreateBackupPlan", - "Backup:GetBackupPlan", - "Backup:ListTags", - "Backup:DeleteBackupPlan" + "backup:CreateBackupPlan", + "backup:GetBackupPlan", + "backup:ListTags", + "backup:DeleteBackupPlan" ], "attributes": { "tags": [ - "Backup:UntagResource", - "Backup:TagResource" + "backup:UntagResource", + "backup:TagResource" ] }, "destroy": [ - "Backup:UpdateBackupPlan" + "backup:UpdateBackupPlan" ], "modify": [], "plan": [] diff --git a/src/mapping/aws/resource/backup/aws_backup_region_settings.json b/src/mapping/aws/resource/backup/aws_backup_region_settings.json index 7a6c1816..e7c28e24 100644 --- a/src/mapping/aws/resource/backup/aws_backup_region_settings.json +++ b/src/mapping/aws/resource/backup/aws_backup_region_settings.json @@ -2,8 +2,8 @@ { "apply": [ "ec2:DescribeAccountAttributes", - "Backup:UpdateRegionSettings", - "Backup:DescribeRegionSettings" + "backup:UpdateRegionSettings", + "backup:DescribeRegionSettings" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/backup/aws_backup_report_plan.json b/src/mapping/aws/resource/backup/aws_backup_report_plan.json index 6d6568b8..5da77311 100644 --- a/src/mapping/aws/resource/backup/aws_backup_report_plan.json +++ b/src/mapping/aws/resource/backup/aws_backup_report_plan.json @@ -2,22 +2,26 @@ { "apply": [ "ec2:DescribeAccountAttributes", - "Backup:DescribeReportPlan", - "Backup:CreateReportPlan", - "Backup:DeleteReportPlan", + "backup:DescribeReportPlan", + "backup:CreateReportPlan", + "backup:DeleteReportPlan", "s3:ListBucket", - "Backup:ListTags" + "backup:ListTags", + "iam:CreateServiceLinkedRole", + "backup:UpdateReportPlan" ], "attributes": { "tags": [ - "Backup:UntagResource", - "Backup:TagResource" + "backup:UntagResource", + "backup:TagResource" ] }, "destroy": [ - "Backup:DeleteReportPlan" + "backup:DeleteReportPlan" + ], + "modify": [ + "backup:UpdateReportPlan" ], - "modify": [], "plan": [] } ] diff --git a/src/mapping/aws/resource/backup/aws_backup_restore_testing_plan.json b/src/mapping/aws/resource/backup/aws_backup_restore_testing_plan.json new file mode 100644 index 00000000..c52938c2 --- /dev/null +++ b/src/mapping/aws/resource/backup/aws_backup_restore_testing_plan.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "backup:CreateRestoreTestingPlan", + "backup:GetRestoreTestingPlan", + "backup:DeleteRestoreTestingPlan", + "backup:UpdateRestoreTestingPlan", + "backup:ListTags" + ], + "attributes": { + "tags": [ + "backup:TagResource", + "backup:UntagResource" + ] + }, + "destroy": [ + "backup:DeleteRestoreTestingPlan", + "backup:GetRestoreTestingPlan" + ], + "modify": [ + "backup:UpdateRestoreTestingPlan", + "backup:GetRestoreTestingPlan", + "backup:ListTags" + ], + "plan": [ + "backup:GetRestoreTestingPlan", + "backup:ListTags" + ] + } +] diff --git a/src/mapping/aws/resource/backup/aws_backup_selection.json b/src/mapping/aws/resource/backup/aws_backup_selection.json index d6385dd6..5ea84b75 100644 --- a/src/mapping/aws/resource/backup/aws_backup_selection.json +++ b/src/mapping/aws/resource/backup/aws_backup_selection.json @@ -2,18 +2,22 @@ { "apply": [ "ec2:DescribeAccountAttributes", - "Backup:CreateBackupSelection", - "Backup:DeleteBackupSelection", - "Backup:GetBackupSelection", - "iam:PassRole" + "backup:CreateBackupSelection", + "backup:DeleteBackupSelection", + "backup:GetBackupSelection", + "iam:GetRole", + "iam:PassRole", + "iam:CreateServiceLinkedRole" ], "attributes": { "tags": [] }, "destroy": [ - "Backup:DeleteBackupSelection" + "backup:DeleteBackupSelection" ], "modify": [], - "plan": [] + "plan": [ + "backup:GetBackupSelection" + ] } ] diff --git a/src/mapping/aws/resource/backup/aws_backup_vault_notifications.json b/src/mapping/aws/resource/backup/aws_backup_vault_notifications.json index c0cc56a0..a2363d36 100644 --- a/src/mapping/aws/resource/backup/aws_backup_vault_notifications.json +++ b/src/mapping/aws/resource/backup/aws_backup_vault_notifications.json @@ -8,7 +8,7 @@ }, "destroy": [ "backup:DeleteBackupVaultNotifications", - "Backup:GetBackupVaultNotifications" + "backup:GetBackupVaultNotifications" ], "modify": [], "plan": [] diff --git a/src/mapping/aws/resource/batch/aws_batch_compute_environment.json b/src/mapping/aws/resource/batch/aws_batch_compute_environment.json index 9da91240..7d8f688c 100644 --- a/src/mapping/aws/resource/batch/aws_batch_compute_environment.json +++ b/src/mapping/aws/resource/batch/aws_batch_compute_environment.json @@ -1,34 +1,38 @@ -[ - { - "apply": [ - "ec2:DescribeAccountAttributes", - "batch:CreateComputeEnvironment", - "batch:DeleteComputeEnvironment", - "batch:DescribeComputeEnvironments", - "iam:PassRole", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeKeyPairs", - "ec2:DescribeVpcs", - "ec2:DescribeImages", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeLaunchTemplateVersions", - "ecs:DescribeClusters", - "ecs:Describe*", - "ecs:List*" - ], - "attributes": { - "tags": [ - "batch:TagResource", - "batch:UntagResource" - ] - }, - "destroy": [ - "batch:DeleteComputeEnvironment" - ], - "modify": [ - "batch:UpdateComputeEnvironment" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DescribeAccountAttributes", + "batch:CreateComputeEnvironment", + "batch:DeleteComputeEnvironment", + "batch:DescribeComputeEnvironments", + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeKeyPairs", + "ec2:DescribeVpcs", + "ec2:DescribeImages", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ecs:DescribeClusters", + "ecs:Describe*", + "ecs:List*" + ], + "attributes": { + "eks_configuration": [ + "eks:DescribeCluster" + ], + "tags": [ + "batch:TagResource", + "batch:UntagResource" + ] + }, + "destroy": [ + "batch:DeleteComputeEnvironment" + ], + "modify": [ + "batch:UpdateComputeEnvironment" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/batch/aws_batch_job_definition.json b/src/mapping/aws/resource/batch/aws_batch_job_definition.json index d540e50f..f97aaca7 100644 --- a/src/mapping/aws/resource/batch/aws_batch_job_definition.json +++ b/src/mapping/aws/resource/batch/aws_batch_job_definition.json @@ -3,7 +3,8 @@ "apply": [ "batch:DeregisterJobDefinition", "batch:DescribeJobDefinitions", - "batch:RegisterJobDefinition" + "batch:RegisterJobDefinition", + "Iam:PassRole" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/batch/aws_batch_scheduling_policy.json b/src/mapping/aws/resource/batch/aws_batch_scheduling_policy.json index 04d3e788..07fff815 100644 --- a/src/mapping/aws/resource/batch/aws_batch_scheduling_policy.json +++ b/src/mapping/aws/resource/batch/aws_batch_scheduling_policy.json @@ -2,6 +2,7 @@ { "apply": [ "batch:CreateSchedulingPolicy", + "Batch:DescribeSchedulingPolicies", "batch:DeleteSchedulingPolicy" ], "attributes": { @@ -16,6 +17,8 @@ "modify": [ "batch:UpdateSchedulingPolicy" ], - "plan": [] + "plan": [ + "Batch:DescribeSchedulingPolicies" + ] } ] diff --git a/src/mapping/aws/resource/bcm-data-exports/aws_bcmdataexports_export.json b/src/mapping/aws/resource/bcm-data-exports/aws_bcmdataexports_export.json new file mode 100644 index 00000000..cba0d17e --- /dev/null +++ b/src/mapping/aws/resource/bcm-data-exports/aws_bcmdataexports_export.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "bcm-data-exports:CreateExport", + "bcm-data-exports:GetExport", + "bcm-data-exports:ListTagsForResource", + "cur:PutReportDefinition", + "bcm-data-exports:DeleteExport", + "bcm-data-exports:UpdateExport" + ], + "attributes": { + "tags": [ + "bcm-data-exports:TagResource", + "bcm-data-exports:UntagResource" + ] + }, + "destroy": [ + "bcm-data-exports:DeleteExport" + ], + "modify": [ + "bcm-data-exports:UpdateExport" + ], + "plan": [ + "bcm-data-exports:GetExport" + ] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrock_guardrail.json b/src/mapping/aws/resource/bedrock/aws_bedrock_guardrail.json new file mode 100644 index 00000000..9abcbd5a --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrock_guardrail.json @@ -0,0 +1,37 @@ +[ + { + "apply": [ + "bedrock:CreateGuardrail", + "bedrock:GetGuardrail", + "bedrock:ListTagsForResource", + "bedrock:DeleteGuardrail", + "bedrock:UpdateGuardrail" + ], + "attributes": { + "kms_key_arn": [ + "kms:DescribeKey", + "kms:CreateGrant", + "kms:GenerateDataKey", + "kms:Decrypt", + "kms:RetireGrant" + ], + "tags": [ + "bedrock:TagResource", + "bedrock:UntagResource" + ] + }, + "destroy": [ + "bedrock:DeleteGuardrail", + "bedrock:GetGuardrail" + ], + "modify": [ + "bedrock:UpdateGuardrail", + "bedrock:GetGuardrail", + "bedrock:ListTagsForResource" + ], + "plan": [ + "bedrock:GetGuardrail", + "bedrock:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrock_guardrail_version.json b/src/mapping/aws/resource/bedrock/aws_bedrock_guardrail_version.json new file mode 100644 index 00000000..a2a9cfdf --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrock_guardrail_version.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "bedrock:CreateGuardrailVersion", + "bedrock:GetGuardrail", + "kms:CreateGrant", + "kms:Decrypt" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "bedrock:DeleteGuardrail", + "bedrock:GetGuardrail", + "kms:RetireGrant" + ], + "modify": [], + "plan": [ + "bedrock:GetGuardrail", + "kms:Decrypt" + ] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrock_inference_profile.json b/src/mapping/aws/resource/bedrock/aws_bedrock_inference_profile.json new file mode 100644 index 00000000..9b45569d --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrock_inference_profile.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "bedrock:CreateInferenceProfile", + "bedrock:GetInferenceProfile", + "bedrock:ListTagsForResource", + "bedrock:DeleteInferenceProfile" + ], + "attributes": { + "tags": [ + "bedrock:TagResource", + "bedrock:UntagResource" + ] + }, + "destroy": [ + "bedrock:DeleteInferenceProfile", + "bedrock:GetInferenceProfile" + ], + "modify": [ + "bedrock:GetInferenceProfile", + "bedrock:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent.json b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent.json index 7ff04028..0e9803e7 100644 --- a/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent.json +++ b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent.json @@ -6,10 +6,21 @@ "bedrock:UpdateAgent", "iam:PassRole", "bedrock:GetAgent", - "bedrock:PrepareAgent" + "bedrock:PrepareAgent", + "bedrock:ListTagsForResource" ], "attributes": { - "tags": [] + "customer_encryption_key_arn": [ + "kms:GenerateDataKeyWithoutPlainText", + "kms:ReEncryptFrom", + "kms:ReEncryptTo", + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "tags": [ + "bedrock:TagResource", + "bedrock:UntagResource" + ] }, "destroy": [ "bedrock:DeleteAgent" @@ -17,6 +28,8 @@ "modify": [ "bedrock:UpdateAgent" ], - "plan": [] + "plan": [ + "bedrock:GetAgent" + ] } ] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_alias.json b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_alias.json index dcf8b637..d51c83f8 100644 --- a/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_alias.json +++ b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_alias.json @@ -4,10 +4,16 @@ "bedrock:CreateAgentAlias", "bedrock:DeleteAgentAlias", "bedrock:UpdateAgentAlias", - "bedrock:GetAgentAlias" + "bedrock:GetAgentAlias", + "bedrock:ListTagsForResource", + "bedrock:PrepareAgent", + "bedrock:GetAgent" ], "attributes": { - "tags": [] + "tags": [ + "bedrock:TagResource", + "bedrock:UntagResource" + ] }, "destroy": [ "bedrock:DeleteAgentAlias" diff --git a/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_collaborator.json b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_collaborator.json new file mode 100644 index 00000000..a24a8dfa --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_collaborator.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "bedrock:GetAgentCollaborator", + "bedrock:ListAgentCollaborators", + "bedrock:AssociateAgentCollaborator", + "bedrock:DisassociateAgentCollaborator", + "bedrock:UpdateAgentCollaborator" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [ + "bedrock:AssociateAgentCollaborator", + "bedrock:GetAgentCollaborator", + "bedrock:ListAgentCollaborators", + "bedrock:DisassociateAgentCollaborator", + "bedrock:UpdateAgentCollaborator" + ], + "plan": [ + "bedrock:GetAgentCollaborator", + "bedrock:ListAgentCollaborators" + ] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_knowledge_base_association.json b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_knowledge_base_association.json new file mode 100644 index 00000000..2971ecae --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrockagent_agent_knowledge_base_association.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "bedrock:DisassociateAgentKnowledgeBase", + "bedrock:AssociateAgentKnowledgeBase", + "bedrock:GetAgentKnowledgeBase", + "bedrock:UpdateAgentKnowledgeBase" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrockagent_data_source.json b/src/mapping/aws/resource/bedrock/aws_bedrockagent_data_source.json new file mode 100644 index 00000000..7518783a --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrockagent_data_source.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "bedrock:CreateDataSource", + "bedrock:GetDataSource", + "bedrock:GetKnowledgeBase", + "bedrock:UpdateDataSource", + "bedrock:DeleteDataSource" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "bedrock:DeleteDataSource" + ], + "modify": [ + "bedrock:UpdateDataSource" + ], + "plan": [ + "bedrock:GetDataSource" + ] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrockagent_knowledge_base.json b/src/mapping/aws/resource/bedrock/aws_bedrockagent_knowledge_base.json new file mode 100644 index 00000000..465f7b65 --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrockagent_knowledge_base.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "bedrock:CreateKnowledgeBase", + "bedrock:GetKnowledgeBase", + "bedrock:DeleteKnowledgeBase", + "bedrock:ListTagsForResource", + "bedrock:AssociateThirdPartyKnowledgeBase", + "iam:PassRole", + "bedrock:UpdateKnowledgeBase" + ], + "attributes": { + "tags": [ + "bedrock:TagResource", + "bedrock:UntagResource" + ] + }, + "destroy": [ + "bedrock:DeleteKnowledgeBase" + ], + "modify": [ + "bedrock:UpdateKnowledgeBase" + ], + "plan": [ + "bedrock:GetKnowledgeBase" + ] + } +] diff --git a/src/mapping/aws/resource/bedrock/aws_bedrockagent_prompt.json b/src/mapping/aws/resource/bedrock/aws_bedrockagent_prompt.json new file mode 100644 index 00000000..82e8cc9d --- /dev/null +++ b/src/mapping/aws/resource/bedrock/aws_bedrockagent_prompt.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "bedrock:CreatePrompt", + "bedrock:DeletePrompt", + "bedrock:UpdatePrompt", + "bedrock:GetPrompt", + "bedrock:ListTagsForResource" + ], + "attributes": { + "customer_encryption_key_arn": [ + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "bedrock:UntagResource", + "bedrock:TagResource" + ] + }, + "destroy": [ + "bedrock:DeletePrompt" + ], + "modify": [ + "bedrock:UpdatePrompt" + ], + "plan": [ + "bedrock:GetPrompt" + ] + } +] diff --git a/src/mapping/aws/resource/budgets/aws_budgets_budget_action.json b/src/mapping/aws/resource/budgets/aws_budgets_budget_action.json index e8803f3e..805df86f 100644 --- a/src/mapping/aws/resource/budgets/aws_budgets_budget_action.json +++ b/src/mapping/aws/resource/budgets/aws_budgets_budget_action.json @@ -4,10 +4,15 @@ "budgets:CreateBudgetAction", "budgets:DescribeBudgetAction", "budgets:DeleteBudgetAction", - "budgets:UpdateBudgetAction" + "budgets:UpdateBudgetAction", + "budgets:ListTagsForResource", + "iam:PassRole" ], "attributes": { - "tags": [] + "tags": [ + "budgets:TagResource", + "budgets:UntagResource" + ] }, "destroy": [ "budgets:DeleteBudgetAction" diff --git a/src/mapping/aws/resource/cassandra/aws_keyspaces_keyspace.json b/src/mapping/aws/resource/cassandra/aws_keyspaces_keyspace.json new file mode 100644 index 00000000..63e10eac --- /dev/null +++ b/src/mapping/aws/resource/cassandra/aws_keyspaces_keyspace.json @@ -0,0 +1,36 @@ +[ + { + "apply": [ + "cassandra:Create", + "cassandra:Drop", + "cassandra:Alter", + "cassandra:Select" + ], + "attributes": { + "tags": [ + "cassandra:TagResource", + "cassandra:UntagResource" + ] + }, + "destroy": [ + "cassandra:Drop" + ], + "modify": [ + "cassandra:Alter", + "cassandra:Modify", + "cassandra:Select", + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm", + "iam:CreateServiceLinkedRole" + ], + "plan": [ + "cassandra:Select" + ] + } +] diff --git a/src/mapping/aws/resource/cassandra/aws_keyspaces_table.json b/src/mapping/aws/resource/cassandra/aws_keyspaces_table.json new file mode 100644 index 00000000..883b12d1 --- /dev/null +++ b/src/mapping/aws/resource/cassandra/aws_keyspaces_table.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "cassandra:Create", + "cassandra:Select", + "cassandra:Drop", + "cassandra:Alter" + ], + "attributes": { + "encryption_specification": [ + "kms:CreateGrant", + "kms:DescribeKey", + "kms:Encrypt", + "kms:Decrypt" + ], + "tags": [ + "cassandra:TagResource", + "cassandra:UntagResource" + ] + }, + "destroy": [ + "cassandra:Drop" + ], + "modify": [ + "cassandra:Alter" + ], + "plan": [ + "cassandra:Select" + ] + } +] diff --git a/src/mapping/aws/resource/ce/aws_ce_anomaly_monitor.json b/src/mapping/aws/resource/ce/aws_ce_anomaly_monitor.json index 8fc4f750..cd59f357 100644 --- a/src/mapping/aws/resource/ce/aws_ce_anomaly_monitor.json +++ b/src/mapping/aws/resource/ce/aws_ce_anomaly_monitor.json @@ -19,6 +19,9 @@ "modify": [ "ce:UpdateAnomalyMonitor" ], - "plan": [] + "plan": [ + "ce:GetAnomalyMonitors", + "ce:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/ce/aws_ce_anomaly_subscription.json b/src/mapping/aws/resource/ce/aws_ce_anomaly_subscription.json index 42f1a267..35b18bbe 100644 --- a/src/mapping/aws/resource/ce/aws_ce_anomaly_subscription.json +++ b/src/mapping/aws/resource/ce/aws_ce_anomaly_subscription.json @@ -4,7 +4,8 @@ "ce:CreateAnomalySubscription", "ce:GetAnomalySubscriptions", "ce:DeleteAnomalySubscription", - "ce:UpdateAnomalySubscription" + "ce:UpdateAnomalySubscription", + "ce:ListTagsForResource" ], "attributes": { "tags": [ @@ -18,6 +19,9 @@ "modify": [ "ce:UpdateAnomalySubscription" ], - "plan": [] + "plan": [ + "ce:GetAnomalySubscriptions", + "ce:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/ce/aws_ce_cost_category.json b/src/mapping/aws/resource/ce/aws_ce_cost_category.json index 023abb2e..ee351716 100644 --- a/src/mapping/aws/resource/ce/aws_ce_cost_category.json +++ b/src/mapping/aws/resource/ce/aws_ce_cost_category.json @@ -7,7 +7,10 @@ "ce:UpdateCostCategoryDefinition" ], "attributes": { - "tags": [] + "tags": [ + "ce:TagResource", + "ce:UntagResource" + ] }, "destroy": [ "ce:DeleteCostCategoryDefinition" @@ -15,6 +18,9 @@ "modify": [ "ce:UpdateCostCategoryDefinition" ], - "plan": [] + "plan": [ + "ce:DescribeCostCategoryDefinition", + "ce:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/chatbot/aws_chatbot_slack_channel_configuration.json b/src/mapping/aws/resource/chatbot/aws_chatbot_slack_channel_configuration.json new file mode 100644 index 00000000..f7d89c50 --- /dev/null +++ b/src/mapping/aws/resource/chatbot/aws_chatbot_slack_channel_configuration.json @@ -0,0 +1,37 @@ +[ + { + "apply": [ + "chatbot:CreateSlackChannelConfiguration", + "chatbot:AssociateToConfiguration", + "chatbot:DisassociateFromConfiguration", + "chatbot:ListAssociations", + "chatbot:DeleteSlackChannelConfiguration", + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:UpdateSlackChannelConfiguration" + ], + "attributes": { + "iam_role_arn": [ + "iam:PassRole", + "iam:CreateServiceLinkedRole" + ], + "tags": [ + "chatbot:TagResource", + "chatbot:UntagResource" + ] + }, + "destroy": [ + "chatbot:DeleteSlackChannelConfiguration", + "chatbot:DisassociateFromConfiguration", + "chatbot:ListAssociations" + ], + "modify": [ + "chatbot:UpdateSlackChannelConfiguration", + "chatbot:AssociateToConfiguration", + "chatbot:DisassociateFromConfiguration", + "chatbot:ListAssociations" + ], + "plan": [ + "chatbot:DescribeSlackChannelConfigurations" + ] + } +] diff --git a/src/mapping/aws/resource/chatbot/aws_chatbot_teams_channel_configuration.json b/src/mapping/aws/resource/chatbot/aws_chatbot_teams_channel_configuration.json new file mode 100644 index 00000000..163005b9 --- /dev/null +++ b/src/mapping/aws/resource/chatbot/aws_chatbot_teams_channel_configuration.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "chatbot:CreateMicrosoftTeamsChannelConfiguration", + "chatbot:GetMicrosoftTeamsChannelConfiguration", + "chatbot:DeleteMicrosoftTeamsChannelConfiguration", + "chatbot:UpdateMicrosoftTeamsChannelConfiguration", + "chatbot:ListTagsForResource" + ], + "attributes": { + "iam_role_arn": [ + "iam:PassRole", + "iam:CreateServiceLinkedRole" + ], + "tags": [ + "chatbot:TagResource", + "chatbot:UntagResource" + ] + }, + "destroy": [ + "chatbot:DeleteMicrosoftTeamsChannelConfiguration" + ], + "modify": [ + "chatbot:UpdateMicrosoftTeamsChannelConfiguration" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_collaboration.json b/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_collaboration.json new file mode 100644 index 00000000..656b2ffa --- /dev/null +++ b/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_collaboration.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "cleanrooms:CreateCollaboration", + "cleanrooms:GetCollaboration", + "cleanrooms:ListMembers", + "cleanrooms:ListTagsForResource", + "cleanrooms:GetCollaboration", + "cleanrooms:ListCollaborations", + "cleanrooms:DeleteCollaboration", + "cleanrooms:UpdateCollaboration" + ], + "attributes": { + "tags": [ + "cleanrooms:TagResource", + "cleanrooms:UntagResource" + ] + }, + "destroy": [ + "cleanrooms:DeleteCollaboration" + ], + "modify": [ + "cleanrooms:UpdateCollaboration" + ], + "plan": [ + "cleanrooms:GetCollaboration" + ] + } +] diff --git a/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_configured_table.json b/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_configured_table.json new file mode 100644 index 00000000..dc51b8fd --- /dev/null +++ b/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_configured_table.json @@ -0,0 +1,43 @@ +[ + { + "apply": [ + "cleanrooms:CreateConfiguredTable", + "cleanrooms:DeleteConfiguredTable", + "cleanrooms:DeleteConfiguredTableAnalysisRule", + "cleanrooms:CreateConfiguredTableAnalysisRule", + "cleanrooms:GetConfiguredTable", + "cleanrooms:GetConfiguredTableAnalysisRule", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition", + "glue:GetSchemaVersion", + "cleanrooms:ListTagsForResource", + "cleanrooms:ListConfiguredTables", + "cleanrooms:UpdateConfiguredTable", + "cleanrooms:UpdateConfiguredTableAnalysisRule", + "athena:GetTableMetadata" + ], + "attributes": { + "tags": [ + "cleanrooms:TagResource", + "cleanrooms:UntagResource" + ] + }, + "destroy": [ + "cleanrooms:DeleteConfiguredTable" + ], + "modify": [ + "cleanrooms:UpdateConfiguredTable", + "cleanrooms:UpdateConfiguredTableAnalysisRule" + ], + "plan": [ + "cleanrooms:GetConfiguredTable", + "cleanrooms:GetConfiguredTableAnalysisRule", + "cleanrooms:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_membership.json b/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_membership.json new file mode 100644 index 00000000..1cccd8ec --- /dev/null +++ b/src/mapping/aws/resource/cleanrooms/aws_cleanrooms_membership.json @@ -0,0 +1,61 @@ +[ + { + "apply": [ + "cleanrooms:CreateMembership", + "cleanrooms:GetMembership", + "cleanrooms:ListTagsForResource", + "cleanrooms:ListMemberships", + "cleanrooms:DeleteMembership", + "cleanrooms:UpdateMembership", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:PutResourcePolicy", + "logs:CreateLogGroup", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "cleanrooms:TagResource", + "cleanrooms:UntagResource" + ] + }, + "destroy": [ + "cleanrooms:DeleteMembership", + "cleanrooms:GetMembership", + "cleanrooms:ListMemberships", + "cleanrooms:ListTagsForResource", + "logs:ListLogDeliveries", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery" + ], + "modify": [ + "cleanrooms:UpdateMembership", + "cleanrooms:GetMembership", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:PutResourcePolicy", + "logs:CreateLogGroup", + "cleanrooms:ListTagsForResource", + "iam:PassRole" + ], + "plan": [ + "cleanrooms:GetMembership", + "cleanrooms:ListTagsForResource", + "logs:ListLogDeliveries", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery" + ] + } +] diff --git a/src/mapping/aws/resource/cloud9/aws_cloud9_environment_membership.json b/src/mapping/aws/resource/cloud9/aws_cloud9_environment_membership.json new file mode 100644 index 00000000..1bfe22ab --- /dev/null +++ b/src/mapping/aws/resource/cloud9/aws_cloud9_environment_membership.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloud9:CreateEnvironmentMembership", + "cloud9:DeleteEnvironmentMembership", + "cloud9:UpdateEnvironmentMembership", + "cloud9:DescribeEnvironmentMemberships" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudformation/aws_cloudcontrolapi_resource.json b/src/mapping/aws/resource/cloudformation/aws_cloudcontrolapi_resource.json new file mode 100644 index 00000000..5e773208 --- /dev/null +++ b/src/mapping/aws/resource/cloudformation/aws_cloudcontrolapi_resource.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudformation:GetResource", + "cloudformation:UpdateResource", + "cloudformation:DeleteResource", + "cloudformation:CreateResource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudformation/aws_cloudformation_stack.json b/src/mapping/aws/resource/cloudformation/aws_cloudformation_stack.json index ddfbf404..936c457d 100644 --- a/src/mapping/aws/resource/cloudformation/aws_cloudformation_stack.json +++ b/src/mapping/aws/resource/cloudformation/aws_cloudformation_stack.json @@ -8,16 +8,26 @@ "cloudformation:DescribeStacks", "cloudformation:GetTemplate", "cloudformation:DeleteStack", - "cloudformation:UpdateStack" + "cloudformation:UpdateStack", + "cloudformation:UpdateTerminationProtection" ], "attributes": { + "iam_role_arn": [ + "iam:PassRole" + ], + "policy_url": [ + "cloudformation:SetStackPolicy", + "cloudformation:GetStackPolicy" + ], "tags": [] }, "destroy": [ "cloudformation:DeleteStack" ], "modify": [ - "cloudformation:UpdateStack" + "cloudformation:UpdateStack", + "cloudformation:UpdateTerminationProtection", + "cloudformation:SetStackPolicy" ], "plan": [] } diff --git a/src/mapping/aws/resource/cloudformation/aws_cloudformation_stack_instances.json b/src/mapping/aws/resource/cloudformation/aws_cloudformation_stack_instances.json new file mode 100644 index 00000000..b5a8dfd7 --- /dev/null +++ b/src/mapping/aws/resource/cloudformation/aws_cloudformation_stack_instances.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudformation:UpdateStackInstances", + "cloudformation:DeleteStackInstances", + "cloudformation:CreateStackInstances", + "cloudformation:ListStackInstances" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_key.json b/src/mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_key.json new file mode 100644 index 00000000..3e363f92 --- /dev/null +++ b/src/mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_key.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "cloudfront-keyvaluestore:DescribeKeyValueStore", + "cloudfront-keyvaluestore:PutKey", + "cloudfront-keyvaluestore:GetKey" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_keys_exclusive.json b/src/mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_keys_exclusive.json new file mode 100644 index 00000000..e9eaf4ba --- /dev/null +++ b/src/mapping/aws/resource/cloudfront-keyvaluestore/aws_cloudfrontkeyvaluestore_keys_exclusive.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "cloudfront-keyvaluestore:DescribeKeyValueStore", + "cloudfront-keyvaluestore:ListKeys", + "cloudfront-keyvaluestore:UpdateKeys" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_distribution.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_distribution.json index bbbe5c67..4d4e073a 100644 --- a/src/mapping/aws/resource/cloudfront/aws_cloudfront_distribution.json +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_distribution.json @@ -6,7 +6,10 @@ "ec2:DescribeAccountAttributes", "cloudfront:CreateDistribution", "cloudfront:DeleteDistribution", - "cloudfront:UpdateDistribution" + "cloudfront:UpdateDistribution", + "cloudfront:GetDistributionConfig", + "cloudfront:CreateDistributionWithTags", + "cloudfront:UpdateDistributionWithStagingConfig" ], "attributes": { "tags": [ @@ -15,10 +18,12 @@ ] }, "destroy": [ - "cloudfront:DeleteDistribution" + "cloudfront:DeleteDistribution", + "cloudfront:GetDistributionConfig" ], "modify": [ - "cloudfront:UpdateDistribution" + "cloudfront:UpdateDistribution", + "cloudfront:UpdateDistributionWithStagingConfig" ], "plan": [] } diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_key_group.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_key_group.json index 0ed54d63..e49e2c79 100644 --- a/src/mapping/aws/resource/cloudfront/aws_cloudfront_key_group.json +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_key_group.json @@ -3,7 +3,8 @@ "apply": [ "cloudfront:CreateKeyGroup", "cloudfront:GetKeyGroup", - "cloudfront:DeleteKeyGroup" + "cloudfront:DeleteKeyGroup", + "cloudfront:UpdateKeyGroup" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_key_value_store.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_key_value_store.json new file mode 100644 index 00000000..7b72d22c --- /dev/null +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_key_value_store.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "cloudfront:CreateKeyValueStore", + "cloudfront:DescribeKeyValueStore", + "cloudfront:DeleteKeyValueStore", + "cloudfront:UpdateKeyValueStore" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudfront:DeleteKeyValueStore" + ], + "modify": [ + "cloudfront:UpdateKeyValueStore" + ], + "plan": [ + "cloudfront:DescribeKeyValueStore" + ] + } +] diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_origin_access_control.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_origin_access_control.json index 1535d0c2..6d93320b 100644 --- a/src/mapping/aws/resource/cloudfront/aws_cloudfront_origin_access_control.json +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_origin_access_control.json @@ -3,7 +3,8 @@ "apply": [ "cloudfront:CreateOriginAccessControl", "cloudfront:GetOriginAccessControl", - "cloudfront:DeleteOriginAccessControl" + "cloudfront:DeleteOriginAccessControl", + "cloudfront:UpdateOriginAccessControl" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_public_key.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_public_key.json index 872fcc3b..d17d44e5 100644 --- a/src/mapping/aws/resource/cloudfront/aws_cloudfront_public_key.json +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_public_key.json @@ -3,7 +3,8 @@ "apply": [ "cloudfront:CreatePublicKey", "cloudfront:GetPublicKey", - "cloudfront:DeletePublicKey" + "cloudfront:DeletePublicKey", + "cloudfront:UpdatePublicKey" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_realtime_log_config.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_realtime_log_config.json new file mode 100644 index 00000000..87d4ebc2 --- /dev/null +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_realtime_log_config.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "cloudfront:CreateRealtimeLogConfig", + "cloudfront:UpdateRealtimeLogConfig", + "cloudfront:GetRealtimeLogConfig", + "cloudfront:DeleteRealtimeLogConfig" + ], + "attributes": { + "role_arn": [ + "iam:PassRole" + ], + "tags": [] + }, + "destroy": [ + "cloudfront:DeleteRealtimeLogConfig" + ], + "modify": [ + "cloudfront:UpdateRealtimeLogConfig" + ], + "plan": [ + "cloudfront:GetRealtimeLogConfig" + ] + } +] diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_response_headers_policy.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_response_headers_policy.json index 6819d5d0..14d450c4 100644 --- a/src/mapping/aws/resource/cloudfront/aws_cloudfront_response_headers_policy.json +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_response_headers_policy.json @@ -3,7 +3,8 @@ "apply": [ "cloudfront:CreateResponseHeadersPolicy", "cloudfront:GetResponseHeadersPolicy", - "cloudfront:DeleteResponseHeadersPolicy" + "cloudfront:DeleteResponseHeadersPolicy", + "cloudfront:UpdateResponseHeadersPolicy" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/cloudfront/aws_cloudfront_vpc_origin.json b/src/mapping/aws/resource/cloudfront/aws_cloudfront_vpc_origin.json new file mode 100644 index 00000000..315c4578 --- /dev/null +++ b/src/mapping/aws/resource/cloudfront/aws_cloudfront_vpc_origin.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "cloudfront:GetVpcOrigin", + "cloudfront:CreateVpcOrigin", + "cloudfront:DeleteVpcOrigin", + "cloudfront:UpdateVpcOrigin", + "cloudfront:ListTagsForResource" + ], + "attributes": { + "tags": [ + "cloudfront:TagResource", + "cloudfront:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_cluster.json b/src/mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_cluster.json new file mode 100644 index 00000000..a0d0fe33 --- /dev/null +++ b/src/mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_cluster.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "cloudhsm:DescribeClusters", + "cloudhsm:CreateCluster", + "cloudhsm:DeleteCluster", + "cloudhsm:ModifyCluster", + "cloudhsm:ListTags" + ], + "attributes": { + "tags": [ + "cloudhsm:TagResource", + "cloudhsm:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_hsm.json b/src/mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_hsm.json new file mode 100644 index 00000000..d09beb53 --- /dev/null +++ b/src/mapping/aws/resource/cloudhsm/aws_cloudhsm_v2_hsm.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cloudhsm:CreateHsm", + "cloudhsm:DeleteHsm" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudtrail/aws_cloudtrail_event_data_store.json b/src/mapping/aws/resource/cloudtrail/aws_cloudtrail_event_data_store.json index 4e97c919..12f9b06a 100644 --- a/src/mapping/aws/resource/cloudtrail/aws_cloudtrail_event_data_store.json +++ b/src/mapping/aws/resource/cloudtrail/aws_cloudtrail_event_data_store.json @@ -1,22 +1,41 @@ -[ - { - "apply": [ - "cloudtrail:CreateEventDataStore", - "cloudtrail:AddTags", - "cloudtrail:GetEventDataStore", - "cloudtrail:ListTags", - "cloudtrail:DeleteEventDataStore", - "cloudtrail:UpdateEventDataStore" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "cloudtrail:DeleteEventDataStore" - ], - "modify": [ - "cloudtrail:UpdateEventDataStore" - ], - "plan": [] - } -] +[ + { + "apply": [ + "cloudtrail:CreateEventDataStore", + "cloudtrail:AddTags", + "cloudtrail:GetEventDataStore", + "cloudtrail:ListTags", + "cloudtrail:ListEventDataStores", + "cloudtrail:DeleteEventDataStore", + "cloudtrail:UpdateEventDataStore", + "cloudtrail:RestoreEventDataStore" + ], + "attributes": { + "kms_key_id": [ + "kms:GenerateDataKey", + "kms:Decrypt", + "kms:DescribeKey" + ], + "multi_region_enabled": [ + "cloudtrail:EnableFederation", + "cloudtrail:DisableFederation" + ], + "organization_enabled": [ + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization" + ], + "tags": [ + "cloudtrail:AddTags", + "cloudtrail:RemoveTags" + ] + }, + "destroy": [ + "cloudtrail:DeleteEventDataStore" + ], + "modify": [ + "cloudtrail:UpdateEventDataStore", + "cloudtrail:RestoreEventDataStore" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudtrail/aws_cloudtrail_organization_delegated_admin_account.json b/src/mapping/aws/resource/cloudtrail/aws_cloudtrail_organization_delegated_admin_account.json new file mode 100644 index 00000000..e9b885d6 --- /dev/null +++ b/src/mapping/aws/resource/cloudtrail/aws_cloudtrail_organization_delegated_admin_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cloudtrail:DeregisterOrganizationDelegatedAdmin", + "cloudtrail:RegisterOrganizationDelegatedAdmin" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_insight_rule.json b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_insight_rule.json new file mode 100644 index 00000000..4013abe5 --- /dev/null +++ b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_insight_rule.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "cloudwatch:PutInsightRule", + "cloudwatch:DescribeInsightRules", + "cloudwatch:ListTagsForResource", + "cloudwatch:DeleteInsightRules" + ], + "attributes": { + "tags": [ + "cloudwatch:TagResource", + "cloudwatch:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_managed_insight_rule.json b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_managed_insight_rule.json new file mode 100644 index 00000000..e5aee0ec --- /dev/null +++ b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_managed_insight_rule.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudwatch:ListManagedInsightRules", + "cloudwatch:ListTagsForResource", + "cloudwatch:DeleteInsightRules", + "cloudwatch:PutManagedInsightRules" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_api_destination.json b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_api_destination.json index b9414fe0..b01f787a 100644 --- a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_api_destination.json +++ b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_api_destination.json @@ -4,7 +4,8 @@ "ec2:DescribeAccountAttributes", "events:CreateApiDestination", "events:DescribeApiDestination", - "events:DeleteApiDestination" + "events:DeleteApiDestination", + "events:UpdateApiDestination" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_archive.json b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_archive.json index 6fe7c3e3..4ca3065b 100644 --- a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_archive.json +++ b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_archive.json @@ -4,7 +4,8 @@ "ec2:DescribeAccountAttributes", "events:CreateArchive", "events:DescribeArchive", - "events:DeleteArchive" + "events:DeleteArchive", + "events:UpdateArchive" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_bus.json b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_bus.json index fd1b25d2..41bae441 100644 --- a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_bus.json +++ b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_bus.json @@ -1,21 +1,33 @@ -[ - { - "apply": [ - "events:CreateEventBus", - "events:DescribeEventBus", - "events:ListTagsForResource", - "events:DeleteEventBus" - ], - "attributes": { - "tags": [ - "events:TagResource", - "events:UntagResource" - ] - }, - "destroy": [ - "events:DeleteEventBus" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "events:CreateEventBus", + "events:DescribeEventBus", + "events:ListTagsForResource", + "events:DeleteEventBus", + "events:UpdateEventBus", + "events:RemovePermission", + "events:PutPermission" + ], + "attributes": { + "kms_key_identifier": [ + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "events:TagResource", + "events:UntagResource" + ] + }, + "destroy": [ + "events:DeleteEventBus", + "events:UpdateEventBus", + "events:RemovePermission" + ], + "modify": [ + "events:PutPermission" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_connection.json b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_connection.json index d7d4e0a2..2f069485 100644 --- a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_connection.json +++ b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_event_connection.json @@ -20,7 +20,10 @@ "secretsmanager:DeleteSecret" ], "modify": [ - "events:UpdateConnection" + "events:UpdateConnection", + "secretsmanager:UpdateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue" ], "plan": [] } diff --git a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_metric_stream.json b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_metric_stream.json index 028c6bb2..e0a63402 100644 --- a/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_metric_stream.json +++ b/src/mapping/aws/resource/cloudwatch/aws_cloudwatch_metric_stream.json @@ -16,7 +16,14 @@ "destroy": [ "cloudwatch:DeleteMetricStream" ], - "modify": [], - "plan": [] + "modify": [ + "cloudwatch:PutMetricStream", + "cloudwatch:GetMetricStream", + "iam:PassRole" + ], + "plan": [ + "cloudwatch:GetMetricStream", + "cloudwatch:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/codeartifact/aws_codeartifact_repository.json b/src/mapping/aws/resource/codeartifact/aws_codeartifact_repository.json index 28dabb46..5f32055e 100644 --- a/src/mapping/aws/resource/codeartifact/aws_codeartifact_repository.json +++ b/src/mapping/aws/resource/codeartifact/aws_codeartifact_repository.json @@ -1,20 +1,23 @@ -[ - { - "apply": [ - "codeartifact:CreateRepository", - "codeartifact:DescribeRepository", - "codeartifact:DeleteRepository" - ], - "attributes": { - "tags": [ - "codeartifact:TagResource", - "codeartifact:UntagResource" - ] - }, - "destroy": [], - "modify": [ - "codeartifact:UpdateRepository" - ], - "plan": [] - } -] +[ + { + "apply": [ + "codeartifact:CreateRepository", + "codeartifact:DescribeRepository", + "codeartifact:DeleteRepository", + "codeartifact:UpdateRepository" + ], + "attributes": { + "tags": [ + "codeartifact:TagResource", + "codeartifact:UntagResource" + ] + }, + "destroy": [ + "codeartifact:DeleteRepository" + ], + "modify": [ + "codeartifact:UpdateRepository" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/codebuild/aws_codebuild_fleet.json b/src/mapping/aws/resource/codebuild/aws_codebuild_fleet.json new file mode 100644 index 00000000..0d12775b --- /dev/null +++ b/src/mapping/aws/resource/codebuild/aws_codebuild_fleet.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "codebuild:BatchGetFleets", + "codebuild:CreateFleet", + "codebuild:UpdateFleet", + "codebuild:DeleteFleet", + "iam:PassRole" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "codebuild:BatchGetFleets", + "codebuild:DeleteFleet" + ], + "modify": [ + "codebuild:BatchGetFleets", + "codebuild:UpdateFleet", + "iam:PassRole" + ], + "plan": [ + "codebuild:BatchGetFleets" + ] + } +] diff --git a/src/mapping/aws/resource/codeconnections/aws_codeconnections_connection.json b/src/mapping/aws/resource/codeconnections/aws_codeconnections_connection.json new file mode 100644 index 00000000..005c4f7f --- /dev/null +++ b/src/mapping/aws/resource/codeconnections/aws_codeconnections_connection.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "codeconnections:GetConnection", + "codeconnections:CreateConnection", + "codeconnections:ListTagsForResource", + "codeconnections:DeleteConnection" + ], + "attributes": { + "tags": [ + "codeconnections:TagResource", + "codeconnections:UntagResource" + ] + }, + "destroy": [ + "codeconnections:DeleteConnection" + ], + "modify": [ + "codeconnections:ListTagsForResource" + ], + "plan": [ + "codeconnections:GetConnection", + "codeconnections:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/codeconnections/aws_codeconnections_host.json b/src/mapping/aws/resource/codeconnections/aws_codeconnections_host.json new file mode 100644 index 00000000..8b162cb7 --- /dev/null +++ b/src/mapping/aws/resource/codeconnections/aws_codeconnections_host.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "codeconnections:GetHost", + "codeconnections:CreateHost", + "codeconnections:DeleteHost", + "codeconnections:UpdateHost", + "codeconnections:ListTagsForResource" + ], + "attributes": { + "tags": [ + "codeconnections:TagResource", + "codeconnections:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/codeguru-profiler/aws_codeguruprofiler_profiling_group.json b/src/mapping/aws/resource/codeguru-profiler/aws_codeguruprofiler_profiling_group.json index 47d98501..17a3a497 100644 --- a/src/mapping/aws/resource/codeguru-profiler/aws_codeguruprofiler_profiling_group.json +++ b/src/mapping/aws/resource/codeguru-profiler/aws_codeguruprofiler_profiling_group.json @@ -4,7 +4,8 @@ "codeguru-profiler:UpdateProfilingGroup", "codeguru-profiler:DeleteProfilingGroup", "codeguru-profiler:CreateProfilingGroup", - "codeguru-profiler:DescribeProfilingGroup" + "codeguru-profiler:DescribeProfilingGroup", + "codeguru-profiler:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/codepipeline/aws_codepipeline.json b/src/mapping/aws/resource/codepipeline/aws_codepipeline.json index 9eabf00b..0ff63863 100644 --- a/src/mapping/aws/resource/codepipeline/aws_codepipeline.json +++ b/src/mapping/aws/resource/codepipeline/aws_codepipeline.json @@ -1,22 +1,23 @@ -[ - { - "apply": [ - "codepipeline:CreatePipeline", - "iam:PassRole", - "codepipeline:GetPipeline", - "codepipeline:ListTagsForResource", - "codepipeline:DeletePipeline" - ], - "attributes": { - "tags": [ - "codepipeline:TagResource", - "codepipeline:UntagResource" - ] - }, - "destroy": [ - "codepipeline:DeletePipeline" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "codepipeline:CreatePipeline", + "iam:GetRole", + "iam:PassRole", + "codepipeline:GetPipeline", + "codepipeline:ListTagsForResource", + "codepipeline:DeletePipeline" + ], + "attributes": { + "tags": [ + "codepipeline:TagResource", + "codepipeline:UntagResource" + ] + }, + "destroy": [ + "codepipeline:DeletePipeline" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/codepipeline/aws_codepipeline_custom_action_type.json b/src/mapping/aws/resource/codepipeline/aws_codepipeline_custom_action_type.json index b0ad141c..9cfebe86 100644 --- a/src/mapping/aws/resource/codepipeline/aws_codepipeline_custom_action_type.json +++ b/src/mapping/aws/resource/codepipeline/aws_codepipeline_custom_action_type.json @@ -7,7 +7,10 @@ "codepipeline:ListTagsForResource" ], "attributes": { - "tags": [] + "tags": [ + "codepipeline:TagResource", + "codepipeline:UntagResource" + ] }, "destroy": [ "codepipeline:DeleteCustomActionType" diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_provider_principal_tag.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_provider_principal_tag.json new file mode 100644 index 00000000..51661b08 --- /dev/null +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_provider_principal_tag.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cognito-identity:GetPrincipalTagAttributeMap", + "cognito-identity:SetPrincipalTagAttributeMap" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_roles_attachment.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_roles_attachment.json new file mode 100644 index 00000000..d0c0c128 --- /dev/null +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_identity_pool_roles_attachment.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:SetIdentityPoolRoles", + "iam:PassRole" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json new file mode 100644 index 00000000..81c1387a --- /dev/null +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:UpdateUserPoolClient" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_resource_server.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_resource_server.json index 3be093cb..95dc9959 100644 --- a/src/mapping/aws/resource/cognito-idp/aws_cognito_resource_server.json +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_resource_server.json @@ -1,19 +1,20 @@ -[ - { - "apply": [ - "cognito-idp:CreateResourceServer", - "cognito-idp:DeleteResourceServer", - "cognito-idp:DescribeResourceServer" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "cognito-idp:DeleteResourceServer" - ], - "modify": [ - "cognito-idp:UpdateResourceServer" - ], - "plan": [] - } -] +[ + { + "apply": [ + "cognito-idp:CreateResourceServer", + "cognito-idp:DeleteResourceServer", + "cognito-idp:DescribeResourceServer", + "cognito-idp:UpdateResourceServer" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cognito-idp:DeleteResourceServer" + ], + "modify": [ + "cognito-idp:UpdateResourceServer" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_client.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_client.json index 50cf7c78..7250b3ff 100644 --- a/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_client.json +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_client.json @@ -1,17 +1,19 @@ -[ - { - "apply": [ - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:DeleteUserPoolClient" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "cognito-idp:DeleteUserPoolClient" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:DeleteUserPoolClient" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cognito-idp:DeleteUserPoolClient" + ], + "modify": [ + "cognito-idp:UpdateUserPoolClient" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_domain.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_domain.json index 9d72652b..88e2f5f9 100644 --- a/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_domain.json +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_domain.json @@ -3,15 +3,24 @@ "apply": [ "cognito-idp:CreateUserPoolDomain", "cognito-idp:DescribeUserPoolDomain", - "cognito-idp:DeleteUserPoolDomain" + "cloudfront:updateDistribution", + "cognito-idp:DeleteUserPoolDomain", + "cognito-idp:UpdateUserPoolDomain" ], "attributes": { "tags": [] }, "destroy": [ - "cognito-idp:DeleteUserPoolDomain" + "cognito-idp:DeleteUserPoolDomain", + "cognito-idp:DescribeUserPoolDomain" ], - "modify": [], - "plan": [] + "modify": [ + "cognito-idp:UpdateUserPoolDomain", + "cognito-idp:DescribeUserPoolDomain", + "cloudfront:updateDistribution" + ], + "plan": [ + "cognito-idp:DescribeUserPoolDomain" + ] } ] diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_ui_customization.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_ui_customization.json index 45a9445c..0938df50 100644 --- a/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_ui_customization.json +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_user_pool_ui_customization.json @@ -1,14 +1,16 @@ -[ - { - "apply": [ - "cognito-idp:GetUICustomization", - "cognito-idp:SetUICustomization" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "cognito-idp:GetUICustomization", + "cognito-idp:SetUICustomization" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [ + "cognito-idp:SetUICustomization" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/comprehend/aws_comprehend_document_classifier.json b/src/mapping/aws/resource/comprehend/aws_comprehend_document_classifier.json new file mode 100644 index 00000000..c7644d7f --- /dev/null +++ b/src/mapping/aws/resource/comprehend/aws_comprehend_document_classifier.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "iam:PassRole", + "comprehend:CreateDocumentClassifier", + "comprehend:DescribeDocumentClassifier", + "comprehend:DescribeResourcePolicy", + "comprehend:ListTagsForResource", + "textract:DetectDocumentText", + "comprehend:DeleteDocumentClassifier", + "comprehend:DeleteResourcePolicy" + ], + "attributes": { + "tags": [ + "comprehend:TagResource", + "comprehend:UntagResource" + ] + }, + "destroy": [ + "comprehend:DeleteDocumentClassifier" + ], + "modify": [ + "comprehend:PutResourcePolicy", + "comprehend:DeleteResourcePolicy" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/comprehend/aws_comprehend_entity_recognizer.json b/src/mapping/aws/resource/comprehend/aws_comprehend_entity_recognizer.json new file mode 100644 index 00000000..f958d5a7 --- /dev/null +++ b/src/mapping/aws/resource/comprehend/aws_comprehend_entity_recognizer.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "comprehend:CreateEntityRecognizer", + "comprehend:DeleteEntityRecognizer", + "comprehend:ListEntityRecognizers" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/compute-optimizer/aws_computeoptimizer_enrollment_status.json b/src/mapping/aws/resource/compute-optimizer/aws_computeoptimizer_enrollment_status.json new file mode 100644 index 00000000..dd03caca --- /dev/null +++ b/src/mapping/aws/resource/compute-optimizer/aws_computeoptimizer_enrollment_status.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute-optimizer:GetEnrollmentStatus", + "compute-optimizer:UpdateEnrollmentStatus" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/compute-optimizer/aws_computeoptimizer_recommendation_preferences.json b/src/mapping/aws/resource/compute-optimizer/aws_computeoptimizer_recommendation_preferences.json new file mode 100644 index 00000000..7230a8cf --- /dev/null +++ b/src/mapping/aws/resource/compute-optimizer/aws_computeoptimizer_recommendation_preferences.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "compute-optimizer:DeleteRecommendationPreferences", + "compute-optimizer:PutRecommendationPreferences", + "compute-optimizer:GetRecommendationPreferences" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_aggregate_authorization.json b/src/mapping/aws/resource/config/aws_config_aggregate_authorization.json new file mode 100644 index 00000000..fcf73e50 --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_aggregate_authorization.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "config:DescribeAggregationAuthorizations", + "config:PutAggregationAuthorization", + "config:ListTagsForResource", + "config:DeleteAggregationAuthorization" + ], + "attributes": { + "tags": [ + "config:TagResource", + "config:UntagResource" + ] + }, + "destroy": [ + "config:DescribeAggregationAuthorizations", + "config:DeleteAggregationAuthorization" + ], + "modify": [ + "config:DescribeAggregationAuthorizations", + "config:ListTagsForResource" + ], + "plan": [ + "config:DescribeAggregationAuthorizations", + "config:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_config_rule.json b/src/mapping/aws/resource/config/aws_config_config_rule.json index 77bfc543..29969b42 100644 --- a/src/mapping/aws/resource/config/aws_config_config_rule.json +++ b/src/mapping/aws/resource/config/aws_config_config_rule.json @@ -1,22 +1,25 @@ -[ - { - "apply": [ - "config:PutConfigRule", - "ec2:DescribeAccountAttributes", - "config:DescribeConfigRules", - "config:ListTagsForResource", - "config:DeleteConfigRule" - ], - "attributes": { - "tags": [ - "config:TagResource", - "config:UntagResource" - ] - }, - "destroy": [ - "config:DeleteConfigRule" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "config:PutConfigRule", + "ec2:DescribeAccountAttributes", + "config:DescribeConfigRules", + "config:ListTagsForResource", + "config:DeleteConfigRule", + "config:DescribeComplianceByConfigRule" + ], + "attributes": { + "tags": [ + "config:TagResource", + "config:UntagResource" + ] + }, + "destroy": [ + "config:DeleteConfigRule" + ], + "modify": [], + "plan": [ + "config:DescribeComplianceByConfigRule" + ] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_configuration_aggregator.json b/src/mapping/aws/resource/config/aws_config_configuration_aggregator.json index 09d21109..40e4ac21 100644 --- a/src/mapping/aws/resource/config/aws_config_configuration_aggregator.json +++ b/src/mapping/aws/resource/config/aws_config_configuration_aggregator.json @@ -1,20 +1,30 @@ -[ - { - "apply": [ - "config:PutConfigurationAggregator", - "config:DescribeConfigurationAggregators" - ], - "attributes": { - "tags": [ - "config:ListTagsForResource", - "config:TagResource", - "config:UntagResource" - ] - }, - "destroy": [ - "config:DeleteConfigurationAggregator" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "config:PutConfigurationAggregator", + "config:DescribeConfigurationAggregators", + "config:PutConfigurationAggregator", + "config:ListTagsForResource" + ], + "attributes": { + "organization_aggregation_source": [ + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators" + ], + "role_arn": [ + "iam:PassRole" + ], + "tags": [ + "config:TagResource", + "config:UntagResource" + ] + }, + "destroy": [ + "config:DeleteConfigurationAggregator" + ], + "modify": [ + "config:PutConfigurationAggregator" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_conformance_pack.json b/src/mapping/aws/resource/config/aws_config_conformance_pack.json new file mode 100644 index 00000000..55774145 --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_conformance_pack.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "config:PutConformancePack", + "config:DescribeConformancePackStatus", + "config:DescribeConformancePacks", + "s3:GetObject", + "s3:GetBucketAcl", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "config:DeleteConformancePack", + "config:PutConformancePack" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "config:DeleteConformancePack" + ], + "modify": [ + "config:PutConformancePack" + ], + "plan": [ + "config:DescribeConformancePacks" + ] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_organization_conformance_pack.json b/src/mapping/aws/resource/config/aws_config_organization_conformance_pack.json new file mode 100644 index 00000000..ee08299b --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_organization_conformance_pack.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "config:PutOrganizationConformancePack", + "config:DescribeOrganizationConformancePackStatuses", + "config:GetOrganizationConformancePackDetailedStatus", + "config:DescribeOrganizationConformancePacks", + "s3:GetObject", + "s3:GetBucketAcl", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "organizations:ListDelegatedAdministrators", + "organizations:EnableAWSServiceAccess", + "config:DeleteOrganizationConformancePack" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "config:DeleteOrganizationConformancePack" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_organization_custom_policy_rule.json b/src/mapping/aws/resource/config/aws_config_organization_custom_policy_rule.json new file mode 100644 index 00000000..967fa368 --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_organization_custom_policy_rule.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "config:GetOrganizationCustomRulePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "config:GetOrganizationCustomRulePolicy" + ] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_organization_custom_rule.json b/src/mapping/aws/resource/config/aws_config_organization_custom_rule.json new file mode 100644 index 00000000..502a7aa2 --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_organization_custom_rule.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "config:DeleteOrganizationConfigRule", + "config:PutOrganizationConfigRule", + "config:DescribeOrganizationConfigRules" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_organization_managed_rule.json b/src/mapping/aws/resource/config/aws_config_organization_managed_rule.json new file mode 100644 index 00000000..2e3ed72f --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_organization_managed_rule.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "config:DescribeOrganizationConfigRules", + "config:DeleteOrganizationConfigRule", + "config:PutOrganizationConfigRule" + ], + "attributes": { + "tags": [ + "config:TagResource", + "config:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_remediation_configuration.json b/src/mapping/aws/resource/config/aws_config_remediation_configuration.json new file mode 100644 index 00000000..53513fc4 --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_remediation_configuration.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "config:DescribeRemediationConfigurations", + "config:DeleteRemediationConfiguration", + "config:PutRemediationConfigurations" + ], + "attributes": { + "tags": [ + "config:TagResource", + "config:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/config/aws_config_retention_configuration.json b/src/mapping/aws/resource/config/aws_config_retention_configuration.json new file mode 100644 index 00000000..8c101bcb --- /dev/null +++ b/src/mapping/aws/resource/config/aws_config_retention_configuration.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "config:DescribeRetentionConfigurations", + "config:DeleteRetentionConfiguration", + "config:PutRetentionConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/connect/aws_connect_contact_flow.json b/src/mapping/aws/resource/connect/aws_connect_contact_flow.json index 200b2c48..a31ea134 100644 --- a/src/mapping/aws/resource/connect/aws_connect_contact_flow.json +++ b/src/mapping/aws/resource/connect/aws_connect_contact_flow.json @@ -3,7 +3,10 @@ "apply": [ "connect:DescribeContactFlow", "connect:CreateContactFlow", - "connect:DeleteContactFlow" + "connect:DeleteContactFlow", + "connect:UpdateContactFlowMetadata", + "connect:UpdateContactFlowContent", + "connect:ListTagsForResource" ], "attributes": { "tags": [ @@ -14,7 +17,10 @@ "destroy": [ "connect:DeleteContactFlow" ], - "modify": [], + "modify": [ + "connect:UpdateContactFlowMetadata", + "connect:UpdateContactFlowContent" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/connect/aws_connect_contact_flow_module.json b/src/mapping/aws/resource/connect/aws_connect_contact_flow_module.json index 018ccc64..7cdb0f88 100644 --- a/src/mapping/aws/resource/connect/aws_connect_contact_flow_module.json +++ b/src/mapping/aws/resource/connect/aws_connect_contact_flow_module.json @@ -3,7 +3,10 @@ "apply": [ "connect:CreateContactFlowModule", "connect:DeleteContactFlowModule", - "connect:DescribeContactFlowModule" + "connect:DescribeContactFlowModule", + "connect:UpdateContactFlowModuleMetadata", + "connect:UpdateContactFlowModuleContent", + "connect:ListTagsForResource" ], "attributes": { "tags": [ @@ -14,7 +17,10 @@ "destroy": [ "connect:DeleteContactFlowModule" ], - "modify": [], + "modify": [ + "connect:UpdateContactFlowModuleMetadata", + "connect:UpdateContactFlowModuleContent" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/connect/aws_connect_instance.json b/src/mapping/aws/resource/connect/aws_connect_instance.json index c0e26bc5..b7ca72ba 100644 --- a/src/mapping/aws/resource/connect/aws_connect_instance.json +++ b/src/mapping/aws/resource/connect/aws_connect_instance.json @@ -2,20 +2,35 @@ { "apply": [ "connect:DescribeInstanceAttribute", + "connect:UpdateInstanceAttribute", "connect:CreateInstance", "connect:DeleteInstance", "connect:DescribeInstance", "ds:CheckAlias", + "ds:CreateAlias", + "ds:AuthorizeApplication", + "ds:UnauthorizeApplication", + "ds:CreateIdentityPoolDirectory", + "ds:CreateDirectory", "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", "ds:DescribeDirectories" ], "attributes": { - "tags": [] + "contact_flow_logs_enabled": [ + "logs:CreateLogGroup" + ], + "tags": [ + "connect:TagResource", + "connect:UntagResource" + ] }, "destroy": [ "connect:DeleteInstance" ], - "modify": [], + "modify": [ + "connect:UpdateInstanceAttribute" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json b/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json index a92d6fda..0a13d194 100644 --- a/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json +++ b/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json @@ -15,4 +15,4 @@ "modify": [], "plan": [] } -] +] diff --git a/src/mapping/aws/resource/connect/aws_connect_phone_number.json b/src/mapping/aws/resource/connect/aws_connect_phone_number.json index 953d8a80..b448c120 100644 --- a/src/mapping/aws/resource/connect/aws_connect_phone_number.json +++ b/src/mapping/aws/resource/connect/aws_connect_phone_number.json @@ -5,16 +5,25 @@ "connect:DescribePhoneNumber", "connect:UpdatePhoneNumber", "connect:ClaimPhoneNumber", - "connect:ReleasePhoneNumber" + "connect:ReleasePhoneNumber", + "connect:ImportPhoneNumber", + "sms-voice:DescribePhoneNumbers", + "connect:UpdatePhoneNumberMetadata", + "social-messaging:GetLinkedWhatsAppBusinessAccountPhoneNumber", + "social-messaging:TagResource" ], "attributes": { - "tags": [] + "tags": [ + "connect:TagResource", + "connect:UntagResource" + ] }, "destroy": [ "connect:ReleasePhoneNumber" ], "modify": [ - "connect:UpdatePhoneNumber" + "connect:UpdatePhoneNumber", + "connect:UpdatePhoneNumberMetadata" ], "plan": [] } diff --git a/src/mapping/aws/resource/connect/aws_connect_queue.json b/src/mapping/aws/resource/connect/aws_connect_queue.json index ccca33bd..02c7f0c0 100644 --- a/src/mapping/aws/resource/connect/aws_connect_queue.json +++ b/src/mapping/aws/resource/connect/aws_connect_queue.json @@ -4,15 +4,33 @@ "connect:DescribeQueue", "connect:CreateQueue", "connect:DeleteQueue", - "connect:ListSecurityProfilePermissions" + "connect:ListSecurityProfilePermissions", + "connect:UpdateQueueHoursOfOperation", + "connect:UpdateQueueMaxContacts", + "connect:UpdateQueueName", + "connect:UpdateQueueOutboundCallerConfig", + "connect:UpdateQueueStatus", + "connect:AssociateQueueQuickConnects", + "connect:DisassociateQueueQuickConnects" ], "attributes": { - "tags": [] + "tags": [ + "connect:TagResource", + "connect:UntagResource" + ] }, "destroy": [ "connect:DeleteQueue" ], - "modify": [], + "modify": [ + "connect:UpdateQueueHoursOfOperation", + "connect:UpdateQueueMaxContacts", + "connect:UpdateQueueName", + "connect:UpdateQueueOutboundCallerConfig", + "connect:UpdateQueueStatus", + "connect:AssociateQueueQuickConnects", + "connect:DisassociateQueueQuickConnects" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/connect/aws_connect_quick_connect.json b/src/mapping/aws/resource/connect/aws_connect_quick_connect.json index 8a01bc52..5fdecded 100644 --- a/src/mapping/aws/resource/connect/aws_connect_quick_connect.json +++ b/src/mapping/aws/resource/connect/aws_connect_quick_connect.json @@ -4,7 +4,9 @@ "connect:DescribeQuickConnect", "connect:CreateQuickConnect", "connect:DeleteQuickConnect", - "connect:ListQueueQuickConnects" + "connect:ListQueueQuickConnects", + "connect:UpdateQuickConnectName", + "connect:UpdateQuickConnectConfig" ], "attributes": { "tags": [ @@ -15,7 +17,10 @@ "destroy": [ "connect:DeleteQuickConnect" ], - "modify": [], + "modify": [ + "connect:UpdateQuickConnectName", + "connect:UpdateQuickConnectConfig" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/connect/aws_connect_routing_profile.json b/src/mapping/aws/resource/connect/aws_connect_routing_profile.json index 1c7c1717..c3fc9597 100644 --- a/src/mapping/aws/resource/connect/aws_connect_routing_profile.json +++ b/src/mapping/aws/resource/connect/aws_connect_routing_profile.json @@ -4,15 +4,35 @@ "connect:DescribeRoutingProfile", "connect:CreateRoutingProfile", "connect:DeleteRoutingProfile", - "connect:ListRoutingProfileQueues" + "connect:ListRoutingProfileQueues", + "connect:AssociateRoutingProfileQueues", + "connect:DisassociateRoutingProfileQueues", + "connect:UpdateRoutingProfileConcurrency", + "connect:UpdateRoutingProfileName", + "connect:UpdateRoutingProfileDefaultOutboundQueue", + "connect:UpdateRoutingProfileQueues", + "connect:ListRoutingProfileQueues", + "connect:UpdateRoutingProfileAgentAvailabilityTimer" ], "attributes": { - "tags": [] + "tags": [ + "connect:TagResource", + "connect:UntagResource" + ] }, "destroy": [ "connect:DeleteRoutingProfile" ], - "modify": [], + "modify": [ + "connect:AssociateRoutingProfileQueues", + "connect:DisassociateRoutingProfileQueues", + "connect:UpdateRoutingProfileConcurrency", + "connect:UpdateRoutingProfileName", + "connect:UpdateRoutingProfileDefaultOutboundQueue", + "connect:UpdateRoutingProfileQueues", + "connect:ListRoutingProfileQueues", + "connect:UpdateRoutingProfileAgentAvailabilityTimer" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/connect/aws_connect_security_profile.json b/src/mapping/aws/resource/connect/aws_connect_security_profile.json index 5effd3cf..62095c9e 100644 --- a/src/mapping/aws/resource/connect/aws_connect_security_profile.json +++ b/src/mapping/aws/resource/connect/aws_connect_security_profile.json @@ -5,7 +5,8 @@ "connect:CreateSecurityProfile", "connect:UpdateSecurityProfile", "connect:DeleteSecurityProfile", - "connect:ListSecurityProfilePermissions" + "connect:ListSecurityProfilePermissions", + "connect:ListSecurityProfileApplications" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/connect/aws_connect_user.json b/src/mapping/aws/resource/connect/aws_connect_user.json index 89eea163..fe09105e 100644 --- a/src/mapping/aws/resource/connect/aws_connect_user.json +++ b/src/mapping/aws/resource/connect/aws_connect_user.json @@ -2,16 +2,36 @@ { "apply": [ "connect:DescribeUser", + "connect:ListUserProficiencies", "connect:CreateUser", - "connect:DeleteUser" + "connect:DeleteUser", + "connect:AssociateUserProficiencies", + "connect:UpdateUserIdentityInfo", + "connect:UpdateUserPhoneConfig", + "connect:UpdateUserRoutingProfile", + "connect:UpdateUserSecurityProfiles", + "connect:UpdateUserHierarchy", + "connect:DisassociateUserProficiencies", + "connect:UpdateUserProficiencies" ], "attributes": { - "tags": [] + "tags": [ + "connect:TagResource", + "connect:UntagResource" + ] }, "destroy": [ "connect:DeleteUser" ], - "modify": [], + "modify": [ + "connect:UpdateUserIdentityInfo", + "connect:UpdateUserPhoneConfig", + "connect:UpdateUserRoutingProfile", + "connect:UpdateUserSecurityProfiles", + "connect:UpdateUserHierarchy", + "connect:DisassociateUserProficiencies", + "connect:UpdateUserProficiencies" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/connect/aws_connect_user_hierarchy_group.json b/src/mapping/aws/resource/connect/aws_connect_user_hierarchy_group.json index 403fd867..2d789ccb 100644 --- a/src/mapping/aws/resource/connect/aws_connect_user_hierarchy_group.json +++ b/src/mapping/aws/resource/connect/aws_connect_user_hierarchy_group.json @@ -3,7 +3,8 @@ "apply": [ "connect:DescribeUserHierarchyGroup", "connect:CreateUserHierarchyGroup", - "connect:DeleteUserHierarchyGroup" + "connect:DeleteUserHierarchyGroup", + "connect:UpdateUserHierarchyGroupName" ], "attributes": { "tags": [ @@ -14,7 +15,9 @@ "destroy": [ "connect:DeleteUserHierarchyGroup" ], - "modify": [], + "modify": [ + "connect:UpdateUserHierarchyGroupName" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/controltower/aws_controltower_control.json b/src/mapping/aws/resource/controltower/aws_controltower_control.json new file mode 100644 index 00000000..2691cc4b --- /dev/null +++ b/src/mapping/aws/resource/controltower/aws_controltower_control.json @@ -0,0 +1,61 @@ +[ + { + "apply": [ + "controltower:ListEnabledControls", + "controltower:GetEnabledControl", + "controltower:GetControlOperation", + "controltower:EnableControl", + "controltower:DisableControl", + "controltower:UpdateEnabledControl", + "organizations:DeletePolicy", + "organizations:UpdatePolicy", + "organizations:CreatePolicy", + "organizations:AttachPolicy", + "organizations:DetachPolicy", + "organizations:ListPoliciesForTarget", + "organizations:ListTargetsForPolicy", + "controltower:ListTagsForResource", + "organizations:DescribePolicy" + ], + "attributes": { + "tags": [ + "controltower:TagResource", + "controltower:UntagResource" + ] + }, + "destroy": [ + "controltower:ListEnabledControls", + "controltower:GetEnabledControl", + "controltower:GetControlOperation", + "controltower:DisableControl", + "organizations:UpdatePolicy", + "organizations:DeletePolicy", + "organizations:CreatePolicy", + "organizations:AttachPolicy", + "organizations:DetachPolicy", + "organizations:ListPoliciesForTarget", + "organizations:ListTargetsForPolicy", + "organizations:DescribePolicy", + "controltower:ListTagsForResource" + ], + "modify": [ + "controltower:ListEnabledControls", + "controltower:GetEnabledControl", + "controltower:GetControlOperation", + "controltower:UpdateEnabledControl", + "organizations:UpdatePolicy", + "organizations:CreatePolicy", + "organizations:AttachPolicy", + "organizations:DetachPolicy", + "organizations:ListPoliciesForTarget", + "organizations:ListTargetsForPolicy", + "organizations:DescribePolicy", + "controltower:ListTagsForResource" + ], + "plan": [ + "controltower:ListEnabledControls", + "controltower:GetEnabledControl", + "controltower:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/controltower/aws_controltower_landing_zone.json b/src/mapping/aws/resource/controltower/aws_controltower_landing_zone.json new file mode 100644 index 00000000..865db2d9 --- /dev/null +++ b/src/mapping/aws/resource/controltower/aws_controltower_landing_zone.json @@ -0,0 +1,76 @@ +[ + { + "apply": [ + "cloudformation:DescribeOrganizationsAccess", + "cloudformation:EnableOrganizationsAccess", + "controltower:CreateLandingZone", + "controltower:DeleteLandingZone", + "controltower:GetLandingZone", + "controltower:GetLandingZoneOperation", + "controltower:ListTagsForResource", + "controltower:UpdateLandingZone", + "iam:CreateServiceLinkedRole", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "organizations:AttachPolicy", + "organizations:CreateOrganization", + "organizations:CreateOrganizationalUnit", + "organizations:CreatePolicy", + "organizations:DeletePolicy", + "organizations:DetachPolicy", + "organizations:EnableAWSServiceAccess", + "organizations:EnablePolicyType", + "organizations:ListRoots", + "organizations:UpdatePolicy", + "servicecatalog:AssociatePrincipalWithPortfolio", + "servicecatalog:AssociateProductWithPortfolio", + "servicecatalog:CreatePortfolio", + "servicecatalog:CreateProduct", + "servicecatalog:CreateProvisioningArtifact", + "servicecatalog:DeletePortfolio", + "servicecatalog:DeleteProduct", + "servicecatalog:DeleteProvisioningArtifact", + "servicecatalog:DisassociatePrincipalFromPortfolio", + "servicecatalog:DisassociateProductFromPortfolio", + "servicecatalog:ListPortfolios", + "servicecatalog:ListPrincipalsForPortfolio", + "servicecatalog:ListProvisioningArtifacts", + "servicecatalog:SearchProductsAsAdmin", + "servicecatalog:UpdatePortfolio", + "servicecatalog:UpdatePortfolio", + "servicecatalog:UpdateProvisioningArtifact", + "sso:GetPeregrineStatus", + "sso:ListDirectoryAssociations", + "sso:RegisterRegion", + "sso:StartPeregrine" + ], + "attributes": { + "tags": [ + "controltower:TagResource", + "controltower:UntagResource" + ] + }, + "destroy": [ + "cloudformation:EnableOrganizationsAccess", + "controltower:DeleteLandingZone", + "servicecatalog:DeleteProvisioningArtifact", + "servicecatalog:DeleteProduct", + "servicecatalog:DisassociatePrincipalFromPortfolio", + "servicecatalog:DisassociateProductFromPortfolio", + "servicecatalog:DeletePortfolio", + "iam:CreateServiceLinkedRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:DeleteRole" + ], + "modify": [ + "controltower:UpdateLandingZone", + "servicecatalog:UpdatePortfolio", + "servicecatalog:UpdateProvisioningArtifact", + "iam:CreateServiceLinkedRole", + "cloudformation:EnableOrganizationsAccess" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json new file mode 100644 index 00000000..61afb502 --- /dev/null +++ b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cost-optimization-hub:UpdateEnrollmentStatus", + "cost-optimization-hub:ListEnrollmentStatuses" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json new file mode 100644 index 00000000..1db18633 --- /dev/null +++ b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cost-optimization-hub:GetPreferences", + "cost-optimization-hub:UpdatePreferences" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cur/aws_cur_report_definition.json b/src/mapping/aws/resource/cur/aws_cur_report_definition.json new file mode 100644 index 00000000..6740872d --- /dev/null +++ b/src/mapping/aws/resource/cur/aws_cur_report_definition.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "cur:PutReportDefinition", + "cur:DescribeReportDefinitions", + "cur:DeleteReportDefinition", + "cur:ModifyReportDefinition" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cur:DeleteReportDefinition" + ], + "modify": [ + "cur:ModifyReportDefinition" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dataexchange/aws_dataexchange_data_set.json b/src/mapping/aws/resource/dataexchange/aws_dataexchange_data_set.json new file mode 100644 index 00000000..2c8f9842 --- /dev/null +++ b/src/mapping/aws/resource/dataexchange/aws_dataexchange_data_set.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataexchange:GetDataSet", + "dataexchange:CreateDataSet", + "dataexchange:DeleteDataSet", + "dataexchange:UpdateDataSet" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dataexchange/aws_dataexchange_event_action.json b/src/mapping/aws/resource/dataexchange/aws_dataexchange_event_action.json new file mode 100644 index 00000000..3238c045 --- /dev/null +++ b/src/mapping/aws/resource/dataexchange/aws_dataexchange_event_action.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataexchange:GetEventAction", + "dataexchange:CreateEventAction", + "dataexchange:DeleteEventAction", + "dataexchange:UpdateEventAction" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dataexchange/aws_dataexchange_revision.json b/src/mapping/aws/resource/dataexchange/aws_dataexchange_revision.json new file mode 100644 index 00000000..b526430d --- /dev/null +++ b/src/mapping/aws/resource/dataexchange/aws_dataexchange_revision.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataexchange:GetRevision", + "dataexchange:CreateRevision", + "dataexchange:DeleteRevision", + "dataexchange:UpdateRevision" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dataexchange/aws_dataexchange_revision_assets.json b/src/mapping/aws/resource/dataexchange/aws_dataexchange_revision_assets.json new file mode 100644 index 00000000..dfa336c0 --- /dev/null +++ b/src/mapping/aws/resource/dataexchange/aws_dataexchange_revision_assets.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "dataexchange:ListTagsForResource", + "dataexchange:CreateRevision", + "dataexchange:DeleteRevision", + "dataexchange:UpdateRevision", + "dataexchange:GetRevision" + ], + "attributes": { + "tags": [ + "dataexchange:TagResource", + "dataexchange:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datapipeline/aws_datapipeline_pipeline.json b/src/mapping/aws/resource/datapipeline/aws_datapipeline_pipeline.json index e3d2c2be..a3dabacf 100644 --- a/src/mapping/aws/resource/datapipeline/aws_datapipeline_pipeline.json +++ b/src/mapping/aws/resource/datapipeline/aws_datapipeline_pipeline.json @@ -2,7 +2,8 @@ { "apply": [ "datapipeline:CreatePipeline", - "datapipeline:DeletePipeline" + "datapipeline:DeletePipeline", + "datapipeline:DescribePipelines" ], "attributes": { "tags": [ @@ -14,6 +15,8 @@ "datapipeline:DeletePipeline" ], "modify": [], - "plan": [] + "plan": [ + "datapipeline:DescribePipelines" + ] } ] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_agent.json b/src/mapping/aws/resource/datasync/aws_datasync_agent.json index 51a74624..e2745217 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_agent.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_agent.json @@ -4,7 +4,12 @@ "datasync:UpdateAgent", "datasync:DeleteAgent", "datasync:CreateAgent", - "datasync:DescribeAgent" + "datasync:DescribeAgent", + "datasync:ListTagsForResource", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json b/src/mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json index 604c182b..2f969219 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json @@ -3,7 +3,8 @@ "apply": [ "datasync:UpdateLocationAzureBlob", "datasync:CreateLocationAzureBlob", - "datasync:DescribeLocationAzureBlob" + "datasync:DescribeLocationAzureBlob", + "datasync:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_efs.json b/src/mapping/aws/resource/datasync/aws_datasync_location_efs.json index 9d45eb1f..eeb3548f 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_efs.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_efs.json @@ -2,7 +2,11 @@ { "apply": [ "datasync:DescribeLocationEfs", - "datasync:CreateLocationEfs" + "datasync:CreateLocationEfs", + "datasync:ListTagsForResource", + "datasync:UpdateLocationEfs", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeAccessPoints" ], "attributes": { "tags": [ @@ -13,7 +17,11 @@ "destroy": [ "datasync:DeleteLocation" ], - "modify": [], + "modify": [ + "datasync:UpdateLocationEfs", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeAccessPoints" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json index 2d229cd0..04a64fee 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json @@ -3,7 +3,13 @@ "apply": [ "datasync:DescribeLocationFsxLustre", "datasync:CreateLocationFsxLustre", - "datasync:DeleteLocation" + "datasync:DeleteLocation", + "datasync:ListTagsForResource", + "datasync:UpdateLocationFsxLustre", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" ], "attributes": { "tags": [ @@ -12,7 +18,13 @@ ] }, "destroy": [], - "modify": [], + "modify": [ + "datasync:DescribeLocationFsxLustre", + "datasync:ListTagsForResource", + "datasync:UpdateLocationFsxLustre", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json index c3eab5cb..29e0a2a2 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json @@ -1,9 +1,16 @@ [ { "apply": [ - "datasync:DescribeLocationFsxOntap", "datasync:CreateLocationFsxOntap", - "datasync:DeleteLocation" + "datasync:DeleteLocation", + "datasync:DescribeLocationFsxOntap", + "datasync:ListTagsForResource", + "datasync:UpdateLocationFsxOntap", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "fsx:DescribeFileSystems", + "fsx:DescribeStorageVirtualMachines" ], "attributes": { "tags": [ @@ -14,7 +21,14 @@ "destroy": [ "datasync:DeleteLocation" ], - "modify": [], + "modify": [ + "datasync:UpdateLocationFsxOntap", + "datasync:DescribeLocationFsxOntap", + "datasync:ListTagsForResource", + "fsx:DescribeFileSystems", + "fsx:DescribeStorageVirtualMachines", + "ec2:DescribeNetworkInterfaces" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json index aac33c4a..a0497518 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json @@ -3,7 +3,13 @@ "apply": [ "datasync:DescribeLocationFsxOpenZfs", "datasync:CreateLocationFsxOpenZfs", - "datasync:DeleteLocation" + "datasync:DeleteLocation", + "datasync:ListTagsForResource", + "datasync:UpdateLocationFsxOpenZfs", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" ], "attributes": { "tags": [ @@ -14,7 +20,13 @@ "destroy": [ "datasync:DeleteLocation" ], - "modify": [], + "modify": [ + "datasync:DescribeLocationFsxOpenZfs", + "datasync:UpdateLocationFsxOpenZfs", + "datasync:ListTagsForResource", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json index 7e531166..6b4742fd 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json @@ -2,7 +2,12 @@ { "apply": [ "datasync:CreateLocationFsxWindows", - "datasync:DescribeLocationFsxWindows" + "datasync:DescribeLocationFsxWindows", + "datasync:ListTagsForResource", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" ], "attributes": { "tags": [ @@ -13,7 +18,13 @@ "destroy": [ "datasync:DeleteLocation" ], - "modify": [], + "modify": [ + "datasync:DescribeLocationFsxWindows", + "datasync:UpdateLocationFsxWindows", + "datasync:ListTagsForResource", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_hdfs.json b/src/mapping/aws/resource/datasync/aws_datasync_location_hdfs.json index b0bccfc3..08c1467d 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_hdfs.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_hdfs.json @@ -4,7 +4,8 @@ "datasync:UpdateLocationHdfs", "datasync:CreateLocationHdfs", "datasync:DeleteLocation", - "datasync:DescribeLocationHdfs" + "datasync:DescribeLocationHdfs", + "datasync:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_nfs.json b/src/mapping/aws/resource/datasync/aws_datasync_location_nfs.json index 9c70973b..138bb172 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_nfs.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_nfs.json @@ -4,7 +4,8 @@ "datasync:DescribeLocationNfs", "datasync:CreateLocationNfs", "datasync:DeleteLocation", - "datasync:UpdateLocationNfs" + "datasync:UpdateLocationNfs", + "datasync:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_object_storage.json b/src/mapping/aws/resource/datasync/aws_datasync_location_object_storage.json index 868c96ba..a04b9df5 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_object_storage.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_object_storage.json @@ -2,7 +2,8 @@ { "apply": [ "datasync:DescribeLocationObjectStorage", - "datasync:CreateLocationObjectStorage" + "datasync:CreateLocationObjectStorage", + "datasync:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_s3.json b/src/mapping/aws/resource/datasync/aws_datasync_location_s3.json index 0d429abd..fd835383 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_s3.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_s3.json @@ -3,7 +3,13 @@ "apply": [ "datasync:CreateLocationS3", "datasync:DescribeLocationS3", - "datasync:DeleteLocation" + "datasync:DeleteLocation", + "datasync:ListTagsForResource", + "datasync:UpdateLocationS3", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "iam:GetRole", + "iam:PassRole" ], "attributes": { "tags": [ @@ -14,7 +20,11 @@ "destroy": [ "datasync:DeleteLocation" ], - "modify": [], + "modify": [ + "datasync:DescribeLocationS3", + "datasync:ListTagsForResource", + "datasync:UpdateLocationS3" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_smb.json b/src/mapping/aws/resource/datasync/aws_datasync_location_smb.json index 5da79a41..b40cdd5c 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_location_smb.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_smb.json @@ -4,7 +4,8 @@ "datasync:DescribeLocationSmb", "datasync:CreateLocationSmb", "datasync:UpdateLocationSmb", - "datasync:DeleteLocation" + "datasync:DeleteLocation", + "datasync:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/datasync/aws_datasync_task.json b/src/mapping/aws/resource/datasync/aws_datasync_task.json index 8d62e453..7a2409e6 100644 --- a/src/mapping/aws/resource/datasync/aws_datasync_task.json +++ b/src/mapping/aws/resource/datasync/aws_datasync_task.json @@ -4,7 +4,8 @@ "datasync:CreateTask", "datasync:DescribeTask", "datasync:DeleteTask", - "datasync:UpdateTask" + "datasync:UpdateTask", + "datasync:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/datazone/aws_datazone_asset_type.json b/src/mapping/aws/resource/datazone/aws_datazone_asset_type.json new file mode 100644 index 00000000..9dc6028f --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_asset_type.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "datazone:GetAssetType", + "datazone:CreateAssetType", + "datazone:DeleteAssetType" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_domain.json b/src/mapping/aws/resource/datazone/aws_datazone_domain.json index 30f7c36b..460ffa26 100644 --- a/src/mapping/aws/resource/datazone/aws_datazone_domain.json +++ b/src/mapping/aws/resource/datazone/aws_datazone_domain.json @@ -1,24 +1,32 @@ -[ - { - "apply": [ - "datazone:CreateDomain", - "datazone:GetDomain", - "datazone:ListTagsForResource", - "datazone:DeleteDomain", - "datazone:UpdateDomain" - ], - "attributes": { - "tags": [ - "datazone:TagResource", - "datazone:UntagResource" - ] - }, - "destroy": [ - "datazone:DeleteDomain" - ], - "modify": [ - "datazone:UpdateDomain" - ], - "plan": [] - } -] +[ + { + "apply": [ + "datazone:CreateDomain", + "datazone:GetDomain", + "datazone:ListTagsForResource", + "datazone:DeleteDomain", + "datazone:UpdateDomain", + "iam:PassRole" + ], + "attributes": { + "single_sign_on": [ + "sso:CreateManagedApplicationInstance", + "sso:DeleteManagedApplicationInstance", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAccessScope", + "sso:ListInstances" + ], + "tags": [ + "datazone:TagResource", + "datazone:UntagResource" + ] + }, + "destroy": [ + "datazone:DeleteDomain" + ], + "modify": [ + "datazone:UpdateDomain" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_environment.json b/src/mapping/aws/resource/datazone/aws_datazone_environment.json new file mode 100644 index 00000000..fb0b2228 --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_environment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "datazone:GetEnvironment", + "datazone:CreateEnvironment", + "datazone:DeleteEnvironment", + "datazone:UpdateEnvironment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_environment_blueprint_configuration.json b/src/mapping/aws/resource/datazone/aws_datazone_environment_blueprint_configuration.json index 787d97b8..fdd6fee8 100644 --- a/src/mapping/aws/resource/datazone/aws_datazone_environment_blueprint_configuration.json +++ b/src/mapping/aws/resource/datazone/aws_datazone_environment_blueprint_configuration.json @@ -3,7 +3,9 @@ "apply": [ "datazone:PutEnvironmentBlueprintConfiguration", "datazone:GetEnvironmentBlueprintConfiguration", - "datazone:DeleteEnvironmentBlueprintConfiguration" + "datazone:DeleteEnvironmentBlueprintConfiguration", + "datazone:ListEnvironmentBlueprints", + "iam:PassRole" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_environment_profile.json b/src/mapping/aws/resource/datazone/aws_datazone_environment_profile.json new file mode 100644 index 00000000..60c9938a --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_environment_profile.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "datazone:GetEnvironmentProfile", + "datazone:CreateEnvironmentProfile", + "datazone:DeleteEnvironmentProfile", + "datazone:UpdateEnvironmentProfile" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_form_type.json b/src/mapping/aws/resource/datazone/aws_datazone_form_type.json new file mode 100644 index 00000000..9a34fd5f --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_form_type.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "datazone:GetFormType", + "datazone:CreateFormType", + "datazone:DeleteFormType" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_glossary.json b/src/mapping/aws/resource/datazone/aws_datazone_glossary.json new file mode 100644 index 00000000..accea46a --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_glossary.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "datazone:GetGlossary", + "datazone:CreateGlossary", + "datazone:DeleteGlossary", + "datazone:UpdateGlossary" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_glossary_term.json b/src/mapping/aws/resource/datazone/aws_datazone_glossary_term.json new file mode 100644 index 00000000..379abc57 --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_glossary_term.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "datazone:GetGlossaryTerm", + "datazone:CreateGlossaryTerm", + "datazone:DeleteGlossaryTerm", + "datazone:UpdateGlossaryTerm" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_project.json b/src/mapping/aws/resource/datazone/aws_datazone_project.json new file mode 100644 index 00000000..26b5a179 --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_project.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "datazone:CreateProject", + "datazone:GetProject", + "datazone:DeleteProject", + "datazone:UpdateProject" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "datazone:DeleteProject" + ], + "modify": [ + "datazone:UpdateProject" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datazone/aws_datazone_user_profile.json b/src/mapping/aws/resource/datazone/aws_datazone_user_profile.json new file mode 100644 index 00000000..75987506 --- /dev/null +++ b/src/mapping/aws/resource/datazone/aws_datazone_user_profile.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "datazone:GetUserProfile", + "datazone:CreateUserProfile", + "datazone:UpdateUserProfile" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/detective/aws_detective_graph.json b/src/mapping/aws/resource/detective/aws_detective_graph.json new file mode 100644 index 00000000..dafc6c79 --- /dev/null +++ b/src/mapping/aws/resource/detective/aws_detective_graph.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "detective:CreateGraph", + "detective:UpdateOrganizationConfiguration", + "organizations:DescribeOrganization", + "detective:ListGraphs", + "detective:DeleteGraph", + "detective:ListTagsForResource", + "detective:DescribeOrganizationConfiguration", + "detective:UpdateOrganizationConfiguration" + ], + "attributes": { + "tags": [ + "detective:UntagResource", + "detective:TagResource" + ] + }, + "destroy": [ + "detective:DeleteGraph", + "detective:ListGraphs" + ], + "modify": [ + "detective:ListGraphs", + "detective:UpdateOrganizationConfiguration" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/detective/aws_detective_invitation_accepter.json b/src/mapping/aws/resource/detective/aws_detective_invitation_accepter.json new file mode 100644 index 00000000..718f1223 --- /dev/null +++ b/src/mapping/aws/resource/detective/aws_detective_invitation_accepter.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "detective:CreateMembers", + "detective:GetMembers", + "detective:DeleteMembers" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "detective:DeleteMembers" + ], + "modify": [], + "plan": [ + "detective:GetMembers" + ] + } +] diff --git a/src/mapping/aws/resource/detective/aws_detective_member.json b/src/mapping/aws/resource/detective/aws_detective_member.json new file mode 100644 index 00000000..850dae33 --- /dev/null +++ b/src/mapping/aws/resource/detective/aws_detective_member.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "detective:GetMembers", + "detective:CreateMembers", + "detective:DeleteMembers" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/detective/aws_detective_organization_admin_account.json b/src/mapping/aws/resource/detective/aws_detective_organization_admin_account.json new file mode 100644 index 00000000..b0ade59b --- /dev/null +++ b/src/mapping/aws/resource/detective/aws_detective_organization_admin_account.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "detective:EnableOrganizationAdminAccount", + "detective:ListOrganizationAdminAccount", + "iam:CreateServiceLinkedRole", + "organizations:RegisterDelegatedAdministrator", + "organizations:DescribeOrganization", + "organizations:EnableAWSServiceAccess", + "organizations:ListAccounts", + "detective:DisableOrganizationAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "detective:DisableOrganizationAdminAccount" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/detective/aws_detective_organization_configuration.json b/src/mapping/aws/resource/detective/aws_detective_organization_configuration.json new file mode 100644 index 00000000..b217e764 --- /dev/null +++ b/src/mapping/aws/resource/detective/aws_detective_organization_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "detective:DescribeOrganizationConfiguration", + "detective:UpdateOrganizationConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devicefarm/aws_devicefarm_device_pool.json b/src/mapping/aws/resource/devicefarm/aws_devicefarm_device_pool.json new file mode 100644 index 00000000..f702ca0e --- /dev/null +++ b/src/mapping/aws/resource/devicefarm/aws_devicefarm_device_pool.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "devicefarm:GetDevicePool", + "devicefarm:CreateDevicePool", + "devicefarm:DeleteDevicePool", + "devicefarm:UpdateDevicePool", + "devicefarm:ListTagsForResource" + ], + "attributes": { + "tags": [ + "devicefarm:TagResource", + "devicefarm:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devicefarm/aws_devicefarm_instance_profile.json b/src/mapping/aws/resource/devicefarm/aws_devicefarm_instance_profile.json new file mode 100644 index 00000000..a1c1695c --- /dev/null +++ b/src/mapping/aws/resource/devicefarm/aws_devicefarm_instance_profile.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "devicefarm:GetInstanceProfile", + "devicefarm:CreateInstanceProfile", + "devicefarm:DeleteInstanceProfile", + "devicefarm:UpdateInstanceProfile", + "devicefarm:ListTagsForResource" + ], + "attributes": { + "tags": [ + "devicefarm:TagResource", + "devicefarm:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devicefarm/aws_devicefarm_network_profile.json b/src/mapping/aws/resource/devicefarm/aws_devicefarm_network_profile.json new file mode 100644 index 00000000..e327b7a6 --- /dev/null +++ b/src/mapping/aws/resource/devicefarm/aws_devicefarm_network_profile.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "devicefarm:GetNetworkProfile", + "devicefarm:CreateNetworkProfile", + "devicefarm:DeleteNetworkProfile", + "devicefarm:UpdateNetworkProfile", + "devicefarm:ListTagsForResource" + ], + "attributes": { + "tags": [ + "devicefarm:TagResource", + "devicefarm:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devicefarm/aws_devicefarm_project.json b/src/mapping/aws/resource/devicefarm/aws_devicefarm_project.json new file mode 100644 index 00000000..ea9651ba --- /dev/null +++ b/src/mapping/aws/resource/devicefarm/aws_devicefarm_project.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "devicefarm:GetProject", + "devicefarm:CreateProject", + "devicefarm:DeleteProject", + "devicefarm:UpdateProject", + "devicefarm:ListTagsForResource" + ], + "attributes": { + "tags": [ + "devicefarm:TagResource", + "devicefarm:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devicefarm/aws_devicefarm_upload.json b/src/mapping/aws/resource/devicefarm/aws_devicefarm_upload.json new file mode 100644 index 00000000..5d6b22a9 --- /dev/null +++ b/src/mapping/aws/resource/devicefarm/aws_devicefarm_upload.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "devicefarm:GetUpload", + "devicefarm:CreateUpload", + "devicefarm:DeleteUpload", + "devicefarm:UpdateUpload" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devops-guru/aws_devopsguru_event_sources_config.json b/src/mapping/aws/resource/devops-guru/aws_devopsguru_event_sources_config.json new file mode 100644 index 00000000..f5097e64 --- /dev/null +++ b/src/mapping/aws/resource/devops-guru/aws_devopsguru_event_sources_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "devops-guru:DescribeEventSourcesConfig", + "devops-guru:UpdateEventSourcesConfig" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devops-guru/aws_devopsguru_notification_channel.json b/src/mapping/aws/resource/devops-guru/aws_devopsguru_notification_channel.json new file mode 100644 index 00000000..78b38339 --- /dev/null +++ b/src/mapping/aws/resource/devops-guru/aws_devopsguru_notification_channel.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "devops-guru:AddNotificationChannel", + "devops-guru:ListNotificationChannels", + "sns:Publish sns:GetTopicAttributes", + "sns:SetTopicAttributes", + "devops-guru:RemoveNotificationChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "devops-guru:RemoveNotificationChannel" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devops-guru/aws_devopsguru_resource_collection.json b/src/mapping/aws/resource/devops-guru/aws_devopsguru_resource_collection.json new file mode 100644 index 00000000..69b86e93 --- /dev/null +++ b/src/mapping/aws/resource/devops-guru/aws_devopsguru_resource_collection.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "devops-guru:UpdateResourceCollection", + "devops-guru:GetResourceCollection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/devops-guru/aws_devopsguru_service_integration.json b/src/mapping/aws/resource/devops-guru/aws_devopsguru_service_integration.json new file mode 100644 index 00000000..52a6ae57 --- /dev/null +++ b/src/mapping/aws/resource/devops-guru/aws_devopsguru_service_integration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "devops-guru:UpdateServiceIntegration", + "devops-guru:DescribeServiceIntegration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_bgp_peer.json b/src/mapping/aws/resource/directconnect/aws_dx_bgp_peer.json new file mode 100644 index 00000000..dcae75d7 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_bgp_peer.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "directconnect:CreateBGPPeer", + "directconnect:DeleteBGPPeer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_connection.json b/src/mapping/aws/resource/directconnect/aws_dx_connection.json new file mode 100644 index 00000000..144ce9e2 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_connection.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "directconnect:DescribeConnections", + "directconnect:CreateConnection", + "directconnect:DeleteConnection", + "directconnect:UpdateConnection", + "directconnect:DescribeTags" + ], + "attributes": { + "tags": [ + "directconnect:TagResource", + "directconnect:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_connection_association.json b/src/mapping/aws/resource/directconnect/aws_dx_connection_association.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_connection_association.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_connection_confirmation.json b/src/mapping/aws/resource/directconnect/aws_dx_connection_confirmation.json new file mode 100644 index 00000000..be8dd336 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_connection_confirmation.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "directconnect:ConfirmConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_gateway_association_proposal.json b/src/mapping/aws/resource/directconnect/aws_dx_gateway_association_proposal.json new file mode 100644 index 00000000..38315998 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_gateway_association_proposal.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "directconnect:AcceptDirectConnectGatewayAssociationProposal", + "directconnect:CreateDirectConnectGatewayAssociationProposal", + "directconnect:DeleteDirectConnectGatewayAssociationProposal" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_hosted_connection.json b/src/mapping/aws/resource/directconnect/aws_dx_hosted_connection.json new file mode 100644 index 00000000..3892dbbe --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_hosted_connection.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "directconnect:DescribeHostedConnections", + "directconnect:AssociateHostedConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface.json b/src/mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface.json new file mode 100644 index 00000000..7a9684b7 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "directconnect:DescribeVirtualInterfaces", + "directconnect:CreatePrivateVirtualInterface", + "directconnect:DeleteVirtualInterface" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface_accepter.json b/src/mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface_accepter.json new file mode 100644 index 00000000..524ca65d --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_hosted_private_virtual_interface_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "directconnect:ConfirmPrivateVirtualInterface" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface.json b/src/mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface.json new file mode 100644 index 00000000..539a4f86 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "directconnect:CreatePublicVirtualInterface", + "directconnect:DescribeVirtualInterfaces", + "directconnect:DeleteVirtualInterface" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface_accepter.json b/src/mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface_accepter.json new file mode 100644 index 00000000..5959392e --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_hosted_public_virtual_interface_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "directconnect:ConfirmPublicVirtualInterface" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_hosted_transit_virtual_interface.json b/src/mapping/aws/resource/directconnect/aws_dx_hosted_transit_virtual_interface.json new file mode 100644 index 00000000..4af1c9d0 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_hosted_transit_virtual_interface.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "directconnect:CreateTransitVirtualInterface", + "directconnect:DescribeVirtualInterfaces", + "directconnect:DeleteVirtualInterface" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_lag.json b/src/mapping/aws/resource/directconnect/aws_dx_lag.json new file mode 100644 index 00000000..cae59182 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_lag.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "directconnect:DescribeLags", + "directconnect:CreateLag", + "directconnect:DeleteLag", + "directconnect:UpdateLag", + "directconnect:DescribeTags" + ], + "attributes": { + "tags": [ + "directconnect:TagResource", + "directconnect:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_macsec_key_association.json b/src/mapping/aws/resource/directconnect/aws_dx_macsec_key_association.json new file mode 100644 index 00000000..06eb1ab9 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_macsec_key_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "directconnect:AssociateMacSecKey", + "directconnect:DisassociateMacSecKey" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_private_virtual_interface.json b/src/mapping/aws/resource/directconnect/aws_dx_private_virtual_interface.json new file mode 100644 index 00000000..0eb05335 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_private_virtual_interface.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "directconnect:DescribeVirtualInterfaces", + "directconnect:CreatePrivateVirtualInterface", + "directconnect:DeleteVirtualInterface", + "directconnect:DescribeTags" + ], + "attributes": { + "tags": [ + "directconnect:TagResource", + "directconnect:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_public_virtual_interface.json b/src/mapping/aws/resource/directconnect/aws_dx_public_virtual_interface.json new file mode 100644 index 00000000..185ab5fc --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_public_virtual_interface.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "directconnect:CreatePublicVirtualInterface", + "directconnect:DescribeVirtualInterfaces", + "directconnect:DeleteVirtualInterface", + "directconnect:DescribeTags" + ], + "attributes": { + "tags": [ + "directconnect:TagResource", + "directconnect:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directconnect/aws_dx_transit_virtual_interface.json b/src/mapping/aws/resource/directconnect/aws_dx_transit_virtual_interface.json new file mode 100644 index 00000000..a7338745 --- /dev/null +++ b/src/mapping/aws/resource/directconnect/aws_dx_transit_virtual_interface.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "directconnect:CreateTransitVirtualInterface", + "directconnect:DescribeVirtualInterfaces", + "directconnect:DeleteVirtualInterface", + "directconnect:DescribeTags" + ], + "attributes": { + "tags": [ + "directconnect:TagResource", + "directconnect:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directoryservice/aws_directory_service_conditional_forwarder.json b/src/mapping/aws/resource/directoryservice/aws_directory_service_conditional_forwarder.json new file mode 100644 index 00000000..e7d16e8e --- /dev/null +++ b/src/mapping/aws/resource/directoryservice/aws_directory_service_conditional_forwarder.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "ds:DescribeConditionalForwarders", + "ds:CreateConditionalForwarder", + "ds:DeleteConditionalForwarder", + "ds:UpdateConditionalForwarder" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directoryservice/aws_directory_service_directory.json b/src/mapping/aws/resource/directoryservice/aws_directory_service_directory.json index 4ca530fd..f2168d99 100644 --- a/src/mapping/aws/resource/directoryservice/aws_directory_service_directory.json +++ b/src/mapping/aws/resource/directoryservice/aws_directory_service_directory.json @@ -16,7 +16,9 @@ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" + "ec2:RevokeSecurityGroupIngress", + "ds:EnableSso", + "ds:DisableSso" ], "attributes": { "tags": [ @@ -34,7 +36,10 @@ "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], - "modify": [], + "modify": [ + "ds:EnableSso", + "ds:DisableSso" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/directoryservice/aws_directory_service_radius_settings.json b/src/mapping/aws/resource/directoryservice/aws_directory_service_radius_settings.json new file mode 100644 index 00000000..e3ae16bf --- /dev/null +++ b/src/mapping/aws/resource/directoryservice/aws_directory_service_radius_settings.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ds:DisableRadius", + "ds:EnableRadius", + "ds:UpdateRadius" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directoryservice/aws_directory_service_region.json b/src/mapping/aws/resource/directoryservice/aws_directory_service_region.json new file mode 100644 index 00000000..68e6c4ec --- /dev/null +++ b/src/mapping/aws/resource/directoryservice/aws_directory_service_region.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ds:DescribeRegions", + "ds:AddRegion", + "ds:RemoveRegion" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directoryservice/aws_directory_service_shared_directory.json b/src/mapping/aws/resource/directoryservice/aws_directory_service_shared_directory.json new file mode 100644 index 00000000..88a4cc45 --- /dev/null +++ b/src/mapping/aws/resource/directoryservice/aws_directory_service_shared_directory.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ds:DescribeSharedDirectories", + "ds:UnshareDirectory", + "ds:ShareDirectory" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directoryservice/aws_directory_service_shared_directory_accepter.json b/src/mapping/aws/resource/directoryservice/aws_directory_service_shared_directory_accepter.json new file mode 100644 index 00000000..6d2e1079 --- /dev/null +++ b/src/mapping/aws/resource/directoryservice/aws_directory_service_shared_directory_accepter.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ds:RejectSharedDirectory", + "ds:AcceptSharedDirectory" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/directoryservice/aws_directory_service_trust.json b/src/mapping/aws/resource/directoryservice/aws_directory_service_trust.json new file mode 100644 index 00000000..3b351737 --- /dev/null +++ b/src/mapping/aws/resource/directoryservice/aws_directory_service_trust.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "ds:DescribeTrusts", + "ds:CreateTrust", + "ds:DeleteTrust", + "ds:UpdateTrust" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dms/aws_dms_replication_config.json b/src/mapping/aws/resource/dms/aws_dms_replication_config.json index 163dc19a..8486286b 100644 --- a/src/mapping/aws/resource/dms/aws_dms_replication_config.json +++ b/src/mapping/aws/resource/dms/aws_dms_replication_config.json @@ -4,7 +4,14 @@ "dms:CreateReplicationConfig", "dms:DescribeReplicationConfigs", "dms:DeleteReplicationConfig", - "dms:ModifyReplicationConfig" + "dms:ModifyReplicationConfig", + "dms:ListTagsForResource", + "iam:CreateServiceLinkedRole", + "iam:AttachRolePolicy", + "iam:PutRolePolicy", + "iam:UpdateRoleDescription", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" ], "attributes": { "tags": [ @@ -13,7 +20,9 @@ ] }, "destroy": [ - "dms:DeleteReplicationConfig" + "dms:DeleteReplicationConfig", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" ], "modify": [ "dms:ModifyReplicationConfig" diff --git a/src/mapping/aws/resource/docdb-elastic/aws_docdbelastic_cluster.json b/src/mapping/aws/resource/docdb-elastic/aws_docdbelastic_cluster.json new file mode 100644 index 00000000..b3496888 --- /dev/null +++ b/src/mapping/aws/resource/docdb-elastic/aws_docdbelastic_cluster.json @@ -0,0 +1,46 @@ +[ + { + "apply": [ + "docdb-elastic:CreateCluster", + "docdb-elastic:TagResource", + "docdb-elastic:GetCluster", + "docdb-elastic:ListTagsForResource", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints", + "ec2:DeleteVpcEndpoints", + "ec2:ModifyVpcEndpoint", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeAvailabilityZones", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:GetResourcePolicy", + "iam:CreateServiceLinkedRole", + "docdb-elastic:UpdateCluster", + "docdb-elastic:DeleteCluster" + ], + "attributes": { + "kms_key_id": [ + "kms:DescribeKey", + "kms:CreateGrant", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "docdb-elastic:TagResource", + "docdb-elastic:UntagResource" + ] + }, + "destroy": [ + "docdb-elastic:DeleteCluster" + ], + "modify": [ + "docdb-elastic:UpdateCluster" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/drs/aws_drs_replication_configuration_template.json b/src/mapping/aws/resource/drs/aws_drs_replication_configuration_template.json new file mode 100644 index 00000000..5efacf8a --- /dev/null +++ b/src/mapping/aws/resource/drs/aws_drs_replication_configuration_template.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "drs:CreateReplicationConfigurationTemplate", + "drs:DescribeReplicationConfigurationTemplates", + "drs:DeleteReplicationConfigurationTemplate", + "drs:UpdateReplicationConfigurationTemplate", + "drs:ListTagsForResource" + ], + "attributes": { + "tags": [ + "drs:TagResource", + "drs:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dsql/aws_dsql_cluster.json b/src/mapping/aws/resource/dsql/aws_dsql_cluster.json new file mode 100644 index 00000000..f25e2f10 --- /dev/null +++ b/src/mapping/aws/resource/dsql/aws_dsql_cluster.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "dsql:CreateCluster", + "dsql:GetCluster", + "iam:CreateServiceLinkedRole", + "dsql:GetVpcEndpointServiceName", + "dsql:ListTagsForResource", + "dsql:UpdateCluster", + "dsql:DeleteCluster" + ], + "attributes": { + "tags": [ + "dsql:TagResource", + "dsql:UntagResource" + ] + }, + "destroy": [ + "dsql:DeleteCluster" + ], + "modify": [ + "dsql:UpdateCluster" + ], + "plan": [ + "dsql:GetCluster" + ] + } +] diff --git a/src/mapping/aws/resource/dsql/aws_dsql_cluster_peering.json b/src/mapping/aws/resource/dsql/aws_dsql_cluster_peering.json new file mode 100644 index 00000000..787885f0 --- /dev/null +++ b/src/mapping/aws/resource/dsql/aws_dsql_cluster_peering.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dsql:AddPeerCluster", + "dsql:RemovePeerCluster" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "dsql:RemovePeerCluster" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dynamodb/aws_dynamodb_global_table.json b/src/mapping/aws/resource/dynamodb/aws_dynamodb_global_table.json index 38c66be0..23ef66a7 100644 --- a/src/mapping/aws/resource/dynamodb/aws_dynamodb_global_table.json +++ b/src/mapping/aws/resource/dynamodb/aws_dynamodb_global_table.json @@ -1,7 +1,8 @@ [ { "apply": [ - "dynamodb:CreateGlobalTable" + "dynamodb:CreateGlobalTable", + "dynamodb:UpdateGlobalTable" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/dynamodb/aws_dynamodb_kinesis_streaming_destination.json b/src/mapping/aws/resource/dynamodb/aws_dynamodb_kinesis_streaming_destination.json new file mode 100644 index 00000000..2422d812 --- /dev/null +++ b/src/mapping/aws/resource/dynamodb/aws_dynamodb_kinesis_streaming_destination.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dynamodb:DescribeKinesisStreamingDestination", + "dynamodb:DisableKinesisStreamingDestination", + "dynamodb:EnableKinesisStreamingDestination", + "dynamodb:UpdateKinesisStreamingDestination" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dynamodb/aws_dynamodb_resource_policy.json b/src/mapping/aws/resource/dynamodb/aws_dynamodb_resource_policy.json new file mode 100644 index 00000000..8ede8a54 --- /dev/null +++ b/src/mapping/aws/resource/dynamodb/aws_dynamodb_resource_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "dynamodb:GetResourcePolicy", + "dynamodb:DeleteResourcePolicy", + "dynamodb:PutResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dynamodb/aws_dynamodb_table.json b/src/mapping/aws/resource/dynamodb/aws_dynamodb_table.json index 113a0ade..aeb97f7d 100644 --- a/src/mapping/aws/resource/dynamodb/aws_dynamodb_table.json +++ b/src/mapping/aws/resource/dynamodb/aws_dynamodb_table.json @@ -1,42 +1,62 @@ -[ - { - "apply": [ - "dynamodb:CreateTable", - "dynamodb:DescribeTable", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeTimeToLive", - "dynamodb:ListTagsOfResource", - "dynamodb:DeleteTable" - ], - "attributes": { - "replica": [ - "dynamodb:CreateTableReplica", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:UpdateItem", - "dynamodb:PutItem", - "dynamodb:GetItem", - "dynamodb:DeleteItem", - "dynamodb:BatchWriteItem", - "iam:CreateServiceLinkedRole", - "dynamodb:UpdateContinuousBackups", - "dynamodb:DeleteTableReplica" - ], - "tags": [ - "dynamodb:TagResource", - "dynamodb:UntagResource" - ], - "ttl": [ - "dynamodb:UpdateTimeToLive" - ] - }, - "destroy": [ - "dynamodb:DeleteTable" - ], - "modify": [ - "dynamodb:UpdateTable", - "dynamodb:UpdateTimeToLive" - ], - "plan": [] - } -] +[ + { + "apply": [ + "dynamodb:CreateTable", + "dynamodb:DescribeTable", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeTimeToLive", + "dynamodb:ListTagsOfResource", + "dynamodb:DeleteTable" + ], + "attributes": { + "kms_key_arn": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:ListAliases", + "kms:Encrypt", + "kms:RevokeGrant" + ], + "point_in_time_recovery": [ + "dynamodb:UpdateContinuousBackups" + ], + "replica": [ + "dynamodb:CreateTableReplica", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateItem", + "dynamodb:PutItem", + "dynamodb:GetItem", + "dynamodb:DeleteItem", + "dynamodb:BatchWriteItem", + "iam:CreateServiceLinkedRole", + "dynamodb:UpdateContinuousBackups", + "dynamodb:DeleteTableReplica" + ], + "stream_enabled": [ + "kinesis:DescribeStream", + "kinesis:PutRecords", + "dynamodb:DescribeKinesisStreamingDestination", + "dynamodb:EnableKinesisStreamingDestination", + "dynamodb:DisableKinesisStreamingDestination" + ], + "tags": [ + "dynamodb:TagResource", + "dynamodb:UntagResource" + ], + "ttl": [ + "dynamodb:UpdateTimeToLive" + ] + }, + "destroy": [ + "dynamodb:DeleteTable" + ], + "modify": [ + "dynamodb:UpdateTable", + "dynamodb:UpdateTimeToLive" + ], + "plan": [ + "dynamodb:DescribeTable" + ] + } +] diff --git a/src/mapping/aws/resource/dynamodb/aws_dynamodb_table_export.json b/src/mapping/aws/resource/dynamodb/aws_dynamodb_table_export.json new file mode 100644 index 00000000..cd43bda7 --- /dev/null +++ b/src/mapping/aws/resource/dynamodb/aws_dynamodb_table_export.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dynamodb:DescribeExport", + "dynamodb:ExportTableToPointInTime" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/dynamodb/aws_dynamodb_table_replica.json b/src/mapping/aws/resource/dynamodb/aws_dynamodb_table_replica.json new file mode 100644 index 00000000..3b212034 --- /dev/null +++ b/src/mapping/aws/resource/dynamodb/aws_dynamodb_table_replica.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dynamodb:CreateTableReplica", + "dynamodb:DeleteTableReplica" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json b/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ebs_snapshot_block_public_access.json b/src/mapping/aws/resource/ec2/aws_ebs_snapshot_block_public_access.json new file mode 100644 index 00000000..3910879e --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ebs_snapshot_block_public_access.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:EnableSnapshotBlockPublicAccess", + "ec2:GetSnapshotBlockPublicAccessState", + "ec2:DisableSnapshotBlockPublicAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ebs_snapshot_import.json b/src/mapping/aws/resource/ec2/aws_ebs_snapshot_import.json new file mode 100644 index 00000000..65a2eb2b --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ebs_snapshot_import.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "ec2:ImportSnapshot", + "ec2:DescribeTags" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ebs_volume.json b/src/mapping/aws/resource/ec2/aws_ebs_volume.json index f9b22c0e..9c59776e 100644 --- a/src/mapping/aws/resource/ec2/aws_ebs_volume.json +++ b/src/mapping/aws/resource/ec2/aws_ebs_volume.json @@ -1,20 +1,33 @@ -[ - { - "apply": [ - "ec2:DeleteVolume", - "ec2:DescribeVolumes", - "ec2:CreateVolume" - ], - "attributes": { - "tags": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ] - }, - "destroy": [], - "modify": [ - "ec2:ModifyVolume" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DeleteVolume", + "ec2:DescribeVolumes", + "ec2:CreateVolume", + "ec2:DescribeVolumeAttribute", + "ec2:ModifyVolumeAttribute", + "ec2:DescribeSnapshots", + "ec2:DeleteVolume", + "ec2:ModifyVolumeAttribute" + ], + "attributes": { + "kms_key_id": [ + "kms:GenerateDataKeyWithoutPlaintext", + "kms:CreateGrant" + ], + "tags": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] + }, + "destroy": [ + "ec2:DescribeSnapshots", + "ec2:DeleteVolume" + ], + "modify": [ + "ec2:ModifyVolume", + "ec2:ModifyVolumeAttribute" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_capacity_block_reservation.json b/src/mapping/aws/resource/ec2/aws_ec2_capacity_block_reservation.json new file mode 100644 index 00000000..f908a566 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_capacity_block_reservation.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "ec2:CreateCapacityReservation", + "ec2:DescribeCapacityReservations", + "ec2:CancelCapacityReservation", + "ec2:ModifyCapacityReservation", + "ec2:AssociateCapacityReservationBillingOwner" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:CreateCapacityReservation", + "ec2:DescribeCapacityReservations", + "ec2:CancelCapacityReservation" + ], + "modify": [ + "ec2:ModifyCapacityReservation", + "ec2:CreateCapacityReservation", + "ec2:DescribeCapacityReservations", + "ec2:CancelCapacityReservation", + "ec2:AssociateCapacityReservationBillingOwner" + ], + "plan": [ + "ec2:DescribeCapacityReservations" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_capacity_reservation.json b/src/mapping/aws/resource/ec2/aws_ec2_capacity_reservation.json index 6bc1a35a..35723122 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_capacity_reservation.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_capacity_reservation.json @@ -1,21 +1,24 @@ -[ - { - "apply": [ - "ec2:CreateCapacityReservation", - "ec2:DescribeCapacityReservations", - "ec2:CancelCapacityReservation", - "ec2:DescribeAccountAttributes" - ], - "attributes": { - "tags": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ] - }, - "destroy": [], - "modify": [ - "ec2:ModifyCapacityReservation" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateCapacityReservation", + "ec2:DescribeCapacityReservations", + "ec2:CancelCapacityReservation", + "ec2:DescribeAccountAttributes" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:CancelCapacityReservation" + ], + "modify": [ + "ec2:ModifyCapacityReservation", + "ec2:CancelCapacityReservation" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_default_credit_specification.json b/src/mapping/aws/resource/ec2/aws_ec2_default_credit_specification.json new file mode 100644 index 00000000..e68fcd5a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_default_credit_specification.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:GetDefaultCreditSpecification", + "ec2:ModifyDefaultCreditSpecification" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_host.json b/src/mapping/aws/resource/ec2/aws_ec2_host.json index e4a823e0..01c29192 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_host.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_host.json @@ -3,7 +3,8 @@ "apply": [ "ec2:AllocateHosts", "ec2:DescribeHosts", - "ec2:ReleaseHosts" + "ec2:ReleaseHosts", + "ec2:ModifyHosts" ], "attributes": { "tags": [ @@ -14,7 +15,9 @@ "destroy": [ "ec2:ReleaseHosts" ], - "modify": [], + "modify": [ + "ec2:ModifyHosts" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_image_block_public_access.json b/src/mapping/aws/resource/ec2/aws_ec2_image_block_public_access.json new file mode 100644 index 00000000..01c86245 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_image_block_public_access.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:EnableImageBlockPublicAccess", + "ec2:GetImageBlockPublicAccessState" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_instance_connect_endpoint.json b/src/mapping/aws/resource/ec2/aws_ec2_instance_connect_endpoint.json new file mode 100644 index 00000000..78cd333a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_instance_connect_endpoint.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "ec2:CreateInstanceConnectEndpoint", + "ec2:DescribeInstanceConnectEndpoints", + "ec2:DescribeInstanceConnectEndpoints", + "ec2:CreateNetworkInterface", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteInstanceConnectEndpoint", + "ec2:DescribeInstanceConnectEndpoints" + ], + "modify": [ + "ec2:DescribeInstanceConnectEndpoints" + ], + "plan": [ + "ec2:DescribeInstanceConnectEndpoints" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_instance_metadata_defaults.json b/src/mapping/aws/resource/ec2/aws_ec2_instance_metadata_defaults.json new file mode 100644 index 00000000..8dc15c9c --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_instance_metadata_defaults.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:GetInstanceMetadataDefaults", + "ec2:ModifyInstanceMetadataDefaults" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_instance_state.json b/src/mapping/aws/resource/ec2/aws_ec2_instance_state.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_instance_state.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_local_gateway_route.json b/src/mapping/aws/resource/ec2/aws_ec2_local_gateway_route.json new file mode 100644 index 00000000..442b5735 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_local_gateway_route.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "ec2:CreateLocalGatewayRoute", + "ec2:SearchLocalGatewayRoutes", + "ec2:DeleteLocalGatewayRoute", + "ec2:ModifyLocalGatewayRoute" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DeleteLocalGatewayRoute" + ], + "modify": [ + "ec2:ModifyLocalGatewayRoute" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_local_gateway_route_table_vpc_association.json b/src/mapping/aws/resource/ec2/aws_ec2_local_gateway_route_table_vpc_association.json new file mode 100644 index 00000000..0a75b6c8 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_local_gateway_route_table_vpc_association.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "ec2:CreateLocalGatewayRouteTable", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DeleteLocalGatewayRouteTable", + "ec2:DescribeTags" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteLocalGatewayRouteTable" + ], + "modify": [ + "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:DescribeTags" + ], + "plan": [ + "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:DescribeTags" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_managed_prefix_list.json b/src/mapping/aws/resource/ec2/aws_ec2_managed_prefix_list.json new file mode 100644 index 00000000..7a01087c --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_managed_prefix_list.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "ec2:CreateManagedPrefixList", + "ec2:DescribeManagedPrefixLists", + "ec2:DeleteManagedPrefixList", + "ec2:GetManagedPrefixListEntries", + "ec2:ModifyManagedPrefixList" + ], + "attributes": { + "tags": [ + "ec2:CreateTags" + ] + }, + "destroy": [ + "ec2:DeleteManagedPrefixList" + ], + "modify": [ + "ec2:GetManagedPrefixListEntries", + "ec2:ModifyManagedPrefixList" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_managed_prefix_list_entry.json b/src/mapping/aws/resource/ec2/aws_ec2_managed_prefix_list_entry.json new file mode 100644 index 00000000..e1c4c492 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_managed_prefix_list_entry.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:DescribeManagedPrefixLists", + "ec2:GetManagedPrefixListEntries" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_serial_console_access.json b/src/mapping/aws/resource/ec2/aws_ec2_serial_console_access.json new file mode 100644 index 00000000..a62a3929 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_serial_console_access.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:EnableSerialConsoleAccess", + "ec2:GetSerialConsoleAccessStatus", + "ec2:DisableSerialConsoleAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_subnet_cidr_reservation.json b/src/mapping/aws/resource/ec2/aws_ec2_subnet_cidr_reservation.json new file mode 100644 index 00000000..f5ed6bba --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_subnet_cidr_reservation.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:GetSubnetCidrReservations", + "ec2:CreateSubnetCidrReservation", + "ec2:DeleteSubnetCidrReservation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter.json b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter.json new file mode 100644 index 00000000..21a648c7 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "ec2:CreateTrafficMirrorFilter", + "ec2:ModifyTrafficMirrorFilterNetworkServices", + "ec2:DescribeTrafficMirrorFilters", + "ec2:DeleteTrafficMirrorFilter" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter_rule.json b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter_rule.json new file mode 100644 index 00000000..723668da --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_filter_rule.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "ec2:CreateTrafficMirrorFilterRule", + "ec2:DeleteTrafficMirrorFilterRule", + "ec2:ModifyTrafficMirrorFilterRule" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_session.json b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_session.json new file mode 100644 index 00000000..567e5a4f --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_session.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "ec2:CreateTrafficMirrorSession", + "ec2:DeleteTrafficMirrorSession", + "ec2:ModifyTrafficMirrorSession", + "ec2:DescribeTrafficMirrorSessions" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_target.json b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_target.json new file mode 100644 index 00000000..0ea89fce --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_traffic_mirror_target.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "ec2:CreateTrafficMirrorTarget", + "ec2:DescribeTrafficMirrorTargets", + "ec2:DeleteTrafficMirrorTarget" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway.json index aaa776dc..162eb877 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway.json @@ -2,7 +2,10 @@ { "apply": [ "ec2:CreateTransitGateway", - "ec2:DescribeTransitGateways" + "ec2:DescribeTransitGateways", + "ec2:DescribeTags", + "ec2:ModifyTransitGateway", + "ec2:ModifyTransitGatewayOptions" ], "attributes": { "tags": [ @@ -13,7 +16,10 @@ "destroy": [ "ec2:DeleteTransitGateway" ], - "modify": [], + "modify": [ + "ec2:ModifyTransitGateway", + "ec2:ModifyTransitGatewayOptions" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect.json new file mode 100644 index 00000000..4e5b6e2a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "ec2:CreateTransitGatewayConnect", + "ec2:DescribeTransitGatewayConnects", + "ec2:DeleteTransitGatewayConnect", + "ec2:DescribeTags" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteTransitGatewayConnect" + ], + "modify": [ + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTags" + ], + "plan": [ + "ec2:DescribeTransitGatewayConnects" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect_peer.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect_peer.json new file mode 100644 index 00000000..7390e938 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_connect_peer.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:DescribeTransitGatewayConnectPeers", + "ec2:CreateTransitGatewayConnectPeer", + "ec2:DeleteTransitGatewayConnectPeer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_default_route_table_association.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_default_route_table_association.json new file mode 100644 index 00000000..24100402 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_default_route_table_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:ReplaceRouteTableAssociation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_default_route_table_propagation.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_default_route_table_propagation.json new file mode 100644 index 00000000..646f9153 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_default_route_table_propagation.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:DisableTransitGatewayRouteTablePropagation", + "ec2:EnableTransitGatewayRouteTablePropagation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain.json new file mode 100644 index 00000000..b5172605 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:CreateTransitGatewayMulticastDomain", + "ec2:DescribeTags" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteTransitGatewayMulticastDomain", + "ec2:DescribeTags" + ], + "modify": [ + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTags" + ], + "plan": [ + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTags" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain_association.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain_association.json new file mode 100644 index 00000000..ce7016f4 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_domain_association.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "ec2:AssociateTransitGatewayMulticastDomain", + "ec2:GetTransitGatewayMulticastDomainAssociations", + "ec2:DisassociateTransitGatewayMulticastDomain" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DisassociateTransitGatewayMulticastDomain" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_member.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_member.json new file mode 100644 index 00000000..ac7c3fd8 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_member.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "ec2:RegisterTransitGatewayMulticastGroupMembers", + "ec2:SearchTransitGatewayMulticastGroups", + "ec2:DeregisterTransitGatewayMulticastGroupMembers" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DeregisterTransitGatewayMulticastGroupMembers" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_source.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_source.json new file mode 100644 index 00000000..322d5d0d --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_multicast_group_source.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "ec2:RegisterTransitGatewayMulticastGroupSources", + "ec2:SearchTransitGatewayMulticastGroups", + "ec2:DeregisterTransitGatewayMulticastGroupSources" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DeregisterTransitGatewayMulticastGroupSources" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment.json new file mode 100644 index 00000000..eb57c466 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "ec2:CreateTransitGatewayPeeringAttachment", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DeleteTransitGatewayPeeringAttachment", + "ec2:DescribeTags" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteTransitGatewayPeeringAttachment", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTags" + ], + "modify": [ + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTags" + ], + "plan": [ + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTags" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment_accepter.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment_accepter.json new file mode 100644 index 00000000..e2685062 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_peering_attachment_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:AcceptTransitGatewayPeeringAttachment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table.json new file mode 100644 index 00000000..da572084 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:DescribeTransitGatewayPolicyTables", + "ec2:DeleteTransitGatewayPolicyTable", + "ec2:CreateTransitGatewayPolicyTable" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table_association.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table_association.json new file mode 100644 index 00000000..98e5ed16 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_policy_table_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:GetTransitGatewayPolicyTableAssociations", + "ec2:AssociateTransitGatewayPolicyTable", + "ec2:DisassociateTransitGatewayPolicyTable" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_prefix_list_reference.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_prefix_list_reference.json new file mode 100644 index 00000000..fb3f1419 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_prefix_list_reference.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "ec2:GetTransitGatewayPrefixListReferences", + "ec2:CreateTransitGatewayPrefixListReference", + "ec2:DeleteTransitGatewayPrefixListReference", + "ec2:ModifyTransitGatewayPrefixListReference" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route.json index a252ce76..955ef356 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route.json @@ -4,7 +4,8 @@ "ec2:CreateTransitGatewayRoute", "ec2:DescribeTransitGatewayRoute", "ec2:ReplaceTransitGatewayRoute", - "ec2:SearchTransitGatewayRoutes" + "ec2:SearchTransitGatewayRoutes", + "ec2:DeleteTransitGatewayRoute" ], "attributes": {}, "destroy": [ diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table.json index 1bba08d2..737190c4 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table.json @@ -1,19 +1,24 @@ -[ - { - "apply": [ - "ec2:CreateTransitGatewayRouteTable", - "ec2:DescribeTransitGatewayRouteTable" - ], - "attributes": { - "tags": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ] - }, - "destroy": [ - "ec2:DeleteTransitGatewayRouteTable" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateTransitGatewayRouteTable", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DeleteTransitGatewayRouteTable", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:DisassociateTransitGatewayRouteTable" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteTransitGatewayRouteTable", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:DisassociateTransitGatewayRouteTable" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_association.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_association.json index 63ba2a0a..e44c68f9 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_association.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_association.json @@ -2,7 +2,8 @@ { "apply": [ "ec2:AssociateTransitGatewayRouteTable", - "ec2:GetTransitGatewayRouteTableAssociations" + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:DisassociateTransitGatewayRouteTable" ], "attributes": {}, "destroy": [ diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_propagation.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_propagation.json index 79414004..aa4443bc 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_propagation.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_route_table_propagation.json @@ -2,7 +2,8 @@ { "apply": [ "ec2:EnableTransitGatewayRouteTablePropagation", - "ec2:GetTransitGatewayRouteTablePropagations" + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:DisableTransitGatewayRouteTablePropagation" ], "attributes": {}, "destroy": [ diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment.json index 1653da9c..8c13459e 100644 --- a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment.json +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment.json @@ -2,9 +2,12 @@ { "apply": [ "ec2:CreateTransitGatewayVpcAttachment", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:DescribeTags", + "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", - "ec2:DeleteTransitGatewayVpcAttachment" + "ec2:ModifyTransitGatewayVpcAttachment" ], "attributes": { "tags": [ @@ -13,9 +16,20 @@ ] }, "destroy": [ - "ec2:DeleteTransitGatewayVpcAttachment" + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:DescribeTags" ], - "modify": [], - "plan": [] + "modify": [ + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTags", + "ec2:CreateTransitGatewayVpcAttachment", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:ModifyTransitGatewayVpcAttachment" + ], + "plan": [ + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTags" + ] } ] diff --git a/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment_accepter.json b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment_accepter.json new file mode 100644 index 00000000..18025b77 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ec2_transit_gateway_vpc_attachment_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:AcceptTransitGatewayVpcAttachment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_eip.json b/src/mapping/aws/resource/ec2/aws_eip.json index c6a6d193..7930a88f 100644 --- a/src/mapping/aws/resource/ec2/aws_eip.json +++ b/src/mapping/aws/resource/ec2/aws_eip.json @@ -1,28 +1,31 @@ -[ - { - "apply": [ - "ec2:ReleaseAddress", - "ec2:DescribeAddresses", - "ec2:AllocateAddress", - "ec2:ReleaseAddress", - "ec2:AssociateAddress" - ], - "attributes": { - "instance": [ - "ec2:AssociateAddress" - ], - "network_interface": [ - "ec2:AssociateAddress" - ], - "tags": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ] - }, - "destroy": [ - "ec2:DisassociateAddress" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:ReleaseAddress", + "ec2:DescribeAddresses", + "ec2:AllocateAddress", + "ec2:ReleaseAddress", + "ec2:AssociateAddress" + ], + "attributes": { + "customer_owned_ipv4_pool": [ + "ec2:AcceptAddressTransfer" + ], + "instance": [ + "ec2:AssociateAddress" + ], + "network_interface": [ + "ec2:AssociateAddress" + ], + "tags": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] + }, + "destroy": [ + "ec2:DisassociateAddress" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_eip_association.json b/src/mapping/aws/resource/ec2/aws_eip_association.json index 1188a119..0e9c05dd 100644 --- a/src/mapping/aws/resource/ec2/aws_eip_association.json +++ b/src/mapping/aws/resource/ec2/aws_eip_association.json @@ -2,13 +2,16 @@ { "apply": [ "ec2:AssociateAddress", - "ec2:DisassociateAddress" + "ec2:DisassociateAddress", + "ec2:DescribeAddresses" ], "attributes": { "tags": [] }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "ec2:DescribeAddresses" + ] } ] diff --git a/src/mapping/aws/resource/ec2/aws_eip_domain_name.json b/src/mapping/aws/resource/ec2/aws_eip_domain_name.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_eip_domain_name.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_flow_log.json b/src/mapping/aws/resource/ec2/aws_flow_log.json index c5403f8c..1746afda 100644 --- a/src/mapping/aws/resource/ec2/aws_flow_log.json +++ b/src/mapping/aws/resource/ec2/aws_flow_log.json @@ -1,22 +1,25 @@ -[ - { - "apply": [ - "ec2:CreateFlowLogs", - "ec2:DescribeAccountAttributes", - "ec2:DescribeFlowLogs", - "iam:PassRole", - "ec2:DeleteFlowLogs" - ], - "attributes": { - "tags": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ] - }, - "destroy": [ - "ec2:DeleteFlowLogs" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateFlowLogs", + "ec2:DescribeAccountAttributes", + "ec2:DescribeFlowLogs", + "iam:PassRole", + "ec2:DeleteFlowLogs" + ], + "attributes": { + "log_destination": [ + "logs:CreateLogDelivery" + ], + "tags": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] + }, + "destroy": [ + "ec2:DeleteFlowLogs" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_instance.json b/src/mapping/aws/resource/ec2/aws_instance.json index d38e632a..2431ceb9 100644 --- a/src/mapping/aws/resource/ec2/aws_instance.json +++ b/src/mapping/aws/resource/ec2/aws_instance.json @@ -7,13 +7,52 @@ "ec2:DescribeVolumes", "ec2:DescribeInstanceTypes", "ec2:RunInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstanceCreditSpecifications" ], "attributes": { + "credit_specification": [ + "ec2:ModifyInstanceCreditSpecification", + "ec2:DescribeInstanceCreditSpecifications" + ], + "iam_instance_profile": [ + "ec2:AssociateIamInstanceProfile", + "ec2:DescribeIamInstanceProfileAssociations", + "ec2:DisassociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation", + "iam:PassRole" + ], + "key_name": [ + "ec2:DescribeKeyPairs" + ], + "launch_template": [ + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions" + ], + "maintenance_options": [ + "ec2:ModifyInstanceMaintenanceOptions" + ], "monitoring": [ "ec2:MonitorInstances", "ec2:UnmonitorInstances" ], + "network_interface": [ + "ec2:DescribeNetworkInterfaces" + ], + "placement_group": [ + "ec2:ModifyInstancePlacement" + ], + "private_dns_name_options": [ + "ec2:ModifyPrivateDnsNameOptions" + ], + "security_groups": [ + "ec2:DescribeSecurityGroups" + ], + "subnet_id": [ + "ec2:DescribeSubnets" + ], "tags": [ "ec2:CreateTags", "ec2:DeleteTags" diff --git a/src/mapping/aws/resource/ec2/aws_internet_gateway_attachment.json b/src/mapping/aws/resource/ec2/aws_internet_gateway_attachment.json new file mode 100644 index 00000000..2741e81c --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_internet_gateway_attachment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:AttachInternetGateway", + "ec2:DetachInternetGateway" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_key_pair.json b/src/mapping/aws/resource/ec2/aws_key_pair.json index 3d7d1a9c..2502d0b3 100644 --- a/src/mapping/aws/resource/ec2/aws_key_pair.json +++ b/src/mapping/aws/resource/ec2/aws_key_pair.json @@ -1,21 +1,24 @@ -[ - { - "apply": [ - "ec2:ImportKeyPair", - "ec2:CreateKeyPair", - "ec2:DescribeKeyPairs", - "ec2:DeleteKeyPair" - ], - "attributes": { - "tags": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ] - }, - "destroy": [ - "ec2:DeleteKeyPair" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:ImportKeyPair", + "ec2:CreateKeyPair", + "ec2:DescribeKeyPairs", + "ec2:DeleteKeyPair", + "ssm:PutParameter", + "ssm:DeleteParameter" + ], + "attributes": { + "tags": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] + }, + "destroy": [ + "ec2:DeleteKeyPair", + "ssm:DeleteParameter" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_main_route_table_association.json b/src/mapping/aws/resource/ec2/aws_main_route_table_association.json new file mode 100644 index 00000000..e0c12840 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_main_route_table_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:AssociateRouteTable", + "ec2:DisassociateRouteTable" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_nat_gateway.json b/src/mapping/aws/resource/ec2/aws_nat_gateway.json index d7432d97..4d8c3252 100644 --- a/src/mapping/aws/resource/ec2/aws_nat_gateway.json +++ b/src/mapping/aws/resource/ec2/aws_nat_gateway.json @@ -1,20 +1,29 @@ -[ - { - "apply": [ - "ec2:CreateNatGateway", - "ec2:DeleteNatGateway", - "ec2:DescribeNatGateways" - ], - "attributes": { - "tags": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ] - }, - "destroy": [ - "ec2:DeleteNatGateway" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateNatGateway", + "ec2:DeleteNatGateway", + "ec2:DescribeNatGateways", + "ec2:AssociateNatGatewayAddress", + "ec2:DisassociateNatGatewayAddress", + "ec2:AssignPrivateNatGatewayAddress", + "ec2:UnassignPrivateNatGatewayAddress" + ], + "attributes": { + "tags": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] + }, + "destroy": [ + "ec2:DeleteNatGateway" + ], + "modify": [ + "ec2:AssociateNatGatewayAddress", + "ec2:DisassociateNatGatewayAddress", + "ec2:AssignPrivateNatGatewayAddress", + "ec2:UnassignPrivateNatGatewayAddress" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_network_acl_association.json b/src/mapping/aws/resource/ec2/aws_network_acl_association.json new file mode 100644 index 00000000..e11f4e8c --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_network_acl_association.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "ec2:DescribeNetworkAcls", + "ec2:ReplaceNetworkAclAssociation", + "ec2:ReplaceNetworkAclAssociation" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:ReplaceNetworkAclAssociation" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_network_acl_rule.json b/src/mapping/aws/resource/ec2/aws_network_acl_rule.json index bcf747b4..24bf2fda 100644 --- a/src/mapping/aws/resource/ec2/aws_network_acl_rule.json +++ b/src/mapping/aws/resource/ec2/aws_network_acl_rule.json @@ -1,15 +1,18 @@ -[ - { - "apply": [ - "ec2:CreateNetworkAclEntry", - "ec2:DescribeNetworkAcls", - "ec2:DeleteNetworkAclEntry" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateNetworkAclEntry", + "ec2:DescribeNetworkAcls", + "ec2:DeleteNetworkAclEntry", + "ec2:ReplaceNetworkAclEntry" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [ + "ec2:ReplaceNetworkAclEntry" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_network_interface.json b/src/mapping/aws/resource/ec2/aws_network_interface.json index 4839d731..d97bf352 100644 --- a/src/mapping/aws/resource/ec2/aws_network_interface.json +++ b/src/mapping/aws/resource/ec2/aws_network_interface.json @@ -1,20 +1,32 @@ -[ - { - "apply": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface" - ], - "attributes": { - "tags": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ] - }, - "destroy": [ - "ec2:DeleteNetworkInterface" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:UnassignIpv6Addresses", + "ec2:AssignIpv6Addresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssignPrivateIpAddresses", + "ec2:ModifyPublicIpDnsNameOptions" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteNetworkInterface" + ], + "modify": [ + "ec2:UnassignIpv6Addresses", + "ec2:AssignIpv6Addresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssignPrivateIpAddresses", + "ec2:ModifyPublicIpDnsNameOptions" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_network_interface_attachment.json b/src/mapping/aws/resource/ec2/aws_network_interface_attachment.json new file mode 100644 index 00000000..8f0369ac --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_network_interface_attachment.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "ec2:AttachNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DetachNetworkInterface" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DetachNetworkInterface" + ], + "modify": [ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_network_interface_permission.json b/src/mapping/aws/resource/ec2/aws_network_interface_permission.json new file mode 100644 index 00000000..5e3fae26 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_network_interface_permission.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DeleteNetworkInterfacePermission" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json b/src/mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json new file mode 100644 index 00000000..88f12572 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_route.json b/src/mapping/aws/resource/ec2/aws_route.json index 4566b1bc..b07f4412 100644 --- a/src/mapping/aws/resource/ec2/aws_route.json +++ b/src/mapping/aws/resource/ec2/aws_route.json @@ -1,17 +1,21 @@ -[ - { - "apply": [ - "ec2:CreateRoute", - "ec2:DescribeRouteTables", - "ec2:DeleteRoute" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "ec2:DeleteRoute" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateRoute", + "ec2:DescribeRouteTables", + "ec2:DeleteRoute", + "ec2:DescribeNetworkInterfaces", + "ec2:ReplaceRoute" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DeleteRoute" + ], + "modify": [ + "ec2:ReplaceRoute" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_route_table_association.json b/src/mapping/aws/resource/ec2/aws_route_table_association.json index 1a786631..54b6639e 100644 --- a/src/mapping/aws/resource/ec2/aws_route_table_association.json +++ b/src/mapping/aws/resource/ec2/aws_route_table_association.json @@ -1,18 +1,20 @@ -[ - { - "apply": [ - "ec2:DescribeAccountAttributes", - "ec2:AssociateRouteTable", - "ec2:DescribeRouteTables", - "ec2:DisassociateRouteTable" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "ec2:DisassociateRouteTable" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DescribeAccountAttributes", + "ec2:AssociateRouteTable", + "ec2:DescribeRouteTables", + "ec2:DisassociateRouteTable", + "ec2:ReplaceRouteTableAssociation", + "ec2:DescribeSubnets" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DisassociateRouteTable" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_spot_datafeed_subscription.json b/src/mapping/aws/resource/ec2/aws_spot_datafeed_subscription.json new file mode 100644 index 00000000..e79b24a0 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_spot_datafeed_subscription.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:DescribeSpotDatafeedSubscription", + "ec2:CreateSpotDatafeedSubscription", + "ec2:DeleteSpotDatafeedSubscription" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_spot_fleet_request.json b/src/mapping/aws/resource/ec2/aws_spot_fleet_request.json new file mode 100644 index 00000000..11a462c4 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_spot_fleet_request.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "iam:PassRole", + "ec2:RequestSpotFleet", + "ec2:DescribeSpotFleetRequests", + "ec2:RunInstances", + "ec2:ModifySpotFleetRequest", + "ec2:CancelSpotFleetRequests" + ], + "attributes": { + "tags": [ + "ec2:CreateTags" + ] + }, + "destroy": [ + "ec2:CancelSpotFleetRequests" + ], + "modify": [ + "ec2:ModifySpotFleetRequest" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_subnet.json b/src/mapping/aws/resource/ec2/aws_subnet.json index b46bab4e..460e7dc8 100644 --- a/src/mapping/aws/resource/ec2/aws_subnet.json +++ b/src/mapping/aws/resource/ec2/aws_subnet.json @@ -5,7 +5,10 @@ "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "ec2:DeleteSubnet", - "ec2:DescribeNetworkInterfaces" + "ec2:DescribeNetworkInterfaces", + "ec2:ModifySubnetAttribute", + "ec2:AssociateSubnetCidrBlock", + "ec2:DisassociateSubnetCidrBlock" ], "attributes": { "tags": [ @@ -16,7 +19,11 @@ "destroy": [ "ec2:DeleteSubnet" ], - "modify": [], + "modify": [ + "ec2:ModifySubnetAttribute", + "ec2:AssociateSubnetCidrBlock", + "ec2:DisassociateSubnetCidrBlock" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ec2/aws_verifiedaccess_endpoint.json b/src/mapping/aws/resource/ec2/aws_verifiedaccess_endpoint.json index f97d9440..5c689d41 100644 --- a/src/mapping/aws/resource/ec2/aws_verifiedaccess_endpoint.json +++ b/src/mapping/aws/resource/ec2/aws_verifiedaccess_endpoint.json @@ -1,19 +1,79 @@ [ { "apply": [ + "acm:CreateCertificateRelation", + "acm:DeleteCertificateRelation", + "acm:DescribeCertificate", + "acm:GetCertificateWithPK", "ec2:CreateVerifiedAccessEndpoint", "ec2:DeleteVerifiedAccessEndpoint", - "ec2:ModifyVerifiedAccessEndpoint" + "ec2:DescribeAccountAttributes", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVerifiedAccessEndpoints", + "ec2:ModifyVerifiedAccessEndpoint", + "ec2:DescribeVerifiedAccessEndpoints", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "iam:ListRoles", + "sso:CreateManagedApplicationInstance", + "sso:DeleteManagedApplicationInstance", + "sso:GetManagedApplicationInstance", + "sso:GetPeregrineStatus", + "sso:GetSharedSsoConfiguration", + "sso:PutApplicationAccessScope", + "sso:GetSharedSsoConfiguration", + "rds:DescribeDbInstances", + "rds:DescribeDbProxies", + "rds:DescribeDbClusters", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeVpcEndpointServiceConfigurations" ], "attributes": { - "tags": [] + "load_balancer_options": [ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates" + ], + "policy_document": [ + "ec2:GetVerifiedAccessEndpointPolicy", + "ec2:ModifyVerifiedAccessEndpointPolicy" + ], + "security_group_ids": [ + "ec2:DescribeSecurityGroups" + ], + "sse_specification": [ + "kms:DescribeKey", + "kms:RetireGrant", + "kms:CreateGrant", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] }, "destroy": [ - "ec2:DeleteVerifiedAccessEndpoint" + "ec2:DeleteVerifiedAccessEndpoint", + "sso:DeleteManagedApplicationInstance", + "acm:DeleteCertificateRelation" ], "modify": [ - "ec2:ModifyVerifiedAccessEndpoint" + "ec2:ModifyVerifiedAccessEndpoint", + "ec2:ModifyVerifiedAccessEndpointPolicy", + "acm:DeleteCertificateRelation", + "sso:DeleteManagedApplicationInstance" ], - "plan": [] + "plan": [ + "ec2:DescribeVerifiedAccessEndpoints", + "ec2:GetVerifiedAccessEndpointPolicy", + "ec2:DescribeTags", + "rds:DescribeDbInstances", + "rds:DescribeDbProxies", + "rds:DescribeDbClusters" + ] } ] diff --git a/src/mapping/aws/resource/ec2/aws_verifiedaccess_group.json b/src/mapping/aws/resource/ec2/aws_verifiedaccess_group.json index 3ed6afda..44b78ade 100644 --- a/src/mapping/aws/resource/ec2/aws_verifiedaccess_group.json +++ b/src/mapping/aws/resource/ec2/aws_verifiedaccess_group.json @@ -3,10 +3,26 @@ "apply": [ "ec2:CreateVerifiedAccessGroup", "ec2:DeleteVerifiedAccessGroup", - "ec2:ModifyVerifiedAccessGroup" + "ec2:ModifyVerifiedAccessGroup", + "ec2:DescribeVerifiedAccessGroups", + "ec2:DescribeTags" ], "attributes": { - "tags": [] + "policy_document": [ + "ec2:GetVerifiedAccessGroupPolicy", + "ec2:ModifyVerifiedAccessGroupPolicy" + ], + "server_side_encryption_configuration": [ + "kms:DescribeKey", + "kms:RetireGrant", + "kms:CreateGrant", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] }, "destroy": [ "ec2:DeleteVerifiedAccessGroup" diff --git a/src/mapping/aws/resource/ec2/aws_verifiedaccess_instance.json b/src/mapping/aws/resource/ec2/aws_verifiedaccess_instance.json index 14721c12..89a20b3d 100644 --- a/src/mapping/aws/resource/ec2/aws_verifiedaccess_instance.json +++ b/src/mapping/aws/resource/ec2/aws_verifiedaccess_instance.json @@ -5,10 +5,14 @@ "ec2:DeleteVerifiedAccessInstance", "ec2:ModifyVerifiedAccessInstance", "verified-access:AllowVerifiedAccess", - "ec2:DescribeVerifiedAccessInstances" + "ec2:DescribeVerifiedAccessInstances", + "ec2:DescribeTags" ], "attributes": { - "tags": [] + "tags": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ] }, "destroy": [ "ec2:DeleteVerifiedAccessInstance" diff --git a/src/mapping/aws/resource/ec2/aws_verifiedaccess_trust_provider.json b/src/mapping/aws/resource/ec2/aws_verifiedaccess_trust_provider.json index 9e393d71..7d0e38fa 100644 --- a/src/mapping/aws/resource/ec2/aws_verifiedaccess_trust_provider.json +++ b/src/mapping/aws/resource/ec2/aws_verifiedaccess_trust_provider.json @@ -4,15 +4,22 @@ "ec2:CreateVerifiedAccessTrustProvider", "ec2:AttachVerifiedAccessTrustProvider", "ec2:DetachVerifiedAccessTrustProvider", - "ec2:DeleteVerifiedAccessTrustProvider" + "ec2:DeleteVerifiedAccessTrustProvider", + "ec2:ModifyVerifiedAccessTrustProvider", + "ec2:DescribeTags" ], "attributes": { - "tags": [] + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] }, "destroy": [ "ec2:DeleteVerifiedAccessTrustProvider" ], - "modify": [], + "modify": [ + "ec2:ModifyVerifiedAccessTrustProvider" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ec2/aws_volume_attachment.json b/src/mapping/aws/resource/ec2/aws_volume_attachment.json index f9c00e73..ac260768 100644 --- a/src/mapping/aws/resource/ec2/aws_volume_attachment.json +++ b/src/mapping/aws/resource/ec2/aws_volume_attachment.json @@ -1,17 +1,18 @@ -[ - { - "apply": [ - "ec2:DescribeVolumes", - "ec2:DescribeInstances", - "ec2:AttachVolume" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "ec2:DetachVolume" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DescribeVolumes", + "ec2:DescribeInstances", + "ec2:AttachVolume", + "ec2:DetachVolume" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DetachVolume" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc.json b/src/mapping/aws/resource/ec2/aws_vpc.json index bdf098b7..6ef9b326 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc.json +++ b/src/mapping/aws/resource/ec2/aws_vpc.json @@ -1,22 +1,28 @@ -[ - { - "apply": [ - "ec2:CreateVPC", - "ec2:DeleteVPC", - "ec2:DescribeVpcs", - "ec2:DescribeAccountAttributes", - "ec2:DescribeVpcAttribute" - ], - "attributes": { - "tags": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ] - }, - "destroy": [ - "ec2:DeleteVPC" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateVPC", + "ec2:DeleteVPC", + "ec2:DescribeNetworkAcls", + "ec2:DescribeVpcs", + "ec2:DescribeAccountAttributes", + "ec2:DescribeVpcAttribute", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcTenancy" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteVPC" + ], + "modify": [ + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcTenancy" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_block_public_access_exclusion.json b/src/mapping/aws/resource/ec2/aws_vpc_block_public_access_exclusion.json new file mode 100644 index 00000000..ab17eacd --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_block_public_access_exclusion.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "ec2:DescribeVpcBlockPublicAccessExclusions", + "ec2:CreateVpcBlockPublicAccessExclusion", + "ec2:DeleteVpcBlockPublicAccessExclusion" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DescribeVpcBlockPublicAccessExclusions", + "ec2:DeleteVpcBlockPublicAccessExclusion" + ], + "modify": [ + "ec2:DescribeVpcBlockPublicAccessExclusions", + "ec2:ModifyVpcBlockPublicAccessExclusion" + ], + "plan": [ + "ec2:DescribeVpcBlockPublicAccessExclusions" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_block_public_access_options.json b/src/mapping/aws/resource/ec2/aws_vpc_block_public_access_options.json new file mode 100644 index 00000000..e9a6bca0 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_block_public_access_options.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "ec2:DescribeVpcBlockPublicAccessOptions", + "ec2:ModifyVpcBlockPublicAccessOptions" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DescribeVpcBlockPublicAccessOptions", + "ec2:ModifyVpcBlockPublicAccessOptions" + ], + "modify": [ + "ec2:DescribeVpcBlockPublicAccessOptions", + "ec2:ModifyVpcBlockPublicAccessOptions" + ], + "plan": [ + "ec2:DescribeVpcBlockPublicAccessOptions" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_dhcp_options_association.json b/src/mapping/aws/resource/ec2/aws_vpc_dhcp_options_association.json index 0515f04a..51a63b4f 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_dhcp_options_association.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_dhcp_options_association.json @@ -2,13 +2,16 @@ { "apply": [ "ec2:DescribeAccountAttributes", - "ec2:AssociateDhcpOptions" + "ec2:AssociateDhcpOptions", + "ec2:DescribeVpcs" ], "attributes": { "tags": [] }, "destroy": [], - "modify": [], + "modify": [ + "ec2:AssociateDhcpOptions" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint.json index edecbfa4..4bbbfcb2 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_endpoint.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint.json @@ -1,23 +1,45 @@ -[ - { - "apply": [ - "ec2:CreateVpcEndpoint", - "ec2:DescribeVpcEndpoints", - "ec2:DescribePrefixLists", - "ec2:DeleteVpcEndpoints" - ], - "attributes": { - "tags": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ] - }, - "destroy": [ - "ec2:DeleteVpcEndpoints" - ], - "modify": [ - "ec2:ModifyVpcEndpoint" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints", + "ec2:DescribePrefixLists", + "ec2:DeleteVpcEndpoints", + "ec2:ModifyVpcEndpoint", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:CreateServiceNetworkVpcEndpointAssociation", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", + "vpce:AllowMultiRegion" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", + "vpce:AllowMultiRegion" + ], + "modify": [ + "ec2:ModifyVpcEndpoint", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:CreateServiceNetworkVpcEndpointAssociation", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", + "vpce:AllowMultiRegion" + ], + "plan": [ + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json new file mode 100644 index 00000000..a4907acf --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AcceptVpcEndpointConnections", + "ec2:RejectVpcEndpointConnections", + "ec2:DescribeVpcEndpointConnections" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_notification.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_notification.json new file mode 100644 index 00000000..c4946916 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_notification.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "ec2:CreateVpcEndpointConnectionNotification", + "ec2:DeleteVpcEndpointConnectionNotifications", + "ec2:ModifyVpcEndpointConnectionNotification", + "ec2:DescribeVpcEndpointConnectionNotifications" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DeleteVpcEndpointConnectionNotifications" + ], + "modify": [ + "ec2:ModifyVpcEndpointConnectionNotification", + "ec2:DescribeVpcEndpointConnectionNotifications" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json new file mode 100644 index 00000000..7387a509 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:ModifyVerifiedAccessEndpointPolicy", + "ec2:GetVerifiedAccessEndpointPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json new file mode 100644 index 00000000..cbc79d7a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:StartVpcEndpointServicePrivateDnsVerification" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json new file mode 100644 index 00000000..3e7d887a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AssociateSecurityGroupVpc", + "ec2:DescribeSecurityGroupVpcAssociations", + "ec2:DisassociateSecurityGroupVpc" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service.json index b0dd7f83..81f4f054 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service.json @@ -1,22 +1,42 @@ -[ - { - "apply": [ - "ec2:DescribeAccountAttributes", - "ec2:CreateVpcEndpointServiceConfiguration", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpointServicePermissions", - "ec2:DeleteVpcEndpointServiceConfigurations" - ], - "attributes": { - "tags": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ] - }, - "destroy": [ - "ec2:DeleteVpcEndpointServiceConfigurations" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:CreateVpcEndpointServiceConfiguration", + "ec2:ModifyVpcEndpointServicePayerResponsibility", + "cloudwatch:ListManagedInsightRules", + "cloudwatch:DeleteInsightRules", + "cloudwatch:PutManagedInsightRules", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcEndpointServicePermissions", + "ec2:DeleteVpcEndpointServiceConfigurations", + "ec2:ModifyVpcEndpointServiceConfiguration", + "vpce:AllowMultiRegion" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteVpcEndpointServiceConfigurations", + "ec2:DescribeVpcEndpointServiceConfigurations", + "cloudwatch:ListManagedInsightRules", + "cloudwatch:DeleteInsightRules", + "vpce:AllowMultiRegion" + ], + "modify": [ + "ec2:ModifyVpcEndpointServiceConfiguration", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:ModifyVpcEndpointServicePayerResponsibility", + "cloudwatch:ListManagedInsightRules", + "cloudwatch:DeleteInsightRules", + "cloudwatch:PutManagedInsightRules", + "vpce:AllowMultiRegion" + ], + "plan": [ + "ec2:DescribeVpcEndpointServiceConfigurations", + "cloudwatch:ListManagedInsightRules" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json new file mode 100644 index 00000000..9cae2756 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:ModifyVpcEndpointServicePermissions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json new file mode 100644 index 00000000..cbc79d7a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:StartVpcEndpointServicePrivateDnsVerification" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam.json index 9a8fa85d..7575d539 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_ipam.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipam.json @@ -6,7 +6,9 @@ "ec2:DescribeIpams", "ec2:DeleteIpam", "ec2:ModifyIpam", - "ec2:DescribeTags" + "ec2:DescribeTags", + "ec2:DescribeIpamResourceDiscoveries", + "ec2:ModifyIpamResourceDiscovery" ], "attributes": { "tags": [ @@ -18,8 +20,13 @@ "ec2:DeleteIpam" ], "modify": [ - "ec2:ModifyIpam" + "ec2:ModifyIpam", + "ec2:DescribeIpamResourceDiscoveries", + "ec2:ModifyIpamResourceDiscovery" ], - "plan": [] + "plan": [ + "ec2:DescribeIpams", + "ec2:DescribeIpamResourceDiscoveries" + ] } ] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json new file mode 100644 index 00000000..d7c85193 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:DisableIpamOrganizationAdminAccount", + "ec2:EnableIpamOrganizationAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json index d92a1452..33ece605 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json @@ -4,7 +4,8 @@ "ec2:CreateIpamPool", "ec2:DescribeIpamPools", "ec2:DeleteIpamPool", - "ec2:ModifyIpamPool" + "ec2:ModifyIpamPool", + "ec2:DescribeIpamScopes" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr.json index ebed2ce1..0ef1f896 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr.json @@ -2,12 +2,15 @@ { "apply": [ "ec2:ProvisionIpamPoolCidr", - "ec2:GetIpamPoolCidrs" + "ec2:GetIpamPoolCidrs", + "ec2:DeprovisionIpamPoolCidr" ], "attributes": { "tags": [] }, - "destroy": [], + "destroy": [ + "ec2:DeprovisionIpamPoolCidr" + ], "modify": [], "plan": [] } diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_scope.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_scope.json index d969fec7..6fcf0177 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_ipam_scope.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipam_scope.json @@ -3,7 +3,8 @@ "apply": [ "ec2:CreateIpamScope", "ec2:DescribeIpamScopes", - "ec2:DeleteIpamScope" + "ec2:DeleteIpamScope", + "ec2:ModifyIpamScope" ], "attributes": { "tags": [ @@ -14,7 +15,9 @@ "destroy": [ "ec2:DeleteIpamScope" ], - "modify": [], + "modify": [ + "ec2:ModifyIpamScope" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json b/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json new file mode 100644 index 00000000..95a9b221 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AssociateVpcCidrBlock", + "ec2:AllocateIpamPoolCidr", + "ec2:DisassociateVpcCidrBlock" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json b/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json new file mode 100644 index 00000000..d797af1e --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:DescribeAwsNetworkPerformanceMetricSubscriptions", + "ec2:DisableAwsNetworkPerformanceMetricSubscription", + "ec2:EnableAwsNetworkPerformanceMetricSubscription" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_route_server.json b/src/mapping/aws/resource/ec2/aws_vpc_route_server.json new file mode 100644 index 00000000..d3405f9c --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_route_server.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "ec2:DescribeRouteServers", + "ec2:DeleteRouteServer", + "ec2:CreateRouteServer", + "ec2:DisassociateRouteServer", + "ec2:ModifyRouteServer" + ], + "attributes": { + "sns_notifications_enabled": [ + "sns:DeleteTopic", + "sns:CreateTopic" + ], + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteRouteServer", + "ec2:DisassociateRouteServer" + ], + "modify": [ + "ec2:ModifyRouteServer" + ], + "plan": [ + "ec2:DescribeRouteServers" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_route_server_endpoint.json b/src/mapping/aws/resource/ec2/aws_vpc_route_server_endpoint.json new file mode 100644 index 00000000..0dd6ac21 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_route_server_endpoint.json @@ -0,0 +1,33 @@ +[ + { + "apply": [ + "ec2:CreateRouteServerEndpoint", + "ec2:DeleteRouteServerEndpoint", + "ec2:DescribeRouteServerEndpoints", + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAccountAttributes", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteSecurityGroup", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupEgress", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:UnassignIpv6Addresses", + "ec2:AssignIpv6Addresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssignPrivateIpAddresses", + "ec2:ModifyPublicIpDnsNameOptions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_route_server_peer.json b/src/mapping/aws/resource/ec2/aws_vpc_route_server_peer.json new file mode 100644 index 00000000..c6c89167 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_route_server_peer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "ec2:DescribeRouteServerPeers", + "ec2:CreateRouteServerPeer", + "ec2:DeleteRouteServerPeer" + ], + "attributes": { + "tags": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ] + }, + "destroy": [ + "ec2:DeleteRouteServerPeer" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_route_server_propagation.json b/src/mapping/aws/resource/ec2/aws_vpc_route_server_propagation.json new file mode 100644 index 00000000..d41f85d4 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_route_server_propagation.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "ec2:DisableRouteServerPropagation", + "ec2:EnableRouteServerPropagation", + "ec2:GetRouteServerPropagations" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DisableRouteServerPropagation" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_route_server_vpc_association.json b/src/mapping/aws/resource/ec2/aws_vpc_route_server_vpc_association.json new file mode 100644 index 00000000..59959c0a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_route_server_vpc_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:AssociateRouteServer", + "ec2:DisassociateRouteServer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json b/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json new file mode 100644 index 00000000..3e7d887a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AssociateSecurityGroupVpc", + "ec2:DescribeSecurityGroupVpcAssociations", + "ec2:DisassociateSecurityGroupVpc" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpn_connection.json b/src/mapping/aws/resource/ec2/aws_vpn_connection.json index 0cd5c7da..ed83fc70 100644 --- a/src/mapping/aws/resource/ec2/aws_vpn_connection.json +++ b/src/mapping/aws/resource/ec2/aws_vpn_connection.json @@ -17,8 +17,12 @@ "ec2:DeleteTags" ] }, - "destroy": [], - "modify": [], + "destroy": [ + "ec2:DeleteVpnConnection" + ], + "modify": [ + "ec2:ModifyVpnConnection" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ec2/aws_vpn_connection_route.json b/src/mapping/aws/resource/ec2/aws_vpn_connection_route.json new file mode 100644 index 00000000..5a43aea1 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpn_connection_route.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "ec2:DescribeVpnConnections", + "ec2:CreateVpnConnectionRoute", + "ec2:DeleteVpnConnectionRoute" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ec2:DeleteVpnConnectionRoute" + ], + "modify": [], + "plan": [ + "ec2:DescribeVpnConnections" + ] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpn_gateway_attachment.json b/src/mapping/aws/resource/ec2/aws_vpn_gateway_attachment.json index 0a1708b5..a4cad89d 100644 --- a/src/mapping/aws/resource/ec2/aws_vpn_gateway_attachment.json +++ b/src/mapping/aws/resource/ec2/aws_vpn_gateway_attachment.json @@ -3,7 +3,8 @@ "apply": [ "ec2:DescribeAccountAttributes", "ec2:AttachVpnGateway", - "ec2:DescribeVpnGateways" + "ec2:DescribeVpnGateways", + "ec2:DetachVpnGateway" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/ecr-public/aws_ecrpublic_repository.json b/src/mapping/aws/resource/ecr-public/aws_ecrpublic_repository.json index d9d1b874..31c89021 100644 --- a/src/mapping/aws/resource/ecr-public/aws_ecrpublic_repository.json +++ b/src/mapping/aws/resource/ecr-public/aws_ecrpublic_repository.json @@ -15,7 +15,12 @@ "destroy": [ "ecr-public:DeleteRepository" ], - "modify": [], - "plan": [] + "modify": [ + "ecr-public:DescribeRepositories" + ], + "plan": [ + "ecr-public:DescribeRepositories", + "ecr-public:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/ecr/aws_ecr_account_setting.json b/src/mapping/aws/resource/ecr/aws_ecr_account_setting.json new file mode 100644 index 00000000..4f827c8d --- /dev/null +++ b/src/mapping/aws/resource/ecr/aws_ecr_account_setting.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ecr:GetAccountSetting", + "ecr:PutAccountSetting" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecr/aws_ecr_pull_through_cache_rule.json b/src/mapping/aws/resource/ecr/aws_ecr_pull_through_cache_rule.json index 7d09ff82..06562306 100644 --- a/src/mapping/aws/resource/ecr/aws_ecr_pull_through_cache_rule.json +++ b/src/mapping/aws/resource/ecr/aws_ecr_pull_through_cache_rule.json @@ -1,16 +1,31 @@ -[ - { - "apply": [ - "ecr:CreatePullThroughCacheRule", - "ecr:DescribePullThroughCacheRules", - "ecr:DeletePullThroughCacheRule", - "iam:CreateServiceLinkedRole" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ecr:CreatePullThroughCacheRule", + "ecr:DescribePullThroughCacheRules", + "ecr:DeletePullThroughCacheRule", + "iam:CreateServiceLinkedRole", + "iam:PassRole" + ], + "attributes": { + "credential_arn": [ + "secretsmanager:GetSecretValue" + ], + "tags": [] + }, + "destroy": [ + "ecr:DescribePullThroughCacheRules", + "ecr:DeletePullThroughCacheRule" + ], + "modify": [ + "ecr:DescribePullThroughCacheRules", + "ecr:CreatePullThroughCacheRule", + "ecr:DeletePullThroughCacheRule", + "iam:CreateServiceLinkedRole", + "iam:PassRole" + ], + "plan": [ + "ecr:DescribePullThroughCacheRules" + ] + } +] diff --git a/src/mapping/aws/resource/ecr/aws_ecr_replication_configuration.json b/src/mapping/aws/resource/ecr/aws_ecr_replication_configuration.json index de14c854..2714535c 100644 --- a/src/mapping/aws/resource/ecr/aws_ecr_replication_configuration.json +++ b/src/mapping/aws/resource/ecr/aws_ecr_replication_configuration.json @@ -2,7 +2,8 @@ { "apply": [ "ecr:PutReplicationConfiguration", - "ecr:DescribeRegistry" + "ecr:DescribeRegistry", + "iam:CreateServiceLinkedRole" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/ecr/aws_ecr_repository.json b/src/mapping/aws/resource/ecr/aws_ecr_repository.json index 0f809b2b..ceaa0fd7 100644 --- a/src/mapping/aws/resource/ecr/aws_ecr_repository.json +++ b/src/mapping/aws/resource/ecr/aws_ecr_repository.json @@ -1,26 +1,29 @@ -[ - { - "apply": [ - "ecr:CreateRepository", - "ecr:DescribeRepositories", - "ecr:ListTagsForResource", - "ecr:DeleteRepository" - ], - "attributes": { - "encryption_configuration": [ - "kms:DescribeKey", - "kms:CreateGrant" - ], - "image_scanning_configuration": [ - "ecr:PutImageScanningConfiguration" - ], - "tags": [ - "ecr:TagResource", - "ecr:UntagResource" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ecr:CreateRepository", + "ecr:DescribeRepositories", + "ecr:ListTagsForResource", + "ecr:DeleteRepository" + ], + "attributes": { + "encryption_configuration": [ + "kms:DescribeKey", + "kms:CreateGrant", + "kms:RetireGrant" + ], + "image_scanning_configuration": [ + "ecr:PutImageScanningConfiguration" + ], + "tags": [ + "ecr:TagResource", + "ecr:UntagResource" + ] + }, + "destroy": [ + "ecr:DeleteRepository" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecr/aws_ecr_repository_creation_template.json b/src/mapping/aws/resource/ecr/aws_ecr_repository_creation_template.json new file mode 100644 index 00000000..fac38f74 --- /dev/null +++ b/src/mapping/aws/resource/ecr/aws_ecr_repository_creation_template.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "ecr:CreateRepositoryCreationTemplate", + "ecr:DeleteRepositoryCreationTemplate", + "ecr:DescribeRepositoryCreationTemplates", + "ecr:UpdateRepositoryCreationTemplate", + "ecr:CreateRepository" + ], + "attributes": { + "custom_role_arn": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole" + ], + "lifecycle_policy": [ + "ecr:PutLifecyclePolicy", + "ecr:SetRepositoryPolicy" + ], + "tags": [] + }, + "destroy": [ + "ecr:DeleteRepositoryCreationTemplate" + ], + "modify": [ + "ecr:UpdateRepositoryCreationTemplate" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_account_setting_default.json b/src/mapping/aws/resource/ecs/aws_ecs_account_setting_default.json new file mode 100644 index 00000000..a6588c71 --- /dev/null +++ b/src/mapping/aws/resource/ecs/aws_ecs_account_setting_default.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ecs:PutAccountSettingDefault" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_capacity_provider.json b/src/mapping/aws/resource/ecs/aws_ecs_capacity_provider.json new file mode 100644 index 00000000..ea76ae26 --- /dev/null +++ b/src/mapping/aws/resource/ecs/aws_ecs_capacity_provider.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "autoscaling:CreateOrUpdateTags", + "ecs:CreateCapacityProvider", + "ecs:DescribeCapacityProviders", + "ecs:DeleteCapacityProvider", + "ecs:UpdateCapacityProvider" + ], + "attributes": { + "tags": [ + "ecs:TagResource", + "ecs:UntagResource" + ] + }, + "destroy": [ + "ecs:DeleteCapacityProvider" + ], + "modify": [ + "ecs:UpdateCapacityProvider" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_cluster.json b/src/mapping/aws/resource/ecs/aws_ecs_cluster.json index 1fc09c6d..05e2a5a6 100644 --- a/src/mapping/aws/resource/ecs/aws_ecs_cluster.json +++ b/src/mapping/aws/resource/ecs/aws_ecs_cluster.json @@ -3,17 +3,35 @@ "apply": [ "ecs:CreateCluster", "ecs:DescribeClusters", - "ecs:DeleteCluster" + "ecs:DeleteCluster", + "iam:CreateServiceLinkedRole", + "ecs:UpdateCluster", + "ecs:PutAccountSettingDefault", + "ecs:PutAccountSetting", + "ecs:ListTagsForResource", + "ecs:PutClusterCapacityProviders" ], "attributes": { + "fargate_ephemeral_storage_kms_key_id": [ + "kms:DescribeKey" + ], + "kms_key_id": [ + "kms:DescribeKey" + ], "tags": [ "ecs:TagResource", "ecs:UntagResource" ] }, - "destroy": [], + "destroy": [ + "ecs:DeleteCluster" + ], "modify": [ - "ecs:UpdateCluster" + "ecs:UpdateCluster", + "ecs:PutAccountSettingDefault", + "ecs:PutAccountSetting", + "ecs:ListTagsForResource", + "ecs:PutClusterCapacityProviders" ], "plan": [] } diff --git a/src/mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json b/src/mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json new file mode 100644 index 00000000..084524bb --- /dev/null +++ b/src/mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "autoscaling:CreateOrUpdateTags", + "ecs:CreateCapacityProvider", + "ecs:UpdateCapacityProvider", + "ecs:DescribeCapacityProviders", + "ecs:DeleteCapacityProvider", + "ecs:ListTagsForResource" + ], + "attributes": { + "tags": [ + "ecs:TagResource", + "ecs:UntagResource" + ] + }, + "destroy": [ + "ecs:DescribeCapacityProviders", + "ecs:DeleteCapacityProvider" + ], + "modify": [ + "ecs:UpdateCapacityProvider", + "ecs:DescribeCapacityProviders", + "ecs:ListTagsForResource" + ], + "plan": [ + "ecs:DescribeCapacityProviders" + ] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_service.json b/src/mapping/aws/resource/ecs/aws_ecs_service.json index 5a605155..b31ec348 100644 --- a/src/mapping/aws/resource/ecs/aws_ecs_service.json +++ b/src/mapping/aws/resource/ecs/aws_ecs_service.json @@ -1,22 +1,28 @@ -[ - { - "apply": [ - "ecs:CreateService", - "ecs:DeleteService", - "ecs:DescribeServices" - ], - "attributes": { - "tags": [ - "ecs:TagResource", - "ecs:UntagResource" - ] - }, - "destroy": [ - "ecs:DeleteService" - ], - "modify": [ - "ecs:UpdateService" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ecs:CreateService", + "ecs:DeleteService", + "ecs:DescribeServices", + "ecs:UpdateService", + "ecs:ListTagsForResource" + ], + "attributes": { + "iam_role": [ + "iam:PassRole" + ], + "tags": [ + "ecs:TagResource", + "ecs:UntagResource" + ] + }, + "destroy": [ + "ecs:DeleteService" + ], + "modify": [ + "ecs:ListTagsForResource", + "ecs:UpdateService" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_tag.json b/src/mapping/aws/resource/ecs/aws_ecs_tag.json new file mode 100644 index 00000000..75286315 --- /dev/null +++ b/src/mapping/aws/resource/ecs/aws_ecs_tag.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ecs:TagResource", + "ecs:UntagResource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_task_definition.json b/src/mapping/aws/resource/ecs/aws_ecs_task_definition.json index 1f6b9f3b..dfae6190 100644 --- a/src/mapping/aws/resource/ecs/aws_ecs_task_definition.json +++ b/src/mapping/aws/resource/ecs/aws_ecs_task_definition.json @@ -1,24 +1,34 @@ -[ - { - "apply": [ - "ecs:RegisterTaskDefinition", - "ecs:DescribeTaskDefinition", - "ecs:DeregisterTaskDefinition" - ], - "attributes": { - "execution_role_arn": [ - "iam:PassRole" - ], - "tags": [ - "ecs:TagResource", - "ecs:UntagResource" - ], - "task_role_arn": [ - "iam:PassRole" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "ecs:DescribeTaskDefinition", + "ecs:RegisterTaskDefinition", + "ecs:DescribeTaskDefinition", + "ecs:DeregisterTaskDefinition", + "ecs:ListTagsForResource" + ], + "attributes": { + "execution_role_arn": [ + "iam:PassRole", + "iam:GetRole" + ], + "tags": [ + "ecs:TagResource", + "ecs:UntagResource" + ], + "task_role_arn": [ + "iam:PassRole", + "iam:GetRole" + ] + }, + "destroy": [ + "ecs:DeregisterTaskDefinition" + ], + "modify": [ + "ecs:ListTagsForResource" + ], + "plan": [ + "ecs:DescribeTaskDefinition" + ] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_task_set.json b/src/mapping/aws/resource/ecs/aws_ecs_task_set.json new file mode 100644 index 00000000..c3fcdc83 --- /dev/null +++ b/src/mapping/aws/resource/ecs/aws_ecs_task_set.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "ecs:CreateTaskSet", + "ecs:DescribeTaskSets", + "ecs:DeleteTaskSet" + ], + "attributes": { + "tags": [ + "ecs:UntagResource", + "ecs:TagResource" + ] + }, + "destroy": [ + "ecs:DeleteTaskSet", + "ecs:DescribeTaskSet" + ], + "modify": [ + "ecs:UpdateTaskSet" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/eks/aws_eks_access_entry.json b/src/mapping/aws/resource/eks/aws_eks_access_entry.json new file mode 100644 index 00000000..4f9a1c03 --- /dev/null +++ b/src/mapping/aws/resource/eks/aws_eks_access_entry.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "eks:CreateAccessEntry", + "eks:DescribeAccessEntry", + "eks:AssociateAccessPolicy", + "eks:ListAssociatedAccessPolicies", + "eks:DeleteAccessEntry", + "eks:UpdateAccessEntry" + ], + "attributes": { + "tags": [ + "eks:TagResource", + "eks:UntagResource" + ] + }, + "destroy": [ + "eks:DeleteAccessEntry" + ], + "modify": [ + "eks:UpdateAccessEntry" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/eks/aws_eks_access_policy_association.json b/src/mapping/aws/resource/eks/aws_eks_access_policy_association.json new file mode 100644 index 00000000..c3b6d272 --- /dev/null +++ b/src/mapping/aws/resource/eks/aws_eks_access_policy_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "eks:DisassociateAccessPolicy", + "eks:AssociateAccessPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/eks/aws_eks_addon.json b/src/mapping/aws/resource/eks/aws_eks_addon.json index df16cd3c..2e5bc134 100644 --- a/src/mapping/aws/resource/eks/aws_eks_addon.json +++ b/src/mapping/aws/resource/eks/aws_eks_addon.json @@ -1,23 +1,33 @@ -[ - { - "apply": [ - "eks:CreateAddon", - "eks:DescribeAddon", - "eks:DescribeAddonVersions", - "eks:DeleteAddon" - ], - "attributes": { - "tags": [ - "eks:TagResource", - "eks:UntagResource" - ] - }, - "destroy": [ - "eks:DeleteAddon" - ], - "modify": [ - "eks:UpdateAddon" - ], - "plan": [] - } -] +[ + { + "apply": [ + "eks:CreateAddon", + "eks:DescribeAddon", + "eks:DescribeAddonVersions", + "eks:DeleteAddon", + "eks:CreatePodIdentityAssociation", + "eks:DeletePodIdentityAssociation", + "eks:UpdateAddon", + "eks:ListTagsForResource" + ], + "attributes": { + "service_account_role_arn": [ + "iam:PassRole", + "iam:GetRole" + ], + "tags": [ + "eks:TagResource", + "eks:UntagResource" + ] + }, + "destroy": [ + "eks:DeleteAddon", + "eks:DeletePodIdentityAssociation" + ], + "modify": [ + "eks:UpdateAddon", + "eks:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/eks/aws_eks_cluster.json b/src/mapping/aws/resource/eks/aws_eks_cluster.json index a389c867..574a5af9 100644 --- a/src/mapping/aws/resource/eks/aws_eks_cluster.json +++ b/src/mapping/aws/resource/eks/aws_eks_cluster.json @@ -1,25 +1,40 @@ -[ - { - "apply": [ - "ec2:DescribeAccountAttributes", - "eks:CreateCluster", - "eks:DeleteCluster", - "eks:ListTagsForResource", - "iam:PassRole", - "eks:DescribeCluster" - ], - "attributes": { - "tags": [ - "eks:TagResource", - "eks:UntagResource" - ] - }, - "destroy": [ - "eks:DeleteCluster" - ], - "modify": [ - "eks:UpdateClusterConfig" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "eks:CreateAccessEntry", + "eks:CreateCluster", + "eks:DeleteCluster", + "eks:DescribeCluster", + "eks:ListTagsForResource", + "eks:UpdateClusterConfig", + "iam:AddRoleToInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:GetInstanceProfile", + "iam:PassRole", + "iam:RemoveRoleFromInstanceProfile", + "iam:TagInstanceProfile", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "attributes": { + "key_arn": [ + "kms:DescribeKey", + "kms:CreateGrant" + ], + "tags": [ + "eks:TagResource", + "eks:UntagResource" + ] + }, + "destroy": [ + "eks:DeleteCluster" + ], + "modify": [ + "eks:UpdateClusterConfig" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/eks/aws_eks_fargate_profile.json b/src/mapping/aws/resource/eks/aws_eks_fargate_profile.json new file mode 100644 index 00000000..6da7768b --- /dev/null +++ b/src/mapping/aws/resource/eks/aws_eks_fargate_profile.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "eks:CreateFargateProfile", + "eks:DescribeFargateProfile", + "eks:DeleteFargateProfile", + "iam:GetRole", + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "eks:ListTagsForResource" + ], + "attributes": { + "tags": [ + "eks:TagResource", + "eks:UntagResource" + ] + }, + "destroy": [ + "eks:DeleteFargateProfile", + "eks:DescribeFargateProfile" + ], + "modify": [ + "eks:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/eks/aws_eks_identity_provider_config.json b/src/mapping/aws/resource/eks/aws_eks_identity_provider_config.json new file mode 100644 index 00000000..9be37f2f --- /dev/null +++ b/src/mapping/aws/resource/eks/aws_eks_identity_provider_config.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "eks:DescribeUpdate", + "eks:AssociateIdentityProviderConfig", + "eks:DescribeIdentityProviderConfig", + "eks:DisassociateIdentityProviderConfig" + ], + "attributes": { + "tags": [ + "eks:TagResource", + "eks:UntagResource" + ] + }, + "destroy": [ + "eks:DisassociateIdentityProviderConfig" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/eks/aws_eks_node_group.json b/src/mapping/aws/resource/eks/aws_eks_node_group.json index 60c93a2f..a5fe5bcf 100644 --- a/src/mapping/aws/resource/eks/aws_eks_node_group.json +++ b/src/mapping/aws/resource/eks/aws_eks_node_group.json @@ -5,10 +5,22 @@ "eks:CreateNodegroup", "eks:DeleteNodegroup", "iam:GetRole", + "iam:PassRole", "iam:ListAttachedRolePolicies", - "ec2:DescribeSubnets", "iam:CreateServiceLinkedRole", - "eks:DescribeNodegroup" + "eks:DescribeNodegroup", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeKeyPairs", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeRouteTables", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:RunInstances", + "eks:ListUpdates", + "eks:UpdateNodegroupVersion" ], "attributes": { "tags": [ @@ -20,7 +32,9 @@ "eks:DeleteNodegroup" ], "modify": [ - "eks:UpdateNodegroupConfig" + "eks:UpdateNodegroupConfig", + "eks:ListUpdates", + "eks:UpdateNodegroupVersion" ], "plan": [] } diff --git a/src/mapping/aws/resource/eks/aws_eks_pod_identity_association.json b/src/mapping/aws/resource/eks/aws_eks_pod_identity_association.json new file mode 100644 index 00000000..b96fb671 --- /dev/null +++ b/src/mapping/aws/resource/eks/aws_eks_pod_identity_association.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "eks:CreatePodIdentityAssociation", + "eks:DescribePodIdentityAssociation", + "eks:UpdatePodIdentityAssociation", + "eks:DeletePodIdentityAssociation", + "iam:PassRole", + "iam:GetRole" + ], + "attributes": { + "tags": [ + "eks:TagResource", + "eks:UntagResource" + ] + }, + "destroy": [ + "eks:DeletePodIdentityAssociation" + ], + "modify": [ + "eks:UpdatePodIdentityAssociation" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_global_replication_group.json b/src/mapping/aws/resource/elasticache/aws_elasticache_global_replication_group.json new file mode 100644 index 00000000..9b875b69 --- /dev/null +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_global_replication_group.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "elasticache:CreateGlobalReplicationGroup", + "elasticache:DescribeGlobalReplicationGroups", + "elasticache:DeleteGlobalReplicationGroup", + "elasticache:DisassociateGlobalReplicationGroup", + "elasticache:ModifyGlobalReplicationGroup", + "elasticache:FailoverGlobalReplicationGroup", + "elasticache:DescribeGlobalReplicationGroups", + "elasticache:IncreaseNodeGroupsInGlobalReplicationGroup", + "elasticache:DecreaseNodeGroupsInGlobalReplicationGroup", + "elasticache:DisassociateGlobalReplicationGroup", + "elasticache:RebalanceSlotsInGlobalReplicationGroup" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "elasticache:DeleteGlobalReplicationGroup", + "elasticache:DisassociateGlobalReplicationGroup" + ], + "modify": [ + "elasticache:ModifyGlobalReplicationGroup", + "elasticache:FailoverGlobalReplicationGroup", + "elasticache:DescribeGlobalReplicationGroups", + "elasticache:IncreaseNodeGroupsInGlobalReplicationGroup", + "elasticache:DecreaseNodeGroupsInGlobalReplicationGroup", + "elasticache:DisassociateGlobalReplicationGroup", + "elasticache:RebalanceSlotsInGlobalReplicationGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_parameter_group.json b/src/mapping/aws/resource/elasticache/aws_elasticache_parameter_group.json index 86c8e708..a1674c19 100644 --- a/src/mapping/aws/resource/elasticache/aws_elasticache_parameter_group.json +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_parameter_group.json @@ -1,25 +1,27 @@ -[ - { - "apply": [ - "elasticache:CreateCacheParameterGroup", - "elasticache:ModifyCacheParameterGroup", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheParameters", - "elasticache:ListTagsForResource", - "elasticache:DeleteCacheParameterGroup" - ], - "attributes": { - "tags": [ - "elasticache:AddTagsToResource", - "elasticache:RemoveTagsFromResource" - ] - }, - "destroy": [ - "elasticache:DeleteCacheParameterGroup" - ], - "modify": [ - "elasticache:ModifyCacheParameterGroup" - ], - "plan": [] - } -] +[ + { + "apply": [ + "elasticache:CreateCacheParameterGroup", + "elasticache:ModifyCacheParameterGroup", + "elasticache:DescribeCacheParameterGroups", + "elasticache:DescribeCacheParameters", + "elasticache:ListTagsForResource", + "elasticache:DeleteCacheParameterGroup", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" + ], + "attributes": { + "tags": [ + "elasticache:AddTagsToResource", + "elasticache:RemoveTagsFromResource" + ] + }, + "destroy": [ + "elasticache:DeleteCacheParameterGroup" + ], + "modify": [ + "elasticache:ModifyCacheParameterGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json b/src/mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json new file mode 100644 index 00000000..5278691e --- /dev/null +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "elasticache:DescribeReservedCacheNodes", + "elasticache:PurchaseReservedCacheNodesOffering", + "elasticache:DescribeReservedCacheNodesOfferings", + "elasticache:RemoveTagsFromResource" + ], + "attributes": { + "tags": [ + "elasticache:AddTagsToResource", + "elasticache:ListTagsForResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json b/src/mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json new file mode 100644 index 00000000..7a4d5351 --- /dev/null +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json @@ -0,0 +1,37 @@ +[ + { + "apply": [ + "elasticache:ModifyServerlessCache", + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource", + "elasticache:CreateServerlessCache", + "elasticache:DeleteServerlessCache", + "ec2:CreateTags", + "ec2:CreateVpcEndpoint" + ], + "attributes": { + "kms_key_id": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "tags": [ + "elasticache:AddTagsToResource", + "elasticache:RemoveTagsFromResource" + ] + }, + "destroy": [ + "elasticache:DeleteServerlessCache", + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource" + ], + "modify": [ + "elasticache:ModifyServerlessCache", + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource" + ], + "plan": [ + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json b/src/mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application.json b/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application.json index a089ecb8..84e2008e 100644 --- a/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application.json +++ b/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application.json @@ -4,7 +4,8 @@ "elasticbeanstalk:CreateApplication", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DeleteApplication", - "elasticbeanstalk:UpdateApplication" + "elasticbeanstalk:UpdateApplication", + "elasticbeanstalk:UpdateApplicationResourceLifecycle" ], "attributes": { "tags": [] @@ -13,7 +14,8 @@ "elasticbeanstalk:DeleteApplication" ], "modify": [ - "elasticbeanstalk:UpdateApplication" + "elasticbeanstalk:UpdateApplication", + "elasticbeanstalk:UpdateApplicationResourceLifecycle" ], "plan": [] } diff --git a/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application_version.json b/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application_version.json index 91177c55..c1c3afe2 100644 --- a/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application_version.json +++ b/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_application_version.json @@ -4,7 +4,9 @@ "elasticbeanstalk:DescribeApplicationVersions", "elasticbeanstalk:CreateApplicationVersion", "elasticbeanstalk:DeleteApplicationVersion", - "elasticbeanstalk:UpdateApplicationVersion" + "elasticbeanstalk:UpdateApplicationVersion", + "s3:GetObject", + "s3:PutObject" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_environment.json b/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_environment.json index 7b47ac8e..dd985034 100644 --- a/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_environment.json +++ b/src/mapping/aws/resource/elasticbeanstalk/aws_elastic_beanstalk_environment.json @@ -4,16 +4,24 @@ "elasticbeanstalk:DescribeEnvironments", "elasticbeanstalk:CreateEnvironment", "elasticbeanstalk:UpdateEnvironment", - "elasticbeanstalk:TerminateEnvironment" + "elasticbeanstalk:TerminateEnvironment", + "elasticbeanstalk:ListTagsForResource", + "iam:PassRole" ], "attributes": { - "tags": [] + "tags": [ + "elasticbeanstalk:AddTags", + "elasticbeanstalk:UpdateTagsForResource", + "elasticbeanstalk:RemoveTags" + ] }, "destroy": [ "elasticbeanstalk:TerminateEnvironment" ], "modify": [ - "elasticbeanstalk:UpdateEnvironment" + "elasticbeanstalk:UpdateEnvironment", + "elasticbeanstalk:AssociateEnvironmentOperationsRole", + "elasticbeanstalk:DisassociateEnvironmentOperationsRole" ], "plan": [] } diff --git a/src/mapping/aws/resource/elasticfilesystem/aws_efs_access_point.json b/src/mapping/aws/resource/elasticfilesystem/aws_efs_access_point.json index 7cde42d8..c991d1fb 100644 --- a/src/mapping/aws/resource/elasticfilesystem/aws_efs_access_point.json +++ b/src/mapping/aws/resource/elasticfilesystem/aws_efs_access_point.json @@ -1,20 +1,22 @@ -[ - { - "apply": [ - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:CreateAccessPoint", - "elasticfilesystem:DeleteAccessPoint" - ], - "attributes": { - "tags": [ - "elasticfilesystem:UntagResource", - "elasticfilesystem:TagResource" - ] - }, - "destroy": [ - "elasticfilesystem:DeleteAccessPoint" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:CreateAccessPoint", + "elasticfilesystem:DeleteAccessPoint", + "elasticfilesystem:ListTagsForResource" + ], + "attributes": { + "tags": [ + "elasticfilesystem:UntagResource", + "elasticfilesystem:TagResource" + ] + }, + "destroy": [ + "elasticfilesystem:DeleteAccessPoint", + "elasticfilesystem:ListTagsForResource" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticfilesystem/aws_efs_file_system.json b/src/mapping/aws/resource/elasticfilesystem/aws_efs_file_system.json index ca02da71..f87934c8 100644 --- a/src/mapping/aws/resource/elasticfilesystem/aws_efs_file_system.json +++ b/src/mapping/aws/resource/elasticfilesystem/aws_efs_file_system.json @@ -1,33 +1,38 @@ -[ - { - "apply": [ - "elasticfilesystem:CreateFileSystem", - "elasticfilesystem:DescribeFileSystems", - "ec2:DescribeAccountAttributes", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DeleteFileSystem" - ], - "attributes": { - "kms_key_id": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:CreateGrant", - "kms:DescribeKey" - ], - "tags": [ - "elasticfilesystem:UntagResource", - "elasticfilesystem:TagResource" - ] - }, - "destroy": [ - "elasticfilesystem:DeleteFileSystem" - ], - "lifecycle_policy": [ - "elasticfilesystem:PutLifecycleConfiguration" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "elasticfilesystem:CreateFileSystem", + "elasticfilesystem:DescribeFileSystems", + "ec2:DescribeAccountAttributes", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:ListTagsForResource", + "iam:PassRole", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "kms_key_id": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:CreateGrant", + "kms:DescribeKey" + ], + "lifecycle_policy": [ + "elasticfilesystem:PutLifecycleConfiguration", + "elasticfilesystem:DescribeLifecycleConfiguration" + ], + "tags": [ + "elasticfilesystem:UntagResource", + "elasticfilesystem:TagResource", + "elasticfilesystem:DeleteTags" + ] + }, + "destroy": [ + "elasticfilesystem:DeleteFileSystem" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticfilesystem/aws_efs_mount_target.json b/src/mapping/aws/resource/elasticfilesystem/aws_efs_mount_target.json index e6fc1e07..06385684 100644 --- a/src/mapping/aws/resource/elasticfilesystem/aws_efs_mount_target.json +++ b/src/mapping/aws/resource/elasticfilesystem/aws_efs_mount_target.json @@ -1,13 +1,22 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [ - "elasticfilesystem:DescribeMountTargets" - ] - } -] +[ + { + "apply": [ + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:ModifyMountTargetSecurityGroups", + "elasticfilesystem:DescribeMountTargetSecurityGroups" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "elasticfilesystem:DeleteMountTarget" + ], + "modify": [ + "elasticfilesystem:ModifyMountTargetSecurityGroups" + ], + "plan": [ + "elasticfilesystem:DescribeMountTargets" + ] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener.json index 3cee59fb..9ed8afdc 100644 --- a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener.json +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener.json @@ -1,24 +1,31 @@ -[ - { - "apply": [ - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:ModifyListener" - ], - "attributes": { - "certificate_arn": [ - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:DescribeListenerCertificates" - ], - "tags": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:RemoveTags" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:ModifyListener" + ], + "attributes": { + "authenticate_cognito": [ + "cognito-idp:DescribeUserPoolClient" + ], + "certificate_arn": [ + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:DescribeListenerCertificates" + ], + "tags": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ] + }, + "destroy": [ + "elasticloadbalancing:DeleteListener" + ], + "modify": [ + "elasticloadbalancing:ModifyListener" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json new file mode 100644 index 00000000..042701e6 --- /dev/null +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json index 8d3753cb..3e6bbaac 100644 --- a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json @@ -1,24 +1,29 @@ -[ - { - "apply": [ - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:SetRulePriorities" - ], - "attributes": { - "tags": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:RemoveTags", - "elasticloadbalancing:DescribeTags" - ] - }, - "destroy": [ - "elasticloadbalancing:DeleteRule" - ], - "modify": [ - "elasticloadbalancing:ModifyRule" - ], - "plan": [ - "elasticloadbalancing:DescribeRules" - ] - } -] +[ + { + "apply": [ + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:DescribeRules" + ], + "attributes": { + "authenticate_cognito": [ + "cognito-idp:DescribeUserPoolClient" + ], + "tags": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:DescribeTags" + ] + }, + "destroy": [ + "elasticloadbalancing:DeleteRule" + ], + "modify": [ + "elasticloadbalancing:ModifyRule", + "elasticloadbalancing:SetRulePriorities" + ], + "plan": [ + "elasticloadbalancing:DescribeRules" + ] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json new file mode 100644 index 00000000..fd31edd8 --- /dev/null +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "elasticloadbalancing:DescribeSSLPolicies" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_target_group.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_target_group.json index 9e267b72..08152cf2 100644 --- a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_target_group.json +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_target_group.json @@ -1,25 +1,30 @@ -[ - { - "apply": [ - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes" - ], - "attributes": { - "tags": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:RemoveTags" - ] - }, - "destroy": [ - "elasticloadbalancing:DeleteTargetGroup" - ], - "modify": [], - "plan": [ - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTags" - ] - } -] +[ + { + "apply": [ + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DescribeTags" + ], + "attributes": { + "tags": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ] + }, + "destroy": [ + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterTargets" + ], + "modify": [], + "plan": [ + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTags" + ] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store.json new file mode 100644 index 00000000..79d9837b --- /dev/null +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "elasticloadbalancing:CreateTrustStore", + "elasticloadbalancing:DeleteTrustStore", + "elasticloadbalancing:ModifyTrustStore" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store_revocation.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store_revocation.json new file mode 100644 index 00000000..f764fc9d --- /dev/null +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_trust_store_revocation.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "elasticloadbalancing:DeleteTrustStore" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emr_block_public_access_configuration.json b/src/mapping/aws/resource/elasticmapreduce/aws_emr_block_public_access_configuration.json new file mode 100644 index 00000000..92649638 --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emr_block_public_access_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "elasticmapreduce:PutBlockPublicAccessConfiguration", + "elasticmapreduce:GetBlockPublicAccessConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emr_instance_fleet.json b/src/mapping/aws/resource/elasticmapreduce/aws_emr_instance_fleet.json new file mode 100644 index 00000000..f877a786 --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emr_instance_fleet.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "elasticmapreduce:AddInstanceFleet", + "elasticmapreduce:ModifyInstanceFleet" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emr_instance_group.json b/src/mapping/aws/resource/elasticmapreduce/aws_emr_instance_group.json new file mode 100644 index 00000000..a73fee3d --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emr_instance_group.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "elasticmapreduce:AddInstanceGroups", + "elasticmapreduce:ModifyInstanceGroups" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emr_studio.json b/src/mapping/aws/resource/elasticmapreduce/aws_emr_studio.json new file mode 100644 index 00000000..d192d44d --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emr_studio.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "elasticmapreduce:CreateStudio", + "elasticmapreduce:DeleteStudio", + "elasticmapreduce:DescribeStudio", + "sso:CreateManagedApplicationInstance", + "sso:DeleteManagedApplicationInstance", + "sso:GetManagedApplicationInstance", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "elasticmapreduce:AddTags", + "elasticmapreduce:RemoveTags" + ] + }, + "destroy": [ + "elasticmapreduce:DeleteStudio", + "elasticmapreduce:DescribeStudio", + "sso:DeleteManagedApplicationInstance" + ], + "modify": [ + "elasticmapreduce:UpdateStudio" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emr_studio_session_mapping.json b/src/mapping/aws/resource/elasticmapreduce/aws_emr_studio_session_mapping.json new file mode 100644 index 00000000..41b5f79d --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emr_studio_session_mapping.json @@ -0,0 +1,49 @@ +[ + { + "apply": [ + "elasticmapreduce:CreateStudioSessionMapping", + "elasticmapreduce:DeleteStudioSessionMapping", + "elasticmapreduce:GetStudioSessionMapping", + "elasticmapreduce:UpdateStudioSessionMapping", + "sso-directory:CreateGroup", + "sso-directory:CreateUser", + "sso-directory:DescribeGroup", + "sso-directory:DescribeUser", + "sso-directory:SearchGroups", + "sso-directory:SearchUsers", + "sso:AssociateProfile", + "sso:CreateApplication", + "sso:CreateApplicationAssignment", + "sso:DeleteApplication", + "sso:DeleteApplicationAccessScope", + "sso:DeleteApplicationAssignment", + "sso:DeleteApplicationAuthenticationMethod", + "sso:DeleteApplicationGrant", + "sso:DescribeApplication", + "sso:DescribeInstance", + "sso:DisassociateProfile", + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListApplicationAssignments", + "sso:ListDirectoryAssociations", + "sso:ListInstances", + "sso:ListProfiles", + "sso:PutApplicationAccessScope", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "elasticmapreduce:DeleteStudioSessionMapping", + "sso:DescribeInstance", + "sso:DisassociateProfile" + ], + "modify": [ + "elasticmapreduce:UpdateStudioSessionMapping" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emrcontainers_job_template.json b/src/mapping/aws/resource/elasticmapreduce/aws_emrcontainers_job_template.json new file mode 100644 index 00000000..1bd1ac72 --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emrcontainers_job_template.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "emr-containers:DescribeJobTemplate", + "emr-containers:CreateJobTemplate", + "emr-containers:DeleteJobTemplate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emrcontainers_virtual_cluster.json b/src/mapping/aws/resource/elasticmapreduce/aws_emrcontainers_virtual_cluster.json new file mode 100644 index 00000000..ca8aad9d --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emrcontainers_virtual_cluster.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "emr-containers:CreateVirtualCluster", + "emr-containers:TagResource", + "iam:CreateServiceLinkedRole", + "emr-containers:DeleteVirtualCluster", + "emr-containers:DescribeVirtualCluster", + "emr-containers:ListTagsForResource" + ], + "attributes": { + "tags": [ + "emr-containers:TagResource", + "emr-containers:UntagResource" + ] + }, + "destroy": [ + "emr-containers:DeleteVirtualCluster" + ], + "modify": [ + "emr-containers:DescribeVirtualCluster", + "emr-containers:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticmapreduce/aws_emrserverless_application.json b/src/mapping/aws/resource/elasticmapreduce/aws_emrserverless_application.json new file mode 100644 index 00000000..2386e6da --- /dev/null +++ b/src/mapping/aws/resource/elasticmapreduce/aws_emrserverless_application.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "emr-serverless:CreateApplication", + "emr-serverless:UpdateApplication", + "emr-serverless:DeleteApplication", + "emr-serverless:GetApplication", + "iam:CreateServiceLinkedRole", + "ec2:CreateNetworkInterface", + "ecr:BatchGetImage", + "ecr:DescribeImages", + "ecr:GetDownloadUrlForLayer" + ], + "attributes": { + "tags": [ + "emr-serverless:TagResource", + "emr-serverless:UntagResource" + ] + }, + "destroy": [ + "emr-serverless:DeleteApplication", + "emr-serverless:GetApplication" + ], + "modify": [ + "emr-serverless:UpdateApplication", + "emr-serverless:GetApplication", + "ec2:CreateNetworkInterface", + "ecr:BatchGetImage", + "ecr:DescribeImages", + "ecr:GetDownloadUrlForLayer" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elastictranscoder/aws_elastictranscoder_pipeline.json b/src/mapping/aws/resource/elastictranscoder/aws_elastictranscoder_pipeline.json new file mode 100644 index 00000000..90377527 --- /dev/null +++ b/src/mapping/aws/resource/elastictranscoder/aws_elastictranscoder_pipeline.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "elastictranscoder:ReadPipeline", + "elastictranscoder:CreatePipeline", + "elastictranscoder:DeletePipeline" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elastictranscoder/aws_elastictranscoder_preset.json b/src/mapping/aws/resource/elastictranscoder/aws_elastictranscoder_preset.json new file mode 100644 index 00000000..a8b9e3d3 --- /dev/null +++ b/src/mapping/aws/resource/elastictranscoder/aws_elastictranscoder_preset.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "elastictranscoder:ReadPreset", + "elastictranscoder:CreatePreset", + "elastictranscoder:DeletePreset" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json b/src/mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_elasticsearch_vpc_endpoint.json b/src/mapping/aws/resource/es/aws_elasticsearch_vpc_endpoint.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/es/aws_elasticsearch_vpc_endpoint.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json b/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json new file mode 100644 index 00000000..10ea9948 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "es:AuthorizeVpcEndpointAccess", + "es:RevokeVpcEndpointAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json b/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json b/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json new file mode 100644 index 00000000..08a11448 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "es:AcceptInboundConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_outbound_connection.json b/src/mapping/aws/resource/es/aws_opensearch_outbound_connection.json new file mode 100644 index 00000000..2d377d48 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_outbound_connection.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "es:DescribeOutboundConnections", + "es:CreateOutboundConnection", + "es:DeleteOutboundConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_package.json b/src/mapping/aws/resource/es/aws_opensearch_package.json new file mode 100644 index 00000000..ed1b2138 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_package.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "es:CreatePackage", + "es:DeletePackage", + "es:UpdatePackage" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_package_association.json b/src/mapping/aws/resource/es/aws_opensearch_package_association.json new file mode 100644 index 00000000..75105b56 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_package_association.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "es:AssociatePackage" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json b/src/mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json new file mode 100644 index 00000000..138fefc4 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "es:DescribeVpcEndpoints", + "es:CreateVpcEndpoint", + "es:DeleteVpcEndpoint", + "es:UpdateVpcEndpoint" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/events/aws_cloudwatch_event_archive.json b/src/mapping/aws/resource/events/aws_cloudwatch_event_archive.json new file mode 100644 index 00000000..947e4b2e --- /dev/null +++ b/src/mapping/aws/resource/events/aws_cloudwatch_event_archive.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "events:DescribeArchive", + "events:CreateArchive", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "events:DescribeArchive", + "events:DeleteArchive" + ], + "modify": [ + "events:DescribeArchive", + "events:UpdateArchive", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" + ], + "plan": [ + "events:DescribeArchive", + "kms:Decrypt" + ] + } +] diff --git a/src/mapping/aws/resource/events/aws_cloudwatch_event_connection.json b/src/mapping/aws/resource/events/aws_cloudwatch_event_connection.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/events/aws_cloudwatch_event_connection.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/events/aws_cloudwatch_event_endpoint.json b/src/mapping/aws/resource/events/aws_cloudwatch_event_endpoint.json index 65ae2018..47061765 100644 --- a/src/mapping/aws/resource/events/aws_cloudwatch_event_endpoint.json +++ b/src/mapping/aws/resource/events/aws_cloudwatch_event_endpoint.json @@ -1,21 +1,25 @@ -[ - { - "apply": [ - "events:CreateEndpoint", - "events:DescribeEndpoint", - "events:CreateEndpoint", - "events:DeleteEndpoint", - "events:UpdateEndpoint" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "events:DeleteEndpoint" - ], - "modify": [ - "events:UpdateEndpoint" - ], - "plan": [] - } -] +[ + { + "apply": [ + "events:CreateEndpoint", + "events:DescribeEndpoint", + "events:CreateEndpoint", + "events:DeleteEndpoint", + "events:UpdateEndpoint", + "iam:PassRole" + ], + "attributes": { + "health_check": [ + "route53:GetHealthCheck" + ], + "tags": [] + }, + "destroy": [ + "events:DeleteEndpoint" + ], + "modify": [ + "events:UpdateEndpoint" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/events/aws_cloudwatch_event_rule.json b/src/mapping/aws/resource/events/aws_cloudwatch_event_rule.json index 11600eea..3290475e 100644 --- a/src/mapping/aws/resource/events/aws_cloudwatch_event_rule.json +++ b/src/mapping/aws/resource/events/aws_cloudwatch_event_rule.json @@ -1,25 +1,31 @@ -[ - { - "apply": [ - "events:PutRule", - "events:DescribeRule", - "events:ListTagsForResource", - "events:DeleteRule" - ], - "attributes": { - "role_arn": [ - "iam:PassRole" - ], - "tags": [ - "events:ListTagsForResource", - "events:TagResource", - "events:UnTagResource" - ] - }, - "destroy": [ - "events:DeleteRule" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "events:PutRule", + "events:DescribeRule", + "events:ListTagsForResource", + "events:DeleteRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets" + ], + "attributes": { + "role_arn": [ + "iam:PassRole" + ], + "tags": [ + "events:ListTagsForResource", + "events:TagResource", + "events:UnTagResource" + ] + }, + "destroy": [ + "events:DeleteRule", + "events:RemoveTargets" + ], + "modify": [ + "events:PutTargets" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/evidently/aws_evidently_feature.json b/src/mapping/aws/resource/evidently/aws_evidently_feature.json new file mode 100644 index 00000000..49973fe8 --- /dev/null +++ b/src/mapping/aws/resource/evidently/aws_evidently_feature.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "evidently:CreateFeature", + "evidently:GetFeature", + "evidently:DeleteFeature", + "evidently:UpdateFeature", + "evidently:ListTagsForResource" + ], + "attributes": { + "tags": [ + "evidently:TagResource", + "evidently:UntagResource" + ] + }, + "destroy": [ + "evidently:DeleteFeature" + ], + "modify": [ + "evidently:UpdateFeature", + "evidently:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/evidently/aws_evidently_launch.json b/src/mapping/aws/resource/evidently/aws_evidently_launch.json new file mode 100644 index 00000000..0cc208ee --- /dev/null +++ b/src/mapping/aws/resource/evidently/aws_evidently_launch.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "evidently:CreateLaunch", + "evidently:GetLaunch", + "evidently:StartLaunch", + "evidently:DeleteLaunch", + "evidently:UpdateLaunch", + "evidently:ListTagsForResource", + "evidently:StopLaunch" + ], + "attributes": { + "tags": [ + "evidently:TagResource", + "evidently:UnTagResource" + ] + }, + "destroy": [ + "evidently:DeleteLaunch" + ], + "modify": [ + "evidently:UpdateLaunch", + "evidently:ListTagsForResource", + "evidently:StopLaunch" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/evidently/aws_evidently_project.json b/src/mapping/aws/resource/evidently/aws_evidently_project.json new file mode 100644 index 00000000..32379879 --- /dev/null +++ b/src/mapping/aws/resource/evidently/aws_evidently_project.json @@ -0,0 +1,60 @@ +[ + { + "apply": [ + "appconfig:CreateConfigurationProfile", + "appconfig:CreateExtensionAssociation", + "appconfig:CreateHostedConfigurationVersion", + "appconfig:DeleteConfigurationProfile", + "appconfig:DeleteExtensionAssociation", + "appconfig:DeleteHostedConfigurationVersion", + "appconfig:GetEnvironment", + "appconfig:GetEnvironment", + "appconfig:TagResource", + "evidently:CreateProject", + "evidently:DeleteProject", + "evidently:ExportProjectAsConfiguration", + "evidently:GetProject", + "evidently:ListTagsForResource", + "evidently:UntagResource", + "evidently:UpdateProject", + "evidently:UpdateProjectDataDelivery", + "iam:CreateServiceLinkedRole", + "iam:GetRole" + ], + "attributes": { + "cloudwatch_logs": [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:DeleteLogDelivery", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "logs:UpdateLogDelivery" + ], + "s3_destination": [ + "s3:PutBucketPolicy", + "s3:GetBucketPolicy" + ], + "tags": [ + "evidently:TagResource" + ] + }, + "destroy": [ + "evidently:DeleteProject", + "evidently:UntagResource", + "appconfig:DeleteHostedConfigurationVersion", + "appconfig:DeleteExtensionAssociation", + "appconfig:DeleteConfigurationProfile" + ], + "modify": [ + "evidently:UpdateProject", + "evidently:UpdateProjectDataDelivery", + "evidently:ListTagsForResource", + "evidently:ExportProjectAsConfiguration", + "appconfig:GetEnvironment", + "appconfig:CreateConfigurationProfile", + "appconfig:CreateHostedConfigurationVersion" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/evidently/aws_evidently_segment.json b/src/mapping/aws/resource/evidently/aws_evidently_segment.json new file mode 100644 index 00000000..ea653f80 --- /dev/null +++ b/src/mapping/aws/resource/evidently/aws_evidently_segment.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "evidently:CreateSegment", + "evidently:GetSegment", + "evidently:ListTagsForResource", + "evidently:DeleteSegment" + ], + "attributes": { + "tags": [ + "evidently:UntagResource", + "evidently:TagResource" + ] + }, + "destroy": [ + "evidently:DeleteSegment", + "evidently:GetSegment" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/finspace/aws_finspace_kx_cluster.json b/src/mapping/aws/resource/finspace/aws_finspace_kx_cluster.json new file mode 100644 index 00000000..e849b4e4 --- /dev/null +++ b/src/mapping/aws/resource/finspace/aws_finspace_kx_cluster.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "finspace:GetKxCluster", + "finspace:CreateKxCluster", + "finspace:DeleteKxCluster", + "finspace:ListTagsForResource" + ], + "attributes": { + "tags": [ + "finspace:TagResource", + "finspace:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/finspace/aws_finspace_kx_database.json b/src/mapping/aws/resource/finspace/aws_finspace_kx_database.json new file mode 100644 index 00000000..e0f8a408 --- /dev/null +++ b/src/mapping/aws/resource/finspace/aws_finspace_kx_database.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "finspace:ListTagsForResource", + "finspace:GetKxDatabase", + "finspace:CreateKxDatabase", + "finspace:DeleteKxDatabase", + "finspace:UpdateKxDatabase" + ], + "attributes": { + "tags": [ + "finspace:TagResource", + "finspace:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/finspace/aws_finspace_kx_dataview.json b/src/mapping/aws/resource/finspace/aws_finspace_kx_dataview.json new file mode 100644 index 00000000..45fb4a94 --- /dev/null +++ b/src/mapping/aws/resource/finspace/aws_finspace_kx_dataview.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "finspace:GetKxDataview", + "finspace:CreateKxDataview", + "finspace:UpdateKxDataview", + "finspace:DeleteKxDataview" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/finspace/aws_finspace_kx_environment.json b/src/mapping/aws/resource/finspace/aws_finspace_kx_environment.json new file mode 100644 index 00000000..00cb8e1f --- /dev/null +++ b/src/mapping/aws/resource/finspace/aws_finspace_kx_environment.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "finspace:CreateEnvironment", + "finspace:GetEnvironment", + "finspace:ListEnvironments", + "sts:AssumeRole", + "finspace:DeleteEnvironment", + "finspace:UpdateEnvironment" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "finspace:DeleteEnvironment" + ], + "modify": [ + "finspace:UpdateEnvironment" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/finspace/aws_finspace_kx_scaling_group.json b/src/mapping/aws/resource/finspace/aws_finspace_kx_scaling_group.json new file mode 100644 index 00000000..ff450088 --- /dev/null +++ b/src/mapping/aws/resource/finspace/aws_finspace_kx_scaling_group.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "finspace:ListTagsForResource", + "finspace:GetKxScalingGroup", + "finspace:CreateKxScalingGroup", + "finspace:DeleteKxScalingGroup" + ], + "attributes": { + "tags": [ + "finspace:TagResource", + "finspace:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/finspace/aws_finspace_kx_user.json b/src/mapping/aws/resource/finspace/aws_finspace_kx_user.json new file mode 100644 index 00000000..ae3610e5 --- /dev/null +++ b/src/mapping/aws/resource/finspace/aws_finspace_kx_user.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "finspace:ListTagsForResource", + "finspace:GetKxUser", + "finspace:CreateKxUser", + "finspace:DeleteKxUser", + "finspace:UpdateKxUser" + ], + "attributes": { + "tags": [ + "finspace:TagResource", + "finspace:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/finspace/aws_finspace_kx_volume.json b/src/mapping/aws/resource/finspace/aws_finspace_kx_volume.json new file mode 100644 index 00000000..3253b7c7 --- /dev/null +++ b/src/mapping/aws/resource/finspace/aws_finspace_kx_volume.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "finspace:ListTagsForResource", + "finspace:GetKxVolume", + "finspace:CreateKxVolume", + "finspace:DeleteKxVolume", + "finspace:UpdateKxVolume" + ], + "attributes": { + "tags": [ + "finspace:TagResource", + "finspace:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/firehose/aws_kinesis_firehose_delivery_stream.json b/src/mapping/aws/resource/firehose/aws_kinesis_firehose_delivery_stream.json index 5bd83027..de8e9305 100644 --- a/src/mapping/aws/resource/firehose/aws_kinesis_firehose_delivery_stream.json +++ b/src/mapping/aws/resource/firehose/aws_kinesis_firehose_delivery_stream.json @@ -9,6 +9,13 @@ "firehose:UpdateDestination" ], "attributes": { + "kms_key_arn": [ + "kms:CreateGrant", + "kms:DescribeKey", + "kms:RevokeGrant", + "firehose:StartDeliveryStreamEncryption", + "firehose:StopDeliveryStreamEncryption" + ], "tags": [ "firehose:TagDeliveryStream", "firehose:UntagDeliveryStream" diff --git a/src/mapping/aws/resource/firehose/aws_kinesis_stream.json b/src/mapping/aws/resource/firehose/aws_kinesis_stream.json index 6840a678..dc44f7f5 100644 --- a/src/mapping/aws/resource/firehose/aws_kinesis_stream.json +++ b/src/mapping/aws/resource/firehose/aws_kinesis_stream.json @@ -1,21 +1,33 @@ -[ - { - "apply": [ - "kinesis:CreateStream", - "kinesis:DescribeStreamSummary", - "kinesis:IncreaseStreamRetentionPeriod", - "kinesis:ListTagsForStream", - "kinesis:DeleteStream", - "kinesis:EnableEnhancedMonitoring" - ], - "attributes": { - "tags": [ - "kinesis:AddTagsToStream", - "kinesis:RemoveTagsFromStream" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "kinesis:CreateStream", + "kinesis:DescribeStreamSummary", + "kinesis:IncreaseStreamRetentionPeriod", + "kinesis:ListTagsForStream", + "kinesis:DeleteStream", + "kinesis:EnableEnhancedMonitoring", + "kinesis:DeleteStream", + "kinesis:DisableEnhancedMonitoring" + ], + "attributes": { + "kms_key_id": [ + "kinesis:StartStreamEncryption", + "kinesis:StopStreamEncryption" + ], + "tags": [ + "kinesis:AddTagsToStream", + "kinesis:RemoveTagsFromStream" + ] + }, + "destroy": [ + "kinesis:DeleteStream" + ], + "modify": [ + "kinesis:UpdateShardCount", + "kinesis:UpdateStreamMode", + "kinesis:DecreaseStreamRetentionPeriod" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/firehose/aws_kinesis_video_stream.json b/src/mapping/aws/resource/firehose/aws_kinesis_video_stream.json index da067ba7..6b8ac64e 100644 --- a/src/mapping/aws/resource/firehose/aws_kinesis_video_stream.json +++ b/src/mapping/aws/resource/firehose/aws_kinesis_video_stream.json @@ -1,23 +1,26 @@ -[ - { - "apply": [ - "kinesisvideo:CreateStream", - "kinesisvideo:DescribeStream", - "kinesisvideo:ListTagsForStream", - "kinesisvideo:DeleteStream", - "kinesisvideo:UpdateStream", - "kinesisvideo:TagStream", - "kinesisvideo:UntagStream" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "kinesisvideo:DeleteStream" - ], - "modify": [ - "kinesisvideo:UpdateStream" - ], - "plan": [] - } -] +[ + { + "apply": [ + "kinesisvideo:CreateStream", + "kinesisvideo:DescribeStream", + "kinesisvideo:ListTagsForStream", + "kinesisvideo:DeleteStream", + "kinesisvideo:UpdateStream", + "kinesisvideo:UpdateDataRetention" + ], + "attributes": { + "tags": [ + "kinesisvideo:TagStream", + "kinesisvideo:UntagStream" + ] + }, + "destroy": [ + "kinesisvideo:DeleteStream" + ], + "modify": [ + "kinesisvideo:UpdateStream", + "kinesisvideo:UpdateDataRetention" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fis/aws_fis_experiment_template.json b/src/mapping/aws/resource/fis/aws_fis_experiment_template.json new file mode 100644 index 00000000..dcdadf5f --- /dev/null +++ b/src/mapping/aws/resource/fis/aws_fis_experiment_template.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "fis:CreateExperimentTemplate", + "fis:DeleteExperimentTemplate", + "fis:GetExperimentTemplate", + "fis:ListTagsForResource", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "fis:TagResource", + "fis:UntagResource" + ] + }, + "destroy": [ + "fis:DeleteExperimentTemplate" + ], + "modify": [ + "fis:UpdateExperimentTemplate" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fms/aws_fms_admin_account.json b/src/mapping/aws/resource/fms/aws_fms_admin_account.json new file mode 100644 index 00000000..d9965e23 --- /dev/null +++ b/src/mapping/aws/resource/fms/aws_fms_admin_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "fms:AssociateAdminAccount", + "fms:DisassociateAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fms/aws_fms_policy.json b/src/mapping/aws/resource/fms/aws_fms_policy.json new file mode 100644 index 00000000..0631e72d --- /dev/null +++ b/src/mapping/aws/resource/fms/aws_fms_policy.json @@ -0,0 +1,35 @@ +[ + { + "apply": [ + "fms:PutPolicy", + "waf-regional:ListRuleGroups", + "wafv2:CheckCapacity", + "wafv2:ListRuleGroups", + "wafv2:ListAvailableManagedRuleGroups", + "wafv2:ListAvailableManagedRuleGroupVersions", + "network-firewall:DescribeRuleGroup", + "network-firewall:DescribeRuleGroupMetadata", + "route53resolver:ListFirewallRuleGroups", + "ec2:DescribeAvailabilityZones", + "s3:PutBucketPolicy", + "s3:GetBucketPolicy", + "fms:DeletePolicy", + "fms:GetPolicy", + "fms:ListTagsForResource" + ], + "attributes": { + "tags": [ + "fms:TagResource", + "fms:UntagResource" + ] + }, + "destroy": [ + "fms:DeletePolicy" + ], + "modify": [], + "plan": [ + "fms:GetPolicy", + "fms:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/fms/aws_fms_resource_set.json b/src/mapping/aws/resource/fms/aws_fms_resource_set.json new file mode 100644 index 00000000..fd501c0a --- /dev/null +++ b/src/mapping/aws/resource/fms/aws_fms_resource_set.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "fms:PutResourceSet", + "fms:BatchAssociateResource", + "fms:ListResourceSetResources", + "fms:GetResourceSet", + "fms:ListResourceSetResources", + "fms:ListTagsForResource", + "fms:DeleteResourceSet" + ], + "attributes": { + "tags": [ + "fms:TagResource", + "fms:UntagResource" + ] + }, + "destroy": [ + "fms:DeleteResourceSet" + ], + "modify": [ + "fms:BatchDisassociateResource" + ], + "plan": [ + "fms:GetResourceSet", + "fms:ListResourceSetResources", + "fms:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_data_repository_association.json b/src/mapping/aws/resource/fsx/aws_fsx_data_repository_association.json index cecf95b6..fefc9f0a 100644 --- a/src/mapping/aws/resource/fsx/aws_fsx_data_repository_association.json +++ b/src/mapping/aws/resource/fsx/aws_fsx_data_repository_association.json @@ -7,7 +7,10 @@ "fsx:DescribeDataRepositoryAssociations", "iam:CreateServiceLinkedRole", "iam:AttachRolePolicy", - "iam:PutRolePolicy" + "iam:PutRolePolicy", + "s3:ListBucket", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/gamelift/aws_gamelift_alias.json b/src/mapping/aws/resource/gamelift/aws_gamelift_alias.json new file mode 100644 index 00000000..d4818433 --- /dev/null +++ b/src/mapping/aws/resource/gamelift/aws_gamelift_alias.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "gamelift:CreateAlias", + "gamelift:UpdateAlias", + "gamelift:DeleteAlias", + "gamelift:DescribeAlias", + "gamelift:ListTagsForResource" + ], + "attributes": { + "tags": [ + "gamelift:TagResource", + "gamelift:UntagResource" + ] + }, + "destroy": [ + "gamelift:DeleteAlias" + ], + "modify": [ + "gamelift:UpdateAlias" + ], + "plan": [ + "gamelift:DescribeAlias", + "gamelift:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/gamelift/aws_gamelift_build.json b/src/mapping/aws/resource/gamelift/aws_gamelift_build.json new file mode 100644 index 00000000..93e9a0c4 --- /dev/null +++ b/src/mapping/aws/resource/gamelift/aws_gamelift_build.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "gamelift:DescribeBuild", + "gamelift:CreateBuild", + "gamelift:DescribeBuild", + "gamelift:DeleteBuild", + "gamelift:UpdateBuild", + "gamelift:ListTagsForResource" + ], + "attributes": { + "tags": [ + "gamelift:TagResource", + "gamelift:UntagResource" + ] + }, + "destroy": [ + "gamelift:DescribeBuild", + "gamelift:DeleteBuild" + ], + "modify": [ + "gamelift:UpdateBuild" + ], + "plan": [ + "gamelift:DescribeBuild" + ] + } +] diff --git a/src/mapping/aws/resource/gamelift/aws_gamelift_fleet.json b/src/mapping/aws/resource/gamelift/aws_gamelift_fleet.json new file mode 100644 index 00000000..149d9928 --- /dev/null +++ b/src/mapping/aws/resource/gamelift/aws_gamelift_fleet.json @@ -0,0 +1,53 @@ +[ + { + "apply": [ + "gamelift:CreateFleet", + "gamelift:DescribeFleetAttributes", + "gamelift:DescribeFleetLocationAttributes", + "gamelift:UpdateFleetCapacity", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:PutScalingPolicy", + "gamelift:DescribeScalingPolicies", + "gamelift:DeleteFleet", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:DescribeScalingPolicies", + "gamelift:DeleteScalingPolicy", + "gamelift:UpdateFleetAttributes", + "gamelift:CreateFleetLocations", + "gamelift:DeleteFleetLocations", + "gamelift:UpdateFleetCapacity", + "gamelift:UpdateFleetPortSettings", + "gamelift:UpdateRuntimeConfiguration", + "gamelift:DescribeFleetLocationCapacity" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "gamelift:DeleteFleet", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:DescribeScalingPolicies", + "gamelift:DeleteScalingPolicy" + ], + "modify": [ + "gamelift:UpdateFleetAttributes", + "gamelift:CreateFleetLocations", + "gamelift:DeleteFleetLocations", + "gamelift:UpdateFleetCapacity", + "gamelift:UpdateFleetPortSettings", + "gamelift:UpdateRuntimeConfiguration", + "gamelift:DescribeFleetLocationCapacity" + ], + "plan": [ + "gamelift:DescribeFleetAttributes", + "gamelift:DescribeFleetLocationAttributes", + "gamelift:DescribeFleetCapacity", + "gamelift:DescribeFleetPortSettings", + "gamelift:DescribeFleetUtilization", + "gamelift:DescribeRuntimeConfiguration", + "gamelift:DescribeEC2InstanceLimits", + "gamelift:DescribeFleetEvents", + "gamelift:DescribeScalingPolicies" + ] + } +] diff --git a/src/mapping/aws/resource/gamelift/aws_gamelift_game_server_group.json b/src/mapping/aws/resource/gamelift/aws_gamelift_game_server_group.json new file mode 100644 index 00000000..2af02366 --- /dev/null +++ b/src/mapping/aws/resource/gamelift/aws_gamelift_game_server_group.json @@ -0,0 +1,57 @@ +[ + { + "apply": [ + "gamelift:CreateGameServerGroup", + "gamelift:DescribeGameServerGroup", + "iam:assumeRole", + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets", + "ec2:RunInstances", + "ec2:CreateTags", + "ec2:DescribeLaunchTemplateVersions", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:DDescribeLaunchTemplateVersions", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:ExitStandby", + "autoscaling:PutLifecycleHook", + "autoscaling:PutScalingPolicy", + "autoscaling:ResumeProcesses", + "autoscaling:SetInstanceProtection", + "autoscaling:UpdateAutoScalingGroup", + "events:PutRule", + "events:PutTargets", + "gamelift:DeleteGameServerGroup", + "ec2:DescribeLaunchTemplateVersions", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:DeleteAutoScalingGroup" + ], + "attributes": { + "tags": [ + "gamelift:TagResource", + "gamelift:UntagResource" + ] + }, + "destroy": [ + "gamelift:DeleteGameServerGroup", + "ec2:DescribeLaunchTemplateVersions", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:DeleteAutoScalingGroup" + ], + "modify": [ + "gamelift:UpdateGameServerGroup", + "autoscaling:UpdateAutoScalingGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/gamelift/aws_gamelift_game_session_queue.json b/src/mapping/aws/resource/gamelift/aws_gamelift_game_session_queue.json new file mode 100644 index 00000000..f19f023f --- /dev/null +++ b/src/mapping/aws/resource/gamelift/aws_gamelift_game_session_queue.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "gamelift:CreateGameSessionQueue", + "gamelift:ListTagsForResource", + "gamelift:DescribeGameSessionQueues", + "gamelift:UpdateGameSessionQueue", + "gamelift:DeleteGameSessionQueue" + ], + "attributes": { + "tags": [ + "gamelift:TagResource", + "gamelift:UntagResource" + ] + }, + "destroy": [ + "gamelift:DeleteGameSessionQueue" + ], + "modify": [ + "gamelift:UpdateGameSessionQueue", + "gamelift:DescribeGameSessionQueues" + ], + "plan": [ + "gamelift:DescribeGameSessionQueues" + ] + } +] diff --git a/src/mapping/aws/resource/gamelift/aws_gamelift_script.json b/src/mapping/aws/resource/gamelift/aws_gamelift_script.json new file mode 100644 index 00000000..a9c60b08 --- /dev/null +++ b/src/mapping/aws/resource/gamelift/aws_gamelift_script.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "gamelift:CreateScript", + "gamelift:ListTagsForResource", + "gamelift:DescribeScript", + "iam:PassRole", + "gamelift:DeleteScript", + "gamelift:ListScripts", + "gamelift:UpdateScript" + ], + "attributes": { + "tags": [ + "gamelift:TagResource", + "gamelift:UntagResource" + ] + }, + "destroy": [ + "gamelift:DeleteScript" + ], + "modify": [ + "gamelift:UpdateScript" + ], + "plan": [ + "gamelift:ListScripts" + ] + } +] diff --git a/src/mapping/aws/resource/geo/aws_location_geofence_collection.json b/src/mapping/aws/resource/geo/aws_location_geofence_collection.json index 2680cf92..ff7f9a14 100644 --- a/src/mapping/aws/resource/geo/aws_location_geofence_collection.json +++ b/src/mapping/aws/resource/geo/aws_location_geofence_collection.json @@ -1,20 +1,27 @@ -[ - { - "apply": [ - "geo:DescribeGeofenceCollection", - "geo:CreateGeofenceCollection", - "geo:DeleteGeofenceCollection", - "geo:UpdateGeofenceCollection" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "geo:DeleteGeofenceCollection" - ], - "modify": [ - "geo:UpdateGeofenceCollection" - ], - "plan": [] - } -] +[ + { + "apply": [ + "geo:DescribeGeofenceCollection", + "geo:CreateGeofenceCollection", + "geo:DeleteGeofenceCollection", + "geo:UpdateGeofenceCollection" + ], + "attributes": { + "kms_key_id": [ + "kms:DescribeKey", + "kms:CreateGrant" + ], + "tags": [ + "geo:TagResource", + "geo:UntagResource" + ] + }, + "destroy": [ + "geo:DeleteGeofenceCollection" + ], + "modify": [ + "geo:UpdateGeofenceCollection" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/geo/aws_location_map.json b/src/mapping/aws/resource/geo/aws_location_map.json index f59ed3d0..c4981b74 100644 --- a/src/mapping/aws/resource/geo/aws_location_map.json +++ b/src/mapping/aws/resource/geo/aws_location_map.json @@ -7,7 +7,10 @@ "geo:UpdateMap" ], "attributes": { - "tags": [] + "tags": [ + "geo:TagResource", + "geo:UntagResource" + ] }, "destroy": [ "geo:DeleteMap" diff --git a/src/mapping/aws/resource/geo/aws_location_place_index.json b/src/mapping/aws/resource/geo/aws_location_place_index.json index ea1a25ca..708e1c35 100644 --- a/src/mapping/aws/resource/geo/aws_location_place_index.json +++ b/src/mapping/aws/resource/geo/aws_location_place_index.json @@ -7,7 +7,10 @@ "geo:UpdatePlaceIndex" ], "attributes": { - "tags": [] + "tags": [ + "geo:TagResource", + "geo:UntagResource" + ] }, "destroy": [ "geo:DeletePlaceIndex" diff --git a/src/mapping/aws/resource/geo/aws_location_route_calculator.json b/src/mapping/aws/resource/geo/aws_location_route_calculator.json index 82a65453..2c5a527a 100644 --- a/src/mapping/aws/resource/geo/aws_location_route_calculator.json +++ b/src/mapping/aws/resource/geo/aws_location_route_calculator.json @@ -7,7 +7,10 @@ "geo:UpdateRouteCalculator" ], "attributes": { - "tags": [] + "tags": [ + "geo:TagResource", + "geo:UntagResource" + ] }, "destroy": [ "geo:DeleteRouteCalculator" diff --git a/src/mapping/aws/resource/geo/aws_location_tracker.json b/src/mapping/aws/resource/geo/aws_location_tracker.json index af3b1fb6..771fdae6 100644 --- a/src/mapping/aws/resource/geo/aws_location_tracker.json +++ b/src/mapping/aws/resource/geo/aws_location_tracker.json @@ -1,20 +1,27 @@ -[ - { - "apply": [ - "geo:DescribeTracker", - "geo:CreateTracker", - "geo:DeleteTracker", - "geo:UpdateTracker" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "geo:DeleteTracker" - ], - "modify": [ - "geo:UpdateTracker" - ], - "plan": [] - } -] +[ + { + "apply": [ + "geo:DescribeTracker", + "geo:CreateTracker", + "geo:DeleteTracker", + "geo:UpdateTracker" + ], + "attributes": { + "kms_key_id": [ + "kms:DescribeKey", + "kms:CreateGrant" + ], + "tags": [ + "geo:TagResource", + "geo:UntagResource" + ] + }, + "destroy": [ + "geo:DeleteTracker" + ], + "modify": [ + "geo:UpdateTracker" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_accelerator.json b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_accelerator.json new file mode 100644 index 00000000..e6724c66 --- /dev/null +++ b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_accelerator.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "globalaccelerator:CreateAccelerator", + "globalaccelerator:DescribeAccelerator", + "globalaccelerator:UpdateAccelerator", + "globalaccelerator:DeleteAccelerator" + ], + "attributes": { + "tags": [ + "globalaccelerator:TagResource", + "globalaccelerator:UntagResource" + ] + }, + "destroy": [ + "globalaccelerator:UpdateAccelerator", + "globalaccelerator:DeleteAccelerator" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_cross_account_attachment.json b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_cross_account_attachment.json new file mode 100644 index 00000000..fff3b652 --- /dev/null +++ b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_cross_account_attachment.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "globalaccelerator:DescribeCrossAccountAttachment", + "globalaccelerator:CreateCrossAccountAttachment", + "globalaccelerator:DeleteCrossAccountAttachment" + ], + "attributes": { + "tags": [ + "globalaccelerator:TagResource", + "globalaccelerator:UntagResource" + ] + }, + "destroy": [ + "globalaccelerator:DeleteCrossAccountAttachment" + ], + "modify": [ + "globalaccelerator:UpdateCrossAccountAttachment" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_accelerator.json b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_accelerator.json new file mode 100644 index 00000000..7d02fc50 --- /dev/null +++ b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_accelerator.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "globalaccelerator:DescribeCustomRoutingAccelerator", + "globalaccelerator:CreateCustomRoutingAccelerator", + "globalaccelerator:DeleteCustomRoutingAccelerator", + "globalaccelerator:UpdateCustomRoutingAccelerator", + "globalaccelerator:ListTagsForResource" + ], + "attributes": { + "tags": [ + "globalaccelerator:TagResource", + "globalaccelerator:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_endpoint_group.json b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_endpoint_group.json new file mode 100644 index 00000000..d5d31418 --- /dev/null +++ b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_endpoint_group.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "globalaccelerator:DescribeCustomRoutingEndpointGroup", + "globalaccelerator:CreateCustomRoutingEndpointGroup", + "globalaccelerator:DeleteCustomRoutingEndpointGroup", + "globalaccelerator:ListTagsForResource" + ], + "attributes": { + "tags": [ + "globalaccelerator:TagResource", + "globalaccelerator:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_listener.json b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_listener.json new file mode 100644 index 00000000..f1b1826a --- /dev/null +++ b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_custom_routing_listener.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "globalaccelerator:DescribeCustomRoutingListener", + "globalaccelerator:CreateCustomRoutingListener", + "globalaccelerator:DeleteCustomRoutingListener", + "globalaccelerator:UpdateCustomRoutingListener", + "globalaccelerator:ListTagsForResource" + ], + "attributes": { + "tags": [ + "globalaccelerator:TagResource", + "globalaccelerator:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_endpoint_group.json b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_endpoint_group.json new file mode 100644 index 00000000..4511e663 --- /dev/null +++ b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_endpoint_group.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "globalaccelerator:CreateEndpointGroup", + "globalaccelerator:DescribeEndpointGroup", + "globalaccelerator:DescribeAccelerator", + "globalaccelerator:DescribeListener", + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListListeners", + "globalaccelerator:DeleteEndpointGroup", + "globalaccelerator:UpdateEndpointGroup" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "globalaccelerator:DeleteEndpointGroup" + ], + "modify": [ + "globalaccelerator:UpdateEndpointGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_listener.json b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_listener.json new file mode 100644 index 00000000..9c39f701 --- /dev/null +++ b/src/mapping/aws/resource/globalaccelerator/aws_globalaccelerator_listener.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "globalaccelerator:CreateListener", + "globalaccelerator:DescribeListener", + "globalaccelerator:DescribeAccelerator", + "globalaccelerator:DeleteListener", + "globalaccelerator:UpdateListener" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "globalaccelerator:DeleteListener" + ], + "modify": [ + "globalaccelerator:UpdateListener" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/glue/aws_glue_catalog_table_optimizer.json b/src/mapping/aws/resource/glue/aws_glue_catalog_table_optimizer.json new file mode 100644 index 00000000..86e9c843 --- /dev/null +++ b/src/mapping/aws/resource/glue/aws_glue_catalog_table_optimizer.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "glue:GetTableOptimizer", + "glue:CreateTableOptimizer", + "glue:DeleteTableOptimizer", + "glue:UpdateTableOptimizer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/glue/aws_glue_data_quality_ruleset.json b/src/mapping/aws/resource/glue/aws_glue_data_quality_ruleset.json new file mode 100644 index 00000000..ae7641ff --- /dev/null +++ b/src/mapping/aws/resource/glue/aws_glue_data_quality_ruleset.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "glue:CreateDataQualityRuleset", + "glue:GetDataQualityRuleset", + "glue:DeleteDataQualityRuleset", + "glue:UpdateDataQualityRuleset", + "glue:GetTags" + ], + "attributes": { + "tags": [ + "glue:TagResource", + "glue:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/glue/aws_glue_dev_endpoint.json b/src/mapping/aws/resource/glue/aws_glue_dev_endpoint.json new file mode 100644 index 00000000..bae37d2f --- /dev/null +++ b/src/mapping/aws/resource/glue/aws_glue_dev_endpoint.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "glue:CreateDevEndpoint", + "iam:PassRole", + "glue:GetDevEndpoint", + "glue:DeleteDevEndpoint", + "glue:UpdateDevEndpoint" + ], + "attributes": { + "tags": [ + "glue:TagResource", + "glue:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/glue/aws_glue_partition.json b/src/mapping/aws/resource/glue/aws_glue_partition.json new file mode 100644 index 00000000..cc201899 --- /dev/null +++ b/src/mapping/aws/resource/glue/aws_glue_partition.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "glue:GetPartition", + "glue:CreatePartition", + "glue:DeletePartition", + "glue:UpdatePartition", + "glue:GetTags" + ], + "attributes": { + "tags": [ + "glue:TagResource", + "glue:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/glue/aws_glue_partition_index.json b/src/mapping/aws/resource/glue/aws_glue_partition_index.json new file mode 100644 index 00000000..174fe630 --- /dev/null +++ b/src/mapping/aws/resource/glue/aws_glue_partition_index.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "glue:GetPartitionIndexes", + "glue:CreatePartitionIndex", + "glue:DeletePartitionIndex" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/glue/aws_glue_registry.json b/src/mapping/aws/resource/glue/aws_glue_registry.json index 7644b5c1..d3790709 100644 --- a/src/mapping/aws/resource/glue/aws_glue_registry.json +++ b/src/mapping/aws/resource/glue/aws_glue_registry.json @@ -1,23 +1,24 @@ -[ - { - "apply": [ - "glue:CreateRegistry", - "glue:GetRegistry", - "glue:GetTags", - "glue:DeleteRegistry" - ], - "attributes": { - "tags": [ - "glue:TagResource", - "glue:UntagResource" - ] - }, - "destroy": [ - "glue:DeleteRegistry" - ], - "modify": [ - "glue:UpdateRegistry" - ], - "plan": [] - } -] +[ + { + "apply": [ + "glue:CreateRegistry", + "glue:GetRegistry", + "glue:GetTags", + "glue:DeleteRegistry", + "glue:UpdateRegistry" + ], + "attributes": { + "tags": [ + "glue:TagResource", + "glue:UntagResource" + ] + }, + "destroy": [ + "glue:DeleteRegistry" + ], + "modify": [ + "glue:UpdateRegistry" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_license_association.json b/src/mapping/aws/resource/grafana/aws_grafana_license_association.json new file mode 100644 index 00000000..eca5a90a --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_license_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "grafana:AssociateLicense", + "grafana:DisassociateLicense" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_role_association.json b/src/mapping/aws/resource/grafana/aws_grafana_role_association.json new file mode 100644 index 00000000..75dbcc33 --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_role_association.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "grafana:UpdatePermissions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_workspace.json b/src/mapping/aws/resource/grafana/aws_grafana_workspace.json new file mode 100644 index 00000000..09e746a8 --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_workspace.json @@ -0,0 +1,57 @@ +[ + { + "apply": [ + "grafana:CreateWorkspace", + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration", + "grafana:UpdateWorkspaceAuthentication", + "sso:DescribeRegisteredRegions", + "sso:CreateManagedApplicationInstance", + "organizations:DescribeOrganization", + "sso:GetSharedSsoConfiguration", + "iam:PassRole", + "ec2:GetManagedPrefixListEntries", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "sso:ListApplicationInstances", + "sso:GetApplicationInstance" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "grafana:DeleteWorkspace", + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration", + "sso:DeleteManagedApplicationInstance", + "sso:DescribeRegisteredRegions" + ], + "modify": [ + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration", + "grafana:UpdateWorkspace", + "grafana:UpdateWorkspaceAuthentication", + "grafana:UpdateWorkspaceConfiguration", + "sso:DescribeRegisteredRegions", + "sso:CreateManagedApplicationInstance", + "ec2:GetManagedPrefixListEntries", + "iam:PassRole", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "sso:ListApplicationInstances", + "sso:GetApplicationInstance" + ], + "plan": [ + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json b/src/mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_workspace_service_account.json b/src/mapping/aws/resource/grafana/aws_grafana_workspace_service_account.json new file mode 100644 index 00000000..ea03e81e --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_workspace_service_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "grafana:CreateWorkspaceServiceAccount", + "grafana:DeleteWorkspaceServiceAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_workspace_service_account_token.json b/src/mapping/aws/resource/grafana/aws_grafana_workspace_service_account_token.json new file mode 100644 index 00000000..626e6c5d --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_workspace_service_account_token.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "grafana:DeleteWorkspaceServiceAccountToken", + "grafana:CreateWorkspaceServiceAccountToken" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_detector.json b/src/mapping/aws/resource/guardduty/aws_guardduty_detector.json new file mode 100644 index 00000000..a341e6d2 --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_detector.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "guardduty:CreateDetector", + "guardduty:GetDetector", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "guardduty:ListDetectors", + "guardduty:DeleteDetector", + "guardduty:UpdateDetector" + ], + "attributes": { + "tags": [ + "guardduty:TagResource" + ] + }, + "destroy": [ + "guardduty:ListDetectors", + "guardduty:DeleteDetector" + ], + "modify": [ + "guardduty:UpdateDetector" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_detector_feature.json b/src/mapping/aws/resource/guardduty/aws_guardduty_detector_feature.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_detector_feature.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_filter.json b/src/mapping/aws/resource/guardduty/aws_guardduty_filter.json new file mode 100644 index 00000000..ace11fd5 --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_filter.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "guardduty:CreateFilter", + "guardduty:GetFilter", + "guardduty:ListDetectors", + "guardduty:ListFilters", + "guardduty:GetFilter", + "guardduty:DeleteFilter" + ], + "attributes": { + "tags": [ + "guardduty:TagResource", + "guardduty:UntagResource" + ] + }, + "destroy": [ + "guardduty:ListDetectors", + "guardduty:ListFilters", + "guardduty:GetFilter", + "guardduty:DeleteFilter" + ], + "modify": [ + "guardduty:UpdateFilter" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_invite_accepter.json b/src/mapping/aws/resource/guardduty/aws_guardduty_invite_accepter.json new file mode 100644 index 00000000..b40ac71f --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_invite_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "guardduty:AcceptInvitation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_ipset.json b/src/mapping/aws/resource/guardduty/aws_guardduty_ipset.json new file mode 100644 index 00000000..a5c8deba --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_ipset.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "guardduty:CreateIPSet", + "guardduty:GetIPSet", + "iam:PutRolePolicy", + "guardduty:GetDetector", + "guardduty:ListDetectors", + "guardduty:ListIPSets", + "guardduty:GetIPSet", + "guardduty:DeleteIPSet", + "iam:DeleteRolePolicy", + "guardduty:UpdateIPSet" + ], + "attributes": { + "tags": [ + "guardduty:TagResource", + "guardduty:UntagResource" + ] + }, + "destroy": [ + "guardduty:GetDetector", + "guardduty:ListDetectors", + "guardduty:ListIPSets", + "guardduty:GetIPSet", + "guardduty:DeleteIPSet", + "iam:DeleteRolePolicy" + ], + "modify": [ + "guardduty:UpdateIPSet" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_malware_protection_plan.json b/src/mapping/aws/resource/guardduty/aws_guardduty_malware_protection_plan.json new file mode 100644 index 00000000..cad7bba3 --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_malware_protection_plan.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "guardduty:CreateMalwareProtectionPlan", + "guardduty:GetMalwareProtectionPlan", + "iam:PassRole", + "guardduty:DeleteMalwareProtectionPlan", + "guardduty:UpdateMalwareProtectionPlan" + ], + "attributes": { + "tags": [ + "guardduty:TagResource" + ] + }, + "destroy": [ + "guardduty:DeleteMalwareProtectionPlan" + ], + "modify": [ + "guardduty:UpdateMalwareProtectionPlan" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_member.json b/src/mapping/aws/resource/guardduty/aws_guardduty_member.json new file mode 100644 index 00000000..1f783596 --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_member.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "guardduty:CreateMembers", + "guardduty:GetMembers", + "guardduty:DisassociateMembers", + "guardduty:DeleteMembers", + "guardduty:DisassociateMembers", + "guardduty:StartMonitoringMembers", + "guardduty:StopMonitoringMembers", + "guardduty:InviteMembers" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "guardduty:DisassociateMembers", + "guardduty:DeleteMembers" + ], + "modify": [ + "guardduty:DisassociateMembers", + "guardduty:StartMonitoringMembers", + "guardduty:StopMonitoringMembers", + "guardduty:InviteMembers" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_member_detector_feature.json b/src/mapping/aws/resource/guardduty/aws_guardduty_member_detector_feature.json new file mode 100644 index 00000000..be9b093c --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_member_detector_feature.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "guardduty:GetMemberDetectors", + "guardduty:UpdateMemberDetectors" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_organization_admin_account.json b/src/mapping/aws/resource/guardduty/aws_guardduty_organization_admin_account.json new file mode 100644 index 00000000..3d1f231e --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_organization_admin_account.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "guardduty:GetAdministratorAccount", + "guardduty:EnableOrganizationAdminAccount", + "guardduty:DisableOrganizationAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_organization_configuration.json b/src/mapping/aws/resource/guardduty/aws_guardduty_organization_configuration.json new file mode 100644 index 00000000..a19d581b --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_organization_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "guardduty:DescribeOrganizationConfiguration", + "guardduty:UpdateOrganizationConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_organization_configuration_feature.json b/src/mapping/aws/resource/guardduty/aws_guardduty_organization_configuration_feature.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_organization_configuration_feature.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_publishing_destination.json b/src/mapping/aws/resource/guardduty/aws_guardduty_publishing_destination.json new file mode 100644 index 00000000..a689ddda --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_publishing_destination.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "guardduty:DescribePublishingDestination", + "guardduty:CreatePublishingDestination", + "guardduty:DeletePublishingDestination", + "guardduty:UpdatePublishingDestination" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/guardduty/aws_guardduty_threatintelset.json b/src/mapping/aws/resource/guardduty/aws_guardduty_threatintelset.json new file mode 100644 index 00000000..bc344efa --- /dev/null +++ b/src/mapping/aws/resource/guardduty/aws_guardduty_threatintelset.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "guardduty:CreateThreatIntelSet", + "guardduty:GetThreatIntelSet", + "iam:PutRolePolicy", + "guardduty:ListDetectors", + "guardduty:ListThreatIntelSets", + "guardduty:DeleteThreatIntelSet", + "iam:DeleteRolePolicy", + "guardduty:UpdateThreatIntelSet" + ], + "attributes": { + "tags": [ + "guardduty:TagResource", + "guardduty:UntagResource" + ] + }, + "destroy": [ + "guardduty:ListDetectors", + "guardduty:ListThreatIntelSets", + "guardduty:DeleteThreatIntelSet", + "iam:DeleteRolePolicy" + ], + "modify": [ + "guardduty:UpdateThreatIntelSet" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_group_policies_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_group_policies_exclusive.json new file mode 100644 index 00000000..07a98994 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_group_policies_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:ListUserPolicies", + "iam:PutUserPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_group_policy.json b/src/mapping/aws/resource/iam/aws_iam_group_policy.json index 65f8fa5f..763f91bb 100644 --- a/src/mapping/aws/resource/iam/aws_iam_group_policy.json +++ b/src/mapping/aws/resource/iam/aws_iam_group_policy.json @@ -1,17 +1,19 @@ -[ - { - "apply": [ - "iam:PutGroupPolicy" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "iam:DeleteGroupPolicy" - ], - "modify": [ - "iam:GetGroupPolicy" - ], - "plan": [] - } -] +[ + { + "apply": [ + "iam:PutGroupPolicy", + "iam:GetGroupPolicy", + "iam:DeleteGroupPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "iam:DeleteGroupPolicy" + ], + "modify": [ + "iam:GetGroupPolicy" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json new file mode 100644 index 00000000..3cd86ee4 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:DetachGroupPolicy", + "iam:AttachGroupPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_instance_profile.json b/src/mapping/aws/resource/iam/aws_iam_instance_profile.json index b4213f99..ad9304d7 100644 --- a/src/mapping/aws/resource/iam/aws_iam_instance_profile.json +++ b/src/mapping/aws/resource/iam/aws_iam_instance_profile.json @@ -1,23 +1,28 @@ -[ - { - "apply": [ - "iam:CreateInstanceProfile", - "iam:GetInstanceProfile", - "iam:RemoveRoleFromInstanceProfile", - "iam:DeleteInstanceProfile", - "iam:AddRoleToInstanceProfile", - "iam:PassRole" - ], - "attributes": { - "tags": [ - "iam:TagInstanceProfile", - "iam:UntagInstanceProfile" - ] - }, - "destroy": [ - "iam:GetRole" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "iam:CreateInstanceProfile", + "iam:GetInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:AddRoleToInstanceProfile", + "iam:PassRole", + "iam:GetRole", + "iam:RemoveRoleFromInstanceProfile", + "iam:DeleteInstanceProfile" + ], + "attributes": { + "tags": [ + "iam:TagInstanceProfile", + "iam:UntagInstanceProfile" + ] + }, + "destroy": [ + "iam:GetRole", + "iam:RemoveRoleFromInstanceProfile", + "iam:DeleteInstanceProfile" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_openid_connect_provider.json b/src/mapping/aws/resource/iam/aws_iam_openid_connect_provider.json index a9890c17..b74ec66f 100644 --- a/src/mapping/aws/resource/iam/aws_iam_openid_connect_provider.json +++ b/src/mapping/aws/resource/iam/aws_iam_openid_connect_provider.json @@ -4,7 +4,11 @@ "ec2:DescribeAccountAttributes", "iam:DeleteOpenIDConnectProvider", "iam:GetOpenIDConnectProvider", - "iam:CreateOpenIDConnectProvider" + "iam:CreateOpenIDConnectProvider", + "iam:ListOpenIDConnectProviderTags", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:RemoveClientIDFromOpenIDConnectProvider", + "iam:AddClientIDToOpenIDConnectProvider" ], "attributes": { "tags": [ @@ -12,10 +16,18 @@ "iam:TagOpenIDConnectProvider" ] }, - "destroy": [], + "destroy": [ + "iam:DeleteOpenIDConnectProvider" + ], "modify": [ - "iam:UpdateOpenIDConnectProviderThumbprint" + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:RemoveClientIDFromOpenIDConnectProvider", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:GetOpenIDConnectProvider", + "iam:ListOpenIDConnectProviderTags" ], - "plan": [] + "plan": [ + "iam:GetOpenIDConnectProvider" + ] } ] diff --git a/src/mapping/aws/resource/iam/aws_iam_organizations_features.json b/src/mapping/aws/resource/iam/aws_iam_organizations_features.json new file mode 100644 index 00000000..bfa838fa --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_organizations_features.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:EnableOrganizationsRootCredentialsManagement", + "iam:DisableOrganizationsRootCredentialsManagement" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_role.json b/src/mapping/aws/resource/iam/aws_iam_role.json index 0a73445c..ab714ea6 100644 --- a/src/mapping/aws/resource/iam/aws_iam_role.json +++ b/src/mapping/aws/resource/iam/aws_iam_role.json @@ -22,7 +22,8 @@ "iam:DeleteRolePermissionsBoundary" ], "tags": [ - "iam:TagRole" + "iam:TagRole", + "iam:UntagRole" ] }, "destroy": [ diff --git a/src/mapping/aws/resource/iam/aws_iam_role_policies_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_role_policies_exclusive.json new file mode 100644 index 00000000..07a98994 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_role_policies_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:ListUserPolicies", + "iam:PutUserPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json new file mode 100644 index 00000000..317f3130 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:AttachRolePolicy", + "iam:DetachRolePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_saml_provider.json b/src/mapping/aws/resource/iam/aws_iam_saml_provider.json index 2efb510e..5efa1e57 100644 --- a/src/mapping/aws/resource/iam/aws_iam_saml_provider.json +++ b/src/mapping/aws/resource/iam/aws_iam_saml_provider.json @@ -1,23 +1,25 @@ -[ - { - "apply": [ - "ec2:DescribeAccountAttributes", - "iam:CreateSAMLProvider", - "iam:GetSAMLProvider", - "iam:DeleteSAMLProvider" - ], - "attributes": { - "tags": [ - "iam:UntagSAMLProvider", - "iam:TagSAMLProvider" - ] - }, - "destroy": [ - "iam:DeleteSAMLProvider" - ], - "modify": [ - "iam:UpdateSAMLProvider" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DescribeAccountAttributes", + "iam:CreateSAMLProvider", + "iam:GetSAMLProvider", + "iam:DeleteSAMLProvider", + "iam:ListSAMLProviderTags" + ], + "attributes": { + "tags": [ + "iam:UntagSAMLProvider", + "iam:TagSAMLProvider" + ] + }, + "destroy": [ + "iam:DeleteSAMLProvider" + ], + "modify": [ + "iam:UpdateSAMLProvider", + "iam:ListSAMLProviderTags" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_server_certificate.json b/src/mapping/aws/resource/iam/aws_iam_server_certificate.json index 77bd37ea..742f08df 100644 --- a/src/mapping/aws/resource/iam/aws_iam_server_certificate.json +++ b/src/mapping/aws/resource/iam/aws_iam_server_certificate.json @@ -2,11 +2,11 @@ { "apply": [ "iam:GetServerCertificate", - "iam:UploadServerCertificate" + "iam:UploadServerCertificate", + "iam:ListServerCertificateTags" ], "attributes": { "tags": [ - "iam:ListServerCertificateTags", "iam:TagServerCertificate", "iam:UntagServerCertificate" ] diff --git a/src/mapping/aws/resource/iam/aws_iam_user_policies_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_user_policies_exclusive.json new file mode 100644 index 00000000..07a98994 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_user_policies_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:ListUserPolicies", + "iam:PutUserPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json new file mode 100644 index 00000000..ed0930c5 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:DetachUserPolicy", + "iam:AttachUserPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_virtual_mfa_device.json b/src/mapping/aws/resource/iam/aws_iam_virtual_mfa_device.json index fdf68baa..5cf77250 100644 --- a/src/mapping/aws/resource/iam/aws_iam_virtual_mfa_device.json +++ b/src/mapping/aws/resource/iam/aws_iam_virtual_mfa_device.json @@ -4,13 +4,16 @@ "iam:CreateVirtualMFADevice", "iam:ListVirtualMFADevices", "iam:ListMFADeviceTags", - "iam:DeleteVirtualMFADevice" + "iam:DeleteVirtualMFADevice", + "iam:EnableMFADevice", + "iam:DeactivateMFADevice" ], "attributes": { "tags": [] }, "destroy": [ - "iam:DeleteVirtualMFADevice" + "iam:DeleteVirtualMFADevice", + "iam:DeactivateMFADevice" ], "modify": [], "plan": [] diff --git a/src/mapping/aws/resource/identitystore/aws_identitystore_group.json b/src/mapping/aws/resource/identitystore/aws_identitystore_group.json new file mode 100644 index 00000000..735daa31 --- /dev/null +++ b/src/mapping/aws/resource/identitystore/aws_identitystore_group.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "identitystore:CreateGroup", + "identitystore:DescribeGroup", + "identitystore:UpdateGroup", + "identitystore:DeleteGroup" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "identitystore:DescribeGroup", + "identitystore:DeleteGroup" + ], + "modify": [ + "identitystore:DescribeGroup", + "identitystore:UpdateGroup" + ], + "plan": [ + "identitystore:DescribeGroup" + ] + } +] diff --git a/src/mapping/aws/resource/identitystore/aws_identitystore_group_membership.json b/src/mapping/aws/resource/identitystore/aws_identitystore_group_membership.json new file mode 100644 index 00000000..c5c4c293 --- /dev/null +++ b/src/mapping/aws/resource/identitystore/aws_identitystore_group_membership.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "identitystore:CreateGroupMembership", + "identitystore:DescribeGroupMembership", + "identitystore:DeleteGroupMembership" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "identitystore:DeleteGroupMembership", + "identitystore:DescribeGroupMembership" + ], + "modify": [], + "plan": [ + "identitystore:DescribeGroupMembership" + ] + } +] diff --git a/src/mapping/aws/resource/identitystore/aws_identitystore_user.json b/src/mapping/aws/resource/identitystore/aws_identitystore_user.json new file mode 100644 index 00000000..71ffc578 --- /dev/null +++ b/src/mapping/aws/resource/identitystore/aws_identitystore_user.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "identitystore:CreateUser", + "identitystore:DescribeUser", + "identitystore:UpdateUser", + "identitystore:DeleteUser" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "identitystore:DescribeUser", + "identitystore:DeleteUser" + ], + "modify": [ + "identitystore:DescribeUser", + "identitystore:UpdateUser" + ], + "plan": [ + "identitystore:DescribeUser" + ] + } +] diff --git a/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_container_recipe.json b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_container_recipe.json index f8ac0621..7a38db48 100644 --- a/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_container_recipe.json +++ b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_container_recipe.json @@ -9,7 +9,20 @@ "imagebuilder:DeleteImageRecipe" ], "attributes": { - "tags": [] + "kms_key_id": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncryptFrom", + "kms:ReEncryptTo", + "kms:GenerateDataKey", + "kms:GenerateDataKeyPair", + "kms:GenerateDataKeyPairWithoutPlaintext", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "tags": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ] }, "destroy": [ "imagebuilder:DeleteContainerRecipe", diff --git a/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_lifecycle_policy.json b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_lifecycle_policy.json new file mode 100644 index 00000000..1c6422e8 --- /dev/null +++ b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_lifecycle_policy.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "iam:PassRole", + "imagebuilder:CreateLifecyclePolicy", + "imagebuilder:GetLifecyclePolicy", + "imagebuilder:DeleteLifecyclePolicy", + "imagebuilder:UpdateLifecyclePolicy" + ], + "attributes": { + "tags": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ] + }, + "destroy": [ + "imagebuilder:GetLifecyclePolicy", + "imagebuilder:DeleteLifecyclePolicy" + ], + "modify": [ + "iam:PassRole", + "imagebuilder:GetLifecyclePolicy", + "imagebuilder:UpdateLifecyclePolicy" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_workflow.json b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_workflow.json new file mode 100644 index 00000000..9c01b2d0 --- /dev/null +++ b/src/mapping/aws/resource/imagebuilder/aws_imagebuilder_workflow.json @@ -0,0 +1,35 @@ +[ + { + "apply": [ + "iam:GetRole", + "imagebuilder:GetWorkflow", + "imagebuilder:CreateWorkflow", + "imagebuilder:DeleteWorkflow" + ], + "attributes": { + "kms_key_id": [ + "kms:GenerateDataKey", + "kms:GenerateDataKeyPair", + "kms:GenerateDataKeyPairWithoutPlaintext", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:Encrypt", + "kms:Decrypt" + ], + "tags": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ], + "uri": [ + "s3:GetObject", + "s3:HeadBucket", + "s3:GetBucketLocation" + ] + }, + "destroy": [ + "imagebuilder:UnTagResource", + "imagebuilder:DeleteWorkflow" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/inspector/aws_inspector_assessment_target.json b/src/mapping/aws/resource/inspector/aws_inspector_assessment_target.json index af5bbd70..91b3f250 100644 --- a/src/mapping/aws/resource/inspector/aws_inspector_assessment_target.json +++ b/src/mapping/aws/resource/inspector/aws_inspector_assessment_target.json @@ -1,17 +1,20 @@ -[ - { - "apply": [ - "inspector:CreateAssessmentTarget", - "inspector:DescribeAssessmentTargets", - "inspector:DeleteAssessmentTarget" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "inspector:DeleteAssessmentTarget" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "inspector:CreateAssessmentTarget", + "inspector:DescribeAssessmentTargets", + "inspector:DeleteAssessmentTarget", + "inspector:UpdateAssessmentTarget" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "inspector:DeleteAssessmentTarget" + ], + "modify": [ + "inspector:UpdateAssessmentTarget" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/inspector2/aws_inspector2_filter.json b/src/mapping/aws/resource/inspector2/aws_inspector2_filter.json new file mode 100644 index 00000000..723f89f5 --- /dev/null +++ b/src/mapping/aws/resource/inspector2/aws_inspector2_filter.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "inspector2:ListTagsForResource", + "inspector2:CreateFilter", + "inspector2:ListFilters", + "inspector2:DeleteFilter", + "inspector2:UpdateFilter" + ], + "attributes": { + "tags": [ + "inspector2:TagResource", + "inspector2:UntagResource" + ] + }, + "destroy": [ + "inspector2:DeleteFilter" + ], + "modify": [ + "inspector2:UpdateFilter" + ], + "plan": [ + "inspector2:ListFilters" + ] + } +] diff --git a/src/mapping/aws/resource/internetmonitor/aws_internetmonitor_monitor.json b/src/mapping/aws/resource/internetmonitor/aws_internetmonitor_monitor.json index 7aeab4d5..01926749 100644 --- a/src/mapping/aws/resource/internetmonitor/aws_internetmonitor_monitor.json +++ b/src/mapping/aws/resource/internetmonitor/aws_internetmonitor_monitor.json @@ -1,23 +1,38 @@ -[ - { - "apply": [ - "internetmonitor:CreateMonitor", - "internetmonitor:GetMonitor", - "internetmonitor:UpdateMonitor", - "internetmonitor:DeleteMonitor" - ], - "attributes": { - "tags": [ - "internetmonitor:TagResource", - "internetmonitor:UntagResource" - ] - }, - "destroy": [ - "internetmonitor:DeleteMonitor" - ], - "modify": [ - "internetmonitor:UpdateMonitor" - ], - "plan": [] - } -] +[ + { + "apply": [ + "internetmonitor:CreateMonitor", + "internetmonitor:GetMonitor", + "internetmonitor:UpdateMonitor", + "internetmonitor:DeleteMonitor", + "internetmonitor:ListTagsForResource", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "iam:PassRole" + ], + "attributes": { + "internet_measurements_log_delivery": [ + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket" + ], + "tags": [ + "internetmonitor:TagResource", + "internetmonitor:UntagResource" + ] + }, + "destroy": [ + "internetmonitor:DeleteMonitor", + "logs:DeleteLogDelivery" + ], + "modify": [ + "internetmonitor:UpdateMonitor" + ], + "plan": [ + "logs:GetLogDelivery" + ] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_authorizer.json b/src/mapping/aws/resource/iot/aws_iot_authorizer.json new file mode 100644 index 00000000..590e746b --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_authorizer.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "iot:CreateAuthorizer", + "iot:DescribeAuthorizer", + "iot:ListTagsForResource", + "iot:UpdateAuthorizer", + "iot:DeleteAuthorizer", + "iot:DescribeAuthorizer" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:UpdateAuthorizer", + "iot:DeleteAuthorizer", + "iot:DescribeAuthorizer" + ], + "modify": [ + "iot:UpdateAuthorizer" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_billing_group.json b/src/mapping/aws/resource/iot/aws_iot_billing_group.json new file mode 100644 index 00000000..2b764b34 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_billing_group.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "iot:DescribeBillingGroup", + "iot:ListTagsForResource", + "iot:CreateBillingGroup", + "iot:DeleteBillingGroup" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DeleteBillingGroup" + ], + "modify": [ + "iot:UpdateBillingGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_ca_certificate.json b/src/mapping/aws/resource/iot/aws_iot_ca_certificate.json new file mode 100644 index 00000000..a0605862 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_ca_certificate.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "iam:GetRole", + "iam:PassRole", + "iot:RegisterCACertificate", + "iot:DescribeCACertificate", + "iot:ListTagsForResource", + "iot:UpdateCACertificate", + "iot:DeleteCACertificate", + "iot:UpdateCACertificate" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:UpdateCACertificate", + "iot:DeleteCACertificate" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_certificate.json b/src/mapping/aws/resource/iot/aws_iot_certificate.json new file mode 100644 index 00000000..dafe3277 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_certificate.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "iot:CreateCertificateFromCsr", + "iot:RegisterCertificate", + "iot:RegisterCertificateWithoutCA", + "iot:DescribeCertificate", + "iot:DeleteCertificate", + "iot:UpdateCertificate" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "iot:DeleteCertificate", + "iot:UpdateCertificate" + ], + "modify": [ + "iot:UpdateCertificate" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_domain_configuration.json b/src/mapping/aws/resource/iot/aws_iot_domain_configuration.json new file mode 100644 index 00000000..aef44894 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_domain_configuration.json @@ -0,0 +1,33 @@ +[ + { + "apply": [ + "iot:CreateDomainConfiguration", + "iot:UpdateDomainConfiguration", + "iot:DescribeDomainConfiguration", + "iot:DeleteDomainConfiguration", + "iot:UpdateDomainConfiguration", + "acm:GetCertificate", + "iot:ListTagsForResource" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DescribeDomainConfiguration", + "iot:DeleteDomainConfiguration", + "iot:UpdateDomainConfiguration" + ], + "modify": [ + "iot:UpdateDomainConfiguration", + "iot:DescribeDomainConfiguration", + "iot:ListTagsForResource" + ], + "plan": [ + "iot:DescribeDomainConfiguration", + "iot:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_event_configurations.json b/src/mapping/aws/resource/iot/aws_iot_event_configurations.json new file mode 100644 index 00000000..33426525 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_event_configurations.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:DescribeEventConfigurations", + "iot:UpdateEventConfigurations" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_indexing_configuration.json b/src/mapping/aws/resource/iot/aws_iot_indexing_configuration.json new file mode 100644 index 00000000..e342d198 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_indexing_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:GetIndexingConfiguration", + "iot:UpdateIndexingConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_logging_options.json b/src/mapping/aws/resource/iot/aws_iot_logging_options.json new file mode 100644 index 00000000..b8d8233d --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_logging_options.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iot:GetLoggingOptions", + "iot:GetV2LoggingOptions", + "iot:SetV2LoggingOptions", + "iot:SetLoggingOptions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_policy.json b/src/mapping/aws/resource/iot/aws_iot_policy.json new file mode 100644 index 00000000..2846fe90 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_policy.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "iot:CreatePolicy", + "iot:GetPolicy", + "iot:ListTagsForResource", + "iot:DeletePolicy", + "iot:ListPolicyVersions", + "iot:DeletePolicyVersion" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DeletePolicy", + "iot:ListPolicyVersions", + "iot:DeletePolicyVersion" + ], + "modify": [ + "iot:CreatePolicyVersion", + "iot:DeletePolicyVersion", + "iot:SetDefaultPolicyVersion" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_policy_attachment.json b/src/mapping/aws/resource/iot/aws_iot_policy_attachment.json new file mode 100644 index 00000000..92f932ab --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_policy_attachment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:AttachPolicy", + "iot:DetachPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_provisioning_template.json b/src/mapping/aws/resource/iot/aws_iot_provisioning_template.json new file mode 100644 index 00000000..23d76a2b --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_provisioning_template.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "iam:GetRole", + "iam:PassRole", + "iot:CreateProvisioningTemplate", + "iot:DescribeProvisioningTemplate", + "iot:ListTagsForResource", + "iot:DeleteProvisioningTemplate" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DeleteProvisioningTemplate" + ], + "modify": [ + "iot:UpdateProvisioningTemplate", + "iot:CreateProvisioningTemplateVersion", + "iot:ListProvisioningTemplateVersions", + "iot:DeleteProvisioningTemplateVersion" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_role_alias.json b/src/mapping/aws/resource/iot/aws_iot_role_alias.json new file mode 100644 index 00000000..d2c83901 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_role_alias.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "iam:GetRole", + "iam:PassRole", + "iot:CreateRoleAlias", + "iot:DescribeRoleAlias", + "iot:ListTagsForResource", + "iot:DeleteRoleAlias", + "iot:UpdateRoleAlias" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DeleteRoleAlias" + ], + "modify": [ + "iot:UpdateRoleAlias" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_thing.json b/src/mapping/aws/resource/iot/aws_iot_thing.json new file mode 100644 index 00000000..4d87999e --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_thing.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "iot:CreateThing", + "iot:DescribeThing", + "iot:UpdateThing", + "iot:DeleteThing" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "iot:DeleteThing" + ], + "modify": [ + "iot:UpdateThing" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_thing_group.json b/src/mapping/aws/resource/iot/aws_iot_thing_group.json new file mode 100644 index 00000000..b6be6e8f --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_thing_group.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "iot:DescribeThingGroup", + "iot:ListTagsForResource", + "iot:CreateThingGroup", + "iot:CreateDynamicThingGroup", + "iot:DeleteThingGroup", + "iot:DeleteDynamicThingGroup", + "iot:UpdateThingGroup", + "iot:UpdateDynamicThingGroup" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DeleteThingGroup", + "iot:DeleteDynamicThingGroup" + ], + "modify": [ + "iot:UpdateThingGroup", + "iot:UpdateDynamicThingGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_thing_group_membership.json b/src/mapping/aws/resource/iot/aws_iot_thing_group_membership.json new file mode 100644 index 00000000..c7a06499 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_thing_group_membership.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "iot:DescribeThingGroup", + "iot:AddThingToThingGroup", + "iot:RemoveThingFromThingGroup" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json b/src/mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json new file mode 100644 index 00000000..f92e9a47 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:AttachThingPrincipal", + "iot:DetachThingPrincipal" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_thing_type.json b/src/mapping/aws/resource/iot/aws_iot_thing_type.json new file mode 100644 index 00000000..86249715 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_thing_type.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "iot:DescribeThingType", + "iot:ListTagsForResource", + "iot:CreateThingType", + "iot:DeprecateThingType", + "iot:DeleteThingType", + "iot:DeleteThingType" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DeleteThingType" + ], + "modify": [ + "iot:DeleteThingType" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_topic_rule.json b/src/mapping/aws/resource/iot/aws_iot_topic_rule.json new file mode 100644 index 00000000..faca05fb --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_topic_rule.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "iam:PassRole", + "iot:CreateTopicRule", + "iot:GetTopicRule", + "iot:ListTagsForResource", + "iot:DeleteTopicRule", + "iot:ReplaceTopicRule" + ], + "attributes": { + "tags": [ + "iot:TagResource", + "iot:UntagResource" + ] + }, + "destroy": [ + "iot:DeleteTopicRule" + ], + "modify": [ + "iot:ReplaceTopicRule" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_topic_rule_destination.json b/src/mapping/aws/resource/iot/aws_iot_topic_rule_destination.json new file mode 100644 index 00000000..e54dffc7 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_topic_rule_destination.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "iam:PassRole", + "iot:CreateTopicRuleDestination", + "iot:GetTopicRuleDestination", + "iot:UpdateTopicRuleDestination", + "iot:DeleteTopicRuleDestination", + "iot:UpdateTopicRuleDestination" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "iot:DeleteTopicRuleDestination" + ], + "modify": [ + "iot:UpdateTopicRuleDestination" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ivschat/aws_ivs_channel.json b/src/mapping/aws/resource/ivschat/aws_ivs_channel.json new file mode 100644 index 00000000..b0e22e0a --- /dev/null +++ b/src/mapping/aws/resource/ivschat/aws_ivs_channel.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "ivs:CreateChannel", + "ivs:DeleteChannel", + "ivs:GetChannel", + "ivs:ListTagsForResource", + "ivs:UpdateChannel", + "ivs:ListTagsForResource" + ], + "attributes": { + "tags": [ + "ivs:TagResource", + "ivs:UntagResource" + ] + }, + "destroy": [ + "ivs:DeleteChannel" + ], + "modify": [ + "ivs:UpdateChannel", + "ivs:ListTagsForResource" + ], + "plan": [ + "ivs:GetChannel", + "ivs:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/ivschat/aws_ivs_playback_key_pair.json b/src/mapping/aws/resource/ivschat/aws_ivs_playback_key_pair.json new file mode 100644 index 00000000..45d564c8 --- /dev/null +++ b/src/mapping/aws/resource/ivschat/aws_ivs_playback_key_pair.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "ivs:ImportPlaybackKeyPair", + "ivs:DeletePlaybackKeyPair", + "ivs:GetPlaybackKeyPair", + "ivs:ListTagsForResource" + ], + "attributes": { + "tags": [ + "ivs:TagResource", + "ivs:UntagResource" + ] + }, + "destroy": [ + "ivs:DeletePlaybackKeyPair" + ], + "modify": [ + "ivs:ListTagsForResource" + ], + "plan": [ + "ivs:GetPlaybackKeyPair" + ] + } +] diff --git a/src/mapping/aws/resource/ivschat/aws_ivs_recording_configuration.json b/src/mapping/aws/resource/ivschat/aws_ivs_recording_configuration.json new file mode 100644 index 00000000..f131445c --- /dev/null +++ b/src/mapping/aws/resource/ivschat/aws_ivs_recording_configuration.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "ivs:CreateRecordingConfiguration", + "ivs:GetRecordingConfiguration", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "iam:AttachRolePolicy", + "s3:ListBucket", + "s3:GetBucketLocation", + "cloudformation:ListExports", + "ivs:DeleteRecordingConfiguration", + "ivs:ListTagsForResource" + ], + "attributes": { + "tags": [ + "ivs:TagResource", + "ivs:UntagResource" + ] + }, + "destroy": [ + "ivs:DeleteRecordingConfiguration" + ], + "modify": [], + "plan": [ + "ivs:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/ivschat/aws_ivschat_logging_configuration.json b/src/mapping/aws/resource/ivschat/aws_ivschat_logging_configuration.json new file mode 100644 index 00000000..b74a6941 --- /dev/null +++ b/src/mapping/aws/resource/ivschat/aws_ivschat_logging_configuration.json @@ -0,0 +1,43 @@ +[ + { + "apply": [ + "iam:CreateServiceLinkedRole", + "ivschat:CreateLoggingConfiguration", + "ivschat:DeleteLoggingConfiguration", + "ivschat:GetLoggingConfiguration", + "ivschat:UpdateLoggingConfiguration" + ], + "attributes": { + "cloudwatch_logs": [ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "firehose": [ + "firehose:TagDeliveryStream" + ], + "s3": [ + "s3:GetBucketPolicy", + "s3:PutBucketPolicy" + ], + "tags": [ + "ivschat:TagResource", + "ivschat:UntagResource" + ] + }, + "destroy": [ + "ivschat:DeleteLoggingConfiguration", + "ivschat:GetLoggingConfiguration" + ], + "modify": [ + "ivschat:UpdateLoggingConfiguration", + "ivschat:GetLoggingConfiguration" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ivschat/aws_ivschat_room.json b/src/mapping/aws/resource/ivschat/aws_ivschat_room.json new file mode 100644 index 00000000..9abb5908 --- /dev/null +++ b/src/mapping/aws/resource/ivschat/aws_ivschat_room.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "ivschat:CreateRoom", + "ivschat:DeleteRoom", + "ivschat:UpdateRoom", + "ivschat:ListTagsForResource" + ], + "attributes": { + "tags": [ + "ivschat:TagResource", + "ivschat:UntagResource" + ] + }, + "destroy": [ + "ivschat:DeleteRoom" + ], + "modify": [ + "ivschat:UpdateRoom" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafka/aws_msk_cluster.json b/src/mapping/aws/resource/kafka/aws_msk_cluster.json index b1f21175..fda2cf22 100644 --- a/src/mapping/aws/resource/kafka/aws_msk_cluster.json +++ b/src/mapping/aws/resource/kafka/aws_msk_cluster.json @@ -1,42 +1,42 @@ [ { "apply": [ - "Kafka:CreateCluster", + "kafka:CreateCluster", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "iam:CreateServiceLinkedRole", - "Kafka:DescribeClusterV2", - "Kafka:DescribeCluster", - "Kafka:ListTagsForResource", - "Kafka:GetBootstrapBrokers", - "Kafka:DeleteCluster", + "kafka:DescribeClusterV2", + "kafka:DescribeCluster", + "kafka:ListTagsForResource", + "kafka:GetBootstrapBrokers", + "kafka:DeleteCluster", "ec2:DeleteVpcEndpoints", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", - "Kafka:DescribeClusterOperation" + "kafka:DescribeClusterOperation" ], "attributes": { "tags": [ - "Kafka:TagResource", - "Kafka:UntagResource" + "kafka:TagResource", + "kafka:UntagResource" ] }, "destroy": [ - "Kafka:DeleteCluster", + "kafka:DeleteCluster", "ec2:DeleteVpcEndpoints" ], "modify": [ - "Kafka:UpdateSecurity", - "Kafka:UpdateBrokerCount", - "Kafka:UpdateBrokerStorage", - "Kafka:UpdateBrokerType", - "Kafka:UpdateClusterConfiguration", - "Kafka:UpdateClusterKafkaVersion", - "Kafka:UpdateConnectivity", - "Kafka:UpdateMonitoring", - "Kafka:UpdateSecurity", - "Kafka:UpdateStorage" + "kafka:UpdateSecurity", + "kafka:UpdateBrokerCount", + "kafka:UpdateBrokerStorage", + "kafka:UpdateBrokerType", + "kafka:UpdateClusterConfiguration", + "kafka:UpdateClusterKafkaVersion", + "kafka:UpdateConnectivity", + "kafka:UpdateMonitoring", + "kafka:UpdateSecurity", + "kafka:UpdateStorage" ], "plan": [] } diff --git a/src/mapping/aws/resource/kafka/aws_msk_cluster_policy.json b/src/mapping/aws/resource/kafka/aws_msk_cluster_policy.json new file mode 100644 index 00000000..17a21ada --- /dev/null +++ b/src/mapping/aws/resource/kafka/aws_msk_cluster_policy.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "kafka:PutClusterPolicy", + "kafka:GetClusterPolicy", + "kafka:DeleteClusterPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "kafka:DeleteClusterPolicy" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafka/aws_msk_configuration.json b/src/mapping/aws/resource/kafka/aws_msk_configuration.json index c1d48b47..bd3188ea 100644 --- a/src/mapping/aws/resource/kafka/aws_msk_configuration.json +++ b/src/mapping/aws/resource/kafka/aws_msk_configuration.json @@ -1,22 +1,22 @@ [ { "apply": [ - "Kafka:CreateConfiguration", - "Kafka:DeleteConfiguration", - "Kafka:DescribeConfiguration", - "Kafka:DescribeConfigurationRevision" + "kafka:CreateConfiguration", + "kafka:DeleteConfiguration", + "kafka:DescribeConfiguration", + "kafka:DescribeConfigurationRevision" ], "attributes": { "tags": [] }, "destroy": [ - "Kafka:DeleteConfiguration" + "kafka:DeleteConfiguration" ], "modify": [ - "Kafka:UpdateConfiguration", - "Kafka:DescribeConfigurationRevision", - "Kafka:UpdateClusterConfiguration", - "Kafka:UpdateConfiguration" + "kafka:UpdateConfiguration", + "kafka:DescribeConfigurationRevision", + "kafka:UpdateClusterConfiguration", + "kafka:UpdateConfiguration" ], "plan": [] } diff --git a/src/mapping/aws/resource/kafka/aws_msk_replicator.json b/src/mapping/aws/resource/kafka/aws_msk_replicator.json new file mode 100644 index 00000000..e0af0065 --- /dev/null +++ b/src/mapping/aws/resource/kafka/aws_msk_replicator.json @@ -0,0 +1,36 @@ +[ + { + "apply": [ + "kafka:DescribeReplicator", + "kafka:ListTagsForResource", + "kafka:UpdateReplicationInfo", + "kafka:DeleteReplicator", + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "kafka:CreateReplicator", + "kafka:CreateReplicatorReference", + "kafka:DescribeClusterV2", + "kafka:GetBootstrapBrokers" + ], + "attributes": { + "tags": [ + "kafka:UntagResource", + "kafka:UntagResource" + ] + }, + "destroy": [ + "kafka:DeleteReplicator" + ], + "modify": [ + "kafka:UpdateReplicationInfo" + ], + "plan": [ + "kafka:DescribeReplicator", + "kafka:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/kafka/aws_msk_scram_secret_association.json b/src/mapping/aws/resource/kafka/aws_msk_scram_secret_association.json index 08a3e57e..56202483 100644 --- a/src/mapping/aws/resource/kafka/aws_msk_scram_secret_association.json +++ b/src/mapping/aws/resource/kafka/aws_msk_scram_secret_association.json @@ -3,15 +3,15 @@ "apply": [ "kms:DescribeKey", "kms:CreateGrant", - "Kafka:BatchAssociateScramSecret", - "Kafka:BatchDisassociateScramSecret", - "Kafka:ListScramSecrets" + "kafka:BatchAssociateScramSecret", + "kafka:BatchDisassociateScramSecret", + "kafka:ListScramSecrets" ], "attributes": { "tags": [] }, "destroy": [ - "Kafka:BatchDisassociateScramSecret" + "kafka:BatchDisassociateScramSecret" ], "modify": [], "plan": [] diff --git a/src/mapping/aws/resource/kafka/aws_msk_serverless_cluster.json b/src/mapping/aws/resource/kafka/aws_msk_serverless_cluster.json index 17855ad6..a5a80913 100644 --- a/src/mapping/aws/resource/kafka/aws_msk_serverless_cluster.json +++ b/src/mapping/aws/resource/kafka/aws_msk_serverless_cluster.json @@ -1,7 +1,7 @@ [ { "apply": [ - "Kafka:CreateClusterV2", + "kafka:CreateClusterV2", "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints", "ec2:DescribeSecurityGroups", @@ -9,9 +9,9 @@ "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", - "Kafka:DescribeClusterV2", - "Kafka:ListTagsForResource", - "Kafka:DeleteCluster", + "kafka:DescribeClusterV2", + "kafka:ListTagsForResource", + "kafka:DeleteCluster", "ec2:DeleteVpcEndpoints", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints" @@ -20,12 +20,12 @@ "tags": [ "ec2:CreateTags", "ec2:DeleteTags", - "Kafka:TagResource", - "Kafka:UntagResource" + "kafka:TagResource", + "kafka:UntagResource" ] }, "destroy": [ - "Kafka:DeleteCluster", + "kafka:DeleteCluster", "ec2:DeleteVpcEndpoints", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints" diff --git a/src/mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json b/src/mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json new file mode 100644 index 00000000..e4b199c7 --- /dev/null +++ b/src/mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "kafka:BatchAssociateScramSecret", + "kafka:BatchDisassociateScramSecret" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafka/aws_msk_vpc_connection.json b/src/mapping/aws/resource/kafka/aws_msk_vpc_connection.json new file mode 100644 index 00000000..dbc14b85 --- /dev/null +++ b/src/mapping/aws/resource/kafka/aws_msk_vpc_connection.json @@ -0,0 +1,39 @@ +[ + { + "apply": [ + "ec2:CreateVpcEndpoint", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:AcceptVpcEndpointConnections", + "ec2:RejectVpcEndpointConnections", + "ec2:DescribeVpcEndpointConnections", + "ec2:CreateTags", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "kafka:CreateVpcConnection", + "kafka:DescribeVpcConnection", + "kms:CreateGrant", + "kms:DescribeKey", + "ec2:DeleteVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "kafka:DeleteVpcConnection" + ], + "attributes": { + "tags": [ + "kafka:TagResource", + "kafka:UntagResource" + ] + }, + "destroy": [ + "ec2:DeleteVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "kafka:DeleteVpcConnection" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafka/aws_mskconnect_connector.json b/src/mapping/aws/resource/kafka/aws_mskconnect_connector.json new file mode 100644 index 00000000..95457a8a --- /dev/null +++ b/src/mapping/aws/resource/kafka/aws_mskconnect_connector.json @@ -0,0 +1,61 @@ +[ + { + "apply": [ + "kafkaconnect:CreateConnector", + "kafkaconnect:DescribeConnector", + "kafkaconnect:ListTagsForResource", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "firehose:TagDeliveryStream", + "kafkaconnect:UpdateConnector", + "kafkaconnect:DeleteConnector", + "logs:DeleteLogDelivery", + "logs:UpdateLogDelivery" + ], + "attributes": { + "tags": [ + "kafkaconnect:TagResource", + "kafkaconnect:UntagResource" + ] + }, + "destroy": [ + "kafkaconnect:DeleteConnector", + "kafkaconnect:DescribeConnector", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries" + ], + "modify": [ + "kafkaconnect:UpdateConnector", + "kafkaconnect:DescribeConnector", + "kafkaconnect:DescribeConnectorOperation", + "kafkaconnect:ListTagsForResource", + "iam:CreateServiceLinkedRole", + "logs:UpdateLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "firehose:TagDeliveryStream" + ], + "plan": [ + "kafkaconnect:DescribeConnector", + "kafkaconnect:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json new file mode 100644 index 00000000..e5b4b38d --- /dev/null +++ b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "kafkaconnect:DeleteCustomPlugin", + "kafkaconnect:CreateCustomPlugin", + "kafkaconnect:DescribeCustomPlugin" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json new file mode 100644 index 00000000..52ab6306 --- /dev/null +++ b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "kafkaconnect:DescribeWorkerConfiguration", + "kafkaconnect:CreateWorkerConfiguration", + "kafkaconnect:DeleteWorkerConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kendra/aws_kendra_data_source.json b/src/mapping/aws/resource/kendra/aws_kendra_data_source.json new file mode 100644 index 00000000..f0ab23f9 --- /dev/null +++ b/src/mapping/aws/resource/kendra/aws_kendra_data_source.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "kendra:CreateDataSource", + "kendra:DescribeDataSource", + "kendra:ListTagsForResource", + "iam:PassRole", + "kendra:DeleteDataSource", + "kendra:UpdateDataSource" + ], + "attributes": { + "tags": [ + "kendra:TagResource", + "kendra:UntagResource" + ] + }, + "destroy": [ + "kendra:DeleteDataSource" + ], + "modify": [ + "kendra:UpdateDataSource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kendra/aws_kendra_experience.json b/src/mapping/aws/resource/kendra/aws_kendra_experience.json new file mode 100644 index 00000000..43923f95 --- /dev/null +++ b/src/mapping/aws/resource/kendra/aws_kendra_experience.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "kendra:DescribeExperience", + "kendra:CreateExperience", + "kendra:DeleteExperience", + "kendra:UpdateExperience" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kendra/aws_kendra_faq.json b/src/mapping/aws/resource/kendra/aws_kendra_faq.json new file mode 100644 index 00000000..c755767a --- /dev/null +++ b/src/mapping/aws/resource/kendra/aws_kendra_faq.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "kendra:CreateFaq", + "kendra:DescribeFaq", + "iam:PassRole", + "kendra:ListTagsForResource", + "kendra:DeleteFaq" + ], + "attributes": { + "tags": [ + "kendra:TagResource", + "kendra:UntagResource" + ] + }, + "destroy": [ + "kendra:DeleteFaq" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kendra/aws_kendra_index.json b/src/mapping/aws/resource/kendra/aws_kendra_index.json new file mode 100644 index 00000000..8608da31 --- /dev/null +++ b/src/mapping/aws/resource/kendra/aws_kendra_index.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "kendra:CreateIndex", + "kendra:DescribeIndex", + "kendra:UpdateIndex", + "kendra:ListTagsForResource", + "iam:PassRole", + "kendra:DeleteIndex", + "kendra:UpdateIndex" + ], + "attributes": { + "tags": [ + "kendra:TagResource", + "kendra:UntagResource" + ] + }, + "destroy": [ + "kendra:DeleteIndex" + ], + "modify": [ + "kendra:UpdateIndex" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kendra/aws_kendra_query_suggestions_block_list.json b/src/mapping/aws/resource/kendra/aws_kendra_query_suggestions_block_list.json new file mode 100644 index 00000000..ab04e1c3 --- /dev/null +++ b/src/mapping/aws/resource/kendra/aws_kendra_query_suggestions_block_list.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "kendra:DescribeQuerySuggestionsBlockList", + "kendra:CreateQuerySuggestionsBlockList", + "kendra:DeleteQuerySuggestionsBlockList", + "kendra:UpdateQuerySuggestionsBlockList" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kendra/aws_kendra_thesaurus.json b/src/mapping/aws/resource/kendra/aws_kendra_thesaurus.json new file mode 100644 index 00000000..2f910ad2 --- /dev/null +++ b/src/mapping/aws/resource/kendra/aws_kendra_thesaurus.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "kendra:DescribeThesaurus", + "kendra:CreateThesaurus", + "kendra:DeleteThesaurus", + "kendra:UpdateThesaurus" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kinesis/aws_kinesis_resource_policy.json b/src/mapping/aws/resource/kinesis/aws_kinesis_resource_policy.json new file mode 100644 index 00000000..c517c5a9 --- /dev/null +++ b/src/mapping/aws/resource/kinesis/aws_kinesis_resource_policy.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "kinesis:GetResourcePolicy", + "kinesis:PutResourcePolicy", + "kinesis:GetResourcePolicy", + "kinesis:DeleteResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "kinesis:DeleteResourcePolicy" + ], + "modify": [], + "plan": [ + "kinesis:GetResourcePolicy" + ] + } +] diff --git a/src/mapping/aws/resource/kinesisanalytics/aws_kinesis_analytics_application.json b/src/mapping/aws/resource/kinesisanalytics/aws_kinesis_analytics_application.json new file mode 100644 index 00000000..0d37f754 --- /dev/null +++ b/src/mapping/aws/resource/kinesisanalytics/aws_kinesis_analytics_application.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "kinesisanalytics:DescribeApplication", + "kinesisanalytics:CreateApplication", + "kinesisanalytics:DeleteApplication", + "kinesisanalytics:UpdateApplication", + "kinesisanalytics:ListTagsForResource" + ], + "attributes": { + "tags": [ + "kinesisanalytics:TagResource", + "kinesisanalytics:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application.json b/src/mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application.json new file mode 100644 index 00000000..2886934e --- /dev/null +++ b/src/mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "iam:PassRole", + "kinesisanalytics:CreateApplication", + "kinesisanalytics:DescribeApplication", + "kinesisanalytics:ListTagsForResource", + "kinesisanalytics:UpdateApplicationMaintenanceConfiguration", + "kinesisanalytics:DeleteApplication", + "kinesisanalytics:UpdateApplication" + ], + "attributes": { + "tags": [ + "kinesisanalytics:TagResource", + "kinesisanalytics:UntagResource" + ], + "vpc_configuration": [ + "kinesisanalytics:AddApplicationVpcConfiguration", + "kinesisanalytics:DeleteApplicationVpcConfiguration" + ] + }, + "destroy": [ + "kinesisanalytics:DeleteApplication" + ], + "modify": [ + "kinesisanalytics:UpdateApplication" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application_snapshot.json b/src/mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application_snapshot.json new file mode 100644 index 00000000..7a0c1742 --- /dev/null +++ b/src/mapping/aws/resource/kinesisanalytics/aws_kinesisanalyticsv2_application_snapshot.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "kinesisanalytics:CreateApplicationSnapshot", + "kinesisanalytics:DeleteApplicationSnapshot", + "kinesisanalytics:DescribeApplicationSnapshot" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kms/aws_kms_alias.json b/src/mapping/aws/resource/kms/aws_kms_alias.json index defca4cb..237e31e4 100644 --- a/src/mapping/aws/resource/kms/aws_kms_alias.json +++ b/src/mapping/aws/resource/kms/aws_kms_alias.json @@ -1,17 +1,20 @@ -[ - { - "apply": [ - "kms:CreateAlias", - "kms:ListAliases", - "kms:DeleteAlias" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "kms:DeleteAlias" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "kms:CreateAlias", + "kms:ListAliases", + "kms:DeleteAlias", + "kms:UpdateAlias" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "kms:DeleteAlias" + ], + "modify": [ + "kms:UpdateAlias" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kms/aws_kms_key.json b/src/mapping/aws/resource/kms/aws_kms_key.json index 46438b02..c8a35a32 100644 --- a/src/mapping/aws/resource/kms/aws_kms_key.json +++ b/src/mapping/aws/resource/kms/aws_kms_key.json @@ -4,6 +4,9 @@ "kms:CreateKey" ], "attributes": { + "description": [ + "kms:UpdateKeyDescription" + ], "enable_key_rotation": [ "kms:EnableKeyRotation" ], diff --git a/src/mapping/aws/resource/kms/aws_kms_replica_key.json b/src/mapping/aws/resource/kms/aws_kms_replica_key.json index 3970a914..6deca5eb 100644 --- a/src/mapping/aws/resource/kms/aws_kms_replica_key.json +++ b/src/mapping/aws/resource/kms/aws_kms_replica_key.json @@ -1,13 +1,32 @@ [ { "apply": [ - "kms:ReplicateKey" + "kms:ReplicateKey", + "kms:CreateKey", + "kms:DescribeKey", + "kms:DisableKey", + "kms:ScheduleKeyDeletion", + "kms:GetKeyPolicy", + "kms:EnableKey", + "kms:PutKeyPolicy", + "kms:UpdateKeyDescription" ], "attributes": { - "tags": [] + "tags": [ + "kms:TagResource", + "kms:UntagResource" + ] }, - "destroy": [], - "modify": [], - "plan": [] + "destroy": [ + "kms:ScheduleKeyDeletion" + ], + "modify": [ + "kms:EnableKey", + "kms:PutKeyPolicy", + "kms:UpdateKeyDescription" + ], + "plan": [ + "kms:GetKeyPolicy" + ] } ] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_data_cells_filter.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_data_cells_filter.json new file mode 100644 index 00000000..9d2b5369 --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_data_cells_filter.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "lakeformation:CreateDataCellsFilter", + "glue:GetTable", + "lakeformation:DeleteDataCellsFilter", + "lakeformation:ListDataCellsFilter" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "lakeformation:DeleteDataCellsFilter" + ], + "modify": [], + "plan": [ + "lakeformation:ListDataCellsFilter" + ] + } +] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_data_lake_settings.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_data_lake_settings.json new file mode 100644 index 00000000..c70fea1f --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_data_lake_settings.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "lakeformation:PutDataLakeSettings", + "lakeformation:GetDataLakeSettings" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_lf_tag.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_lf_tag.json new file mode 100644 index 00000000..62285c76 --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_lf_tag.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "lakeformation:CreateLFTag", + "lakeformation:DeleteLFTag", + "lakeformation:UpdateLFTag", + "lakeformation:GetLFTag" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "lakeformation:DeleteLFTag" + ], + "modify": [ + "lakeformation:UpdateLFTag" + ], + "plan": [ + "lakeformation:GetLFTag" + ] + } +] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_opt_in.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_opt_in.json new file mode 100644 index 00000000..4885bc06 --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_opt_in.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "lakeformation:CreateLakeFormationOptIn", + "lakeformation:DeleteLakeFormationOptIn" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_permissions.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_permissions.json new file mode 100644 index 00000000..e1013ddc --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_permissions.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "lakeformation:GrantPermissions", + "lakeformation:RevokePermissions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource.json new file mode 100644 index 00000000..a24ed1e0 --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "lakeformation:RegisterResource", + "iam:PutRolePolicy", + "lakeformation:DescribeResource", + "lakeformation:DeregisterResource", + "iam:GetRolePolicy", + "lakeformation:UpdateResource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tag.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tag.json new file mode 100644 index 00000000..f699b863 --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tag.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "lakeformation:CreateLFTag", + "lakeformation:DeleteLFTag", + "lakeformation:GetLFTag", + "lakeformation:UpdateLFTag" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "lakeformation:DeleteLFTag" + ], + "modify": [ + "lakeformation:UpdateLFTag" + ], + "plan": [ + "lakeformation:GetLFTag" + ] + } +] diff --git a/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tags.json b/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tags.json new file mode 100644 index 00000000..bcce16cb --- /dev/null +++ b/src/mapping/aws/resource/lakeformation/aws_lakeformation_resource_lf_tags.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "lakeformation:CreateLFTag", + "lakeformation:DeleteLFTag", + "lakeformation:GetLFTag", + "lakeformation:UpdateLFTag", + "lakeformation:GetResourceLFTags" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "lakeformation:DeleteLFTag" + ], + "modify": [ + "lakeformation:UpdateLFTag" + ], + "plan": [ + "lakeformation:GetLFTag" + ] + } +] diff --git a/src/mapping/aws/resource/lambda/aws_lambda_code_signing_config.json b/src/mapping/aws/resource/lambda/aws_lambda_code_signing_config.json index f2aadf71..eb98db22 100644 --- a/src/mapping/aws/resource/lambda/aws_lambda_code_signing_config.json +++ b/src/mapping/aws/resource/lambda/aws_lambda_code_signing_config.json @@ -3,7 +3,8 @@ "apply": [ "lambda:CreateCodeSigningConfig", "lambda:GetCodeSigningConfig", - "lambda:DeleteCodeSigningConfig" + "lambda:DeleteCodeSigningConfig", + "lambda:UpdateCodeSigningConfig" ], "attributes": { "tags": [] @@ -11,7 +12,9 @@ "destroy": [ "lambda:DeleteCodeSigningConfig" ], - "modify": [], + "modify": [ + "lambda:UpdateCodeSigningConfig" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/lambda/aws_lambda_event_source_mapping.json b/src/mapping/aws/resource/lambda/aws_lambda_event_source_mapping.json index 940206cd..2e573ddd 100644 --- a/src/mapping/aws/resource/lambda/aws_lambda_event_source_mapping.json +++ b/src/mapping/aws/resource/lambda/aws_lambda_event_source_mapping.json @@ -1,20 +1,33 @@ [ { "apply": [ - "ec2:DescribeAccountAttributes", "lambda:CreateEventSourceMapping", "lambda:GetEventSourceMapping", - "lambda:DeleteEventSourceMapping" + "lambda:DeleteEventSourceMapping", + "lambda:UpdateEventSourceMapping", + "lambda:ListTags" ], "attributes": { - "tags": [] + "kms_key_arn": [ + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "lambda:TagResource", + "lambda:UntagResource" + ] }, "destroy": [ - "lambda:DeleteEventSourceMapping" + "lambda:DeleteEventSourceMapping", + "lambda:GetEventSourceMapping" ], "modify": [ "lambda:UpdateEventSourceMapping" ], - "plan": [] + "plan": [ + "lambda:GetEventSourceMapping", + "lambda:ListTags" + ] } ] diff --git a/src/mapping/aws/resource/lambda/aws_lambda_function.json b/src/mapping/aws/resource/lambda/aws_lambda_function.json index 59c69ab2..fd920f0e 100644 --- a/src/mapping/aws/resource/lambda/aws_lambda_function.json +++ b/src/mapping/aws/resource/lambda/aws_lambda_function.json @@ -1,40 +1,46 @@ -[ - { - "apply": [ - "ec2:DescribeAccountAttributes", - "lambda:CreateFunction", - "iam:PassRole", - "lambda:GetFunctionCodeSigningConfig", - "lambda:DeleteFunction", - "ec2:DescribeNetworkInterfaces" - ], - "attributes": { - "code_signing_config_arn": [ - "lambda:GetCodeSigningConfig" - ], - "s3_bucket": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "security_group_ids": [ - "ec2:DescribeSecurityGroups" - ], - "subnet_ids": [], - "tags": [ - "lambda:TagResource", - "lambda:UntagResource" - ] - }, - "destroy": [ - "lambda:DeleteFunction" - ], - "modify": [ - "lambda:GetFunction", - "lambda:ListVersionsByFunction" - ], - "plan": [ - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig" - ] - } -] +[ + { + "apply": [ + "ec2:DescribeAccountAttributes", + "lambda:CreateFunction", + "iam:PassRole", + "lambda:GetFunctionCodeSigningConfig", + "lambda:DeleteFunction", + "ec2:DescribeNetworkInterfaces" + ], + "attributes": { + "code_signing_config_arn": [ + "lambda:GetCodeSigningConfig" + ], + "kms_key_arn": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey" + ], + "s3_bucket": [ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "security_group_ids": [ + "ec2:DescribeSecurityGroups" + ], + "subnet_ids": [], + "tags": [ + "lambda:TagResource", + "lambda:UntagResource" + ] + }, + "destroy": [ + "lambda:DeleteFunction" + ], + "modify": [ + "lambda:GetFunction", + "lambda:ListVersionsByFunction" + ], + "plan": [ + "lambda:GetFunction", + "lambda:GetFunctionCodeSigningConfig" + ] + } +] diff --git a/src/mapping/aws/resource/lambda/aws_lambda_function_event_invoke_config.json b/src/mapping/aws/resource/lambda/aws_lambda_function_event_invoke_config.json index 7511a0d8..47f4d666 100644 --- a/src/mapping/aws/resource/lambda/aws_lambda_function_event_invoke_config.json +++ b/src/mapping/aws/resource/lambda/aws_lambda_function_event_invoke_config.json @@ -4,7 +4,8 @@ "ec2:DescribeAccountAttributes", "lambda:GetFunctionEventInvokeConfig", "lambda:PutFunctionEventInvokeConfig", - "lambda:DeleteFunctionEventInvokeConfig" + "lambda:DeleteFunctionEventInvokeConfig", + "lambda:UpdateFunctionEventInvokeConfig" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/lambda/aws_lambda_function_recursion_config.json b/src/mapping/aws/resource/lambda/aws_lambda_function_recursion_config.json new file mode 100644 index 00000000..9a78a611 --- /dev/null +++ b/src/mapping/aws/resource/lambda/aws_lambda_function_recursion_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "lambda:GetFunctionRecursionConfig", + "lambda:PutFunctionRecursionConfig" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lambda/aws_lambda_layer_version.json b/src/mapping/aws/resource/lambda/aws_lambda_layer_version.json index a3c5d3cf..5c62543a 100644 --- a/src/mapping/aws/resource/lambda/aws_lambda_layer_version.json +++ b/src/mapping/aws/resource/lambda/aws_lambda_layer_version.json @@ -8,7 +8,8 @@ ], "attributes": { "s3_bucket": [ - "s3:GetObject" + "s3:GetObject", + "s3:GetObjectVersion" ], "tags": [] }, diff --git a/src/mapping/aws/resource/lambda/aws_lambda_runtime_management_config.json b/src/mapping/aws/resource/lambda/aws_lambda_runtime_management_config.json new file mode 100644 index 00000000..f8cb1a43 --- /dev/null +++ b/src/mapping/aws/resource/lambda/aws_lambda_runtime_management_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "lambda:GetRuntimeManagementConfig", + "lambda:PutRuntimeManagementConfig" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lex_bot.json b/src/mapping/aws/resource/lex/aws_lex_bot.json new file mode 100644 index 00000000..f9b4a3b3 --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lex_bot.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "iam:PassRole", + "lex:DescribeBot", + "lex:CreateBot", + "lex:UpdateBot", + "lex:DeleteBot", + "lex:ListBots", + "lex:ListTagsForResource", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "lex:CreateBotReplica", + "lex:DescribeBotReplica", + "lex:DeleteBotReplica" + ], + "attributes": { + "tags": [ + "lex:TagResource", + "lex:UntagResource" + ] + }, + "destroy": [ + "lex:DeleteBot" + ], + "modify": [ + "lex:UpdateBot" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lex_bot_alias.json b/src/mapping/aws/resource/lex/aws_lex_bot_alias.json new file mode 100644 index 00000000..aa98899b --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lex_bot_alias.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "lex:CreateBotAlias", + "lex:DescribeBot", + "lex:DeleteBotAlias", + "lex:UpdateBotAlias", + "lex:DescribeBotAlias", + "lex:ListTagsForResource" + ], + "attributes": { + "tags": [ + "lex:TagResource", + "lex:UntagResource" + ] + }, + "destroy": [ + "lex:DeleteBotAlias" + ], + "modify": [ + "lex:UpdateBotAlias", + "lex:DescribeBotAlias", + "lex:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lex_intent.json b/src/mapping/aws/resource/lex/aws_lex_intent.json new file mode 100644 index 00000000..717572f5 --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lex_intent.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "lex:CreateIntent", + "lex:DeleteIntent", + "lex:UpdateIntent" + ], + "attributes": { + "tags": [ + "lex:TagResource", + "lex:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lex_slot_type.json b/src/mapping/aws/resource/lex/aws_lex_slot_type.json new file mode 100644 index 00000000..0a5e49b9 --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lex_slot_type.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "lex:CreateSlotType", + "lex:DeleteSlotType", + "lex:UpdateSlotType" + ], + "attributes": { + "tags": [ + "lex:TagResource", + "lex:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lexv2models_bot.json b/src/mapping/aws/resource/lex/aws_lexv2models_bot.json new file mode 100644 index 00000000..6ed8caec --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lexv2models_bot.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "lex:DescribeBot", + "lex:CreateBot", + "lex:DeleteBot", + "lex:UpdateBot", + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "lex:ListTagsForResource" + ], + "attributes": { + "tags": [ + "lex:TagResource", + "lex:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lexv2models_bot_locale.json b/src/mapping/aws/resource/lex/aws_lexv2models_bot_locale.json new file mode 100644 index 00000000..8b35137e --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lexv2models_bot_locale.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "lex:DescribeBotLocale", + "lex:CreateBotLocale", + "lex:DeleteBotLocale", + "lex:UpdateBotLocale" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lexv2models_bot_version.json b/src/mapping/aws/resource/lex/aws_lexv2models_bot_version.json new file mode 100644 index 00000000..4686b66c --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lexv2models_bot_version.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "lex:CreateBotVersion", + "lex:DescribeBotVersion", + "lex:DescribeBot", + "lex:DescribeBotLocale", + "lex:BuildBotLocale" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "lex:DeleteBotVersion", + "lex:DescribeBotVersion" + ], + "modify": [], + "plan": [ + "lex:DescribeBotVersion" + ] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lexv2models_intent.json b/src/mapping/aws/resource/lex/aws_lexv2models_intent.json new file mode 100644 index 00000000..2d0cd06f --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lexv2models_intent.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "lex:DescribeIntent", + "lex:CreateIntent", + "lex:DeleteIntent", + "lex:UpdateIntent" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lexv2models_slot.json b/src/mapping/aws/resource/lex/aws_lexv2models_slot.json new file mode 100644 index 00000000..f36b65b1 --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lexv2models_slot.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "lex:DescribeSlot", + "lex:CreateSlot", + "lex:DeleteSlot", + "lex:UpdateSlot" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lex/aws_lexv2models_slot_type.json b/src/mapping/aws/resource/lex/aws_lexv2models_slot_type.json new file mode 100644 index 00000000..8c0abf3a --- /dev/null +++ b/src/mapping/aws/resource/lex/aws_lexv2models_slot_type.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "lex:DescribeSlotType", + "lex:CreateSlotType", + "lex:DeleteSlotType", + "lex:UpdateSlotType" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/license-manager/aws_licensemanager_association.json b/src/mapping/aws/resource/license-manager/aws_licensemanager_association.json new file mode 100644 index 00000000..57ccd997 --- /dev/null +++ b/src/mapping/aws/resource/license-manager/aws_licensemanager_association.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "license-manager:ListAssociationsForLicenseConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/license-manager/aws_licensemanager_grant.json b/src/mapping/aws/resource/license-manager/aws_licensemanager_grant.json new file mode 100644 index 00000000..f3cdf210 --- /dev/null +++ b/src/mapping/aws/resource/license-manager/aws_licensemanager_grant.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "license-manager:CreateGrant", + "license-manager:DeleteGrant", + "license-manager:GetGrant", + "license-manager:CreateGrantVersion" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "license-manager:DeleteGrant" + ], + "modify": [ + "license-manager:CreateGrantVersion" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/license-manager/aws_licensemanager_grant_accepter.json b/src/mapping/aws/resource/license-manager/aws_licensemanager_grant_accepter.json new file mode 100644 index 00000000..96a10d03 --- /dev/null +++ b/src/mapping/aws/resource/license-manager/aws_licensemanager_grant_accepter.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "license-manager:AcceptGrant", + "license-manager:RejectGrant" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/license-manager/aws_licensemanager_license_configuration.json b/src/mapping/aws/resource/license-manager/aws_licensemanager_license_configuration.json new file mode 100644 index 00000000..03d99f31 --- /dev/null +++ b/src/mapping/aws/resource/license-manager/aws_licensemanager_license_configuration.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "license-manager:CreateLicense", + "license-manager:DeleteLicense", + "license-manager:GetLicense", + "license-manager:CreateLicenseVersion" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "license-manager:DeleteLicense" + ], + "modify": [ + "license-manager:CreateLicenseVersion" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_bucket.json b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket.json new file mode 100644 index 00000000..5181ac1a --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket.json @@ -0,0 +1,33 @@ +[ + { + "apply": [ + "lightsail:CreateBucket", + "lightsail:GetBuckets", + "lightsail:GetInstance", + "lightsail:UpdateBucket", + "lightsail:UpdateBucketBundle", + "lightsail:SetResourceAccessForBucket", + "lightsail:DeleteBucket" + ], + "attributes": { + "tags": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] + }, + "destroy": [ + "lightsail:DeleteBucket", + "lightsail:GetBuckets" + ], + "modify": [ + "lightsail:GetBuckets", + "lightsail:GetInstance", + "lightsail:UpdateBucket", + "lightsail:UpdateBucketBundle", + "lightsail:SetResourceAccessForBucket" + ], + "plan": [ + "lightsail:GetBuckets" + ] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key.json b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key.json new file mode 100644 index 00000000..0ba465f9 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "lightsail:CreateBucketAccessKey", + "lightsail:DeleteBucketAccessKey", + "lightsail:GetBucketAccessKeys" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key_access_key.json b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key_access_key.json new file mode 100644 index 00000000..f2c65ea6 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_access_key_access_key.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "lightsail:GetBucketAccessKeys", + "lightsail:CreateBucketAccessKey", + "lightsail:DeleteBucketAccessKey" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_resource_access.json b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_resource_access.json new file mode 100644 index 00000000..43015810 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_bucket_resource_access.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "lightsail:SetResourceAccessForBucket" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_certificate.json b/src/mapping/aws/resource/lightsail/aws_lightsail_certificate.json new file mode 100644 index 00000000..df6e7fed --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_certificate.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "lightsail:CreateCertificate", + "lightsail:GetCertificates", + "lightsail:DeleteCertificate" + ], + "attributes": { + "tags": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] + }, + "destroy": [ + "lightsail:DeleteCertificate" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_container_service.json b/src/mapping/aws/resource/lightsail/aws_lightsail_container_service.json new file mode 100644 index 00000000..c3387c4f --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_container_service.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "lightsail:GetContainerServices", + "lightsail:CreateContainerService", + "lightsail:DeleteContainerService", + "lightsail:UpdateContainerService" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_container_service_deployment_version.json b/src/mapping/aws/resource/lightsail/aws_lightsail_container_service_deployment_version.json new file mode 100644 index 00000000..349aad66 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_container_service_deployment_version.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "lightsail:GetContainerServiceDeployments", + "lightsail:CreateContainerServiceDeployment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_database.json b/src/mapping/aws/resource/lightsail/aws_lightsail_database.json new file mode 100644 index 00000000..43cdc66e --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_database.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "lightsail:CreateRelationalDatabase", + "lightsail:GetRelationalDatabase", + "lightsail:GetRelationalDatabases", + "lightsail:GetRegions", + "lightsail:UpdateRelationalDatabase", + "lightsail:UpdateRelationalDatabaseParameters", + "lightsail:DeleteRelationalDatabase" + ], + "attributes": { + "tags": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] + }, + "destroy": [ + "lightsail:DeleteRelationalDatabase" + ], + "modify": [ + "lightsail:UpdateRelationalDatabase", + "lightsail:UpdateRelationalDatabaseParameters" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_disk.json b/src/mapping/aws/resource/lightsail/aws_lightsail_disk.json new file mode 100644 index 00000000..8bbba5e0 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_disk.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "lightsail:CreateDisk", + "lightsail:EnableAddOn", + "lightsail:DisableAddOn", + "lightsail:GetDisk", + "lightsail:GetDisks", + "lightsail:GetRegions", + "lightsail:DeleteDisk" + ], + "attributes": { + "tags": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] + }, + "destroy": [ + "lightsail:DeleteDisk" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_disk_attachment.json b/src/mapping/aws/resource/lightsail/aws_lightsail_disk_attachment.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_disk_attachment.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_distribution.json b/src/mapping/aws/resource/lightsail/aws_lightsail_distribution.json new file mode 100644 index 00000000..ad221607 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_distribution.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "lightsail:CreateDistribution", + "lightsail:GetDistributions", + "lightsail:UpdateDistribution", + "lightsail:UpdateDistributionBundle", + "lightsail:DeleteDistribution" + ], + "attributes": { + "certificate_name": [ + "lightsail:AttachCertificateToDistribution", + "lightsail:DetachCertificateFromDistribution", + "lightsail:GetCertificates", + "lightsail:GetCertificateDetails" + ], + "tags": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] + }, + "destroy": [ + "lightsail:DeleteDistribution" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_domain.json b/src/mapping/aws/resource/lightsail/aws_lightsail_domain.json new file mode 100644 index 00000000..e6a02cf0 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_domain.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "lightsail:GetDomain", + "lightsail:CreateDomain", + "lightsail:DeleteDomain" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_domain_entry.json b/src/mapping/aws/resource/lightsail/aws_lightsail_domain_entry.json new file mode 100644 index 00000000..5606fa2a --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_domain_entry.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "lightsail:CreateDomainEntry", + "lightsail:DeleteDomainEntry", + "lightsail:UpdateDomainEntry" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_instance.json b/src/mapping/aws/resource/lightsail/aws_lightsail_instance.json index 3069f642..bf887985 100644 --- a/src/mapping/aws/resource/lightsail/aws_lightsail_instance.json +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_instance.json @@ -3,8 +3,19 @@ "apply": [ "ec2:DescribeAccountAttributes", "lightsail:CreateInstances", + "lightsail:GetInstances", + "lightsail:EnableAddOn", "lightsail:GetInstance", - "lightsail:DeleteInstance" + "lightsail:DisableAddOn", + "lightsail:PutInstancePublicPorts", + "lightsail:AttachDisk", + "lightsail:DetachDisk", + "lightsail:StartInstance", + "lightsail:StopInstance", + "lightsail:GetDisk", + "lightsail:GetRegions", + "lightsail:DeleteInstance", + "lightsail:ReleaseStaticIp" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_lb.json b/src/mapping/aws/resource/lightsail/aws_lightsail_lb.json new file mode 100644 index 00000000..b9775b2e --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_lb.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "lightsail:CreateLoadBalancer", + "lightsail:GetLoadBalancer", + "lightsail:GetLoadBalancers", + "lightsail:GetInstance", + "lightsail:AttachInstancesToLoadBalancer", + "lightsail:DetachInstancesFromLoadBalancer", + "lightsail:UpdateLoadBalancerAttribute", + "lightsail:DeleteLoadBalancer" + ], + "attributes": { + "tags": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ] + }, + "destroy": [ + "lightsail:DeleteLoadBalancer" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_lb_attachment.json b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_attachment.json new file mode 100644 index 00000000..15c741c4 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_attachment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "lightsail:AttachInstancesToLoadBalancer", + "lightsail:DetachInstancesFromLoadBalancer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_lb_certificate.json b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_certificate.json new file mode 100644 index 00000000..b7b0e288 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_certificate.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "lightsail:GetLoadBalancerTlsCertificates", + "lightsail:CreateLoadBalancerTlsCertificate", + "lightsail:DeleteLoadBalancerTlsCertificate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_lb_certificate_attachment.json b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_certificate_attachment.json new file mode 100644 index 00000000..e66c77c7 --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_certificate_attachment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "lightsail:AttachLoadBalancerTlsCertificate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_lb_https_redirection_policy.json b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_https_redirection_policy.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_https_redirection_policy.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_lb_stickiness_policy.json b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_stickiness_policy.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_lb_stickiness_policy.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/lightsail/aws_lightsail_static_ip.json b/src/mapping/aws/resource/lightsail/aws_lightsail_static_ip.json index d7ca5c73..b6949b65 100644 --- a/src/mapping/aws/resource/lightsail/aws_lightsail_static_ip.json +++ b/src/mapping/aws/resource/lightsail/aws_lightsail_static_ip.json @@ -1,13 +1,20 @@ [ { "apply": [ + "lightsail:AllocateStaticIp", + "lightsail:AttachStaticIp", + "lightsail:DetachStaticIp", + "lightsail:GetInstance", "lightsail:GetStaticIp", - "lightsail:AllocateStaticIp" + "lightsail:GetStaticIps", + "lightsail:ReleaseStaticIp" ], "attributes": { "tags": [] }, - "destroy": [], + "destroy": [ + "lightsail:ReleaseStaticIp" + ], "modify": [], "plan": [] } diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_account_policy.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_account_policy.json new file mode 100644 index 00000000..1a830b05 --- /dev/null +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_account_policy.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "logs:PutAccountPolicy", + "logs:PutDataProtectionPolicy", + "logs:DescribeAccountPolicies", + "logs:CreateLogDelivery", + "firehose:TagDeliveryStream", + "logs:PutSubscriptionFilter", + "logs:DeleteSubscriptionFilter", + "logs:DeleteAccountPolicy", + "logs:DeleteDataProtectionPolicy", + "iam:PassRole" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "logs:DeleteAccountPolicy", + "logs:DeleteDataProtectionPolicy", + "logs:DeleteSubscriptionFilter" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_anomaly_detector.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_anomaly_detector.json new file mode 100644 index 00000000..1391d947 --- /dev/null +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_anomaly_detector.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logs:CreateLogAnomalyDetector", + "logs:GetLogAnomalyDetector", + "logs:DeleteLogAnomalyDetector", + "logs:UpdateLogAnomalyDetector" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery.json new file mode 100644 index 00000000..ec0d2e1c --- /dev/null +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logs:GetLogDelivery", + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:UpdateLogDelivery" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination.json new file mode 100644 index 00000000..5577e602 --- /dev/null +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logs:PutDeliveryDestination", + "logs:GetDeliveryDestination", + "logs:DescribeDeliveryDestinations", + "logs:DeleteDeliveryDestination" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination_policy.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination_policy.json new file mode 100644 index 00000000..b21fccd6 --- /dev/null +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_destination_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "logs:PutDeliveryDestinationPolicy", + "logs:GetDeliveryDestinationPolicy", + "logs:DeleteDeliveryDestinationPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_source.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_source.json new file mode 100644 index 00000000..03f469fa --- /dev/null +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_delivery_source.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "logs:GetDeliverySource", + "logs:PutDeliverySource", + "logs:DeleteDeliverySource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_group.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_group.json index a870eed2..5f68f251 100644 --- a/src/mapping/aws/resource/logs/aws_cloudwatch_log_group.json +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_group.json @@ -4,7 +4,8 @@ "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:ListTagsLogGroup", - "logs:DeleteLogGroup" + "logs:DeleteLogGroup", + "logs:ListTagsForResource" ], "attributes": { "kms_key_id": [ diff --git a/src/mapping/aws/resource/logs/aws_cloudwatch_log_index_policy.json b/src/mapping/aws/resource/logs/aws_cloudwatch_log_index_policy.json new file mode 100644 index 00000000..64408e15 --- /dev/null +++ b/src/mapping/aws/resource/logs/aws_cloudwatch_log_index_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "logs:PutIndexPolicy", + "logs:DeleteIndexPolicy", + "logs:DescribeIndexPolicies" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/m2/aws_m2_application.json b/src/mapping/aws/resource/m2/aws_m2_application.json new file mode 100644 index 00000000..f79b245a --- /dev/null +++ b/src/mapping/aws/resource/m2/aws_m2_application.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "m2:GetApplication", + "m2:CreateApplication", + "m2:DeleteApplication", + "m2:UpdateApplication" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/m2/aws_m2_deployment.json b/src/mapping/aws/resource/m2/aws_m2_deployment.json new file mode 100644 index 00000000..d276602b --- /dev/null +++ b/src/mapping/aws/resource/m2/aws_m2_deployment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "m2:GetDeployment", + "m2:CreateDeployment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/m2/aws_m2_environment.json b/src/mapping/aws/resource/m2/aws_m2_environment.json new file mode 100644 index 00000000..f7db8152 --- /dev/null +++ b/src/mapping/aws/resource/m2/aws_m2_environment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "m2:CreateEnvironment", + "m2:GetEnvironment", + "m2:DeleteEnvironment", + "m2:UpdateEnvironment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_account.json b/src/mapping/aws/resource/macie2/aws_macie2_account.json new file mode 100644 index 00000000..86396b07 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_account.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "macie2:EnableMacie", + "iam:CreateServiceLinkedRole", + "macie2:GetMacieSession", + "macie2:DisableMacie" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json b/src/mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json new file mode 100644 index 00000000..5f810e9b --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "macie2:GetClassificationExportConfiguration", + "macie2:PutClassificationExportConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_classification_job.json b/src/mapping/aws/resource/macie2/aws_macie2_classification_job.json new file mode 100644 index 00000000..90fb5776 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_classification_job.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "macie2:DescribeClassificationJob", + "macie2:CreateClassificationJob", + "macie2:UpdateClassificationJob" + ], + "attributes": { + "tags": [ + "macie2:TagResource", + "macie2:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_custom_data_identifier.json b/src/mapping/aws/resource/macie2/aws_macie2_custom_data_identifier.json new file mode 100644 index 00000000..6b5c12b1 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_custom_data_identifier.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "macie2:CreateCustomDataIdentifier", + "macie2:GetCustomDataIdentifier", + "macie2:DeleteCustomDataIdentifier" + ], + "attributes": { + "tags": [ + "macie2:TagResource", + "macie2:UntagResource" + ] + }, + "destroy": [ + "macie2:DeleteCustomDataIdentifier" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_findings_filter.json b/src/mapping/aws/resource/macie2/aws_macie2_findings_filter.json new file mode 100644 index 00000000..52bd98b6 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_findings_filter.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "macie2:GetFindingsFilter", + "macie2:CreateFindingsFilter", + "macie2:DeleteFindingsFilter", + "macie2:UpdateFindingsFilter" + ], + "attributes": { + "tags": [ + "macie2:TagResource", + "macie2:UntagResource" + ] + }, + "destroy": [ + "macie2:DeleteFindingsFilter" + ], + "modify": [ + "macie2:UpdateFindingsFilter" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json b/src/mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json new file mode 100644 index 00000000..484723ef --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "macie2:AcceptInvitation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_member.json b/src/mapping/aws/resource/macie2/aws_macie2_member.json new file mode 100644 index 00000000..b6dacd9b --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_member.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "macie2:GetMember", + "macie2:DeleteMember", + "macie2:CreateMember" + ], + "attributes": { + "tags": [ + "macie2:TagResource", + "macie2:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json b/src/mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json new file mode 100644 index 00000000..a4373af9 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "macie2:EnableOrganizationAdminAccount", + "macie2:DisableOrganizationAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_organization_configuration.json b/src/mapping/aws/resource/macie2/aws_macie2_organization_configuration.json new file mode 100644 index 00000000..4fb9b033 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_organization_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "macie2:DescribeOrganizationConfiguration", + "macie2:UpdateOrganizationConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/medialive/aws_medialive_channel.json b/src/mapping/aws/resource/medialive/aws_medialive_channel.json new file mode 100644 index 00000000..76218b94 --- /dev/null +++ b/src/mapping/aws/resource/medialive/aws_medialive_channel.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "medialive:DescribeChannel", + "medialive:CreateChannel", + "medialive:DeleteChannel", + "medialive:UpdateChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/medialive/aws_medialive_multiplex.json b/src/mapping/aws/resource/medialive/aws_medialive_multiplex.json new file mode 100644 index 00000000..d95a9932 --- /dev/null +++ b/src/mapping/aws/resource/medialive/aws_medialive_multiplex.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "medialive:CreateMultiplex", + "medialive:DescribeMultiplex", + "medialive:DeleteMultiplex", + "medialive:UpdateMultiplex" + ], + "attributes": { + "tags": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ] + }, + "destroy": [ + "medialive:DeleteMultiplex" + ], + "modify": [ + "medialive:UpdateMultiplex" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/medialive/aws_medialive_multiplex_program.json b/src/mapping/aws/resource/medialive/aws_medialive_multiplex_program.json new file mode 100644 index 00000000..6a4efb83 --- /dev/null +++ b/src/mapping/aws/resource/medialive/aws_medialive_multiplex_program.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "medialive:CreateMultiplexProgram", + "medialive:DescribeMultiplexProgram", + "medialive:DeleteMultiplexProgram", + "medialive:UpdateMultiplexProgram" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "medialive:DeleteMultiplexProgram" + ], + "modify": [ + "medialive:UpdateMultiplexProgram" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mediapackage/aws_media_package_channel.json b/src/mapping/aws/resource/mediapackage/aws_media_package_channel.json new file mode 100644 index 00000000..3594613b --- /dev/null +++ b/src/mapping/aws/resource/mediapackage/aws_media_package_channel.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "mediapackage:CreateChannel", + "mediapackage:DescribeChannel", + "mediapackage:UpdateChannel", + "mediapackage:ConfigureLogs", + "mediapackage:DeleteChannel", + "mediapackage:UpdateChannel", + "mediapackage:ConfigureLogs", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "mediapackage:TagResource", + "mediapackage:UntagResource" + ] + }, + "destroy": [ + "mediapackage:DeleteChannel" + ], + "modify": [ + "mediapackage:UpdateChannel", + "mediapackage:ConfigureLogs" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mediapackagev2/aws_media_packagev2_channel_group.json b/src/mapping/aws/resource/mediapackagev2/aws_media_packagev2_channel_group.json new file mode 100644 index 00000000..0f99b154 --- /dev/null +++ b/src/mapping/aws/resource/mediapackagev2/aws_media_packagev2_channel_group.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "mediapackagev2:GetChannelGroup", + "mediapackagev2:DeleteChannelGroup", + "mediapackagev2:CreateChannelGroup", + "mediapackagev2:ListTagsForResource" + ], + "attributes": { + "tags": [ + "mediapackagev2:TagResource", + "mediapackagev2:UntagResource" + ] + }, + "destroy": [ + "mediapackagev2:GetChannelGroup", + "mediapackagev2:DeleteChannelGroup" + ], + "modify": [ + "mediapackagev2:ListTagsForResource", + "mediapackagev2:UpdateChannelGroup" + ], + "plan": [ + "mediapackagev2:GetChannelGroup" + ] + } +] diff --git a/src/mapping/aws/resource/mediastore/aws_media_store_container.json b/src/mapping/aws/resource/mediastore/aws_media_store_container.json new file mode 100644 index 00000000..e0ae6bbb --- /dev/null +++ b/src/mapping/aws/resource/mediastore/aws_media_store_container.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "mediastore:DescribeContainer", + "mediastore:CreateContainer", + "mediastore:DeleteContainer", + "mediastore:ListTagsForResource" + ], + "attributes": { + "tags": [ + "mediastore:TagResource", + "mediastore:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mediastore/aws_media_store_container_policy.json b/src/mapping/aws/resource/mediastore/aws_media_store_container_policy.json new file mode 100644 index 00000000..051d6259 --- /dev/null +++ b/src/mapping/aws/resource/mediastore/aws_media_store_container_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "mediastore:DeleteContainerPolicy", + "mediastore:PutContainerPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/memorydb/aws_memorydb_acl.json b/src/mapping/aws/resource/memorydb/aws_memorydb_acl.json new file mode 100644 index 00000000..347e0f09 --- /dev/null +++ b/src/mapping/aws/resource/memorydb/aws_memorydb_acl.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "memorydb:CreateACL", + "memorydb:DescribeACLs", + "memorydb:ListTags", + "memorydb:ModifyReplicationGroup", + "memorydb:DeleteACL", + "memorydb:UpdateACL", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "memorydb:TagResource", + "memorydb:UntagResource" + ] + }, + "destroy": [ + "memorydb:ModifyReplicationGroup", + "memorydb:DeleteACL", + "memorydb:DescribeACLs" + ], + "modify": [ + "memorydb:UpdateACL" + ], + "plan": [ + "memorydb:DescribeACLs", + "memorydb:ListTags" + ] + } +] diff --git a/src/mapping/aws/resource/memorydb/aws_memorydb_cluster.json b/src/mapping/aws/resource/memorydb/aws_memorydb_cluster.json index 27866ce54..3dacb277 100644 --- a/src/mapping/aws/resource/memorydb/aws_memorydb_cluster.json +++ b/src/mapping/aws/resource/memorydb/aws_memorydb_cluster.json @@ -4,20 +4,30 @@ "memorydb:CreateCluster", "memorydb:DescribeClusters", "memorydb:DeleteCluster", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ], "attributes": { + "kms_key_arn": [ + "kms:DescribeKey", + "kms:CreateGrant" + ], "tags": [ "memorydb:TagResource", "memorydb:UntagResource" ] }, "destroy": [ - "memorydb:DeleteCluster" + "memorydb:DeleteCluster", + "memorydb:DescribeClusters" ], "modify": [ - "memorydb:UpdateCluster" + "memorydb:UpdateCluster", + "memorydb:DescribeClusters" ], - "plan": [] + "plan": [ + "memorydb:DescribeClusters", + "memorydb:ListTags" + ] } ] diff --git a/src/mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json b/src/mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json new file mode 100644 index 00000000..04216116 --- /dev/null +++ b/src/mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "memorydb:CreateMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters", + "memorydb:DeleteMultiRegionCluster", + "memorydb:UpdateMultiRegionCluster", + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "memorydb:TagResource", + "memorydb:UntagResource" + ] + }, + "destroy": [ + "memorydb:DeleteMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters" + ], + "modify": [ + "memorydb:UpdateMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters", + "memorydb:ListTags" + ], + "plan": [ + "memorydb:DescribeMultiRegionClusters", + "memorydb:ListTags" + ] + } +] diff --git a/src/mapping/aws/resource/memorydb/aws_memorydb_parameter_group.json b/src/mapping/aws/resource/memorydb/aws_memorydb_parameter_group.json new file mode 100644 index 00000000..b2402c59 --- /dev/null +++ b/src/mapping/aws/resource/memorydb/aws_memorydb_parameter_group.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "memorydb:CreateParameterGroup", + "memorydb:DescribeParameterGroups", + "memorydb:ListTags", + "memorydb:UpdateParameterGroup", + "memorydb:DescribeParameters", + "memorydb:DescribeClusters", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "memorydb:TagResource" + ] + }, + "destroy": [ + "memorydb:DeleteParameterGroup" + ], + "modify": [ + "memorydb:UpdateParameterGroup", + "memorydb:DescribeParameters", + "memorydb:DescribeClusters" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/memorydb/aws_memorydb_subnet_group.json b/src/mapping/aws/resource/memorydb/aws_memorydb_subnet_group.json index 5ac15162..b4e78704 100644 --- a/src/mapping/aws/resource/memorydb/aws_memorydb_subnet_group.json +++ b/src/mapping/aws/resource/memorydb/aws_memorydb_subnet_group.json @@ -4,7 +4,8 @@ "memorydb:CreateSubnetGroup", "memorydb:DescribeSubnetGroups", "memorydb:ListTags", - "memorydb:DeleteSubnetGroup" + "memorydb:DeleteSubnetGroup", + "iam:CreateServiceLinkedRole" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/memorydb/aws_memorydb_user.json b/src/mapping/aws/resource/memorydb/aws_memorydb_user.json new file mode 100644 index 00000000..afecb602 --- /dev/null +++ b/src/mapping/aws/resource/memorydb/aws_memorydb_user.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "memorydb:CreateUser", + "memorydb:DescribeUsers", + "memorydb:ListTags", + "memorydb:DeleteUser", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "memorydb:TagResource", + "memorydb:UntagResource" + ] + }, + "destroy": [ + "memorydb:DeleteUser", + "memorydb:DescribeUsers" + ], + "modify": [ + "memorydb:UpdateUser", + "memorydb:DescribeUsers", + "memorydb:ListTags" + ], + "plan": [ + "memorydb:DescribeUsers", + "memorydb:ListTags" + ] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_adm_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_adm_channel.json new file mode 100644 index 00000000..ba7ac400 --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_adm_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetAdmChannel", + "mobiletargeting:DeleteAdmChannel", + "mobiletargeting:UpdateAdmChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_channel.json new file mode 100644 index 00000000..faaad996 --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetApnsChannel", + "mobiletargeting:DeleteApnsChannel", + "mobiletargeting:UpdateApnsChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_sandbox_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_sandbox_channel.json new file mode 100644 index 00000000..0224f51d --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_sandbox_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetApnsSandboxChannel", + "mobiletargeting:DeleteApnsSandboxChannel", + "mobiletargeting:UpdateApnsSandboxChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_channel.json new file mode 100644 index 00000000..11e06943 --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetApnsVoipChannel", + "mobiletargeting:DeleteApnsVoipChannel", + "mobiletargeting:UpdateApnsVoipChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_sandbox_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_sandbox_channel.json new file mode 100644 index 00000000..817615fa --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_apns_voip_sandbox_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetApnsVoipSandboxChannel", + "mobiletargeting:DeleteApnsVoipSandboxChannel", + "mobiletargeting:UpdateApnsVoipSandboxChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_app.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_app.json new file mode 100644 index 00000000..79621b14 --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_app.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "mobiletargeting:GetApp", + "mobiletargeting:CreateApp", + "mobiletargeting:DeleteApp", + "mobiletargeting:ListTagsForResource" + ], + "attributes": { + "tags": [ + "mobiletargeting:TagResource", + "mobiletargeting:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_baidu_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_baidu_channel.json new file mode 100644 index 00000000..e7ab435c --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_baidu_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetBaiduChannel", + "mobiletargeting:DeleteBaiduChannel", + "mobiletargeting:UpdateBaiduChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_email_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_email_channel.json new file mode 100644 index 00000000..3c53859b --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_email_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetEmailChannel", + "mobiletargeting:DeleteEmailChannel", + "mobiletargeting:UpdateEmailChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_email_template.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_email_template.json new file mode 100644 index 00000000..ae052c13 --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_email_template.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "mobiletargeting:GetEmailTemplate", + "mobiletargeting:CreateEmailTemplate", + "mobiletargeting:DeleteEmailTemplate", + "mobiletargeting:UpdateEmailTemplate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_event_stream.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_event_stream.json new file mode 100644 index 00000000..01c89588 --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_event_stream.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetEventStream", + "mobiletargeting:DeleteEventStream", + "mobiletargeting:PutEventStream" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_gcm_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_gcm_channel.json new file mode 100644 index 00000000..ec6d679e --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_gcm_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetGcmChannel", + "mobiletargeting:DeleteGcmChannel", + "mobiletargeting:UpdateGcmChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_sms_channel.json b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_sms_channel.json new file mode 100644 index 00000000..d35f9977 --- /dev/null +++ b/src/mapping/aws/resource/mobiletargeting/aws_pinpoint_sms_channel.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "mobiletargeting:GetSmsChannel", + "mobiletargeting:DeleteSmsChannel", + "mobiletargeting:UpdateSmsChannel" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/mq/aws_mq_configuration.json b/src/mapping/aws/resource/mq/aws_mq_configuration.json index 2800e269..d6de62d3 100644 --- a/src/mapping/aws/resource/mq/aws_mq_configuration.json +++ b/src/mapping/aws/resource/mq/aws_mq_configuration.json @@ -1,17 +1,29 @@ -[ - { - "apply": [ - "mq:CreateConfiguration", - "mq:UpdateConfiguration", - "mq:DescribeConfiguration", - "mq:DescribeConfigurationRevision", - "mq:RebootBroker" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "mq:CreateConfiguration", + "mq:UpdateConfiguration", + "mq:DeleteConfiguration", + "mq:DescribeConfiguration", + "mq:DescribeConfigurationRevision", + "mq:RebootBroker", + "mq:ListTags" + ], + "attributes": { + "tags": [ + "mq:CreateTags", + "mq:DeleteTags" + ] + }, + "destroy": [ + "mq:DeleteConfiguration" + ], + "modify": [ + "mq:UpdateConfiguration" + ], + "plan": [ + "mq:DescribeConfiguration", + "mq:ListTags" + ] + } +] diff --git a/src/mapping/aws/resource/neptune-graph/aws_neptunegraph_graph.json b/src/mapping/aws/resource/neptune-graph/aws_neptunegraph_graph.json new file mode 100644 index 00000000..02466e27 --- /dev/null +++ b/src/mapping/aws/resource/neptune-graph/aws_neptunegraph_graph.json @@ -0,0 +1,38 @@ +[ + { + "apply": [ + "neptune-graph:GetGraph", + "neptune-graph:CreateGraph", + "neptune-graph:ListTagsForResource", + "neptune-graph:DeleteGraph", + "neptune-graph:UpdateGraph", + "iam:PassRole", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "kms_key_identifier": [ + "kms:DescribeKey", + "kms:CreateGrant", + "kms:Decrypt" + ], + "tags": [ + "neptune-graph:TagResource", + "neptune-graph:UntagResource" + ] + }, + "destroy": [ + "neptune-graph:DeleteGraph", + "neptune-graph:GetGraph" + ], + "modify": [ + "iam:PassRole", + "neptune-graph:GetGraph", + "neptune-graph:ListTagsForResource", + "neptune-graph:UpdateGraph" + ], + "plan": [ + "neptune-graph:GetGraph", + "neptune-graph:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_firewall.json b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_firewall.json index 8b41d870..c3018224 100644 --- a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_firewall.json +++ b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_firewall.json @@ -6,7 +6,9 @@ "network-firewall:DeleteFirewall", "network-firewall:DescribeFirewall", "network-firewall:AssociateFirewallPolicy", + "network-firewall:UpdateFirewallAnalysisSettings", "iam:CreateServiceLinkedRole", + "network-firewall:AssociateSubnets", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateVpcEndpoint", @@ -35,7 +37,9 @@ "ec2:DescribeRouteTables", "ec2:DeleteVpcEndpoints" ], - "modify": [], + "modify": [ + "network-firewall:UpdateFirewallAnalysisSettings" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_logging_configuration.json b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_logging_configuration.json index 6a39bcd0..de16b341 100644 --- a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_logging_configuration.json +++ b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_logging_configuration.json @@ -7,7 +7,8 @@ "logs:ListLogDeliveries", "logs:CreateLogDelivery", "logs:GetLogDelivery", - "logs:DeleteLogDelivery" + "logs:DeleteLogDelivery", + "iam:CreateServiceLinkedRole" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_rule_group.json b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_rule_group.json index 6f84eb21..1b0b072a 100644 --- a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_rule_group.json +++ b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_rule_group.json @@ -4,7 +4,9 @@ "ec2:DescribeAccountAttributes", "network-firewall:CreateRuleGroup", "network-firewall:DescribeRuleGroup", - "network-firewall:DeleteRuleGroup" + "network-firewall:DeleteRuleGroup", + "iam:CreateServiceLinkedRole", + "ec2:GetManagedPrefixListEntries" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/network-firewall/aws_networkfirewall_tls_inspection_configuration.json b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_tls_inspection_configuration.json new file mode 100644 index 00000000..259b4c9d --- /dev/null +++ b/src/mapping/aws/resource/network-firewall/aws_networkfirewall_tls_inspection_configuration.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "iam:CreateServiceLinkedRole", + "network-firewall:CreateTLSInspectionConfiguration", + "network-firewall:DescribeTLSInspectionConfiguration", + "network-firewall:DeleteTLSInspectionConfiguration", + "network-firewall:DescribeTLSInspectionConfiguration", + "network-firewall:ListTagsForResources", + "network-firewall:UpdateTLSInspectionConfiguration" + ], + "attributes": { + "tags": [ + "network-firewall:TagResource", + "network-firewall:UntagResource" + ] + }, + "destroy": [ + "network-firewall:DeleteTLSInspectionConfiguration" + ], + "modify": [ + "network-firewall:UpdateTLSInspectionConfiguration" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json new file mode 100644 index 00000000..8c8dccf3 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "networkmanager:AcceptAttachment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_connect_attachment.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connect_attachment.json new file mode 100644 index 00000000..14dadb38 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connect_attachment.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "networkmanager:GetConnectAttachment", + "networkmanager:CreateConnectAttachment", + "ec2:DescribeRegions", + "networkmanager:DeleteAttachment", + "networkmanager:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeleteAttachment" + ], + "modify": [ + "networkmanager:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_connect_peer.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connect_peer.json new file mode 100644 index 00000000..6a7e0c2a --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connect_peer.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "networkmanager:GetConnectPeer", + "networkmanager:CreateConnectPeer", + "ec2:DescribeRegions", + "networkmanager:DeleteConnectPeer", + "networkmanager:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeleteConnectPeer" + ], + "modify": [ + "networkmanager:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_connection.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connection.json new file mode 100644 index 00000000..62acca69 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connection.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "networkmanager:GetConnections", + "networkmanager:CreateConnection", + "networkmanager:DeleteConnection", + "networkmanager:UpdateConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network.json new file mode 100644 index 00000000..7a8f8f40 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "networkmanager:CreateCoreNetwork", + "networkmanager:GetCoreNetwork", + "networkmanager:GetCoreNetworkPolicy", + "ec2:DescribeRegions", + "networkmanager:DeleteCoreNetwork", + "networkmanager:UpdateCoreNetwork", + "networkmanager:ListTagsForResource", + "networkmanager:PutCoreNetworkPolicy", + "networkmanager:ExecuteCoreNetworkChangeSet" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeleteCoreNetwork" + ], + "modify": [ + "networkmanager:UpdateCoreNetwork", + "networkmanager:ListTagsForResource", + "networkmanager:PutCoreNetworkPolicy", + "networkmanager:ExecuteCoreNetworkChangeSet" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_customer_gateway_association.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_customer_gateway_association.json new file mode 100644 index 00000000..9e5def90 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_customer_gateway_association.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "networkmanager:GetCustomerGatewayAssociations", + "networkmanager:DisassociateCustomerGateway" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "networkmanager:DisassociateCustomerGateway" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_device.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_device.json new file mode 100644 index 00000000..04564613 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_device.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "networkmanager:CreateDevice", + "networkmanager:GetDevices", + "networkmanager:DeleteDevice", + "networkmanager:UpdateDevice", + "networkmanager:ListTagsForResource", + "networkmanager:GetDevices" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:GetDevices", + "networkmanager:DeleteDevice" + ], + "modify": [ + "networkmanager:UpdateDevice", + "networkmanager:ListTagsForResource", + "networkmanager:GetDevices" + ], + "plan": [ + "networkmanager:GetDevices" + ] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_dx_gateway_attachment.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_dx_gateway_attachment.json new file mode 100644 index 00000000..c5b4fc4b --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_dx_gateway_attachment.json @@ -0,0 +1,33 @@ +[ + { + "apply": [ + "networkmanager:CreateDirectConnectGatewayAttachment", + "networkmanager:GetDirectConnectGatewayAttachment", + "ec2:DescribeRegions", + "iam:CreateServiceLinkedRole", + "networkmanager:UpdateDirectConnectGatewayAttachment", + "networkmanager:ListTagsForResource", + "networkmanager:DeleteAttachment" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeleteAttachment", + "networkmanager:GetDirectConnectGatewayAttachment", + "ec2:DescribeRegions" + ], + "modify": [ + "networkmanager:UpdateDirectConnectGatewayAttachment", + "networkmanager:GetDirectConnectGatewayAttachment", + "networkmanager:ListTagsForResource", + "ec2:DescribeRegions" + ], + "plan": [ + "networkmanager:GetDirectConnectGatewayAttachment" + ] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_global_network.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_global_network.json new file mode 100644 index 00000000..ba51a535 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_global_network.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "networkmanager:CreateGlobalNetwork", + "networkmanager:DeleteGlobalNetwork", + "networkmanager:DescribeGlobalNetworks", + "iam:CreateServiceLinkedRole", + "networkmanager:UpdateGlobalNetwork", + "networkmanager:DescribeGlobalNetworks", + "networkmanager:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeleteGlobalNetwork", + "networkmanager:DescribeGlobalNetworks" + ], + "modify": [ + "networkmanager:UpdateGlobalNetwork", + "networkmanager:DescribeGlobalNetworks", + "networkmanager:ListTagsForResource" + ], + "plan": [ + "networkmanager:DescribeGlobalNetworks" + ] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_link.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_link.json new file mode 100644 index 00000000..c65557a3 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_link.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "networkmanager:CreateLink", + "networkmanager:ListTagsForResource", + "networkmanager:GetLinks", + "networkmanager:UpdateLink", + "networkmanager:DeleteLink" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:GetLinks", + "networkmanager:DeleteLink" + ], + "modify": [ + "networkmanager:ListTagsForResource", + "networkmanager:GetLinks", + "networkmanager:UpdateLink" + ], + "plan": [ + "networkmanager:GetLinks" + ] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_link_association.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_link_association.json new file mode 100644 index 00000000..f67d6053 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_link_association.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "networkmanager:GetLinkAssociations", + "networkmanager:AssociateLink", + "networkmanager:DisassociateLink" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "networkmanager:DisassociateLink" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_site.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_site.json new file mode 100644 index 00000000..e7911352 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_site.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "networkmanager:CreateSite", + "networkmanager:GetSites", + "networkmanager:ListTagsForResource", + "networkmanager:UpdateSite", + "networkmanager:DeleteSite" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:GetSites", + "networkmanager:DeleteSite" + ], + "modify": [ + "networkmanager:GetSites", + "networkmanager:ListTagsForResource", + "networkmanager:UpdateSite" + ], + "plan": [ + "networkmanager:GetSites" + ] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_site_to_site_vpn_attachment.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_site_to_site_vpn_attachment.json new file mode 100644 index 00000000..c72d5661 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_site_to_site_vpn_attachment.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "networkmanager:GetSiteToSiteVpnAttachment", + "networkmanager:CreateSiteToSiteVpnAttachment", + "networkmanager:DeleteAttachment", + "networkmanager:ListTagsForResource", + "ec2:DescribeRegions" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:GetSiteToSiteVpnAttachment", + "networkmanager:DeleteAttachment", + "ec2:DescribeRegions" + ], + "modify": [ + "networkmanager:GetSiteToSiteVpnAttachment", + "networkmanager:ListTagsForResource", + "ec2:DescribeRegions" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json new file mode 100644 index 00000000..7c856417 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "networkmanager:GetTransitGatewayConnectPeerAssociations", + "networkmanager:AssociateTransitGatewayConnectPeer", + "networkmanager:DisassociateTransitGatewayConnectPeer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_peering.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_peering.json new file mode 100644 index 00000000..864ac54f --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_peering.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "networkmanager:CreateTransitGatewayPeering", + "networkmanager:GetTransitGatewayPeering", + "iam:CreateServiceLinkedRole", + "ec2:CreateTransitGatewayPeeringAttachment", + "ec2:AcceptTransitGatewayPeeringAttachment", + "ec2:DescribeRegions", + "networkmanager:DeletePeering", + "networkmanager:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeletePeering" + ], + "modify": [ + "networkmanager:ListTagsForResource" + ], + "plan": [ + "networkmanager:GetTransitGatewayPeering" + ] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_registration.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_registration.json new file mode 100644 index 00000000..b5b452aa --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_registration.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "networkmanager:RegisterTransitGateway", + "networkmanager:GetTransitGatewayRegistrations", + "networkmanager:DeregisterTransitGateway" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "networkmanager:DeregisterTransitGateway" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_route_table_attachment.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_route_table_attachment.json new file mode 100644 index 00000000..305ad89a --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_route_table_attachment.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "networkmanager:CreateTransitGatewayRouteTableAttachment", + "networkmanager:GetTransitGatewayRouteTableAttachment", + "iam:CreateServiceLinkedRole", + "ec2:DescribeRegions", + "networkmanager:DeleteAttachment", + "networkmanager:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeleteAttachment" + ], + "modify": [ + "networkmanager:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_vpc_attachment.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_vpc_attachment.json new file mode 100644 index 00000000..27e95ed7 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_vpc_attachment.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "networkmanager:CreateVpcAttachment", + "networkmanager:GetVpcAttachment", + "ec2:DescribeRegions", + "iam:CreateServiceLinkedRole", + "networkmanager:DeleteAttachment", + "networkmanager:UpdateVpcAttachment", + "networkmanager:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmanager:TagResource", + "networkmanager:UntagResource" + ] + }, + "destroy": [ + "networkmanager:DeleteAttachment" + ], + "modify": [ + "networkmanager:UpdateVpcAttachment", + "networkmanager:ListTagsForResource" + ], + "plan": [ + "networkmanager:GetVpcAttachment" + ] + } +] diff --git a/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json new file mode 100644 index 00000000..09b20081 --- /dev/null +++ b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "networkmonitor:GetMonitor", + "networkmonitor:CreateMonitor", + "networkmonitor:DeleteMonitor", + "networkmonitor:UpdateMonitor", + "networkmonitor:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmonitor:TagResource", + "networkmonitor:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json new file mode 100644 index 00000000..2bf58722 --- /dev/null +++ b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "networkmonitor:ListTagsForResource", + "networkmonitor:GetProbe", + "networkmonitor:CreateProbe", + "networkmonitor:DeleteProbe", + "networkmonitor:UpdateProbe" + ], + "attributes": { + "tags": [ + "networkmonitor:TagResource", + "networkmonitor:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/notifications-contacts/aws_notificationscontacts_email_contact.json b/src/mapping/aws/resource/notifications-contacts/aws_notificationscontacts_email_contact.json new file mode 100644 index 00000000..e6f425e9 --- /dev/null +++ b/src/mapping/aws/resource/notifications-contacts/aws_notificationscontacts_email_contact.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "notifications-contacts:CreateEmailContact", + "notifications-contacts:GetEmailContact", + "notifications-contacts:SendActivationCode", + "notifications-contacts:ListTagsForResource", + "notifications-contacts:DeleteEmailContact" + ], + "attributes": { + "tags": [ + "notifications-contacts:TagResource", + "notifications-contacts:UntagResource" + ] + }, + "destroy": [ + "notifications-contacts:DeleteEmailContact" + ], + "modify": [], + "plan": [ + "notifications-contacts:GetEmailContact" + ] + } +] diff --git a/src/mapping/aws/resource/notifications/aws_notifications_channel_association.json b/src/mapping/aws/resource/notifications/aws_notifications_channel_association.json new file mode 100644 index 00000000..af10fbdd --- /dev/null +++ b/src/mapping/aws/resource/notifications/aws_notifications_channel_association.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "notifications:AssociateChannel", + "notifications:DisassociateChannel", + "notifications:ListChannels" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "notifications:DisassociateChannel" + ], + "modify": [], + "plan": [ + "notifications:ListChannels" + ] + } +] diff --git a/src/mapping/aws/resource/notifications/aws_notifications_event_rule.json b/src/mapping/aws/resource/notifications/aws_notifications_event_rule.json new file mode 100644 index 00000000..75e4a382 --- /dev/null +++ b/src/mapping/aws/resource/notifications/aws_notifications_event_rule.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "notifications:CreateEventRule", + "notifications:GetEventRule", + "notifications:DeleteEventRule" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "notifications:DeleteEventRule" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/notifications/aws_notifications_notification_configuration.json b/src/mapping/aws/resource/notifications/aws_notifications_notification_configuration.json new file mode 100644 index 00000000..f79244f5 --- /dev/null +++ b/src/mapping/aws/resource/notifications/aws_notifications_notification_configuration.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "notifications:ListTagsForResource", + "notifications:CreateNotificationConfiguration", + "notifications:GetNotificationConfiguration", + "notifications:DeleteNotificationConfiguration", + "notifications:UpdateNotificationConfiguration" + ], + "attributes": { + "tags": [ + "notifications:TagResource", + "notifications:UntagResource" + ] + }, + "destroy": [ + "notifications:DeleteNotificationConfiguration" + ], + "modify": [ + "notifications:UpdateNotificationConfiguration" + ], + "plan": [ + "notifications:GetNotificationConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/notifications/aws_notifications_notification_hub.json b/src/mapping/aws/resource/notifications/aws_notifications_notification_hub.json new file mode 100644 index 00000000..7431d8fc --- /dev/null +++ b/src/mapping/aws/resource/notifications/aws_notifications_notification_hub.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "notifications:RegisterNotificationHub", + "notifications:DeregisterNotificationHub", + "iam:CreateServiceLinkedRole", + "notifications:ListNotificationHubs" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "notifications:DeregisterNotificationHub" + ], + "modify": [], + "plan": [ + "notifications:ListNotificationHubs" + ] + } +] diff --git a/src/mapping/aws/resource/oam/aws_oam_link.json b/src/mapping/aws/resource/oam/aws_oam_link.json index a283e549..3456e168 100644 --- a/src/mapping/aws/resource/oam/aws_oam_link.json +++ b/src/mapping/aws/resource/oam/aws_oam_link.json @@ -5,17 +5,37 @@ "oam:GetLink", "oam:UpdateLink", "oam:DeleteLink", - "cloudwatch:Link" + "cloudwatch:Link", + "logs:Link", + "xray:Link", + "applicationinsights:Link", + "internetmonitor:Link", + "application-signals:Link", + "oam:ListTagsForResource" ], "attributes": { - "tags": [] + "tags": [ + "oam:TagResource", + "oam:UntagResource" + ] }, "destroy": [ "oam:DeleteLink" ], "modify": [ - "oam:UpdateLink" + "oam:GetLink", + "oam:UpdateLink", + "cloudwatch:Link", + "logs:Link", + "xray:Link", + "applicationinsights:Link", + "internetmonitor:Link", + "application-signals:Link", + "oam:ListTagsForResource" ], - "plan": [] + "plan": [ + "oam:GetLink", + "oam:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_application.json b/src/mapping/aws/resource/opsworks/aws_opsworks_application.json new file mode 100644 index 00000000..0c004159 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_application.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "opsworks:DescribeApps", + "opsworks:CreateApp", + "opsworks:DeleteApp", + "opsworks:UpdateApp" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_custom_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_custom_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_custom_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_ecs_cluster_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_ecs_cluster_layer.json new file mode 100644 index 00000000..bbfc1c73 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_ecs_cluster_layer.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:DescribeEcsClusters", + "opsworks:DeregisterEcsCluster", + "opsworks:RegisterEcsCluster", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_ganglia_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_ganglia_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_ganglia_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_haproxy_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_haproxy_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_haproxy_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_instance.json b/src/mapping/aws/resource/opsworks/aws_opsworks_instance.json new file mode 100644 index 00000000..8c580699 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_instance.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeInstances", + "opsworks:DeleteInstance", + "opsworks:CreateInstance", + "opsworks:UpdateInstance", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_java_app_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_java_app_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_java_app_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_memcached_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_memcached_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_memcached_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_mysql_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_mysql_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_mysql_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_nodejs_app_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_nodejs_app_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_nodejs_app_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_permission.json b/src/mapping/aws/resource/opsworks/aws_opsworks_permission.json new file mode 100644 index 00000000..970cc243 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_permission.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "opsworks:DescribePermissions", + "opsworks:SetPermission" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_php_app_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_php_app_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_php_app_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_rails_app_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_rails_app_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_rails_app_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_rds_db_instance.json b/src/mapping/aws/resource/opsworks/aws_opsworks_rds_db_instance.json new file mode 100644 index 00000000..6f27a9ff --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_rds_db_instance.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeRdsDbInstances", + "opsworks:DeregisterRdsDbInstance", + "opsworks:RegisterRdsDbInstance", + "opsworks:UpdateRdsDbInstance", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_stack.json b/src/mapping/aws/resource/opsworks/aws_opsworks_stack.json new file mode 100644 index 00000000..9e66e049 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_stack.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeStacks", + "opsworks:CreateStack", + "opsworks:DeleteStack", + "opsworks:UpdateStack", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_static_web_layer.json b/src/mapping/aws/resource/opsworks/aws_opsworks_static_web_layer.json new file mode 100644 index 00000000..817e7726 --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_static_web_layer.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeLayers", + "opsworks:CreateLayer", + "opsworks:DeleteLayer", + "opsworks:UpdateLayer", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/opsworks/aws_opsworks_user_profile.json b/src/mapping/aws/resource/opsworks/aws_opsworks_user_profile.json new file mode 100644 index 00000000..27c8c2ce --- /dev/null +++ b/src/mapping/aws/resource/opsworks/aws_opsworks_user_profile.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "opsworks:DescribeUserProfiles", + "opsworks:CreateUserProfile", + "opsworks:DeleteUserProfile", + "opsworks:UpdateUserProfile", + "opsworks:ListTags" + ], + "attributes": { + "tags": [ + "opsworks:TagResource", + "opsworks:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/organizations/aws_organizations_account.json b/src/mapping/aws/resource/organizations/aws_organizations_account.json new file mode 100644 index 00000000..c4d14724 --- /dev/null +++ b/src/mapping/aws/resource/organizations/aws_organizations_account.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "organizations:CreateAccount", + "organizations:DescribeCreateAccountStatus", + "organizations:MoveAccount", + "organizations:ListAccounts", + "organizations:ListParents", + "organizations:DescribeAccount", + "organizations:ListTagsForResource", + "organizations:CloseAccount" + ], + "attributes": { + "tags": [ + "organizations:TagResource", + "organizations:UntagResource" + ] + }, + "destroy": [ + "organizations:CloseAccount" + ], + "modify": [ + "organizations:MoveAccount" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json b/src/mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json new file mode 100644 index 00000000..f846435c --- /dev/null +++ b/src/mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/organizations/aws_organizations_organization.json b/src/mapping/aws/resource/organizations/aws_organizations_organization.json new file mode 100644 index 00000000..a7e6210d --- /dev/null +++ b/src/mapping/aws/resource/organizations/aws_organizations_organization.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "organizations:CreateOrganization", + "organizations:DescribeOrganization", + "iam:CreateServiceLinkedRole", + "organizations:ListRoots", + "organizations:DeleteOrganization" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "organizations:DeleteOrganization" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/organizations/aws_organizations_organizational_unit.json b/src/mapping/aws/resource/organizations/aws_organizations_organizational_unit.json new file mode 100644 index 00000000..1a1c4f78 --- /dev/null +++ b/src/mapping/aws/resource/organizations/aws_organizations_organizational_unit.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "organizations:CreateOrganizationalUnit", + "organizations:DescribeOrganizationalUnit", + "organizations:ListParents", + "organizations:ListTagsForResource", + "organizations:UpdateOrganizationalUnit", + "organizations:ListOrganizationalUnitsForParent" + ], + "attributes": { + "tags": [ + "organizations:TagResource", + "organizations:UntagResource" + ] + }, + "destroy": [], + "modify": [ + "organizations:UpdateOrganizationalUnit" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/organizations/aws_organizations_policy.json b/src/mapping/aws/resource/organizations/aws_organizations_policy.json index c73cdfa0..830ad735 100644 --- a/src/mapping/aws/resource/organizations/aws_organizations_policy.json +++ b/src/mapping/aws/resource/organizations/aws_organizations_policy.json @@ -4,7 +4,12 @@ "organizations:DescribePolicy", "organizations:CreatePolicy", "organizations:DeletePolicy", - "organizations:UpdatePolicy" + "organizations:UpdatePolicy", + "organizations:AttachPolicy", + "organizations:DetachPolicy", + "organizations:ListTagsForResource", + "organizations:ListTargetsForPolicy", + "organizations:ListPolicies" ], "attributes": { "tags": [ @@ -13,6 +18,7 @@ ] }, "destroy": [ + "organizations:DetachPolicy", "organizations:DeletePolicy" ], "modify": [ diff --git a/src/mapping/aws/resource/organizations/aws_organizations_resource_policy.json b/src/mapping/aws/resource/organizations/aws_organizations_resource_policy.json new file mode 100644 index 00000000..d6a9860f --- /dev/null +++ b/src/mapping/aws/resource/organizations/aws_organizations_resource_policy.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "organizations:PutResourcePolicy", + "organizations:DescribeResourcePolicy", + "organizations:ListTagsForResource", + "organizations:DeleteResourcePolicy" + ], + "attributes": { + "tags": [ + "organizations:TagResource", + "organizations:UntagResource" + ] + }, + "destroy": [ + "organizations:DeleteResourcePolicy" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/osis/aws_osis_pipeline.json b/src/mapping/aws/resource/osis/aws_osis_pipeline.json new file mode 100644 index 00000000..3d538a63 --- /dev/null +++ b/src/mapping/aws/resource/osis/aws_osis_pipeline.json @@ -0,0 +1,43 @@ +[ + { + "apply": [ + "osis:CreatePipeline", + "osis:GetPipeline", + "osis:ListTagsForResource", + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "osis:DeletePipeline", + "osis:UpdatePipeline" + ], + "attributes": { + "kms_key_arn": [ + "kms:DescribeKey" + ], + "log_group": [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:ListLogDeliveries", + "logs:DeleteLogDelivery" + ], + "tags": [ + "osis:TagResource", + "osis:UntagResource" + ] + }, + "destroy": [ + "osis:GetPipeline", + "osis:DeletePipeline" + ], + "modify": [ + "osis:UpdatePipeline", + "osis:GetPipeline", + "osis:ListTagsForResource", + "iam:PassRole" + ], + "plan": [ + "osis:GetPipeline", + "osis:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key.json b/src/mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key.json new file mode 100644 index 00000000..121ef5e7 --- /dev/null +++ b/src/mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "payment-cryptography:GetKey", + "payment-cryptography:CreateKey", + "payment-cryptography:DeleteKey", + "payment-cryptography:ListTagsForResource", + "payment-cryptography:StartKeyUsage", + "payment-cryptography:StopKeyUsage" + ], + "attributes": { + "tags": [ + "payment-cryptography:TagResource", + "payment-cryptography:UntagResource" + ] + }, + "destroy": [ + "payment-cryptography:GetKey", + "payment-cryptography:DeleteKey" + ], + "modify": [ + "payment-cryptography:GetKey", + "payment-cryptography:ListTagsForResource", + "payment-cryptography:StartKeyUsage", + "payment-cryptography:StopKeyUsage" + ], + "plan": [ + "payment-cryptography:GetKey", + "payment-cryptography:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key_alias.json b/src/mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key_alias.json new file mode 100644 index 00000000..b810d396 --- /dev/null +++ b/src/mapping/aws/resource/payment-cryptography/aws_paymentcryptography_key_alias.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "payment-cryptography:CreateAlias", + "payment-cryptography:DeleteAlias", + "payment-cryptography:GetAlias", + "payment-cryptography:UpdateAlias" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "payment-cryptography:DeleteAlias" + ], + "modify": [ + "payment-cryptography:UpdateAlias" + ], + "plan": [ + "payment-cryptography:GetAlias" + ] + } +] diff --git a/src/mapping/aws/resource/pipes/aws_pipes_pipe.json b/src/mapping/aws/resource/pipes/aws_pipes_pipe.json new file mode 100644 index 00000000..732a5948 --- /dev/null +++ b/src/mapping/aws/resource/pipes/aws_pipes_pipe.json @@ -0,0 +1,44 @@ +[ + { + "apply": [ + "pipes:CreatePipe", + "pipes:DescribePipe", + "pipes:UpdatePipe", + "pipes:DeletePipe", + "iam:PassRole", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "cloudwatch_logs_log_destination": [ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "delivery_stream_arn": [ + "firehose:TagDeliveryStream" + ], + "s3_log_destination": [ + "s3:PutBucketPolicy", + "s3:GetBucketPolicy" + ], + "tags": [ + "pipes:TagResource", + "pipes:UntagResource" + ] + }, + "destroy": [ + "pipes:DeletePipe", + "pipes:DescribePipe" + ], + "modify": [ + "pipes:UpdatePipe", + "pipes:DescribePipe" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/profile/aws_customerprofiles_domain.json b/src/mapping/aws/resource/profile/aws_customerprofiles_domain.json new file mode 100644 index 00000000..0e5f75eb --- /dev/null +++ b/src/mapping/aws/resource/profile/aws_customerprofiles_domain.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "profile:CreateDomain", + "profile:DeleteDomain", + "profile:GetDomain", + "profile:UpdateDomain", + "profile:ListTagsForResource" + ], + "attributes": { + "tags": [ + "profile:UntagResource", + "profile:TagResource" + ] + }, + "destroy": [ + "profile:DeleteDomain" + ], + "modify": [ + "profile:GetDomain", + "profile:UpdateDomain" + ], + "plan": [ + "profile:GetDomain" + ] + } +] diff --git a/src/mapping/aws/resource/profile/aws_customerprofiles_profile.json b/src/mapping/aws/resource/profile/aws_customerprofiles_profile.json new file mode 100644 index 00000000..475f05c4 --- /dev/null +++ b/src/mapping/aws/resource/profile/aws_customerprofiles_profile.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "profile:CreateProfile", + "profile:DeleteProfile", + "profile:UpdateProfile", + "profile:ListTagsForResource" + ], + "attributes": { + "tags": [ + "profile:UntagResource", + "profile:TagResource" + ] + }, + "destroy": [ + "profile:DeleteProfile" + ], + "modify": [ + "profile:UpdateProfile" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/qbusiness/aws_qbusiness_application.json b/src/mapping/aws/resource/qbusiness/aws_qbusiness_application.json new file mode 100644 index 00000000..5b6ea6d9 --- /dev/null +++ b/src/mapping/aws/resource/qbusiness/aws_qbusiness_application.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "qbusiness:GetApplication", + "qbusiness:CreateApplication", + "qbusiness:DeleteApplication", + "qbusiness:UpdateApplication" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/qldb/aws_qldb_ledger.json b/src/mapping/aws/resource/qldb/aws_qldb_ledger.json new file mode 100644 index 00000000..48cc6972 --- /dev/null +++ b/src/mapping/aws/resource/qldb/aws_qldb_ledger.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "qldb:DescribeLedger", + "qldb:CreateLedger", + "qldb:DeleteLedger", + "qldb:UpdateLedger", + "qldb:ListTagsForResource" + ], + "attributes": { + "tags": [ + "qldb:TagResource", + "qldb:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/qldb/aws_qldb_stream.json b/src/mapping/aws/resource/qldb/aws_qldb_stream.json new file mode 100644 index 00000000..e1cd1414 --- /dev/null +++ b/src/mapping/aws/resource/qldb/aws_qldb_stream.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "iam:PassRole", + "qldb:StreamJournalToKinesis", + "qldb:DescribeJournalKinesisStream", + "qldb:ListTagsForResource", + "qldb:CancelJournalKinesisStream" + ], + "attributes": { + "tags": [ + "qldb:UntagResource", + "qldb:TagResource" + ] + }, + "destroy": [ + "qldb:CancelJournalKinesisStream", + "qldb:DescribeJournalKinesisStream" + ], + "modify": [], + "plan": [ + "qldb:DescribeJournalKinesisStream", + "qldb:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_account_settings.json b/src/mapping/aws/resource/quicksight/aws_quicksight_account_settings.json new file mode 100644 index 00000000..5709f942 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_account_settings.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "quicksight:UpdateAccountSettings" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_account_subscription.json b/src/mapping/aws/resource/quicksight/aws_quicksight_account_subscription.json new file mode 100644 index 00000000..3e29d9e5 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_account_subscription.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "quicksight:DescribeAccountSubscription", + "quicksight:CreateAccountSubscription", + "quicksight:DeleteAccountSubscription" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_analysis.json b/src/mapping/aws/resource/quicksight/aws_quicksight_analysis.json new file mode 100644 index 00000000..c60db279 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_analysis.json @@ -0,0 +1,41 @@ +[ + { + "apply": [ + "quicksight:DescribeAnalysis", + "quicksight:DescribeAnalysisPermissions", + "quicksight:UpdateAnalysis", + "quicksight:UpdateAnalysisPermissions", + "quicksight:CreateAnalysis", + "quicksight:DescribeTemplate", + "quicksight:DescribeTheme", + "quicksight:PassDataSet", + "quicksight:ListTagsForResource", + "quicksight:DeleteAnalysis" + ], + "attributes": { + "tags": [ + "quicksight:TagResource", + "quicksight:UntagResource" + ] + }, + "destroy": [ + "quicksight:DescribeAnalysis", + "quicksight:DeleteAnalysis" + ], + "modify": [ + "quicksight:DescribeAnalysis", + "quicksight:DescribeAnalysisPermissions", + "quicksight:UpdateAnalysis", + "quicksight:UpdateAnalysisPermissions", + "quicksight:DescribeTemplate", + "quicksight:DescribeTheme", + "quicksight:PassDataSet", + "quicksight:ListTagsForResource" + ], + "plan": [ + "quicksight:DescribeAnalysis", + "quicksight:DescribeAnalysisPermissions", + "quicksight:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_dashboard.json b/src/mapping/aws/resource/quicksight/aws_quicksight_dashboard.json new file mode 100644 index 00000000..8d0e8790 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_dashboard.json @@ -0,0 +1,45 @@ +[ + { + "apply": [ + "quicksight:DescribeDashboard", + "quicksight:DescribeDashboardPermissions", + "quicksight:CreateDashboard", + "quicksight:DescribeTemplate", + "quicksight:DescribeTheme", + "quicksight:PassDataSet", + "quicksight:ListTagsForResource", + "quicksight:DeleteDashboard", + "quicksight:UpdateDashboard", + "quicksight:UpdateDashboardLinks", + "quicksight:UpdateDashboardPermissions", + "quicksight:UpdateDashboardPublishedVersion" + ], + "attributes": { + "tags": [ + "quicksight:TagResource", + "quicksight:UntagResource" + ] + }, + "destroy": [ + "quicksight:DescribeDashboard", + "quicksight:DeleteDashboard" + ], + "modify": [ + "quicksight:DescribeDashboard", + "quicksight:DescribeDashboardPermissions", + "quicksight:UpdateDashboard", + "quicksight:UpdateDashboardLinks", + "quicksight:UpdateDashboardPermissions", + "quicksight:UpdateDashboardPublishedVersion", + "quicksight:DescribeTemplate", + "quicksight:DescribeTheme", + "quicksight:PassDataSet", + "quicksight:ListTagsForResource" + ], + "plan": [ + "quicksight:DescribeDashboard", + "quicksight:DescribeDashboardPermissions", + "quicksight:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_data_set.json b/src/mapping/aws/resource/quicksight/aws_quicksight_data_set.json new file mode 100644 index 00000000..9300e34a --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_data_set.json @@ -0,0 +1,56 @@ +[ + { + "apply": [ + "quicksight:CancelIngestion", + "quicksight:CreateDataSet", + "quicksight:DeleteDataSet", + "quicksight:DeleteDataSetRefreshProperties", + "quicksight:DescribeDataSet", + "quicksight:DescribeDataSetPermissions", + "quicksight:DescribeDataSetRefreshProperties", + "quicksight:DescribeIngestion", + "quicksight:ListIngestions", + "quicksight:ListTagsForResource", + "quicksight:PassDataSet", + "quicksight:PassDataSource", + "quicksight:PutDataSetRefreshProperties", + "quicksight:UpdateDataSet", + "quicksight:UpdateDataSetPermissions" + ], + "attributes": { + "tags": [ + "quicksight:TagResource", + "quicksight:UntagResource" + ] + }, + "destroy": [ + "quicksight:DescribeDataSet", + "quicksight:DeleteDataSet", + "quicksight:ListTagsForResource", + "quicksight:DescribeIngestion", + "quicksight:DeleteDataSetRefreshProperties", + "quicksight:DescribeDataSetRefreshProperties" + ], + "modify": [ + "quicksight:DescribeDataSet", + "quicksight:DescribeDataSetPermissions", + "quicksight:PassDataSource", + "quicksight:UpdateDataSet", + "quicksight:UpdateDataSetPermissions", + "quicksight:PassDataSet", + "quicksight:DescribeIngestion", + "quicksight:ListIngestions", + "quicksight:CancelIngestion", + "quicksight:ListTagsForResource", + "quicksight:PutDataSetRefreshProperties", + "quicksight:DescribeDataSetRefreshProperties", + "quicksight:DeleteDataSetRefreshProperties" + ], + "plan": [ + "quicksight:DescribeDataSet", + "quicksight:DescribeDataSetPermissions", + "quicksight:ListTagsForResource", + "quicksight:DescribeDataSetRefreshProperties" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_data_source.json b/src/mapping/aws/resource/quicksight/aws_quicksight_data_source.json new file mode 100644 index 00000000..8bef5bf5 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_data_source.json @@ -0,0 +1,37 @@ +[ + { + "apply": [ + "quicksight:CreateDataSource", + "quicksight:DescribeDataSource", + "quicksight:DescribeDataSourcePermissions", + "quicksight:ListTagsForResource", + "quicksight:DeleteDataSource", + "quicksight:UpdateDataSource", + "quicksight:UpdateDataSourcePermissions" + ], + "attributes": { + "tags": [ + "quicksight:TagResource", + "quicksight:UntagResource" + ] + }, + "destroy": [ + "quicksight:DescribeDataSource", + "quicksight:DescribeDataSourcePermissions", + "quicksight:DeleteDataSource", + "quicksight:ListTagsForResource" + ], + "modify": [ + "quicksight:DescribeDataSource", + "quicksight:DescribeDataSourcePermissions", + "quicksight:UpdateDataSource", + "quicksight:UpdateDataSourcePermissions", + "quicksight:ListTagsForResource" + ], + "plan": [ + "quicksight:DescribeDataSource", + "quicksight:DescribeDataSourcePermissions", + "quicksight:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_folder.json b/src/mapping/aws/resource/quicksight/aws_quicksight_folder.json new file mode 100644 index 00000000..a76c89ab --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_folder.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "quicksight:CreateFolder", + "quicksight:DescribeFolder", + "quicksight:DeleteFolder", + "quicksight:UpdateFolder", + "quicksight:UpdateFolderPermissions", + "quicksight:DescribeFolderPermissions", + "quicksight:ListTagsForResource" + ], + "attributes": { + "tags": [ + "quicksight:TagResource", + "quicksight:UntagResource" + ] + }, + "destroy": [ + "quicksight:DeleteFolder" + ], + "modify": [ + "quicksight:DescribeFolder", + "quicksight:UpdateFolder", + "quicksight:DescribeFolderPermissions", + "quicksight:UpdateFolderPermissions", + "quicksight:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_folder_membership.json b/src/mapping/aws/resource/quicksight/aws_quicksight_folder_membership.json new file mode 100644 index 00000000..85f45b5b --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_folder_membership.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_group.json b/src/mapping/aws/resource/quicksight/aws_quicksight_group.json new file mode 100644 index 00000000..6df7682c --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_group.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "quicksight:CreateGroup", + "quicksight:DescribeGroup", + "quicksight:DeleteGroup", + "quicksight:UpdateGroup" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_group_membership.json b/src/mapping/aws/resource/quicksight/aws_quicksight_group_membership.json new file mode 100644 index 00000000..1b3d7868 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_group_membership.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "quicksight:DescribeGroupMembership", + "quicksight:CreateGroupMembership", + "quicksight:DeleteGroupMembership" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_iam_policy_assignment.json b/src/mapping/aws/resource/quicksight/aws_quicksight_iam_policy_assignment.json new file mode 100644 index 00000000..3efb124b --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_iam_policy_assignment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "quicksight:DescribeIAMPolicyAssignment", + "quicksight:CreateIAMPolicyAssignment", + "quicksight:DeleteIAMPolicyAssignment", + "quicksight:UpdateIAMPolicyAssignment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_ingestion.json b/src/mapping/aws/resource/quicksight/aws_quicksight_ingestion.json new file mode 100644 index 00000000..eeaa6341 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_ingestion.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "quicksight:DescribeIngestion", + "quicksight:CreateIngestion", + "quicksight:CancelIngestion" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_namespace.json b/src/mapping/aws/resource/quicksight/aws_quicksight_namespace.json new file mode 100644 index 00000000..7c4bab32 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_namespace.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "quicksight:CreateNamespace", + "quicksight:DeleteNamespace" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_refresh_schedule.json b/src/mapping/aws/resource/quicksight/aws_quicksight_refresh_schedule.json new file mode 100644 index 00000000..2f8d857a --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_refresh_schedule.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "quicksight:CreateRefreshSchedule", + "quicksight:DescribeRefreshSchedule", + "quicksight:UpdateRefreshSchedule", + "quicksight:DeleteRefreshSchedule" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "quicksight:DeleteRefreshSchedule", + "quicksight:DescribeRefreshSchedule" + ], + "modify": [ + "quicksight:UpdateRefreshSchedule", + "quicksight:DescribeRefreshSchedule" + ], + "plan": [ + "quicksight:DescribeRefreshSchedule" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_role_membership.json b/src/mapping/aws/resource/quicksight/aws_quicksight_role_membership.json new file mode 100644 index 00000000..06cdd789 --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_role_membership.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "quicksight:CreateRoleMembership", + "quicksight:DeleteRoleMembership" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_template.json b/src/mapping/aws/resource/quicksight/aws_quicksight_template.json new file mode 100644 index 00000000..e5a137bb --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_template.json @@ -0,0 +1,38 @@ +[ + { + "apply": [ + "quicksight:CreateTemplate", + "quicksight:DeleteTemplate", + "quicksight:DescribeAnalysis", + "quicksight:DescribeTemplate", + "quicksight:DescribeTemplatePermissions", + "quicksight:ListTagsForResource", + "quicksight:PassDataSet", + "quicksight:UpdateTemplate", + "quicksight:UpdateTemplatePermissions" + ], + "attributes": { + "tags": [ + "quicksight:TagResource", + "quicksight:UntagResource" + ] + }, + "destroy": [ + "quicksight:DescribeTemplate", + "quicksight:DeleteTemplate" + ], + "modify": [ + "quicksight:DescribeTemplate", + "quicksight:DescribeTemplatePermissions", + "quicksight:UpdateTemplate", + "quicksight:UpdateTemplatePermissions", + "quicksight:PassDataSet", + "quicksight:ListTagsForResource" + ], + "plan": [ + "quicksight:DescribeTemplate", + "quicksight:DescribeTemplatePermissions", + "quicksight:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_template_alias.json b/src/mapping/aws/resource/quicksight/aws_quicksight_template_alias.json new file mode 100644 index 00000000..18c842ab --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_template_alias.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "quicksight:DescribeTemplateAlias", + "quicksight:CreateTemplateAlias", + "quicksight:DeleteTemplateAlias", + "quicksight:UpdateTemplateAlias" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_theme.json b/src/mapping/aws/resource/quicksight/aws_quicksight_theme.json new file mode 100644 index 00000000..432ed47e --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_theme.json @@ -0,0 +1,35 @@ +[ + { + "apply": [ + "quicksight:DescribeTheme", + "quicksight:DescribeThemePermissions", + "quicksight:CreateTheme", + "quicksight:ListTagsForResource", + "quicksight:UpdateTheme", + "quicksight:UpdateThemePermissions", + "quicksight:DeleteTheme" + ], + "attributes": { + "tags": [ + "quicksight:TagResource", + "quicksight:UntagResource" + ] + }, + "destroy": [ + "quicksight:DescribeTheme", + "quicksight:DeleteTheme" + ], + "modify": [ + "quicksight:DescribeTheme", + "quicksight:DescribeThemePermissions", + "quicksight:UpdateTheme", + "quicksight:UpdateThemePermissions", + "quicksight:ListTagsForResource" + ], + "plan": [ + "quicksight:DescribeTheme", + "quicksight:DescribeThemePermissions", + "quicksight:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_user.json b/src/mapping/aws/resource/quicksight/aws_quicksight_user.json new file mode 100644 index 00000000..6f37875e --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_user.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "quicksight:RegisterUser", + "quicksight:DescribeUser", + "quicksight:CreateUser", + "quicksight:DeleteUser", + "quicksight:UpdateUser" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/quicksight/aws_quicksight_vpc_connection.json b/src/mapping/aws/resource/quicksight/aws_quicksight_vpc_connection.json new file mode 100644 index 00000000..f9a925eb --- /dev/null +++ b/src/mapping/aws/resource/quicksight/aws_quicksight_vpc_connection.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "quicksight:DescribeVPCConnection", + "quicksight:CreateVPCConnection", + "quicksight:DeleteVPCConnection", + "quicksight:UpdateVPCConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ram/aws_ram_resource_share.json b/src/mapping/aws/resource/ram/aws_ram_resource_share.json index dab39998..e61eaa29 100644 --- a/src/mapping/aws/resource/ram/aws_ram_resource_share.json +++ b/src/mapping/aws/resource/ram/aws_ram_resource_share.json @@ -2,7 +2,14 @@ { "apply": [ "ram:CreateResourceShare", - "ram:GetResourceShares" + "ram:GetResourceShares", + "ram:GetPermission", + "ram:GetResourceShareAssociations", + "ram:ListResourceSharePermissions", + "ram:UpdateResourceShare", + "ram:AssociateResourceSharePermission", + "ram:AssociateResourceShare", + "ram:DisassociateResourceShare" ], "attributes": { "tags": [ @@ -13,7 +20,16 @@ "destroy": [ "ram:DeleteResourceShare" ], - "modify": [], + "modify": [ + "ram:GetPermission", + "ram:GetResourceShares", + "ram:GetResourceShareAssociations", + "ram:ListResourceSharePermissions", + "ram:UpdateResourceShare", + "ram:AssociateResourceSharePermission", + "ram:AssociateResourceShare", + "ram:DisassociateResourceShare" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ram/aws_ram_resource_share_accepter.json b/src/mapping/aws/resource/ram/aws_ram_resource_share_accepter.json new file mode 100644 index 00000000..6a4e3d19 --- /dev/null +++ b/src/mapping/aws/resource/ram/aws_ram_resource_share_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ram:AcceptResourceShareInvitation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ram/aws_ram_sharing_with_organization.json b/src/mapping/aws/resource/ram/aws_ram_sharing_with_organization.json new file mode 100644 index 00000000..acac24ba --- /dev/null +++ b/src/mapping/aws/resource/ram/aws_ram_sharing_with_organization.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ram:EnableSharingWithAwsOrganization" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rbin/aws_rbin_rule.json b/src/mapping/aws/resource/rbin/aws_rbin_rule.json new file mode 100644 index 00000000..1502c7d1 --- /dev/null +++ b/src/mapping/aws/resource/rbin/aws_rbin_rule.json @@ -0,0 +1,38 @@ +[ + { + "apply": [ + "rbin:GetRule", + "rbin:UpdateRule", + "rbin:LockRule", + "rbin:UnlockRule", + "rbin:ListTagsForResource", + "iam:PassRole", + "rbin:CreateRule", + "rbin:DeleteRule" + ], + "attributes": { + "tags": [ + "rbin:TagResource", + "rbin:UntagResource" + ] + }, + "destroy": [ + "rbin:GetRule", + "rbin:DeleteRule", + "iam:PassRole" + ], + "modify": [ + "rbin:GetRule", + "rbin:UpdateRule", + "rbin:LockRule", + "rbin:UnlockRule", + "rbin:ListTagsForResource", + "iam:PassRole" + ], + "plan": [ + "rbin:GetRule", + "rbin:ListTagsForResource", + "iam:PassRole" + ] + } +] diff --git a/src/mapping/aws/resource/rds/aws_db_instance.json b/src/mapping/aws/resource/rds/aws_db_instance.json index bc368aae..6ce784b2 100644 --- a/src/mapping/aws/resource/rds/aws_db_instance.json +++ b/src/mapping/aws/resource/rds/aws_db_instance.json @@ -1,27 +1,64 @@ -[ - { - "apply": [ - "ec2:DescribeAccountAttributes", - "rds:CreateDBInstance", - "rds:DescribeDBInstances", - "rds:DeleteDBInstance", - "rds:ListTagsForResource" - ], - "attributes": { - "monitoring_role_arn": [ - "iam:PassRole" - ], - "tags": [ - "rds:AddTagsToResource", - "rds:RemoveTagsFromResource" - ] - }, - "destroy": [ - "rds:DeleteDBInstance" - ], - "modify": [ - "rds:ModifyDBInstance" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBInstanceAutomatedBackups", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:ListRoles", + "iam:PassRole", + "rds:CreateDBInstance", + "rds:DeleteDBInstance", + "rds:DescribeDBInstances", + "rds:ListTagsForResource", + "rds:ModifyDBInstance", + "rds:ModifyDBInstance", + "rds:RebootDBInstance" + ], + "attributes": { + "manage_master_user_password": [ + "secretsmanager:CreateSecret", + "secretsmanager:TagResource" + ], + "master_user_secret_kms_key_id": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "monitoring_role_arn": [ + "iam:PassRole" + ], + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [ + "rds:CreateDBSnapshot", + "rds:DeleteDBInstance", + "rds:DescribeDBInstances" + ], + "modify": [ + "rds:ModifyDBInstance" + ], + "plan": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "rds:DescribeDBInstances" + ] + } +] diff --git a/src/mapping/aws/resource/rds/aws_db_option_group.json b/src/mapping/aws/resource/rds/aws_db_option_group.json index 31e97861..0f29393b 100644 --- a/src/mapping/aws/resource/rds/aws_db_option_group.json +++ b/src/mapping/aws/resource/rds/aws_db_option_group.json @@ -1,20 +1,23 @@ -[ - { - "apply": [ - "rds:DeleteOptionGroup", - "rds:ModifyOptionGroup", - "rds:ListTagsForResource", - "rds:CreateOptionGroup", - "rds:DescribeOptionGroups" - ], - "attributes": { - "tags": [ - "rds:AddTagsToResource", - "rds:RemoveTagsFromResource" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "rds:DeleteOptionGroup", + "rds:ModifyOptionGroup", + "rds:ListTagsForResource", + "rds:CreateOptionGroup", + "rds:DescribeOptionGroups", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [], + "modify": [ + "rds:ModifyOptionGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_db_parameter_group.json b/src/mapping/aws/resource/rds/aws_db_parameter_group.json index e7fcad77..951d297e 100644 --- a/src/mapping/aws/resource/rds/aws_db_parameter_group.json +++ b/src/mapping/aws/resource/rds/aws_db_parameter_group.json @@ -1,25 +1,26 @@ -[ - { - "apply": [ - "rds:ListTagsForResource", - "rds:CreateDBParameterGroup", - "rds:ModifyDBParameterGroup", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DeleteDBParameterGroup" - ], - "attributes": { - "tags": [ - "rds:AddTagsToResource", - "rds:RemoveTagsFromResource" - ] - }, - "destroy": [ - "rds:DeleteDBParameterGroup" - ], - "modify": [ - "rds:ModifyDBParameterGroup" - ], - "plan": [] - } -] +[ + { + "apply": [ + "rds:ListTagsForResource", + "rds:CreateDBParameterGroup", + "rds:ModifyDBParameterGroup", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DeleteDBParameterGroup", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [ + "rds:DeleteDBParameterGroup" + ], + "modify": [ + "rds:ModifyDBParameterGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_db_proxy.json b/src/mapping/aws/resource/rds/aws_db_proxy.json index b8610227..4816fa9d 100644 --- a/src/mapping/aws/resource/rds/aws_db_proxy.json +++ b/src/mapping/aws/resource/rds/aws_db_proxy.json @@ -4,7 +4,8 @@ "rds:CreateDBProxy", "rds:DeleteDBProxy", "rds:DescribeDBProxies", - "rds:ModifyDBProxy" + "rds:ModifyDBProxy", + "iam:PassRole" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/rds/aws_db_proxy_default_target_group.json b/src/mapping/aws/resource/rds/aws_db_proxy_default_target_group.json index 569e427e..326096a5 100644 --- a/src/mapping/aws/resource/rds/aws_db_proxy_default_target_group.json +++ b/src/mapping/aws/resource/rds/aws_db_proxy_default_target_group.json @@ -2,14 +2,21 @@ { "apply": [ "rds:ModifyDBProxyTargetGroup", - "rds:DescribeDBProxyTargetGroups" + "rds:DescribeDBProxyTargetGroups", + "rds:DescribeDBProxies", + "rds:RegisterDBProxyTargets", + "rds:DeregisterDBProxyTargets" ], "attributes": { "tags": [] }, - "destroy": [], + "destroy": [ + "rds:DeregisterDBProxyTargets" + ], "modify": [ - "rds:ModifyDBProxyTargetGroup" + "rds:ModifyDBProxyTargetGroup", + "rds:RegisterDBProxyTargets", + "rds:DeregisterDBProxyTargets" ], "plan": [] } diff --git a/src/mapping/aws/resource/rds/aws_db_proxy_endpoint.json b/src/mapping/aws/resource/rds/aws_db_proxy_endpoint.json index 85ccf24c..e3af2e56 100644 --- a/src/mapping/aws/resource/rds/aws_db_proxy_endpoint.json +++ b/src/mapping/aws/resource/rds/aws_db_proxy_endpoint.json @@ -7,7 +7,10 @@ "rds:ModifyDBProxyEndpoint" ], "attributes": { - "tags": [] + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] }, "destroy": [ "rds:DeleteDBProxyEndpoint" diff --git a/src/mapping/aws/resource/rds/aws_db_subnet_group.json b/src/mapping/aws/resource/rds/aws_db_subnet_group.json index 9a4c032e..d47411e3 100644 --- a/src/mapping/aws/resource/rds/aws_db_subnet_group.json +++ b/src/mapping/aws/resource/rds/aws_db_subnet_group.json @@ -1,21 +1,25 @@ -[ - { - "apply": [ - "rds:DescribeDBSubnetGroups", - "rds:CreateDBSubnetGroup", - "rds:ListTagsForResource", - "rds:DeleteDBSubnetGroup" - ], - "attributes": { - "tags": [ - "rds:AddTagsToResource", - "rds:RemoveTagsFromResource" - ] - }, - "destroy": [ - "rds:DeleteDBSubnetGroup" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "rds:DescribeDBSubnetGroups", + "rds:CreateDBSubnetGroup", + "rds:ListTagsForResource", + "rds:DeleteDBSubnetGroup", + "iam:CreateServiceLinkedRole", + "rds:ModifyDBSubnetGroup" + ], + "attributes": { + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [ + "rds:DeleteDBSubnetGroup" + ], + "modify": [ + "rds:ModifyDBSubnetGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_neptune_cluster.json b/src/mapping/aws/resource/rds/aws_neptune_cluster.json index 51448920..575c4775 100644 --- a/src/mapping/aws/resource/rds/aws_neptune_cluster.json +++ b/src/mapping/aws/resource/rds/aws_neptune_cluster.json @@ -5,16 +5,23 @@ "rds:CreateDBCluster", "rds:DescribeDBClusters", "rds:ListTagsForResource", - "rds:DeleteDBCluster" + "rds:DeleteDBCluster", + "iam:PassRole", + "iam:CreateServiceLinkedRole" ], "attributes": { "iam_roles": [ "rds:AddRoleToDBCluster", "iam:PassRole" ], + "kms_key_arn": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], "tags": [ "rds:AddTagsToResource", - "rds:RemoveTagsFromResource" + "rds:RemoveTagsFromResource", + "rds:AddTagsToResource" ] }, "destroy": [ diff --git a/src/mapping/aws/resource/rds/aws_rds_certificate.json b/src/mapping/aws/resource/rds/aws_rds_certificate.json new file mode 100644 index 00000000..7ca008f1 --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_certificate.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "rds:DescribeCertificates", + "rds:ModifyCertificates" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_cluster.json b/src/mapping/aws/resource/rds/aws_rds_cluster.json index b53660de..55580bc0 100644 --- a/src/mapping/aws/resource/rds/aws_rds_cluster.json +++ b/src/mapping/aws/resource/rds/aws_rds_cluster.json @@ -5,13 +5,18 @@ "rds:DescribeDBClusters", "rds:ListTagsForResource", "rds:DescribeGlobalClusters", - "rds:DeleteDBCluster" + "rds:DeleteDBCluster", + "iam:CreateServiceLinkedRole" ], "attributes": { "iam_roles": [ "rds:AddRoleToDBCluster", "iam:PassRole" ], + "manage_master_user_password": [ + "secretsmanager:CreateSecret", + "secretsmanager:TagResource" + ], "tags": [ "rds:AddTagsToResource", "rds:RemoveTagsFromResource" diff --git a/src/mapping/aws/resource/rds/aws_rds_cluster_parameter_group.json b/src/mapping/aws/resource/rds/aws_rds_cluster_parameter_group.json index 6b004128..65b1adb4 100644 --- a/src/mapping/aws/resource/rds/aws_rds_cluster_parameter_group.json +++ b/src/mapping/aws/resource/rds/aws_rds_cluster_parameter_group.json @@ -1,21 +1,22 @@ -[ - { - "apply": [ - "rds:CreateDBClusterParameterGroup", - "rds:ModifyDBClusterParameterGroup", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DeleteDBClusterParameterGroup", - "rds:ListTagsForResource" - ], - "attributes": { - "tags": [ - "rds:AddTagsToResource", - "rds:RemoveTagsFromResource" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "rds:CreateDBClusterParameterGroup", + "rds:ModifyDBClusterParameterGroup", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DeleteDBClusterParameterGroup", + "rds:ListTagsForResource", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_cluster_snapshot_copy.json b/src/mapping/aws/resource/rds/aws_rds_cluster_snapshot_copy.json new file mode 100644 index 00000000..8d5c1bb5 --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_cluster_snapshot_copy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "rds:CopyDBSnapshot" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_custom_db_engine_version.json b/src/mapping/aws/resource/rds/aws_rds_custom_db_engine_version.json new file mode 100644 index 00000000..33626261 --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_custom_db_engine_version.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "rds:CopyCustomDBEngineVersion", + "rds:CreateCustomDBEngineVersion", + "rds:DeleteCustomDBEngineVersion", + "rds:ModifyCustomDBEngineVersion" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_export_task.json b/src/mapping/aws/resource/rds/aws_rds_export_task.json new file mode 100644 index 00000000..bd7511d0 --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_export_task.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "rds:DescribeExportTasks", + "rds:StartExportTask", + "rds:CancelExportTask", + "s3:PutObject*", + "s3:ListBucket", + "s3:GetObject*", + "s3:DeleteObject*", + "s3:GetBucketLocation", + "iam:GetRole", + "iam:PassRole", + "kms:Decrypt" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_global_cluster.json b/src/mapping/aws/resource/rds/aws_rds_global_cluster.json index 5e1a3ac7..a05246d0 100644 --- a/src/mapping/aws/resource/rds/aws_rds_global_cluster.json +++ b/src/mapping/aws/resource/rds/aws_rds_global_cluster.json @@ -1,19 +1,26 @@ -[ - { - "apply": [ - "rds:CreateGlobalCluster", - "rds:DescribeGlobalClusters", - "rds:DeleteGlobalCluster" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "rds:DeleteGlobalCluster" - ], - "modify": [ - "rds:ModifyGlobalCluster" - ], - "plan": [] - } -] +[ + { + "apply": [ + "rds:CreateGlobalCluster", + "rds:DescribeGlobalClusters", + "rds:DeleteGlobalCluster", + "rds:DescribeDBClusters", + "rds:RemoveFromGlobalCluster", + "rds:ModifyGlobalCluster" + ], + "attributes": { + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [ + "rds:DeleteGlobalCluster", + "rds:RemoveFromGlobalCluster" + ], + "modify": [ + "rds:ModifyGlobalCluster" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_instance_state.json b/src/mapping/aws/resource/rds/aws_rds_instance_state.json new file mode 100644 index 00000000..e4e1f863 --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_instance_state.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "rds:StartDBInstance", + "rds:StopDBInstance" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_integration.json b/src/mapping/aws/resource/rds/aws_rds_integration.json new file mode 100644 index 00000000..cf60b998 --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_integration.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "rds:CreateIntegration", + "rds:DescribeIntegrations", + "redshift:CreateInboundIntegration", + "rds:DeleteIntegration" + ], + "attributes": { + "kms_key_id": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [ + "rds:DeleteIntegration", + "rds:DescribeIntegrations" + ], + "modify": [ + "rds:DescribeIntegrations", + "rds:ModifyIntegration" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_reserved_instance.json b/src/mapping/aws/resource/rds/aws_rds_reserved_instance.json new file mode 100644 index 00000000..1ea613fc --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_reserved_instance.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "rds:PurchaseReservedDBInstancesOffering", + "rds:DescribeReservedDBInstancesOfferings" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_shard_group.json b/src/mapping/aws/resource/rds/aws_rds_shard_group.json new file mode 100644 index 00000000..a8c7ec8b --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_shard_group.json @@ -0,0 +1,33 @@ +[ + { + "apply": [ + "rds:CreateDBShardGroup", + "rds:DescribeDBClusters", + "rds:ListTagsForResource", + "rds:DeleteDBShardGroup", + "rds:ModifyDBShardGroup", + "rds:DescribeDBShardGroups" + ], + "attributes": { + "tags": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ] + }, + "destroy": [ + "rds:DeleteDBShardGroup", + "rds:DescribeDBClusters", + "rds:DescribeDbShardGroups" + ], + "modify": [ + "rds:DescribeDBShardGroups", + "rds:DescribeDBClusters", + "rds:ModifyDBShardGroup", + "rds:ListTagsForResource" + ], + "plan": [ + "rds:DescribeDBShardGroups", + "rds:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/redshift-data/aws_redshiftdata_statement.json b/src/mapping/aws/resource/redshift-data/aws_redshiftdata_statement.json new file mode 100644 index 00000000..bdec0f0b --- /dev/null +++ b/src/mapping/aws/resource/redshift-data/aws_redshiftdata_statement.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "redshift-data:DescribeStatement", + "redshift-data:ExecuteStatement", + "redshift-data:CancelStatement" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_custom_domain_association.json b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_custom_domain_association.json new file mode 100644 index 00000000..c315e6b2 --- /dev/null +++ b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_custom_domain_association.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "redshift-serverless:GetCustomDomainAssociation", + "redshift-serverless:CreateCustomDomainAssociation", + "redshift-serverless:DeleteCustomDomainAssociation", + "redshift-serverless:UpdateCustomDomainAssociation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_endpoint_access.json b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_endpoint_access.json new file mode 100644 index 00000000..4dc75ff7 --- /dev/null +++ b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_endpoint_access.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "redshift-serverless:GetEndpointAccess", + "redshift-serverless:CreateEndpointAccess", + "redshift-serverless:DeleteEndpointAccess", + "redshift-serverless:UpdateEndpointAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_namespace.json b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_namespace.json new file mode 100644 index 00000000..ed600bc0 --- /dev/null +++ b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_namespace.json @@ -0,0 +1,51 @@ +[ + { + "apply": [ + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "redshift-serverless:CreateNamespace", + "redshift-serverless:GetNamespace", + "redshift-serverless:ListSnapshotCopyConfigurations", + "redshift-serverless:CreateSnapshotCopyConfiguration", + "redshift:GetResourcePolicy", + "redshift:PutResourcePolicy", + "redshift-serverless:UpdateNamespace", + "redshift-serverless:DeleteNamespace", + "redshift-serverless:ListTagsForResource" + ], + "attributes": { + "kms_key_id": [ + "kms:TagResource", + "kms:UntagResource", + "kms:ScheduleKeyDeletion", + "kms:CancelKeyDeletion", + "kms:Encrypt", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKeyPair", + "kms:GenerateDataKey", + "kms:CreateGrant", + "kms:ListGrants", + "kms:RevokeGrant", + "kms:RetireGrant" + ], + "manage_admin_password": [ + "secretsmanager:CreateSecret", + "secretsmanager:TagResource", + "secretsmanager:RotateSecret", + "secretsmanager:DescribeSecret" + ], + "tags": [ + "redshift-serverless:TagResource", + "redshift-serverless:UntagResource" + ] + }, + "destroy": [ + "redshift-serverless:DeleteNamespace" + ], + "modify": [ + "redshift-serverless:UpdateNamespace" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_resource_policy.json b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_resource_policy.json new file mode 100644 index 00000000..7920c8c5 --- /dev/null +++ b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_resource_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "redshift-serverless:GetResourcePolicy", + "redshift-serverless:DeleteResourcePolicy", + "redshift-serverless:PutResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_snapshot.json b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_snapshot.json new file mode 100644 index 00000000..d1a5cf9d --- /dev/null +++ b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_snapshot.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "redshift-serverless:GetSnapshot", + "redshift-serverless:CreateSnapshot", + "redshift-serverless:DeleteSnapshot", + "redshift-serverless:UpdateSnapshot" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_usage_limit.json b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_usage_limit.json new file mode 100644 index 00000000..165e1327 --- /dev/null +++ b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_usage_limit.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "redshift-serverless:GetUsageLimit", + "redshift-serverless:CreateUsageLimit", + "redshift-serverless:DeleteUsageLimit", + "redshift-serverless:UpdateUsageLimit" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_workgroup.json b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_workgroup.json new file mode 100644 index 00000000..c317a930 --- /dev/null +++ b/src/mapping/aws/resource/redshift-serverless/aws_redshiftserverless_workgroup.json @@ -0,0 +1,46 @@ +[ + { + "apply": [ + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "redshift-serverless:CreateNamespace", + "redshift-serverless:CreateWorkgroup", + "redshift-serverless:GetWorkgroup", + "redshift-serverless:GetNamespace", + "redshift-serverless:DeleteWorkgroup", + "redshift-serverless:UpdateWorkgroup", + "redshift-serverless:ListTagsForResource", + "redshift-serverless:RestoreFromSnapshot", + "redshift-serverless:RestoreFromRecoveryPoint" + ], + "attributes": { + "tags": [ + "redshift-serverless:TagResource", + "redshift-serverless:UntagResource" + ] + }, + "destroy": [ + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "redshift-serverless:GetWorkgroup", + "redshift-serverless:GetNamespace", + "redshift-serverless:DeleteWorkgroup" + ], + "modify": [ + "redshift-serverless:UpdateWorkgroup", + "redshift-serverless:RestoreFromSnapshot", + "redshift-serverless:RestoreFromRecoveryPoint" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_cluster.json b/src/mapping/aws/resource/redshift/aws_redshift_cluster.json index 6e5be390..1c0d4965 100644 --- a/src/mapping/aws/resource/redshift/aws_redshift_cluster.json +++ b/src/mapping/aws/resource/redshift/aws_redshift_cluster.json @@ -1,38 +1,39 @@ -[ - { - "apply": [ - "redshift:DeleteCluster", - "redshift:CreateCluster", - "redshift:DescribeClusters", - "redshift:DescribeLoggingStatus", - "redshift:ModifyClusterIamRoles", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways" - ], - "attributes": { - "iam_roles": [ - "iam:PassRole" - ], - "logging": [ - "redshift:DisableLogging", - "redshift:EnableLogging" - ], - "tags": [ - "redshift:CreateTags", - "redshift:DeleteTags" - ] - }, - "destroy": [ - "redshift:DeleteCluster" - ], - "modify": [ - "redshift:ModifyCluster" - ], - "plan": [] - } -] +[ + { + "apply": [ + "redshift:DeleteCluster", + "redshift:CreateCluster", + "redshift:DescribeClusters", + "redshift:DescribeLoggingStatus", + "redshift:ModifyClusterIamRoles", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeInternetGateways", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "iam_roles": [ + "iam:PassRole" + ], + "logging": [ + "redshift:DisableLogging", + "redshift:EnableLogging" + ], + "tags": [ + "redshift:CreateTags", + "redshift:DeleteTags" + ] + }, + "destroy": [ + "redshift:DeleteCluster" + ], + "modify": [ + "redshift:ModifyCluster" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_cluster_snapshot.json b/src/mapping/aws/resource/redshift/aws_redshift_cluster_snapshot.json new file mode 100644 index 00000000..923c8449 --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_cluster_snapshot.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "redshift:DescribeClusterSnapshots", + "redshift:CreateClusterSnapshot", + "redshift:DeleteClusterSnapshot", + "redshift:ModifyClusterSnapshot", + "redshift:DescribeTags" + ], + "attributes": { + "tags": [ + "redshift:CreateTags", + "redshift:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_data_share_authorization.json b/src/mapping/aws/resource/redshift/aws_redshift_data_share_authorization.json new file mode 100644 index 00000000..f2f5790a --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_data_share_authorization.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "redshift:AuthorizeDataShare", + "redshift:DeauthorizeDataShare", + "redshift:DescribeDataShares" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_data_share_consumer_association.json b/src/mapping/aws/resource/redshift/aws_redshift_data_share_consumer_association.json new file mode 100644 index 00000000..69878ee1 --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_data_share_consumer_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "redshift:AssociateDataShareConsumer", + "redshift:DisassociateDataShareConsumer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_endpoint_access.json b/src/mapping/aws/resource/redshift/aws_redshift_endpoint_access.json new file mode 100644 index 00000000..a47c2a1f --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_endpoint_access.json @@ -0,0 +1,48 @@ +[ + { + "apply": [ + "redshift:CreateEndpointAccess", + "redshift:DescribeEndpointAccess", + "ec2:CreateClientVpnEndpoint", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets", + "redshift:ModifyEndpointAccess", + "ec2:ModifyClientVpnEndpoint", + "ec2:ModifyVpcEndpoint", + "redshift:DeleteEndpointAccess", + "ec2:DeleteClientVpnEndpoint", + "ec2:DeleteVpcEndpoint" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "redshift:DeleteEndpointAccess", + "redshift:DescribeEndpointAccess", + "ec2:DeleteClientVpnEndpoint", + "ec2:DeleteVpcEndpoint", + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoint" + ], + "modify": [ + "redshift:DescribeEndpointAccess", + "redshift:ModifyEndpointAccess", + "ec2:ModifyClientVpnEndpoint", + "ec2:ModifyVpcEndpoint", + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_endpoint_authorization.json b/src/mapping/aws/resource/redshift/aws_redshift_endpoint_authorization.json new file mode 100644 index 00000000..585e2b9f --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_endpoint_authorization.json @@ -0,0 +1,36 @@ +[ + { + "apply": [ + "redshift:AuthorizeEndpointAccess", + "redshift:DescribeEndpointAuthorization", + "redshift:RevokeEndpointAccess", + "redshift:DeleteEndpointAccess", + "ec2:DeleteClientVpnEndpoint", + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "redshift:RevokeEndpointAccess", + "redshift:DeleteEndpointAccess", + "redshift:DescribeEndpointAuthorization", + "ec2:DeleteClientVpnEndpoint", + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets" + ], + "modify": [ + "redshift:AuthorizeEndpointAccess", + "redshift:DescribeEndpointAuthorization", + "redshift:RevokeEndpointAccess" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_event_subscription.json b/src/mapping/aws/resource/redshift/aws_redshift_event_subscription.json index 8647b8a2..7e592826 100644 --- a/src/mapping/aws/resource/redshift/aws_redshift_event_subscription.json +++ b/src/mapping/aws/resource/redshift/aws_redshift_event_subscription.json @@ -1,22 +1,23 @@ -[ - { - "apply": [ - "redshift:CreateEventSubscription", - "redshift:DescribeEventSubscriptions", - "redshift:DeleteEventSubscription" - ], - "attributes": { - "tags": [ - "redshift:CreateTags", - "redshift:DeleteTags" - ] - }, - "destroy": [ - "redshift:DeleteEventSubscription" - ], - "modify": [ - "redshift:ModifyEventSubscription" - ], - "plan": [] - } -] +[ + { + "apply": [ + "redshift:CreateEventSubscription", + "redshift:DescribeEventSubscriptions", + "redshift:DeleteEventSubscription", + "redshift:ModifyEventSubscription" + ], + "attributes": { + "tags": [ + "redshift:CreateTags", + "redshift:DeleteTags" + ] + }, + "destroy": [ + "redshift:DeleteEventSubscription" + ], + "modify": [ + "redshift:ModifyEventSubscription" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_integration.json b/src/mapping/aws/resource/redshift/aws_redshift_integration.json new file mode 100644 index 00000000..e8870c6a --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_integration.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "redshift:CreateIntegration", + "redshift:DescribeIntegrations", + "redshift:DeleteIntegration", + "redshift:ModifyIntegration" + ], + "attributes": { + "tags": [ + "redshift:CreateTags", + "redshift:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_logging.json b/src/mapping/aws/resource/redshift/aws_redshift_logging.json new file mode 100644 index 00000000..e918f8d7 --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_logging.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "redshift:EnableLogging", + "redshift:DisableLogging", + "redshift:DescribeLoggingStatus" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_partner.json b/src/mapping/aws/resource/redshift/aws_redshift_partner.json new file mode 100644 index 00000000..52b77220 --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_partner.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "redshift:DescribePartners", + "redshift:AddPartner", + "redshift:DeletePartner", + "redshift:UpdatePartnerStatus" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_resource_policy.json b/src/mapping/aws/resource/redshift/aws_redshift_resource_policy.json new file mode 100644 index 00000000..99e283ce --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_resource_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "redshift:GetResourcePolicy", + "redshift:DeleteResourcePolicy", + "redshift:PutResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_scheduled_action.json b/src/mapping/aws/resource/redshift/aws_redshift_scheduled_action.json index 6bdfa7bb..d3ca444c 100644 --- a/src/mapping/aws/resource/redshift/aws_redshift_scheduled_action.json +++ b/src/mapping/aws/resource/redshift/aws_redshift_scheduled_action.json @@ -1,21 +1,24 @@ -[ - { - "apply": [ - "redshift:CreateScheduledAction", - "redshift:PauseCluster", - "iam:PassRole", - "redshift:DescribeScheduledActions", - "redshift:DeleteScheduledAction" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "redshift:DeleteScheduledAction" - ], - "modify": [ - "redshift:ModifyScheduledAction" - ], - "plan": [] - } -] +[ + { + "apply": [ + "redshift:CreateScheduledAction", + "redshift:PauseCluster", + "iam:PassRole", + "redshift:DescribeScheduledActions", + "redshift:DeleteScheduledAction", + "redshift:DescribeTags", + "redshift:ResumeCluster", + "redshift:ResizeCluster" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "redshift:DeleteScheduledAction" + ], + "modify": [ + "redshift:ModifyScheduledAction" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/redshift/aws_redshift_snapshot_copy.json b/src/mapping/aws/resource/redshift/aws_redshift_snapshot_copy.json new file mode 100644 index 00000000..33983483 --- /dev/null +++ b/src/mapping/aws/resource/redshift/aws_redshift_snapshot_copy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "redshift:DisableSnapshotCopy", + "redshift:EnableSnapshotCopy", + "redshift:ModifySnapshotCopyRetentionPeriod" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rekognition/aws_rekognition_collection.json b/src/mapping/aws/resource/rekognition/aws_rekognition_collection.json new file mode 100644 index 00000000..1fd5e6b4 --- /dev/null +++ b/src/mapping/aws/resource/rekognition/aws_rekognition_collection.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "rekognition:CreateCollection", + "rekognition:DescribeCollection", + "rekognition:ListTagsForResource", + "rekognition:DeleteCollection" + ], + "attributes": { + "tags": [ + "rekognition:TagResource", + "rekognition:UntagResource" + ] + }, + "destroy": [ + "rekognition:DeleteCollection" + ], + "modify": [ + "rekognition:DescribeCollection", + "rekognition:ListTagsForResource" + ], + "plan": [ + "rekognition:DescribeCollection", + "rekognition:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/rekognition/aws_rekognition_project.json b/src/mapping/aws/resource/rekognition/aws_rekognition_project.json new file mode 100644 index 00000000..ec16c46f --- /dev/null +++ b/src/mapping/aws/resource/rekognition/aws_rekognition_project.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "rekognition:DescribeProjects", + "rekognition:DeleteProject", + "rekognition:CreateProject" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "rekognition:DescribeProjects", + "rekognition:DeleteProject" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rekognition/aws_rekognition_stream_processor.json b/src/mapping/aws/resource/rekognition/aws_rekognition_stream_processor.json new file mode 100644 index 00000000..df103212 --- /dev/null +++ b/src/mapping/aws/resource/rekognition/aws_rekognition_stream_processor.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "rekognition:CreateStreamProcessor", + "iam:PassRole", + "rekognition:DescribeStreamProcessor", + "rekognition:ListTagsForResource", + "rekognition:DeleteStreamProcessor" + ], + "attributes": { + "tags": [ + "rekognition:TagResource", + "rekognition:UntagResource" + ] + }, + "destroy": [ + "rekognition:DeleteStreamProcessor" + ], + "modify": [ + "rekognition:ListTagsForResource", + "rekognition:DescribeStreamProcessor" + ], + "plan": [ + "rekognition:DescribeStreamProcessor", + "rekognition:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json b/src/mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json new file mode 100644 index 00000000..57bb912d --- /dev/null +++ b/src/mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "resiliencehub:CreateResiliencyPolicy", + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:UpdateResiliencyPolicy", + "resiliencehub:ListTagsForResource" + ], + "attributes": { + "tags": [ + "resiliencehub:TagResource", + "resiliencehub:UntagResource" + ] + }, + "destroy": [ + "resiliencehub:DeleteResiliencyPolicy" + ], + "modify": [ + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:UpdateResiliencyPolicy", + "resiliencehub:ListTagsForResource" + ], + "plan": [ + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_index.json b/src/mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_index.json new file mode 100644 index 00000000..2146df67 --- /dev/null +++ b/src/mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_index.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "resource-explorer-2:CreateIndex", + "resource-explorer-2:GetIndex", + "resource-explorer-2:UpdateIndexType", + "resource-explorer-2:DeleteIndex", + "iam:CreateServiceLinkedRole", + "resource-explorer-2:DeleteIndex", + "resource-explorer-2:GetIndex", + "resource-explorer-2:ListTagsForResource" + ], + "attributes": { + "tags": [ + "resource-explorer-2:TagResource", + "resource-explorer-2:UntagResource" + ] + }, + "destroy": [ + "resource-explorer-2:DeleteIndex", + "resource-explorer-2:GetIndex" + ], + "modify": [ + "resource-explorer-2:GetIndex", + "resource-explorer-2:UpdateIndexType", + "resource-explorer-2:ListTagsForResource" + ], + "plan": [ + "resource-explorer-2:GetIndex" + ] + } +] diff --git a/src/mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_view.json b/src/mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_view.json new file mode 100644 index 00000000..173ced84 --- /dev/null +++ b/src/mapping/aws/resource/resource-explorer-2/aws_resourceexplorer2_view.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "resource-explorer-2:CreateView", + "resource-explorer-2:DeleteView", + "resource-explorer-2:GetView", + "resource-explorer-2:UpdateView", + "resource-explorer-2:ListTagsForResource" + ], + "attributes": { + "tags": [ + "resource-explorer-2:TagResource", + "resource-explorer-2:UntagResource" + ] + }, + "destroy": [ + "resource-explorer-2:DeleteView", + "resource-explorer-2:GetView" + ], + "modify": [ + "resource-explorer-2:UpdateView", + "resource-explorer-2:ListTagsForResource" + ], + "plan": [ + "resource-explorer-2:GetView" + ] + } +] diff --git a/src/mapping/aws/resource/resource-groups/aws_resourcegroups_group.json b/src/mapping/aws/resource/resource-groups/aws_resourcegroups_group.json index 592cc84d..962f9d16 100644 --- a/src/mapping/aws/resource/resource-groups/aws_resourcegroups_group.json +++ b/src/mapping/aws/resource/resource-groups/aws_resourcegroups_group.json @@ -5,7 +5,8 @@ "resource-groups:GetGroup", "resource-groups:GetGroupQuery", "resource-groups:GetTags", - "resource-groups:DeleteGroup" + "resource-groups:DeleteGroup", + "resource:UpdateGroup" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json b/src/mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json new file mode 100644 index 00000000..48104d41 --- /dev/null +++ b/src/mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resource-groups:AssociateResource", + "resource-groups:DisassociateResource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rolesanywhere/aws_rolesanywhere_profile.json b/src/mapping/aws/resource/rolesanywhere/aws_rolesanywhere_profile.json new file mode 100644 index 00000000..913a1f77 --- /dev/null +++ b/src/mapping/aws/resource/rolesanywhere/aws_rolesanywhere_profile.json @@ -0,0 +1,40 @@ +[ + { + "apply": [ + "iam:GetRole", + "iam:GetPolicy", + "iam:PassRole", + "rolesanywhere:CreateProfile", + "rolesanywhere:DeleteAttributeMapping", + "rolesanywhere:DeleteProfile", + "rolesanywhere:DisableProfile", + "rolesanywhere:EnableProfile", + "rolesanywhere:GetProfile", + "rolesanywhere:ListTagsForResource", + "rolesanywhere:PutAttributeMapping", + "rolesanywhere:UpdateProfile" + ], + "attributes": { + "tags": [ + "rolesanywhere:TagResource", + "rolesanywhere:UntagResource" + ] + }, + "destroy": [ + "rolesanywhere:DeleteProfile" + ], + "modify": [ + "rolesanywhere:GetProfile", + "rolesanywhere:UpdateProfile", + "rolesanywhere:EnableProfile", + "rolesanywhere:DisableProfile", + "rolesanywhere:ListTagsForResource", + "rolesanywhere:PutAttributeMapping", + "rolesanywhere:DeleteAttributeMapping" + ], + "plan": [ + "rolesanywhere:GetProfile", + "rolesanywhere:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/rolesanywhere/aws_rolesanywhere_trust_anchor.json b/src/mapping/aws/resource/rolesanywhere/aws_rolesanywhere_trust_anchor.json new file mode 100644 index 00000000..969c7f0e --- /dev/null +++ b/src/mapping/aws/resource/rolesanywhere/aws_rolesanywhere_trust_anchor.json @@ -0,0 +1,40 @@ +[ + { + "apply": [ + "acm-pca:GetCertificateAuthorityCertificate", + "iam:CreateServiceLinkedRole", + "rolesanywhere:CreateTrustAnchor", + "rolesanywhere:DeleteTrustAnchor", + "rolesanywhere:DisableTrustAnchor", + "rolesanywhere:EnableTrustAnchor", + "rolesanywhere:GetTrustAnchor", + "rolesanywhere:ListTagsForResource", + "rolesanywhere:PutNotificationSettings", + "rolesanywhere:ResetNotificationSettings", + "rolesanywhere:UpdateTrustAnchor" + ], + "attributes": { + "tags": [ + "rolesanywhere:TagResource", + "rolesanywhere:UntagResource" + ] + }, + "destroy": [ + "rolesanywhere:DeleteTrustAnchor" + ], + "modify": [ + "acm-pca:GetCertificateAuthorityCertificate", + "rolesanywhere:ListTagsForResource", + "rolesanywhere:EnableTrustAnchor", + "rolesanywhere:DisableTrustAnchor", + "rolesanywhere:UpdateTrustAnchor", + "rolesanywhere:GetTrustAnchor", + "rolesanywhere:PutNotificationSettings", + "rolesanywhere:ResetNotificationSettings" + ], + "plan": [ + "rolesanywhere:GetTrustAnchor", + "rolesanywhere:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_cluster.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_cluster.json new file mode 100644 index 00000000..37a29942 --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_cluster.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "route53-recovery-control-config:CreateCluster", + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-control-config:DeleteCluster" + ], + "attributes": { + "tags": [ + "route53-recovery-control-config:TagResource", + "route53-recovery-control-config:UntagResource" + ] + }, + "destroy": [ + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:DeleteCluster" + ], + "modify": [ + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-control-config:UpdateCluster" + ], + "plan": [ + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_control_panel.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_control_panel.json new file mode 100644 index 00000000..f5d357c6 --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_control_panel.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "route53-recovery-control-config:CreateControlPanel", + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-control-config:DeleteControlPanel" + ], + "attributes": { + "tags": [ + "route53-recovery-control-config:TagResource", + "route53-recovery-control-config:UntagResource" + ] + }, + "destroy": [ + "route53-recovery-control-config:DeleteControlPanel", + "route53-recovery-control-config:DescribeControlPanel" + ], + "modify": [ + "route53-recovery-control-config:UpdateControlPanel", + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:ListTagsForResource" + ], + "plan": [ + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_routing_control.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_routing_control.json new file mode 100644 index 00000000..97fea50b --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_routing_control.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "route53-recovery-control-config:CreateRoutingControl", + "route53-recovery-control-config:DescribeRoutingControl", + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:DeleteRoutingControl", + "route53-recovery-control-config:UpdateRoutingControl" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "route53-recovery-control-config:DescribeRoutingControl", + "route53-recovery-control-config:DeleteRoutingControl" + ], + "modify": [ + "route53-recovery-control-config:UpdateRoutingControl", + "route53-recovery-control-config:DescribeRoutingControl", + "route53-recovery-control-config:DescribeControlPanel" + ], + "plan": [ + "route53-recovery-control-config:DescribeRoutingControl" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_safety_rule.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_safety_rule.json new file mode 100644 index 00000000..8bfabb64 --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoverycontrolconfig_safety_rule.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "route53-recovery-control-config:CreateSafetyRule", + "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:DescribeRoutingControl", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-control-config:DeleteSafetyRule", + "route53-recovery-control-config:UpdateSafetyRule" + ], + "attributes": { + "tags": [ + "route53-recovery-control-config:TagResource", + "route53-recovery-control-config:UntagResource" + ] + }, + "destroy": [ + "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:DeleteSafetyRule" + ], + "modify": [ + "route53-recovery-control-config:UpdateSafetyRule", + "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:ListTagsForResource" + ], + "plan": [ + "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_cell.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_cell.json new file mode 100644 index 00000000..019e0fb9 --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_cell.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "route53-recovery-readiness:CreateCell", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:DeleteCell", + "route53-recovery-readiness:ListTagsForResources", + "route53-recovery-readiness:UpdateCell" + ], + "attributes": { + "tags": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource" + ] + }, + "destroy": [ + "route53-recovery-readiness:DeleteCell", + "route53-recovery-readiness:GetCell" + ], + "modify": [ + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:ListTagsForResources", + "route53-recovery-readiness:UpdateCell" + ], + "plan": [ + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:ListTagsForResources" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_readiness_check.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_readiness_check.json new file mode 100644 index 00000000..f67de7b6 --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_readiness_check.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "route53-recovery-readiness:CreateReadinessCheck", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:ListTagsForResources", + "route53-recovery-readiness:DeleteReadinessCheck", + "route53-recovery-readiness:UpdateReadinessCheck" + ], + "attributes": { + "tags": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource" + ] + }, + "destroy": [ + "route53-recovery-readiness:DeleteReadinessCheck", + "route53-recovery-readiness:GetReadinessCheck" + ], + "modify": [ + "route53-recovery-readiness:UpdateReadinessCheck", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:ListTagsForResources" + ], + "plan": [ + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:ListTagsForResources" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_recovery_group.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_recovery_group.json new file mode 100644 index 00000000..3a93eb4d --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_recovery_group.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "route53-recovery-readiness:CreateRecoveryGroup", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:ListTagsForResources", + "route53-recovery-readiness:DeleteRecoveryGroup", + "route53-recovery-readiness:UpdateRecoveryGroup" + ], + "attributes": { + "tags": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource" + ] + }, + "destroy": [ + "route53-recovery-readiness:DeleteRecoveryGroup", + "route53-recovery-readiness:GetRecoveryGroup" + ], + "modify": [ + "route53-recovery-readiness:UpdateRecoveryGroup", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:ListTagsForResources" + ], + "plan": [ + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:ListTagsForResources" + ] + } +] diff --git a/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_resource_set.json b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_resource_set.json new file mode 100644 index 00000000..63152a19 --- /dev/null +++ b/src/mapping/aws/resource/route53-recovery-readiness/aws_route53recoveryreadiness_resource_set.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "route53-recovery-readiness:CreateResourceSet", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:ListTagsForResources", + "route53-recovery-readiness:DeleteResourceSet", + "route53-recovery-readiness:UpdateResourceSet" + ], + "attributes": { + "tags": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource" + ] + }, + "destroy": [ + "route53-recovery-readiness:DeleteResourceSet", + "route53-recovery-readiness:GetResourceSet" + ], + "modify": [ + "route53-recovery-readiness:UpdateResourceSet", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:ListTagsForResources" + ], + "plan": [ + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:ListTagsForResources" + ] + } +] diff --git a/src/mapping/aws/resource/route53/aws_route53_health_check.json b/src/mapping/aws/resource/route53/aws_route53_health_check.json index cae6a782..607cd603 100644 --- a/src/mapping/aws/resource/route53/aws_route53_health_check.json +++ b/src/mapping/aws/resource/route53/aws_route53_health_check.json @@ -1,24 +1,30 @@ -[ - { - "apply": [ - "route53:CreateHealthCheck", - "route53:DeleteHealthCheck", - "route53:GetHealthCheck", - "route53:GetHealthCheckCount", - "route53:GetHealthCheckLastFailureReason", - "route53:GetHealthCheckStatus", - "route53:ListHealthChecks", - "route53:ListTagsForResource", - "route53:ListTagsForResources", - "route53:UpdateHealthCheck" - ], - "attributes": { - "tags": [ - "route53:ChangeTagsForResource" - ] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "route53:CreateHealthCheck", + "route53:DeleteHealthCheck", + "route53:GetHealthCheck", + "route53:GetHealthCheckCount", + "route53:GetHealthCheckLastFailureReason", + "route53:GetHealthCheckStatus", + "route53:ListHealthChecks", + "route53:ListTagsForResource", + "route53:ListTagsForResources", + "route53:UpdateHealthCheck" + ], + "attributes": { + "cloudwatch_alarm_name": [ + "cloudwatch:DescribeAlarms" + ], + "routing_control_arN": [ + "route53-recovery-control-config:DescribeRoutingControl" + ], + "tags": [ + "route53:ChangeTagsForResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53/aws_route53_key_signing_key.json b/src/mapping/aws/resource/route53/aws_route53_key_signing_key.json index 6999de4d..e3309ed3 100644 --- a/src/mapping/aws/resource/route53/aws_route53_key_signing_key.json +++ b/src/mapping/aws/resource/route53/aws_route53_key_signing_key.json @@ -1,15 +1,29 @@ -[ - { - "apply": [ - "route53:CreateKeySigningKey", - "route53:DeactivateKeySigningKey", - "route53:DeleteKeySigningKey" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "route53:CreateKeySigningKey", + "route53:DeactivateKeySigningKey", + "route53:DeleteKeySigningKey", + "route53:ActivateKeySigningKey", + "route53:GetDNSSEC" + ], + "attributes": { + "key_management_service_arn": [ + "kms:Sign", + "kms:CreateGrant", + "kms:DescribeKey", + "kms:GetPublicKey" + ], + "tags": [] + }, + "destroy": [], + "modify": [ + "route53:GetDNSSEC", + "route53:ActivateKeySigningKey", + "route53:DeactivateKeySigningKey" + ], + "plan": [ + "route53:GetDNSSEC" + ] + } +] diff --git a/src/mapping/aws/resource/route53/aws_route53_records_exclusive.json b/src/mapping/aws/resource/route53/aws_route53_records_exclusive.json new file mode 100644 index 00000000..5529d710 --- /dev/null +++ b/src/mapping/aws/resource/route53/aws_route53_records_exclusive.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "route53:ChangeResourceRecordSets" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53/aws_route53_zone.json b/src/mapping/aws/resource/route53/aws_route53_zone.json index 71542e4d..e541f209 100644 --- a/src/mapping/aws/resource/route53/aws_route53_zone.json +++ b/src/mapping/aws/resource/route53/aws_route53_zone.json @@ -5,7 +5,8 @@ "route53:GetChange", "route53:GetHostedZone", "route53:ListTagsForResource", - "route53:ListResourceRecordSets" + "route53:ListResourceRecordSets", + "route53:GetDNSSEC" ], "attributes": { "tags": [ @@ -17,7 +18,8 @@ ] }, "destroy": [ - "route53:DeleteHostedZone" + "route53:DeleteHostedZone", + "route53:GetDNSSEC" ], "modify": [ "route53:DeleteHostedZone", diff --git a/src/mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json b/src/mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json new file mode 100644 index 00000000..90ed32a2 --- /dev/null +++ b/src/mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "route53domains:AssociateDelegationSignerToDomain", + "route53domains:DisassociateDelegationSignerFromDomain" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53domains/aws_route53domains_domain.json b/src/mapping/aws/resource/route53domains/aws_route53domains_domain.json new file mode 100644 index 00000000..20ac9c21 --- /dev/null +++ b/src/mapping/aws/resource/route53domains/aws_route53domains_domain.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "route53domains:DeleteDomain", + "route53domains:UpdateDomainContact", + "route53domains:RegisterDomain", + "route53domains:EnableDomainAutoRenew", + "route53domains:UpdateDomainContactPrivacy", + "route53domains:ListTagsForDomain", + "route53domains:GetDomainDetail" + ], + "attributes": { + "tags": [ + "route53domains:DeleteTagsForDomain", + "route53domains:UpdateTagsForDomain" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json b/src/mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json new file mode 100644 index 00000000..bea105aa --- /dev/null +++ b/src/mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "route53domains:UpdateDomainContact", + "route53domains:EnableDomainAutoRenew", + "route53domains:UpdateDomainContactPrivacy", + "route53domains:ListTagsForDomain", + "route53domains:GetDomainDetail", + "route53domains:ListTagsForDomain" + ], + "attributes": { + "tags": [ + "route53domains:DeleteTagsForDomain", + "route53domains:UpdateTagsForDomain" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53profiles/aws_route53profiles_association.json b/src/mapping/aws/resource/route53profiles/aws_route53profiles_association.json new file mode 100644 index 00000000..82537fdd --- /dev/null +++ b/src/mapping/aws/resource/route53profiles/aws_route53profiles_association.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "route53profiles:AssociateProfile", + "route53profiles:GetProfileAssociation", + "ec2:DescribeVpcs", + "route53profiles:ListTagsForResource", + "route53profiles:DisassociateProfile" + ], + "attributes": { + "tags": [ + "route53profiles:TagResource", + "route53profiles:UntagResource" + ] + }, + "destroy": [ + "route53profiles:DisassociateProfile", + "route53profiles:GetProfileAssociation", + "route53profiles:ListTagsForResource" + ], + "modify": [ + "route53profiles:GetProfileAssociation", + "route53profiles:ListTagsForResource" + ], + "plan": [ + "route53profiles:GetProfileAssociation", + "route53profiles:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/route53profiles/aws_route53profiles_profile.json b/src/mapping/aws/resource/route53profiles/aws_route53profiles_profile.json new file mode 100644 index 00000000..b3e8ee9c --- /dev/null +++ b/src/mapping/aws/resource/route53profiles/aws_route53profiles_profile.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "route53profiles:CreateProfile", + "route53profiles:GetProfile", + "route53profiles:ListTagsForResource", + "route53profiles:DeleteProfile" + ], + "attributes": { + "tags": [ + "route53profiles:TagResource", + "route53profiles:UntagResource" + ] + }, + "destroy": [ + "route53profiles:DeleteProfile", + "route53profiles:GetProfile", + "route53profiles:ListTagsForResource" + ], + "modify": [ + "route53profiles:GetProfile", + "route53profiles:ListTagsForResource" + ], + "plan": [ + "route53profiles:GetProfile", + "route53profiles:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json b/src/mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json new file mode 100644 index 00000000..be9e744b --- /dev/null +++ b/src/mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "route53profiles:AssociateResourceToProfile", + "route53profiles:GetProfileResourceAssociation", + "route53profiles:UpdateProfileResourceAssociation", + "route53profiles:DisassociateResourceFromProfile" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "route53profiles:DisassociateResourceFromProfile", + "route53profiles:GetProfileResourceAssociation" + ], + "modify": [ + "route53profiles:UpdateProfileResourceAssociation", + "route53profiles:GetProfileResourceAssociation" + ], + "plan": [ + "route53profiles:GetProfileResourceAssociation" + ] + } +] diff --git a/src/mapping/aws/resource/route53resolver/aws_route53_resolver_config.json b/src/mapping/aws/resource/route53resolver/aws_route53_resolver_config.json index eaf752eb..95328792 100644 --- a/src/mapping/aws/resource/route53resolver/aws_route53_resolver_config.json +++ b/src/mapping/aws/resource/route53resolver/aws_route53_resolver_config.json @@ -3,7 +3,8 @@ "apply": [ "route53resolver:UpdateResolverConfig", "route53resolver:GetResolverConfig", - "route53resolver:ListResolverConfigs" + "route53resolver:ListResolverConfigs", + "ec2:DescribeVpcs" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/route53resolver/aws_route53_resolver_query_log_config.json b/src/mapping/aws/resource/route53resolver/aws_route53_resolver_query_log_config.json index ab8259e5..97f044e3 100644 --- a/src/mapping/aws/resource/route53resolver/aws_route53_resolver_query_log_config.json +++ b/src/mapping/aws/resource/route53resolver/aws_route53_resolver_query_log_config.json @@ -1,19 +1,41 @@ [ { "apply": [ - "route53resolver:CreateResolverQueryLogConfig", - "route53resolver:GetResolverQueryLogConfig" + "iam:CreateServiceLinked", + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "resolverquerylogging:CreateConfig", + "resolverquerylogging:DeleteConfig", + "resolverquerylogging:GetConfig", + "resolverquerylogging:ListConfig", + "route53resolver:DeleteResolverQueryLogConfig", + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:ListTagsForResource", + "route53resolver:ListResolverQueryLogConfigs" ], "attributes": { "tags": [ - "route53resolver:ListTagsForResource", - "route53resolver:TagResource" + "route53resolver:TagResource", + "route53resolver:UntagResource" ] }, "destroy": [ - "route53resolver:DeleteResolverQueryLogConfig" + "route53resolver:DeleteResolverQueryLogConfig", + "resolverquerylogging:DeleteConfig", + "resolverquerylogging:ListConfig" ], "modify": [], - "plan": [] + "plan": [ + "resolverquerylogging:GetConfig", + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:ListTagsForResource", + "route53resolver:ListResolverQueryLogConfigs" + ] } ] diff --git a/src/mapping/aws/resource/route53resolver/aws_route53_resolver_rule_association.json b/src/mapping/aws/resource/route53resolver/aws_route53_resolver_rule_association.json index 710c11e4..ecd434e1 100644 --- a/src/mapping/aws/resource/route53resolver/aws_route53_resolver_rule_association.json +++ b/src/mapping/aws/resource/route53resolver/aws_route53_resolver_rule_association.json @@ -2,7 +2,8 @@ { "apply": [ "route53resolver:AssociateResolverRule", - "route53resolver:GetResolverRuleAssociation" + "route53resolver:GetResolverRuleAssociation", + "ec2:DescribeVpcs" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/rum/aws_rum_app_monitor.json b/src/mapping/aws/resource/rum/aws_rum_app_monitor.json new file mode 100644 index 00000000..7c3f612c --- /dev/null +++ b/src/mapping/aws/resource/rum/aws_rum_app_monitor.json @@ -0,0 +1,111 @@ +[ + { + "apply": [ + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:UpdateItem", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:PassRole", + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:PutResourcePolicy", + "logs:PutRetentionPolicy", + "logs:UpdateLogDelivery", + "rum:BatchCreateRumMetricDefinitions", + "rum:BatchDeleteRumMetricDefinitions", + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy", + "rum:CreateAppMonitor", + "rum:DeleteRumMetricsDestination", + "rum:GetAppMonitor", + "rum:ListRumMetricsDestinations", + "rum:ListTagsForResource", + "rum:PutRumMetricsDestination", + "rum:UpdateAppMonitor", + "rum:UpdateRumMetricDefinition", + "s3:DeleteObject", + "s3:DoesObjectExist", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject" + ], + "attributes": { + "identity_pool_id": [ + "cognito-identity:DescribeIdentityPool" + ], + "tags": [ + "rum:TagResource", + "rum:UntagResource" + ] + }, + "destroy": [ + "rum:GetAppMonitor", + "rum:DeleteAppMonitor", + "dynamodb:DeleteItem", + "dynamodb:Query", + "logs:DeleteLogDelivery", + "s3:DeleteObject", + "s3:DoesObjectExist", + "rum:ListTagsForResource", + "rum:DeleteRumMetricsDestination", + "rum:BatchDeleteRumMetricDefinitions", + "rum:ListRumMetricsDestinations", + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy" + ], + "modify": [ + "rum:GetAppMonitor", + "rum:UpdateAppMonitor", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:Query", + "s3:GetObject", + "s3:PutObject", + "s3:GetObjectAcl", + "s3:DoesObjectExist", + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "logs:PutRetentionPolicy", + "rum:ListTagsForResource", + "iam:GetRole", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "rum:PutRumMetricsDestination", + "rum:DeleteRumMetricsDestination", + "rum:ListRumMetricsDestinations", + "rum:BatchCreateRumMetricDefinitions", + "rum:BatchDeleteRumMetricDefinitions", + "rum:BatchGetRumMetricDefinitions", + "rum:UpdateRumMetricDefinition", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy" + ], + "plan": [ + "rum:GetAppMonitor", + "dynamodb:GetItem", + "s3:GetObject", + "s3:DoesObjectExist", + "s3:GetObjectAcl", + "rum:ListTagsForResource", + "rum:ListRumMetricsDestinations", + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy" + ] + } +] diff --git a/src/mapping/aws/resource/rum/aws_rum_metrics_destination.json b/src/mapping/aws/resource/rum/aws_rum_metrics_destination.json new file mode 100644 index 00000000..b5bb702e --- /dev/null +++ b/src/mapping/aws/resource/rum/aws_rum_metrics_destination.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "rum:DeleteRumMetricsDestination", + "rum:PutRumMetricsDestination" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-express/aws_s3_directory_bucket.json b/src/mapping/aws/resource/s3-express/aws_s3_directory_bucket.json new file mode 100644 index 00000000..b2e17215 --- /dev/null +++ b/src/mapping/aws/resource/s3-express/aws_s3_directory_bucket.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "s3express:DeleteBucket", + "s3express:CreateBucket" + ], + "attributes": {}, + "destroy": [ + "s3express:DeleteBucket" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json new file mode 100644 index 00000000..1ee42eca --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "s3:DeleteAccessGrantsInstanceResourcePolicy", + "s3:PutAccessGrantsInstanceResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket.json new file mode 100644 index 00000000..d9afe132 --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "s3-outposts:DeleteBucket", + "s3-outposts:CreateBucket", + "s3-outposts:GetLifecycleConfiguration", + "s3-outposts:PutLifecycleConfiguration", + "s3-outposts:PutObjectAcl", + "s3-outposts:GetBucketPolicy", + "s3-outposts:GetBucketVersioning" + ], + "attributes": { + "tags": [ + "s3-outposts:GetBucketTagging", + "s3-outposts:PutBucketTagging" + ] + }, + "destroy": [ + "s3-outposts:DeleteBucket" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json new file mode 100644 index 00000000..6ba6f4ce --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:PutReplicationConfiguration", + "s3-outposts:PutLifecycleConfiguration", + "s3-outposts:GetLifecycleConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json new file mode 100644 index 00000000..c267f0d6 --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:GetBucketPolicy", + "s3-outposts:DeleteBucketPolicy", + "s3-outposts:PutBucketPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json new file mode 100644 index 00000000..3f5ff17e --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:CreateAccessPoint", + "s3-outposts:DeleteAccessPoint", + "s3-outposts:GetAccessPoint" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json new file mode 100644 index 00000000..f4435fa5 --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:GetAccessPointPolicy", + "s3-outposts:DeleteAccessPointPolicy", + "s3-outposts:PutAccessPointPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3outposts_endpoint.json b/src/mapping/aws/resource/s3-outposts/aws_s3outposts_endpoint.json new file mode 100644 index 00000000..f7f848d0 --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3outposts_endpoint.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "s3-outposts:CreateEndpoint", + "s3-outposts:DeleteEndpoint", + "s3-outposts:ListEndpoints" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3-outposts:DeleteEndpoint" + ], + "modify": [], + "plan": [ + "s3-outposts:ListEndpoints" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3_access_point.json b/src/mapping/aws/resource/s3/aws_s3_access_point.json new file mode 100644 index 00000000..c1e271f7 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3_access_point.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "s3:CreateAccessPoint", + "s3:DeleteAccessPointPolicy", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:PutAccessPointPolicy", + "s3:PutAccessPointPublicAccessBlock" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3:DeleteAccessPointPolicy", + "s3:DeleteAccessPoint" + ], + "modify": [ + "s3:PutAccessPointPolicy", + "s3:PutAccessPointPublicAccessBlock", + "s3:DeleteAccessPointPolicy", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy" + ], + "plan": [ + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3_account_public_access_block.json b/src/mapping/aws/resource/s3/aws_s3_account_public_access_block.json new file mode 100644 index 00000000..42b7175b --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3_account_public_access_block.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "s3:PutAccountPublicAccessBlock", + "s3:GetAccountPublicAccessBlock" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3_bucket.json b/src/mapping/aws/resource/s3/aws_s3_bucket.json index 9226811d..d55420a2 100644 --- a/src/mapping/aws/resource/s3/aws_s3_bucket.json +++ b/src/mapping/aws/resource/s3/aws_s3_bucket.json @@ -1,41 +1,41 @@ -[ - { - "apply": [ - "s3:DeleteBucket", - "s3:CreateBucket" - ], - "attributes": { - "object_lock_enabled": [ - "s3:GetBucketObjectLockConfiguration", - "s3:PutBucketObjectLockConfiguration", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObject" - ], - "tag": [ - "s3:PutBucketTagging" - ] - }, - "destroy": [ - "s3:DeleteBucket" - ], - "plan": [ - "s3:GetLifecycleConfiguration", - "s3:GetBucketTagging", - "s3:GetBucketWebsite", - "s3:GetBucketLogging", - "s3:ListBucket", - "s3:GetAccelerateConfiguration", - "s3:GetBucketVersioning", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetReplicationConfiguration", - "s3:GetBucketObjectLockConfiguration", - "s3:GetObjectAcl", - "s3:GetObject", - "s3:GetEncryptionConfiguration", - "s3:GetBucketRequestPayment", - "s3:GetBucketCORS" - ] - } -] +[ + { + "apply": [ + "s3:DeleteBucket", + "s3:CreateBucket" + ], + "attributes": { + "object_lock_enabled": [ + "s3:GetBucketObjectLockConfiguration", + "s3:PutBucketObjectLockConfiguration", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObject" + ], + "tags": [ + "s3:PutBucketTagging" + ] + }, + "destroy": [ + "s3:DeleteBucket" + ], + "plan": [ + "s3:GetLifecycleConfiguration", + "s3:GetBucketTagging", + "s3:GetBucketWebsite", + "s3:GetBucketLogging", + "s3:ListBucket", + "s3:GetAccelerateConfiguration", + "s3:GetBucketVersioning", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:GetReplicationConfiguration", + "s3:GetBucketObjectLockConfiguration", + "s3:GetObjectAcl", + "s3:GetObject", + "s3:GetEncryptionConfiguration", + "s3:GetBucketRequestPayment", + "s3:GetBucketCORS" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3_bucket_analytics_configuration.json b/src/mapping/aws/resource/s3/aws_s3_bucket_analytics_configuration.json new file mode 100644 index 00000000..b69bbb08 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3_bucket_analytics_configuration.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "s3:GetBucketAnalyticsConfiguration", + "s3:PutBucketAnalyticsConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3:DeleteBucketAnalyticsConfiguration" + ], + "modify": [], + "plan": [ + "s3:GetBucketAnalyticsConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3_bucket_ownership_controls.json b/src/mapping/aws/resource/s3/aws_s3_bucket_ownership_controls.json index ba178a1a..c5e7395a 100644 --- a/src/mapping/aws/resource/s3/aws_s3_bucket_ownership_controls.json +++ b/src/mapping/aws/resource/s3/aws_s3_bucket_ownership_controls.json @@ -1,9 +1,8 @@ [ { "apply": [ - "s3:GetIntelligentTieringConfiguration", - "s3:PutIntelligentTieringConfiguration", - "ec2:DescribeAccountAttributes" + "s3:PutBucketOwnershipControls", + "s3:GetBucketOwnershipControls" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/s3/aws_s3_bucket_policy.json b/src/mapping/aws/resource/s3/aws_s3_bucket_policy.json index a7f7081b..a6be84c7 100644 --- a/src/mapping/aws/resource/s3/aws_s3_bucket_policy.json +++ b/src/mapping/aws/resource/s3/aws_s3_bucket_policy.json @@ -1,13 +1,17 @@ -[ - { - "apply": [ - "s3:PutBucketPolicy" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "s3:PutBucketPolicy", + "s3:GetBucketPolicy", + "s3:DeleteBucketPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3:DeleteBucketPolicy" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3_object_copy.json b/src/mapping/aws/resource/s3/aws_s3_object_copy.json new file mode 100644 index 00000000..6a13bfa2 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3_object_copy.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "s3:PutObject", + "s3:GetObject", + "s3:GetObjectTagging", + "s3:ListBucketVersions", + "s3:DeleteObjectVersion" + ], + "attributes": { + "kms": [ + "kms:DescribeKey", + "kms:Encrypt" + ], + "tags": [] + }, + "destroy": [ + "s3:ListBucketVersions", + "s3:DeleteObjectVersion" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_access_grant.json b/src/mapping/aws/resource/s3/aws_s3control_access_grant.json new file mode 100644 index 00000000..c06c8543 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_access_grant.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "s3:CreateAccessGrant", + "s3:DeleteAccessGrant", + "s3:GetAccessGrant" + ], + "attributes": { + "tags": [ + "s3:TagResource" + ] + }, + "destroy": [ + "s3:DeleteAccessGrant" + ], + "modify": [], + "plan": [ + "s3:GetAccessGrant" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_access_grants_instance.json b/src/mapping/aws/resource/s3/aws_s3control_access_grants_instance.json new file mode 100644 index 00000000..caad86f8 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_access_grants_instance.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "s3:CreateAccessGrantsInstance", + "s3:DeleteAccessGrantsInstance", + "s3:GetAccessGrantsInstance" + ], + "attributes": { + "tags": [ + "s3:TagResource" + ] + }, + "destroy": [ + "s3:DeleteAccessGrantsInstance" + ], + "modify": [], + "plan": [ + "s3:GetAccessGrantsInstance" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_access_grants_location.json b/src/mapping/aws/resource/s3/aws_s3control_access_grants_location.json new file mode 100644 index 00000000..f1cc7802 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_access_grants_location.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "s3:CreateAccessGrantsLocation", + "iam:PassRole", + "s3:GetAccessGrantsLocation", + "s3:DeleteAccessGrantsLocation" + ], + "attributes": { + "tags": [ + "s3:TagResource" + ] + }, + "destroy": [ + "s3:DeleteAccessGrantsLocation" + ], + "modify": [ + "s3:UpdateAccessGrantsLocation", + "s3:TagResource", + "iam:PassRole" + ], + "plan": [ + "s3:GetAccessGrantsLocation" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_access_point_policy.json b/src/mapping/aws/resource/s3/aws_s3control_access_point_policy.json new file mode 100644 index 00000000..14dd9c6d --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_access_point_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3:GetAccessPointPolicy", + "s3:DeleteAccessPointPolicy", + "s3:PutAccessPointPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_multi_region_access_point.json b/src/mapping/aws/resource/s3/aws_s3control_multi_region_access_point.json new file mode 100644 index 00000000..f680aa93 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_multi_region_access_point.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "s3:CreateMultiRegionAccessPoint", + "s3:DescribeMultiRegionAccessPointOperation", + "s3:DeleteMultiRegionAccessPoint", + "s3:GetMultiRegionAccessPoint" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3:DeleteMultiRegionAccessPoint", + "s3:DescribeMultiRegionAccessPointOperation", + "s3:GetMultiRegionAccessPoint" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_multi_region_access_point_policy.json b/src/mapping/aws/resource/s3/aws_s3control_multi_region_access_point_policy.json new file mode 100644 index 00000000..677e1785 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_multi_region_access_point_policy.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "s3:DescribeMultiRegionAccessPointOperation", + "s3:GetMultiRegionAccessPoint", + "s3:GetMultiRegionAccessPointPolicy", + "s3:PutMultiRegionAccessPointPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3:GetMultiRegionAccessPointPolicy", + "s3:GetMultiRegionAccessPoint" + ], + "modify": [ + "s3:PutMultiRegionAccessPointPolicy", + "s3:DescribeMultiRegionAccessPointOperation" + ], + "plan": [ + "s3:GetMultiRegionAccessPointPolicy", + "s3:GetMultiRegionAccessPointPolicyStatus" + ] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json b/src/mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json new file mode 100644 index 00000000..0fa0ee9c --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "s3:GetStorageLensConfiguration", + "s3:PutStorageLensConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3control/aws_s3control_directory_bucket_access_point_scope.json b/src/mapping/aws/resource/s3control/aws_s3control_directory_bucket_access_point_scope.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/s3control/aws_s3control_directory_bucket_access_point_scope.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3tables/aws_s3tables_namespace.json b/src/mapping/aws/resource/s3tables/aws_s3tables_namespace.json new file mode 100644 index 00000000..c9db6939 --- /dev/null +++ b/src/mapping/aws/resource/s3tables/aws_s3tables_namespace.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "s3tables:CreateNamespace", + "s3tables:GetNamespace", + "s3tables:DeleteNamespace" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3tables:DeleteNamespace" + ], + "modify": [], + "plan": [ + "s3tables:GetNamespace" + ] + } +] diff --git a/src/mapping/aws/resource/s3tables/aws_s3tables_table.json b/src/mapping/aws/resource/s3tables/aws_s3tables_table.json new file mode 100644 index 00000000..090ef6cb --- /dev/null +++ b/src/mapping/aws/resource/s3tables/aws_s3tables_table.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "s3tables:GetTable", + "s3tables:CreateTable", + "s3tables:DeleteTable" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3tables:DeleteTable" + ], + "modify": [], + "plan": [ + "s3tables:GetTable" + ] + } +] diff --git a/src/mapping/aws/resource/s3tables/aws_s3tables_table_bucket.json b/src/mapping/aws/resource/s3tables/aws_s3tables_table_bucket.json new file mode 100644 index 00000000..f8ef7441 --- /dev/null +++ b/src/mapping/aws/resource/s3tables/aws_s3tables_table_bucket.json @@ -0,0 +1,33 @@ +[ + { + "apply": [ + "s3tables:CreateTableBucket", + "s3tables:PutTableBucketMaintenanceConfiguration", + "s3tables:PutTableBucketEncryption", + "s3tables:GetTableBucket", + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption", + "kms:DescribeKey", + "s3tables:DeleteTableBucket" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3tables:DeleteTableBucket" + ], + "modify": [ + "s3tables:PutTableBucketMaintenanceConfiguration", + "s3tables:PutTableBucketEncryption", + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption", + "s3tables:GetTableBucket", + "kms:DescribeKey" + ], + "plan": [ + "s3tables:GetTableBucket", + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption" + ] + } +] diff --git a/src/mapping/aws/resource/s3tables/aws_s3tables_table_bucket_policy.json b/src/mapping/aws/resource/s3tables/aws_s3tables_table_bucket_policy.json new file mode 100644 index 00000000..5856b55c --- /dev/null +++ b/src/mapping/aws/resource/s3tables/aws_s3tables_table_bucket_policy.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "s3tables:GetTableBucket", + "s3tables:GetTableBucketPolicy", + "s3tables:PutTableBucketPolicy", + "s3tables:DeleteTableBucketPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3tables:GetTableBucketPolicy", + "s3tables:DeleteTableBucketPolicy" + ], + "modify": [ + "s3tables:GetTableBucketPolicy", + "s3tables:PutTableBucketPolicy" + ], + "plan": [ + "s3tables:GetTableBucketPolicy" + ] + } +] diff --git a/src/mapping/aws/resource/s3tables/aws_s3tables_table_policy.json b/src/mapping/aws/resource/s3tables/aws_s3tables_table_policy.json new file mode 100644 index 00000000..943cf84f --- /dev/null +++ b/src/mapping/aws/resource/s3tables/aws_s3tables_table_policy.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "s3tables:GetTablePolicy", + "s3tables:DeleteTablePolicy", + "s3tables:PutTablePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "s3tables:DeleteTablePolicy" + ], + "modify": [], + "plan": [ + "s3tables:GetTablePolicy" + ] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json index 1acb503a..affd4be4 100644 --- a/src/mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json @@ -4,7 +4,9 @@ "sagemaker:CreateDataQualityJobDefinition", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DeleteDataQualityJobDefinition", - "sagemaker:UpdateDataQualityJobDefinition" + "sagemaker:UpdateDataQualityJobDefinition", + "iam:PassRole", + "sagemaker:ListTags" ], "attributes": { "tags": [ @@ -12,8 +14,13 @@ "sagemaker:DeleteTags" ] }, - "destroy": [], + "destroy": [ + "sagemaker:DeleteDataQualityJobDefinition" + ], "modify": [], - "plan": [] + "plan": [ + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:ListTags" + ] } ] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_device.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_device.json index 6ca9f77f..001253c4 100644 --- a/src/mapping/aws/resource/sagemaker/aws_sagemaker_device.json +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_device.json @@ -3,13 +3,16 @@ "apply": [ "sagemaker:DescribeDevice", "sagemaker:RegisterDevices", - "sagemaker:DeregisterDevices" + "sagemaker:DeregisterDevices", + "sagemaker:UpdateDevices" ], "attributes": { "tags": [] }, "destroy": [], - "modify": [], + "modify": [ + "sagemaker:UpdateDevices" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json index 0548cc84..820b5861 100644 --- a/src/mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json @@ -1,24 +1,33 @@ -[ - { - "apply": [ - "sagemaker:CreateFeatureGroup", - "sagemaker:DeleteFeatureGroup", - "sagemaker:DescribeFeatureGroup", - "sagemaker:UpdateFeatureGroup", - "iam:PassRole" - ], - "attributes": { - "tags": [ - "sagemaker:AddTags", - "sagemaker:DeleteTags" - ] - }, - "destroy": [ - "sagemaker:DeleteFeatureGroup" - ], - "modify": [ - "sagemaker:UpdateFeatureGroup" - ], - "plan": [] - } -] +[ + { + "apply": [ + "sagemaker:CreateFeatureGroup", + "sagemaker:DeleteFeatureGroup", + "sagemaker:DescribeFeatureGroup", + "sagemaker:UpdateFeatureGroup", + "iam:PassRole" + ], + "attributes": { + "data_catalog_config": [ + "glue:GetTable", + "glue:CreateDatabase", + "glue:GetDatabase" + ], + "kms_key_id": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteFeatureGroup" + ], + "modify": [ + "sagemaker:UpdateFeatureGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_flow_definition.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_flow_definition.json new file mode 100644 index 00000000..3a3c9608 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_flow_definition.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "sagemaker:DescribeFlowDefinition", + "sagemaker:CreateFlowDefinition", + "sagemaker:DeleteFlowDefinition", + "sagemaker:ListTags" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_hub.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_hub.json new file mode 100644 index 00000000..5f8f427f --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_hub.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "sagemaker:DescribeHub", + "sagemaker:CreateHub", + "sagemaker:DeleteHub", + "sagemaker:UpdateHub", + "sagemaker:ListTags" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_human_task_ui.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_human_task_ui.json new file mode 100644 index 00000000..4314536f --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_human_task_ui.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "sagemaker:CreateHumanTaskUi", + "sagemaker:DescribeHumanTaskUi", + "sagemaker:ListTags", + "sagemaker:DeleteHumanTaskUi" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_mlflow_tracking_server.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_mlflow_tracking_server.json new file mode 100644 index 00000000..52ce40f9 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_mlflow_tracking_server.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "sagemaker:DescribeMlflowTrackingServer", + "sagemaker:CreateMlflowTrackingServer", + "sagemaker:DeleteMlflowTrackingServer", + "sagemaker:UpdateMlflowTrackingServer", + "sagemaker:ListTags" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json index 7b06dd2c..a6d929bd 100644 --- a/src/mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json @@ -4,7 +4,8 @@ "sagemaker:CreateMonitoringSchedule", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DescribeMonitoringSchedule", - "sagemaker:UpdateMonitoringSchedule" + "sagemaker:UpdateMonitoringSchedule", + "iam:PassRole" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json index 53230502..c729586c 100644 --- a/src/mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json @@ -4,7 +4,8 @@ "sagemaker:DescribePipeline", "sagemaker:CreatePipeline", "sagemaker:DeletePipeline", - "sagemaker:UpdatePipeline" + "sagemaker:UpdatePipeline", + "iam:PassRole" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_project.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_project.json index d6d9abd7..cfa3bf25 100644 --- a/src/mapping/aws/resource/sagemaker/aws_sagemaker_project.json +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_project.json @@ -4,7 +4,14 @@ "sagemaker:DescribeProject", "sagemaker:CreateProject", "sagemaker:DeleteProject", - "sagemaker:UpdateProject" + "sagemaker:UpdateProject", + "sagemaker:ListTags", + "servicecatalog:DescribeProduct", + "servicecatalog:DescribeProvisioningArtifact", + "servicecatalog:ProvisionProduct", + "servicecatalog:DescribeRecord", + "servicecatalog:DescribeProvisionedProduct", + "servicecatalog:TerminateProvisionedProduct" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json index f2e71ec3..39a03bff 100644 --- a/src/mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json @@ -4,7 +4,10 @@ "sagemaker:CreateUserProfile", "sagemaker:DeleteUserProfile", "sagemaker:DescribeUserProfile", - "sagemaker:UpdateUserProfile" + "sagemaker:UpdateUserProfile", + "sagemaker:DescribeImage", + "sagemaker:DescribeImageVersion", + "iam:PassRole" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/scheduler/aws_scheduler_schedule.json b/src/mapping/aws/resource/scheduler/aws_scheduler_schedule.json new file mode 100644 index 00000000..8ff7deef --- /dev/null +++ b/src/mapping/aws/resource/scheduler/aws_scheduler_schedule.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "scheduler:CreateSchedule", + "scheduler:GetSchedule", + "scheduler:DeleteSchedule", + "iam:PassRole", + "scheduler:UpdateSchedule" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "scheduler:DeleteSchedule", + "scheduler:GetSchedule" + ], + "modify": [ + "scheduler:UpdateSchedule" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/scheduler/aws_scheduler_schedule_group.json b/src/mapping/aws/resource/scheduler/aws_scheduler_schedule_group.json new file mode 100644 index 00000000..70a757e0 --- /dev/null +++ b/src/mapping/aws/resource/scheduler/aws_scheduler_schedule_group.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "scheduler:CreateScheduleGroup", + "scheduler:DeleteScheduleGroup", + "scheduler:GetScheduleGroup", + "scheduler:DeleteSchedule", + "scheduler:ListTagsForResource" + ], + "attributes": { + "tags": [ + "scheduler:TagResource", + "scheduler:UntagResource" + ] + }, + "destroy": [ + "scheduler:DeleteScheduleGroup", + "scheduler:GetScheduleGroup", + "scheduler:DeleteSchedule" + ], + "modify": [ + "scheduler:ListTagsForResource", + "scheduler:GetScheduleGroup" + ], + "plan": [ + "scheduler:GetScheduleGroup", + "scheduler:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/schemas/aws_schemas_discoverer.json b/src/mapping/aws/resource/schemas/aws_schemas_discoverer.json new file mode 100644 index 00000000..d0485b89 --- /dev/null +++ b/src/mapping/aws/resource/schemas/aws_schemas_discoverer.json @@ -0,0 +1,38 @@ +[ + { + "apply": [ + "events:DeleteRule", + "events:DisableRule", + "events:EnableRule", + "events:ListTargetsByRule", + "events:PutRule", + "events:PutTargets", + "events:PutTargets", + "events:RemoveTargets", + "schemas:CreateDiscoverer", + "schemas:DeleteDiscoverer", + "schemas:DescribeDiscoverer", + "schemas:ListTagsForResource", + "schemas:UpdateDiscoverer" + ], + "attributes": { + "tags": [ + "schemas:TagResource", + "schemas:UntagResource" + ] + }, + "destroy": [ + "schemas:DeleteDiscoverer", + "events:DeleteRule", + "events:DisableRule", + "events:RemoveTargets" + ], + "modify": [ + "schemas:UpdateDiscoverer", + "schemas:ListTagsForResource", + "events:PutTargets", + "events:PutRule" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/schemas/aws_schemas_registry.json b/src/mapping/aws/resource/schemas/aws_schemas_registry.json new file mode 100644 index 00000000..223317fe --- /dev/null +++ b/src/mapping/aws/resource/schemas/aws_schemas_registry.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "schemas:DescribeRegistry", + "schemas:CreateRegistry", + "schemas:DeleteRegistry", + "schemas:UpdateRegistry", + "schemas:ListTagsForResource" + ], + "attributes": { + "tags": [ + "schemas:TagResource", + "schemas:UntagResource" + ] + }, + "destroy": [ + "schemas:DeleteRegistry" + ], + "modify": [ + "schemas:UpdateRegistry", + "schemas:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/schemas/aws_schemas_registry_policy.json b/src/mapping/aws/resource/schemas/aws_schemas_registry_policy.json new file mode 100644 index 00000000..4adb6c97 --- /dev/null +++ b/src/mapping/aws/resource/schemas/aws_schemas_registry_policy.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "schemas:PutResourcePolicy", + "schemas:GetResourcePolicy", + "schemas:DescribeRegistry", + "schemas:DeleteResourcePolicy", + "schemas:PutResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "schemas:DeleteResourcePolicy" + ], + "modify": [ + "schemas:PutResourcePolicy" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/schemas/aws_schemas_schema.json b/src/mapping/aws/resource/schemas/aws_schemas_schema.json new file mode 100644 index 00000000..4c9dcc9e --- /dev/null +++ b/src/mapping/aws/resource/schemas/aws_schemas_schema.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "schemas:DescribeSchema", + "schemas:CreateSchema", + "schemas:DeleteSchema", + "schemas:DeleteSchemaVersion", + "schemas:UpdateSchema", + "schemas:ListTagsForResource" + ], + "attributes": { + "tags": [ + "schemas:UntagResource", + "schemas:TagResource" + ] + }, + "destroy": [ + "schemas:DeleteSchema", + "schemas:DeleteSchemaVersion" + ], + "modify": [ + "schemas:UpdateSchema", + "schemas:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/secretsmanager/aws_secretsmanager_secret.json b/src/mapping/aws/resource/secretsmanager/aws_secretsmanager_secret.json index 7a38f176..707ecdb5 100644 --- a/src/mapping/aws/resource/secretsmanager/aws_secretsmanager_secret.json +++ b/src/mapping/aws/resource/secretsmanager/aws_secretsmanager_secret.json @@ -1,25 +1,29 @@ -[ - { - "apply": [ - "secretsmanager:CreateSecret", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:DeleteSecret" - ], - "attributes": { - "kms": [ - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "tags": [ - "secretsmanager:TagResource", - "secretsmanager:UntagResource" - ] - }, - "destroy": [ - "secretsmanager:DeleteSecret" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "secretsmanager:CreateSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:DeleteSecret" + ], + "attributes": { + "kms": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "replica": [ + "secretsmanager:ReplicateSecretToRegions", + "secretsmanager:RemoveRegionsFromReplication" + ], + "tags": [ + "secretsmanager:TagResource", + "secretsmanager:UntagResource" + ] + }, + "destroy": [ + "secretsmanager:DeleteSecret" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_account.json b/src/mapping/aws/resource/securityhub/aws_securityhub_account.json new file mode 100644 index 00000000..1e17a556 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_account.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "securityhub:EnableSecurityHub", + "securityhub:UpdateSecurityHubConfiguration", + "securityhub:DescribeHub", + "securityhub:DisableSecurityHub" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_action_target.json b/src/mapping/aws/resource/securityhub/aws_securityhub_action_target.json new file mode 100644 index 00000000..9cfb9e59 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_action_target.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "securityhub:DescribeActionTargets", + "securityhub:CreateActionTarget", + "securityhub:DeleteActionTarget", + "securityhub:UpdateActionTarget" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "securityhub:DeleteActionTarget" + ], + "modify": [ + "securityhub:UpdateActionTarget" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_automation_rule.json b/src/mapping/aws/resource/securityhub/aws_securityhub_automation_rule.json new file mode 100644 index 00000000..dd997421 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_automation_rule.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "securityhub:CreateAutomationRule", + "securityhub:ListTagsForResource", + "securityhub:ListAutomationRules", + "securityhub:BatchUpdateAutomationRules", + "securityhub:BatchDeleteAutomationRules", + "securityhub:BatchGetAutomationRules" + ], + "attributes": { + "tags": [ + "securityhub:TagResource", + "securityhub:UntagResource" + ] + }, + "destroy": [ + "securityhub:BatchDeleteAutomationRules", + "securityhub:BatchGetAutomationRules" + ], + "modify": [ + "securityhub:BatchUpdateAutomationRules", + "securityhub:ListTagsForResource" + ], + "plan": [ + "securityhub:ListAutomationRules", + "securityhub:BatchGetAutomationRules", + "securityhub:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_configuration_policy.json b/src/mapping/aws/resource/securityhub/aws_securityhub_configuration_policy.json new file mode 100644 index 00000000..620c09b3 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_configuration_policy.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "securityhub:CreateConfigurationPolicy", + "securityhub:UpdateConfigurationPolicy", + "securityhub:ListTagsForResource", + "securityhub:GetConfigurationPolicy", + "securityhub:DeleteConfigurationPolicy" + ], + "attributes": { + "tags": [ + "securityhub:TagResource", + "securityhub:UntagResource" + ] + }, + "destroy": [ + "securityhub:GetConfigurationPolicy", + "securityhub:DeleteConfigurationPolicy" + ], + "modify": [ + "securityhub:UpdateConfigurationPolicy", + "securityhub:ListTagsForResource" + ], + "plan": [ + "securityhub:GetConfigurationPolicy", + "securityhub:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_configuration_policy_association.json b/src/mapping/aws/resource/securityhub/aws_securityhub_configuration_policy_association.json new file mode 100644 index 00000000..0c1ef525 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_configuration_policy_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securityhub:GetConfigurationPolicyAssociation", + "securityhub:StartConfigurationPolicyAssociation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_finding_aggregator.json b/src/mapping/aws/resource/securityhub/aws_securityhub_finding_aggregator.json new file mode 100644 index 00000000..1cd47ecd --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_finding_aggregator.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "securityhub:CreateFindingAggregator", + "securityhub:DeleteFindingAggregator", + "securityhub:GetFindingAggregator", + "securityhub:UpdateFindingAggregator" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "securityhub:DeleteFindingAggregator" + ], + "modify": [ + "securityhub:UpdateFindingAggregator" + ], + "plan": [ + "securityhub:GetFindingAggregator" + ] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_insight.json b/src/mapping/aws/resource/securityhub/aws_securityhub_insight.json new file mode 100644 index 00000000..13435f7c --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_insight.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "securityhub:CreateInsight", + "securityhub:GetInsights", + "securityhub:DeleteInsight", + "securityhub:UpdateInsight" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "securityhub:GetInsights", + "securityhub:DeleteInsight" + ], + "modify": [ + "securityhub:UpdateInsight" + ], + "plan": [ + "securityhub:GetInsights" + ] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_invite_accepter.json b/src/mapping/aws/resource/securityhub/aws_securityhub_invite_accepter.json new file mode 100644 index 00000000..7de86d3b --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_invite_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "securityhub:AcceptInvitation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_member.json b/src/mapping/aws/resource/securityhub/aws_securityhub_member.json new file mode 100644 index 00000000..6a1532fb --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_member.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "securityhub:GetMembers", + "securityhub:CreateMembers", + "securityhub:DeleteMembers" + ], + "attributes": { + "invite": [ + "securityhub:InviteMembers" + ], + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_organization_admin_account.json b/src/mapping/aws/resource/securityhub/aws_securityhub_organization_admin_account.json new file mode 100644 index 00000000..98d569b2 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_organization_admin_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securityhub:DisableOrganizationAdminAccount", + "securityhub:EnableOrganizationAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_organization_configuration.json b/src/mapping/aws/resource/securityhub/aws_securityhub_organization_configuration.json new file mode 100644 index 00000000..a37db478 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_organization_configuration.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "securityhub:UpdateOrganizationConfiguration", + "securityhub:DescribeOrganizationConfiguration", + "securityhub:ListFindingAggregators", + "organizations:DescribeOrganization" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "securityhub:UpdateOrganizationConfiguration", + "securityhub:DescribeOrganizationConfiguration", + "securityhub:ListFindingAggregators", + "organizations:DescribeOrganization" + ], + "modify": [ + "securityhub:UpdateOrganizationConfiguration", + "securityhub:DescribeOrganizationConfiguration", + "organizations:DescribeOrganization" + ], + "plan": [ + "securityhub:DescribeOrganizationConfiguration" + ] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_product_subscription.json b/src/mapping/aws/resource/securityhub/aws_securityhub_product_subscription.json new file mode 100644 index 00000000..9afe6af1 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_product_subscription.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "securityhub:EnableImportFindingsForProduct", + "securityhub:ListEnabledProductsForImport", + "securityhub:DisableImportFindingsForProduct" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "securityhub:ListEnabledProductsForImport", + "securityhub:DisableImportFindingsForProduct" + ], + "modify": [], + "plan": [ + "securityhub:ListEnabledProductsForImport" + ] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_standards_control.json b/src/mapping/aws/resource/securityhub/aws_securityhub_standards_control.json new file mode 100644 index 00000000..844b767a --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_standards_control.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "securityhub:GetEnabledStandards", + "securityhub:DescribeStandardsControls", + "securityhub:BatchEnableStandards", + "securityhub:UpdateStandardsControl" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "securityhub:GetEnabledStandards", + "securityhub:BatchDisableStandards" + ], + "modify": [ + "securityhub:GetEnabledStandards", + "securityhub:UpdateStandardsControl" + ], + "plan": [ + "securityhub:GetEnabledStandards", + "securityhub:DescribeStandardsControls" + ] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_standards_control_association.json b/src/mapping/aws/resource/securityhub/aws_securityhub_standards_control_association.json new file mode 100644 index 00000000..bf9438c6 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_standards_control_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securityhub:DescribeStandardsControls", + "securityhub:UpdateStandardsControl" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_standards_subscription.json b/src/mapping/aws/resource/securityhub/aws_securityhub_standards_subscription.json new file mode 100644 index 00000000..f2f759e5 --- /dev/null +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_standards_subscription.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securityhub:BatchEnableStandards", + "securityhub:BatchDisableStandards" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securitylake/aws_securitylake_aws_log_source.json b/src/mapping/aws/resource/securitylake/aws_securitylake_aws_log_source.json new file mode 100644 index 00000000..3356b3a8 --- /dev/null +++ b/src/mapping/aws/resource/securitylake/aws_securitylake_aws_log_source.json @@ -0,0 +1,36 @@ +[ + { + "apply": [ + "glue:CreateDatabase", + "glue:CreateTable", + "glue:GetDatabase", + "glue:GetTable", + "iam:CreateServiceLinkedRole", + "kms:CreateGrant", + "kms:DescribeKey", + "securitylake:CreateAwsLogSource", + "securitylake:CreateDataLake", + "securitylake:DeleteAwsLogSource", + "securitylake:ListLogSources" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "securitylake:DeleteAwsLogSource", + "securitylake:ListLogSources" + ], + "modify": [ + "securitylake:CreateAwsLogSource", + "securitylake:DeleteAwsLogSource", + "glue:CreateDatabase", + "glue:CreateTable", + "glue:GetDatabase", + "glue:GetTable", + "iam:CreateServiceLinkedRole" + ], + "plan": [ + "securitylake:ListLogSources" + ] + } +] diff --git a/src/mapping/aws/resource/securitylake/aws_securitylake_custom_log_source.json b/src/mapping/aws/resource/securitylake/aws_securitylake_custom_log_source.json new file mode 100644 index 00000000..eadb78cf --- /dev/null +++ b/src/mapping/aws/resource/securitylake/aws_securitylake_custom_log_source.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securitylake:CreateCustomLogSource", + "securitylake:DeleteCustomLogSource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securitylake/aws_securitylake_data_lake.json b/src/mapping/aws/resource/securitylake/aws_securitylake_data_lake.json new file mode 100644 index 00000000..141d6d16 --- /dev/null +++ b/src/mapping/aws/resource/securitylake/aws_securitylake_data_lake.json @@ -0,0 +1,56 @@ +[ + { + "apply": [ + "events:*", + "glue:*", + "iam:CreateServiceLinkedRole", + "iam:DeleteRolePolicy", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:PassRole", + "iam:PutRolePolicy", + "lakeformation:*", + "lambda:*", + "organizations:*", + "s3:*", + "securitylake:CreateDataLake", + "securitylake:DeleteDataLake", + "securitylake:List*", + "securitylake:UpdateDataLake", + "sqs:*" + ], + "attributes": { + "kms_key_id": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "tags": [ + "securitylake:TagResource", + "securitylake:UntagResource" + ] + }, + "destroy": [ + "organizations:*", + "securitylake:DeleteDataLake", + "securitylake:List*" + ], + "modify": [ + "events:*", + "iam:CreateServiceLinkedRole", + "iam:DeleteRolePolicy", + "iam:GetRole", + "iam:PassRole", + "iam:PutRolePolicy", + "kms:DescribeKey", + "kms:CreateGrant", + "lakeformation:*", + "lambda:*", + "organizations:*", + "s3:*", + "securitylake:List*", + "securitylake:UpdateDataLake", + "sqs:*" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securitylake/aws_securitylake_subscriber.json b/src/mapping/aws/resource/securitylake/aws_securitylake_subscriber.json new file mode 100644 index 00000000..0a9f9913 --- /dev/null +++ b/src/mapping/aws/resource/securitylake/aws_securitylake_subscriber.json @@ -0,0 +1,116 @@ +[ + { + "apply": [ + "events:CreateApiDestination", + "events:CreateConnection", + "events:DeleteApiDestination", + "events:DeleteConnection", + "events:DeleteRule", + "events:DescribeRule", + "events:ListApiDestinations", + "events:ListConnections", + "events:ListTargetsByRule", + "events:PutRule", + "events:RemoveTargets", + "sqs:DeleteQueue", + "events:RemoveTargets", + "events:UpdateApiDestination", + "events:UpdateConnection", + "glue:GetDatabase", + "glue:GetTable", + "glue:GetTable", + "iam:CreateRole", + "iam:CreateServiceLinkedRole", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListRolePolicies", + "iam:PutRolePolicy", + "lakeformation:GrantPermissions", + "lakeformation:ListPermissions", + "lakeformation:RegisterResource", + "lakeformation:RevokePermissions", + "ram:CreateResourceShare", + "ram:GetResourceShareAssociations", + "ram:GetResourceShares", + "ram:UpdateResourceShare", + "securitylake:CreateCustomLogSource", + "securitylake:CreateDataLake", + "securitylake:CreateSubscriber", + "securitylake:DeleteSubscriber", + "securitylake:GetSubscriber", + "securitylake:ListTagsForResource", + "securitylake:TagResource", + "securitylake:UntagResource", + "securitylake:UpdateSubscriber", + "sqs:GetQueueUrl" + ], + "attributes": { + "tags": [ + "securitylake:TagResource" + ] + }, + "destroy": [ + "securitylake:DeleteSubscriber", + "iam:GetRole", + "iam:ListRolePolicies", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "glue:GetTable", + "lakeformation:RevokePermissions", + "lakeformation:ListPermissions", + "ram:GetResourceShares", + "ram:DeleteResourceShare", + "events:DeleteApiDestination", + "events:DeleteConnection", + "events:DeleteRule", + "events:ListApiDestinations", + "events:ListTargetsByRule", + "events:DescribeRule", + "events:RemoveTargets sqs:DeleteQueue", + "sqs:GetQueueUrl" + ], + "modify": [ + "securitylake:UpdateSubscriber", + "securitylake:GetSubscriber", + "securitylake:TagResource", + "securitylake:UntagResource", + "securitylake:ListTagsForResource", + "glue:GetDatabase", + "glue:GetTable", + "lakeformation:ListPermissions", + "lakeformation:GrantPermissions", + "lakeformation:RevokePermissions", + "ram:CreateResourceShare", + "ram:GetResourceShares", + "ram:GetResourceShareAssociations", + "ram:UpdateResourceShare", + "ram:DeleteResourceShare", + "iam:CreateRole", + "iam:GetRole", + "iam:DeleteRole", + "iam:PutRolePolicy", + "iam:DeleteRolePolicy", + "iam:ListRolePolicies", + "events:CreateApiDestination", + "events:CreateConnection", + "events:ListApiDestinations", + "events:ListConnections", + "events:PutRule", + "events:UpdateApiDestination", + "events:UpdateConnection", + "events:DeleteApiDestination", + "events:DeleteConnection", + "events:DeleteRule", + "events:RemoveTargets", + "events:ListTargetsByRule", + "events:DescribeRule", + "events:PutTargets" + ], + "plan": [ + "securitylake:GetSubscriber", + "securitylake:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/securitylake/aws_securitylake_subscriber_notification.json b/src/mapping/aws/resource/securitylake/aws_securitylake_subscriber_notification.json new file mode 100644 index 00000000..1d04737c --- /dev/null +++ b/src/mapping/aws/resource/securitylake/aws_securitylake_subscriber_notification.json @@ -0,0 +1,72 @@ +[ + { + "apply": [ + "iam:CreateServiceLinkedRole", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:PassRole", + "iam:PutRolePolicy", + "s3:GetBucketNotification", + "s3:GetBucketNotificationConfiguration", + "s3:PutBucketNotification", + "s3:PutBucketNotificationConfiguration", + "securitylake:CreateDataLake", + "securitylake:CreateSubscriber", + "securitylake:CreateSubscriberNotification", + "securitylake:DeleteSubscriberNotification", + "securitylake:GetSubscriber", + "securitylake:UpdateSubscriberNotification" + ], + "attributes": { + "authorization_api_key_value": [ + "secretsmanager:CreateSecret" + ], + "https_notification_configuration": [ + "events:CreateApiDestination", + "events:CreateConnection", + "events:CreateRule", + "events:DeleteApiDestination", + "events:DeleteConnection", + "events:DeleteRule", + "events:DescribeRule", + "events:ListApiDestinations", + "events:ListConnections", + "events:ListTargetsByRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "events:UpdateApiDestination", + "events:UpdateConnection" + ], + "sqs_notification_configuration": [ + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:SetQueueAttributes" + ], + "tags": [] + }, + "destroy": [ + "securitylake:DeleteSubscriberNotification", + "securitylake:GetSubscriber", + "iam:DeleteRole", + "iam:DeleteRolePolicy" + ], + "modify": [ + "securitylake:UpdateSubscriberNotification", + "securitylake:GetSubscriber", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "iam:DeleteRolePolicy", + "iam:PassRole", + "s3:GetBucketNotificationConfiguration", + "s3:PutBucketNotificationConfiguration", + "s3:PutBucketNotification", + "s3:GetBucketNotification" + ], + "plan": [ + "securitylake:GetSubscriber" + ] + } +] diff --git a/src/mapping/aws/resource/serverlessrepo/aws_serverlessapplicationrepository_cloudformation_stack.json b/src/mapping/aws/resource/serverlessrepo/aws_serverlessapplicationrepository_cloudformation_stack.json new file mode 100644 index 00000000..51cc00bf --- /dev/null +++ b/src/mapping/aws/resource/serverlessrepo/aws_serverlessapplicationrepository_cloudformation_stack.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "serverlessrepo:GetCloudFormationTemplate", + "serverlessrepo:CreateCloudFormationTemplate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json index 47ee04c3..932b5543 100644 --- a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json +++ b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json @@ -1,10 +1,10 @@ [ { "apply": [ + "servicecatalog:DescribeProvisioningArtifact", "servicecatalog:CreateProvisioningArtifact", "servicecatalog:DeleteProvisioningArtifact", - "servicecatalog:UpdateProvisioningArtifact", - "servicecatalog:DescribeProvisioningArtifact" + "servicecatalog:UpdateProvisioningArtifact" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_service_action.json b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_service_action.json index 1fc19bd3..46a39e6e 100644 --- a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_service_action.json +++ b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_service_action.json @@ -5,7 +5,8 @@ "servicecatalog:DescribeServiceAction", "servicecatalog:DeleteServiceAction", "servicecatalog:UpdateServiceAction", - "ssm:DescribeDocument" + "ssm:DescribeDocument", + "iam:GetRole" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_application.json b/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_application.json new file mode 100644 index 00000000..cb9cdf3b --- /dev/null +++ b/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_application.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "iam:CreateServiceLinkedRole", + "servicecatalog:CreateApplication", + "servicecatalog:DeleteApplication", + "servicecatalog:GetApplication", + "servicecatalog:ListTagsForResource", + "servicecatalog:UpdateApplication" + ], + "attributes": { + "tags": [ + "servicecatalog:TagResource", + "servicecatalog:UntagResource" + ] + }, + "destroy": [ + "servicecatalog:DeleteApplication" + ], + "modify": [ + "servicecatalog:GetApplication", + "servicecatalog:ListTagsForResource", + "servicecatalog:UpdateApplication", + "iam:CreateServiceLinkedRole" + ], + "plan": [ + "servicecatalog:GetApplication" + ] + } +] diff --git a/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group.json b/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group.json new file mode 100644 index 00000000..42f5e342 --- /dev/null +++ b/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "servicecatalog:CreateAttributeGroup", + "servicecatalog:DeleteAttributeGroup", + "servicecatalog:GetAttributeGroup", + "servicecatalog:UpdateAttributeGroup", + "servicecatalog:ListTagsForResource" + ], + "attributes": { + "tags": [ + "servicecatalog:TagResource", + "servicecatalog:UntagResource" + ] + }, + "destroy": [ + "servicecatalog:DeleteAttributeGroup" + ], + "modify": [ + "servicecatalog:GetAttributeGroup", + "servicecatalog:UpdateAttributeGroup", + "servicecatalog:ListTagsForResource" + ], + "plan": [ + "servicecatalog:GetAttributeGroup" + ] + } +] diff --git a/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group_association.json b/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group_association.json new file mode 100644 index 00000000..a1089bb4 --- /dev/null +++ b/src/mapping/aws/resource/servicecatalog/aws_servicecatalogappregistry_attribute_group_association.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "servicecatalog:AssociateAttributeGroup", + "servicecatalog:DisassociateAttributeGroup", + "servicecatalog:ListAttributeGroupsForApplication" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "servicecatalog:DisassociateAttributeGroup" + ], + "modify": [], + "plan": [ + "servicecatalog:ListAttributeGroupsForApplication" + ] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json new file mode 100644 index 00000000..ff729645 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "servicediscovery:GetNamespace", + "servicediscovery:CreateHttpNamespace", + "servicediscovery:DeleteNamespace", + "servicediscovery:UpdateHttpNamespace", + "servicediscovery:ListTagsForResource", + "servicediscovery:GetOperation" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json new file mode 100644 index 00000000..44ce5c7c --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "servicediscovery:GetInstance", + "servicediscovery:DeregisterInstance", + "servicediscovery:RegisterInstance" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json new file mode 100644 index 00000000..74e05c72 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "servicediscovery:CreatePrivateDnsNamespace", + "servicediscovery:UpdatePrivateDnsNamespace", + "servicediscovery:ListTagsForResource" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json new file mode 100644 index 00000000..7e52e0a5 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "servicediscovery:CreatePublicDnsNamespace", + "servicediscovery:UpdatePublicDnsNamespace", + "servicediscovery:ListTagsForResource" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_service.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_service.json new file mode 100644 index 00000000..bb8fa027 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_service.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "servicediscovery:ListTagsForResource", + "servicediscovery:GetService", + "servicediscovery:CreateService", + "servicediscovery:DeleteService", + "servicediscovery:UpdateService" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ses/aws_ses_configuration_set.json b/src/mapping/aws/resource/ses/aws_ses_configuration_set.json index 6a721c3d..b1de4c65 100644 --- a/src/mapping/aws/resource/ses/aws_ses_configuration_set.json +++ b/src/mapping/aws/resource/ses/aws_ses_configuration_set.json @@ -2,10 +2,15 @@ { "apply": [ "ses:CreateConfigurationSet", - "ses:PutConfigurationSetDeliveryOptions", - "ses:DescribeConfigurationSet", + "ses:CreateConfigurationSetTrackingOptions", "ses:DeleteConfigurationSet", - "ses:CreateConfigurationSetTrackingOptions" + "ses:DescribeConfigurationSet", + "ses:PutConfigurationSetDeliveryOptions", + "ses:PutConfigurationSetReputationOptions", + "ses:PutConfigurationSetSendingOptions", + "ses:PutConfigurationSetSuppressionOptions", + "ses:PutConfigurationSetTrackingOptions", + "ses:PutConfigurationSetVdmOptions" ], "attributes": { "tags": [] @@ -13,7 +18,14 @@ "destroy": [ "ses:DeleteConfigurationSet" ], - "modify": [], + "modify": [ + "ses:PutConfigurationSetTrackingOptions", + "ses:PutConfigurationSetDeliveryOptions", + "ses:PutConfigurationSetReputationOptions", + "ses:PutConfigurationSetSendingOptions", + "ses:PutConfigurationSetSuppressionOptions", + "ses:PutConfigurationSetVdmOptions" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_account_suppression_attributes.json b/src/mapping/aws/resource/ses/aws_sesv2_account_suppression_attributes.json new file mode 100644 index 00000000..280d31f0 --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_account_suppression_attributes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ses:PutAccountSuppressionAttributes" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_account_vdm_attributes.json b/src/mapping/aws/resource/ses/aws_sesv2_account_vdm_attributes.json new file mode 100644 index 00000000..27882710 --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_account_vdm_attributes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ses:PutAccountVdmAttributes" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_configuration_set.json b/src/mapping/aws/resource/ses/aws_sesv2_configuration_set.json new file mode 100644 index 00000000..d4789e41 --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_configuration_set.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "ses:CreateConfigurationSet", + "ses:GetConfigurationSet", + "ses:DescribeConfigurationSet", + "ses:DeleteConfigurationSet", + "ses:PutConfigurationSetTrackingOptions", + "ses:PutConfigurationSetDeliveryOptions", + "ses:PutConfigurationSetReputationOptions", + "ses:PutConfigurationSetSendingOptions", + "ses:PutConfigurationSetSuppressionOptions", + "ses:PutConfigurationSetVdmOptions" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ses:DeleteConfigurationSet" + ], + "modify": [ + "ses:PutConfigurationSetTrackingOptions", + "ses:PutConfigurationSetDeliveryOptions", + "ses:PutConfigurationSetReputationOptions", + "ses:PutConfigurationSetSendingOptions", + "ses:PutConfigurationSetSuppressionOptions", + "ses:PutConfigurationSetVdmOptions" + ], + "plan": [ + "ses:GetConfigurationSet", + "ses:DescribeConfigurationSet" + ] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_configuration_set_event_destination.json b/src/mapping/aws/resource/ses/aws_sesv2_configuration_set_event_destination.json new file mode 100644 index 00000000..57d94afb --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_configuration_set_event_destination.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "ses:CreateConfigurationSetEventDestination", + "ses:GetConfigurationSetEventDestinations", + "ses:DescribeConfigurationSet", + "ses:DeleteConfigurationSetEventDestination", + "ses:UpdateConfigurationSetEventDestination" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ses:DeleteConfigurationSetEventDestination" + ], + "modify": [ + "ses:UpdateConfigurationSetEventDestination", + "ses:GetConfigurationSetEventDestinations" + ], + "plan": [ + "ses:GetConfigurationSetEventDestinations", + "ses:DescribeConfigurationSet" + ] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_contact_list.json b/src/mapping/aws/resource/ses/aws_sesv2_contact_list.json new file mode 100644 index 00000000..aa1c9dbd --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_contact_list.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "ses:CreateContactList", + "ses:DeleteContactList", + "ses:UpdateContactList" + ], + "attributes": { + "tags": [ + "ses:UntagResource", + "ses:TagResource" + ] + }, + "destroy": [ + "ses:DeleteContactList" + ], + "modify": [ + "ses:UpdateContactList" + ], + "plan": [ + "ses:GetContactList" + ] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_dedicated_ip_assignment.json b/src/mapping/aws/resource/ses/aws_sesv2_dedicated_ip_assignment.json new file mode 100644 index 00000000..3b4e9804 --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_dedicated_ip_assignment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ses:PutDedicatedIpInPool" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_dedicated_ip_pool.json b/src/mapping/aws/resource/ses/aws_sesv2_dedicated_ip_pool.json new file mode 100644 index 00000000..1720587e --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_dedicated_ip_pool.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "ses:CreateDedicatedIpPool", + "ses:GetDedicatedIpPool", + "ses:GetDedicatedIps", + "ses:DeleteDedicatedIpPool", + "ses:PutDedicatedIpPoolScalingAttributes" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ses:DeleteDedicatedIpPool" + ], + "modify": [ + "ses:PutDedicatedIpPoolScalingAttributes", + "ses:GetDedicatedIpPool" + ], + "plan": [ + "ses:GetDedicatedIpPool", + "ses:GetDedicatedIps" + ] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_email_identity.json b/src/mapping/aws/resource/ses/aws_sesv2_email_identity.json new file mode 100644 index 00000000..d31ba6a3 --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_email_identity.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "ses:CreateEmailIdentity", + "ses:PutEmailIdentityMailFromAttributes", + "ses:PutEmailIdentityFeedbackAttributes", + "ses:PutEmailIdentityDkimAttributes", + "ses:GetEmailIdentity", + "ses:DeleteEmailIdentity", + "ses:PutEmailIdentityConfigurationSetAttributes", + "ses:PutEmailIdentityDkimSigningAttributes" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ses:DeleteEmailIdentity" + ], + "modify": [ + "ses:PutEmailIdentityMailFromAttributes", + "ses:PutEmailIdentityFeedbackAttributes", + "ses:PutEmailIdentityConfigurationSetAttributes", + "ses:PutEmailIdentityDkimSigningAttributes", + "ses:PutEmailIdentityDkimAttributes", + "ses:GetEmailIdentity" + ], + "plan": [ + "ses:GetEmailIdentity" + ] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_email_identity_feedback_attributes.json b/src/mapping/aws/resource/ses/aws_sesv2_email_identity_feedback_attributes.json new file mode 100644 index 00000000..710556fd --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_email_identity_feedback_attributes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ses:PutEmailIdentityFeedbackAttributes" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_email_identity_mail_from_attributes.json b/src/mapping/aws/resource/ses/aws_sesv2_email_identity_mail_from_attributes.json new file mode 100644 index 00000000..a8ccd7c0 --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_email_identity_mail_from_attributes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ses:PutEmailIdentityMailFromAttributes" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ses/aws_sesv2_email_identity_policy.json b/src/mapping/aws/resource/ses/aws_sesv2_email_identity_policy.json new file mode 100644 index 00000000..2df49b8b --- /dev/null +++ b/src/mapping/aws/resource/ses/aws_sesv2_email_identity_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ses:CreateEmailIdentityPolicy", + "ses:DeleteEmailIdentityPolicy", + "ses:UpdateEmailIdentityPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json b/src/mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json new file mode 100644 index 00000000..7c2679d3 --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "shield:DisableApplicationLayerAutomaticResponse", + "shield:EnableApplicationLayerAutomaticResponse", + "shield:UpdateApplicationLayerAutomaticResponse" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json b/src/mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json new file mode 100644 index 00000000..89677586 --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "shield:AssociateDRTLogBucket", + "shield:DisassociateDRTLogBucket" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json b/src/mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json new file mode 100644 index 00000000..5cf0a44c --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "shield:AssociateDRTRole", + "shield:DisassociateDRTRole" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_proactive_engagement.json b/src/mapping/aws/resource/shield/aws_shield_proactive_engagement.json new file mode 100644 index 00000000..2f78becd --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_proactive_engagement.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "shield:AssociateProactiveEngagementDetails", + "shield:DescribeEmergencyContactSettings", + "shield:DescribeSubscription", + "shield:DisableProactiveEngagement", + "shield:EnableProactiveEngagement", + "shield:UpdateEmergencyContactSettings" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "shield:DescribeSubscription", + "shield:DescribeEmergencyContactSettings", + "shield:UpdateEmergencyContactSettings", + "shield:DisableProactiveEngagement" + ], + "modify": [ + "shield:DescribeSubscription", + "shield:DescribeEmergencyContactSettings", + "shield:UpdateEmergencyContactSettings", + "shield:EnableProactiveEngagement", + "shield:DisableProactiveEngagement" + ], + "plan": [ + "shield:DescribeSubscription", + "shield:DescribeEmergencyContactSettings" + ] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_protection.json b/src/mapping/aws/resource/shield/aws_shield_protection.json new file mode 100644 index 00000000..ce2d2036 --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_protection.json @@ -0,0 +1,50 @@ +[ + { + "apply": [ + "ec2:DescribeAddresses", + "elasticloadbalancing:DescribeLoadBalancers", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "route53:GetHealthCheck", + "shield:AssociateHealthCheck", + "shield:CreateProtection", + "shield:DeleteProtection", + "shield:DescribeProtection", + "shield:DisableApplicationLayerAutomaticResponse", + "shield:DisassociateHealthCheck", + "shield:EnableApplicationLayerAutomaticResponse", + "shield:ListProtections", + "shield:ListTagsForResource", + "shield:UpdateApplicationLayerAutomaticResponse", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource" + ], + "attributes": { + "tags": [ + "shield:TagResource", + "shield:UntagResource" + ] + }, + "destroy": [ + "shield:DeleteProtection" + ], + "modify": [ + "shield:DescribeProtection", + "shield:AssociateHealthCheck", + "shield:DisassociateHealthCheck", + "shield:EnableApplicationLayerAutomaticResponse", + "shield:UpdateApplicationLayerAutomaticResponse", + "shield:DisableApplicationLayerAutomaticResponse", + "shield:ListTagsForResource", + "route53:GetHealthCheck", + "iam:GetRole", + "iam:CreateServiceLinkedRole", + "wafv2:GetWebACLForResource", + "wafv2:GetWebACL" + ], + "plan": [ + "shield:DescribeProtection", + "shield:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_protection_group.json b/src/mapping/aws/resource/shield/aws_shield_protection_group.json new file mode 100644 index 00000000..f4ea384e --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_protection_group.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "shield:CreateProtectionGroup", + "shield:DeleteProtectionGroup", + "shield:DescribeProtectionGroup", + "shield:UpdateProtectionGroup", + "shield:ListTagsForResource" + ], + "attributes": { + "tags": [ + "shield:TagResource", + "shield:UntagResource" + ] + }, + "destroy": [ + "shield:DeleteProtectionGroup" + ], + "modify": [ + "shield:UpdateProtectionGroup", + "shield:ListTagsForResource" + ], + "plan": [ + "shield:DescribeProtectionGroup", + "shield:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_protection_health_check_association.json b/src/mapping/aws/resource/shield/aws_shield_protection_health_check_association.json new file mode 100644 index 00000000..2d79810d --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_protection_health_check_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "shield:AssociateHealthCheck", + "shield:DisassociateHealthCheck" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_subscription.json b/src/mapping/aws/resource/shield/aws_shield_subscription.json new file mode 100644 index 00000000..6306baaf --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_subscription.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "shield:DescribeSubscription", + "shield:CreateSubscription", + "shield:DeleteSubscription", + "shield:UpdateSubscription" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_configuration_set.json b/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_configuration_set.json new file mode 100644 index 00000000..c528cb8e --- /dev/null +++ b/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_configuration_set.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "sms-voice:CreateConfigurationSet", + "sms-voice:DescribeConfigurationSets", + "sms-voice:DeleteConfigurationSet", + "sms-voice:ListTagsForResource" + ], + "attributes": { + "tags": [ + "sms-voice:TagResource", + "sms-voice:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_opt_out_list.json b/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_opt_out_list.json new file mode 100644 index 00000000..6e6aa49d --- /dev/null +++ b/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_opt_out_list.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "sms-voice:CreateOptOutList", + "sms-voice:DescribeOptOutLists", + "sms-voice:DeleteOptOutList", + "sms-voice:ListTagsForResource" + ], + "attributes": { + "tags": [ + "sms-voice:TagResource", + "sms-voice:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_phone_number.json b/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_phone_number.json new file mode 100644 index 00000000..f04bb96e --- /dev/null +++ b/src/mapping/aws/resource/sms-voice/aws_pinpointsmsvoicev2_phone_number.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "sms-voice:ListTagsForResource", + "sms-voice:DescribePhoneNumbers", + "sms-voice:RequestPhoneNumber", + "sms-voice:UpdatePhoneNumber", + "sms-voice:ReleasePhoneNumber" + ], + "attributes": { + "tags": [ + "sms-voice:TagResource", + "sms-voice:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sns/aws_sns_topic.json b/src/mapping/aws/resource/sns/aws_sns_topic.json index 72645f8d..226d24dc 100644 --- a/src/mapping/aws/resource/sns/aws_sns_topic.json +++ b/src/mapping/aws/resource/sns/aws_sns_topic.json @@ -1,22 +1,26 @@ -[ - { - "apply": [ - "sns:CreateTopic", - "sns:SetTopicAttributes", - "sns:GetTopicAttributes", - "sns:ListTagsForResource", - "sns:DeleteTopic" - ], - "attributes": { - "tags": [ - "sns:TagResource", - "sns:UnTagResource" - ] - }, - "destroy": [ - "sns:DeleteTopic" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "sns:CreateTopic", + "sns:SetTopicAttributes", + "sns:GetTopicAttributes", + "sns:ListTagsForResource", + "sns:DeleteTopic" + ], + "attributes": { + "delivery_policy": [ + "sns:PutDataProtectionPolicy", + "sns:GetDataProtectionPolicy" + ], + "tags": [ + "sns:TagResource", + "sns:UnTagResource" + ] + }, + "destroy": [ + "sns:DeleteTopic" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sqs/aws_sqs_queue.json b/src/mapping/aws/resource/sqs/aws_sqs_queue.json index e7716ddd..237db949 100644 --- a/src/mapping/aws/resource/sqs/aws_sqs_queue.json +++ b/src/mapping/aws/resource/sqs/aws_sqs_queue.json @@ -1,22 +1,23 @@ -[ - { - "apply": [ - "sqs:CreateQueue", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags", - "sqs:DeleteQueue", - "sqs:SetQueueAttributes" - ], - "attributes": { - "tags": [ - "sqs:TagQueue", - "sqs:UntagQueue" - ] - }, - "destroy": [ - "sqs:DeleteQueue" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "sqs:CreateQueue", + "sqs:GetQueueAttributes", + "sqs:ListQueueTags", + "sqs:DeleteQueue", + "sqs:SetQueueAttributes", + "sqs:GetQueueUrl" + ], + "attributes": { + "tags": [ + "sqs:TagQueue", + "sqs:UntagQueue" + ] + }, + "destroy": [ + "sqs:DeleteQueue" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_contact.json b/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_contact.json index 4c74b9ff..483059fc 100644 --- a/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_contact.json +++ b/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_contact.json @@ -6,7 +6,8 @@ "ssm-contacts:GetContact", "ssm-contacts:ListTagsForResource", "ssm-contacts:DeleteContact", - "ssm-contacts:UpdateContact" + "ssm-contacts:UpdateContact", + "ssm-contacts:AssociateContact" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_plan.json b/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_plan.json index e3105eed..8e442db8 100644 --- a/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_plan.json +++ b/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_plan.json @@ -1,7 +1,9 @@ [ { "apply": [ - "ssm-contacts:UpdateContact" + "ssm-contacts:UpdateContact", + "ssm-contacts:GetContact", + "ssm-contacts:AssociateContact" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_rotation.json b/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_rotation.json new file mode 100644 index 00000000..095948b3 --- /dev/null +++ b/src/mapping/aws/resource/ssm-contacts/aws_ssmcontacts_rotation.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "ssm-contacts:CreateRotation", + "ssm-contacts:GetRotation", + "ssm-contacts:ListTagsForResource", + "ssm-contacts:DeleteRotation", + "ssm-contacts:UpdateRotation" + ], + "attributes": { + "tags": [ + "ssm-contacts:TagResource", + "ssm-contacts:UntagResource" + ] + }, + "destroy": [ + "ssm-contacts:DeleteRotation", + "ssm-contacts:GetRotation", + "ssm-contacts:ListTagsForResource" + ], + "modify": [ + "ssm-contacts:UpdateRotation", + "ssm-contacts:GetRotation", + "ssm-contacts:ListTagsForResource" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ssm-incidents/aws_ssmincidents_response_plan.json b/src/mapping/aws/resource/ssm-incidents/aws_ssmincidents_response_plan.json new file mode 100644 index 00000000..dc14d549 --- /dev/null +++ b/src/mapping/aws/resource/ssm-incidents/aws_ssmincidents_response_plan.json @@ -0,0 +1,37 @@ +[ + { + "apply": [ + "ssm-incidents:CreateResponsePlan", + "ssm-incidents:GetResponsePlan", + "ssm-incidents:TagResource", + "ssm-incidents:ListTagsForResource", + "ssm-incidents:UpdateResponsePlan", + "iam:PassRole", + "kms:Decrypt", + "kms:GenerateDataKey", + "kms:GenerateDataKeyPair", + "kms:GenerateDataKeyPairWithoutPlaintext", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "attributes": { + "secret_id": [ + "secretsmanager:GetSecretValue" + ], + "tags": [ + "ssm-incidents:TagResource", + "ssm-incidents:UntagResource" + ] + }, + "destroy": [ + "ssm-incidents:DeleteResponsePlan", + "ssm-incidents:GetResponsePlan" + ], + "modify": [ + "ssm-incidents:UpdateResponsePlan" + ], + "plan": [ + "ssm-incidents:GetResponsePlan", + "ssm-incidents:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/ssm-quicksetup/aws_ssmquicksetup_configuration_manager.json b/src/mapping/aws/resource/ssm-quicksetup/aws_ssmquicksetup_configuration_manager.json new file mode 100644 index 00000000..fadb65b7 --- /dev/null +++ b/src/mapping/aws/resource/ssm-quicksetup/aws_ssmquicksetup_configuration_manager.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "ssm-quicksetup:CreateConfigurationManager", + "ssm-quicksetup:DeleteConfigurationManager", + "ssm-quicksetup:GetConfigurationManager", + "ssm-quicksetup:UpdateConfigurationManager" + ], + "attributes": { + "tags": [ + "ssm-quicksetup:TagResource", + "ssm-quicksetup:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ssm/aws_ssm_activation.json b/src/mapping/aws/resource/ssm/aws_ssm_activation.json new file mode 100644 index 00000000..3be45ca8 --- /dev/null +++ b/src/mapping/aws/resource/ssm/aws_ssm_activation.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ssm:DescribeActivations", + "ssm:CreateActivation", + "ssm:DeleteActivation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ssm/aws_ssm_association.json b/src/mapping/aws/resource/ssm/aws_ssm_association.json new file mode 100644 index 00000000..a70bd9f1 --- /dev/null +++ b/src/mapping/aws/resource/ssm/aws_ssm_association.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "ec2:DescribeInstanceStatus", + "iam:CreateServiceLinkedRole", + "ssm:CreateAssociation", + "ssm:DescribeAssociation", + "iam:PassRole", + "ssm:UpdateAssociation", + "ssm:GetCalendarState", + "ssm:DeleteAssociation" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ssm:DeleteAssociation" + ], + "modify": [ + "iam:PassRole", + "ssm:UpdateAssociation", + "ssm:GetCalendarState" + ], + "plan": [ + "ssm:DescribeAssociation", + "resource-groups:GetGroupQuery", + "resource-groups:ListGroups", + "resource-groups:ListGroupResources" + ] + } +] diff --git a/src/mapping/aws/resource/ssm/aws_ssm_default_patch_baseline.json b/src/mapping/aws/resource/ssm/aws_ssm_default_patch_baseline.json new file mode 100644 index 00000000..13c33133 --- /dev/null +++ b/src/mapping/aws/resource/ssm/aws_ssm_default_patch_baseline.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ssm:GetDefaultPatchBaseline", + "ssm:RegisterDefaultPatchBaseline" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ssm/aws_ssm_document.json b/src/mapping/aws/resource/ssm/aws_ssm_document.json index 8af5dce5..a08284d3 100644 --- a/src/mapping/aws/resource/ssm/aws_ssm_document.json +++ b/src/mapping/aws/resource/ssm/aws_ssm_document.json @@ -1,24 +1,29 @@ -[ - { - "apply": [ - "ssm:CreateDocument", - "ssm:DescribeDocument", - "ssm:GetDocument", - "ssm:DescribeDocumentPermission", - "ssm:DeleteDocument" - ], - "attributes": { - "tags": [ - "ssm:AddTagsToResource", - "ssm:RemoveTagsFromResource" - ] - }, - "destroy": [ - "ssm:DeleteDocument" - ], - "modify": [ - "ssm:UpdateDocument" - ], - "plan": [] - } -] +[ + { + "apply": [ + "ssm:CreateDocument", + "ssm:DescribeDocument", + "ssm:GetDocument", + "ssm:DescribeDocumentPermission", + "ssm:DeleteDocument", + "ssm:ListTagsForResource", + "iam:PassRole", + "s3:GetObject", + "ssm:UpdateDocumentDefaultVersion" + ], + "attributes": { + "tags": [ + "ssm:AddTagsToResource", + "ssm:RemoveTagsFromResource" + ] + }, + "destroy": [ + "ssm:DeleteDocument" + ], + "modify": [ + "ssm:UpdateDocument", + "ssm:UpdateDocumentDefaultVersion" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ssm/aws_ssm_parameter.json b/src/mapping/aws/resource/ssm/aws_ssm_parameter.json index 761ad856..d98f27f6 100644 --- a/src/mapping/aws/resource/ssm/aws_ssm_parameter.json +++ b/src/mapping/aws/resource/ssm/aws_ssm_parameter.json @@ -1,29 +1,30 @@ -[ - { - "apply": [ - "ssm:PutParameter", - "ssm:AddTagsToResource", - "ssm:GetParameter", - "ssm:DescribeParameters", - "ssm:ListTagsForResource", - "ssm:GetParameters", - "ssm:DeleteParameter" - ], - "attributes": { - "key_id": [ - "kms:Encrypt", - "kms:Decrypt" - ], - "tags": [ - "ssm:AddTagsToResource" - ] - }, - "destroy": [ - "ssm:DeleteParameter" - ], - "modify": [], - "plan": [ - "kms:Decrypt" - ] - } -] +[ + { + "apply": [ + "ssm:PutParameter", + "ssm:AddTagsToResource", + "ssm:GetParameter", + "ssm:DescribeParameters", + "ssm:ListTagsForResource", + "ssm:GetParameters", + "ssm:DeleteParameter" + ], + "attributes": { + "key_id": [ + "kms:Encrypt", + "kms:Decrypt" + ], + "tags": [ + "ssm:AddTagsToResource", + "ssm:RemoveTagsFromResource" + ] + }, + "destroy": [ + "ssm:DeleteParameter" + ], + "modify": [], + "plan": [ + "kms:Decrypt" + ] + } +] diff --git a/src/mapping/aws/resource/ssm/aws_ssm_resource_data_sync.json b/src/mapping/aws/resource/ssm/aws_ssm_resource_data_sync.json new file mode 100644 index 00000000..ab38b9b7 --- /dev/null +++ b/src/mapping/aws/resource/ssm/aws_ssm_resource_data_sync.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "ssm:CreateResourceDataSync", + "ssm:ListResourceDataSync", + "ssm:UpdateResourceDataSync", + "ssm:DeleteResourceDataSync" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "ssm:ListResourceDataSync", + "ssm:DeleteResourceDataSync" + ], + "modify": [ + "ssm:ListResourceDataSync", + "ssm:UpdateResourceDataSync" + ], + "plan": [ + "ssm:ListResourceDataSync" + ] + } +] diff --git a/src/mapping/aws/resource/ssm/aws_ssm_service_setting.json b/src/mapping/aws/resource/ssm/aws_ssm_service_setting.json new file mode 100644 index 00000000..0786fd0c --- /dev/null +++ b/src/mapping/aws/resource/ssm/aws_ssm_service_setting.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ssm:GetServiceSetting", + "ssm:ResetServiceSetting", + "ssm:UpdateServiceSetting" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_account_assignment.json b/src/mapping/aws/resource/sso/aws_ssoadmin_account_assignment.json new file mode 100644 index 00000000..2e2f10e7 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_account_assignment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "sso:CreateAccountAssignment", + "sso:DeleteAccountAssignment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_application.json b/src/mapping/aws/resource/sso/aws_ssoadmin_application.json new file mode 100644 index 00000000..76ff0220 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_application.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "sso:CreateApplication", + "sso:DescribeApplication", + "sso:DeleteApplication", + "sso:ListTagsForResource" + ], + "attributes": { + "tags": [ + "sso:TagResource", + "sso:UntagResource" + ] + }, + "destroy": [ + "sso:DeleteApplication" + ], + "modify": [ + "sso:UpdateApplication", + "sso:ListTagsForResource", + "sso:DescribeApplication" + ], + "plan": [ + "sso:DescribeApplication", + "sso:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_application_access_scope.json b/src/mapping/aws/resource/sso/aws_ssoadmin_application_access_scope.json new file mode 100644 index 00000000..5d9efe83 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_application_access_scope.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "sso:GetApplicationAccessScope", + "sso:DeleteApplicationAccessScope", + "sso:PutApplicationAccessScope" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_application_assignment.json b/src/mapping/aws/resource/sso/aws_ssoadmin_application_assignment.json new file mode 100644 index 00000000..4f06e472 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_application_assignment.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "sso:CreateApplicationAssignment", + "sso:DescribeApplicationAssignment", + "sso:DeleteApplicationAssignment", + "sso:DescribeApplicationAssignment" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "sso:DeleteApplicationAssignment" + ], + "modify": [], + "plan": [ + "sso:DescribeApplicationAssignment" + ] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_application_assignment_configuration.json b/src/mapping/aws/resource/sso/aws_ssoadmin_application_assignment_configuration.json new file mode 100644 index 00000000..8c6636b4 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_application_assignment_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "sso:GetApplicationAssignmentConfiguration", + "sso:PutApplicationAssignmentConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_customer_managed_policy_attachment.json b/src/mapping/aws/resource/sso/aws_ssoadmin_customer_managed_policy_attachment.json new file mode 100644 index 00000000..615a74c2 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_customer_managed_policy_attachment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "sso:DetachCustomerManagedPolicyReferenceFromPermissionSet", + "sso:AttachCustomerManagedPolicyReferenceToPermissionSet" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_instance_access_control_attributes.json b/src/mapping/aws/resource/sso/aws_ssoadmin_instance_access_control_attributes.json new file mode 100644 index 00000000..1c0afd6e --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_instance_access_control_attributes.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "sso:DescribeInstanceAccessControlAttributeConfiguration", + "sso:CreateInstanceAccessControlAttributeConfiguration", + "sso:DeleteInstanceAccessControlAttributeConfiguration", + "sso:UpdateInstanceAccessControlAttributeConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_managed_policy_attachment.json b/src/mapping/aws/resource/sso/aws_ssoadmin_managed_policy_attachment.json new file mode 100644 index 00000000..fc9c690a --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_managed_policy_attachment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "sso:AttachManagedPolicyToPermissionSet" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_permission_set.json b/src/mapping/aws/resource/sso/aws_ssoadmin_permission_set.json new file mode 100644 index 00000000..f7c4b1c2 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_permission_set.json @@ -0,0 +1,54 @@ +[ + { + "apply": [ + "sso:AttachCustomerManagedPolicyReferenceToPermissionSet", + "sso:AttachManagedPolicyToPermissionSet", + "sso:CreatePermissionSet", + "sso:DeleteInlinePolicyFromPermissionSet", + "sso:DeletePermissionSet", + "sso:DeletePermissionsBoundaryFromPermissionSet", + "sso:DescribePermissionSet", + "sso:DescribePermissionSetProvisioningStatus", + "sso:DetachCustomerManagedPolicyReferenceFromPermissionSet", + "sso:DetachManagedPolicyFromPermissionSet", + "sso:GetInlinePolicyForPermissionSet", + "sso:GetPermissionsBoundaryForPermissionSet", + "sso:ListCustomerManagedPolicyReferencesInPermissionSet", + "sso:ListManagedPoliciesInPermissionSet", + "sso:ListTagsForResource", + "sso:ProvisionPermissionSet", + "sso:PutInlinePolicyToPermissionSet", + "sso:PutPermissionsBoundaryToPermissionSet", + "sso:UpdatePermissionSet" + ], + "attributes": { + "tags": [ + "sso:TagResource", + "sso:UntagResource" + ] + }, + "destroy": [ + "sso:DeletePermissionSet" + ], + "modify": [ + "sso:UpdatePermissionSet", + "sso:ListTagsForResource", + "sso:AttachManagedPolicyToPermissionSet", + "sso:AttachCustomerManagedPolicyReferenceToPermissionSet", + "sso:DetachManagedPolicyFromPermissionSet", + "sso:DetachCustomerManagedPolicyReferenceFromPermissionSet", + "sso:ListManagedPoliciesInPermissionSet", + "sso:ListCustomerManagedPolicyReferencesInPermissionSet", + "sso:PutInlinePolicyToPermissionSet", + "sso:GetPermissionsBoundaryForPermissionSet", + "sso:DeletePermissionsBoundaryFromPermissionSet", + "sso:PutPermissionsBoundaryToPermissionSet", + "sso:DeleteInlinePolicyFromPermissionSet", + "sso:ProvisionPermissionSet", + "sso:DescribePermissionSet", + "sso:GetInlinePolicyForPermissionSet", + "sso:DescribePermissionSetProvisioningStatus" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_permission_set_inline_policy.json b/src/mapping/aws/resource/sso/aws_ssoadmin_permission_set_inline_policy.json new file mode 100644 index 00000000..f5b0b459 --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_permission_set_inline_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "sso:GetInlinePolicyForPermissionSet", + "sso:DeleteInlinePolicyFromPermissionSet", + "sso:PutInlinePolicyToPermissionSet" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_permissions_boundary_attachment.json b/src/mapping/aws/resource/sso/aws_ssoadmin_permissions_boundary_attachment.json new file mode 100644 index 00000000..560b1a9d --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_permissions_boundary_attachment.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "sso:PutPermissionsBoundaryToPermissionSet", + "sso:DeletePermissionsBoundaryFromPermissionSet", + "sso:GetPermissionsBoundaryForPermissionSet" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sso/aws_ssoadmin_trusted_token_issuer.json b/src/mapping/aws/resource/sso/aws_ssoadmin_trusted_token_issuer.json new file mode 100644 index 00000000..81c01e9d --- /dev/null +++ b/src/mapping/aws/resource/sso/aws_ssoadmin_trusted_token_issuer.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "sso:DescribeTrustedTokenIssuer", + "sso:UpdateTrustedTokenIssuer", + "sso:DeleteTrustedTokenIssuer", + "sso:CreateTrustedTokenIssuer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/states/aws_sfn_activity.json b/src/mapping/aws/resource/states/aws_sfn_activity.json index 09357adf..ea7e2f1b 100644 --- a/src/mapping/aws/resource/states/aws_sfn_activity.json +++ b/src/mapping/aws/resource/states/aws_sfn_activity.json @@ -1,21 +1,24 @@ -[ - { - "apply": [ - "states:CreateActivity", - "states:DescribeActivity", - "states:ListTagsForResource", - "states:DeleteActivity" - ], - "attributes": { - "tags": [ - "states:TagResource", - "states:UntagResource" - ] - }, - "destroy": [ - "states:DeleteActivity" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "states:CreateActivity", + "states:DescribeActivity", + "states:ListTagsForResource", + "states:DeleteActivity" + ], + "attributes": { + "kms_key_id": [ + "kms:DescribeKey" + ], + "tags": [ + "states:TagResource", + "states:UntagResource" + ] + }, + "destroy": [ + "states:DeleteActivity" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/states/aws_sfn_state_machine.json b/src/mapping/aws/resource/states/aws_sfn_state_machine.json index e399a7a6..cf9c8508 100644 --- a/src/mapping/aws/resource/states/aws_sfn_state_machine.json +++ b/src/mapping/aws/resource/states/aws_sfn_state_machine.json @@ -1,24 +1,30 @@ -[ - { - "apply": [ - "states:CreateStateMachine", - "states:DescribeStateMachine", - "states:ListTagsForResource", - "states:DeleteStateMachine", - "iam:PassRole" - ], - "attributes": { - "tags": [ - "states:TagResource", - "states:UntagResource" - ] - }, - "destroy": [ - "states:DeleteStateMachine" - ], - "modify": [ - "states:UpdateStateMachine" - ], - "plan": [] - } -] +[ + { + "apply": [ + "states:CreateStateMachine", + "states:DescribeStateMachine", + "states:ListTagsForResource", + "states:DeleteStateMachine", + "s3:GetObject", + "iam:PassRole" + ], + "attributes": { + "encryption_configuration": [ + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "states:TagResource", + "states:UntagResource" + ] + }, + "destroy": [ + "states:DeleteStateMachine" + ], + "modify": [ + "states:UpdateStateMachine" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json b/src/mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json new file mode 100644 index 00000000..73389403 --- /dev/null +++ b/src/mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "timestream:CreateScheduledQuery", + "timestream:DescribeScheduledQuery", + "timestream:ListTagsForResource", + "timestream:DescribeEndpoints", + "timestream:UpdateScheduledQuery", + "timestream:DeleteScheduledQuery" + ], + "attributes": { + "tags": [ + "timestream:TagResource", + "timestream:UntagResource" + ] + }, + "destroy": [ + "timestream:DeleteScheduledQuery", + "timestream:DescribeEndpoints" + ], + "modify": [ + "timestream:UpdateScheduledQuery", + "timestream:DescribeEndpoints" + ], + "plan": [ + "timestream:DescribeScheduledQuery", + "timestream:ListTagsForResource", + "timestream:DescribeEndpoints" + ] + } +] diff --git a/src/mapping/aws/resource/timestreamwrite/aws_timestreaminfluxdb_db_instance.json b/src/mapping/aws/resource/timestreamwrite/aws_timestreaminfluxdb_db_instance.json new file mode 100644 index 00000000..899ca2f5 --- /dev/null +++ b/src/mapping/aws/resource/timestreamwrite/aws_timestreaminfluxdb_db_instance.json @@ -0,0 +1,44 @@ +[ + { + "apply": [ + "s3:ListBucket", + "s3:GetBucketPolicy", + "timestream-influxdb:GetDbInstance", + "timestream-influxdb:ListDbInstances", + "timestream-influxdb:CreateDbInstance", + "timestream-influxdb:UpdateDbInstance", + "timestream-influxdb:ListTagsForResource", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:CreateNetworkInterface", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "timestream-influxdb:TagResource", + "timestream-influxdb:UntagResource" + ] + }, + "destroy": [ + "timestream-influxdb:GetDbInstance", + "timestream-influxdb:ListDbInstances", + "timestream-influxdb:DeleteDbInstance" + ], + "modify": [ + "s3:ListBucket", + "s3:GetBucketPolicy", + "timestream-influxdb:GetDbInstance", + "timestream-influxdb:ListDbInstances", + "timestream-influxdb:UpdateDbInstance", + "timestream-influxdb:ListTagsForResource", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "plan": [ + "timestream-influxdb:GetDbInstance", + "timestream-influxdb:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_database.json b/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_database.json index 20b743dd..8e7f4b99 100644 --- a/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_database.json +++ b/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_database.json @@ -12,7 +12,8 @@ "kms_key_id": [ "kms:CreateGrant", "kms:DescribeKey", - "kms:ListKeys" + "kms:ListKeys", + "kms:Decrypt" ], "tags": [ "timestream:TagResource", diff --git a/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_table.json b/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_table.json index 4cf5add6..eec8031d 100644 --- a/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_table.json +++ b/src/mapping/aws/resource/timestreamwrite/aws_timestreamwrite_table.json @@ -5,9 +5,20 @@ "timestream:CreateTable", "timestream:DeleteTable", "timestream:UpdateTable", - "timestream:DescribeTable" + "timestream:DescribeTable", + "timestream:DescribeEndpoints" ], "attributes": { + "kms_key_id": [ + "kms:GenerateDataKey*", + "kms:DescribeKey", + "kms:Encrypt" + ], + "s3_configuration": [ + "s3:PutObject", + "s3:GetObject", + "s3:GetBucketAcl" + ], "tags": [ "timestream:TagResource", "timestream:UntagResource" diff --git a/src/mapping/aws/resource/transfer/aws_transfer_access.json b/src/mapping/aws/resource/transfer/aws_transfer_access.json new file mode 100644 index 00000000..fb2ac999 --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_access.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "transfer:CreateAccess", + "transfer:DescribeAccess", + "transfer:DeleteAccess", + "transfer:UpdateAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_agreement.json b/src/mapping/aws/resource/transfer/aws_transfer_agreement.json new file mode 100644 index 00000000..f43c1467 --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_agreement.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "transfer:CreateAgreement", + "transfer:DescribeAgreement", + "transfer:DeleteAgreement", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "transfer:TagResource", + "transfer:UntagResource" + ] + }, + "destroy": [ + "transfer:DeleteAgreement" + ], + "modify": [ + "transfer:UpdateAgreement" + ], + "plan": [ + "transfer:DescribeAgreement" + ] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_certificate.json b/src/mapping/aws/resource/transfer/aws_transfer_certificate.json new file mode 100644 index 00000000..4b4fa25f --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_certificate.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "transfer:ImportCertificate", + "transfer:DeleteCertificate", + "transfer:DescribeCertificate", + "transfer:UpdateCertificate" + ], + "attributes": { + "tags": [ + "transfer:UnTagResource", + "transfer:TagResource" + ] + }, + "destroy": [ + "transfer:DeleteCertificate" + ], + "modify": [ + "transfer:UpdateCertificate", + "transfer:UnTagResource", + "transfer:TagResource" + ], + "plan": [ + "transfer:DescribeCertificate" + ] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_connector.json b/src/mapping/aws/resource/transfer/aws_transfer_connector.json new file mode 100644 index 00000000..4535714d --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_connector.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "transfer:CreateConnector", + "iam:PassRole", + "transfer:UpdateConnector", + "transfer:DeleteConnector", + "transfer:DescribeConnector" + ], + "attributes": { + "tags": [ + "transfer:UnTagResource", + "transfer:TagResource" + ] + }, + "destroy": [ + "transfer:DeleteConnector" + ], + "modify": [ + "transfer:UpdateConnector", + "iam:PassRole" + ], + "plan": [ + "transfer:DescribeConnector" + ] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_profile.json b/src/mapping/aws/resource/transfer/aws_transfer_profile.json new file mode 100644 index 00000000..77a2adb7 --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_profile.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "transfer:CreateProfile", + "transfer:DeleteProfile", + "transfer:DescribeProfile", + "transfer:UpdateProfile" + ], + "attributes": { + "tags": [ + "transfer:UnTagResource", + "transfer:TagResource" + ] + }, + "destroy": [ + "transfer:DeleteProfile" + ], + "modify": [ + "transfer:UpdateProfile" + ], + "plan": [ + "transfer:DescribeProfile" + ] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_server.json b/src/mapping/aws/resource/transfer/aws_transfer_server.json new file mode 100644 index 00000000..8ae18462 --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_server.json @@ -0,0 +1,59 @@ +[ + { + "apply": [ + "apigateway:GET", + "iam:PassRole", + "transfer:CreateServer", + "transfer:DescribeServer", + "transfer:StartServer", + "transfer:StopServer", + "transfer:UpdateServer" + ], + "attributes": { + "directory_id": [ + "ds:AuthorizeApplication", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication" + ], + "endpoint_details": [ + "ec2:AssociateAddress", + "ec2:CreateVpcEndpoint", + "ec2:DescribeAddresses", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcEndpoints", + "ec2:DeleteVpcEndpoints", + "ec2:DisassociateAddress", + "ec2:ModifyVpcEndpoint" + ], + "logging_role": [ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "tags": [ + "transfer:TagResource", + "transfer:UnTagResource" + ] + }, + "destroy": [ + "transfer:DeleteServer" + ], + "modify": [ + "apigateway:GET", + "iam:PassRole", + "transfer:DescribeServer", + "transfer:StartServer", + "transfer:StopServer", + "transfer:UpdateServer" + ], + "plan": [ + "ec2:DescribeVpcEndpoints", + "transfer:DescribeServer" + ] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_ssh_key.json b/src/mapping/aws/resource/transfer/aws_transfer_ssh_key.json new file mode 100644 index 00000000..06fd2b22 --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_ssh_key.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "transfer:ImportSshPublicKey", + "transfer:DeleteSshPublicKey" + ], + "attributes": { + "tags": [ + "transfer:TagResource", + "transfer:UnTagResource" + ] + }, + "destroy": [ + "transfer:DeleteSshPublicKey" + ], + "modify": [ + "transfer:DeleteSshPublicKey", + "transfer:ImportSshPublicKey" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_tag.json b/src/mapping/aws/resource/transfer/aws_transfer_tag.json new file mode 100644 index 00000000..a5645a62 --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_tag.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "transfer:TagResource", + "transfer:UntagResource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_user.json b/src/mapping/aws/resource/transfer/aws_transfer_user.json new file mode 100644 index 00000000..2660f7d1 --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_user.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "iam:PassRole", + "transfer:CreateUser", + "transfer:DescribeUser", + "transfer:UpdateUser", + "transfer:DeleteUser" + ], + "attributes": { + "tags": [ + "transfer:TagResource", + "transfer:UnTagResource" + ] + }, + "destroy": [ + "transfer:DeleteUser" + ], + "modify": [ + "iam:PassRole", + "transfer:DescribeUser", + "transfer:UpdateUser" + ], + "plan": [ + "transfer:DescribeUser" + ] + } +] diff --git a/src/mapping/aws/resource/transfer/aws_transfer_workflow.json b/src/mapping/aws/resource/transfer/aws_transfer_workflow.json new file mode 100644 index 00000000..a06d4a0d --- /dev/null +++ b/src/mapping/aws/resource/transfer/aws_transfer_workflow.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "transfer:CreateWorkflow", + "transfer:DeleteWorkflow", + "transfer:DescribeWorkflow" + ], + "attributes": { + "tags": [ + "transfer:TagResource", + "transfer:UnTagResource" + ] + }, + "destroy": [ + "transfer:DeleteWorkflow" + ], + "modify": [], + "plan": [ + "transfer:DescribeWorkflow" + ] + } +] diff --git a/src/mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json b/src/mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json new file mode 100644 index 00000000..37c0d3f5 --- /dev/null +++ b/src/mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "verified-access:AllowVerifiedAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_identity_source.json b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_identity_source.json new file mode 100644 index 00000000..340a9a0e --- /dev/null +++ b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_identity_source.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "verifiedpermissions:CreateIdentitySource", + "verifiedpermissions:GetIdentitySource", + "cognito-idp:DescribeUserPool", + "cognito-idp:ListUserPoolClients" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "verifiedpermissions:DeleteIdentitySource verifiedpermissions:GetIdentitySource cognito-idp:DescribeUserPool", + "cognito-idp:ListUserPoolClients" + ], + "modify": [ + "verifiedpermissions:UpdateIdentitySource verifiedpermissions:GetIdentitySource cognito-idp:DescribeUserPool cognito-idp:ListUserPoolClients" + ], + "plan": [ + "verifiedpermissions:GetIdentitySource cognito-idp:DescribeUserPool cognito-idp:ListUserPoolClients" + ] + } +] diff --git a/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy.json b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy.json new file mode 100644 index 00000000..0ac9e225 --- /dev/null +++ b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "verifiedpermissions:CreatePolicy", + "verifiedpermissions:GetPolicy", + "verifiedpermissions:DeletePolicy", + "verifiedpermissions:UpdatePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "verifiedpermissions:DeletePolicy", + "verifiedpermissions:GetPolicy" + ], + "modify": [ + "verifiedpermissions:UpdatePolicy" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_store.json b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_store.json new file mode 100644 index 00000000..5b66d7f6 --- /dev/null +++ b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_store.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "verifiedpermissions:CreatePolicyStore", + "verifiedpermissions:GetPolicyStore", + "verifiedpermissions:PutSchema", + "verifiedpermissions:GetSchema", + "verifiedpermissions:DeletePolicyStore", + "verifiedpermissions:UpdatePolicyStore" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "verifiedpermissions:DeletePolicyStore", + "verifiedpermissions:GetPolicyStore" + ], + "modify": [ + "verifiedpermissions:UpdatePolicyStore", + "verifiedpermissions:GetPolicyStore", + "verifiedpermissions:GetSchema", + "verifiedpermissions:PutSchema" + ], + "plan": [ + "verifiedpermissions:GetPolicyStore", + "verifiedpermissions:GetSchema" + ] + } +] diff --git a/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_template.json b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_template.json new file mode 100644 index 00000000..d0468587 --- /dev/null +++ b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_policy_template.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "verifiedpermissions:CreatePolicyTemplate", + "verifiedpermissions:GetPolicyTemplate", + "verifiedpermissions:UpdatePolicyTemplate", + "verifiedpermissions:DeletePolicyTemplate" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "verifiedpermissions:DeletePolicyTemplate", + "verifiedpermissions:GetPolicyTemplate" + ], + "modify": [ + "verifiedpermissions:UpdatePolicyTemplate", + "verifiedpermissions:GetPolicyTemplate" + ], + "plan": [ + "verifiedpermissions:GetPolicyTemplate" + ] + } +] diff --git a/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json new file mode 100644 index 00000000..73ee8a38 --- /dev/null +++ b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "verifiedpermissions:PutSchema", + "verifiedpermissions:GetSchema" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_access_log_subscription.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_access_log_subscription.json index c4803d5d..8b84ee90 100644 --- a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_access_log_subscription.json +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_access_log_subscription.json @@ -1,20 +1,80 @@ [ { "apply": [ - "vpc-lattice:GetAccessLogSubscription", + "firehose:CreateDeliveryStream", + "firehose:DeleteDeliveryStream", + "firehose:DescribeDeliveryStream", + "firehose:TagDeliveryStream", + "firehose:UntagDeliveryStream", + "firehose:UpdateDestination", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus", + "logs:CreateLogDelivery", + "logs:CreateLogStream", + "logs:DeleteDestination", + "logs:DeleteLogDelivery", + "logs:DeleteLogStream", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:PutDestination", + "logs:PutDestinationPolicy", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "s3:GetBucketLogging", + "s3:GetBucketPolicy", + "s3:PutBucketLogging", + "s3:PutBucketPolicy", "vpc-lattice:CreateAccessLogSubscription", "vpc-lattice:DeleteAccessLogSubscription", + "vpc-lattice:GetAccessLogSubscription", + "vpc-lattice:ListTagsForResource", "vpc-lattice:UpdateAccessLogSubscription" ], "attributes": { - "tags": [] + "tags": [ + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource" + ] }, "destroy": [ - "vpc-lattice:DeleteAccessLogSubscription" + "vpc-lattice:DeleteAccessLogSubscription", + "logs:DeleteLogDelivery", + "logs:DeleteLogStream", + "logs:GetLogDelivery", + "logs:DeleteDestination", + "s3:PutBucketLogging", + "iam:GetServiceLinkedRoleDeletionStatus", + "iam:DeleteServiceLinkedRole", + "firehose:DeleteDeliveryStream", + "firehose:UntagDeliveryStream" ], "modify": [ - "vpc-lattice:UpdateAccessLogSubscription" + "vpc-lattice:UpdateAccessLogSubscription", + "vpc-lattice:GetAccessLogSubscription", + "logs:UpdateLogDelivery", + "firehose:UpdateDestination", + "logs:CreateLogDelivery", + "logs:CreateLogStream", + "logs:PutDestination", + "logs:PutDestinationPolicy", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "logs:GetLogDelivery", + "s3:PutBucketLogging", + "s3:GetBucketLogging", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "firehose:TagDeliveryStream", + "firehose:CreateDeliveryStream", + "firehose:DescribeDeliveryStream" ], - "plan": [] + "plan": [ + "vpc-lattice:GetAccessLogSubscription", + "vpc-lattice:ListTagsForResource", + "logs:GetLogDelivery" + ] } ] diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_listener_rule.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_listener_rule.json index 3faec4e3..1c05b20e 100644 --- a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_listener_rule.json +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_listener_rule.json @@ -7,7 +7,10 @@ "vpc-lattice:UpdateRule" ], "attributes": { - "tags": [] + "tags": [ + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource" + ] }, "destroy": [ "vpc-lattice:DeleteRule" diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_configuration.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_configuration.json new file mode 100644 index 00000000..5ef7a869 --- /dev/null +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_configuration.json @@ -0,0 +1,32 @@ +[ + { + "apply": [ + "ec2:DescribeSubnets", + "vpc-lattice:CreateResourceConfiguration", + "vpc-lattice:GetResourceConfiguration", + "vpc-lattice:ListTagsForResource", + "vpc-lattice:DeleteResourceConfiguration", + "vpc-lattice:UpdateResourceConfiguration" + ], + "attributes": { + "tags": [ + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource" + ] + }, + "destroy": [ + "vpc-lattice:DeleteResourceConfiguration", + "vpc-lattice:GetResourceConfiguration" + ], + "modify": [ + "ec2:DescribeSubnets", + "vpc-lattice:ListTagsForResource", + "vpc-lattice:UpdateResourceConfiguration", + "vpc-lattice:GetResourceConfiguration" + ], + "plan": [ + "vpc-lattice:GetResourceConfiguration", + "vpc-lattice:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_gateway.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_gateway.json new file mode 100644 index 00000000..a595879e --- /dev/null +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_resource_gateway.json @@ -0,0 +1,36 @@ +[ + { + "apply": [ + "vpc-lattice:CreateResourceGateway", + "vpc-lattice:GetResourceGateway", + "vpc-lattice:ListTagsForResource", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:DeleteResourceGateway", + "vpc-lattice:UpdateResourceGateway" + ], + "attributes": { + "tags": [ + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource" + ] + }, + "destroy": [ + "vpc-lattice:DeleteResourceGateway", + "vpc-lattice:GetResourceGateway" + ], + "modify": [ + "vpc-lattice:UpdateResourceGateway", + "vpc-lattice:GetResourceGateway", + "vpc-lattice:ListTagsForResource", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "plan": [ + "vpc-lattice:GetResourceGateway", + "vpc-lattice:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service.json index 03b13f5b..12135446 100644 --- a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service.json +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service.json @@ -6,7 +6,8 @@ "vpc-lattice:DeleteService", "vpc-lattice:UpdateService", "iam:CreateServiceLinkedRole", - "vpc-lattice:ListTagsForResource" + "vpc-lattice:ListTagsForResource", + "acm:ListCertificates" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json new file mode 100644 index 00000000..3d65bf8c --- /dev/null +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "vpc-lattice:CreateServiceNetworkServiceAssociation", + "vpc-lattice:DeleteServiceNetworkServiceAssociation", + "vpc-lattice:GetServiceNetworkServiceAssociation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_service_association.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_service_association.json index d786fff9..bcb4fea3 100644 --- a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_service_association.json +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_service_association.json @@ -6,7 +6,10 @@ "vpc-lattice:DeleteServiceNetworkServiceAssociation" ], "attributes": { - "tags": [] + "tags": [ + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource" + ] }, "destroy": [ "vpc-lattice:DeleteServiceNetworkServiceAssociation" diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_vpc_association.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_vpc_association.json index 83f06512..f4205f09 100644 --- a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_vpc_association.json +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_vpc_association.json @@ -5,10 +5,14 @@ "vpc-lattice:CreateServiceNetworkVpcAssociation", "vpc-lattice:DeleteServiceNetworkVpcAssociation", "vpc-lattice:UpdateServiceNetworkVpcAssociation", - "ec2:DescribeSecurityGroups" + "ec2:DescribeSecurityGroups", + "vpc-lattice:ListTagsForResource" ], "attributes": { - "tags": [] + "tags": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource" + ] }, "destroy": [ "vpc-lattice:DeleteServiceNetworkVpcAssociation" diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_target_group.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_target_group.json index 2152f6c2..f39618e2 100644 --- a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_target_group.json +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_target_group.json @@ -6,7 +6,19 @@ "vpc-lattice:DeleteTargetGroup", "vpc-lattice:UpdateTargetGroup", "ec2:DescribeVpcs", - "vpc-lattice:ListTagsForResource" + "vpc-lattice:ListTagsForResource", + "vpc-lattice:ListTargets", + "iam:CreateServiceLinkedRole", + "ec2:DescribeVpcs", + "ec2:DescribeInstances", + "ec2:DescribeSubnets", + "ec2:DescribeAvailabilityZoneMappings", + "lambda:Invoke", + "lambda:AddPermission", + "elasticloadbalancing:DescribeLoadBalancers", + "vpc-lattice:DeregisterTargets", + "lambda:RemovePermission", + "vpc-lattice:RegisterTargets" ], "attributes": { "tags": [ @@ -15,11 +27,18 @@ ] }, "destroy": [ - "vpc-lattice:DeleteTargetGroup" + "vpc-lattice:DeleteTargetGroup", + "vpc-lattice:DeregisterTargets", + "lambda:RemovePermission" ], "modify": [ - "vpc-lattice:UpdateTargetGroup" + "vpc-lattice:UpdateTargetGroup", + "vpc-lattice:RegisterTargets" ], - "plan": [] + "plan": [ + "vpc-lattice:GetTargetGroup", + "vpc-lattice:ListTargets", + "vpc-lattice:ListTagsForResource" + ] } ] diff --git a/src/mapping/aws/resource/wafregional/aws_wafregional_web_acl_association.json b/src/mapping/aws/resource/wafregional/aws_wafregional_web_acl_association.json new file mode 100644 index 00000000..c11bb159 --- /dev/null +++ b/src/mapping/aws/resource/wafregional/aws_wafregional_web_acl_association.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "apigateway:SetWebACL", + "elasticloadbalancing:SetWebAcl", + "waf-regional:AssociateWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:DisassociateWebACL" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "waf-regional:DisassociateWebACL" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/wafv2/aws_wafv2_api_key.json b/src/mapping/aws/resource/wafv2/aws_wafv2_api_key.json new file mode 100644 index 00000000..24bd6ce1 --- /dev/null +++ b/src/mapping/aws/resource/wafv2/aws_wafv2_api_key.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "wafv2:CreateAPIKey", + "wafv2:DeleteAPIKey", + "wafv2:ListAPIKeys" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "wafv2:DeleteAPIKey" + ], + "modify": [], + "plan": [ + "wafv2:ListAPIKeys" + ] + } +] diff --git a/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl.json b/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl.json index 3fd4f040..40e0a8ff 100644 --- a/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl.json +++ b/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl.json @@ -1,21 +1,24 @@ -[ - { - "apply": [ - "wafv2:CreateWebACL", - "wafv2:GetWebACL", - "wafv2:ListTagsForResource", - "wafv2:DeleteWebACL" - ], - "attributes": { - "tags": [ - "wafv2:TagResource", - "wafv2:UntagResource" - ] - }, - "destroy": [ - "wafv2:DeleteWebACL" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "wafv2:CreateWebACL", + "wafv2:GetWebACL", + "wafv2:ListTagsForResource", + "wafv2:DeleteWebACL", + "wafv2:UpdateWebACL" + ], + "attributes": { + "tags": [ + "wafv2:TagResource", + "wafv2:UntagResource" + ] + }, + "destroy": [ + "wafv2:DeleteWebACL" + ], + "modify": [ + "wafv2:UpdateWebACL" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl_association.json b/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl_association.json index c198cc5d..3d8f3385 100644 --- a/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl_association.json +++ b/src/mapping/aws/resource/wafv2/aws_wafv2_web_acl_association.json @@ -3,6 +3,10 @@ "apply": [ "wafv2:AssociateWebACL", "wafv2:GetWebACLForResource", + "wafv2:GetWebACL", + "wafv2:DisassociateWebACL", + "wafv2:PutPermissionPolicy", + "wafv2:GetPermissionPolicy", "apigateway:SetWebACL", "elasticloadbalancing:SetWebAcl", "appsync:SetWebACL", @@ -11,17 +15,75 @@ "cognito-idp:ListResourcesForWebACL", "apprunner:ListAssociatedServicesForWebAcl", "apprunner:AssociateWebAcl", - "apprunner:DescribeWebAclForService" + "apprunner:DescribeWebAclForService", + "ec2:AssociateVerifiedAccessInstanceWebAcl", + "ec2:DisassociateVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl" ], "attributes": { "tags": [] }, "destroy": [ + "wafv2:AssociateWebACL", + "wafv2:GetWebACLForResource", + "wafv2:GetWebACL", + "wafv2:DisassociateWebACL", + "wafv2:PutPermissionPolicy", + "elasticloadbalancing:SetWebACL", + "apigateway:SetWebACL", + "appsync:SetWebACL", + "cognito-idp:AssociateWebACL", + "cognito-idp:DisassociateWebACL", + "cognito-idp:GetWebACLForResource", + "apprunner:AssociateWebAcl", + "apprunner:DisassociateWebAcl", + "apprunner:DescribeWebAclForService", + "ec2:AssociateVerifiedAccessInstanceWebAcl", + "ec2:DisassociateVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:DisassociateWebACL", + "amplify:GetWebACLForResource" + ], + "modify": [ + "wafv2:AssociateWebACL", + "wafv2:GetWebACLForResource", + "wafv2:GetWebACL", + "wafv2:DisassociateWebACL", + "elasticloadbalancing:SetWebACL", + "apigateway:SetWebACL", + "appsync:SetWebACL", + "cognito-idp:AssociateWebACL", "cognito-idp:DisassociateWebACL", + "cognito-idp:GetWebACLForResource", + "apprunner:AssociateWebAcl", "apprunner:DisassociateWebAcl", - "wafv2:DisassociateWebACL" + "apprunner:DescribeWebAclForService", + "ec2:AssociateVerifiedAccessInstanceWebAcl", + "ec2:DisassociateVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl" ], - "modify": [], - "plan": [] + "plan": [ + "wafv2:AssociateWebACL", + "wafv2:GetWebACLForResource", + "wafv2:GetWebACL", + "wafv2:DisassociateWebACL", + "elasticloadbalancing:SetWebACL", + "apigateway:SetWebACL", + "appsync:SetWebACL", + "cognito-idp:AssociateWebACL", + "cognito-idp:DisassociateWebACL", + "cognito-idp:GetWebACLForResource", + "apprunner:AssociateWebAcl", + "apprunner:DisassociateWebAcl", + "apprunner:DescribeWebAclForService", + "ec2:AssociateVerifiedAccessInstanceWebAcl", + "ec2:DisassociateVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:GetWebACLForResource" + ] } ] diff --git a/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_browser_settings.json b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_browser_settings.json new file mode 100644 index 00000000..c0e0be44 --- /dev/null +++ b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_browser_settings.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "workspaces-web:CreateBrowserSettings", + "workspaces-web:GetBrowserSettings", + "workspaces-web:ListTagsForResource", + "workspaces-web:DeleteBrowserSettings" + ], + "attributes": { + "tags": [ + "workspaces-web:TagResource", + "workspaces-web:UntagResource" + ] + }, + "destroy": [ + "workspaces-web:DeleteBrowserSettings" + ], + "modify": [], + "plan": [ + "workspaces-web:GetBrowserSettings" + ] + } +] diff --git a/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_data_protection_settings.json b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_data_protection_settings.json new file mode 100644 index 00000000..6eec7e6d --- /dev/null +++ b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_data_protection_settings.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "workspaces-web:GetDataProtectionSettings", + "workspaces-web:AssociateDataProtectionSettings", + "workspaces-web:CreateDataProtectionSettings", + "workspaces-web:DeleteDataProtectionSettings", + "workspaces-web:DisassociateDataProtectionSettings", + "workspaces-web:UpdateDataProtectionSettings", + "workspaces-web:ListTagsForResource" + ], + "attributes": { + "customer_managed_key": [ + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "workspaces-web:TagResource", + "workspaces-web:UntagResource" + ] + }, + "destroy": [ + "workspaces-web:DeleteDataProtectionSettings", + "workspaces-web:DisassociateDataProtectionSettings" + ], + "modify": [ + "workspaces-web:UpdateDataProtectionSettings" + ], + "plan": [ + "workspaces-web:GetDataProtectionSettings" + ] + } +] diff --git a/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_ip_access_settings.json b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_ip_access_settings.json new file mode 100644 index 00000000..51311ff4 --- /dev/null +++ b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_ip_access_settings.json @@ -0,0 +1,34 @@ +[ + { + "apply": [ + "workspaces-web:GetIpAccessSettings", + "workspaces-web:AssociateIpAccessSettings", + "workspaces-web:CreateIpAccessSettings", + "workspaces-web:DeleteIpAccessSettings", + "workspaces-web:DisassociateIpAccessSettings", + "workspaces-web:UpdateIpAccessSettings", + "workspaces-web:ListTagsForResource" + ], + "attributes": { + "customer_managed_key": [ + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "tags": [ + "workspaces-web:TagResource", + "workspaces-web:UntagResource" + ] + }, + "destroy": [ + "workspaces-web:DeleteIpAccessSettings", + "workspaces-web:DisassociateIpAccessSettings" + ], + "modify": [ + "workspaces-web:UpdateIpAccessSettings" + ], + "plan": [ + "workspaces-web:GetIpAccessSettings" + ] + } +] diff --git a/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_network_settings.json b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_network_settings.json new file mode 100644 index 00000000..80c8088b --- /dev/null +++ b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_network_settings.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "workspaces-web:CreateNetworkSettings", + "iam:CreateServiceLinkedRole", + "workspaces-web:GetNetworkSettings", + "workspaces-web:DeleteNetworkSettings" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "workspaces-web:DeleteNetworkSettings" + ], + "modify": [], + "plan": [ + "workspaces-web:GetNetworkSettings" + ] + } +] diff --git a/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_user_access_logging_settings.json b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_user_access_logging_settings.json new file mode 100644 index 00000000..199da10c --- /dev/null +++ b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_user_access_logging_settings.json @@ -0,0 +1,29 @@ +[ + { + "apply": [ + "workspaces-web:GetUserAccessLoggingSettings", + "workspaces-web:AssociateUserAccessLoggingSettings", + "workspaces-web:CreateUserAccessLoggingSettings", + "workspaces-web:DeleteUserAccessLoggingSettings", + "workspaces-web:DisassociateUserAccessLoggingSettings", + "workspaces-web:UpdateUserAccessLoggingSettings", + "workspaces-web:ListTagsForResource" + ], + "attributes": { + "tags": [ + "workspaces-web:TagResource", + "workspaces-web:UntagResource" + ] + }, + "destroy": [ + "workspaces-web:DeleteUserAccessLoggingSettings", + "workspaces-web:DisassociateUserAccessLoggingSettings" + ], + "modify": [ + "workspaces-web:UpdateUserAccessLoggingSettings" + ], + "plan": [ + "workspaces-web:GetUserAccessLoggingSettings" + ] + } +] diff --git a/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_user_settings.json b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_user_settings.json new file mode 100644 index 00000000..e7f33392 --- /dev/null +++ b/src/mapping/aws/resource/workspaces-web/aws_workspacesweb_user_settings.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "workspaces-web:CreateUserSettings", + "workspaces-web:GetUserSettings", + "workspaces-web:DeleteUserSettings" + ], + "attributes": { + "customer_managed_key": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "tags": [ + "workspaces-web:TagResource", + "workspaces-web:UntagResource" + ] + }, + "destroy": [ + "workspaces-web:DeleteUserSettings" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/xray/aws_xray_group.json b/src/mapping/aws/resource/xray/aws_xray_group.json index 4808ea28..df19bccb 100644 --- a/src/mapping/aws/resource/xray/aws_xray_group.json +++ b/src/mapping/aws/resource/xray/aws_xray_group.json @@ -4,7 +4,8 @@ "xray:CreateGroup", "xray:ListTagsForResource", "xray:GetGroup", - "xray:DeleteGroup" + "xray:DeleteGroup", + "xray:UpdateGroup" ], "attributes": { "tags": [ @@ -15,7 +16,9 @@ "destroy": [ "xray:DeleteGroup" ], - "modify": [], + "modify": [ + "xray:UpdateGroup" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/xray/aws_xray_resource_policy.json b/src/mapping/aws/resource/xray/aws_xray_resource_policy.json new file mode 100644 index 00000000..f926d323 --- /dev/null +++ b/src/mapping/aws/resource/xray/aws_xray_resource_policy.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "xray:DeleteResourcePolicy", + "xray:ListResourcePolicies", + "xray:PutResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "xray:DeleteResourcePolicy" + ], + "modify": [ + "xray:PutResourcePolicy", + "xray:ListResourcePolicies" + ], + "plan": [ + "xray:ListResourcePolicies" + ] + } +] diff --git a/src/mapping/aws/resource/xray/aws_xray_sampling_rule.json b/src/mapping/aws/resource/xray/aws_xray_sampling_rule.json index 24c8c1fe..72bff8e8 100644 --- a/src/mapping/aws/resource/xray/aws_xray_sampling_rule.json +++ b/src/mapping/aws/resource/xray/aws_xray_sampling_rule.json @@ -15,7 +15,9 @@ "destroy": [ "xray:DeleteSamplingRule" ], - "modify": [], + "modify": [ + "xray:UpdateSamplingRule" + ], "plan": [] } ] diff --git a/src/mapping/google/data/accesscontextmanager/google_access_context_manager_access_policy.json b/src/mapping/google/data/accesscontextmanager/google_access_context_manager_access_policy.json new file mode 100644 index 00000000..afae021d --- /dev/null +++ b/src/mapping/google/data/accesscontextmanager/google_access_context_manager_access_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "accesscontextmanager.accessPolicies.list" + ] + } +] diff --git a/src/mapping/google/data/aiplatform/google_colab_runtime_template_iam_policy.json b/src/mapping/google/data/aiplatform/google_colab_runtime_template_iam_policy.json new file mode 100644 index 00000000..3da82268 --- /dev/null +++ b/src/mapping/google/data/aiplatform/google_colab_runtime_template_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.notebookRuntimeTemplates.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/aiplatform/google_vertex_ai_endpoint_iam_policy.json b/src/mapping/google/data/aiplatform/google_vertex_ai_endpoint_iam_policy.json index 06c1511a..ea1d619b 100644 --- a/src/mapping/google/data/aiplatform/google_vertex_ai_endpoint_iam_policy.json +++ b/src/mapping/google/data/aiplatform/google_vertex_ai_endpoint_iam_policy.json @@ -1,13 +1,13 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [ - "aiplatform.endpoints.getIamPolicy" - ] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.endpoints.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/aiplatform/google_vertex_ai_feature_group_iam_policy.json b/src/mapping/google/data/aiplatform/google_vertex_ai_feature_group_iam_policy.json new file mode 100644 index 00000000..ccf0b032 --- /dev/null +++ b/src/mapping/google/data/aiplatform/google_vertex_ai_feature_group_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.featureGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json b/src/mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json new file mode 100644 index 00000000..127bb5ee --- /dev/null +++ b/src/mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.featureViews.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json b/src/mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json new file mode 100644 index 00000000..c74a5567 --- /dev/null +++ b/src/mapping/google/data/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.featureOnlineStores.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/alloydb/google_alloydb_cluster.json b/src/mapping/google/data/alloydb/google_alloydb_cluster.json new file mode 100644 index 00000000..1cce33cc --- /dev/null +++ b/src/mapping/google/data/alloydb/google_alloydb_cluster.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "alloydb.clusters.get" + ] + } +] diff --git a/src/mapping/google/data/alloydb/google_alloydb_instance.json b/src/mapping/google/data/alloydb/google_alloydb_instance.json new file mode 100644 index 00000000..7274b00b --- /dev/null +++ b/src/mapping/google/data/alloydb/google_alloydb_instance.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "alloydb.instances.get" + ] + } +] diff --git a/src/mapping/google/data/apphub/google_apphub_application.json b/src/mapping/google/data/apphub/google_apphub_application.json new file mode 100644 index 00000000..2ec65918 --- /dev/null +++ b/src/mapping/google/data/apphub/google_apphub_application.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "apphub.applications.get" + ] + } +] diff --git a/src/mapping/google/data/apphub/google_apphub_discovered_service.json b/src/mapping/google/data/apphub/google_apphub_discovered_service.json new file mode 100644 index 00000000..e3666bc5 --- /dev/null +++ b/src/mapping/google/data/apphub/google_apphub_discovered_service.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "apphub.discoveredServices.list" + ] + } +] diff --git a/src/mapping/google/data/apphub/google_apphub_discovered_workload.json b/src/mapping/google/data/apphub/google_apphub_discovered_workload.json new file mode 100644 index 00000000..8e927429 --- /dev/null +++ b/src/mapping/google/data/apphub/google_apphub_discovered_workload.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "apphub.discoveredWorkloads.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_docker_image.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_docker_image.json new file mode 100644 index 00000000..69011de9 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_docker_image.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.dockerimages.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_docker_images.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_docker_images.json new file mode 100644 index 00000000..69011de9 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_docker_images.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.dockerimages.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_locations.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_locations.json new file mode 100644 index 00000000..4891926d --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_locations.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.locations.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_maven_artifact.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_maven_artifact.json new file mode 100644 index 00000000..ddb1f11f --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_maven_artifact.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.mavenartifacts.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_maven_artifacts.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_maven_artifacts.json new file mode 100644 index 00000000..ddb1f11f --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_maven_artifacts.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.mavenartifacts.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_npm_package.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_npm_package.json new file mode 100644 index 00000000..41734918 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_npm_package.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.npmpackages.get", + "artifactregistry.npmpackages.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_npm_packages.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_npm_packages.json new file mode 100644 index 00000000..24f09962 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_npm_packages.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.npmpackages.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_packages.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_packages.json new file mode 100644 index 00000000..b84e9205 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_packages.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.packages.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_python_package.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_python_package.json new file mode 100644 index 00000000..ae771808 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_python_package.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.pythonpackages.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_repositories.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_repositories.json new file mode 100644 index 00000000..798dcfba --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_repositories.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.repositories.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_tags.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_tags.json new file mode 100644 index 00000000..802bc9f8 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_tags.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.tags.list" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_version.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_version.json new file mode 100644 index 00000000..f3593703 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_version.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.versions.get" + ] + } +] diff --git a/src/mapping/google/data/artifactregistry/google_artifact_registry_versions.json b/src/mapping/google/data/artifactregistry/google_artifact_registry_versions.json new file mode 100644 index 00000000..b99feff0 --- /dev/null +++ b/src/mapping/google/data/artifactregistry/google_artifact_registry_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "artifactregistry.versions.list" + ] + } +] diff --git a/src/mapping/google/data/backend/gcs.json b/src/mapping/google/data/backend/gcs.json new file mode 100644 index 00000000..d9f17369 --- /dev/null +++ b/src/mapping/google/data/backend/gcs.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "storage.buckets.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/data/backupdr/google_backup_dr_backup.json b/src/mapping/google/data/backupdr/google_backup_dr_backup.json new file mode 100644 index 00000000..105f695d --- /dev/null +++ b/src/mapping/google/data/backupdr/google_backup_dr_backup.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "backupdr.bvbackups.list" + ] + } +] diff --git a/src/mapping/google/data/backupdr/google_backup_dr_backup_plan_association.json b/src/mapping/google/data/backupdr/google_backup_dr_backup_plan_association.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/data/backupdr/google_backup_dr_backup_plan_association.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/data/backupdr/google_backup_dr_backup_plan_associations.json b/src/mapping/google/data/backupdr/google_backup_dr_backup_plan_associations.json new file mode 100644 index 00000000..bdc9afa1 --- /dev/null +++ b/src/mapping/google/data/backupdr/google_backup_dr_backup_plan_associations.json @@ -0,0 +1,20 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "backupdr.backupPlanAssociations.fetchForAlloydbCluster", + "backupdr.backupPlanAssociations.fetchForCloudSqlInstance", + "backupdr.backupPlanAssociations.fetchForComputeDisk", + "backupdr.backupPlanAssociations.fetchForComputeInstance", + "backupdr.backupPlanAssociations.getForAlloydbCluster", + "backupdr.backupPlanAssociations.getForCloudSqlInstance", + "backupdr.backupPlanAssociations.getForComputeDisk", + "backupdr.backupPlanAssociations.getForComputeInstance" + ] + } +] diff --git a/src/mapping/google/data/backupdr/google_backup_dr_backup_vault.json b/src/mapping/google/data/backupdr/google_backup_dr_backup_vault.json new file mode 100644 index 00000000..b168f19b --- /dev/null +++ b/src/mapping/google/data/backupdr/google_backup_dr_backup_vault.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "backupdr.backupVaults.get" + ] + } +] diff --git a/src/mapping/google/data/backupdr/google_backup_dr_data_source.json b/src/mapping/google/data/backupdr/google_backup_dr_data_source.json new file mode 100644 index 00000000..aa3071ae --- /dev/null +++ b/src/mapping/google/data/backupdr/google_backup_dr_data_source.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "backupdr.bvdataSources.get" + ] + } +] diff --git a/src/mapping/google/data/backupdr/google_backup_dr_data_source_reference.json b/src/mapping/google/data/backupdr/google_backup_dr_data_source_reference.json new file mode 100644 index 00000000..8e13b3a7 --- /dev/null +++ b/src/mapping/google/data/backupdr/google_backup_dr_data_source_reference.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "backupdr.dataSourceReferences.fetchForAlloydbCluster", + "backupdr.dataSourceReferences.fetchForCloudSqlInstance" + ] + } +] diff --git a/src/mapping/google/data/backupdr/google_backup_dr_data_source_references.json b/src/mapping/google/data/backupdr/google_backup_dr_data_source_references.json new file mode 100644 index 00000000..8e13b3a7 --- /dev/null +++ b/src/mapping/google/data/backupdr/google_backup_dr_data_source_references.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "backupdr.dataSourceReferences.fetchForAlloydbCluster", + "backupdr.dataSourceReferences.fetchForCloudSqlInstance" + ] + } +] diff --git a/src/mapping/google/data/beyondcorp/google_beyondcorp_application_iam_policy.json b/src/mapping/google/data/beyondcorp/google_beyondcorp_application_iam_policy.json new file mode 100644 index 00000000..0b458b2b --- /dev/null +++ b/src/mapping/google/data/beyondcorp/google_beyondcorp_application_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "beyondcorp.sgApplications.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway.json b/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway.json new file mode 100644 index 00000000..c1445d5f --- /dev/null +++ b/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "beyondcorp.securityGateways.get" + ] + } +] diff --git a/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json b/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json new file mode 100644 index 00000000..fe15993f --- /dev/null +++ b/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "beyondcorp.sgApplications.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json b/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json new file mode 100644 index 00000000..a044be57 --- /dev/null +++ b/src/mapping/google/data/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "beyondcorp.securityGateways.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/bigquery/google_bigquery_datapolicyv2_data_policy_iam_policy.json b/src/mapping/google/data/bigquery/google_bigquery_datapolicyv2_data_policy_iam_policy.json new file mode 100644 index 00000000..7fb8dfed --- /dev/null +++ b/src/mapping/google/data/bigquery/google_bigquery_datapolicyv2_data_policy_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "bigquery.dataPolicies.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/binaryauthorization/google_binary_authorization_attestor_iam_policy.json b/src/mapping/google/data/binaryauthorization/google_binary_authorization_attestor_iam_policy.json index fdd86e07..74f73db3 100644 --- a/src/mapping/google/data/binaryauthorization/google_binary_authorization_attestor_iam_policy.json +++ b/src/mapping/google/data/binaryauthorization/google_binary_authorization_attestor_iam_policy.json @@ -1,13 +1,13 @@ -[ - { - "apply": [], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [ - "binaryauthorization.attestors.getIamPolicy" - ] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "binaryauthorization.attestors.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/certificatemanager/google_certificate_manager_certificates.json b/src/mapping/google/data/certificatemanager/google_certificate_manager_certificates.json new file mode 100644 index 00000000..ba630f21 --- /dev/null +++ b/src/mapping/google/data/certificatemanager/google_certificate_manager_certificates.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "certificatemanager.certs.list" + ] + } +] diff --git a/src/mapping/google/data/certificatemanager/google_certificate_manager_dns_authorization.json b/src/mapping/google/data/certificatemanager/google_certificate_manager_dns_authorization.json new file mode 100644 index 00000000..4a9a2317 --- /dev/null +++ b/src/mapping/google/data/certificatemanager/google_certificate_manager_dns_authorization.json @@ -0,0 +1,16 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "certificatemanager.operations.get", + "certificatemanager.dnsauthorizations.get", + "certificatemanager.dnsauthorizations.list", + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/cloudaicompanion/google_gemini_repository_group_iam_policy.json b/src/mapping/google/data/cloudaicompanion/google_gemini_repository_group_iam_policy.json new file mode 100644 index 00000000..5476b8c9 --- /dev/null +++ b/src/mapping/google/data/cloudaicompanion/google_gemini_repository_group_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudaicompanion.repositoryGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json b/src/mapping/google/data/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json new file mode 100644 index 00000000..73c9b912 --- /dev/null +++ b/src/mapping/google/data/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "clouddeploy.customTargetTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json b/src/mapping/google/data/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json new file mode 100644 index 00000000..31272d00 --- /dev/null +++ b/src/mapping/google/data/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "clouddeploy.deliveryPipelines.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/clouddeploy/google_clouddeploy_target_iam_policy.json b/src/mapping/google/data/clouddeploy/google_clouddeploy_target_iam_policy.json new file mode 100644 index 00000000..eebf7fb2 --- /dev/null +++ b/src/mapping/google/data/clouddeploy/google_clouddeploy_target_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "clouddeploy.targets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/cloudkms/google_kms_ekm_connection_iam_policy.json b/src/mapping/google/data/cloudkms/google_kms_ekm_connection_iam_policy.json new file mode 100644 index 00000000..0734c60f --- /dev/null +++ b/src/mapping/google/data/cloudkms/google_kms_ekm_connection_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.ekmConnections.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/cloudkms/google_kms_key_handle.json b/src/mapping/google/data/cloudkms/google_kms_key_handle.json new file mode 100644 index 00000000..3bbad249 --- /dev/null +++ b/src/mapping/google/data/cloudkms/google_kms_key_handle.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.keyHandles.get" + ] + } +] diff --git a/src/mapping/google/data/cloudkms/google_kms_key_handles.json b/src/mapping/google/data/cloudkms/google_kms_key_handles.json new file mode 100644 index 00000000..25f97c9b --- /dev/null +++ b/src/mapping/google/data/cloudkms/google_kms_key_handles.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.keyHandles.list" + ] + } +] diff --git a/src/mapping/google/data/cloudkms/google_kms_key_rings.json b/src/mapping/google/data/cloudkms/google_kms_key_rings.json new file mode 100644 index 00000000..2432d185 --- /dev/null +++ b/src/mapping/google/data/cloudkms/google_kms_key_rings.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.keyRings.list" + ] + } +] diff --git a/src/mapping/google/data/cloudtasks/google_cloud_tasks_queue_iam_policy.json b/src/mapping/google/data/cloudtasks/google_cloud_tasks_queue_iam_policy.json index 7870ac9d..4acf6298 100644 --- a/src/mapping/google/data/cloudtasks/google_cloud_tasks_queue_iam_policy.json +++ b/src/mapping/google/data/cloudtasks/google_cloud_tasks_queue_iam_policy.json @@ -7,6 +7,7 @@ "destroy": [], "modify": [], "plan": [ + "cloudtasks.queues.getIamPolicy", "cloudtasks.queues.list" ] } diff --git a/src/mapping/google/data/composer/google_composer_user_workloads_config_map.json b/src/mapping/google/data/composer/google_composer_user_workloads_config_map.json new file mode 100644 index 00000000..2a775b35 --- /dev/null +++ b/src/mapping/google/data/composer/google_composer_user_workloads_config_map.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "composer.userworkloadsconfigmaps.get" + ] + } +] diff --git a/src/mapping/google/data/composer/google_composer_user_workloads_secret.json b/src/mapping/google/data/composer/google_composer_user_workloads_secret.json new file mode 100644 index 00000000..f44e79bf --- /dev/null +++ b/src/mapping/google/data/composer/google_composer_user_workloads_secret.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "composer.userworkloadssecrets.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_forwarding_rules.json b/src/mapping/google/data/compute/google_compute_forwarding_rules.json new file mode 100644 index 00000000..6c5fb9f7 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_forwarding_rules.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.forwardingRules.list" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_images.json b/src/mapping/google/data/compute/google_compute_images.json new file mode 100644 index 00000000..ab20d72f --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_images.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.images.list" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_instance_guest_attributes.json b/src/mapping/google/data/compute/google_compute_instance_guest_attributes.json new file mode 100644 index 00000000..97fa2bf9 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_instance_guest_attributes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.instances.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_instance_template_iam_policy.json b/src/mapping/google/data/compute/google_compute_instance_template_iam_policy.json new file mode 100644 index 00000000..44b739bd --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_instance_template_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.instanceTemplates.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_instant_snapshot_iam_policy.json b/src/mapping/google/data/compute/google_compute_instant_snapshot_iam_policy.json new file mode 100644 index 00000000..675666dd --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_instant_snapshot_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.instantSnapshots.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_interconnect_location.json b/src/mapping/google/data/compute/google_compute_interconnect_location.json new file mode 100644 index 00000000..17999352 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_interconnect_location.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.interconnectLocations.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_interconnect_locations.json b/src/mapping/google/data/compute/google_compute_interconnect_locations.json new file mode 100644 index 00000000..22c47504 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_interconnect_locations.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.interconnectLocations.list" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_machine_types.json b/src/mapping/google/data/compute/google_compute_machine_types.json new file mode 100644 index 00000000..e30d0e42 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_machine_types.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.machineTypes.list" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_network.json b/src/mapping/google/data/compute/google_compute_network.json index 017647b0..23f83a54 100644 --- a/src/mapping/google/data/compute/google_compute_network.json +++ b/src/mapping/google/data/compute/google_compute_network.json @@ -1,13 +1,13 @@ -[ - { - "apply": [ - "compute.networks.get" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.networks.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_network_attachment.json b/src/mapping/google/data/compute/google_compute_network_attachment.json new file mode 100644 index 00000000..af2e79f8 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_network_attachment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.networkAttachments.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_region_backend_service.json b/src/mapping/google/data/compute/google_compute_region_backend_service.json new file mode 100644 index 00000000..d78140f0 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_region_backend_service.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.regionBackendServices.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_region_instance_group_manager.json b/src/mapping/google/data/compute/google_compute_region_instance_group_manager.json new file mode 100644 index 00000000..6811400c --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_region_instance_group_manager.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.instanceGroupManagers.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_security_policy.json b/src/mapping/google/data/compute/google_compute_security_policy.json new file mode 100644 index 00000000..5dd2e4dd --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_security_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.securityPolicies.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_storage_pool_iam_policy.json b/src/mapping/google/data/compute/google_compute_storage_pool_iam_policy.json new file mode 100644 index 00000000..bff552c7 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_storage_pool_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.storagePools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_storage_pool_types.json b/src/mapping/google/data/compute/google_compute_storage_pool_types.json new file mode 100644 index 00000000..8c87d2b7 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_storage_pool_types.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.storagePoolTypes.get" + ] + } +] diff --git a/src/mapping/google/data/compute/google_compute_subnetworks.json b/src/mapping/google/data/compute/google_compute_subnetworks.json new file mode 100644 index 00000000..74c16c70 --- /dev/null +++ b/src/mapping/google/data/compute/google_compute_subnetworks.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.subnetworks.list" + ] + } +] diff --git a/src/mapping/google/data/dataplex/google_dataplex_aspect_type_iam_policy.json b/src/mapping/google/data/dataplex/google_dataplex_aspect_type_iam_policy.json new file mode 100644 index 00000000..da60ec9c --- /dev/null +++ b/src/mapping/google/data/dataplex/google_dataplex_aspect_type_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.aspectTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/dataplex/google_dataplex_data_quality_rules.json b/src/mapping/google/data/dataplex/google_dataplex_data_quality_rules.json new file mode 100644 index 00000000..36049b2e --- /dev/null +++ b/src/mapping/google/data/dataplex/google_dataplex_data_quality_rules.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.datascans.getData" + ] + } +] diff --git a/src/mapping/google/data/dataplex/google_dataplex_entry_group_iam_policy.json b/src/mapping/google/data/dataplex/google_dataplex_entry_group_iam_policy.json new file mode 100644 index 00000000..a8c69d9a --- /dev/null +++ b/src/mapping/google/data/dataplex/google_dataplex_entry_group_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.entryGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/dataplex/google_dataplex_entry_type_iam_policy.json b/src/mapping/google/data/dataplex/google_dataplex_entry_type_iam_policy.json new file mode 100644 index 00000000..087e095f --- /dev/null +++ b/src/mapping/google/data/dataplex/google_dataplex_entry_type_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.entryTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/dataplex/google_dataplex_glossary_iam_policy.json b/src/mapping/google/data/dataplex/google_dataplex_glossary_iam_policy.json new file mode 100644 index 00000000..b62f41cd --- /dev/null +++ b/src/mapping/google/data/dataplex/google_dataplex_glossary_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.glossaries.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/dns/google_dns_managed_zones.json b/src/mapping/google/data/dns/google_dns_managed_zones.json new file mode 100644 index 00000000..3b2acf9e --- /dev/null +++ b/src/mapping/google/data/dns/google_dns_managed_zones.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dns.managedZones.list" + ] + } +] diff --git a/src/mapping/google/data/gkehub/google_gke_hub_feature.json b/src/mapping/google/data/gkehub/google_gke_hub_feature.json new file mode 100644 index 00000000..cce9a51f --- /dev/null +++ b/src/mapping/google/data/gkehub/google_gke_hub_feature.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkehub.features.get" + ] + } +] diff --git a/src/mapping/google/data/gkehub/google_gke_hub_membership.json b/src/mapping/google/data/gkehub/google_gke_hub_membership.json new file mode 100644 index 00000000..dfb486d1 --- /dev/null +++ b/src/mapping/google/data/gkehub/google_gke_hub_membership.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkehub.memberships.get" + ] + } +] diff --git a/src/mapping/google/data/gkemulticloud/google_container_attached_install_manifest.json b/src/mapping/google/data/gkemulticloud/google_container_attached_install_manifest.json new file mode 100644 index 00000000..83957a8f --- /dev/null +++ b/src/mapping/google/data/gkemulticloud/google_container_attached_install_manifest.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkemulticloud.attachedClusters.generateInstallManifest" + ] + } +] diff --git a/src/mapping/google/data/gkemulticloud/google_container_aws_versions.json b/src/mapping/google/data/gkemulticloud/google_container_aws_versions.json new file mode 100644 index 00000000..48130687 --- /dev/null +++ b/src/mapping/google/data/gkemulticloud/google_container_aws_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkemulticloud.awsServerConfigs.get" + ] + } +] diff --git a/src/mapping/google/data/gkemulticloud/google_container_azure_versions.json b/src/mapping/google/data/gkemulticloud/google_container_azure_versions.json new file mode 100644 index 00000000..a9f29ccf --- /dev/null +++ b/src/mapping/google/data/gkemulticloud/google_container_azure_versions.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkemulticloud.azureServerConfigs.get" + ] + } +] diff --git a/src/mapping/google/data/google_cloud_identity_policy.json b/src/mapping/google/data/google_cloud_identity_policy.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/data/google_cloud_identity_policy.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/data/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json b/src/mapping/google/data/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json new file mode 100644 index 00000000..ce5cc002 --- /dev/null +++ b/src/mapping/google/data/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.googleapis.com/workforcePools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/iam/google_iam_workload_identity_pool.json b/src/mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool.json similarity index 100% rename from src/mapping/google/data/iam/google_iam_workload_identity_pool.json rename to src/mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool.json diff --git a/src/mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json b/src/mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json new file mode 100644 index 00000000..0b36a48c --- /dev/null +++ b/src/mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.googleapis.com/workloadIdentityPools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/iam/google_iam_workload_identity_pool_provider.json b/src/mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool_provider.json similarity index 100% rename from src/mapping/google/data/iam/google_iam_workload_identity_pool_provider.json rename to src/mapping/google/data/iam.googleapis.com/google_iam_workload_identity_pool_provider.json diff --git a/src/mapping/google/data/iam/google_organization_iam_custom_role.json b/src/mapping/google/data/iam/google_organization_iam_custom_role.json new file mode 100644 index 00000000..a4b42a91 --- /dev/null +++ b/src/mapping/google/data/iam/google_organization_iam_custom_role.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.roles.get" + ] + } +] diff --git a/src/mapping/google/data/iam/google_organization_iam_custom_roles.json b/src/mapping/google/data/iam/google_organization_iam_custom_roles.json new file mode 100644 index 00000000..d410a5bd --- /dev/null +++ b/src/mapping/google/data/iam/google_organization_iam_custom_roles.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.roles.list" + ] + } +] diff --git a/src/mapping/google/data/iam/google_project_iam_custom_role.json b/src/mapping/google/data/iam/google_project_iam_custom_role.json new file mode 100644 index 00000000..a4b42a91 --- /dev/null +++ b/src/mapping/google/data/iam/google_project_iam_custom_role.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.roles.get" + ] + } +] diff --git a/src/mapping/google/data/iam/google_project_iam_custom_roles.json b/src/mapping/google/data/iam/google_project_iam_custom_roles.json new file mode 100644 index 00000000..d410a5bd --- /dev/null +++ b/src/mapping/google/data/iam/google_project_iam_custom_roles.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.roles.list" + ] + } +] diff --git a/src/mapping/google/data/iam/google_service_accounts.json b/src/mapping/google/data/iam/google_service_accounts.json new file mode 100644 index 00000000..e6331753 --- /dev/null +++ b/src/mapping/google/data/iam/google_service_accounts.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.serviceAccounts.list" + ] + } +] diff --git a/src/mapping/google/data/iap/google_iap_tunnel_dest_group_iam_policy.json b/src/mapping/google/data/iap/google_iap_tunnel_dest_group_iam_policy.json new file mode 100644 index 00000000..a3f66273 --- /dev/null +++ b/src/mapping/google/data/iap/google_iap_tunnel_dest_group_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.tunnelDestGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/iap/google_iap_web_cloud_run_service_iam_policy.json b/src/mapping/google/data/iap/google_iap_web_cloud_run_service_iam_policy.json new file mode 100644 index 00000000..72ef31a8 --- /dev/null +++ b/src/mapping/google/data/iap/google_iap_web_cloud_run_service_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/iap/google_iap_web_forwarding_rule_service_iam_policy.json b/src/mapping/google/data/iap/google_iap_web_forwarding_rule_service_iam_policy.json new file mode 100644 index 00000000..72ef31a8 --- /dev/null +++ b/src/mapping/google/data/iap/google_iap_web_forwarding_rule_service_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json b/src/mapping/google/data/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json new file mode 100644 index 00000000..56c6462a --- /dev/null +++ b/src/mapping/google/data/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "certificatemanager.dnsauthorizations.list", + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/lustre/google_lustre_instance.json b/src/mapping/google/data/lustre/google_lustre_instance.json new file mode 100644 index 00000000..43668d45 --- /dev/null +++ b/src/mapping/google/data/lustre/google_lustre_instance.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "lustre.instances.get" + ] + } +] diff --git a/src/mapping/google/data/memcache/google_memcache_instance.json b/src/mapping/google/data/memcache/google_memcache_instance.json new file mode 100644 index 00000000..3dc1c2c7 --- /dev/null +++ b/src/mapping/google/data/memcache/google_memcache_instance.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memcache.instances.get" + ] + } +] diff --git a/src/mapping/google/data/memorystore/google_memorystore_instance.json b/src/mapping/google/data/memorystore/google_memorystore_instance.json new file mode 100644 index 00000000..16c890f6 --- /dev/null +++ b/src/mapping/google/data/memorystore/google_memorystore_instance.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "memorystore.instances.get" + ] + } +] diff --git a/src/mapping/google/data/metastore/google_dataproc_metastore_database_iam_policy.json b/src/mapping/google/data/metastore/google_dataproc_metastore_database_iam_policy.json new file mode 100644 index 00000000..6618762d --- /dev/null +++ b/src/mapping/google/data/metastore/google_dataproc_metastore_database_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "metastore.databases.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/metastore/google_dataproc_metastore_table_iam_policy.json b/src/mapping/google/data/metastore/google_dataproc_metastore_table_iam_policy.json new file mode 100644 index 00000000..d96a9f02 --- /dev/null +++ b/src/mapping/google/data/metastore/google_dataproc_metastore_table_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "metastore.tables.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_autonomous_database.json b/src/mapping/google/data/oracledatabase/google_oracle_database_autonomous_database.json new file mode 100644 index 00000000..0318e71c --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_autonomous_database.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.autonomousDatabases.get" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_autonomous_databases.json b/src/mapping/google/data/oracledatabase/google_oracle_database_autonomous_databases.json new file mode 100644 index 00000000..a80550ac --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_autonomous_databases.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.autonomousDatabases.list" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructure.json b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructure.json new file mode 100644 index 00000000..361a930b --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructure.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.cloudExadataInfrastructures.get" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructures.json b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructures.json new file mode 100644 index 00000000..ed0e0e4e --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_exadata_infrastructures.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.cloudExadataInfrastructures.list" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_cluster.json b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_cluster.json new file mode 100644 index 00000000..39d79136 --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_cluster.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.cloudVmClusters.get" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_clusters.json b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_clusters.json new file mode 100644 index 00000000..46586a68 --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_cloud_vm_clusters.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.cloudVmClusters.list" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_db_nodes.json b/src/mapping/google/data/oracledatabase/google_oracle_database_db_nodes.json new file mode 100644 index 00000000..5a130844 --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_db_nodes.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.dbNodes.list" + ] + } +] diff --git a/src/mapping/google/data/oracledatabase/google_oracle_database_db_servers.json b/src/mapping/google/data/oracledatabase/google_oracle_database_db_servers.json new file mode 100644 index 00000000..41fd0de2 --- /dev/null +++ b/src/mapping/google/data/oracledatabase/google_oracle_database_db_servers.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "oracledatabase.dbServers.list" + ] + } +] diff --git a/src/mapping/google/data/orgpolicy/google_project_organization_policy.json b/src/mapping/google/data/orgpolicy/google_project_organization_policy.json new file mode 100644 index 00000000..9a854f86 --- /dev/null +++ b/src/mapping/google/data/orgpolicy/google_project_organization_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "orgpolicy.policy.get" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_parameter.json b/src/mapping/google/data/parametermanager/google_parameter_manager_parameter.json new file mode 100644 index 00000000..0346ede8 --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_parameter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameters.get" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_parameter_version.json b/src/mapping/google/data/parametermanager/google_parameter_manager_parameter_version.json new file mode 100644 index 00000000..93b688e5 --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_parameter_version.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameterVersions.get" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_parameter_version_render.json b/src/mapping/google/data/parametermanager/google_parameter_manager_parameter_version_render.json new file mode 100644 index 00000000..81f8bbb9 --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_parameter_version_render.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameterVersions.render" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_parameters.json b/src/mapping/google/data/parametermanager/google_parameter_manager_parameters.json new file mode 100644 index 00000000..2a9ff86b --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_parameters.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameters.list" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter.json b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter.json new file mode 100644 index 00000000..0346ede8 --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameters.get" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version.json b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version.json new file mode 100644 index 00000000..93b688e5 --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameterVersions.get" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version_render.json b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version_render.json new file mode 100644 index 00000000..81f8bbb9 --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameter_version_render.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameterVersions.render" + ] + } +] diff --git a/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameters.json b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameters.json new file mode 100644 index 00000000..2a9ff86b --- /dev/null +++ b/src/mapping/google/data/parametermanager/google_parameter_manager_regional_parameters.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "parametermanager.parameters.list" + ] + } +] diff --git a/src/mapping/google/data/privateca/google_privateca_ca_pool_iam_policy.json b/src/mapping/google/data/privateca/google_privateca_ca_pool_iam_policy.json new file mode 100644 index 00000000..23a8225f --- /dev/null +++ b/src/mapping/google/data/privateca/google_privateca_ca_pool_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "privateca.caPools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/privateca/google_privateca_certificate_authority.json b/src/mapping/google/data/privateca/google_privateca_certificate_authority.json new file mode 100644 index 00000000..ef7b2c73 --- /dev/null +++ b/src/mapping/google/data/privateca/google_privateca_certificate_authority.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "privateca.certificateAuthorities.get" + ] + } +] diff --git a/src/mapping/google/data/privateca/google_privateca_certificate_template_iam_policy.json b/src/mapping/google/data/privateca/google_privateca_certificate_template_iam_policy.json new file mode 100644 index 00000000..ac7c2df8 --- /dev/null +++ b/src/mapping/google/data/privateca/google_privateca_certificate_template_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "privateca.certificateTemplates.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/privilegedaccessmanager/google_privileged_access_manager_entitlement.json b/src/mapping/google/data/privilegedaccessmanager/google_privileged_access_manager_entitlement.json new file mode 100644 index 00000000..8ba411c9 --- /dev/null +++ b/src/mapping/google/data/privilegedaccessmanager/google_privileged_access_manager_entitlement.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "privilegedaccessmanager.entitlements.get" + ] + } +] diff --git a/src/mapping/google/data/pubsub/google_pubsub_schema_iam_policy.json b/src/mapping/google/data/pubsub/google_pubsub_schema_iam_policy.json new file mode 100644 index 00000000..0b16235a --- /dev/null +++ b/src/mapping/google/data/pubsub/google_pubsub_schema_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "pubsub.schemas.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/redis/google_redis_cluster.json b/src/mapping/google/data/redis/google_redis_cluster.json new file mode 100644 index 00000000..baedb999 --- /dev/null +++ b/src/mapping/google/data/redis/google_redis_cluster.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "redis.clusters.get" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_folder.json b/src/mapping/google/data/resourcemanager/google_folder.json new file mode 100644 index 00000000..3d88bd22 --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_folder.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.folders.get" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_folder_iam_policy.json b/src/mapping/google/data/resourcemanager/google_folder_iam_policy.json new file mode 100644 index 00000000..b79b946e --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_folder_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.folders.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_folders.json b/src/mapping/google/data/resourcemanager/google_folders.json new file mode 100644 index 00000000..8877de37 --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_folders.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.folders.list" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_organization_iam_policy.json b/src/mapping/google/data/resourcemanager/google_organization_iam_policy.json new file mode 100644 index 00000000..74978faa --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_organization_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.organizations.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_project_ancestry.json b/src/mapping/google/data/resourcemanager/google_project_ancestry.json new file mode 100644 index 00000000..31acf779 --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_project_ancestry.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.projects.get" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_project_iam_policy.json b/src/mapping/google/data/resourcemanager/google_project_iam_policy.json new file mode 100644 index 00000000..8f43eb49 --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_project_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.projects.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_tags_tag_key_iam_policy.json b/src/mapping/google/data/resourcemanager/google_tags_tag_key_iam_policy.json new file mode 100644 index 00000000..b6b83a17 --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_tags_tag_key_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.tagKeys.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_tags_tag_keys.json b/src/mapping/google/data/resourcemanager/google_tags_tag_keys.json new file mode 100644 index 00000000..f2b1df56 --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_tags_tag_keys.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.tagKeys.list", + "resourcemanager.tagKeys.get" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_tags_tag_value.json b/src/mapping/google/data/resourcemanager/google_tags_tag_value.json new file mode 100644 index 00000000..6017c8ad --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_tags_tag_value.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.tagValues.get" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_tags_tag_value_iam_policy.json b/src/mapping/google/data/resourcemanager/google_tags_tag_value_iam_policy.json new file mode 100644 index 00000000..fce4cb1e --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_tags_tag_value_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.tagValues.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/resourcemanager/google_tags_tag_values.json b/src/mapping/google/data/resourcemanager/google_tags_tag_values.json new file mode 100644 index 00000000..cc10ab59 --- /dev/null +++ b/src/mapping/google/data/resourcemanager/google_tags_tag_values.json @@ -0,0 +1,14 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.tagValues.get", + "resourcemanager.tagValues.list" + ] + } +] diff --git a/src/mapping/google/data/run/google_cloud_run_v2_worker_pool.json b/src/mapping/google/data/run/google_cloud_run_v2_worker_pool.json new file mode 100644 index 00000000..a5ae60fc --- /dev/null +++ b/src/mapping/google/data/run/google_cloud_run_v2_worker_pool.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "run.workerpools.get" + ] + } +] diff --git a/src/mapping/google/data/run/google_cloud_run_v2_worker_pool_iam_policy.json b/src/mapping/google/data/run/google_cloud_run_v2_worker_pool_iam_policy.json new file mode 100644 index 00000000..b7565183 --- /dev/null +++ b/src/mapping/google/data/run/google_cloud_run_v2_worker_pool_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "run.workerpools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/runtimeconfig/google_runtimeconfig_config_iam_policy.json b/src/mapping/google/data/runtimeconfig/google_runtimeconfig_config_iam_policy.json new file mode 100644 index 00000000..8ba4dc44 --- /dev/null +++ b/src/mapping/google/data/runtimeconfig/google_runtimeconfig_config_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "runtimeconfig.configs.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/runtimeconfig/google_runtimeconfig_variable.json b/src/mapping/google/data/runtimeconfig/google_runtimeconfig_variable.json new file mode 100644 index 00000000..a09592de --- /dev/null +++ b/src/mapping/google/data/runtimeconfig/google_runtimeconfig_variable.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "runtimeconfig.variables.get" + ] + } +] diff --git a/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret.json b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret.json new file mode 100644 index 00000000..65f8f575 --- /dev/null +++ b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "secretmanager.secrets.get" + ] + } +] diff --git a/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_iam_policy.json b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_iam_policy.json new file mode 100644 index 00000000..bbe5224a --- /dev/null +++ b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "secretmanager.secrets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_version.json b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_version.json new file mode 100644 index 00000000..400ae8d3 --- /dev/null +++ b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_version.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "secretmanager.versions.get" + ] + } +] diff --git a/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_version_access.json b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_version_access.json new file mode 100644 index 00000000..65c61c3b --- /dev/null +++ b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secret_version_access.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "secretmanager.versions.access" + ] + } +] diff --git a/src/mapping/google/data/secretmanager/google_secret_manager_regional_secrets.json b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secrets.json new file mode 100644 index 00000000..0c129994 --- /dev/null +++ b/src/mapping/google/data/secretmanager/google_secret_manager_regional_secrets.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "secretmanager.secrets.list" + ] + } +] diff --git a/src/mapping/google/data/securesourcemanager/google_secure_source_manager_instance_iam_policy.json b/src/mapping/google/data/securesourcemanager/google_secure_source_manager_instance_iam_policy.json new file mode 100644 index 00000000..7994fea8 --- /dev/null +++ b/src/mapping/google/data/securesourcemanager/google_secure_source_manager_instance_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securesourcemanager.instances.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/securesourcemanager/google_secure_source_manager_repository_iam_policy.json b/src/mapping/google/data/securesourcemanager/google_secure_source_manager_repository_iam_policy.json new file mode 100644 index 00000000..2c744cd2 --- /dev/null +++ b/src/mapping/google/data/securesourcemanager/google_secure_source_manager_repository_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securesourcemanager.repositories.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/securitycenter/google_scc_source_iam_policy.json b/src/mapping/google/data/securitycenter/google_scc_source_iam_policy.json new file mode 100644 index 00000000..404b7c3f --- /dev/null +++ b/src/mapping/google/data/securitycenter/google_scc_source_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securitycenter.sources.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/securitycenter/google_scc_v2_organization_source_iam_policy.json b/src/mapping/google/data/securitycenter/google_scc_v2_organization_source_iam_policy.json new file mode 100644 index 00000000..404b7c3f --- /dev/null +++ b/src/mapping/google/data/securitycenter/google_scc_v2_organization_source_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securitycenter.sources.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/spanner/google_spanner_database.json b/src/mapping/google/data/spanner/google_spanner_database.json new file mode 100644 index 00000000..73d45178 --- /dev/null +++ b/src/mapping/google/data/spanner/google_spanner_database.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "spanner.databases.get" + ] + } +] diff --git a/src/mapping/google/data/storage/google_storage_bucket_iam_member.json b/src/mapping/google/data/storage/google_storage_bucket_iam_member.json new file mode 100644 index 00000000..8ca1edde --- /dev/null +++ b/src/mapping/google/data/storage/google_storage_bucket_iam_member.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storage.buckets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/data/storage/google_storage_bucket_objects.json b/src/mapping/google/data/storage/google_storage_bucket_objects.json new file mode 100644 index 00000000..262f2968 --- /dev/null +++ b/src/mapping/google/data/storage/google_storage_bucket_objects.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storage.objects.list" + ] + } +] diff --git a/src/mapping/google/data/storage/google_storage_buckets.json b/src/mapping/google/data/storage/google_storage_buckets.json new file mode 100644 index 00000000..de353ee5 --- /dev/null +++ b/src/mapping/google/data/storage/google_storage_buckets.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storage.buckets.list" + ] + } +] diff --git a/src/mapping/google/data/storage/google_storage_control_folder_intelligence_config.json b/src/mapping/google/data/storage/google_storage_control_folder_intelligence_config.json new file mode 100644 index 00000000..669384ff --- /dev/null +++ b/src/mapping/google/data/storage/google_storage_control_folder_intelligence_config.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storage.intelligenceConfigs.get" + ] + } +] diff --git a/src/mapping/google/data/storage/google_storage_control_organization_intelligence_config.json b/src/mapping/google/data/storage/google_storage_control_organization_intelligence_config.json new file mode 100644 index 00000000..d823c837 --- /dev/null +++ b/src/mapping/google/data/storage/google_storage_control_organization_intelligence_config.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storage.intelligenceConfigs.get" + ] + } +] diff --git a/src/mapping/google/data/storage/google_storage_control_project_intelligence_config.json b/src/mapping/google/data/storage/google_storage_control_project_intelligence_config.json new file mode 100644 index 00000000..669384ff --- /dev/null +++ b/src/mapping/google/data/storage/google_storage_control_project_intelligence_config.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storage.intelligenceConfigs.get" + ] + } +] diff --git a/src/mapping/google/data/storageinsights/google_storage_insights_dataset_config.json b/src/mapping/google/data/storageinsights/google_storage_insights_dataset_config.json new file mode 100644 index 00000000..91409b52 --- /dev/null +++ b/src/mapping/google/data/storageinsights/google_storage_insights_dataset_config.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storageinsights.reportConfigs.get" + ] + } +] diff --git a/src/mapping/google/data/tags/google_tags_tag_value_iam_policy.json b/src/mapping/google/data/tags/google_tags_tag_value_iam_policy.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/data/tags/google_tags_tag_value_iam_policy.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/accessapproval/google_project_access_approval_settings.json b/src/mapping/google/resource/accessapproval/google_project_access_approval_settings.json new file mode 100644 index 00000000..1a338b9e --- /dev/null +++ b/src/mapping/google/resource/accessapproval/google_project_access_approval_settings.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "accessapproval.settings.delete", + "accessapproval.settings.get", + "accessapproval.settings.create", + "accessapproval.settings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeter.json b/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeter.json index 3e46e973..45e4fdaf 100644 --- a/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeter.json +++ b/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeter.json @@ -1,20 +1,11 @@ [ { - "apply": [ - "accesscontextmanager.servicePerimeters.create", - "accesscontextmanager.servicePerimeters.delete", - "accesscontextmanager.servicePerimeters.get", - "accesscontextmanager.servicePerimeters.update" - ], + "apply": [], "attributes": { "tags": [] }, - "destroy": [ - "accesscontextmanager.servicePerimeters.delete" - ], - "modify": [ - "accesscontextmanager.servicePerimeters.update" - ], + "destroy": [], + "modify": [], "plan": [] } ] diff --git a/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeters.json b/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeters.json index 3e46e973..45e4fdaf 100644 --- a/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeters.json +++ b/src/mapping/google/resource/accesscontextmanager/google_access_context_manager_service_perimeters.json @@ -1,20 +1,11 @@ [ { - "apply": [ - "accesscontextmanager.servicePerimeters.create", - "accesscontextmanager.servicePerimeters.delete", - "accesscontextmanager.servicePerimeters.get", - "accesscontextmanager.servicePerimeters.update" - ], + "apply": [], "attributes": { "tags": [] }, - "destroy": [ - "accesscontextmanager.servicePerimeters.delete" - ], - "modify": [ - "accesscontextmanager.servicePerimeters.update" - ], + "destroy": [], + "modify": [], "plan": [] } ] diff --git a/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_binding.json b/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_binding.json new file mode 100644 index 00000000..63082202 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.notebookRuntimeTemplates.getIamPolicy", + "aiplatform.notebookRuntimeTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_member.json b/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_member.json new file mode 100644 index 00000000..63082202 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.notebookRuntimeTemplates.getIamPolicy", + "aiplatform.notebookRuntimeTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_policy.json b/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_policy.json new file mode 100644 index 00000000..6881b52b --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_colab_runtime_template_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.notebookRuntimeTemplates.getIamPolicy", + "aiplatform.notebookRuntimeTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.notebookRuntimeTemplates.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_cache_config.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_cache_config.json new file mode 100644 index 00000000..04986d07 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_cache_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.cacheConfigs.get", + "aiplatform.cacheConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_deployment_resource_pool.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_deployment_resource_pool.json new file mode 100644 index 00000000..102ccb5e --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_deployment_resource_pool.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.deploymentResourcePools.create", + "aiplatform.deploymentResourcePools.delete", + "aiplatform.deploymentResourcePools.get", + "aiplatform.deploymentResourcePools.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_endpoint_iam_policy.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_endpoint_iam_policy.json new file mode 100644 index 00000000..ea1d619b --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_endpoint_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.endpoints.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_endpoint_with_model_garden_deployment.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_endpoint_with_model_garden_deployment.json new file mode 100644 index 00000000..15e8f492 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_endpoint_with_model_garden_deployment.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "aiplatform.endpoints.create", + "aiplatform.endpoints.delete", + "aiplatform.endpoints.get", + "aiplatform.endpoints.update", + "aiplatform.endpoints.deploy", + "aiplatform.endpoints.undeploy", + "aiplatform.models.upload" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_binding.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_binding.json new file mode 100644 index 00000000..46cf7206 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.featureGroups.getIamPolicy", + "aiplatform.featureGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_member.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_member.json new file mode 100644 index 00000000..46cf7206 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.featureGroups.getIamPolicy", + "aiplatform.featureGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_policy.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_policy.json new file mode 100644 index 00000000..3a519936 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_group_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.featureGroups.getIamPolicy", + "aiplatform.featureGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.featureGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_binding.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_binding.json new file mode 100644 index 00000000..5b985b83 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.featureViews.getIamPolicy", + "aiplatform.featureViews.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_member.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_member.json new file mode 100644 index 00000000..5b985b83 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.featureViews.getIamPolicy", + "aiplatform.featureViews.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json new file mode 100644 index 00000000..aac47776 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_featureview_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.featureViews.getIamPolicy", + "aiplatform.featureViews.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.featureViews.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_binding.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_binding.json new file mode 100644 index 00000000..9e41eda3 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.featureOnlineStores.getIamPolicy", + "aiplatform.featureOnlineStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_member.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_member.json new file mode 100644 index 00000000..9e41eda3 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.featureOnlineStores.getIamPolicy", + "aiplatform.featureOnlineStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json new file mode 100644 index 00000000..03893b3b --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_feature_online_store_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.featureOnlineStores.getIamPolicy", + "aiplatform.featureOnlineStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.featureOnlineStores.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_entitytype_iam_policy.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_entitytype_iam_policy.json new file mode 100644 index 00000000..a0112fb2 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_entitytype_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.entityTypes.getIamPolicy", + "aiplatform.entityTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.entityTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_iam.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_iam.json index 562b2f1f..2098ec8a 100644 --- a/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_iam.json +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_iam.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "aiplatform.featurestores.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_iam_policy.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_iam_policy.json new file mode 100644 index 00000000..b69e35a4 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_featurestore_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.featurestores.getIamPolicy", + "aiplatform.featurestores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "aiplatform.featurestores.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_index_endpoint_deployed_index.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_index_endpoint_deployed_index.json new file mode 100644 index 00000000..c9713836 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_index_endpoint_deployed_index.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "aiplatform.indexEndpoints.delete", + "aiplatform.indexEndpoints.deploy", + "aiplatform.indexEndpoints.get", + "aiplatform.indexEndpoints.undeploy", + "aiplatform.indexEndpoints.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_rag_engine_config.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_rag_engine_config.json new file mode 100644 index 00000000..ab534ee7 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_rag_engine_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "aiplatform.ragEngineConfigs.get", + "aiplatform.ragEngineConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/aiplatform/google_vertex_ai_reasoning_engine.json b/src/mapping/google/resource/aiplatform/google_vertex_ai_reasoning_engine.json new file mode 100644 index 00000000..23d19e60 --- /dev/null +++ b/src/mapping/google/resource/aiplatform/google_vertex_ai_reasoning_engine.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aiplatform.reasoningEngines.create", + "aiplatform.reasoningEngines.delete", + "aiplatform.reasoningEngines.get", + "aiplatform.reasoningEngines.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/alloydb/google_alloydb_cluster.json b/src/mapping/google/resource/alloydb/google_alloydb_cluster.json index b2321593..6f0dc601 100644 --- a/src/mapping/google/resource/alloydb/google_alloydb_cluster.json +++ b/src/mapping/google/resource/alloydb/google_alloydb_cluster.json @@ -1,21 +1,23 @@ -[ - { - "apply": [ - "alloydb.clusters.create", - "alloydb.clusters.delete", - "alloydb.clusters.get", - "alloydb.clusters.update", - "alloydb.operations.get" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "alloydb.clusters.delete" - ], - "modify": [ - "alloydb.clusters.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "alloydb.clusters.create", + "alloydb.clusters.delete", + "alloydb.clusters.get", + "alloydb.clusters.update", + "alloydb.operations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "alloydb.clusters.delete" + ], + "modify": [ + "alloydb.clusters.update" + ], + "plan": [ + "alloydb.clusters.get" + ] + } +] diff --git a/src/mapping/google/resource/alloydb/google_alloydb_instance.json b/src/mapping/google/resource/alloydb/google_alloydb_instance.json index d53113e8..f5ee84cf 100644 --- a/src/mapping/google/resource/alloydb/google_alloydb_instance.json +++ b/src/mapping/google/resource/alloydb/google_alloydb_instance.json @@ -1,20 +1,22 @@ -[ - { - "apply": [ - "alloydb.instances.create", - "alloydb.instances.delete", - "alloydb.instances.get", - "alloydb.instances.update" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "alloydb.instances.delete" - ], - "modify": [ - "alloydb.instances.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "alloydb.instances.create", + "alloydb.instances.delete", + "alloydb.instances.get", + "alloydb.instances.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "alloydb.instances.delete" + ], + "modify": [ + "alloydb.instances.update" + ], + "plan": [ + "alloydb.instances.get" + ] + } +] diff --git a/src/mapping/google/resource/analyticshub/google_bigquery_analytics_hub_listing_subscription.json b/src/mapping/google/resource/analyticshub/google_bigquery_analytics_hub_listing_subscription.json new file mode 100644 index 00000000..e674d29a --- /dev/null +++ b/src/mapping/google/resource/analyticshub/google_bigquery_analytics_hub_listing_subscription.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "analyticshub.subscriptions.get", + "analyticshub.subscriptions.update", + "analyticshub.subscriptions.delete", + "analyticshub.subscriptions.create", + "analyticshub.listings.subscribe" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apigee/google_apigee_environment_iam_binding.json b/src/mapping/google/resource/apigee/google_apigee_environment_iam_binding.json new file mode 100644 index 00000000..68b0624b --- /dev/null +++ b/src/mapping/google/resource/apigee/google_apigee_environment_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "apigee.environments.setIamPolicy", + "apigee.environments.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apigee/google_apigee_environment_iam_member.json b/src/mapping/google/resource/apigee/google_apigee_environment_iam_member.json new file mode 100644 index 00000000..68b0624b --- /dev/null +++ b/src/mapping/google/resource/apigee/google_apigee_environment_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "apigee.environments.setIamPolicy", + "apigee.environments.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apigee/google_apigee_environment_iam_policy.json b/src/mapping/google/resource/apigee/google_apigee_environment_iam_policy.json new file mode 100644 index 00000000..68b0624b --- /dev/null +++ b/src/mapping/google/resource/apigee/google_apigee_environment_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "apigee.environments.setIamPolicy", + "apigee.environments.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apihub/google_apihub_api_hub_instance.json b/src/mapping/google/resource/apihub/google_apihub_api_hub_instance.json new file mode 100644 index 00000000..13e28441 --- /dev/null +++ b/src/mapping/google/resource/apihub/google_apihub_api_hub_instance.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "apihub.apiHubInstances.create", + "apihub.apiHubInstances.delete", + "apihub.apiHubInstances.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apihub/google_apihub_curation.json b/src/mapping/google/resource/apihub/google_apihub_curation.json new file mode 100644 index 00000000..d4a1294c --- /dev/null +++ b/src/mapping/google/resource/apihub/google_apihub_curation.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "apihub.curations.create", + "apihub.curations.delete", + "apihub.curations.get", + "apihub.curations.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apihub/google_apihub_host_project_registration.json b/src/mapping/google/resource/apihub/google_apihub_host_project_registration.json new file mode 100644 index 00000000..e9d49a9d --- /dev/null +++ b/src/mapping/google/resource/apihub/google_apihub_host_project_registration.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "apihub.hostProjectRegistrations.create", + "apihub.hostProjectRegistrations.delete", + "apihub.hostProjectRegistrations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apihub/google_apihub_plugin.json b/src/mapping/google/resource/apihub/google_apihub_plugin.json new file mode 100644 index 00000000..4e33337b --- /dev/null +++ b/src/mapping/google/resource/apihub/google_apihub_plugin.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "apihub.plugins.create", + "apihub.plugins.get", + "apihub.plugins.update", + "apihub.plugins.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apihub/google_apihub_plugin_instance.json b/src/mapping/google/resource/apihub/google_apihub_plugin_instance.json new file mode 100644 index 00000000..e182dccd --- /dev/null +++ b/src/mapping/google/resource/apihub/google_apihub_plugin_instance.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "apihub.plugininstances.create", + "apihub.plugininstances.delete", + "apihub.plugininstances.update", + "apihub.plugininstances.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apphub/google_apphub_application.json b/src/mapping/google/resource/apphub/google_apphub_application.json new file mode 100644 index 00000000..801b1414 --- /dev/null +++ b/src/mapping/google/resource/apphub/google_apphub_application.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "apphub.applications.create", + "apphub.applications.delete", + "apphub.applications.get", + "apphub.applications.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apphub/google_apphub_service.json b/src/mapping/google/resource/apphub/google_apphub_service.json new file mode 100644 index 00000000..86e2e1be --- /dev/null +++ b/src/mapping/google/resource/apphub/google_apphub_service.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "apphub.services.create", + "apphub.services.delete", + "apphub.services.get", + "apphub.services.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apphub/google_apphub_service_project_attachment.json b/src/mapping/google/resource/apphub/google_apphub_service_project_attachment.json new file mode 100644 index 00000000..97798eb0 --- /dev/null +++ b/src/mapping/google/resource/apphub/google_apphub_service_project_attachment.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "apphub.serviceProjectAttachments.attach", + "apphub.serviceProjectAttachments.create", + "apphub.serviceProjectAttachments.delete", + "apphub.serviceProjectAttachments.detach", + "apphub.serviceProjectAttachments.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/apphub/google_apphub_workload.json b/src/mapping/google/resource/apphub/google_apphub_workload.json new file mode 100644 index 00000000..74f51753 --- /dev/null +++ b/src/mapping/google/resource/apphub/google_apphub_workload.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "apphub.workloads.create", + "apphub.workloads.get", + "apphub.workloads.update", + "apphub.workloads.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/artifactregistry/google_artifact_registry_repository_iam_policy.json b/src/mapping/google/resource/artifactregistry/google_artifact_registry_repository_iam_policy.json index 685cf1d4..fa4d79b3 100644 --- a/src/mapping/google/resource/artifactregistry/google_artifact_registry_repository_iam_policy.json +++ b/src/mapping/google/resource/artifactregistry/google_artifact_registry_repository_iam_policy.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "artifactregistry.repositories.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/backend/gcs.json b/src/mapping/google/resource/backend/gcs.json new file mode 100644 index 00000000..d9f17369 --- /dev/null +++ b/src/mapping/google/resource/backend/gcs.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "storage.buckets.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/backupdr/google_backup_dr_backup_plan.json b/src/mapping/google/resource/backupdr/google_backup_dr_backup_plan.json new file mode 100644 index 00000000..8ddc374e --- /dev/null +++ b/src/mapping/google/resource/backupdr/google_backup_dr_backup_plan.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "backupdr.backupPlans.create", + "backupdr.backupPlans.delete", + "backupdr.backupPlans.get", + "backupdr.backupPlans.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/backupdr/google_backup_dr_backup_plan_association.json b/src/mapping/google/resource/backupdr/google_backup_dr_backup_plan_association.json new file mode 100644 index 00000000..9a8d07d1 --- /dev/null +++ b/src/mapping/google/resource/backupdr/google_backup_dr_backup_plan_association.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "backupdr.backupPlanAssociations.createForCloudSqlInstance", + "backupdr.backupPlanAssociations.createForComputeDisk", + "backupdr.backupPlanAssociations.createForComputeInstance", + "backupdr.backupPlanAssociations.deleteForCloudSqlInstance", + "backupdr.backupPlanAssociations.deleteForComputeDisk", + "backupdr.backupPlanAssociations.deleteForComputeInstance", + "backupdr.backupPlanAssociations.fetchForCloudSqlInstance", + "backupdr.backupPlanAssociations.get", + "backupdr.backupPlanAssociations.getForCloudSqlInstance", + "backupdr.backupPlanAssociations.getForComputeDisk", + "backupdr.backupPlanAssociations.triggerBackupForCloudSqlInstance", + "backupdr.backupPlanAssociations.triggerBackupForComputeDisk", + "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlanAssociations.updateForComputeDisk", + "backupdr.backupPlanAssociations.updateForComputeInstance" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/backupdr/google_backup_dr_backup_vault.json b/src/mapping/google/resource/backupdr/google_backup_dr_backup_vault.json new file mode 100644 index 00000000..282eb8ad --- /dev/null +++ b/src/mapping/google/resource/backupdr/google_backup_dr_backup_vault.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "backupdr.backupVaults.create", + "backupdr.backupVaults.delete", + "backupdr.backupVaults.get", + "backupdr.backupVaults.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/backupdr/google_backup_dr_management_server.json b/src/mapping/google/resource/backupdr/google_backup_dr_management_server.json new file mode 100644 index 00000000..d7e9c334 --- /dev/null +++ b/src/mapping/google/resource/backupdr/google_backup_dr_management_server.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "backupdr.managementServers.create", + "backupdr.managementServers.get", + "backupdr.managementServers.update", + "backupdr.managementServers.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/backupdr/google_backup_dr_service_config.json b/src/mapping/google/resource/backupdr/google_backup_dr_service_config.json new file mode 100644 index 00000000..6e6363db --- /dev/null +++ b/src/mapping/google/resource/backupdr/google_backup_dr_service_config.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "backupdr.resourceBackupConfigs.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_connection.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_connection.json new file mode 100644 index 00000000..c357d106 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_connection.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.appConnections.create", + "beyondcorp.appConnections.delete", + "beyondcorp.appConnections.get", + "beyondcorp.appConnections.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_connector.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_connector.json new file mode 100644 index 00000000..19896bc7 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_connector.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.appConnectors.create", + "beyondcorp.appConnectors.get", + "beyondcorp.appConnectors.delete", + "beyondcorp.appConnectors.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_gateway.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_gateway.json new file mode 100644 index 00000000..b337d7f8 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_app_gateway.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.appGateways.create", + "beyondcorp.appGateways.delete", + "beyondcorp.appGateways.update", + "beyondcorp.appGateways.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_application.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application.json new file mode 100644 index 00000000..0083e5f6 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.sgApplications.create", + "beyondcorp.sgApplications.delete", + "beyondcorp.sgApplications.get", + "beyondcorp.sgApplications.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_binding.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_binding.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_binding.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_member.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_member.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_member.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_policy.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_policy.json new file mode 100644 index 00000000..1b7d6db6 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_application_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.sgApplications.getIamPolicy", + "beyondcorp.sgApplications.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "beyondcorp.sgApplications.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway.json new file mode 100644 index 00000000..04455491 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.securityGateways.create", + "beyondcorp.securityGateways.get", + "beyondcorp.securityGateways.update", + "beyondcorp.securityGateways.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application.json new file mode 100644 index 00000000..0083e5f6 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.sgApplications.create", + "beyondcorp.sgApplications.delete", + "beyondcorp.sgApplications.get", + "beyondcorp.sgApplications.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding.json new file mode 100644 index 00000000..1b5ad869 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "beyondcorp.sgApplications.getIamPolicy", + "beyondcorp.sgApplications.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_member.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_member.json new file mode 100644 index 00000000..1b5ad869 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "beyondcorp.sgApplications.getIamPolicy", + "beyondcorp.sgApplications.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json new file mode 100644 index 00000000..fb891754 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_application_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.sgApplications.getIamPolicy", + "beyondcorp.sgApplications.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "beyondcorp.sgApplications.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_binding.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_binding.json new file mode 100644 index 00000000..87b1b386 --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "beyondcorp.securityGateways.getIamPolicy", + "beyondcorp.securityGateways.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_member.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_member.json new file mode 100644 index 00000000..3055048a --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "beyondcorp.securityGateways.getIamPolicy", + "beyondcorp.securityGateways.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json new file mode 100644 index 00000000..33e8296b --- /dev/null +++ b/src/mapping/google/resource/beyondcorp/google_beyondcorp_security_gateway_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "beyondcorp.securityGateways.getIamPolicy", + "beyondcorp.securityGateways.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "beyondcorp.securityGateways.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/biglake/google_biglake_catalog.json b/src/mapping/google/resource/biglake/google_biglake_catalog.json new file mode 100644 index 00000000..19598023 --- /dev/null +++ b/src/mapping/google/resource/biglake/google_biglake_catalog.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "biglake.catalogs.create", + "biglake.catalogs.delete", + "biglake.catalogs.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "biglake.catalogs.delete" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/biglake/google_biglake_database.json b/src/mapping/google/resource/biglake/google_biglake_database.json new file mode 100644 index 00000000..966ea125 --- /dev/null +++ b/src/mapping/google/resource/biglake/google_biglake_database.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "biglake.databases.create", + "biglake.databases.delete", + "biglake.databases.get", + "biglake.databases.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "biglake.databases.delete" + ], + "modify": [ + "biglake.databases.update" + ], + "plan": [ + "biglake.databases.get" + ] + } +] diff --git a/src/mapping/google/resource/biglake/google_biglake_table.json b/src/mapping/google/resource/biglake/google_biglake_table.json new file mode 100644 index 00000000..c4a66859 --- /dev/null +++ b/src/mapping/google/resource/biglake/google_biglake_table.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "biglake.tables.create", + "biglake.tables.delete", + "biglake.tables.get", + "biglake.tables.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "biglake.tables.delete" + ], + "modify": [ + "biglake.tables.update" + ], + "plan": [ + "biglake.tables.get" + ] + } +] diff --git a/src/mapping/google/resource/bigquery/google_bigquery_connection.json b/src/mapping/google/resource/bigquery/google_bigquery_connection.json index 6045e5b7..06fd549f 100644 --- a/src/mapping/google/resource/bigquery/google_bigquery_connection.json +++ b/src/mapping/google/resource/bigquery/google_bigquery_connection.json @@ -4,21 +4,15 @@ "bigquery.connections.get", "bigquery.connections.create", "bigquery.connections.delete", - "bigquery.connections.update", - "accesscontextmanager.servicePerimeters.create", - "accesscontextmanager.servicePerimeters.delete", - "accesscontextmanager.servicePerimeters.get", - "accesscontextmanager.servicePerimeters.update" + "bigquery.connections.update" ], "attributes": { "tags": [] }, "destroy": [ - "accesscontextmanager.servicePerimeters.delete", "bigquery.connections.delete" ], "modify": [ - "accesscontextmanager.servicePerimeters.update", "bigquery.connections.update" ], "plan": [] diff --git a/src/mapping/google/resource/bigquery/google_bigquery_dataset_access.json b/src/mapping/google/resource/bigquery/google_bigquery_dataset_access.json new file mode 100644 index 00000000..2c57bc06 --- /dev/null +++ b/src/mapping/google/resource/bigquery/google_bigquery_dataset_access.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "bigquery.datasets.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/bigquery/google_bigquery_row_access_policy.json b/src/mapping/google/resource/bigquery/google_bigquery_row_access_policy.json new file mode 100644 index 00000000..2c57bc06 --- /dev/null +++ b/src/mapping/google/resource/bigquery/google_bigquery_row_access_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "bigquery.datasets.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/bigtable/google_bigtable_authorized_view.json b/src/mapping/google/resource/bigtable/google_bigtable_authorized_view.json new file mode 100644 index 00000000..94e79e45 --- /dev/null +++ b/src/mapping/google/resource/bigtable/google_bigtable_authorized_view.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "bigtable.authorizedViews.create", + "bigtable.authorizedViews.delete", + "bigtable.authorizedViews.get", + "bigtable.authorizedViews.update", + "bigtable.tables.mutateRows", + "bigtable.tables.readRows" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "bigtable.authorizedViews.delete" + ], + "modify": [ + "bigtable.authorizedViews.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/bigtable/google_bigtable_logical_view.json b/src/mapping/google/resource/bigtable/google_bigtable_logical_view.json new file mode 100644 index 00000000..ca61e4ce --- /dev/null +++ b/src/mapping/google/resource/bigtable/google_bigtable_logical_view.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "bigtable.logicalViews.create", + "bigtable.logicalViews.delete", + "bigtable.logicalViews.get", + "bigtable.logicalViews.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "bigtable.logicalViews.delete" + ], + "modify": [ + "bigtable.logicalViews.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/bigtable/google_bigtable_materialized_view.json b/src/mapping/google/resource/bigtable/google_bigtable_materialized_view.json new file mode 100644 index 00000000..3b43d47e --- /dev/null +++ b/src/mapping/google/resource/bigtable/google_bigtable_materialized_view.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "bigtable.materializedViews.create", + "bigtable.materializedViews.delete", + "bigtable.materializedViews.get", + "bigtable.materializedViews.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "bigtable.materializedViews.delete" + ], + "modify": [ + "bigtable.materializedViews.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/bigtable/google_bigtable_schema_bundle.json b/src/mapping/google/resource/bigtable/google_bigtable_schema_bundle.json new file mode 100644 index 00000000..dc80c15c --- /dev/null +++ b/src/mapping/google/resource/bigtable/google_bigtable_schema_bundle.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "bigtable.schemaBundles.get", + "bigtable.schemaBundles.create", + "bigtable.schemaBundles.delete", + "bigtable.schemaBundles.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/billing/google_billing_account_iam_binding.json b/src/mapping/google/resource/billing/google_billing_account_iam_binding.json new file mode 100644 index 00000000..6fbf215f --- /dev/null +++ b/src/mapping/google/resource/billing/google_billing_account_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "billing.accounts.getIamPolicy", + "billing.accounts.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/billing/google_billing_account_iam_member.json b/src/mapping/google/resource/billing/google_billing_account_iam_member.json new file mode 100644 index 00000000..6fbf215f --- /dev/null +++ b/src/mapping/google/resource/billing/google_billing_account_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "billing.accounts.getIamPolicy", + "billing.accounts.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/billing/google_billing_account_iam_policy.json b/src/mapping/google/resource/billing/google_billing_account_iam_policy.json new file mode 100644 index 00000000..6fbf215f --- /dev/null +++ b/src/mapping/google/resource/billing/google_billing_account_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "billing.accounts.getIamPolicy", + "billing.accounts.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/billing/google_billing_budget.json b/src/mapping/google/resource/billing/google_billing_budget.json new file mode 100644 index 00000000..41305e00 --- /dev/null +++ b/src/mapping/google/resource/billing/google_billing_budget.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "billing.budgets.create", + "billing.budgets.get", + "billing.budgets.update", + "billing.budgets.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_binding.json b/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_binding.json new file mode 100644 index 00000000..ba707022 --- /dev/null +++ b/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "binaryauthorization.attestors.getIamPolicy", + "binaryauthorization.attestors.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_member.json b/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_member.json new file mode 100644 index 00000000..ba707022 --- /dev/null +++ b/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "binaryauthorization.attestors.getIamPolicy", + "binaryauthorization.attestors.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_policy.json b/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_policy.json new file mode 100644 index 00000000..05dc7ce7 --- /dev/null +++ b/src/mapping/google/resource/binaryauthorization/google_binary_authorization_attestor_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "binaryauthorization.attestors.getIamPolicy", + "binaryauthorization.attestors.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "binaryauthorization.attestors.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/certificatemanager/google_certificate_manager_dns_authorization.json b/src/mapping/google/resource/certificatemanager/google_certificate_manager_dns_authorization.json new file mode 100644 index 00000000..f9aba094 --- /dev/null +++ b/src/mapping/google/resource/certificatemanager/google_certificate_manager_dns_authorization.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "certificatemanager.dnsauthorizations.create", + "certificatemanager.operations.delete", + "certificatemanager.dnsauthorizations.get", + "certificatemanager.dnsauthorizations.delete", + "certificatemanager.dnsauthorizations.update", + "certificatemanager.dnsauthorizations.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/chronicle/google_chronicle_data_access_label.json b/src/mapping/google/resource/chronicle/google_chronicle_data_access_label.json new file mode 100644 index 00000000..71f9c22e --- /dev/null +++ b/src/mapping/google/resource/chronicle/google_chronicle_data_access_label.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "chronicle.dataAccessLabels.create", + "chronicle.dataAccessLabels.delete", + "chronicle.dataAccessLabels.get", + "chronicle.dataAccessLabels.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/chronicle/google_chronicle_data_access_scope.json b/src/mapping/google/resource/chronicle/google_chronicle_data_access_scope.json new file mode 100644 index 00000000..85431001 --- /dev/null +++ b/src/mapping/google/resource/chronicle/google_chronicle_data_access_scope.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "chronicle.dataAccessScopes.create", + "chronicle.dataAccessScopes.delete", + "chronicle.dataAccessScopes.get", + "chronicle.dataAccessScopes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/chronicle/google_chronicle_reference_list.json b/src/mapping/google/resource/chronicle/google_chronicle_reference_list.json new file mode 100644 index 00000000..1dfcafd2 --- /dev/null +++ b/src/mapping/google/resource/chronicle/google_chronicle_reference_list.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "chronicle.referenceLists.create", + "chronicle.referenceLists.get", + "chronicle.referenceLists.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/chronicle/google_chronicle_retrohunt.json b/src/mapping/google/resource/chronicle/google_chronicle_retrohunt.json new file mode 100644 index 00000000..715fcfe2 --- /dev/null +++ b/src/mapping/google/resource/chronicle/google_chronicle_retrohunt.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "chronicle.retrohunts.create", + "chronicle.retrohunts.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/chronicle/google_chronicle_rule.json b/src/mapping/google/resource/chronicle/google_chronicle_rule.json new file mode 100644 index 00000000..1574ad23 --- /dev/null +++ b/src/mapping/google/resource/chronicle/google_chronicle_rule.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "chronicle.rules.create", + "chronicle.rules.delete", + "chronicle.rules.get", + "chronicle.rules.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/chronicle/google_chronicle_rule_deployment.json b/src/mapping/google/resource/chronicle/google_chronicle_rule_deployment.json new file mode 100644 index 00000000..dbb01ffe --- /dev/null +++ b/src/mapping/google/resource/chronicle/google_chronicle_rule_deployment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "chronicle.ruleDeployments.get", + "chronicle.ruleDeployments.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/chronicle/google_chronicle_watchlist.json b/src/mapping/google/resource/chronicle/google_chronicle_watchlist.json new file mode 100644 index 00000000..7d50435b --- /dev/null +++ b/src/mapping/google/resource/chronicle/google_chronicle_watchlist.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "chronicle.watchlists.create", + "chronicle.watchlists.delete", + "chronicle.watchlists.get", + "chronicle.watchlists.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_code_repository_index.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_code_repository_index.json new file mode 100644 index 00000000..76fc2a6d --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_code_repository_index.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.codeRepositoryIndexes.create", + "cloudaicompanion.codeRepositoryIndexes.delete", + "cloudaicompanion.codeRepositoryIndexes.get", + "cloudaicompanion.codeRepositoryIndexes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting.json new file mode 100644 index 00000000..68b8a4a0 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.codeToolsSettings.create", + "cloudaicompanion.codeToolsSettings.delete", + "cloudaicompanion.codeToolsSettings.get", + "cloudaicompanion.codeToolsSettings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting_binding.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting_binding.json new file mode 100644 index 00000000..e77b08a5 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_code_tools_setting_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.settingBindings.codeToolsSettingsCreate", + "cloudaicompanion.settingBindings.codeToolsSettingsDelete", + "cloudaicompanion.settingBindings.codeToolsSettingsGet", + "cloudaicompanion.settingBindings.codeToolsSettingsUpdate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting.json new file mode 100644 index 00000000..6a25e1ad --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.dataSharingWithGoogleSettings.create", + "cloudaicompanion.dataSharingWithGoogleSettings.delete", + "cloudaicompanion.dataSharingWithGoogleSettings.get", + "cloudaicompanion.dataSharingWithGoogleSettings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting_binding.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting_binding.json new file mode 100644 index 00000000..35104cd6 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_data_sharing_with_google_setting_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsCreate", + "cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsDelete", + "cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsGet", + "cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUpdate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting.json new file mode 100644 index 00000000..8b4cab83 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.geminiGcpEnablementSettings.create", + "cloudaicompanion.geminiGcpEnablementSettings.delete", + "cloudaicompanion.geminiGcpEnablementSettings.get", + "cloudaicompanion.geminiGcpEnablementSettings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting_binding.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting_binding.json new file mode 100644 index 00000000..d0298df6 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_gemini_gcp_enablement_setting_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.settingBindings.geminiGcpEnablementSettingsCreate", + "cloudaicompanion.settingBindings.geminiGcpEnablementSettingsDelete", + "cloudaicompanion.settingBindings.geminiGcpEnablementSettingsGet", + "cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUpdate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_logging_setting.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_logging_setting.json new file mode 100644 index 00000000..fcee370f --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_logging_setting.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.loggingSettings.create", + "cloudaicompanion.loggingSettings.delete", + "cloudaicompanion.loggingSettings.get", + "cloudaicompanion.loggingSettings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_logging_setting_binding.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_logging_setting_binding.json new file mode 100644 index 00000000..ca33e164 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_logging_setting_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.settingBindings.loggingSettingsCreate", + "cloudaicompanion.settingBindings.loggingSettingsDelete", + "cloudaicompanion.settingBindings.loggingSettingsGet", + "cloudaicompanion.settingBindings.loggingSettingsUpdate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting.json new file mode 100644 index 00000000..c4adcb70 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.releaseChannelSettings.create", + "cloudaicompanion.releaseChannelSettings.delete", + "cloudaicompanion.releaseChannelSettings.get", + "cloudaicompanion.releaseChannelSettings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting_binding.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting_binding.json new file mode 100644 index 00000000..0f059b11 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_release_channel_setting_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.settingBindings.releaseChannelSettingsCreate", + "cloudaicompanion.settingBindings.releaseChannelSettingsDelete", + "cloudaicompanion.settingBindings.releaseChannelSettingsGet", + "cloudaicompanion.settingBindings.releaseChannelSettingsUpdate" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group.json new file mode 100644 index 00000000..6652c195 --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.repositoryGroups.create", + "cloudaicompanion.repositoryGroups.delete", + "cloudaicompanion.repositoryGroups.get", + "cloudaicompanion.repositoryGroups.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_binding.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_binding.json new file mode 100644 index 00000000..6d39c3bc --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.repositoryGroups.getIamPolicy", + "cloudaicompanion.repositoryGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudaicompanion.repositoryGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_member.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_member.json new file mode 100644 index 00000000..6d39c3bc --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_member.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.repositoryGroups.getIamPolicy", + "cloudaicompanion.repositoryGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudaicompanion.repositoryGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_policy.json b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_policy.json new file mode 100644 index 00000000..6d39c3bc --- /dev/null +++ b/src/mapping/google/resource/cloudaicompanion/google_gemini_repository_group_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudaicompanion.repositoryGroups.getIamPolicy", + "cloudaicompanion.repositoryGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudaicompanion.repositoryGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudbuild/google_cloudbuild_trigger.json b/src/mapping/google/resource/cloudbuild/google_cloudbuild_trigger.json index e5051fe5..6a8c36df 100644 --- a/src/mapping/google/resource/cloudbuild/google_cloudbuild_trigger.json +++ b/src/mapping/google/resource/cloudbuild/google_cloudbuild_trigger.json @@ -10,6 +10,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "cloudbuild.builds.get" + ] } ] diff --git a/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection.json b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection.json new file mode 100644 index 00000000..ddeb47ed --- /dev/null +++ b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "cloudbuild.connections.create", + "cloudbuild.connections.delete", + "cloudbuild.connections.get", + "cloudbuild.connections.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudbuild.connections.delete" + ], + "modify": [ + "cloudbuild.connections.update" + ], + "plan": [ + "cloudbuild.connections.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_binding.json b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_binding.json new file mode 100644 index 00000000..3633066a --- /dev/null +++ b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_binding.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "cloudbuild.connections.getIamPolicy", + "cloudbuild.connections.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudbuild.connections.setIamPolicy" + ], + "modify": [ + "cloudbuild.connections.setIamPolicy" + ], + "plan": [ + "cloudbuild.connections.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_member.json b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_member.json new file mode 100644 index 00000000..3633066a --- /dev/null +++ b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_member.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "cloudbuild.connections.getIamPolicy", + "cloudbuild.connections.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudbuild.connections.setIamPolicy" + ], + "modify": [ + "cloudbuild.connections.setIamPolicy" + ], + "plan": [ + "cloudbuild.connections.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_policy.json b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_policy.json new file mode 100644 index 00000000..3633066a --- /dev/null +++ b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_connection_iam_policy.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "cloudbuild.connections.getIamPolicy", + "cloudbuild.connections.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudbuild.connections.setIamPolicy" + ], + "modify": [ + "cloudbuild.connections.setIamPolicy" + ], + "plan": [ + "cloudbuild.connections.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_repository.json b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_repository.json new file mode 100644 index 00000000..2b616422 --- /dev/null +++ b/src/mapping/google/resource/cloudbuild/google_cloudbuildv2_repository.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudbuild.repositories.create", + "cloudbuild.repositories.delete", + "cloudbuild.repositories.fetchGitRefs", + "cloudbuild.repositories.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_binding.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_binding.json new file mode 100644 index 00000000..4f97f84e --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "clouddeploy.customTargetTypes.getIamPolicy", + "clouddeploy.customTargetTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_member.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_member.json new file mode 100644 index 00000000..4f97f84e --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "clouddeploy.customTargetTypes.getIamPolicy", + "clouddeploy.customTargetTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json new file mode 100644 index 00000000..86c94851 --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_custom_target_type_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "clouddeploy.customTargetTypes.getIamPolicy", + "clouddeploy.customTargetTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "clouddeploy.customTargetTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_binding.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_binding.json new file mode 100644 index 00000000..252345bd --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "clouddeploy.deliveryPipelines.getIamPolicy", + "clouddeploy.deliveryPipelines.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_member.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_member.json new file mode 100644 index 00000000..252345bd --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "clouddeploy.deliveryPipelines.getIamPolicy", + "clouddeploy.deliveryPipelines.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json new file mode 100644 index 00000000..1d753cd9 --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_delivery_pipeline_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "clouddeploy.deliveryPipelines.getIamPolicy", + "clouddeploy.deliveryPipelines.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "clouddeploy.deliveryPipelines.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_binding.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_binding.json new file mode 100644 index 00000000..c4fff3fc --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "clouddeploy.targets.getIamPolicy", + "clouddeploy.targets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_member.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_member.json new file mode 100644 index 00000000..c4fff3fc --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "clouddeploy.targets.getIamPolicy", + "clouddeploy.targets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_policy.json b/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_policy.json new file mode 100644 index 00000000..57830ad4 --- /dev/null +++ b/src/mapping/google/resource/clouddeploy/google_clouddeploy_target_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "clouddeploy.targets.getIamPolicy", + "clouddeploy.targets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "clouddeploy.targets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function.json b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function.json new file mode 100644 index 00000000..794beaf2 --- /dev/null +++ b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "cloudfunctions.functions.create", + "cloudfunctions.functions.get", + "cloudfunctions.functions.update", + "cloudfunctions.functions.delete", + "cloudfunctions.operations.get", + "storage.objects.list" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudfunctions.functions.delete" + ], + "modify": [ + "cloudfunctions.functions.update" + ], + "plan": [ + "cloudfunctions.functions.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_binding.json b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_binding.json new file mode 100644 index 00000000..bbce8658 --- /dev/null +++ b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "run.services.getIamPolicy", + "run.services.setIamPolicy", + "cloudfunctions.functions.getIamPolicy", + "cloudfunctions.functions.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_member.json b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_member.json new file mode 100644 index 00000000..bbce8658 --- /dev/null +++ b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_member.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "run.services.getIamPolicy", + "run.services.setIamPolicy", + "cloudfunctions.functions.getIamPolicy", + "cloudfunctions.functions.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_policy.json b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_policy.json new file mode 100644 index 00000000..bbce8658 --- /dev/null +++ b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions2_function_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "run.services.getIamPolicy", + "run.services.setIamPolicy", + "cloudfunctions.functions.getIamPolicy", + "cloudfunctions.functions.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function.json b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function.json index d61d264e..29a714c2 100644 --- a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function.json +++ b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function.json @@ -1,12 +1,12 @@ [ { "apply": [ - "iam.serviceAccounts.actAs", "cloudfunctions.functions.create", "cloudfunctions.operations.get", "cloudfunctions.functions.get", "cloudfunctions.functions.delete", - "cloudfunctions.functions.update" + "cloudfunctions.functions.update", + "storage.objects.list" ], "attributes": { "tags": [] @@ -15,6 +15,8 @@ "cloudfunctions.functions.delete" ], "modify": [], - "plan": [] + "plan": [ + "cloudfunctions.functions.get" + ] } ] diff --git a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_binding.json b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_binding.json new file mode 100644 index 00000000..77663d7d --- /dev/null +++ b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cloudfunctions.functions.setIamPolicy", + "cloudfunctions.functions.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_policy.json b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_policy.json index 77663d7d..d77d4ada 100644 --- a/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_policy.json +++ b/src/mapping/google/resource/cloudfunctions/google_cloudfunctions_function_iam_policy.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "cloudfunctions.functions.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/cloudkms/google_kms_crypto_key.json b/src/mapping/google/resource/cloudkms/google_kms_crypto_key.json index fb8cf48f..3bb2dae4 100644 --- a/src/mapping/google/resource/cloudkms/google_kms_crypto_key.json +++ b/src/mapping/google/resource/cloudkms/google_kms_crypto_key.json @@ -1,21 +1,23 @@ -[ - { - "apply": [ - "cloudkms.cryptoKeys.create", - "cloudkms.cryptoKeys.get", - "cloudkms.cryptoKeyVersions.list", - "cloudkms.cryptoKeyVersions.destroy", - "cloudkms.cryptoKeys.update" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "cloudkms.cryptoKeyVersions.destroy" - ], - "modify": [ - "cloudkms.cryptoKeys.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "cloudkms.cryptoKeys.create", + "cloudkms.cryptoKeys.get", + "cloudkms.cryptoKeyVersions.list", + "cloudkms.cryptoKeyVersions.destroy", + "cloudkms.cryptoKeys.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudkms.cryptoKeyVersions.destroy" + ], + "modify": [ + "cloudkms.cryptoKeys.update" + ], + "plan": [ + "cloudkms.cryptoKeys.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudkms/google_kms_crypto_key_iam_policy.json b/src/mapping/google/resource/cloudkms/google_kms_crypto_key_iam_policy.json index 43ac0ca3..6f09d3e1 100644 --- a/src/mapping/google/resource/cloudkms/google_kms_crypto_key_iam_policy.json +++ b/src/mapping/google/resource/cloudkms/google_kms_crypto_key_iam_policy.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "cloudkms.cryptoKeys.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/cloudkms/google_kms_crypto_key_version.json b/src/mapping/google/resource/cloudkms/google_kms_crypto_key_version.json new file mode 100644 index 00000000..19b78ad9 --- /dev/null +++ b/src/mapping/google/resource/cloudkms/google_kms_crypto_key_version.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudkms.cryptoKeyVersions.create", + "cloudkms.cryptoKeyVersions.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.cryptoKeyVersions.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudkms/google_kms_key_handle.json b/src/mapping/google/resource/cloudkms/google_kms_key_handle.json new file mode 100644 index 00000000..0559ad5c --- /dev/null +++ b/src/mapping/google/resource/cloudkms/google_kms_key_handle.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudkms.keyHandles.create", + "cloudkms.keyHandles.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.keyHandles.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudkms/google_kms_key_ring.json b/src/mapping/google/resource/cloudkms/google_kms_key_ring.json index 0b29db2b..49f3ef53 100644 --- a/src/mapping/google/resource/cloudkms/google_kms_key_ring.json +++ b/src/mapping/google/resource/cloudkms/google_kms_key_ring.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "cloudkms.keyRings.get" + ] } ] diff --git a/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_binding.json b/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_binding.json new file mode 100644 index 00000000..01220ead --- /dev/null +++ b/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cloudkms.keyRings.setIamPolicy", + "cloudkms.keyRings.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_member.json b/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_member.json new file mode 100644 index 00000000..01220ead --- /dev/null +++ b/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cloudkms.keyRings.setIamPolicy", + "cloudkms.keyRings.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_policy.json b/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_policy.json new file mode 100644 index 00000000..cf15ca2c --- /dev/null +++ b/src/mapping/google/resource/cloudkms/google_kms_key_ring_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudkms.keyRings.setIamPolicy", + "cloudkms.keyRings.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.keyRings.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/cloudkms/google_kms_key_ring_import_job.json b/src/mapping/google/resource/cloudkms/google_kms_key_ring_import_job.json new file mode 100644 index 00000000..a962d24e --- /dev/null +++ b/src/mapping/google/resource/cloudkms/google_kms_key_ring_import_job.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cloudkms.importJobs.create", + "cloudkms.importJobs.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudkms.importJobs.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudkms/google_kms_secret_ciphertext.json b/src/mapping/google/resource/cloudkms/google_kms_secret_ciphertext.json new file mode 100644 index 00000000..4eb63999 --- /dev/null +++ b/src/mapping/google/resource/cloudkms/google_kms_secret_ciphertext.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "cloudkms.cryptoKeyVersions.useToEncrypt" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudsql/google_sql_database.json b/src/mapping/google/resource/cloudsql/google_sql_database.json index 6b085c74..8f2db262 100644 --- a/src/mapping/google/resource/cloudsql/google_sql_database.json +++ b/src/mapping/google/resource/cloudsql/google_sql_database.json @@ -1,20 +1,22 @@ -[ - { - "apply": [ - "cloudsql.databases.create", - "cloudsql.databases.delete", - "cloudsql.databases.get", - "cloudsql.databases.update" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "cloudsql.databases.delete" - ], - "modify": [ - "cloudsql.databases.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "cloudsql.databases.create", + "cloudsql.databases.delete", + "cloudsql.databases.get", + "cloudsql.databases.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudsql.databases.delete" + ], + "modify": [ + "cloudsql.databases.update" + ], + "plan": [ + "cloudsql.databases.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudsql/google_sql_database_instance.json b/src/mapping/google/resource/cloudsql/google_sql_database_instance.json index f6c73287..dfdf682c 100644 --- a/src/mapping/google/resource/cloudsql/google_sql_database_instance.json +++ b/src/mapping/google/resource/cloudsql/google_sql_database_instance.json @@ -1,22 +1,24 @@ -[ - { - "apply": [ - "cloudsql.instances.create", - "cloudsql.instances.get", - "cloudsql.instances.delete", - "cloudsql.instances.update", - "cloudsql.users.list", - "cloudsql.users.delete" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "cloudsql.instances.delete" - ], - "modify": [ - "cloudsql.instances.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "cloudsql.instances.create", + "cloudsql.instances.get", + "cloudsql.instances.delete", + "cloudsql.instances.update", + "cloudsql.users.list", + "cloudsql.users.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "cloudsql.instances.delete" + ], + "modify": [ + "cloudsql.instances.update" + ], + "plan": [ + "cloudsql.instances.get" + ] + } +] diff --git a/src/mapping/google/resource/cloudsql/google_sql_ssl_cert.json b/src/mapping/google/resource/cloudsql/google_sql_ssl_cert.json new file mode 100644 index 00000000..28b71a1c --- /dev/null +++ b/src/mapping/google/resource/cloudsql/google_sql_ssl_cert.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "cloudsql.sslCerts.create", + "cloudsql.sslCerts.delete", + "cloudsql.sslCerts.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_binding.json b/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_binding.json new file mode 100644 index 00000000..b75e4d12 --- /dev/null +++ b/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cloudtasks.queues.getIamPolicy", + "cloudtasks.queues.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_member.json b/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_member.json new file mode 100644 index 00000000..b75e4d12 --- /dev/null +++ b/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cloudtasks.queues.getIamPolicy", + "cloudtasks.queues.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_policy.json b/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_policy.json new file mode 100644 index 00000000..54013553 --- /dev/null +++ b/src/mapping/google/resource/cloudtasks/google_cloud_tasks_queue_iam_policy.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "cloudtasks.queues.getIamPolicy", + "cloudtasks.queues.setIamPolicy", + "cloudtasks.queues.list" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "cloudtasks.queues.getIamPolicy", + "cloudtasks.queues.list" + ] + } +] diff --git a/src/mapping/google/resource/composer/google_composer_environment.json b/src/mapping/google/resource/composer/google_composer_environment.json new file mode 100644 index 00000000..6f510229 --- /dev/null +++ b/src/mapping/google/resource/composer/google_composer_environment.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "composer.environments.create", + "composer.environments.delete", + "composer.environments.get", + "composer.environments.update", + "iam.serviceAccounts.actAs", + "composer.operations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "composer.environments.delete" + ], + "modify": [ + "composer.environments.update" + ], + "plan": [ + "composer.environments.get" + ] + } +] diff --git a/src/mapping/google/resource/composer/google_composer_user_workloads_config_map.json b/src/mapping/google/resource/composer/google_composer_user_workloads_config_map.json new file mode 100644 index 00000000..cfa782e7 --- /dev/null +++ b/src/mapping/google/resource/composer/google_composer_user_workloads_config_map.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "composer.userworkloadsconfigmaps.create", + "composer.userworkloadsconfigmaps.delete", + "composer.userworkloadsconfigmaps.get", + "composer.userworkloadsconfigmaps.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/composer/google_composer_user_workloads_secret.json b/src/mapping/google/resource/composer/google_composer_user_workloads_secret.json new file mode 100644 index 00000000..084a11c7 --- /dev/null +++ b/src/mapping/google/resource/composer/google_composer_user_workloads_secret.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "composer.userworkloadssecrets.create", + "composer.userworkloadssecrets.delete", + "composer.userworkloadssecrets.get", + "composer.userworkloadssecrets.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_address.json b/src/mapping/google/resource/compute/google_compute_address.json index 7cae8c18..3ee6d9c6 100644 --- a/src/mapping/google/resource/compute/google_compute_address.json +++ b/src/mapping/google/resource/compute/google_compute_address.json @@ -17,6 +17,8 @@ "compute.addresses.delete" ], "modify": [], - "plan": [] + "plan": [ + "compute.addresses.get" + ] } ] diff --git a/src/mapping/google/resource/compute/google_compute_backend_bucket.json b/src/mapping/google/resource/compute/google_compute_backend_bucket.json new file mode 100644 index 00000000..2358f189 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_bucket.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.backendBuckets.create", + "compute.backendBuckets.get", + "compute.backendBuckets.update", + "compute.backendBuckets.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_binding.json b/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_binding.json new file mode 100644 index 00000000..7b36fd5b --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.backendBuckets.setIamPolicy", + "compute.backendBuckets.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_member.json b/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_member.json new file mode 100644 index 00000000..7b36fd5b --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.backendBuckets.setIamPolicy", + "compute.backendBuckets.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_policy.json b/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_policy.json new file mode 100644 index 00000000..53546a85 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_bucket_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.backendBuckets.setIamPolicy", + "compute.backendBuckets.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.backendBuckets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_backend_service.json b/src/mapping/google/resource/compute/google_compute_backend_service.json new file mode 100644 index 00000000..71507945 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_service.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "compute.backendServices.create", + "compute.backendServices.get", + "compute.backendServices.update", + "compute.backendServices.delete", + "compute.httpHealthChecks.useReadOnly", + "compute.healthChecks.useReadOnly", + "compute.httpsHealthChecks.useReadOnly" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_backend_service_iam_binding.json b/src/mapping/google/resource/compute/google_compute_backend_service_iam_binding.json new file mode 100644 index 00000000..9453ec82 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.backendServices.setIamPolicy", + "compute.backendServices.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_backend_service_iam_member.json b/src/mapping/google/resource/compute/google_compute_backend_service_iam_member.json new file mode 100644 index 00000000..9453ec82 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.backendServices.setIamPolicy", + "compute.backendServices.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_backend_service_iam_policy.json b/src/mapping/google/resource/compute/google_compute_backend_service_iam_policy.json new file mode 100644 index 00000000..a4069e30 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_backend_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.backendServices.setIamPolicy", + "compute.backendServices.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.backendServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_disk_iam_binding.json b/src/mapping/google/resource/compute/google_compute_disk_iam_binding.json new file mode 100644 index 00000000..710e90de --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_disk_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.disks.getIamPolicy", + "compute.disks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_disk_iam_member.json b/src/mapping/google/resource/compute/google_compute_disk_iam_member.json new file mode 100644 index 00000000..710e90de --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_disk_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.disks.getIamPolicy", + "compute.disks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_disk_iam_policy.json b/src/mapping/google/resource/compute/google_compute_disk_iam_policy.json new file mode 100644 index 00000000..85e1fa03 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_disk_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.disks.getIamPolicy", + "compute.disks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.disks.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_forwarding_rule.json b/src/mapping/google/resource/compute/google_compute_forwarding_rule.json new file mode 100644 index 00000000..ccaae82b --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_forwarding_rule.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.forwardingRules.delete", + "compute.forwardingRules.create", + "compute.forwardingRules.get", + "compute.forwardingRules.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_global_address.json b/src/mapping/google/resource/compute/google_compute_global_address.json index 5b2b2490..187f3bd4 100644 --- a/src/mapping/google/resource/compute/google_compute_global_address.json +++ b/src/mapping/google/resource/compute/google_compute_global_address.json @@ -15,6 +15,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "compute.globalAddresses.get" + ] } ] diff --git a/src/mapping/google/resource/compute/google_compute_global_forwarding_rule.json b/src/mapping/google/resource/compute/google_compute_global_forwarding_rule.json new file mode 100644 index 00000000..98ef98a8 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_global_forwarding_rule.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.globalForwardingRules.delete", + "compute.globalForwardingRules.create", + "compute.globalForwardingRules.get", + "compute.globalForwardingRules.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_global_network_endpoint_group.json b/src/mapping/google/resource/compute/google_compute_global_network_endpoint_group.json new file mode 100644 index 00000000..fbecb55f --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_global_network_endpoint_group.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.globalNetworkEndpointGroups.delete", + "compute.globalNetworkEndpointGroups.get", + "compute.globalNetworkEndpointGroups.create", + "compute.globalOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_health_check.json b/src/mapping/google/resource/compute/google_compute_health_check.json new file mode 100644 index 00000000..3ec76cfd --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_health_check.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "compute.healthChecks.create", + "compute.healthChecks.delete", + "compute.healthChecks.update", + "compute.healthChecks.get", + "compute.globalOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_http_health_check.json b/src/mapping/google/resource/compute/google_compute_http_health_check.json new file mode 100644 index 00000000..842e0a6f --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_http_health_check.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.httpHealthChecks.create", + "compute.httpHealthChecks.get", + "compute.httpHealthChecks.update", + "compute.httpHealthChecks.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_https_health_check.json b/src/mapping/google/resource/compute/google_compute_https_health_check.json new file mode 100644 index 00000000..9152f969 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_https_health_check.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "compute.httpsHealthChecks.create", + "compute.httpsHealthChecks.get", + "compute.httpsHealthChecks.update", + "compute.httpsHealthChecks.delete", + "compute.globalOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_image_iam_binding.json b/src/mapping/google/resource/compute/google_compute_image_iam_binding.json new file mode 100644 index 00000000..8ec5191f --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_image_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.images.getIamPolicy", + "compute.images.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_image_iam_member.json b/src/mapping/google/resource/compute/google_compute_image_iam_member.json new file mode 100644 index 00000000..8ec5191f --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_image_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.images.getIamPolicy", + "compute.images.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_image_iam_policy.json b/src/mapping/google/resource/compute/google_compute_image_iam_policy.json new file mode 100644 index 00000000..ef9898b4 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_image_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.images.getIamPolicy", + "compute.images.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.images.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instance.json b/src/mapping/google/resource/compute/google_compute_instance.json index 111ca465..8600589f 100644 --- a/src/mapping/google/resource/compute/google_compute_instance.json +++ b/src/mapping/google/resource/compute/google_compute_instance.json @@ -20,6 +20,8 @@ "compute.instances.delete" ], "modify": [], - "plan": [] + "plan": [ + "compute.instances.get" + ] } ] diff --git a/src/mapping/google/resource/compute/google_compute_instance_iam_binding.json b/src/mapping/google/resource/compute/google_compute_instance_iam_binding.json new file mode 100644 index 00000000..4334d995 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instance_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.instances.getIamPolicy", + "compute.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instance_iam_member.json b/src/mapping/google/resource/compute/google_compute_instance_iam_member.json new file mode 100644 index 00000000..4334d995 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instance_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.instances.getIamPolicy", + "compute.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instance_iam_policy.json b/src/mapping/google/resource/compute/google_compute_instance_iam_policy.json new file mode 100644 index 00000000..4334d995 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instance_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.instances.getIamPolicy", + "compute.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instance_template.json b/src/mapping/google/resource/compute/google_compute_instance_template.json index cc2d5d4b..4e86c569 100644 --- a/src/mapping/google/resource/compute/google_compute_instance_template.json +++ b/src/mapping/google/resource/compute/google_compute_instance_template.json @@ -13,6 +13,8 @@ "compute.instanceTemplates.delete" ], "modify": [], - "plan": [] + "plan": [ + "compute.instanceTemplates.get" + ] } ] diff --git a/src/mapping/google/resource/compute/google_compute_instance_template_iam_binding.json b/src/mapping/google/resource/compute/google_compute_instance_template_iam_binding.json new file mode 100644 index 00000000..1aab841c --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instance_template_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.instanceTemplates.getIamPolicy", + "compute.instanceTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instance_template_iam_member.json b/src/mapping/google/resource/compute/google_compute_instance_template_iam_member.json new file mode 100644 index 00000000..1aab841c --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instance_template_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.instanceTemplates.getIamPolicy", + "compute.instanceTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instance_template_iam_policy.json b/src/mapping/google/resource/compute/google_compute_instance_template_iam_policy.json new file mode 100644 index 00000000..54187607 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instance_template_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.instanceTemplates.getIamPolicy", + "compute.instanceTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.instanceTemplates.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_binding.json b/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_binding.json new file mode 100644 index 00000000..54a48d6c --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.instantSnapshots.getIamPolicy", + "compute.instantSnapshots.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_member.json b/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_member.json new file mode 100644 index 00000000..54a48d6c --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.instantSnapshots.getIamPolicy", + "compute.instantSnapshots.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_policy.json b/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_policy.json new file mode 100644 index 00000000..055038da --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_instant_snapshot_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.instantSnapshots.getIamPolicy", + "compute.instantSnapshots.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.instantSnapshots.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_machine_image_iam_binding.json b/src/mapping/google/resource/compute/google_compute_machine_image_iam_binding.json new file mode 100644 index 00000000..7f170c84 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_machine_image_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.machineImages.getIamPolicy", + "compute.machineImages.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_machine_image_iam_member.json b/src/mapping/google/resource/compute/google_compute_machine_image_iam_member.json new file mode 100644 index 00000000..7f170c84 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_machine_image_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.machineImages.getIamPolicy", + "compute.machineImages.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_machine_image_iam_policy.json b/src/mapping/google/resource/compute/google_compute_machine_image_iam_policy.json new file mode 100644 index 00000000..4faa0149 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_machine_image_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.machineImages.getIamPolicy", + "compute.machineImages.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.machineImages.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_network.json b/src/mapping/google/resource/compute/google_compute_network.json index 61516d5f..627bb0fa 100644 --- a/src/mapping/google/resource/compute/google_compute_network.json +++ b/src/mapping/google/resource/compute/google_compute_network.json @@ -1,16 +1,18 @@ -[ - { - "apply": [ - "compute.networks.create", - "compute.networks.get" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "compute.networks.delete" - ], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "compute.networks.create", + "compute.networks.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "compute.networks.delete" + ], + "modify": [], + "plan": [ + "compute.networks.get" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_network_attachment.json b/src/mapping/google/resource/compute/google_compute_network_attachment.json new file mode 100644 index 00000000..10dc9ec7 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_network_attachment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.networkAttachments.create", + "compute.networkAttachments.delete", + "compute.networkAttachments.update", + "compute.networkAttachments.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_network_endpoint_group.json b/src/mapping/google/resource/compute/google_compute_network_endpoint_group.json new file mode 100644 index 00000000..42356cd8 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_network_endpoint_group.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "compute.networkEndpointGroups.create", + "compute.networkEndpointGroups.get", + "compute.networkEndpointGroups.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_backend_service.json b/src/mapping/google/resource/compute/google_compute_region_backend_service.json new file mode 100644 index 00000000..8a41913d --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_backend_service.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "compute.regionBackendServices.create", + "compute.regionBackendServices.get", + "compute.regionBackendServices.update", + "compute.regionBackendServices.delete", + "compute.healthChecks.useReadOnly", + "compute.httpHealthChecks.useReadOnly", + "compute.httpsHealthChecks.useReadOnly", + "compute.regionHealthChecks.useReadOnly" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_binding.json b/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_binding.json new file mode 100644 index 00000000..c5f8e63b --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.regionBackendServices.getIamPolicy", + "compute.regionBackendServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_member.json b/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_member.json new file mode 100644 index 00000000..c5f8e63b --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.regionBackendServices.getIamPolicy", + "compute.regionBackendServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_policy.json b/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_policy.json new file mode 100644 index 00000000..9c0e8c4f --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_backend_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.regionBackendServices.getIamPolicy", + "compute.regionBackendServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.regionBackendServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_disk_iam_binding.json b/src/mapping/google/resource/compute/google_compute_region_disk_iam_binding.json new file mode 100644 index 00000000..710e90de --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_disk_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.disks.getIamPolicy", + "compute.disks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_disk_iam_member.json b/src/mapping/google/resource/compute/google_compute_region_disk_iam_member.json new file mode 100644 index 00000000..710e90de --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_disk_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.disks.getIamPolicy", + "compute.disks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_disk_iam_policy.json b/src/mapping/google/resource/compute/google_compute_region_disk_iam_policy.json new file mode 100644 index 00000000..c257cb5f --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_disk_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.disks.getIamPolicy", + "compute.disks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.disks.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_health_check.json b/src/mapping/google/resource/compute/google_compute_region_health_check.json new file mode 100644 index 00000000..203d7af2 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_health_check.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.regionHealthChecks.create", + "compute.regionHealthChecks.delete", + "compute.regionHealthChecks.update", + "compute.regionHealthChecks.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_network_endpoint_group.json b/src/mapping/google/resource/compute/google_compute_region_network_endpoint_group.json new file mode 100644 index 00000000..7aaaa748 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_network_endpoint_group.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.regionNetworkEndpointGroups.create", + "compute.regionNetworkEndpointGroups.get", + "compute.regionNetworkEndpointGroups.delete", + "compute.regionOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_target_http_proxy.json b/src/mapping/google/resource/compute/google_compute_region_target_http_proxy.json new file mode 100644 index 00000000..4839531e --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_target_http_proxy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.regionTargetHttpProxies.create", + "compute.regionTargetHttpProxies.get", + "compute.regionTargetHttpProxies.update", + "compute.regionTargetHttpProxies.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_target_https_proxy.json b/src/mapping/google/resource/compute/google_compute_region_target_https_proxy.json new file mode 100644 index 00000000..be23d36e --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_target_https_proxy.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "compute.regionTargetHttpsProxies.create", + "compute.regionTargetHttpsProxies.get", + "compute.regionTargetHttpsProxies.update", + "compute.regionTargetHttpsProxies.delete" + ], + "attributes": { + "ssl_certificates": [ + "compute.regionSslCertificates.get", + "compute.regionTargetHttpsProxies.setSslCertificates" + ], + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_target_tcp_proxy.json b/src/mapping/google/resource/compute/google_compute_region_target_tcp_proxy.json new file mode 100644 index 00000000..6257df9c --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_target_tcp_proxy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "compute.regionTargetTcpProxies.create", + "compute.regionTargetTcpProxies.get", + "compute.regionTargetTcpProxies.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_region_url_map.json b/src/mapping/google/resource/compute/google_compute_region_url_map.json new file mode 100644 index 00000000..2f8325fc --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_region_url_map.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "compute.regionBackendServices.use", + "compute.regionUrlMaps.create", + "compute.regionUrlMaps.get", + "compute.regionUrlMaps.update", + "compute.regionUrlMaps.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_snapshot_iam_binding.json b/src/mapping/google/resource/compute/google_compute_snapshot_iam_binding.json new file mode 100644 index 00000000..d98fcab2 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_snapshot_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.snapshots.getIamPolicy", + "compute.snapshots.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_snapshot_iam_member.json b/src/mapping/google/resource/compute/google_compute_snapshot_iam_member.json new file mode 100644 index 00000000..d98fcab2 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_snapshot_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.snapshots.getIamPolicy", + "compute.snapshots.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_snapshot_iam_policy.json b/src/mapping/google/resource/compute/google_compute_snapshot_iam_policy.json new file mode 100644 index 00000000..81f35406 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_snapshot_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.snapshots.getIamPolicy", + "compute.snapshots.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.snapshots.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_storage_pool_iam_binding.json b/src/mapping/google/resource/compute/google_compute_storage_pool_iam_binding.json new file mode 100644 index 00000000..7714b4b3 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_storage_pool_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.storagePools.getIamPolicy", + "compute.storagePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_storage_pool_iam_member.json b/src/mapping/google/resource/compute/google_compute_storage_pool_iam_member.json new file mode 100644 index 00000000..7714b4b3 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_storage_pool_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.storagePools.getIamPolicy", + "compute.storagePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_storage_pool_iam_policy.json b/src/mapping/google/resource/compute/google_compute_storage_pool_iam_policy.json new file mode 100644 index 00000000..cb3f877a --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_storage_pool_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.storagePools.getIamPolicy", + "compute.storagePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.storagePools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_subnetwork.json b/src/mapping/google/resource/compute/google_compute_subnetwork.json index d2d7e58e..efac1fa8 100644 --- a/src/mapping/google/resource/compute/google_compute_subnetwork.json +++ b/src/mapping/google/resource/compute/google_compute_subnetwork.json @@ -13,6 +13,8 @@ "compute.subnetworks.delete" ], "modify": [], - "plan": [] + "plan": [ + "compute.subnetworks.get" + ] } ] diff --git a/src/mapping/google/resource/compute/google_compute_subnetwork_iam_binding.json b/src/mapping/google/resource/compute/google_compute_subnetwork_iam_binding.json new file mode 100644 index 00000000..18d45216 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_subnetwork_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "compute.subnetworks.getIamPolicy", + "compute.subnetworks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_subnetwork_iam_member.json b/src/mapping/google/resource/compute/google_compute_subnetwork_iam_member.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_subnetwork_iam_member.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_subnetwork_iam_policy.json b/src/mapping/google/resource/compute/google_compute_subnetwork_iam_policy.json new file mode 100644 index 00000000..5575bb10 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_subnetwork_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.subnetworks.getIamPolicy", + "compute.subnetworks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "compute.subnetworks.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_target_http_proxy.json b/src/mapping/google/resource/compute/google_compute_target_http_proxy.json new file mode 100644 index 00000000..889d00d3 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_target_http_proxy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.targetHttpProxies.create", + "compute.targetHttpProxies.delete", + "compute.targetHttpProxies.update", + "compute.targetHttpProxies.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_target_https_proxy.json b/src/mapping/google/resource/compute/google_compute_target_https_proxy.json new file mode 100644 index 00000000..8ec69317 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_target_https_proxy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "compute.targetHttpsProxies.create", + "compute.targetHttpsProxies.delete", + "compute.targetHttpsProxies.update", + "compute.targetHttpsProxies.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_compute_url_map.json b/src/mapping/google/resource/compute/google_compute_url_map.json new file mode 100644 index 00000000..481225c1 --- /dev/null +++ b/src/mapping/google/resource/compute/google_compute_url_map.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "compute.backendBuckets.use", + "compute.backendServices.use", + "compute.urlMaps.create", + "compute.urlMaps.get", + "compute.urlMaps.update", + "compute.urlMaps.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/compute/google_project_usage_export_bucket.json b/src/mapping/google/resource/compute/google_project_usage_export_bucket.json new file mode 100644 index 00000000..6031d67b --- /dev/null +++ b/src/mapping/google/resource/compute/google_project_usage_export_bucket.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "compute.projects.setUsageExportBucket", + "compute.globalOperations.get", + "compute.projects.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/contactcenterinsights/google_contact_center_insights_analysis_rule.json b/src/mapping/google/resource/contactcenterinsights/google_contact_center_insights_analysis_rule.json new file mode 100644 index 00000000..9ecc7e83 --- /dev/null +++ b/src/mapping/google/resource/contactcenterinsights/google_contact_center_insights_analysis_rule.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "contactcenterinsights.analysisRules.create", + "contactcenterinsights.analysisRules.delete", + "contactcenterinsights.analysisRules.get", + "contactcenterinsights.analysisRules.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/contactcenterinsights/google_contact_center_insights_view.json b/src/mapping/google/resource/contactcenterinsights/google_contact_center_insights_view.json new file mode 100644 index 00000000..9d63fe76 --- /dev/null +++ b/src/mapping/google/resource/contactcenterinsights/google_contact_center_insights_view.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "contactcenterinsights.views.create", + "contactcenterinsights.views.delete", + "contactcenterinsights.views.get", + "contactcenterinsights.views.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/container/google_container_cluster.json b/src/mapping/google/resource/container/google_container_cluster.json index 59446403..5ac2b910 100644 --- a/src/mapping/google/resource/container/google_container_cluster.json +++ b/src/mapping/google/resource/container/google_container_cluster.json @@ -1,22 +1,24 @@ -[ - { - "apply": [ - "container.clusters.create", - "container.operations.get", - "container.clusters.get", - "compute.instanceGroupManagers.get", - "container.clusters.delete", - "container.clusters.update" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "container.clusters.delete" - ], - "modify": [ - "container.clusters.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "container.clusters.create", + "container.operations.get", + "container.clusters.get", + "compute.instanceGroupManagers.get", + "container.clusters.delete", + "container.clusters.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "container.clusters.delete" + ], + "modify": [ + "container.clusters.update" + ], + "plan": [ + "container.clusters.get" + ] + } +] diff --git a/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_binding.json b/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_binding.json new file mode 100644 index 00000000..6b0f4bc4 --- /dev/null +++ b/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "containeranalysis.notes.getIamPolicy", + "containeranalysis.notes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_member.json b/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_member.json new file mode 100644 index 00000000..6b0f4bc4 --- /dev/null +++ b/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "containeranalysis.notes.getIamPolicy", + "containeranalysis.notes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_policy.json b/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_policy.json new file mode 100644 index 00000000..cc44d773 --- /dev/null +++ b/src/mapping/google/resource/containeranalysis/google_container_analysis_note_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "containeranalysis.notes.getIamPolicy", + "containeranalysis.notes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "containeranalysis.notes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy.json b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy.json new file mode 100644 index 00000000..f4482a6f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.setIamPolicy", + "datacatalog.tagTemplates.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_binding.json b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_binding.json new file mode 100644 index 00000000..f4482a6f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.setIamPolicy", + "datacatalog.tagTemplates.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_member.json b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_member.json new file mode 100644 index 00000000..f4482a6f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.setIamPolicy", + "datacatalog.tagTemplates.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_policy.json b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_policy.json new file mode 100644 index 00000000..f4482a6f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_bigquery_datapolicy_data_policy_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.setIamPolicy", + "datacatalog.tagTemplates.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_entry.json b/src/mapping/google/resource/datacatalog/google_data_catalog_entry.json new file mode 100644 index 00000000..bfdc63a3 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_entry.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "datacatalog.entries.create", + "datacatalog.entries.get", + "datacatalog.entries.update", + "datacatalog.entries.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "datacatalog.entries.delete" + ], + "modify": [ + "datacatalog.entries.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group.json b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group.json new file mode 100644 index 00000000..05f217a1 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "datacatalog.entryGroups.create", + "datacatalog.entryGroups.get", + "datacatalog.entryGroups.update", + "datacatalog.entryGroups.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "datacatalog.entryGroups.delete" + ], + "modify": [ + "datacatalog.entryGroups.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_binding.json b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_binding.json new file mode 100644 index 00000000..506d3f61 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.entryGroups.setIamPolicy", + "datacatalog.entryGroups.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_member.json b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_member.json new file mode 100644 index 00000000..506d3f61 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.entryGroups.setIamPolicy", + "datacatalog.entryGroups.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_policy.json b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_policy.json new file mode 100644 index 00000000..506d3f61 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_entry_group_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.entryGroups.setIamPolicy", + "datacatalog.entryGroups.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag.json b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_binding.json b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_binding.json new file mode 100644 index 00000000..c3c2c148 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.categories.getIamPolicy", + "datacatalog.categories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_member.json b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_member.json new file mode 100644 index 00000000..ee196a44 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.categories.getIamPolicy", + "datacatalog.categories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_policy.json b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_policy.json new file mode 100644 index 00000000..c3c2c148 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_policy_tag_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.categories.getIamPolicy", + "datacatalog.categories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_tag.json b/src/mapping/google/resource/datacatalog/google_data_catalog_tag.json new file mode 100644 index 00000000..77b6b2d3 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_tag.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.get", + "datacatalog.tagTemplates.getTag", + "datacatalog.tagTemplates.use", + "datacatalog.tagTemplates.delete", + "datacatalog.entries.updateTag" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "datacatalog.tagTemplates.delete" + ], + "modify": [ + "datacatalog.entries.updateTag" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template.json b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template.json new file mode 100644 index 00000000..ad05a33f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.create", + "datacatalog.tagTemplates.getIamPolicy", + "datacatalog.tagTemplates.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_binding.json b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_binding.json new file mode 100644 index 00000000..f4482a6f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.setIamPolicy", + "datacatalog.tagTemplates.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_member.json b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_member.json new file mode 100644 index 00000000..f4482a6f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.setIamPolicy", + "datacatalog.tagTemplates.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_policy.json b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_policy.json new file mode 100644 index 00000000..f4482a6f --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_tag_template_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.tagTemplates.setIamPolicy", + "datacatalog.tagTemplates.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy.json b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy.json new file mode 100644 index 00000000..9ad67899 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "datacatalog.taxonomies.create", + "datacatalog.taxonomies.get", + "datacatalog.taxonomies.update", + "datacatalog.taxonomies.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "datacatalog.taxonomies.delete" + ], + "modify": [ + "datacatalog.taxonomies.update" + ], + "plan": [ + "datacatalog.taxonomies.get" + ] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_binding.json b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_binding.json new file mode 100644 index 00000000..cfab57bb --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.taxonomies.setIamPolicy", + "datacatalog.taxonomies.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_member.json b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_member.json new file mode 100644 index 00000000..cfab57bb --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datacatalog.taxonomies.setIamPolicy", + "datacatalog.taxonomies.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_policy.json b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_policy.json new file mode 100644 index 00000000..c257ce68 --- /dev/null +++ b/src/mapping/google/resource/datacatalog/google_data_catalog_taxonomy_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "datacatalog.taxonomies.setIamPolicy", + "datacatalog.taxonomies.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "datacatalog.taxonomies.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataflow/google_dataflow_job.json b/src/mapping/google/resource/dataflow/google_dataflow_job.json new file mode 100644 index 00000000..4562a75f --- /dev/null +++ b/src/mapping/google/resource/dataflow/google_dataflow_job.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "resourcemanager.projects.get", + "dataflow.jobs.create", + "dataflow.jobs.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataform/google_dataform_repository.json b/src/mapping/google/resource/dataform/google_dataform_repository.json new file mode 100644 index 00000000..da37c3fb --- /dev/null +++ b/src/mapping/google/resource/dataform/google_dataform_repository.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "dataform.repositories.create", + "dataform.repositories.get", + "dataform.repositories.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataform/google_dataform_repository_iam_binding.json b/src/mapping/google/resource/dataform/google_dataform_repository_iam_binding.json new file mode 100644 index 00000000..945538b1 --- /dev/null +++ b/src/mapping/google/resource/dataform/google_dataform_repository_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataform.repositories.getIamPolicy", + "dataform.repositories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataform/google_dataform_repository_iam_member.json b/src/mapping/google/resource/dataform/google_dataform_repository_iam_member.json new file mode 100644 index 00000000..945538b1 --- /dev/null +++ b/src/mapping/google/resource/dataform/google_dataform_repository_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataform.repositories.getIamPolicy", + "dataform.repositories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataform/google_dataform_repository_iam_policy.json b/src/mapping/google/resource/dataform/google_dataform_repository_iam_policy.json new file mode 100644 index 00000000..f84ffe5e --- /dev/null +++ b/src/mapping/google/resource/dataform/google_dataform_repository_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataform.repositories.getIamPolicy", + "dataform.repositories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataform.repositories.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataform/google_dataform_repository_release_config.json b/src/mapping/google/resource/dataform/google_dataform_repository_release_config.json new file mode 100644 index 00000000..038bee36 --- /dev/null +++ b/src/mapping/google/resource/dataform/google_dataform_repository_release_config.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataform.releaseConfigs.create", + "dataform.releaseConfigs.get", + "dataform.releaseConfigs.update", + "dataform.releaseConfigs.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataform/google_dataform_repository_workflow_config.json b/src/mapping/google/resource/dataform/google_dataform_repository_workflow_config.json new file mode 100644 index 00000000..1bb346ec --- /dev/null +++ b/src/mapping/google/resource/dataform/google_dataform_repository_workflow_config.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataform.workflowConfigs.create", + "dataform.workflowConfigs.get", + "dataform.workflowConfigs.update", + "dataform.workflowConfigs.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_binding.json b/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_binding.json new file mode 100644 index 00000000..a70aae7c --- /dev/null +++ b/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datafusion.instances.getIamPolicy", + "datafusion.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_member.json b/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_member.json new file mode 100644 index 00000000..a70aae7c --- /dev/null +++ b/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "datafusion.instances.getIamPolicy", + "datafusion.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_policy.json b/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_policy.json new file mode 100644 index 00000000..b89ee453 --- /dev/null +++ b/src/mapping/google/resource/datafusion/google_data_fusion_instance_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "datafusion.instances.getIamPolicy", + "datafusion.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "datafusion.instances.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_aspect_type.json b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type.json new file mode 100644 index 00000000..c37476af --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.aspectTypes.create", + "dataplex.aspectTypes.delete", + "dataplex.aspectTypes.get", + "dataplex.aspectTypes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_binding.json new file mode 100644 index 00000000..05fc6b20 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.aspectTypes.getIamPolicy", + "dataplex.aspectTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_member.json new file mode 100644 index 00000000..05fc6b20 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.aspectTypes.getIamPolicy", + "dataplex.aspectTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_policy.json new file mode 100644 index 00000000..7c76e4b5 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_aspect_type_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.aspectTypes.getIamPolicy", + "dataplex.aspectTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.aspectTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_asset.json b/src/mapping/google/resource/dataplex/google_dataplex_asset.json new file mode 100644 index 00000000..fd5bce16 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_asset.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.assets.create", + "dataplex.assets.delete", + "dataplex.assets.get", + "dataplex.assets.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_binding.json new file mode 100644 index 00000000..373e1c4b --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.assets.getIamPolicy", + "dataplex.assets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_member.json new file mode 100644 index 00000000..373e1c4b --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.assets.getIamPolicy", + "dataplex.assets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_policy.json new file mode 100644 index 00000000..d80ff76c --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_asset_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.assets.getIamPolicy", + "dataplex.assets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.assets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_datascan.json b/src/mapping/google/resource/dataplex/google_dataplex_datascan.json new file mode 100644 index 00000000..18e60a74 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_datascan.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.datascans.create", + "dataplex.datascans.delete", + "dataplex.datascans.get", + "dataplex.datascans.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_binding.json new file mode 100644 index 00000000..54172815 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.datascans.getIamPolicy", + "dataplex.datascans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_member.json new file mode 100644 index 00000000..54172815 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.datascans.getIamPolicy", + "dataplex.datascans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_policy.json new file mode 100644 index 00000000..b2e1eef7 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_datascan_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.datascans.getIamPolicy", + "dataplex.datascans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.datascans.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry.json b/src/mapping/google/resource/dataplex/google_dataplex_entry.json new file mode 100644 index 00000000..cf24b229 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.entries.create", + "dataplex.entries.delete", + "dataplex.entries.get", + "dataplex.entries.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_group.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_group.json new file mode 100644 index 00000000..a4b1b19c --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_group.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.entryGroups.create", + "dataplex.entryGroups.delete", + "dataplex.entryGroups.get", + "dataplex.entryGroups.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_binding.json new file mode 100644 index 00000000..71fca963 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.entryGroups.getIamPolicy", + "dataplex.entryGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_member.json new file mode 100644 index 00000000..71fca963 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.entryGroups.getIamPolicy", + "dataplex.entryGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_policy.json new file mode 100644 index 00000000..22829f17 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_group_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.entryGroups.getIamPolicy", + "dataplex.entryGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.entryGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_type.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_type.json new file mode 100644 index 00000000..b7c13bb1 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_type.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.entryTypes.create", + "dataplex.entryTypes.delete", + "dataplex.entryTypes.get", + "dataplex.entryTypes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_binding.json new file mode 100644 index 00000000..025abc2c --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.entryTypes.getIamPolicy", + "dataplex.entryTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_member.json new file mode 100644 index 00000000..025abc2c --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.entryTypes.getIamPolicy", + "dataplex.entryTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_policy.json new file mode 100644 index 00000000..c08904bf --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_entry_type_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.entryTypes.getIamPolicy", + "dataplex.entryTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.entryTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_glossary.json b/src/mapping/google/resource/dataplex/google_dataplex_glossary.json new file mode 100644 index 00000000..d7452cbb --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_glossary.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "dataplex.glossaries.create", + "dataplex.glossaries.get", + "dataplex.glossaries.update", + "dataplex.operations.get", + "dataplex.glossaries.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_glossary_category.json b/src/mapping/google/resource/dataplex/google_dataplex_glossary_category.json new file mode 100644 index 00000000..bbbc5abd --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_glossary_category.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.glossaryCategories.create", + "dataplex.glossaryCategories.get", + "dataplex.glossaryCategories.update", + "dataplex.glossaryCategories.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_binding.json new file mode 100644 index 00000000..a80e4286 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.glossaries.getIamPolicy", + "dataplex.glossaries.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_member.json new file mode 100644 index 00000000..a80e4286 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.glossaries.getIamPolicy", + "dataplex.glossaries.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_policy.json new file mode 100644 index 00000000..d44a08bf --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_glossary_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.glossaries.getIamPolicy", + "dataplex.glossaries.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.glossaries.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_glossary_term.json b/src/mapping/google/resource/dataplex/google_dataplex_glossary_term.json new file mode 100644 index 00000000..5865073a --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_glossary_term.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.glossaryTerms.create", + "dataplex.glossaryTerms.get", + "dataplex.glossaryTerms.update", + "dataplex.glossaryTerms.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_lake.json b/src/mapping/google/resource/dataplex/google_dataplex_lake.json new file mode 100644 index 00000000..278ae353 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_lake.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.lakes.create", + "dataplex.lakes.delete", + "dataplex.lakes.get", + "dataplex.lakes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_binding.json new file mode 100644 index 00000000..d2e1276d --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.lakes.setIamPolicy", + "dataplex.lakes.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_member.json new file mode 100644 index 00000000..d2e1276d --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.lakes.setIamPolicy", + "dataplex.lakes.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_policy.json new file mode 100644 index 00000000..4800f72e --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_lake_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.lakes.setIamPolicy", + "dataplex.lakes.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.lakes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_task.json b/src/mapping/google/resource/dataplex/google_dataplex_task.json new file mode 100644 index 00000000..d0a43fa1 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_task.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.tasks.create", + "dataplex.tasks.delete", + "dataplex.tasks.get", + "dataplex.tasks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_task_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_task_iam_binding.json new file mode 100644 index 00000000..a0487f9a --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_task_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.tasks.getIamPolicy", + "dataplex.tasks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_task_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_task_iam_member.json new file mode 100644 index 00000000..a0487f9a --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_task_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.tasks.getIamPolicy", + "dataplex.tasks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_task_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_task_iam_policy.json new file mode 100644 index 00000000..89c0645e --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_task_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.tasks.getIamPolicy", + "dataplex.tasks.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.tasks.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_zone.json b/src/mapping/google/resource/dataplex/google_dataplex_zone.json new file mode 100644 index 00000000..eb4b730c --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_zone.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.zones.create", + "dataplex.zones.delete", + "dataplex.zones.get", + "dataplex.zones.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_binding.json b/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_binding.json new file mode 100644 index 00000000..27938fa5 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.zones.getIamPolicy", + "dataplex.zones.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_member.json b/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_member.json new file mode 100644 index 00000000..27938fa5 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataplex.zones.getIamPolicy", + "dataplex.zones.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_policy.json b/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_policy.json new file mode 100644 index 00000000..54a95c83 --- /dev/null +++ b/src/mapping/google/resource/dataplex/google_dataplex_zone_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataplex.zones.getIamPolicy", + "dataplex.zones.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dataplex.zones.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy.json b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy.json new file mode 100644 index 00000000..e09fa3f6 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataproc.autoscalingPolicies.update", + "dataproc.autoscalingPolicies.get", + "dataproc.autoscalingPolicies.delete", + "dataproc.autoscalingPolicies.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_binding.json b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_binding.json new file mode 100644 index 00000000..5254b2d9 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.autoscalingPolicies.getIamPolicy", + "dataproc.autoscalingPolicies.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_member.json b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_member.json new file mode 100644 index 00000000..5254b2d9 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.autoscalingPolicies.getIamPolicy", + "dataproc.autoscalingPolicies.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_policy.json b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_policy.json new file mode 100644 index 00000000..5254b2d9 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_autoscaling_policy_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.autoscalingPolicies.getIamPolicy", + "dataproc.autoscalingPolicies.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_batch.json b/src/mapping/google/resource/dataproc/google_dataproc_batch.json new file mode 100644 index 00000000..5b72d8f0 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_batch.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "dataproc.batches.get", + "dataproc.batches.delete", + "dataproc.batches.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_cluster.json b/src/mapping/google/resource/dataproc/google_dataproc_cluster.json new file mode 100644 index 00000000..30e38690 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_cluster.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataproc.clusters.update", + "dataproc.clusters.get", + "dataproc.clusters.delete", + "dataproc.clusters.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_binding.json b/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_binding.json new file mode 100644 index 00000000..30eeb478 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.clusters.getIamPolicy", + "dataproc.clusters.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_member.json b/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_member.json new file mode 100644 index 00000000..30eeb478 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.clusters.getIamPolicy", + "dataproc.clusters.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_policy.json b/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_policy.json new file mode 100644 index 00000000..30eeb478 --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_cluster_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.clusters.getIamPolicy", + "dataproc.clusters.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_job.json b/src/mapping/google/resource/dataproc/google_dataproc_job.json new file mode 100644 index 00000000..153afa8d --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_job.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataproc.jobs.update", + "dataproc.jobs.get", + "dataproc.jobs.delete", + "dataproc.jobs.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_job_iam_binding.json b/src/mapping/google/resource/dataproc/google_dataproc_job_iam_binding.json new file mode 100644 index 00000000..382d37ce --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_job_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.jobs.getIamPolicy", + "dataproc.jobs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_job_iam_member.json b/src/mapping/google/resource/dataproc/google_dataproc_job_iam_member.json new file mode 100644 index 00000000..382d37ce --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_job_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.jobs.getIamPolicy", + "dataproc.jobs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_job_iam_policy.json b/src/mapping/google/resource/dataproc/google_dataproc_job_iam_policy.json new file mode 100644 index 00000000..382d37ce --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_job_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dataproc.jobs.getIamPolicy", + "dataproc.jobs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_session_template.json b/src/mapping/google/resource/dataproc/google_dataproc_session_template.json new file mode 100644 index 00000000..ea0a508b --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_session_template.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataproc.sessionTemplates.update", + "dataproc.sessionTemplates.get", + "dataproc.sessionTemplates.delete", + "dataproc.sessionTemplates.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dataproc/google_dataproc_workflow_template.json b/src/mapping/google/resource/dataproc/google_dataproc_workflow_template.json new file mode 100644 index 00000000..dac21daa --- /dev/null +++ b/src/mapping/google/resource/dataproc/google_dataproc_workflow_template.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dataproc.workflowTemplates.update", + "dataproc.workflowTemplates.get", + "dataproc.workflowTemplates.delete", + "dataproc.workflowTemplates.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/deploymentmanager/google_deployment_manager_deployment.json b/src/mapping/google/resource/deploymentmanager/google_deployment_manager_deployment.json new file mode 100644 index 00000000..e091a4a0 --- /dev/null +++ b/src/mapping/google/resource/deploymentmanager/google_deployment_manager_deployment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "deploymentmanager.deployments.create", + "deploymentmanager.deployments.delete", + "deploymentmanager.deployments.get", + "deploymentmanager.deployments.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/developerconnect/google_developer_connect_account_connector.json b/src/mapping/google/resource/developerconnect/google_developer_connect_account_connector.json new file mode 100644 index 00000000..f6eaca18 --- /dev/null +++ b/src/mapping/google/resource/developerconnect/google_developer_connect_account_connector.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "developerconnect.accountConnectors.create", + "developerconnect.accountConnectors.delete", + "developerconnect.accountConnectors.get", + "developerconnect.accountConnectors.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/developerconnect/google_developer_connect_connection.json b/src/mapping/google/resource/developerconnect/google_developer_connect_connection.json new file mode 100644 index 00000000..c2f369cc --- /dev/null +++ b/src/mapping/google/resource/developerconnect/google_developer_connect_connection.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "developerconnect.connections.create", + "developerconnect.connections.delete", + "developerconnect.connections.update", + "developerconnect.connections.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/developerconnect/google_developer_connect_git_repository_link.json b/src/mapping/google/resource/developerconnect/google_developer_connect_git_repository_link.json new file mode 100644 index 00000000..48125aeb --- /dev/null +++ b/src/mapping/google/resource/developerconnect/google_developer_connect_git_repository_link.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "developerconnect.gitRepositoryLinks.create", + "developerconnect.gitRepositoryLinks.delete", + "developerconnect.gitRepositoryLinks.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_agent.json b/src/mapping/google/resource/dialogflow/google_dialogflow_agent.json new file mode 100644 index 00000000..3071aad8 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_agent.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.agents.get", + "dialogflow.agents.create", + "dialogflow.agents.update", + "dialogflow.agents.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_conversation_profile.json b/src/mapping/google/resource/dialogflow/google_dialogflow_conversation_profile.json new file mode 100644 index 00000000..4f8ea4b4 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_conversation_profile.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.conversationProfiles.update", + "dialogflow.conversationProfiles.get", + "dialogflow.conversationProfiles.delete", + "dialogflow.conversationProfiles.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_agent.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_agent.json new file mode 100644 index 00000000..3071aad8 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_agent.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.agents.get", + "dialogflow.agents.create", + "dialogflow.agents.update", + "dialogflow.agents.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_entity_type.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_entity_type.json new file mode 100644 index 00000000..dfa858e8 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_entity_type.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.entityTypes.update", + "dialogflow.entityTypes.get", + "dialogflow.entityTypes.delete", + "dialogflow.entityTypes.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_environment.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_environment.json new file mode 100644 index 00000000..4db2c7b5 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_environment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.environments.create", + "dialogflow.environments.get", + "dialogflow.environments.update", + "dialogflow.environments.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_flow.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_flow.json new file mode 100644 index 00000000..89d3febf --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_flow.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.flows.create", + "dialogflow.flows.get", + "dialogflow.flows.update", + "dialogflow.flows.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_generative_settings.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_generative_settings.json new file mode 100644 index 00000000..c3c0dcdb --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_generative_settings.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.securitySettings.create", + "dialogflow.securitySettings.get", + "dialogflow.securitySettings.update", + "dialogflow.securitySettings.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_generator.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_generator.json new file mode 100644 index 00000000..bedd2afe --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_generator.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.generators.create", + "dialogflow.generators.get", + "dialogflow.generators.update", + "dialogflow.generators.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_intent.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_intent.json new file mode 100644 index 00000000..eadc2c22 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_intent.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.intents.create", + "dialogflow.intents.get", + "dialogflow.intents.update", + "dialogflow.intents.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_page.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_page.json new file mode 100644 index 00000000..78836a3b --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_page.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.pages.create", + "dialogflow.pages.get", + "dialogflow.pages.delete", + "dialogflow.pages.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_playbook.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_playbook.json new file mode 100644 index 00000000..3630f068 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_playbook.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.playbooks.create", + "dialogflow.playbooks.get", + "dialogflow.playbooks.update", + "dialogflow.playbooks.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_security_settings.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_security_settings.json new file mode 100644 index 00000000..c3c0dcdb --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_security_settings.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.securitySettings.create", + "dialogflow.securitySettings.get", + "dialogflow.securitySettings.update", + "dialogflow.securitySettings.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_tool.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_tool.json new file mode 100644 index 00000000..7715a638 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_tool.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.tools.create", + "dialogflow.tools.get", + "dialogflow.tools.update", + "dialogflow.tools.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_version.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_version.json new file mode 100644 index 00000000..c9e9d35b --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_version.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "dialogflow.versions.create", + "dialogflow.versions.get", + "dialogflow.versions.update", + "dialogflow.versions.delete", + "dialogflow.operations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_cx_webhook.json b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_webhook.json new file mode 100644 index 00000000..623db5bb --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_cx_webhook.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.webhooks.create", + "dialogflow.webhooks.delete", + "dialogflow.webhooks.get", + "dialogflow.webhooks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_encryption_spec.json b/src/mapping/google/resource/dialogflow/google_dialogflow_encryption_spec.json new file mode 100644 index 00000000..4bf8dcfc --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_encryption_spec.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dialogflow.encryptionspec.update", + "dialogflow.encryptionspec.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_entity_type.json b/src/mapping/google/resource/dialogflow/google_dialogflow_entity_type.json new file mode 100644 index 00000000..dfa858e8 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_entity_type.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.entityTypes.update", + "dialogflow.entityTypes.get", + "dialogflow.entityTypes.delete", + "dialogflow.entityTypes.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_fulfillment.json b/src/mapping/google/resource/dialogflow/google_dialogflow_fulfillment.json new file mode 100644 index 00000000..8a802c3d --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_fulfillment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "dialogflow.fulfillments.update", + "dialogflow.fulfillments.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dialogflow/google_dialogflow_intent.json b/src/mapping/google/resource/dialogflow/google_dialogflow_intent.json new file mode 100644 index 00000000..9cbde953 --- /dev/null +++ b/src/mapping/google/resource/dialogflow/google_dialogflow_intent.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dialogflow.intents.update", + "dialogflow.intents.get", + "dialogflow.intents.delete", + "dialogflow.intents.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dns/google_dns_managed_zone.json b/src/mapping/google/resource/dns/google_dns_managed_zone.json index b4dfe956..bf5b674d 100644 --- a/src/mapping/google/resource/dns/google_dns_managed_zone.json +++ b/src/mapping/google/resource/dns/google_dns_managed_zone.json @@ -1,27 +1,29 @@ -[ - { - "apply": [ - "dns.managedZones.get", - "dns.managedZones.create", - "dns.managedZones.delete", - "dns.managedZones.update" - ], - "attributes": { - "gke_clusters": [ - "dns.gkeClusters.bindPrivateDNSZone" - ], - "private_visibility_config": [ - "dns.networks.bindPrivateDNSZone", - "dns.networks.targetWithPeeringZone" - ], - "tags": [] - }, - "destroy": [ - "dns.managedZones.delete" - ], - "modify": [], - "plan": [ - "dns.managedZones.update" - ] - } -] +[ + { + "apply": [ + "dns.managedZones.get", + "dns.managedZones.create", + "dns.managedZones.delete", + "dns.managedZones.update" + ], + "attributes": { + "gke_clusters": [ + "dns.gkeClusters.bindPrivateDNSZone" + ], + "private_visibility_config": [ + "dns.networks.bindPrivateDNSZone", + "dns.networks.targetWithPeeringZone" + ], + "tags": [] + }, + "destroy": [ + "dns.managedZones.delete" + ], + "modify": [ + "dns.managedZones.update" + ], + "plan": [ + "dns.managedZones.get" + ] + } +] diff --git a/src/mapping/google/resource/dns/google_dns_managed_zone_iam_binding.json b/src/mapping/google/resource/dns/google_dns_managed_zone_iam_binding.json new file mode 100644 index 00000000..a7122ffc --- /dev/null +++ b/src/mapping/google/resource/dns/google_dns_managed_zone_iam_binding.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "dns.managedZones.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dns/google_dns_managed_zone_iam_member.json b/src/mapping/google/resource/dns/google_dns_managed_zone_iam_member.json new file mode 100644 index 00000000..a7122ffc --- /dev/null +++ b/src/mapping/google/resource/dns/google_dns_managed_zone_iam_member.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "dns.managedZones.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/dns/google_dns_managed_zone_iam_policy.json b/src/mapping/google/resource/dns/google_dns_managed_zone_iam_policy.json new file mode 100644 index 00000000..089e1bb6 --- /dev/null +++ b/src/mapping/google/resource/dns/google_dns_managed_zone_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "dns.managedZones.getIamPolicy", + "dns.managedZones.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "dns.managedZones.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/edgecontainer/google_edgecontainer_cluster.json b/src/mapping/google/resource/edgecontainer/google_edgecontainer_cluster.json new file mode 100644 index 00000000..496d10b4 --- /dev/null +++ b/src/mapping/google/resource/edgecontainer/google_edgecontainer_cluster.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "edgecontainer.clusters.create", + "edgecontainer.clusters.delete", + "edgecontainer.clusters.get", + "edgecontainer.clusters.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/edgecontainer/google_edgecontainer_node_pool.json b/src/mapping/google/resource/edgecontainer/google_edgecontainer_node_pool.json new file mode 100644 index 00000000..2fc0156c --- /dev/null +++ b/src/mapping/google/resource/edgecontainer/google_edgecontainer_node_pool.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "edgecontainer.nodePools.create", + "edgecontainer.nodePools.delete", + "edgecontainer.nodePools.get", + "edgecontainer.nodePools.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/edgecontainer/google_edgecontainer_vpn_connection.json b/src/mapping/google/resource/edgecontainer/google_edgecontainer_vpn_connection.json new file mode 100644 index 00000000..0c74247b --- /dev/null +++ b/src/mapping/google/resource/edgecontainer/google_edgecontainer_vpn_connection.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "edgecontainer.vpnConnections.create", + "edgecontainer.vpnConnections.delete", + "edgecontainer.vpnConnections.get", + "edgecontainer.vpnConnections.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/edgenetwork/google_edgenetwork_interconnect_attachment.json b/src/mapping/google/resource/edgenetwork/google_edgenetwork_interconnect_attachment.json new file mode 100644 index 00000000..a75f395d --- /dev/null +++ b/src/mapping/google/resource/edgenetwork/google_edgenetwork_interconnect_attachment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "edgenetwork.interconnectAttachments.create", + "edgenetwork.interconnectAttachments.delete", + "edgenetwork.interconnectAttachments.get", + "edgenetwork.interconnectAttachments.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/edgenetwork/google_edgenetwork_network.json b/src/mapping/google/resource/edgenetwork/google_edgenetwork_network.json new file mode 100644 index 00000000..b3cf845d --- /dev/null +++ b/src/mapping/google/resource/edgenetwork/google_edgenetwork_network.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "edgenetwork.networks.create", + "edgenetwork.networks.delete", + "edgenetwork.networks.get", + "edgenetwork.networks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/edgenetwork/google_edgenetwork_subnet.json b/src/mapping/google/resource/edgenetwork/google_edgenetwork_subnet.json new file mode 100644 index 00000000..82fd35d2 --- /dev/null +++ b/src/mapping/google/resource/edgenetwork/google_edgenetwork_subnet.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "edgenetwork.subnetworks.create", + "edgenetwork.subnetworks.delete", + "edgenetwork.subnetworks.get", + "edgenetwork.subnetworks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/eventarc/google_eventarc_channel.json b/src/mapping/google/resource/eventarc/google_eventarc_channel.json new file mode 100644 index 00000000..0f3cb13a --- /dev/null +++ b/src/mapping/google/resource/eventarc/google_eventarc_channel.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "eventarc.channels.create", + "eventarc.channels.delete", + "eventarc.channels.get", + "eventarc.channels.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/eventarc/google_eventarc_enrollment.json b/src/mapping/google/resource/eventarc/google_eventarc_enrollment.json new file mode 100644 index 00000000..046eae72 --- /dev/null +++ b/src/mapping/google/resource/eventarc/google_eventarc_enrollment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "eventarc.enrollments.create", + "eventarc.enrollments.delete", + "eventarc.enrollments.get", + "eventarc.enrollments.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/eventarc/google_eventarc_google_api_source.json b/src/mapping/google/resource/eventarc/google_eventarc_google_api_source.json new file mode 100644 index 00000000..c2d6763a --- /dev/null +++ b/src/mapping/google/resource/eventarc/google_eventarc_google_api_source.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "eventarc.googleApiSources.create", + "eventarc.googleApiSources.delete", + "eventarc.googleApiSources.get", + "eventarc.googleApiSources.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/eventarc/google_eventarc_google_channel_config.json b/src/mapping/google/resource/eventarc/google_eventarc_google_channel_config.json new file mode 100644 index 00000000..0ed64a36 --- /dev/null +++ b/src/mapping/google/resource/eventarc/google_eventarc_google_channel_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "eventarc.googleChannelConfigs.get", + "eventarc.googleChannelConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/eventarc/google_eventarc_message_bus.json b/src/mapping/google/resource/eventarc/google_eventarc_message_bus.json new file mode 100644 index 00000000..818325e9 --- /dev/null +++ b/src/mapping/google/resource/eventarc/google_eventarc_message_bus.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "eventarc.messageBuses.create", + "eventarc.messageBuses.delete", + "eventarc.messageBuses.get", + "eventarc.messageBuses.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/eventarc/google_eventarc_pipeline.json b/src/mapping/google/resource/eventarc/google_eventarc_pipeline.json new file mode 100644 index 00000000..f2c85918 --- /dev/null +++ b/src/mapping/google/resource/eventarc/google_eventarc_pipeline.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "eventarc.pipelines.create", + "eventarc.pipelines.delete", + "eventarc.pipelines.get", + "eventarc.pipelines.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/eventarc/google_eventarc_trigger.json b/src/mapping/google/resource/eventarc/google_eventarc_trigger.json new file mode 100644 index 00000000..b0d0ffdc --- /dev/null +++ b/src/mapping/google/resource/eventarc/google_eventarc_trigger.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "eventarc.triggers.update", + "eventarc.triggers.get", + "eventarc.triggers.delete", + "eventarc.triggers.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/firebase/google_firebase_web_app.json b/src/mapping/google/resource/firebase/google_firebase_web_app.json new file mode 100644 index 00000000..47a73452 --- /dev/null +++ b/src/mapping/google/resource/firebase/google_firebase_web_app.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "resourcemanager.projects.get", + "serviceusage.services.enable", + "serviceusage.services.get", + "firebase.clients.create", + "firebase.clients.delete", + "firebase.clients.update", + "firebase.clients.get", + "clientauthconfig.clients.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "firebase.clients.delete" + ], + "modify": [ + "firebase.clients.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_binding.json b/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_binding.json new file mode 100644 index 00000000..15ec09a7 --- /dev/null +++ b/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkebackup.backupPlans.getIamPolicy", + "gkebackup.backupPlans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_member.json b/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_member.json new file mode 100644 index 00000000..15ec09a7 --- /dev/null +++ b/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkebackup.backupPlans.getIamPolicy", + "gkebackup.backupPlans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_policy.json b/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_policy.json new file mode 100644 index 00000000..01cf86c3 --- /dev/null +++ b/src/mapping/google/resource/gkebackup/google_gke_backup_backup_plan_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "gkebackup.backupPlans.getIamPolicy", + "gkebackup.backupPlans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkebackup.backupPlans.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_binding.json b/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_binding.json new file mode 100644 index 00000000..3c4be9c1 --- /dev/null +++ b/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkebackup.restorePlans.getIamPolicy", + "gkebackup.restorePlans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_member.json b/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_member.json new file mode 100644 index 00000000..3c4be9c1 --- /dev/null +++ b/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkebackup.restorePlans.getIamPolicy", + "gkebackup.restorePlans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_policy.json b/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_policy.json new file mode 100644 index 00000000..bcf9e5d8 --- /dev/null +++ b/src/mapping/google/resource/gkebackup/google_gke_backup_restore_plan_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "gkebackup.restorePlans.getIamPolicy", + "gkebackup.restorePlans.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkebackup.restorePlans.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_binding.json b/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_binding.json new file mode 100644 index 00000000..a628e4aa --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkehub.features.getIamPolicy", + "gkehub.features.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_member.json b/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_member.json new file mode 100644 index 00000000..a628e4aa --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkehub.features.getIamPolicy", + "gkehub.features.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_policy.json b/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_policy.json new file mode 100644 index 00000000..a8ca6a93 --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_feature_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "gkehub.features.getIamPolicy", + "gkehub.features.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkehub.features.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_binding.json b/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_binding.json new file mode 100644 index 00000000..76b22174 --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkehub.memberships.getIamPolicy", + "gkehub.memberships.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_member.json b/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_member.json new file mode 100644 index 00000000..76b22174 --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkehub.memberships.getIamPolicy", + "gkehub.memberships.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_policy.json b/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_policy.json new file mode 100644 index 00000000..cd6cd3f7 --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_membership_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "gkehub.memberships.getIamPolicy", + "gkehub.memberships.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkehub.memberships.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_binding.json b/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_binding.json new file mode 100644 index 00000000..ac65a607 --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkehub.scopes.getIamPolicy", + "gkehub.scopes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_member.json b/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_member.json new file mode 100644 index 00000000..ac65a607 --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "gkehub.scopes.getIamPolicy", + "gkehub.scopes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_policy.json b/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_policy.json new file mode 100644 index 00000000..b248451d --- /dev/null +++ b/src/mapping/google/resource/gkehub/google_gke_hub_scope_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "gkehub.scopes.getIamPolicy", + "gkehub.scopes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "gkehub.scopes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/google_apigee_environment.json b/src/mapping/google/resource/google_apigee_environment.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/google_apigee_environment.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_binding.json b/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_binding.json new file mode 100644 index 00000000..add4b9fe --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.consentStores.getIamPolicy", + "healthcare.consentStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_member.json b/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_member.json new file mode 100644 index 00000000..add4b9fe --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.consentStores.getIamPolicy", + "healthcare.consentStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_policy.json b/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_policy.json new file mode 100644 index 00000000..e1f8cdb4 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_consent_store_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "healthcare.consentStores.getIamPolicy", + "healthcare.consentStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "healthcare.consentStores.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_binding.json b/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_binding.json new file mode 100644 index 00000000..534516d8 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.datasets.getIamPolicy", + "healthcare.datasets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_member.json b/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_member.json new file mode 100644 index 00000000..534516d8 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.datasets.getIamPolicy", + "healthcare.datasets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_policy.json b/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_policy.json new file mode 100644 index 00000000..0272db19 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_dataset_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "healthcare.datasets.getIamPolicy", + "healthcare.datasets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "healthcare.datasets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_binding.json b/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_binding.json new file mode 100644 index 00000000..44ad44c3 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.dicomStores.getIamPolicy", + "healthcare.dicomStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_member.json b/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_member.json new file mode 100644 index 00000000..44ad44c3 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.dicomStores.getIamPolicy", + "healthcare.dicomStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_policy.json b/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_policy.json new file mode 100644 index 00000000..791029e5 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_dicom_store_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "healthcare.dicomStores.getIamPolicy", + "healthcare.dicomStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "healthcare.dicomStores.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_binding.json b/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_binding.json new file mode 100644 index 00000000..4f956554 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.fhirStores.getIamPolicy", + "healthcare.fhirStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_member.json b/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_member.json new file mode 100644 index 00000000..4f956554 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.fhirStores.getIamPolicy", + "healthcare.fhirStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_policy.json b/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_policy.json new file mode 100644 index 00000000..9eea946b --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_fhir_store_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "healthcare.fhirStores.getIamPolicy", + "healthcare.fhirStores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "healthcare.fhirStores.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_binding.json b/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_binding.json new file mode 100644 index 00000000..1db1c90c --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.hl7V2Stores.getIamPolicy", + "healthcare.hl7V2Stores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_member.json b/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_member.json new file mode 100644 index 00000000..1db1c90c --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "healthcare.hl7V2Stores.getIamPolicy", + "healthcare.hl7V2Stores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_policy.json b/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_policy.json new file mode 100644 index 00000000..6a08f9c3 --- /dev/null +++ b/src/mapping/google/resource/healthcare/google_healthcare_hl7_v2_store_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "healthcare.hl7V2Stores.getIamPolicy", + "healthcare.hl7V2Stores.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "healthcare.hl7V2Stores.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool.json new file mode 100644 index 00000000..9c4820c2 --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePools.update", + "iam.googleapis.com/workforcePools.get", + "iam.googleapis.com/workforcePools.create", + "iam.googleapis.com/workforcePools.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_binding.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_binding.json new file mode 100644 index 00000000..220eb8cc --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePools.getIamPolicy", + "iam.googleapis.com/workforcePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_member.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_member.json new file mode 100644 index 00000000..220eb8cc --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePools.getIamPolicy", + "iam.googleapis.com/workforcePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json new file mode 100644 index 00000000..220eb8cc --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePools.getIamPolicy", + "iam.googleapis.com/workforcePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider.json new file mode 100644 index 00000000..a62fa309 --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePoolProviders.create", + "iam.googleapis.com/workforcePoolProviders.delete", + "iam.googleapis.com/workforcePoolProviders.get", + "iam.googleapis.com/workforcePoolProviders.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider_key.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider_key.json new file mode 100644 index 00000000..bd16b01e --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workforce_pool_provider_key.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePoolProviderKeys.create", + "iam.googleapis.com/workforcePoolProviderKeys.delete", + "iam.googleapis.com/workforcePoolProviderKeys.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_binding.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_binding.json new file mode 100644 index 00000000..220eb8cc --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePools.getIamPolicy", + "iam.googleapis.com/workforcePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_member.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_member.json new file mode 100644 index 00000000..220eb8cc --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam.googleapis.com/workforcePools.getIamPolicy", + "iam.googleapis.com/workforcePools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json b/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json new file mode 100644 index 00000000..8b851596 --- /dev/null +++ b/src/mapping/google/resource/iam.googleapis.com/google_iam_workload_identity_pool_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iam.googleapis.com/workloadIdentityPools.getIamPolicy", + "iam.googleapis.com/workloadIdentityPools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iam.googleapis.com/workloadIdentityPools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iam/google_default_service_accounts.json b/src/mapping/google/resource/iam/google_default_service_accounts.json new file mode 100644 index 00000000..eb272b93 --- /dev/null +++ b/src/mapping/google/resource/iam/google_default_service_accounts.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam.serviceAccounts.disable", + "iam.serviceAccounts.enable" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam/google_iam_workload_identity_pool.json b/src/mapping/google/resource/iam/google_iam_workload_identity_pool.json new file mode 100644 index 00000000..fd610d72 --- /dev/null +++ b/src/mapping/google/resource/iam/google_iam_workload_identity_pool.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "iam.workloadIdentityPools.create", + "iam.workloadIdentityPools.delete", + "iam.workloadIdentityPools.get", + "iam.workloadIdentityPools.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "iam.workloadIdentityPools.delete" + ], + "modify": [ + "iam.workloadIdentityPools.update" + ], + "plan": [ + "iam.workloadIdentityPools.get" + ] + } +] diff --git a/src/mapping/google/resource/iam/google_iam_workload_identity_pool_provider.json b/src/mapping/google/resource/iam/google_iam_workload_identity_pool_provider.json new file mode 100644 index 00000000..78350df1 --- /dev/null +++ b/src/mapping/google/resource/iam/google_iam_workload_identity_pool_provider.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "iam.workloadIdentityPoolProviders.create", + "iam.workloadIdentityPoolProviders.delete", + "iam.workloadIdentityPoolProviders.get", + "iam.workloadIdentityPoolProviders.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "iam.workloadIdentityPoolProviders.delete" + ], + "modify": [ + "iam.workloadIdentityPoolProviders.update" + ], + "plan": [ + "iam.workloadIdentityPoolProviders.get" + ] + } +] diff --git a/src/mapping/google/resource/iam/google_project_default_service_accounts.json b/src/mapping/google/resource/iam/google_project_default_service_accounts.json new file mode 100644 index 00000000..763c2cef --- /dev/null +++ b/src/mapping/google/resource/iam/google_project_default_service_accounts.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "iam.serviceAccounts.list" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam/google_project_iam_audit_config.json b/src/mapping/google/resource/iam/google_project_iam_audit_config.json new file mode 100644 index 00000000..81ef0c90 --- /dev/null +++ b/src/mapping/google/resource/iam/google_project_iam_audit_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.projects.getIamPolicy", + "resourcemanager.projects.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iam/google_project_iam_custom_role.json b/src/mapping/google/resource/iam/google_project_iam_custom_role.json index 8f0ce2e1..c1e3f457 100644 --- a/src/mapping/google/resource/iam/google_project_iam_custom_role.json +++ b/src/mapping/google/resource/iam/google_project_iam_custom_role.json @@ -1,18 +1,20 @@ -[ - { - "apply": [ - "iam.roles.get", - "iam.roles.create" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "iam.roles.delete" - ], - "modify": [ - "iam.roles.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "iam.roles.get", + "iam.roles.create" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "iam.roles.delete" + ], + "modify": [ + "iam.roles.update" + ], + "plan": [ + "iam.roles.get" + ] + } +] diff --git a/src/mapping/google/resource/iam/google_service_account.json b/src/mapping/google/resource/iam/google_service_account.json index 0f5d3f50..5b6691a9 100644 --- a/src/mapping/google/resource/iam/google_service_account.json +++ b/src/mapping/google/resource/iam/google_service_account.json @@ -13,6 +13,8 @@ "modify": [ "iam.serviceAccounts.update" ], - "plan": [] + "plan": [ + "iam.serviceAccounts.get" + ] } ] diff --git a/src/mapping/google/resource/iam/google_service_account_iam_policy.json b/src/mapping/google/resource/iam/google_service_account_iam_policy.json index 60650881..6befb2e7 100644 --- a/src/mapping/google/resource/iam/google_service_account_iam_policy.json +++ b/src/mapping/google/resource/iam/google_service_account_iam_policy.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "iam.serviceAccounts.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/iam/google_service_account_key.json b/src/mapping/google/resource/iam/google_service_account_key.json index 96625498..c7ebf1a4 100644 --- a/src/mapping/google/resource/iam/google_service_account_key.json +++ b/src/mapping/google/resource/iam/google_service_account_key.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "iam.serviceAccountKeys.get" + ] } ] diff --git a/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_binding.json b/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_binding.json new file mode 100644 index 00000000..187c96ae --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_member.json b/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_member.json new file mode 100644 index 00000000..886fd193 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_policy.json b/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_policy.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_app_engine_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_binding.json b/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_binding.json new file mode 100644 index 00000000..187c96ae --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_member.json b/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_member.json new file mode 100644 index 00000000..187c96ae --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_policy.json b/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_policy.json new file mode 100644 index 00000000..0ab53f8d --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_app_engine_version_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServiceVersions.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_settings.json b/src/mapping/google/resource/iap/google_iap_settings.json new file mode 100644 index 00000000..d9abc424 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_settings.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getSettings", + "iap.webServices.updateSettings" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_dest_group.json b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group.json new file mode 100644 index 00000000..3b5e3fe2 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.tunnelDestGroups.create", + "iap.tunnelDestGroups.delete", + "iap.tunnelDestGroups.get", + "iap.tunnelDestGroups.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_binding.json b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_binding.json new file mode 100644 index 00000000..5a4139da --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.tunnelDestGroups.getIamPolicy", + "iap.tunnelDestGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_member.json b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_member.json new file mode 100644 index 00000000..5a4139da --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.tunnelDestGroups.getIamPolicy", + "iap.tunnelDestGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_policy.json b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_policy.json new file mode 100644 index 00000000..1ef22e4e --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_dest_group_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.tunnelDestGroups.getIamPolicy", + "iap.tunnelDestGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.tunnelDestGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_iam_binding.json b/src/mapping/google/resource/iap/google_iap_tunnel_iam_binding.json new file mode 100644 index 00000000..16ac30bb --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.tunnel.getIamPolicy", + "iap.tunnel.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_iam_member.json b/src/mapping/google/resource/iap/google_iap_tunnel_iam_member.json new file mode 100644 index 00000000..16ac30bb --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.tunnel.getIamPolicy", + "iap.tunnel.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_iam_policy.json b/src/mapping/google/resource/iap/google_iap_tunnel_iam_policy.json new file mode 100644 index 00000000..733c71c6 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.tunnel.getIamPolicy", + "iap.tunnel.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.tunnel.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_binding.json b/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_binding.json new file mode 100644 index 00000000..82821da3 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.tunnelInstances.getIamPolicy", + "iap.tunnelInstances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_member.json b/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_member.json new file mode 100644 index 00000000..82821da3 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.tunnelInstances.getIamPolicy", + "iap.tunnelInstances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_policy.json b/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_policy.json new file mode 100644 index 00000000..5557cda3 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_tunnel_instance_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.tunnelInstances.getIamPolicy", + "iap.tunnelInstances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.tunnelInstances.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_binding.json new file mode 100644 index 00000000..886fd193 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_member.json new file mode 100644 index 00000000..886fd193 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_policy.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_backend_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_binding.json new file mode 100644 index 00000000..37814a4f --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_member.json new file mode 100644 index 00000000..37814a4f --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_member.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_policy.json new file mode 100644 index 00000000..37814a4f --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_cloud_run_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_binding.json new file mode 100644 index 00000000..187c96ae --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_member.json new file mode 100644 index 00000000..187c96ae --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_policy.json new file mode 100644 index 00000000..187c96ae --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_forwarding_rule_service_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_iam_binding.json new file mode 100644 index 00000000..331f5f94 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.web.getIamPolicy", + "iap.web.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_iam_member.json new file mode 100644 index 00000000..331f5f94 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.web.getIamPolicy", + "iap.web.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_iam_policy.json new file mode 100644 index 00000000..de36f83c --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.web.getIamPolicy", + "iap.web.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.web.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_binding.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_member.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_member.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_policy.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_region_backend_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_binding.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_member.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_member.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json new file mode 100644 index 00000000..45d8a940 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_region_forwarding_rule_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webServices.getIamPolicy", + "iap.webServices.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webServices.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_binding.json new file mode 100644 index 00000000..f92ccd33 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webTypes.getIamPolicy", + "iap.webTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_member.json new file mode 100644 index 00000000..f92ccd33 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webTypes.getIamPolicy", + "iap.webTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_policy.json new file mode 100644 index 00000000..0794b0fd --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_type_app_engine_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webTypes.getIamPolicy", + "iap.webTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_binding.json b/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_binding.json new file mode 100644 index 00000000..f92ccd33 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webTypes.getIamPolicy", + "iap.webTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_member.json b/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_member.json new file mode 100644 index 00000000..f92ccd33 --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iap.webTypes.getIamPolicy", + "iap.webTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_policy.json b/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_policy.json new file mode 100644 index 00000000..0794b0fd --- /dev/null +++ b/src/mapping/google/resource/iap/google_iap_web_type_compute_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iap.webTypes.getIamPolicy", + "iap.webTypes.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "iap.webTypes.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_binding.json b/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_binding.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_binding.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_member.json b/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_member.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_member.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_policy.json b/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_policy.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/google/resource/kms/google_kms_ekm_connection_iam_policy.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_billing_account_exclusion.json b/src/mapping/google/resource/logging/google_logging_billing_account_exclusion.json new file mode 100644 index 00000000..3f642a0d --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_billing_account_exclusion.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.exclusions.create", + "logging.exclusions.delete", + "logging.exclusions.get", + "logging.exclusions.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_billing_account_sink.json b/src/mapping/google/resource/logging/google_logging_billing_account_sink.json new file mode 100644 index 00000000..42fe9b37 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_billing_account_sink.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.sinks.create", + "logging.sinks.delete", + "logging.sinks.get", + "logging.sinks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_folder_exclusion.json b/src/mapping/google/resource/logging/google_logging_folder_exclusion.json new file mode 100644 index 00000000..3f642a0d --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_folder_exclusion.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.exclusions.create", + "logging.exclusions.delete", + "logging.exclusions.get", + "logging.exclusions.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_folder_settings.json b/src/mapping/google/resource/logging/google_logging_folder_settings.json new file mode 100644 index 00000000..cf6a6a52 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_folder_settings.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "logging.settings.get", + "logging.settings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_folder_sink.json b/src/mapping/google/resource/logging/google_logging_folder_sink.json new file mode 100644 index 00000000..42fe9b37 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_folder_sink.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.sinks.create", + "logging.sinks.delete", + "logging.sinks.get", + "logging.sinks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_linked_dataset.json b/src/mapping/google/resource/logging/google_logging_linked_dataset.json new file mode 100644 index 00000000..5bfe5ce2 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_linked_dataset.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "logging.links.create", + "logging.links.delete", + "logging.links.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_log_scope.json b/src/mapping/google/resource/logging/google_logging_log_scope.json new file mode 100644 index 00000000..b9f3b151 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_log_scope.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.logScopes.create", + "logging.logScopes.delete", + "logging.logScopes.get", + "logging.logScopes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_log_view.json b/src/mapping/google/resource/logging/google_logging_log_view.json new file mode 100644 index 00000000..91574519 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_log_view.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.views.create", + "logging.views.delete", + "logging.views.get", + "logging.views.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_log_view_iam_binding.json b/src/mapping/google/resource/logging/google_logging_log_view_iam_binding.json new file mode 100644 index 00000000..0078a88b --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_log_view_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "logging.views.getIamPolicy", + "logging.views.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_log_view_iam_member.json b/src/mapping/google/resource/logging/google_logging_log_view_iam_member.json new file mode 100644 index 00000000..0078a88b --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_log_view_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "logging.views.getIamPolicy", + "logging.views.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_log_view_iam_policy.json b/src/mapping/google/resource/logging/google_logging_log_view_iam_policy.json new file mode 100644 index 00000000..0078a88b --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_log_view_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "logging.views.getIamPolicy", + "logging.views.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_metric.json b/src/mapping/google/resource/logging/google_logging_metric.json new file mode 100644 index 00000000..6f25ab17 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_metric.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.logMetrics.create", + "logging.logMetrics.delete", + "logging.logMetrics.get", + "logging.logMetrics.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_organization_exclusion.json b/src/mapping/google/resource/logging/google_logging_organization_exclusion.json new file mode 100644 index 00000000..3f642a0d --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_organization_exclusion.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.exclusions.create", + "logging.exclusions.delete", + "logging.exclusions.get", + "logging.exclusions.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_organization_settings.json b/src/mapping/google/resource/logging/google_logging_organization_settings.json new file mode 100644 index 00000000..cf6a6a52 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_organization_settings.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "logging.settings.get", + "logging.settings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_organization_sink.json b/src/mapping/google/resource/logging/google_logging_organization_sink.json new file mode 100644 index 00000000..42fe9b37 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_organization_sink.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.sinks.create", + "logging.sinks.delete", + "logging.sinks.get", + "logging.sinks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_project_exclusion.json b/src/mapping/google/resource/logging/google_logging_project_exclusion.json new file mode 100644 index 00000000..3f642a0d --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_project_exclusion.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.exclusions.create", + "logging.exclusions.delete", + "logging.exclusions.get", + "logging.exclusions.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/logging/google_logging_project_sink.json b/src/mapping/google/resource/logging/google_logging_project_sink.json new file mode 100644 index 00000000..42fe9b37 --- /dev/null +++ b/src/mapping/google/resource/logging/google_logging_project_sink.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "logging.sinks.create", + "logging.sinks.delete", + "logging.sinks.get", + "logging.sinks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/managedkafka/google_managed_kafka_acl.json b/src/mapping/google/resource/managedkafka/google_managed_kafka_acl.json new file mode 100644 index 00000000..ae47c306 --- /dev/null +++ b/src/mapping/google/resource/managedkafka/google_managed_kafka_acl.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "managedkafka.acls.create", + "managedkafka.acls.get", + "managedkafka.acls.update", + "managedkafka.acls.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/managedkafka/google_managed_kafka_cluster.json b/src/mapping/google/resource/managedkafka/google_managed_kafka_cluster.json new file mode 100644 index 00000000..173c7ce4 --- /dev/null +++ b/src/mapping/google/resource/managedkafka/google_managed_kafka_cluster.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "managedkafka.operations.get", + "managedkafka.clusters.create", + "managedkafka.clusters.delete", + "managedkafka.clusters.get", + "managedkafka.clusters.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/managedkafka/google_managed_kafka_connect_cluster.json b/src/mapping/google/resource/managedkafka/google_managed_kafka_connect_cluster.json new file mode 100644 index 00000000..9153e8c6 --- /dev/null +++ b/src/mapping/google/resource/managedkafka/google_managed_kafka_connect_cluster.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "managedkafka.connectClusters.create", + "managedkafka.connectClusters.delete", + "managedkafka.connectClusters.get", + "managedkafka.connectClusters.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/managedkafka/google_managed_kafka_connector.json b/src/mapping/google/resource/managedkafka/google_managed_kafka_connector.json new file mode 100644 index 00000000..7aaff0e7 --- /dev/null +++ b/src/mapping/google/resource/managedkafka/google_managed_kafka_connector.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "managedkafka.connectors.create", + "managedkafka.connectors.delete", + "managedkafka.connectors.get", + "managedkafka.connectors.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/managedkafka/google_managed_kafka_topic.json b/src/mapping/google/resource/managedkafka/google_managed_kafka_topic.json new file mode 100644 index 00000000..0e883415 --- /dev/null +++ b/src/mapping/google/resource/managedkafka/google_managed_kafka_topic.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "managedkafka.topics.create", + "managedkafka.topics.delete", + "managedkafka.topics.get", + "managedkafka.topics.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/memcache/google_memcache_instance.json b/src/mapping/google/resource/memcache/google_memcache_instance.json new file mode 100644 index 00000000..9d41770b --- /dev/null +++ b/src/mapping/google/resource/memcache/google_memcache_instance.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "memcache.instances.create", + "memcache.instances.delete", + "memcache.instances.get", + "memcache.instances.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/memorystore/google_memorystore_instance.json b/src/mapping/google/resource/memorystore/google_memorystore_instance.json new file mode 100644 index 00000000..373399d3 --- /dev/null +++ b/src/mapping/google/resource/memorystore/google_memorystore_instance.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "memorystore.instances.create", + "memorystore.instances.delete", + "memorystore.instances.get", + "memorystore.instances.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_binding.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_binding.json new file mode 100644 index 00000000..92a6e38d --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.databases.getIamPolicy", + "metastore.databases.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_member.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_member.json new file mode 100644 index 00000000..92a6e38d --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.databases.getIamPolicy", + "metastore.databases.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_policy.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_policy.json new file mode 100644 index 00000000..c00e781b --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_database_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "metastore.databases.getIamPolicy", + "metastore.databases.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "metastore.databases.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_binding.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_binding.json new file mode 100644 index 00000000..83c21eb8 --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.federations.getIamPolicy", + "metastore.federations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_member.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_member.json new file mode 100644 index 00000000..bde192e8 --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.federations.getIamPolicy", + "metastore.federations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_policy.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_policy.json new file mode 100644 index 00000000..dbe537fa --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_federation_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "metastore.federations.getIamPolicy", + "metastore.federations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "metastore.federations.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_binding.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_binding.json new file mode 100644 index 00000000..fd29e0ce --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.services.getIamPolicy", + "metastore.services.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_member.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_member.json new file mode 100644 index 00000000..fd29e0ce --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.services.getIamPolicy", + "metastore.services.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_policy.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_policy.json new file mode 100644 index 00000000..47253269 --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "metastore.services.getIamPolicy", + "metastore.services.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "metastore.services.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_binding.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_binding.json new file mode 100644 index 00000000..16dc262b --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.tables.getIamPolicy", + "metastore.tables.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_member.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_member.json new file mode 100644 index 00000000..16dc262b --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "metastore.tables.getIamPolicy", + "metastore.tables.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_policy.json b/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_policy.json new file mode 100644 index 00000000..f8d3a2b6 --- /dev/null +++ b/src/mapping/google/resource/metastore/google_dataproc_metastore_table_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "metastore.tables.getIamPolicy", + "metastore.tables.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "metastore.tables.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/modelarmor/google_model_armor_floorsetting.json b/src/mapping/google/resource/modelarmor/google_model_armor_floorsetting.json new file mode 100644 index 00000000..f015b70c --- /dev/null +++ b/src/mapping/google/resource/modelarmor/google_model_armor_floorsetting.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "modelarmor.floorSettings.get", + "modelarmor.floorSettings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/modelarmor/google_model_armor_template.json b/src/mapping/google/resource/modelarmor/google_model_armor_template.json new file mode 100644 index 00000000..2b5199b6 --- /dev/null +++ b/src/mapping/google/resource/modelarmor/google_model_armor_template.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "modelarmor.templates.create", + "modelarmor.templates.delete", + "modelarmor.templates.get", + "modelarmor.templates.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_alert_policy.json b/src/mapping/google/resource/monitoring/google_monitoring_alert_policy.json new file mode 100644 index 00000000..f7005cac --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_alert_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.alertPolicies.update", + "monitoring.alertPolicies.create", + "monitoring.alertPolicies.delete", + "monitoring.alertPolicies.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_custom_service.json b/src/mapping/google/resource/monitoring/google_monitoring_custom_service.json new file mode 100644 index 00000000..02f27609 --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_custom_service.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.services.create", + "monitoring.services.get", + "monitoring.services.delete", + "monitoring.services.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_dashboard.json b/src/mapping/google/resource/monitoring/google_monitoring_dashboard.json new file mode 100644 index 00000000..c5e327fc --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_dashboard.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.dashboards.delete", + "monitoring.dashboards.create", + "monitoring.dashboards.update", + "monitoring.dashboards.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_group.json b/src/mapping/google/resource/monitoring/google_monitoring_group.json new file mode 100644 index 00000000..0dbd4c5b --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_group.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.groups.create", + "monitoring.groups.delete", + "monitoring.groups.get", + "monitoring.groups.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_metric_descriptor.json b/src/mapping/google/resource/monitoring/google_monitoring_metric_descriptor.json new file mode 100644 index 00000000..6cc7876f --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_metric_descriptor.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "monitoring.metricDescriptors.create", + "monitoring.metricDescriptors.delete", + "monitoring.metricDescriptors.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_monitored_project.json b/src/mapping/google/resource/monitoring/google_monitoring_monitored_project.json new file mode 100644 index 00000000..76ea4abf --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_monitored_project.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "monitoring.metricsScopes.link" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_notification_channel.json b/src/mapping/google/resource/monitoring/google_monitoring_notification_channel.json new file mode 100644 index 00000000..1f31388e --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_notification_channel.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.notificationChannels.create", + "monitoring.notificationChannels.delete", + "monitoring.notificationChannels.get", + "monitoring.notificationChannels.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_service.json b/src/mapping/google/resource/monitoring/google_monitoring_service.json new file mode 100644 index 00000000..ea5a0a16 --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_service.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.services.create", + "monitoring.services.delete", + "monitoring.services.get", + "monitoring.services.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_slo.json b/src/mapping/google/resource/monitoring/google_monitoring_slo.json new file mode 100644 index 00000000..71690592 --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_slo.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.slos.create", + "monitoring.slos.delete", + "monitoring.slos.get", + "monitoring.slos.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/monitoring/google_monitoring_uptime_check_config.json b/src/mapping/google/resource/monitoring/google_monitoring_uptime_check_config.json new file mode 100644 index 00000000..714992ef --- /dev/null +++ b/src/mapping/google/resource/monitoring/google_monitoring_uptime_check_config.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "monitoring.uptimeCheckConfigs.create", + "monitoring.uptimeCheckConfigs.delete", + "monitoring.uptimeCheckConfigs.get", + "monitoring.uptimeCheckConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_binding.json b/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_binding.json new file mode 100644 index 00000000..edec3438 --- /dev/null +++ b/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "networksecurity.addressGroups.getIamPolicy", + "networksecurity.addressGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_member.json b/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_member.json new file mode 100644 index 00000000..edec3438 --- /dev/null +++ b/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "networksecurity.addressGroups.getIamPolicy", + "networksecurity.addressGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_policy.json b/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_policy.json new file mode 100644 index 00000000..a5853ef4 --- /dev/null +++ b/src/mapping/google/resource/networksecurity/google_network_security_address_group_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "networksecurity.addressGroups.getIamPolicy", + "networksecurity.addressGroups.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "networksecurity.addressGroups.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_environment.json b/src/mapping/google/resource/notebooks/google_notebooks_environment.json new file mode 100644 index 00000000..dcb902ad --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_environment.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "notebooks.environments.create", + "notebooks.environments.get", + "notebooks.environments.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_instance.json b/src/mapping/google/resource/notebooks/google_notebooks_instance.json new file mode 100644 index 00000000..c7dfcaac --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_instance.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "notebooks.instances.create", + "notebooks.instances.delete", + "notebooks.instances.update", + "notebooks.instances.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_binding.json b/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_binding.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_member.json b/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_member.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_policy.json b/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_policy.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_instance_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_runtime.json b/src/mapping/google/resource/notebooks/google_notebooks_runtime.json new file mode 100644 index 00000000..075657d4 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_runtime.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "notebooks.runtimes.create", + "notebooks.runtimes.delete", + "notebooks.runtimes.get", + "notebooks.runtimes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_binding.json b/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_binding.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_member.json b/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_member.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_policy.json b/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_policy.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_notebooks_runtime_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_workbench_instance.json b/src/mapping/google/resource/notebooks/google_workbench_instance.json new file mode 100644 index 00000000..4369cd64 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_workbench_instance.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "notebooks.instances.create", + "notebooks.instances.delete", + "notebooks.instances.get", + "notebooks.instances.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_workbench_instance_iam_binding.json b/src/mapping/google/resource/notebooks/google_workbench_instance_iam_binding.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_workbench_instance_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_workbench_instance_iam_member.json b/src/mapping/google/resource/notebooks/google_workbench_instance_iam_member.json new file mode 100644 index 00000000..23967943 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_workbench_instance_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/notebooks/google_workbench_instance_iam_policy.json b/src/mapping/google/resource/notebooks/google_workbench_instance_iam_policy.json new file mode 100644 index 00000000..f5265a27 --- /dev/null +++ b/src/mapping/google/resource/notebooks/google_workbench_instance_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "notebooks.instances.getIamPolicy", + "notebooks.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "notebooks.instances.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/orgpolicy/google_project_organization_policy.json b/src/mapping/google/resource/orgpolicy/google_project_organization_policy.json new file mode 100644 index 00000000..527d46c2 --- /dev/null +++ b/src/mapping/google/resource/orgpolicy/google_project_organization_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "orgpolicy.policy.set", + "orgpolicy.policy.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/osconfig/google_os_config_guest_policies.json b/src/mapping/google/resource/osconfig/google_os_config_guest_policies.json new file mode 100644 index 00000000..034ffd3f --- /dev/null +++ b/src/mapping/google/resource/osconfig/google_os_config_guest_policies.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "osconfig.guestPolicies.create", + "osconfig.guestPolicies.delete", + "osconfig.guestPolicies.get", + "osconfig.guestPolicies.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/osconfig/google_os_config_os_policy_assignment.json b/src/mapping/google/resource/osconfig/google_os_config_os_policy_assignment.json new file mode 100644 index 00000000..ff6ec407 --- /dev/null +++ b/src/mapping/google/resource/osconfig/google_os_config_os_policy_assignment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "osconfig.osPolicyAssignments.create", + "osconfig.osPolicyAssignments.delete", + "osconfig.osPolicyAssignments.get", + "osconfig.osPolicyAssignments.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/osconfig/google_os_config_patch_deployment.json b/src/mapping/google/resource/osconfig/google_os_config_patch_deployment.json new file mode 100644 index 00000000..76d305f0 --- /dev/null +++ b/src/mapping/google/resource/osconfig/google_os_config_patch_deployment.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "osconfig.patchDeployments.create", + "osconfig.patchDeployments.delete", + "osconfig.patchDeployments.update", + "osconfig.patchDeployments.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator.json b/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator.json new file mode 100644 index 00000000..14e8558b --- /dev/null +++ b/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "osconfig.policyOrchestrators.create", + "osconfig.policyOrchestrators.delete", + "osconfig.policyOrchestrators.get", + "osconfig.policyOrchestrators.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_folder.json b/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_folder.json new file mode 100644 index 00000000..14e8558b --- /dev/null +++ b/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_folder.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "osconfig.policyOrchestrators.create", + "osconfig.policyOrchestrators.delete", + "osconfig.policyOrchestrators.get", + "osconfig.policyOrchestrators.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_organization.json b/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_organization.json new file mode 100644 index 00000000..14e8558b --- /dev/null +++ b/src/mapping/google/resource/osconfig/google_os_config_v2_policy_orchestrator_for_organization.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "osconfig.policyOrchestrators.create", + "osconfig.policyOrchestrators.delete", + "osconfig.policyOrchestrators.get", + "osconfig.policyOrchestrators.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/parallelstore/google_parallelstore_instance.json b/src/mapping/google/resource/parallelstore/google_parallelstore_instance.json new file mode 100644 index 00000000..1a3aadf0 --- /dev/null +++ b/src/mapping/google/resource/parallelstore/google_parallelstore_instance.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "parallelstore.instances.create", + "parallelstore.instances.get", + "parallelstore.instances.update", + "parallelstore.instances.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_ca_pool.json b/src/mapping/google/resource/privateca/google_privateca_ca_pool.json new file mode 100644 index 00000000..f2023311 --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_ca_pool.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "privateca.caPools.create", + "privateca.caPools.get", + "privateca.caPools.delete", + "privateca.caPools.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "privateca.caPools.delete" + ], + "modify": [ + "privateca.caPools.update" + ], + "plan": [ + "privateca.caPools.get" + ] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_binding.json b/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_binding.json new file mode 100644 index 00000000..d4e6b1a1 --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "privateca.caPools.getIamPolicy", + "privateca.caPools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_member.json b/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_member.json new file mode 100644 index 00000000..d4e6b1a1 --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "privateca.caPools.getIamPolicy", + "privateca.caPools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_policy.json b/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_policy.json new file mode 100644 index 00000000..7ddb7897 --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_ca_pool_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "privateca.caPools.getIamPolicy", + "privateca.caPools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "privateca.caPools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_certificate.json b/src/mapping/google/resource/privateca/google_privateca_certificate.json new file mode 100644 index 00000000..c3c4fe3a --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_certificate.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "privateca.certificates.create", + "privateca.certificates.get", + "privateca.certificates.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_certificate_authority.json b/src/mapping/google/resource/privateca/google_privateca_certificate_authority.json new file mode 100644 index 00000000..81312ca2 --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_certificate_authority.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "privateca.certificateAuthorities.create", + "privateca.certificateAuthorities.get", + "privateca.certificateAuthorities.update", + "privateca.certificateAuthorities.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_certificate_template.json b/src/mapping/google/resource/privateca/google_privateca_certificate_template.json new file mode 100644 index 00000000..8dfeb2dc --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_certificate_template.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "privateca.certificateTemplates.create", + "privateca.certificateTemplates.get", + "privateca.certificateTemplates.delete", + "privateca.operations.get", + "privateca.operations.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_binding.json b/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_binding.json new file mode 100644 index 00000000..fcd861ad --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "privateca.certificateTemplates.getIamPolicy", + "privateca.certificateTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_member.json b/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_member.json new file mode 100644 index 00000000..fcd861ad --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "privateca.certificateTemplates.getIamPolicy", + "privateca.certificateTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_policy.json b/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_policy.json new file mode 100644 index 00000000..21db326c --- /dev/null +++ b/src/mapping/google/resource/privateca/google_privateca_certificate_template_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "privateca.certificateTemplates.getIamPolicy", + "privateca.certificateTemplates.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "privateca.certificateTemplates.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/privilegedaccessmanager/google_privileged_access_manager_entitlement.json b/src/mapping/google/resource/privilegedaccessmanager/google_privileged_access_manager_entitlement.json new file mode 100644 index 00000000..4a19a167 --- /dev/null +++ b/src/mapping/google/resource/privilegedaccessmanager/google_privileged_access_manager_entitlement.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "privilegedaccessmanager.entitlements.get", + "privilegedaccessmanager.entitlements.list", + "privilegedaccessmanager.entitlements.update", + "privilegedaccessmanager.entitlements.create", + "privilegedaccessmanager.entitlements.delete", + "privilegedaccessmanager.entitlements.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "privilegedaccessmanager.entitlements.get" + ] + } +] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_binding.json b/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_binding.json new file mode 100644 index 00000000..c3e4810d --- /dev/null +++ b/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "pubsub.schemas.getIamPolicy", + "pubsub.schemas.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_member.json b/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_member.json new file mode 100644 index 00000000..c3e4810d --- /dev/null +++ b/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "pubsub.schemas.getIamPolicy", + "pubsub.schemas.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_policy.json b/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_policy.json new file mode 100644 index 00000000..ab5ed7e5 --- /dev/null +++ b/src/mapping/google/resource/pubsub/google_pubsub_schema_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "pubsub.schemas.getIamPolicy", + "pubsub.schemas.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "pubsub.schemas.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_subscription.json b/src/mapping/google/resource/pubsub/google_pubsub_subscription.json index e9bcf53e..44aa95c7 100644 --- a/src/mapping/google/resource/pubsub/google_pubsub_subscription.json +++ b/src/mapping/google/resource/pubsub/google_pubsub_subscription.json @@ -14,6 +14,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "pubsub.subscriptions.get" + ] } ] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_binding.json b/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_binding.json new file mode 100644 index 00000000..4c0b7ac8 --- /dev/null +++ b/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "pubsub.subscriptions.getIamPolicy", + "pubsub.subscriptions.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_member.json b/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_member.json new file mode 100644 index 00000000..4c0b7ac8 --- /dev/null +++ b/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "pubsub.subscriptions.getIamPolicy", + "pubsub.subscriptions.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_policy.json b/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_policy.json new file mode 100644 index 00000000..ad47cd92 --- /dev/null +++ b/src/mapping/google/resource/pubsub/google_pubsub_subscription_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "pubsub.subscriptions.getIamPolicy", + "pubsub.subscriptions.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "pubsub.subscriptions.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_topic.json b/src/mapping/google/resource/pubsub/google_pubsub_topic.json index 371b65b8..f7dfdd70 100644 --- a/src/mapping/google/resource/pubsub/google_pubsub_topic.json +++ b/src/mapping/google/resource/pubsub/google_pubsub_topic.json @@ -11,6 +11,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "pubsub.topics.get" + ] } ] diff --git a/src/mapping/google/resource/pubsub/google_pubsub_topic_iam_policy.json b/src/mapping/google/resource/pubsub/google_pubsub_topic_iam_policy.json new file mode 100644 index 00000000..c3a19d5b --- /dev/null +++ b/src/mapping/google/resource/pubsub/google_pubsub_topic_iam_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "pubsub.topics.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/redis/google_redis_cluster.json b/src/mapping/google/resource/redis/google_redis_cluster.json new file mode 100644 index 00000000..bb3b262f --- /dev/null +++ b/src/mapping/google/resource/redis/google_redis_cluster.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "redis.clusters.get", + "redis.clusters.create", + "redis.operations.get", + "redis.clusters.update", + "redis.clusters.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/redis/google_redis_cluster_user_created_connections.json b/src/mapping/google/resource/redis/google_redis_cluster_user_created_connections.json new file mode 100644 index 00000000..599a50a0 --- /dev/null +++ b/src/mapping/google/resource/redis/google_redis_cluster_user_created_connections.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "redis.clusters.connect" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_billing_project_info.json b/src/mapping/google/resource/resourcemanager/google_billing_project_info.json new file mode 100644 index 00000000..4de8ae1e --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_billing_project_info.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "resourcemanager.projects.get", + "resourcemanager.projects.deleteBillingAssignment", + "resourcemanager.projects.createBillingAssignment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_folder_iam_binding.json b/src/mapping/google/resource/resourcemanager/google_folder_iam_binding.json new file mode 100644 index 00000000..564d4c7b --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_folder_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.folders.getIamPolicy", + "resourcemanager.folders.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_folder_iam_member.json b/src/mapping/google/resource/resourcemanager/google_folder_iam_member.json new file mode 100644 index 00000000..564d4c7b --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_folder_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.folders.getIamPolicy", + "resourcemanager.folders.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_folder_iam_policy.json b/src/mapping/google/resource/resourcemanager/google_folder_iam_policy.json new file mode 100644 index 00000000..07f8dced --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_folder_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.folders.getIamPolicy", + "resourcemanager.folders.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.folders.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_organization_iam_binding.json b/src/mapping/google/resource/resourcemanager/google_organization_iam_binding.json new file mode 100644 index 00000000..6d588b66 --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_organization_iam_binding.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.organizations.getIamPolicy", + "resourcemanager.organizations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.organizations.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_organization_iam_member.json b/src/mapping/google/resource/resourcemanager/google_organization_iam_member.json new file mode 100644 index 00000000..74978faa --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_organization_iam_member.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.organizations.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_organization_iam_policy.json b/src/mapping/google/resource/resourcemanager/google_organization_iam_policy.json new file mode 100644 index 00000000..6d588b66 --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_organization_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.organizations.getIamPolicy", + "resourcemanager.organizations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.organizations.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_project.json b/src/mapping/google/resource/resourcemanager/google_project.json new file mode 100644 index 00000000..18ab5802 --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_project.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "resourcemanager.organizations.get", + "resourcemanager.projects.create", + "resourcemanager.projects.delete", + "resourcemanager.projects.get", + "resourcemanager.projects.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_project_iam_member_remove.json b/src/mapping/google/resource/resourcemanager/google_project_iam_member_remove.json new file mode 100644 index 00000000..81b04628 --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_project_iam_member_remove.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.projects.setIamPolicy", + "resourcemanager.projects.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_project_iam_policy.json b/src/mapping/google/resource/resourcemanager/google_project_iam_policy.json new file mode 100644 index 00000000..06958c4b --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_project_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.projects.setIamPolicy", + "resourcemanager.projects.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.projects.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_location_tag_binding.json b/src/mapping/google/resource/resourcemanager/google_tags_location_tag_binding.json new file mode 100644 index 00000000..16223e3f --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_location_tag_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.tagValueBindings.create", + "resourcemanager.tagValueBindings.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_binding.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_binding.json new file mode 100644 index 00000000..16223e3f --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.tagValueBindings.create", + "resourcemanager.tagValueBindings.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_key.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_key.json new file mode 100644 index 00000000..a977ae2d --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_key.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.tagKeys.create", + "resourcemanager.tagKeys.delete", + "resourcemanager.tagKeys.get", + "resourcemanager.tagKeys.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_binding.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_binding.json new file mode 100644 index 00000000..d1bbd30a --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.tagKeys.getIamPolicy", + "resourcemanager.tagKeys.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_member.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_member.json new file mode 100644 index 00000000..d1bbd30a --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.tagKeys.getIamPolicy", + "resourcemanager.tagKeys.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_policy.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_policy.json new file mode 100644 index 00000000..5e0dbbcd --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_key_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.tagKeys.getIamPolicy", + "resourcemanager.tagKeys.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.tagKeys.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_value.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_value.json new file mode 100644 index 00000000..4eb0c0b1 --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_value.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.tagValues.create", + "resourcemanager.tagValues.update", + "resourcemanager.tagValues.delete", + "resourcemanager.tagValues.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_binding.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_binding.json new file mode 100644 index 00000000..b87a8a3d --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.tagValues.getIamPolicy", + "resourcemanager.tagValues.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_member.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_member.json new file mode 100644 index 00000000..b87a8a3d --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resourcemanager.tagValues.getIamPolicy", + "resourcemanager.tagValues.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_policy.json b/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_policy.json new file mode 100644 index 00000000..b2c6d5f4 --- /dev/null +++ b/src/mapping/google/resource/resourcemanager/google_tags_tag_value_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "resourcemanager.tagValues.getIamPolicy", + "resourcemanager.tagValues.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "resourcemanager.tagValues.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_domain_mapping.json b/src/mapping/google/resource/run/google_cloud_run_domain_mapping.json new file mode 100644 index 00000000..670b80ca --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_domain_mapping.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "run.domainmappings.create", + "run.domainmappings.get", + "run.domainmappings.delete", + "run.domainmappings.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "run.domainmappings.delete" + ], + "modify": [ + "run.domainmappings.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_service.json b/src/mapping/google/resource/run/google_cloud_run_service.json new file mode 100644 index 00000000..938d5ca6 --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_service.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "run.services.create", + "run.services.get", + "run.services.delete", + "run.services.update", + "run.operations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "run.services.delete" + ], + "modify": [ + "run.services.update" + ], + "plan": [ + "run.services.get" + ] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_service_iam_binding.json b/src/mapping/google/resource/run/google_cloud_run_service_iam_binding.json new file mode 100644 index 00000000..a69c8dd3 --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "run.services.getIamPolicy", + "run.services.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_service_iam_member.json b/src/mapping/google/resource/run/google_cloud_run_service_iam_member.json new file mode 100644 index 00000000..a69c8dd3 --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "run.services.getIamPolicy", + "run.services.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_service_iam_policy.json b/src/mapping/google/resource/run/google_cloud_run_service_iam_policy.json new file mode 100644 index 00000000..d0a9d794 --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "run.services.getIamPolicy", + "run.services.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "run.services.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_v2_job.json b/src/mapping/google/resource/run/google_cloud_run_v2_job.json index b4f20b11..7acab11b 100644 --- a/src/mapping/google/resource/run/google_cloud_run_v2_job.json +++ b/src/mapping/google/resource/run/google_cloud_run_v2_job.json @@ -1,21 +1,23 @@ -[ - { - "apply": [ - "run.jobs.create", - "run.jobs.get", - "run.operations.get", - "run.jobs.delete", - "run.jobs.update" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "run.jobs.delete" - ], - "modify": [ - "run.jobs.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "run.jobs.create", + "run.jobs.get", + "run.operations.get", + "run.jobs.delete", + "run.jobs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "run.jobs.delete" + ], + "modify": [ + "run.jobs.update" + ], + "plan": [ + "run.jobs.get" + ] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_v2_service.json b/src/mapping/google/resource/run/google_cloud_run_v2_service.json index 1a29dd24..311267a1 100644 --- a/src/mapping/google/resource/run/google_cloud_run_v2_service.json +++ b/src/mapping/google/resource/run/google_cloud_run_v2_service.json @@ -4,9 +4,13 @@ "run.services.create", "run.services.get", "run.services.delete", - "run.services.update" + "run.services.update", + "run.operations.get" ], "attributes": { + "image_uri": [ + "artifactregistry.repositories.downloadArtifacts" + ], "tags": [] }, "destroy": [ @@ -15,6 +19,8 @@ "modify": [ "run.services.update" ], - "plan": [] + "plan": [ + "run.services.get" + ] } ] diff --git a/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool.json b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool.json new file mode 100644 index 00000000..b051de2f --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "run.workerpools.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "run.workerpools.get" + ] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_binding.json b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_binding.json new file mode 100644 index 00000000..b17b287e --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "run.workerpools.getIamPolicy", + "run.workerpools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_member.json b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_member.json new file mode 100644 index 00000000..b17b287e --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "run.workerpools.getIamPolicy", + "run.workerpools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_policy.json b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_policy.json new file mode 100644 index 00000000..53f40436 --- /dev/null +++ b/src/mapping/google/resource/run/google_cloud_run_v2_worker_pool_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "run.workerpools.getIamPolicy", + "run.workerpools.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "run.workerpools.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config.json b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config.json new file mode 100644 index 00000000..7770456d --- /dev/null +++ b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "runtimeconfig.configs.create", + "runtimeconfig.configs.get", + "runtimeconfig.configs.update", + "runtimeconfig.configs.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_binding.json b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_binding.json new file mode 100644 index 00000000..f3a89537 --- /dev/null +++ b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "runtimeconfig.configs.getIamPolicy", + "runtimeconfig.configs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_member.json b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_member.json new file mode 100644 index 00000000..f3a89537 --- /dev/null +++ b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "runtimeconfig.configs.getIamPolicy", + "runtimeconfig.configs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_policy.json b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_policy.json new file mode 100644 index 00000000..463acda2 --- /dev/null +++ b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_config_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "runtimeconfig.configs.getIamPolicy", + "runtimeconfig.configs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "runtimeconfig.configs.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_variable.json b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_variable.json new file mode 100644 index 00000000..73ffaf2a --- /dev/null +++ b/src/mapping/google/resource/runtimeconfig/google_runtimeconfig_variable.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "runtimeconfig.variables.create", + "runtimeconfig.variables.delete", + "runtimeconfig.variables.get", + "runtimeconfig.variables.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret.json b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret.json new file mode 100644 index 00000000..478b9d78 --- /dev/null +++ b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "secretmanager.secrets.create", + "secretmanager.secrets.get", + "secretmanager.secrets.update", + "secretmanager.secrets.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "secretmanager.secrets.delete" + ], + "modify": [ + "secretmanager.secrets.update" + ], + "plan": [ + "secretmanager.secrets.get" + ] + } +] diff --git a/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_binding.json b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_binding.json new file mode 100644 index 00000000..aa7d0851 --- /dev/null +++ b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "secretmanager.secrets.getIamPolicy", + "secretmanager.secrets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_member.json b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_member.json new file mode 100644 index 00000000..aa7d0851 --- /dev/null +++ b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "secretmanager.secrets.getIamPolicy", + "secretmanager.secrets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_policy.json b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_policy.json new file mode 100644 index 00000000..9f1df28a --- /dev/null +++ b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "secretmanager.secrets.getIamPolicy", + "secretmanager.secrets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "secretmanager.secrets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_version.json b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_version.json new file mode 100644 index 00000000..2733eb1a --- /dev/null +++ b/src/mapping/google/resource/secretmanager/google_secret_manager_regional_secret_version.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "secretmanager.versions.add", + "secretmanager.versions.enable", + "secretmanager.versions.get", + "secretmanager.versions.disable", + "secretmanager.versions.access", + "secretmanager.versions.destroy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "secretmanager.versions.disable", + "secretmanager.versions.destroy" + ], + "modify": [], + "plan": [ + "secretmanager.versions.get" + ] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_branch_rule.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_branch_rule.json new file mode 100644 index 00000000..35c1e881 --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_branch_rule.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "securesourcemanager.branchRules.delete", + "securesourcemanager.branchRules.create", + "securesourcemanager.branchRules.get", + "securesourcemanager.branchRules.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance.json new file mode 100644 index 00000000..57c9d967 --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "securesourcemanager.instances.create", + "securesourcemanager.instances.get", + "securesourcemanager.instances.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_binding.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_binding.json new file mode 100644 index 00000000..2e67a409 --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securesourcemanager.instances.getIamPolicy", + "securesourcemanager.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_member.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_member.json new file mode 100644 index 00000000..2e67a409 --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securesourcemanager.instances.getIamPolicy", + "securesourcemanager.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_policy.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_policy.json new file mode 100644 index 00000000..1f17ab2d --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_instance_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "securesourcemanager.instances.getIamPolicy", + "securesourcemanager.instances.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securesourcemanager.instances.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository.json new file mode 100644 index 00000000..c72b880f --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "securesourcemanager.repositories.get", + "securesourcemanager.repositories.create", + "securesourcemanager.repositories.update", + "securesourcemanager.repositories.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_binding.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_binding.json new file mode 100644 index 00000000..fc1a8baf --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securesourcemanager.repositories.getIamPolicy", + "securesourcemanager.repositories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_member.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_member.json new file mode 100644 index 00000000..fc1a8baf --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securesourcemanager.repositories.getIamPolicy", + "securesourcemanager.repositories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_policy.json b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_policy.json new file mode 100644 index 00000000..871acd6b --- /dev/null +++ b/src/mapping/google/resource/securesourcemanager/google_secure_source_manager_repository_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "securesourcemanager.repositories.getIamPolicy", + "securesourcemanager.repositories.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securesourcemanager.repositories.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/securitycenter/google_scc_source_iam_binding.json b/src/mapping/google/resource/securitycenter/google_scc_source_iam_binding.json new file mode 100644 index 00000000..9b11e06f --- /dev/null +++ b/src/mapping/google/resource/securitycenter/google_scc_source_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securitycenter.sources.getIamPolicy", + "securitycenter.sources.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securitycenter/google_scc_source_iam_member.json b/src/mapping/google/resource/securitycenter/google_scc_source_iam_member.json new file mode 100644 index 00000000..9b11e06f --- /dev/null +++ b/src/mapping/google/resource/securitycenter/google_scc_source_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securitycenter.sources.getIamPolicy", + "securitycenter.sources.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securitycenter/google_scc_source_iam_policy.json b/src/mapping/google/resource/securitycenter/google_scc_source_iam_policy.json new file mode 100644 index 00000000..670013cf --- /dev/null +++ b/src/mapping/google/resource/securitycenter/google_scc_source_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "securitycenter.sources.getIamPolicy", + "securitycenter.sources.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securitycenter.sources.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_binding.json b/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_binding.json new file mode 100644 index 00000000..9b11e06f --- /dev/null +++ b/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securitycenter.sources.getIamPolicy", + "securitycenter.sources.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_member.json b/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_member.json new file mode 100644 index 00000000..9b11e06f --- /dev/null +++ b/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "securitycenter.sources.getIamPolicy", + "securitycenter.sources.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_policy.json b/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_policy.json new file mode 100644 index 00000000..670013cf --- /dev/null +++ b/src/mapping/google/resource/securitycenter/google_scc_v2_organization_source_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "securitycenter.sources.getIamPolicy", + "securitycenter.sources.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "securitycenter.sources.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/servicedirectory/google_service_directory_namespace_iam_policy.json b/src/mapping/google/resource/servicedirectory/google_service_directory_namespace_iam_policy.json index 94aba09d..5d313248 100644 --- a/src/mapping/google/resource/servicedirectory/google_service_directory_namespace_iam_policy.json +++ b/src/mapping/google/resource/servicedirectory/google_service_directory_namespace_iam_policy.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "servicedirectory.namespaces.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/servicedirectory/google_service_directory_service_iam_policy.json b/src/mapping/google/resource/servicedirectory/google_service_directory_service_iam_policy.json index 025bf9be..8872696a 100644 --- a/src/mapping/google/resource/servicedirectory/google_service_directory_service_iam_policy.json +++ b/src/mapping/google/resource/servicedirectory/google_service_directory_service_iam_policy.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "servicedirectory.services.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_binding.json b/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_binding.json new file mode 100644 index 00000000..abf5af0b --- /dev/null +++ b/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "servicemanagement.services.setIamPolicy", + "servicemanagement.services.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_member.json b/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_member.json new file mode 100644 index 00000000..abf5af0b --- /dev/null +++ b/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "servicemanagement.services.setIamPolicy", + "servicemanagement.services.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_policy.json b/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_policy.json new file mode 100644 index 00000000..abf5af0b --- /dev/null +++ b/src/mapping/google/resource/servicemanagement/google_endpoints_service_consumers_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "servicemanagement.services.setIamPolicy", + "servicemanagement.services.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_binding.json b/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_binding.json new file mode 100644 index 00000000..abf5af0b --- /dev/null +++ b/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "servicemanagement.services.setIamPolicy", + "servicemanagement.services.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_member.json b/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_member.json new file mode 100644 index 00000000..abf5af0b --- /dev/null +++ b/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "servicemanagement.services.setIamPolicy", + "servicemanagement.services.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_policy.json b/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_policy.json new file mode 100644 index 00000000..8a22e54c --- /dev/null +++ b/src/mapping/google/resource/servicemanagement/google_endpoints_service_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "servicemanagement.services.setIamPolicy", + "servicemanagement.services.getIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "servicemanagement.services.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/source/google_sourcerepo_repository_iam_binding.json b/src/mapping/google/resource/source/google_sourcerepo_repository_iam_binding.json new file mode 100644 index 00000000..327b5075 --- /dev/null +++ b/src/mapping/google/resource/source/google_sourcerepo_repository_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "source.repos.getIamPolicy", + "source.repos.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/source/google_sourcerepo_repository_iam_member.json b/src/mapping/google/resource/source/google_sourcerepo_repository_iam_member.json new file mode 100644 index 00000000..327b5075 --- /dev/null +++ b/src/mapping/google/resource/source/google_sourcerepo_repository_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "source.repos.getIamPolicy", + "source.repos.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/source/google_sourcerepo_repository_iam_policy.json b/src/mapping/google/resource/source/google_sourcerepo_repository_iam_policy.json new file mode 100644 index 00000000..497b9782 --- /dev/null +++ b/src/mapping/google/resource/source/google_sourcerepo_repository_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "source.repos.getIamPolicy", + "source.repos.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "source.repos.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/spanner/google_spanner_backup_schedule.json b/src/mapping/google/resource/spanner/google_spanner_backup_schedule.json new file mode 100644 index 00000000..2e72af7a --- /dev/null +++ b/src/mapping/google/resource/spanner/google_spanner_backup_schedule.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "spanner.databases.createBackup", + "spanner.backupSchedules.create", + "spanner.backupSchedules.get", + "spanner.backupSchedules.delete", + "spanner.backupSchedules.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "spanner.backupSchedules.delete" + ], + "modify": [ + "spanner.backupSchedules.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/spanner/google_spanner_database.json b/src/mapping/google/resource/spanner/google_spanner_database.json index 48cfe204..9346d30c 100644 --- a/src/mapping/google/resource/spanner/google_spanner_database.json +++ b/src/mapping/google/resource/spanner/google_spanner_database.json @@ -1,23 +1,25 @@ -[ - { - "apply": [ - "spanner.databases.create", - "spanner.databases.drop", - "spanner.databases.updateDdl", - "spanner.databases.update", - "spanner.databases.get", - "spanner.databaseOperations.get" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "spanner.databases.drop" - ], - "modify": [ - "spanner.databases.updateDdl", - "spanner.databases.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "spanner.databases.create", + "spanner.databases.drop", + "spanner.databases.updateDdl", + "spanner.databases.update", + "spanner.databases.get", + "spanner.databaseOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "spanner.databases.drop" + ], + "modify": [ + "spanner.databases.updateDdl", + "spanner.databases.update" + ], + "plan": [ + "spanner.databases.get" + ] + } +] diff --git a/src/mapping/google/resource/spanner/google_spanner_instance.json b/src/mapping/google/resource/spanner/google_spanner_instance.json index 3f7a54a9..ec5fd758 100644 --- a/src/mapping/google/resource/spanner/google_spanner_instance.json +++ b/src/mapping/google/resource/spanner/google_spanner_instance.json @@ -1,21 +1,23 @@ -[ - { - "apply": [ - "spanner.instances.create", - "spanner.instances.delete", - "spanner.instances.update", - "spanner.instances.get", - "spanner.instanceOperations.get" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "spanner.instances.delete" - ], - "modify": [ - "spanner.instances.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "spanner.instances.create", + "spanner.instances.delete", + "spanner.instances.update", + "spanner.instances.get", + "spanner.instanceOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "spanner.instances.delete" + ], + "modify": [ + "spanner.instances.update" + ], + "plan": [ + "spanner.instances.get" + ] + } +] diff --git a/src/mapping/google/resource/spanner/google_spanner_instance_config.json b/src/mapping/google/resource/spanner/google_spanner_instance_config.json new file mode 100644 index 00000000..c3776c78 --- /dev/null +++ b/src/mapping/google/resource/spanner/google_spanner_instance_config.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "spanner.instanceConfigs.get", + "spanner.instanceConfigs.create", + "spanner.instanceConfigs.update", + "spanner.instanceConfigs.delete", + "spanner.instanceConfigOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "spanner.instanceConfigs.delete" + ], + "modify": [ + "spanner.instanceConfigs.update" + ], + "plan": [ + "spanner.instanceConfigOperations.get" + ] + } +] diff --git a/src/mapping/google/resource/spanner/google_spanner_instance_partition.json b/src/mapping/google/resource/spanner/google_spanner_instance_partition.json new file mode 100644 index 00000000..0432bef9 --- /dev/null +++ b/src/mapping/google/resource/spanner/google_spanner_instance_partition.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "spanner.instancePartitions.create", + "spanner.instancePartitions.get", + "spanner.instancePartitions.update", + "spanner.instancePartitions.delete", + "spanner.instancePartitionOperations.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "spanner.instancePartitions.delete" + ], + "modify": [ + "spanner.instancePartitions.update" + ], + "plan": [ + "spanner.instancePartitions.get" + ] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_bucket.json b/src/mapping/google/resource/storage/google_storage_bucket.json index 74e9554b..0c73f1f8 100644 --- a/src/mapping/google/resource/storage/google_storage_bucket.json +++ b/src/mapping/google/resource/storage/google_storage_bucket.json @@ -1,19 +1,21 @@ -[ - { - "apply": [ - "storage.buckets.create", - "storage.buckets.get", - "storage.buckets.delete" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "storage.buckets.delete" - ], - "modify": [ - "storage.buckets.update" - ], - "plan": [] - } -] +[ + { + "apply": [ + "storage.buckets.create", + "storage.buckets.get", + "storage.buckets.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "storage.buckets.delete" + ], + "modify": [ + "storage.buckets.update" + ], + "plan": [ + "storage.buckets.get" + ] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_bucket_iam_member.json b/src/mapping/google/resource/storage/google_storage_bucket_iam_member.json index fa816333..039c73b1 100644 --- a/src/mapping/google/resource/storage/google_storage_bucket_iam_member.json +++ b/src/mapping/google/resource/storage/google_storage_bucket_iam_member.json @@ -1,14 +1,16 @@ -[ - { - "apply": [ - "storage.buckets.getIamPolicy", - "storage.buckets.setIamPolicy" - ], - "attributes": { - "tags": [] - }, - "destroy": [], - "modify": [], - "plan": [] - } -] +[ + { + "apply": [ + "storage.buckets.getIamPolicy", + "storage.buckets.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "storage.buckets.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_bucket_iam_policy.json b/src/mapping/google/resource/storage/google_storage_bucket_iam_policy.json index fa816333..1115d60d 100644 --- a/src/mapping/google/resource/storage/google_storage_bucket_iam_policy.json +++ b/src/mapping/google/resource/storage/google_storage_bucket_iam_policy.json @@ -9,6 +9,8 @@ }, "destroy": [], "modify": [], - "plan": [] + "plan": [ + "storage.buckets.getIamPolicy" + ] } ] diff --git a/src/mapping/google/resource/storage/google_storage_bucket_object.json b/src/mapping/google/resource/storage/google_storage_bucket_object.json index ab601cde..8ded2526 100644 --- a/src/mapping/google/resource/storage/google_storage_bucket_object.json +++ b/src/mapping/google/resource/storage/google_storage_bucket_object.json @@ -1,18 +1,20 @@ -[ - { - "apply": [ - "storage.objects.create", - "storage.objects.delete" - ], - "attributes": { - "tags": [] - }, - "destroy": [ - "storage.objects.delete" - ], - "modify": [ - "storage.objects.get" - ], - "plan": [] - } -] +[ + { + "apply": [ + "storage.objects.create", + "storage.objects.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "storage.objects.delete" + ], + "modify": [ + "storage.objects.get" + ], + "plan": [ + "storage.objects.list" + ] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_control_folder_intelligence_config.json b/src/mapping/google/resource/storage/google_storage_control_folder_intelligence_config.json new file mode 100644 index 00000000..9e66cdec --- /dev/null +++ b/src/mapping/google/resource/storage/google_storage_control_folder_intelligence_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "storage.intelligenceConfigs.get", + "storage.intelligenceConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_control_organization_intelligence_config.json b/src/mapping/google/resource/storage/google_storage_control_organization_intelligence_config.json new file mode 100644 index 00000000..9e66cdec --- /dev/null +++ b/src/mapping/google/resource/storage/google_storage_control_organization_intelligence_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "storage.intelligenceConfigs.get", + "storage.intelligenceConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_control_project_intelligence_config.json b/src/mapping/google/resource/storage/google_storage_control_project_intelligence_config.json new file mode 100644 index 00000000..29e3fb56 --- /dev/null +++ b/src/mapping/google/resource/storage/google_storage_control_project_intelligence_config.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "storage.intelligenceConfigs.get", + "storage.intelligenceConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_managed_folder_iam_binding.json b/src/mapping/google/resource/storage/google_storage_managed_folder_iam_binding.json new file mode 100644 index 00000000..04e7576b --- /dev/null +++ b/src/mapping/google/resource/storage/google_storage_managed_folder_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "storage.managedFolders.getIamPolicy", + "storage.managedFolders.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_managed_folder_iam_member.json b/src/mapping/google/resource/storage/google_storage_managed_folder_iam_member.json new file mode 100644 index 00000000..04e7576b --- /dev/null +++ b/src/mapping/google/resource/storage/google_storage_managed_folder_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "storage.managedFolders.getIamPolicy", + "storage.managedFolders.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/storage/google_storage_managed_folder_iam_policy.json b/src/mapping/google/resource/storage/google_storage_managed_folder_iam_policy.json new file mode 100644 index 00000000..04e7576b --- /dev/null +++ b/src/mapping/google/resource/storage/google_storage_managed_folder_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "storage.managedFolders.getIamPolicy", + "storage.managedFolders.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/storageinsights/google_storage_insights_dataset_config.json b/src/mapping/google/resource/storageinsights/google_storage_insights_dataset_config.json new file mode 100644 index 00000000..b77bd46a --- /dev/null +++ b/src/mapping/google/resource/storageinsights/google_storage_insights_dataset_config.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "storage.buckets.get", + "storage.objects.list", + "storage.buckets.getObjectInsights", + "storage.objects.create", + "storage.buckets.get", + "storageinsights.reportConfigs.get", + "storageinsights.reportConfigs.create", + "storageinsights.reportConfigs.delete", + "storageinsights.reportConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "storageinsights.reportConfigs.delete" + ], + "modify": [ + "storageinsights.reportConfigs.update" + ], + "plan": [] + } +] diff --git a/src/mapping/google/resource/tpu/google_tpu_node.json b/src/mapping/google/resource/tpu/google_tpu_node.json new file mode 100644 index 00000000..a8e6e84a --- /dev/null +++ b/src/mapping/google/resource/tpu/google_tpu_node.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "tpu.nodes.create", + "tpu.nodes.get", + "tpu.nodes.delete", + "tpu.nodes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/tpu/google_tpu_v2_queued_resource.json b/src/mapping/google/resource/tpu/google_tpu_v2_queued_resource.json new file mode 100644 index 00000000..a8e6e84a --- /dev/null +++ b/src/mapping/google/resource/tpu/google_tpu_v2_queued_resource.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "tpu.nodes.create", + "tpu.nodes.get", + "tpu.nodes.delete", + "tpu.nodes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/tpu/google_tpu_v2_vm.json b/src/mapping/google/resource/tpu/google_tpu_v2_vm.json new file mode 100644 index 00000000..a8e6e84a --- /dev/null +++ b/src/mapping/google/resource/tpu/google_tpu_v2_vm.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "tpu.nodes.create", + "tpu.nodes.get", + "tpu.nodes.delete", + "tpu.nodes.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/transcoder/google_transcoder_job.json b/src/mapping/google/resource/transcoder/google_transcoder_job.json new file mode 100644 index 00000000..8b781d7e --- /dev/null +++ b/src/mapping/google/resource/transcoder/google_transcoder_job.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "transcoder.jobs.create", + "transcoder.jobs.get", + "transcoder.jobs.delete", + "transcoder.jobs.get" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/transcoder/google_transcoder_job_template.json b/src/mapping/google/resource/transcoder/google_transcoder_job_template.json new file mode 100644 index 00000000..ebe5f17e --- /dev/null +++ b/src/mapping/google/resource/transcoder/google_transcoder_job_template.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "transcoder.jobTemplates.create", + "transcoder.jobTemplates.get", + "transcoder.jobTemplates.delete" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_cluster.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_cluster.json new file mode 100644 index 00000000..52ec3615 --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_cluster.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vmwareengine.clusters.create", + "vmwareengine.clusters.delete", + "vmwareengine.clusters.get", + "vmwareengine.clusters.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_external_access_rule.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_external_access_rule.json new file mode 100644 index 00000000..d9447e1b --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_external_access_rule.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vmwareengine.externalAccessRules.create", + "vmwareengine.externalAccessRules.delete", + "vmwareengine.externalAccessRules.get", + "vmwareengine.externalAccessRules.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_external_address.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_external_address.json new file mode 100644 index 00000000..8a3f5329 --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_external_address.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vmwareengine.externalAddresses.create", + "vmwareengine.externalAddresses.delete", + "vmwareengine.externalAddresses.get", + "vmwareengine.externalAddresses.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_network.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_network.json new file mode 100644 index 00000000..57e7ec5f --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_network.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vmwareengine.vmwareEngineNetworks.create", + "vmwareengine.vmwareEngineNetworks.delete", + "vmwareengine.vmwareEngineNetworks.get", + "vmwareengine.vmwareEngineNetworks.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_network_peering.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_network_peering.json new file mode 100644 index 00000000..fee1226f --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_network_peering.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vmwareengine.externalAddresses.create", + "vmwareengine.externalAddresses.delete", + "vmwareengine.externalAddresses.get", + "vmwareengine.externalAddresses.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_network_policy.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_network_policy.json new file mode 100644 index 00000000..3dacb5d2 --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_network_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vmwareengine.networkPolicies.create", + "vmwareengine.networkPolicies.delete", + "vmwareengine.networkPolicies.get", + "vmwareengine.networkPolicies.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_private_cloud.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_private_cloud.json new file mode 100644 index 00000000..b8ec8759 --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_private_cloud.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vmwareengine.privateClouds.create", + "vmwareengine.privateClouds.get", + "vmwareengine.privateClouds.delete", + "vmwareengine.privateClouds.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vmwareengine/google_vmwareengine_subnet.json b/src/mapping/google/resource/vmwareengine/google_vmwareengine_subnet.json new file mode 100644 index 00000000..090dbc7c --- /dev/null +++ b/src/mapping/google/resource/vmwareengine/google_vmwareengine_subnet.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "vmwareengine.subnets.get", + "vmwareengine.subnets.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/vpcaccess/google_vpc_access_connector.json b/src/mapping/google/resource/vpcaccess/google_vpc_access_connector.json new file mode 100644 index 00000000..4dadb545 --- /dev/null +++ b/src/mapping/google/resource/vpcaccess/google_vpc_access_connector.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "vpcaccess.connectors.create", + "vpcaccess.connectors.delete", + "vpcaccess.connectors.get", + "vpcaccess.connectors.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workflows/google_workflows_workflow.json b/src/mapping/google/resource/workflows/google_workflows_workflow.json new file mode 100644 index 00000000..45efd560 --- /dev/null +++ b/src/mapping/google/resource/workflows/google_workflows_workflow.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "workflows.workflows.create", + "workflows.workflows.delete", + "workflows.workflows.get", + "workflows.workflows.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation.json b/src/mapping/google/resource/workstations/google_workstations_workstation.json new file mode 100644 index 00000000..d83fe594 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "workstations.workstations.create", + "workstations.workstations.delete", + "workstations.workstations.get", + "workstations.workstations.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_cluster.json b/src/mapping/google/resource/workstations/google_workstations_workstation_cluster.json new file mode 100644 index 00000000..525e4cf2 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_cluster.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "workstations.workstationClusters.create", + "workstations.workstationClusters.delete", + "workstations.workstationClusters.get", + "workstations.workstationClusters.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_config.json b/src/mapping/google/resource/workstations/google_workstations_workstation_config.json new file mode 100644 index 00000000..4b11e785 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_config.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "workstations.workstationConfigs.create", + "workstations.workstationConfigs.delete", + "workstations.workstationConfigs.get", + "workstations.workstationConfigs.update" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_binding.json b/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_binding.json new file mode 100644 index 00000000..a8904bc7 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "workstations.workstationConfigs.getIamPolicy", + "workstations.workstationConfigs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_member.json b/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_member.json new file mode 100644 index 00000000..a8904bc7 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "workstations.workstationConfigs.getIamPolicy", + "workstations.workstationConfigs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_policy.json b/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_policy.json new file mode 100644 index 00000000..60e562c0 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_config_iam_policy.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "workstations.workstationConfigs.getIamPolicy", + "workstations.workstationConfigs.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "workstations.workstationConfigs.getIamPolicy" + ] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_iam_binding.json b/src/mapping/google/resource/workstations/google_workstations_workstation_iam_binding.json new file mode 100644 index 00000000..a9763718 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_iam_binding.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "workstations.workstations.getIamPolicy", + "workstations.workstations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_iam_member.json b/src/mapping/google/resource/workstations/google_workstations_workstation_iam_member.json new file mode 100644 index 00000000..a9763718 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_iam_member.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "workstations.workstations.getIamPolicy", + "workstations.workstations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/google/resource/workstations/google_workstations_workstation_iam_policy.json b/src/mapping/google/resource/workstations/google_workstations_workstation_iam_policy.json new file mode 100644 index 00000000..a9763718 --- /dev/null +++ b/src/mapping/google/resource/workstations/google_workstations_workstation_iam_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "workstations.workstations.getIamPolicy", + "workstations.workstations.setIamPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/modules.go b/src/modules.go new file mode 100644 index 00000000..a3f34b17 --- /dev/null +++ b/src/modules.go @@ -0,0 +1,101 @@ +package pike + +import ( + "encoding/json" + "fmt" + "io" + "os" + "path/filepath" + + "github.com/hashicorp/go-version" +) + +const ( + ManifestSnapshotFilename = "modules.json" +) + +// Record represents some metadata about an installed module, as part +// of a module JSON. +type Record struct { + Key string `json:"Key"` + SourceAddr string `json:"Source"` + Version *version.Version `json:"-"` + VersionStr string `json:"Version,omitempty"` + Dir string `json:"Dir"` +} + +type ModuleJson map[string]Record + +type modulesJson struct { + Records []Record `json:"Modules"` +} + +type invalidVersionError struct { + err error + key string + version string +} + +func (m *invalidVersionError) Error() string { + return fmt.Sprintf("invalid version %q for %s: %s", m.version, m.key, m.err) +} + +func ReadModuleJson(r io.Reader) (ModuleJson, error) { + src, err := io.ReadAll(r) + + if err != nil { + return nil, err + } + + if len(src) == 0 { + return make(ModuleJson), nil + } + + var read modulesJson + err = json.Unmarshal(src, &read) + + if err != nil { + return nil, &unmarshallJSONError{err, ""} + } + + newModuleJson := make(ModuleJson) + for _, record := range read.Records { + if record.VersionStr != "" { + record.Version, err = version.NewVersion(record.VersionStr) + if err != nil { + return nil, &invalidVersionError{err, record.Key, record.VersionStr} + } + } + // Ensure Windows is using the proper modules path format after + // reading the module's manifest Dir records + record.Dir = filepath.FromSlash(record.Dir) + + if _, exists := newModuleJson[record.Key]; exists { + return nil, fmt.Errorf("snapshot file contains two records for path %s", record.Key) + } + newModuleJson[record.Key] = record + } + return newModuleJson, nil +} + +func ReadModuleJsonForDir(dir string) (ModuleJson, error) { + fn := filepath.Join(dir, ManifestSnapshotFilename) + r, err := os.Open(fn) + if err != nil { + if os.IsNotExist(err) { + return make(ModuleJson), nil + } + return nil, err + } + defer r.Close() + return ReadModuleJson(r) +} + +func ReturnLocalAddrFromSource(source string, listModules ModuleJson) string { + for _, module := range listModules { + if module.SourceAddr == source { + return module.Dir + } + } + return "" +} diff --git a/src/modules_test.go b/src/modules_test.go new file mode 100644 index 00000000..ca4836d7 --- /dev/null +++ b/src/modules_test.go @@ -0,0 +1,305 @@ +package pike + +import ( + "os" + "path/filepath" + "strings" + "testing" +) + +func TestReadModuleJson_ValidInput(t *testing.T) { + jsonInput := `{ + "Modules": [ + { + "Key": "module1", + "Source": "github.com/example/module1", + "Version": "1.0.0", + "Dir": "modules/module1" + }, + { + "Key": "module2", + "Source": "github.com/example/module2", + "Dir": "modules/module2" + } + ] + }` + + reader := strings.NewReader(jsonInput) + result, err := ReadModuleJson(reader) + + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + if len(result) != 2 { + t.Fatalf("Expected 2 modules, got: %d", len(result)) + } + + // Test module1 + module1, exists := result["module1"] + if !exists { + t.Fatal("Expected module1 to exist") + } + if module1.Key != "module1" { + t.Errorf("Expected Key 'module1', got: %s", module1.Key) + } + if module1.SourceAddr != "github.com/example/module1" { + t.Errorf("Expected SourceAddr 'github.com/example/module1', got: %s", module1.SourceAddr) + } + if module1.VersionStr != "1.0.0" { + t.Errorf("Expected VersionStr '1.0.0', got: %s", module1.VersionStr) + } + if module1.Version == nil { + t.Error("Expected Version to be parsed") + } else if module1.Version.String() != "1.0.0" { + t.Errorf("Expected Version '1.0.0', got: %s", module1.Version.String()) + } + + // Test module2 (no version) + module2, exists := result["module2"] + if !exists { + t.Fatal("Expected module2 to exist") + } + if module2.Version != nil { + t.Error("Expected Version to be nil for module without version") + } +} + +func TestReadModuleJson_EmptyInput(t *testing.T) { + reader := strings.NewReader("") + result, err := ReadModuleJson(reader) + + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + if len(result) != 0 { + t.Fatalf("Expected empty ModuleJson, got: %d modules", len(result)) + } +} + +func TestReadModuleJson_InvalidJSON(t *testing.T) { + reader := strings.NewReader(`{"invalid": json}`) + _, err := ReadModuleJson(reader) + + if err == nil { + t.Fatal("Expected error for invalid JSON") + } + + if !strings.Contains(err.Error(), "invalid character 'j' looking for beginning of value") { + t.Errorf("Expected unmarshalling error, got: %v", err) + } +} + +func TestReadModuleJson_DuplicateKeys(t *testing.T) { + jsonInput := `{ + "Modules": [ + { + "Key": "duplicate", + "Source": "github.com/example/module1", + "Dir": "modules/module1" + }, + { + "Key": "duplicate", + "Source": "github.com/example/module2", + "Dir": "modules/module2" + } + ] + }` + + reader := strings.NewReader(jsonInput) + _, err := ReadModuleJson(reader) + + if err == nil { + t.Fatal("Expected error for duplicate keys") + } + + if !strings.Contains(err.Error(), "snapshot file contains two records for path duplicate") { + t.Errorf("Expected duplicate key error, got: %v", err) + } +} + +func TestReadModuleJson_InvalidVersion(t *testing.T) { + jsonInput := `{ + "Modules": [ + { + "Key": "module1", + "Source": "github.com/example/module1", + "Version": "invalid-version", + "Dir": "modules/module1" + } + ] + }` + + reader := strings.NewReader(jsonInput) + _, err := ReadModuleJson(reader) + + if err == nil { + t.Fatal("Expected error for invalid version") + } + + if !strings.Contains(err.Error(), "invalid version") { + t.Errorf("Expected invalid version error, got: %v", err) + } +} + +func TestReadModuleJson_WindowsPathHandling(t *testing.T) { + jsonInput := `{ + "Modules": [ + { + "Key": "module1", + "Source": "github.com/example/module1", + "Dir": "modules/subdir/module1" + } + ] + }` + + reader := strings.NewReader(jsonInput) + result, err := ReadModuleJson(reader) + + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + module1 := result["module1"] + expectedDir := filepath.FromSlash("modules/subdir/module1") + if module1.Dir != expectedDir { + t.Errorf("Expected Dir '%s', got: '%s'", expectedDir, module1.Dir) + } +} + +func TestReadModuleJsonForDir_ValidFile(t *testing.T) { + // Create a temporary directory + tempDir, err := os.MkdirTemp("", "pike-test") + if err != nil { + t.Fatalf("Failed to create temp dir: %v", err) + } + defer os.RemoveAll(tempDir) + + // Create a modules.json file + jsonContent := `{ + "Modules": [ + { + "Key": "test-module", + "Source": "github.com/example/test", + "Dir": "modules/test" + } + ] + }` + + modulesFile := filepath.Join(tempDir, ManifestSnapshotFilename) + err = os.WriteFile(modulesFile, []byte(jsonContent), 0644) + if err != nil { + t.Fatalf("Failed to write modules file: %v", err) + } + + result, err := ReadModuleJsonForDir(tempDir) + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + if len(result) != 1 { + t.Fatalf("Expected 1 module, got: %d", len(result)) + } + + module, exists := result["test-module"] + if !exists { + t.Fatal("Expected test-module to exist") + } + if module.SourceAddr != "github.com/example/test" { + t.Errorf("Expected SourceAddr 'github.com/example/test', got: %s", module.SourceAddr) + } +} + +func TestReadModuleJsonForDir_NonExistentFile(t *testing.T) { + // Create a temporary directory without modules.json + tempDir, err := os.MkdirTemp("", "pike-test") + if err != nil { + t.Fatalf("Failed to create temp dir: %v", err) + } + defer os.RemoveAll(tempDir) + + result, err := ReadModuleJsonForDir(tempDir) + if err != nil { + t.Fatalf("Expected no error for non-existent file, got: %v", err) + } + + if len(result) != 0 { + t.Fatalf("Expected empty ModuleJson, got: %d modules", len(result)) + } +} + +func TestReadModuleJsonForDir_NonExistentDirectory(t *testing.T) { + result, err := ReadModuleJsonForDir("/non/existent/directory") + if err != nil { + t.Fatalf("Expected no error for non-existent directory, got: %v", err) + } + + if len(result) != 0 { + t.Fatalf("Expected empty ModuleJson, got: %d modules", len(result)) + } +} + +func TestReturnLocalAddrFromSource_Found(t *testing.T) { + modules := ModuleJson{ + "module1": Record{ + Key: "module1", + SourceAddr: "github.com/example/module1", + Dir: "/path/to/module1", + }, + "module2": Record{ + Key: "module2", + SourceAddr: "github.com/example/module2", + Dir: "/path/to/module2", + }, + } + + result := ReturnLocalAddrFromSource("github.com/example/module2", modules) + expected := "/path/to/module2" + + if result != expected { + t.Errorf("Expected '%s', got: '%s'", expected, result) + } +} + +func TestReturnLocalAddrFromSource_NotFound(t *testing.T) { + modules := ModuleJson{ + "module1": Record{ + Key: "module1", + SourceAddr: "github.com/example/module1", + Dir: "/path/to/module1", + }, + } + + result := ReturnLocalAddrFromSource("github.com/example/nonexistent", modules) + + if result != "" { + t.Errorf("Expected empty string, got: '%s'", result) + } +} + +func TestReturnLocalAddrFromSource_EmptyModules(t *testing.T) { + modules := make(ModuleJson) + + result := ReturnLocalAddrFromSource("github.com/example/any", modules) + + if result != "" { + t.Errorf("Expected empty string, got: '%s'", result) + } +} + +func TestReturnLocalAddrFromSource_EmptySource(t *testing.T) { + modules := ModuleJson{ + "module1": Record{ + Key: "module1", + SourceAddr: "github.com/example/module1", + Dir: "/path/to/module1", + }, + } + + result := ReturnLocalAddrFromSource("", modules) + + if result != "" { + t.Errorf("Expected empty string, got: '%s'", result) + } +} diff --git a/src/parse/aws-members.json b/src/parse/aws-members.json index 07cf2ece..1c433ceb 100755 --- a/src/parse/aws-members.json +++ b/src/parse/aws-members.json @@ -1,1946 +1,2195 @@ { - "dataSources": [ - "aws_acm_certificate", - "aws_acmpca_certificate", - "aws_acmpca_certificate_authority", - "aws_ami", - "aws_ami_ids", - "aws_api_gateway_api_key", - "aws_api_gateway_authorizer", - "aws_api_gateway_authorizers", - "aws_api_gateway_domain_name", - "aws_api_gateway_export", - "aws_api_gateway_resource", - "aws_api_gateway_rest_api", - "aws_api_gateway_sdk", - "aws_api_gateway_vpc_link", - "aws_apigatewayv2_api", - "aws_apigatewayv2_apis", - "aws_apigatewayv2_export", - "aws_apigatewayv2_vpc_link", - "aws_appconfig_configuration_profile", - "aws_appconfig_configuration_profiles", - "aws_appconfig_environment", - "aws_appconfig_environments", - "aws_appintegrations_event_integration", - "aws_appmesh_gateway_route", - "aws_appmesh_mesh", - "aws_appmesh_route", - "aws_appmesh_virtual_gateway", - "aws_appmesh_virtual_node", - "aws_appmesh_virtual_router", - "aws_appmesh_virtual_service", - "aws_apprunner_hosted_zone_id", - "aws_appstream_image", - "aws_arn", - "aws_athena_named_query", - "aws_auditmanager_control", - "aws_auditmanager_framework", - "aws_autoscaling_group", - "aws_autoscaling_groups", - "aws_availability_zone", - "aws_availability_zones", - "aws_backup_framework", - "aws_backup_plan", - "aws_backup_report_plan", - "aws_backup_selection", - "aws_backup_vault", - "aws_batch_compute_environment", - "aws_batch_job_definition", - "aws_batch_job_queue", - "aws_batch_scheduling_policy", - "aws_bedrock_custom_model", - "aws_bedrock_custom_models", - "aws_bedrock_foundation_model", - "aws_bedrock_foundation_models", - "aws_billing_service_account", - "aws_budgets_budget", - "aws_caller_identity", - "aws_canonical_user_id", - "aws_chatbot_slack_workspace", - "aws_cloudcontrolapi_resource", - "aws_cloudformation_export", - "aws_cloudformation_stack", - "aws_cloudformation_type", - "aws_cloudfront_cache_policy", - "aws_cloudfront_distribution", - "aws_cloudfront_log_delivery_canonical_user_id", - "aws_cloudfront_origin_access_control", - "aws_cloudfront_origin_access_identities", - "aws_cloudfront_origin_access_identity", - "aws_cloudfront_origin_request_policy", - "aws_cloudfront_realtime_log_config", - "aws_cloudfront_response_headers_policy", - "aws_cloudhsm_v2_cluster", - "aws_cloudtrail_service_account", - "aws_cloudwatch_event_bus", - "aws_cloudwatch_event_connection", - "aws_cloudwatch_event_source", - "aws_cloudwatch_log_data_protection_policy_document", - "aws_cloudwatch_log_group", - "aws_cloudwatch_log_groups", - "aws_codeartifact_authorization_token", - "aws_codeartifact_repository_endpoint", - "aws_codecatalyst_dev_environment", - "aws_codecommit_approval_rule_template", - "aws_codecommit_repository", - "aws_codeguruprofiler_profiling_group", - "aws_codestarconnections_connection", - "aws_cognito_identity_pool", - "aws_cognito_user_group", - "aws_cognito_user_groups", - "aws_cognito_user_pool", - "aws_cognito_user_pool_client", - "aws_cognito_user_pool_clients", - "aws_cognito_user_pool_signing_certificate", - "aws_cognito_user_pools", - "aws_connect_bot_association", - "aws_connect_contact_flow", - "aws_connect_contact_flow_module", - "aws_connect_hours_of_operation", - "aws_connect_instance", - "aws_connect_instance_storage_config", - "aws_connect_lambda_function_association", - "aws_connect_prompt", - "aws_connect_queue", - "aws_connect_quick_connect", - "aws_connect_routing_profile", - "aws_connect_security_profile", - "aws_connect_user", - "aws_connect_user_hierarchy_group", - "aws_connect_user_hierarchy_structure", - "aws_connect_vocabulary", - "aws_controltower_controls", - "aws_cur_report_definition", - "aws_customer_gateway", - "aws_datazone_environment_blueprint", - "aws_db_cluster_snapshot", - "aws_db_event_categories", - "aws_db_instance", - "aws_db_instances", - "aws_db_parameter_group", - "aws_db_proxy", - "aws_db_snapshot", - "aws_db_subnet_group", - "aws_default_tags", - "aws_devopsguru_notification_channel", - "aws_devopsguru_resource_collection", - "aws_directory_service_directory", - "aws_dms_certificate", - "aws_dms_endpoint", - "aws_dms_replication_instance", - "aws_dms_replication_subnet_group", - "aws_dms_replication_task", - "aws_docdb_engine_version", - "aws_docdb_orderable_db_instance", - "aws_dx_connection", - "aws_dx_gateway", - "aws_dx_location", - "aws_dx_locations", - "aws_dx_router_configuration", - "aws_dynamodb_table", - "aws_dynamodb_table_item", - "aws_ebs_default_kms_key", - "aws_ebs_encryption_by_default", - "aws_ebs_snapshot", - "aws_ebs_snapshot_ids", - "aws_ebs_volume", - "aws_ebs_volumes", - "aws_ec2_capacity_block_offering", - "aws_ec2_client_vpn_endpoint", - "aws_ec2_coip_pool", - "aws_ec2_coip_pools", - "aws_ec2_host", - "aws_ec2_instance_type", - "aws_ec2_instance_type_offering", - "aws_ec2_instance_type_offerings", - "aws_ec2_instance_types", - "aws_ec2_local_gateway", - "aws_ec2_local_gateway_route_table", - "aws_ec2_local_gateway_route_tables", - "aws_ec2_local_gateway_virtual_interface", - "aws_ec2_local_gateway_virtual_interface_group", - "aws_ec2_local_gateway_virtual_interface_groups", - "aws_ec2_local_gateways", - "aws_ec2_managed_prefix_list", - "aws_ec2_managed_prefix_lists", - "aws_ec2_network_insights_analysis", - "aws_ec2_network_insights_path", - "aws_ec2_public_ipv4_pool", - "aws_ec2_public_ipv4_pools", - "aws_ec2_serial_console_access", - "aws_ec2_spot_price", - "aws_ec2_transit_gateway", - "aws_ec2_transit_gateway_attachment", - "aws_ec2_transit_gateway_attachments", - "aws_ec2_transit_gateway_connect", - "aws_ec2_transit_gateway_connect_peer", - "aws_ec2_transit_gateway_dx_gateway_attachment", - "aws_ec2_transit_gateway_multicast_domain", - "aws_ec2_transit_gateway_peering_attachment", - "aws_ec2_transit_gateway_peering_attachments", - "aws_ec2_transit_gateway_route_table", - "aws_ec2_transit_gateway_route_table_associations", - "aws_ec2_transit_gateway_route_table_routes", - "aws_ec2_transit_gateway_route_tables", - "aws_ec2_transit_gateway_vpc_attachment", - "aws_ec2_transit_gateway_vpc_attachments", - "aws_ec2_transit_gateway_vpn_attachment", - "aws_ec2_transitgateway_route_table_propagations", - "aws_ecr_authorization_token", - "aws_ecr_image", - "aws_ecr_lifecycle_policy_document", - "aws_ecr_pull_through_cache_rule", - "aws_ecr_repositories", - "aws_ecr_repository", - "aws_ecr_repository_creation_template", - "aws_ecrpublic_authorization_token", - "aws_ecs_cluster", - "aws_ecs_container_definition", - "aws_ecs_service", - "aws_ecs_task_definition", - "aws_ecs_task_execution", - "aws_efs_access_point", - "aws_efs_access_points", - "aws_efs_file_system", - "aws_efs_mount_target", - "aws_eip", - "aws_eips", - "aws_eks_access_entry", - "aws_eks_addon", - "aws_eks_addon_version", - "aws_eks_cluster", - "aws_eks_cluster_auth", - "aws_eks_clusters", - "aws_eks_node_group", - "aws_eks_node_groups", - "aws_elastic_beanstalk_application", - "aws_elastic_beanstalk_hosted_zone", - "aws_elastic_beanstalk_solution_stack", - "aws_elasticache_cluster", - "aws_elasticache_replication_group", - "aws_elasticache_user", - "aws_elasticsearch_domain", - "aws_elb_hosted_zone_id", - "aws_elb_service_account", - "aws_emr_release_labels", - "aws_emr_supported_instance_types", - "aws_emrcontainers_virtual_cluster", - "aws_fsx_ontap_file_system", - "aws_fsx_ontap_storage_virtual_machine", - "aws_fsx_ontap_storage_virtual_machines", - "aws_fsx_openzfs_snapshot", - "aws_fsx_windows_file_system", - "aws_globalaccelerator_accelerator", - "aws_globalaccelerator_custom_routing_accelerator", - "aws_glue_catalog_table", - "aws_glue_connection", - "aws_glue_data_catalog_encryption_settings", - "aws_glue_script", - "aws_grafana_workspace", - "aws_guardduty_detector", - "aws_guardduty_finding_ids", - "aws_iam_access_keys", - "aws_iam_account_alias", - "aws_iam_group", - "aws_iam_instance_profile", - "aws_iam_instance_profiles", - "aws_iam_openid_connect_provider", - "aws_iam_policy", - "aws_iam_policy_document", - "aws_iam_principal_policy_simulation", - "aws_iam_role", - "aws_iam_roles", - "aws_iam_server_certificate", - "aws_iam_session_context", - "aws_iam_user", - "aws_iam_user_ssh_key", - "aws_iam_users", - "aws_identitystore_group", - "aws_identitystore_groups", - "aws_identitystore_user", - "aws_imagebuilder_component", - "aws_imagebuilder_components", - "aws_imagebuilder_container_recipe", - "aws_imagebuilder_container_recipes", - "aws_imagebuilder_distribution_configuration", - "aws_imagebuilder_distribution_configurations", - "aws_imagebuilder_image", - "aws_imagebuilder_image_pipeline", - "aws_imagebuilder_image_pipelines", - "aws_imagebuilder_image_recipe", - "aws_imagebuilder_image_recipes", - "aws_imagebuilder_infrastructure_configuration", - "aws_imagebuilder_infrastructure_configurations", - "aws_inspector_rules_packages", - "aws_instance", - "aws_instances", - "aws_internet_gateway", - "aws_iot_endpoint", - "aws_iot_registration_code", - "aws_ip_ranges", - "aws_ivs_stream_key", - "aws_kendra_experience", - "aws_kendra_faq", - "aws_kendra_index", - "aws_kendra_query_suggestions_block_list", - "aws_kendra_thesaurus", - "aws_key_pair", - "aws_kinesis_firehose_delivery_stream", - "aws_kinesis_stream", - "aws_kinesis_stream_consumer", - "aws_kms_alias", - "aws_kms_ciphertext", - "aws_kms_custom_key_store", - "aws_kms_secret", - "aws_kms_secrets", - "aws_lakeformation_data_lake_settings", - "aws_lakeformation_permissions", - "aws_lakeformation_resource", - "aws_lambda_alias", - "aws_lambda_code_signing_config", - "aws_lambda_function", - "aws_lambda_invocation", - "aws_launch_configuration", - "aws_launch_template", - "aws_lb", - "aws_lb_hosted_zone_id", - "aws_lb_listener", - "aws_lb_target_group", - "aws_lb_trust_store", - "aws_lbs", - "aws_lex_bot", - "aws_lex_bot_alias", - "aws_lex_intent", - "aws_lex_slot_type", - "aws_licensemanager_grants", - "aws_licensemanager_received_license", - "aws_licensemanager_received_licenses", - "aws_location_geofence_collection", - "aws_location_map", - "aws_location_place_index", - "aws_location_route_calculator", - "aws_location_tracker", - "aws_location_tracker_association", - "aws_location_tracker_associations", - "aws_medialive_input", - "aws_mq_broker", - "aws_mq_broker_engine_types", - "aws_mq_broker_instance_type_offerings", - "aws_msk_bootstrap_brokers", - "aws_msk_broker_nodes", - "aws_msk_cluster", - "aws_msk_configuration", - "aws_msk_vpc_connection", - "aws_mskconnect_connector", - "aws_mskconnect_custom_plugin", - "aws_mskconnect_worker_configuration", - "aws_nat_gateway", - "aws_nat_gateways", - "aws_neptune_engine_version", - "aws_neptune_orderable_db_instance", - "aws_network_acls", - "aws_network_interfaces", - "aws_networkfirewall_firewall", - "aws_networkfirewall_firewall_policy", - "aws_networkfirewall_resource_policy", - "aws_networkmanager_connection", - "aws_networkmanager_connections", - "aws_networkmanager_core_network_policy_document", - "aws_networkmanager_device", - "aws_networkmanager_devices", - "aws_networkmanager_global_network", - "aws_networkmanager_global_networks", - "aws_networkmanager_link", - "aws_networkmanager_links", - "aws_networkmanager_site", - "aws_networkmanager_sites", - "aws_oam_link", - "aws_oam_links", - "aws_oam_sink", - "aws_oam_sinks", - "aws_opensearch_domain", - "aws_opensearchserverless_access_policy", - "aws_opensearchserverless_collection", - "aws_opensearchserverless_lifecycle_policy", - "aws_opensearchserverless_security_config", - "aws_opensearchserverless_security_policy", - "aws_opensearchserverless_vpc_endpoint", - "aws_organizations_delegated_administrators", - "aws_organizations_delegated_services", - "aws_organizations_organization", - "aws_organizations_organizational_unit", - "aws_organizations_organizational_unit_child_accounts", - "aws_organizations_organizational_unit_descendant_accounts", - "aws_organizations_organizational_units", - "aws_organizations_policies", - "aws_organizations_policies_for_target", - "aws_organizations_policy", - "aws_organizations_resource_tags", - "aws_outposts_asset", - "aws_outposts_assets", - "aws_outposts_outpost", - "aws_outposts_outpost_instance_type", - "aws_outposts_outpost_instance_types", - "aws_outposts_outposts", - "aws_outposts_site", - "aws_outposts_sites", - "aws_partition", - "aws_polly_voices", - "aws_prefix_list", - "aws_pricing_product", - "aws_prometheus_workspace", - "aws_prometheus_workspaces", - "aws_qldb_ledger", - "aws_quicksight_data_set", - "aws_quicksight_group", - "aws_quicksight_theme", - "aws_quicksight_user", - "aws_ram_resource_share", - "aws_rds_certificate", - "aws_rds_cluster", - "aws_rds_clusters", - "aws_rds_engine_version", - "aws_rds_orderable_db_instance", - "aws_rds_reserved_instance_offering", - "aws_redshift_cluster", - "aws_redshift_cluster_credentials", - "aws_redshift_data_shares", - "aws_redshift_orderable_cluster", - "aws_redshift_producer_data_shares", - "aws_redshift_service_account", - "aws_redshift_subnet_group", - "aws_redshiftserverless_credentials", - "aws_redshiftserverless_namespace", - "aws_redshiftserverless_workgroup", - "aws_region", - "aws_regions", - "aws_resourceexplorer2_search", - "aws_resourcegroupstaggingapi_resources", - "aws_route", - "aws_route53_delegation_set", - "aws_route53_resolver_endpoint", - "aws_route53_resolver_firewall_config", - "aws_route53_resolver_firewall_domain_list", - "aws_route53_resolver_firewall_rule_group", - "aws_route53_resolver_firewall_rule_group_association", - "aws_route53_resolver_firewall_rules", - "aws_route53_resolver_query_log_config", - "aws_route53_resolver_rule", - "aws_route53_resolver_rules", - "aws_route53_traffic_policy_document", - "aws_route53_zone", - "aws_route_table", - "aws_route_tables", - "aws_s3_account_public_access_block", - "aws_s3_bucket", - "aws_s3_bucket_object", - "aws_s3_bucket_objects", - "aws_s3_bucket_policy", - "aws_s3_directory_buckets", - "aws_s3_object", - "aws_s3_objects", - "aws_s3control_multi_region_access_point", - "aws_sagemaker_prebuilt_ecr_image", - "aws_saml_provider", - "aws_secretsmanager_random_password", - "aws_secretsmanager_secret", - "aws_secretsmanager_secret_rotation", - "aws_secretsmanager_secret_version", - "aws_secretsmanager_secrets", - "aws_security_group", - "aws_security_groups", - "aws_serverlessapplicationrepository_application", - "aws_service", - "aws_service_discovery_dns_namespace", - "aws_service_discovery_http_namespace", - "aws_service_discovery_service", - "aws_service_principal", - "aws_servicecatalog_constraint", - "aws_servicecatalog_launch_paths", - "aws_servicecatalog_portfolio", - "aws_servicecatalog_portfolio_constraints", - "aws_servicecatalog_product", - "aws_servicecatalog_provisioning_artifacts", - "aws_servicecatalogappregistry_application", - "aws_servicequotas_service", - "aws_servicequotas_service_quota", - "aws_servicequotas_templates", - "aws_ses_active_receipt_rule_set", - "aws_ses_domain_identity", - "aws_ses_email_identity", - "aws_sesv2_configuration_set", - "aws_sesv2_dedicated_ip_pool", - "aws_sesv2_email_identity", - "aws_sesv2_email_identity_mail_from_attributes", - "aws_sfn_activity", - "aws_sfn_alias", - "aws_sfn_state_machine", - "aws_sfn_state_machine_versions", - "aws_signer_signing_job", - "aws_signer_signing_profile", - "aws_sns_topic", - "aws_sqs_queue", - "aws_sqs_queues", - "aws_ssm_document", - "aws_ssm_instances", - "aws_ssm_parameter", - "aws_ssm_parameters_by_path", - "aws_ssm_patch_baseline", - "aws_ssmcontacts_contact", - "aws_ssmcontacts_contact_channel", - "aws_ssmcontacts_plan", - "aws_ssmcontacts_rotation", - "aws_ssmincidents_replication_set", - "aws_ssmincidents_response_plan", - "aws_ssoadmin_application", - "aws_ssoadmin_application_assignments", - "aws_ssoadmin_application_providers", - "aws_ssoadmin_instances", - "aws_ssoadmin_permission_set", - "aws_ssoadmin_principal_application_assignments", - "aws_storagegateway_local_disk", - "aws_subnet", - "aws_subnet_ids", - "aws_subnets", - "aws_timestreamwrite_database", - "aws_timestreamwrite_table", - "aws_transfer_connector", - "aws_transfer_server", - "aws_verifiedpermissions_policy_store", - "aws_vpc", - "aws_vpc_dhcp_options", - "aws_vpc_endpoint", - "aws_vpc_endpoint_service", - "aws_vpc_ipam_pool", - "aws_vpc_ipam_pool_cidrs", - "aws_vpc_ipam_pools", - "aws_vpc_ipam_preview_next_cidr", - "aws_vpc_peering_connection", - "aws_vpc_peering_connections", - "aws_vpc_security_group_rule", - "aws_vpc_security_group_rules", - "aws_vpclattice_auth_policy", - "aws_vpclattice_listener", - "aws_vpclattice_resource_policy", - "aws_vpclattice_service", - "aws_vpclattice_service_network", - "aws_vpcs", - "aws_vpn_gateway", - "aws_waf_ipset", - "aws_waf_rate_based_rule", - "aws_waf_rule", - "aws_waf_web_acl", - "aws_wafregional_ipset", - "aws_wafregional_rate_based_rule", - "aws_wafregional_rule", - "aws_wafregional_web_acl", - "aws_wafv2_ip_set", - "aws_wafv2_regex_pattern_set", - "aws_wafv2_rule_group", - "aws_wafv2_web_acl", - "aws_workspaces_bundle", - "aws_workspaces_directory", - "aws_workspaces_image", - "ssm_maintenance_windows" - ], - "resources": [ - "aws_accessanalyzer_analyzer", - "aws_accessanalyzer_archive_rule", - "aws_account_alternate_contact", - "aws_account_primary_contact", - "aws_account_region", - "aws_acm_certificate", - "aws_acm_certificate_validation", - "aws_acmpca_certificate", - "aws_acmpca_certificate_authority", - "aws_acmpca_certificate_authority_certificate", - "aws_acmpca_permission", - "aws_acmpca_policy", - "aws_alb", - "aws_ami", - "aws_ami_copy", - "aws_ami_from_instance", - "aws_ami_launch_permission", - "aws_amplify_app", - "aws_amplify_backend_environment", - "aws_amplify_branch", - "aws_amplify_domain_association", - "aws_amplify_webhook", - "aws_api_gateway_account", - "aws_api_gateway_api_key", - "aws_api_gateway_authorizer", - "aws_api_gateway_base_path_mapping", - "aws_api_gateway_client_certificate", - "aws_api_gateway_deployment", - "aws_api_gateway_documentation_part", - "aws_api_gateway_documentation_version", - "aws_api_gateway_domain_name", - "aws_api_gateway_gateway_response", - "aws_api_gateway_integration", - "aws_api_gateway_integration_response", - "aws_api_gateway_method", - "aws_api_gateway_method_response", - "aws_api_gateway_method_settings", - "aws_api_gateway_model", - "aws_api_gateway_request_validator", - "aws_api_gateway_resource", - "aws_api_gateway_rest_api", - "aws_api_gateway_rest_api_policy", - "aws_api_gateway_stage", - "aws_api_gateway_usage_plan", - "aws_api_gateway_usage_plan_key", - "aws_api_gateway_vpc_link", - "aws_apigatewayv2_api", - "aws_apigatewayv2_api_mapping", - "aws_apigatewayv2_authorizer", - "aws_apigatewayv2_deployment", - "aws_apigatewayv2_domain_name", - "aws_apigatewayv2_integration", - "aws_apigatewayv2_integration_response", - "aws_apigatewayv2_model", - "aws_apigatewayv2_route", - "aws_apigatewayv2_route_response", - "aws_apigatewayv2_stage", - "aws_apigatewayv2_vpc_link", - "aws_app_cookie_stickiness_policy", - "aws_appautoscaling_policy", - "aws_appautoscaling_scheduled_action", - "aws_appautoscaling_target", - "aws_appconfig_application", - "aws_appconfig_configuration_profile", - "aws_appconfig_deployment", - "aws_appconfig_deployment_strategy", - "aws_appconfig_environment", - "aws_appconfig_extension", - "aws_appconfig_extension_association", - "aws_appconfig_hosted_configuration_version", - "aws_appfabric_app_authorization", - "aws_appfabric_app_authorization_connection", - "aws_appfabric_app_bundle", - "aws_appfabric_ingestion", - "aws_appfabric_ingestion_destination", - "aws_appflow_connector_profile", - "aws_appflow_flow", - "aws_appintegrations_data_integration", - "aws_appintegrations_event_integration", - "aws_applicationinsights_application", - "aws_appmesh_gateway_route", - "aws_appmesh_mesh", - "aws_appmesh_route", - "aws_appmesh_virtual_gateway", - "aws_appmesh_virtual_node", - "aws_appmesh_virtual_router", - "aws_appmesh_virtual_service", - "aws_apprunner_auto_scaling_configuration_version", - "aws_apprunner_connection", - "aws_apprunner_custom_domain_association", - "aws_apprunner_default_auto_scaling_configuration_version", - "aws_apprunner_deployment", - "aws_apprunner_observability_configuration", - "aws_apprunner_service", - "aws_apprunner_vpc_connector", - "aws_apprunner_vpc_ingress_connection", - "aws_appstream_directory_config", - "aws_appstream_fleet", - "aws_appstream_fleet_stack_association", - "aws_appstream_image_builder", - "aws_appstream_stack", - "aws_appstream_user", - "aws_appstream_user_stack_association", - "aws_appsync_api_cache", - "aws_appsync_api_key", - "aws_appsync_datasource", - "aws_appsync_domain_name", - "aws_appsync_domain_name_api_association", - "aws_appsync_function", - "aws_appsync_graphql_api", - "aws_appsync_resolver", - "aws_appsync_type", - "aws_athena_data_catalog", - "aws_athena_database", - "aws_athena_named_query", - "aws_athena_prepared_statement", - "aws_athena_workgroup", - "aws_auditmanager_account_registration", - "aws_auditmanager_assessment", - "aws_auditmanager_assessment_delegation", - "aws_auditmanager_assessment_report", - "aws_auditmanager_control", - "aws_auditmanager_framework", - "aws_auditmanager_framework_share", - "aws_auditmanager_organization_admin_account_registration", - "aws_autoscaling_attachment", - "aws_autoscaling_group", - "aws_autoscaling_group_tag", - "aws_autoscaling_lifecycle_hook", - "aws_autoscaling_notification", - "aws_autoscaling_policy", - "aws_autoscaling_schedule", - "aws_autoscaling_traffic_source_attachment", - "aws_autoscalingplans_scaling_plan", - "aws_backup_framework", - "aws_backup_global_settings", - "aws_backup_plan", - "aws_backup_region_settings", - "aws_backup_report_plan", - "aws_backup_selection", - "aws_backup_vault", - "aws_backup_vault_lock_configuration", - "aws_backup_vault_notifications", - "aws_backup_vault_policy", - "aws_batch_compute_environment", - "aws_batch_job_definition", - "aws_batch_job_queue", - "aws_batch_scheduling_policy", - "aws_bcmdataexports_export", - "aws_bedrock_custom_model", - "aws_bedrock_model_invocation_logging_configuration", - "aws_bedrock_provisioned_model_throughput", - "aws_bedrockagent_agent", - "aws_bedrockagent_agent_action_group", - "aws_bedrockagent_agent_alias", - "aws_bedrockagent_agent_knowledge_base_association", - "aws_bedrockagent_data_source", - "aws_bedrockagent_knowledge_base", - "aws_budgets_budget", - "aws_budgets_budget_action", - "aws_ce_anomaly_monitor", - "aws_ce_anomaly_subscription", - "aws_ce_cost_allocation_tag", - "aws_ce_cost_category", - "aws_chatbot_slack_channel_configuration", - "aws_chatbot_teams_channel_configuration", - "aws_chime_voice_connector", - "aws_chime_voice_connector_group", - "aws_chime_voice_connector_logging", - "aws_chime_voice_connector_origination", - "aws_chime_voice_connector_streaming", - "aws_chime_voice_connector_termination", - "aws_chime_voice_connector_termination_credentials", - "aws_chimesdkmediapipelines_media_insights_pipeline_configuration", - "aws_chimesdkvoice_global_settings", - "aws_chimesdkvoice_sip_media_application", - "aws_chimesdkvoice_sip_rule", - "aws_chimesdkvoice_voice_profile_domain", - "aws_cleanrooms_collaboration", - "aws_cleanrooms_configured_table", - "aws_cloud9_environment_ec2", - "aws_cloud9_environment_membership", - "aws_cloudcontrolapi_resource", - "aws_cloudformation_stack", - "aws_cloudformation_stack_set", - "aws_cloudformation_stack_set_instance", - "aws_cloudformation_type", - "aws_cloudfront_cache_policy", - "aws_cloudfront_continuous_deployment_policy", - "aws_cloudfront_distribution", - "aws_cloudfront_field_level_encryption_config", - "aws_cloudfront_field_level_encryption_profile", - "aws_cloudfront_function", - "aws_cloudfront_key_group", - "aws_cloudfront_key_value_store", - "aws_cloudfront_monitoring_subscription", - "aws_cloudfront_origin_access_control", - "aws_cloudfront_origin_access_identity", - "aws_cloudfront_origin_request_policy", - "aws_cloudfront_public_key", - "aws_cloudfront_realtime_log_config", - "aws_cloudfront_response_headers_policy", - "aws_cloudfrontkeyvaluestore_key", - "aws_cloudhsm_v2_cluster", - "aws_cloudhsm_v2_hsm", - "aws_cloudsearch_domain", - "aws_cloudsearch_domain_service_access_policy", - "aws_cloudtrail", - "aws_cloudtrail_event_data_store", - "aws_cloudwatch_composite_alarm", - "aws_cloudwatch_dashboard", - "aws_cloudwatch_event_api_destination", - "aws_cloudwatch_event_archive", - "aws_cloudwatch_event_bus", - "aws_cloudwatch_event_bus_policy", - "aws_cloudwatch_event_connection", - "aws_cloudwatch_event_endpoint", - "aws_cloudwatch_event_permission", - "aws_cloudwatch_event_rule", - "aws_cloudwatch_event_target", - "aws_cloudwatch_log_account_policy", - "aws_cloudwatch_log_data_protection_policy", - "aws_cloudwatch_log_destination", - "aws_cloudwatch_log_destination_policy", - "aws_cloudwatch_log_group", - "aws_cloudwatch_log_metric_filter", - "aws_cloudwatch_log_resource_policy", - "aws_cloudwatch_log_stream", - "aws_cloudwatch_log_subscription_filter", - "aws_cloudwatch_metric_alarm", - "aws_cloudwatch_metric_stream", - "aws_cloudwatch_query_definition", - "aws_codeartifact_domain", - "aws_codeartifact_domain_permissions_policy", - "aws_codeartifact_repository", - "aws_codeartifact_repository_permissions_policy", - "aws_codebuild_project", - "aws_codebuild_report_group", - "aws_codebuild_resource_policy", - "aws_codebuild_source_credential", - "aws_codebuild_webhook", - "aws_codecatalyst_dev_environment", - "aws_codecatalyst_project", - "aws_codecatalyst_source_repository", - "aws_codecommit_approval_rule_template", - "aws_codecommit_approval_rule_template_association", - "aws_codecommit_repository", - "aws_codecommit_trigger", - "aws_codedeploy_app", - "aws_codedeploy_deployment_config", - "aws_codedeploy_deployment_group", - "aws_codeguruprofiler_profiling_group", - "aws_codegurureviewer_repository_association", - "aws_codepipeline", - "aws_codepipeline_custom_action_type", - "aws_codepipeline_webhook", - "aws_codestarconnections_connection", - "aws_codestarconnections_host", - "aws_codestarnotifications_notification_rule", - "aws_cognito_identity_pool", - "aws_cognito_identity_pool_provider_principal_tag", - "aws_cognito_identity_pool_roles_attachment", - "aws_cognito_identity_provider", - "aws_cognito_managed_user_pool_client", - "aws_cognito_resource_server", - "aws_cognito_risk_configuration", - "aws_cognito_user", - "aws_cognito_user_group", - "aws_cognito_user_in_group", - "aws_cognito_user_pool", - "aws_cognito_user_pool_client", - "aws_cognito_user_pool_domain", - "aws_cognito_user_pool_ui_customization", - "aws_comprehend_document_classifier", - "aws_comprehend_entity_recognizer", - "aws_config_aggregate_authorization", - "aws_config_config_rule", - "aws_config_configuration_aggregator", - "aws_config_configuration_recorder", - "aws_config_configuration_recorder_status", - "aws_config_conformance_pack", - "aws_config_delivery_channel", - "aws_config_organization_conformance_pack", - "aws_config_organization_custom_policy_rule", - "aws_config_organization_custom_rule", - "aws_config_organization_managed_rule", - "aws_config_remediation_configuration", - "aws_config_retention_configuration", - "aws_connect_bot_association", - "aws_connect_contact_flow", - "aws_connect_contact_flow_module", - "aws_connect_hours_of_operation", - "aws_connect_instance", - "aws_connect_instance_storage_config", - "aws_connect_lambda_function_association", - "aws_connect_phone_number", - "aws_connect_queue", - "aws_connect_quick_connect", - "aws_connect_routing_profile", - "aws_connect_security_profile", - "aws_connect_user", - "aws_connect_user_hierarchy_group", - "aws_connect_user_hierarchy_structure", - "aws_connect_vocabulary", - "aws_controltower_control", - "aws_controltower_landing_zone", - "aws_cur_report_definition", - "aws_customer_gateway", - "aws_customerprofiles_domain", - "aws_customerprofiles_profile", - "aws_dataexchange_data_set", - "aws_dataexchange_revision", - "aws_datapipeline_pipeline", - "aws_datapipeline_pipeline_definition", - "aws_datasync_agent", - "aws_datasync_location_azure_blob", - "aws_datasync_location_efs", - "aws_datasync_location_fsx_lustre_file_system", - "aws_datasync_location_fsx_ontap_file_system", - "aws_datasync_location_fsx_openzfs_file_system", - "aws_datasync_location_fsx_windows_file_system", - "aws_datasync_location_hdfs", - "aws_datasync_location_nfs", - "aws_datasync_location_object_storage", - "aws_datasync_location_s3", - "aws_datasync_location_smb", - "aws_datasync_task", - "aws_datazone_domain", - "aws_datazone_environment_blueprint_configuration", - "aws_datazone_glossary", - "aws_datazone_project", - "aws_dax_cluster", - "aws_dax_parameter_group", - "aws_dax_subnet_group", - "aws_db_cluster_snapshot", - "aws_db_event_subscription", - "aws_db_instance", - "aws_db_instance_automated_backups_replication", - "aws_db_instance_role_association", - "aws_db_option_group", - "aws_db_parameter_group", - "aws_db_proxy", - "aws_db_proxy_default_target_group", - "aws_db_proxy_endpoint", - "aws_db_proxy_target", - "aws_db_snapshot", - "aws_db_snapshot_copy", - "aws_db_subnet_group", - "aws_default_network_acl", - "aws_default_route_table", - "aws_default_security_group", - "aws_default_subnet", - "aws_default_vpc", - "aws_default_vpc_dhcp_options", - "aws_detective_graph", - "aws_detective_invitation_accepter", - "aws_detective_member", - "aws_detective_organization_admin_account", - "aws_detective_organization_configuration", - "aws_devicefarm_device_pool", - "aws_devicefarm_instance_profile", - "aws_devicefarm_network_profile", - "aws_devicefarm_project", - "aws_devicefarm_upload", - "aws_devopsguru_event_sources_config", - "aws_devopsguru_notification_channel", - "aws_devopsguru_resource_collection", - "aws_devopsguru_service_integration", - "aws_directory_service_conditional_forwarder", - "aws_directory_service_directory", - "aws_directory_service_log_subscription", - "aws_directory_service_radius_settings", - "aws_directory_service_region", - "aws_directory_service_shared_directory", - "aws_directory_service_shared_directory_accepter", - "aws_directory_service_trust", - "aws_dlm_lifecycle_policy", - "aws_dms_certificate", - "aws_dms_endpoint", - "aws_dms_event_subscription", - "aws_dms_replication_config", - "aws_dms_replication_instance", - "aws_dms_replication_subnet_group", - "aws_dms_replication_task", - "aws_dms_s3_endpoint", - "aws_docdb_cluster", - "aws_docdb_cluster_instance", - "aws_docdb_cluster_parameter_group", - "aws_docdb_cluster_snapshot", - "aws_docdb_event_subscription", - "aws_docdb_global_cluster", - "aws_docdb_subnet_group", - "aws_docdbelastic_cluster", - "aws_drs_replication_configuration_template", - "aws_dx_bgp_peer", - "aws_dx_connection", - "aws_dx_connection_association", - "aws_dx_connection_confirmation", - "aws_dx_gateway", - "aws_dx_gateway_association", - "aws_dx_gateway_association_proposal", - "aws_dx_hosted_connection", - "aws_dx_hosted_private_virtual_interface", - "aws_dx_hosted_private_virtual_interface_accepter", - "aws_dx_hosted_public_virtual_interface", - "aws_dx_hosted_public_virtual_interface_accepter", - "aws_dx_hosted_transit_virtual_interface", - "aws_dx_hosted_transit_virtual_interface_accepter", - "aws_dx_lag", - "aws_dx_macsec_key_association", - "aws_dx_private_virtual_interface", - "aws_dx_public_virtual_interface", - "aws_dx_transit_virtual_interface", - "aws_dynamodb_contributor_insights", - "aws_dynamodb_global_table", - "aws_dynamodb_kinesis_streaming_destination", - "aws_dynamodb_resource_policy", - "aws_dynamodb_table", - "aws_dynamodb_table_export", - "aws_dynamodb_table_item", - "aws_dynamodb_table_replica", - "aws_dynamodb_tag", - "aws_ebs_default_kms_key", - "aws_ebs_encryption_by_default", - "aws_ebs_fast_snapshot_restore", - "aws_ebs_snapshot", - "aws_ebs_snapshot_block_public_access", - "aws_ebs_snapshot_copy", - "aws_ebs_snapshot_import", - "aws_ebs_volume", - "aws_ec2_availability_zone_group", - "aws_ec2_capacity_block_reservation", - "aws_ec2_capacity_reservation", - "aws_ec2_carrier_gateway", - "aws_ec2_client_vpn_authorization_rule", - "aws_ec2_client_vpn_endpoint", - "aws_ec2_client_vpn_network_association", - "aws_ec2_client_vpn_route", - "aws_ec2_fleet", - "aws_ec2_host", - "aws_ec2_image_block_public_access", - "aws_ec2_instance", - "aws_ec2_instance_connect_endpoint", - "aws_ec2_instance_metadata_defaults", - "aws_ec2_instance_state", - "aws_ec2_local_gateway_route", - "aws_ec2_local_gateway_route_table_vpc_association", - "aws_ec2_managed_prefix_list", - "aws_ec2_managed_prefix_list_entry", - "aws_ec2_network_insights_analysis", - "aws_ec2_network_insights_path", - "aws_ec2_serial_console_access", - "aws_ec2_subnet_cidr_reservation", - "aws_ec2_tag", - "aws_ec2_traffic_mirror_filter", - "aws_ec2_traffic_mirror_filter_rule", - "aws_ec2_traffic_mirror_session", - "aws_ec2_traffic_mirror_target", - "aws_ec2_transit_gateway", - "aws_ec2_transit_gateway_connect", - "aws_ec2_transit_gateway_connect_peer", - "aws_ec2_transit_gateway_multicast_domain", - "aws_ec2_transit_gateway_multicast_domain_association", - "aws_ec2_transit_gateway_multicast_group_member", - "aws_ec2_transit_gateway_multicast_group_source", - "aws_ec2_transit_gateway_peering_attachment", - "aws_ec2_transit_gateway_peering_attachment_accepter", - "aws_ec2_transit_gateway_policy_table", - "aws_ec2_transit_gateway_policy_table_association", - "aws_ec2_transit_gateway_prefix_list_reference", - "aws_ec2_transit_gateway_route", - "aws_ec2_transit_gateway_route_table", - "aws_ec2_transit_gateway_route_table_association", - "aws_ec2_transit_gateway_route_table_propagation", - "aws_ec2_transit_gateway_vpc_attachment", - "aws_ec2_transit_gateway_vpc_attachment_accepter", - "aws_ecr_lifecycle_policy", - "aws_ecr_pull_through_cache_rule", - "aws_ecr_registry_policy", - "aws_ecr_registry_scanning_configuration", - "aws_ecr_replication_configuration", - "aws_ecr_repository", - "aws_ecr_repository_creation_template", - "aws_ecr_repository_policy", - "aws_ecrpublic_repository", - "aws_ecrpublic_repository_policy", - "aws_ecs_account_setting_default", - "aws_ecs_capacity_provider", - "aws_ecs_cluster", - "aws_ecs_cluster_capacity_providers", - "aws_ecs_service", - "aws_ecs_tag", - "aws_ecs_task_definition", - "aws_ecs_task_set", - "aws_efs_access_point", - "aws_efs_backup_policy", - "aws_efs_file_system", - "aws_efs_file_system_policy", - "aws_efs_mount_target", - "aws_efs_replication_configuration", - "aws_egress_only_internet_gateway", - "aws_eip", - "aws_eip_association", - "aws_eip_domain_name", - "aws_eks_access_entry", - "aws_eks_access_policy_association", - "aws_eks_addon", - "aws_eks_cluster", - "aws_eks_fargate_profile", - "aws_eks_identity_provider_config", - "aws_eks_node_group", - "aws_eks_pod_identity_association", - "aws_elastic_beanstalk_application", - "aws_elastic_beanstalk_application_version", - "aws_elastic_beanstalk_configuration_template", - "aws_elastic_beanstalk_environment", - "aws_elasticache_cluster", - "aws_elasticache_global_replication_group", - "aws_elasticache_parameter_group", - "aws_elasticache_replication_group", - "aws_elasticache_serverless_cache", - "aws_elasticache_subnet_group", - "aws_elasticache_user", - "aws_elasticache_user_group", - "aws_elasticache_user_group_association", - "aws_elasticsearch_domain", - "aws_elasticsearch_domain_policy", - "aws_elasticsearch_domain_saml_options", - "aws_elasticsearch_vpc_endpoint", - "aws_elastictranscoder_pipeline", - "aws_elastictranscoder_preset", - "aws_elb", - "aws_elb_attachment", - "aws_emr_block_public_access_configuration", - "aws_emr_cluster", - "aws_emr_instance_fleet", - "aws_emr_instance_group", - "aws_emr_managed_scaling_policy", - "aws_emr_security_configuration", - "aws_emr_studio", - "aws_emr_studio_session_mapping", - "aws_emrcontainers_job_template", - "aws_emrcontainers_virtual_cluster", - "aws_emrserverless_application", - "aws_evidently_feature", - "aws_evidently_launch", - "aws_evidently_project", - "aws_evidently_segment", - "aws_finspace_kx_cluster", - "aws_finspace_kx_database", - "aws_finspace_kx_dataview", - "aws_finspace_kx_environment", - "aws_finspace_kx_scaling_group", - "aws_finspace_kx_user", - "aws_finspace_kx_volume", - "aws_fis_experiment_template", - "aws_flow_log", - "aws_fms_admin_account", - "aws_fms_policy", - "aws_fms_resource_set", - "aws_fsx_backup", - "aws_fsx_data_repository_association", - "aws_fsx_file_cache", - "aws_fsx_lustre_file_system", - "aws_fsx_ontap_file_system", - "aws_fsx_ontap_storage_virtual_machine", - "aws_fsx_ontap_volume", - "aws_fsx_openzfs_file_system", - "aws_fsx_openzfs_snapshot", - "aws_fsx_openzfs_volume", - "aws_fsx_windows_file_system", - "aws_gamelift_alias", - "aws_gamelift_build", - "aws_gamelift_fleet", - "aws_gamelift_game_server_group", - "aws_gamelift_game_session_queue", - "aws_gamelift_script", - "aws_glacier_vault", - "aws_glacier_vault_lock", - "aws_globalaccelerator_accelerator", - "aws_globalaccelerator_cross_account_attachment", - "aws_globalaccelerator_custom_routing_accelerator", - "aws_globalaccelerator_custom_routing_endpoint_group", - "aws_globalaccelerator_custom_routing_listener", - "aws_globalaccelerator_endpoint_group", - "aws_globalaccelerator_listener", - "aws_glue_catalog_database", - "aws_glue_catalog_table", - "aws_glue_classifier", - "aws_glue_connection", - "aws_glue_crawler", - "aws_glue_data_catalog_encryption_settings", - "aws_glue_data_quality_ruleset", - "aws_glue_dev_endpoint", - "aws_glue_job", - "aws_glue_ml_transform", - "aws_glue_partition", - "aws_glue_partition_index", - "aws_glue_registry", - "aws_glue_resource_policy", - "aws_glue_schema", - "aws_glue_security_configuration", - "aws_glue_trigger", - "aws_glue_user_defined_function", - "aws_glue_workflow", - "aws_grafana_license_association", - "aws_grafana_role_association", - "aws_grafana_workspace", - "aws_grafana_workspace_api_key", - "aws_grafana_workspace_saml_configuration", - "aws_grafana_workspace_service_account", - "aws_grafana_workspace_service_account_token", - "aws_guardduty_detector", - "aws_guardduty_detector_feature", - "aws_guardduty_filter", - "aws_guardduty_invite_accepter", - "aws_guardduty_ipset", - "aws_guardduty_malware_protection_plan", - "aws_guardduty_member", - "aws_guardduty_organization_admin_account", - "aws_guardduty_organization_configuration", - "aws_guardduty_organization_configuration_feature", - "aws_guardduty_publishing_destination", - "aws_guardduty_threatintelset", - "aws_iam_access_key", - "aws_iam_account_alias", - "aws_iam_account_password_policy", - "aws_iam_group", - "aws_iam_group_membership", - "aws_iam_group_policy", - "aws_iam_group_policy_attachment", - "aws_iam_instance_profile", - "aws_iam_openid_connect_provider", - "aws_iam_policy", - "aws_iam_policy_attachment", - "aws_iam_role", - "aws_iam_role_policy", - "aws_iam_role_policy_attachment", - "aws_iam_saml_provider", - "aws_iam_security_token_service_preferences", - "aws_iam_server_certificate", - "aws_iam_service_linked_role", - "aws_iam_service_specific_credential", - "aws_iam_signing_certificate", - "aws_iam_user", - "aws_iam_user_group_membership", - "aws_iam_user_login_profile", - "aws_iam_user_policy", - "aws_iam_user_policy_attachment", - "aws_iam_user_ssh_key", - "aws_iam_virtual_mfa_device", - "aws_identitystore_group", - "aws_identitystore_group_membership", - "aws_identitystore_user", - "aws_imagebuilder_component", - "aws_imagebuilder_container_recipe", - "aws_imagebuilder_distribution_configuration", - "aws_imagebuilder_image", - "aws_imagebuilder_image_pipeline", - "aws_imagebuilder_image_recipe", - "aws_imagebuilder_infrastructure_configuration", - "aws_imagebuilder_workflow", - "aws_inspector2_delegated_admin_account", - "aws_inspector2_enabler", - "aws_inspector2_member_association", - "aws_inspector2_organization_configuration", - "aws_inspector_assessment_target", - "aws_inspector_assessment_template", - "aws_inspector_resource_group", - "aws_instance", - "aws_internet_gateway", - "aws_internet_gateway_attachment", - "aws_internetmonitor_monitor", - "aws_iot_authorizer", - "aws_iot_billing_group", - "aws_iot_ca_certificate", - "aws_iot_certificate", - "aws_iot_domain_configuration", - "aws_iot_event_configurations", - "aws_iot_indexing_configuration", - "aws_iot_logging_options", - "aws_iot_policy", - "aws_iot_policy_attachment", - "aws_iot_provisioning_template", - "aws_iot_role_alias", - "aws_iot_thing", - "aws_iot_thing_group", - "aws_iot_thing_group_membership", - "aws_iot_thing_principal_attachment", - "aws_iot_thing_type", - "aws_iot_topic_rule", - "aws_iot_topic_rule_destination", - "aws_ivs_channel", - "aws_ivs_playback_key_pair", - "aws_ivs_recording_configuration", - "aws_ivschat_logging_configuration", - "aws_ivschat_room", - "aws_kendra_data_source", - "aws_kendra_experience", - "aws_kendra_faq", - "aws_kendra_index", - "aws_kendra_query_suggestions_block_list", - "aws_kendra_thesaurus", - "aws_key_pair", - "aws_keyspaces_keyspace", - "aws_keyspaces_table", - "aws_kinesis_analytics_application", - "aws_kinesis_firehose_delivery_stream", - "aws_kinesis_resource_policy", - "aws_kinesis_stream", - "aws_kinesis_stream_consumer", - "aws_kinesis_video_stream", - "aws_kinesisanalyticsv2_application", - "aws_kinesisanalyticsv2_application_snapshot", - "aws_kms_alias", - "aws_kms_ciphertext", - "aws_kms_custom_key_store", - "aws_kms_external_key", - "aws_kms_grant", - "aws_kms_key", - "aws_kms_key_policy", - "aws_kms_replica_external_key", - "aws_kms_replica_key", - "aws_lakeformation_data_cells_filter", - "aws_lakeformation_data_lake_settings", - "aws_lakeformation_lf_tag", - "aws_lakeformation_permissions", - "aws_lakeformation_resource", - "aws_lakeformation_resource_lf_tag", - "aws_lakeformation_resource_lf_tags", - "aws_lambda_alias", - "aws_lambda_code_signing_config", - "aws_lambda_event_source_mapping", - "aws_lambda_function", - "aws_lambda_function_event_invoke_config", - "aws_lambda_function_url", - "aws_lambda_invocation", - "aws_lambda_layer_version", - "aws_lambda_layer_version_permission", - "aws_lambda_permission", - "aws_lambda_provisioned_concurrency_config", - "aws_lambda_runtime_management_config", - "aws_launch_configuration", - "aws_launch_template", - "aws_lb", - "aws_lb_cookie_stickiness_policy", - "aws_lb_listener", - "aws_lb_listener_certificate", - "aws_lb_listener_rule", - "aws_lb_ssl_negotiation_policy", - "aws_lb_target_group", - "aws_lb_target_group_attachment", - "aws_lb_trust_store", - "aws_lb_trust_store_revocation", - "aws_lex_bot", - "aws_lex_bot_alias", - "aws_lex_intent", - "aws_lex_slot_type", - "aws_lexv2models_bot", - "aws_lexv2models_bot_locale", - "aws_lexv2models_bot_version", - "aws_lexv2models_intent", - "aws_lexv2models_slot", - "aws_lexv2models_slot_type", - "aws_licensemanager_association", - "aws_licensemanager_grant", - "aws_licensemanager_grant_accepter", - "aws_licensemanager_license_configuration", - "aws_lightsail_bucket", - "aws_lightsail_bucket_access_key_access_key", - "aws_lightsail_bucket_resource_access", - "aws_lightsail_certificate", - "aws_lightsail_container_service", - "aws_lightsail_container_service_deployment_version", - "aws_lightsail_database", - "aws_lightsail_disk", - "aws_lightsail_disk_attachment", - "aws_lightsail_distribution", - "aws_lightsail_domain", - "aws_lightsail_domain_entry", - "aws_lightsail_instance", - "aws_lightsail_instance_public_ports", - "aws_lightsail_key_pair", - "aws_lightsail_lb", - "aws_lightsail_lb_attachment", - "aws_lightsail_lb_certificate", - "aws_lightsail_lb_certificate_attachment", - "aws_lightsail_lb_https_redirection_policy", - "aws_lightsail_lb_stickiness_policy", - "aws_lightsail_static_ip", - "aws_lightsail_static_ip_attachment", - "aws_load_balancer_backend_server_policy", - "aws_load_balancer_listener_policy", - "aws_load_balancer_policy", - "aws_location_geofence_collection", - "aws_location_map", - "aws_location_place_index", - "aws_location_route_calculator", - "aws_location_tracker", - "aws_location_tracker_association", - "aws_m2_application", - "aws_m2_deployment", - "aws_m2_environment", - "aws_macie2_account", - "aws_macie2_classification_export_configuration", - "aws_macie2_classification_job", - "aws_macie2_custom_data_identifier", - "aws_macie2_findings_filter", - "aws_macie2_invitation_accepter", - "aws_macie2_member", - "aws_macie2_organization_admin_account", - "aws_main_route_table_association", - "aws_media_convert_queue", - "aws_media_package_channel", - "aws_media_store_container", - "aws_media_store_container_policy", - "aws_medialive_channel", - "aws_medialive_input", - "aws_medialive_input_security_group", - "aws_medialive_multiplex", - "aws_medialive_multiplex_program", - "aws_memorydb_acl", - "aws_memorydb_cluster", - "aws_memorydb_parameter_group", - "aws_memorydb_snapshot", - "aws_memorydb_subnet_group", - "aws_memorydb_user", - "aws_mq_broker", - "aws_mq_configuration", - "aws_msk_cluster", - "aws_msk_cluster_policy", - "aws_msk_configuration", - "aws_msk_replicator", - "aws_msk_scram_secret_association", - "aws_msk_serverless_cluster", - "aws_msk_vpc_connection", - "aws_mskconnect_connector", - "aws_mskconnect_custom_plugin", - "aws_mskconnect_worker_configuration", - "aws_mwaa_environment", - "aws_nat_gateway", - "aws_neptune_cluster", - "aws_neptune_cluster_endpoint", - "aws_neptune_cluster_instance", - "aws_neptune_cluster_parameter_group", - "aws_neptune_cluster_snapshot", - "aws_neptune_event_subscription", - "aws_neptune_global_cluster", - "aws_neptune_parameter_group", - "aws_neptune_subnet_group", - "aws_network_acl", - "aws_network_acl_association", - "aws_network_acl_rule", - "aws_network_interface", - "aws_network_interface_attachment", - "aws_network_interface_sg_attachment", - "aws_networkfirewall_firewall", - "aws_networkfirewall_firewall_policy", - "aws_networkfirewall_logging_configuration", - "aws_networkfirewall_resource_policy", - "aws_networkfirewall_rule_group", - "aws_networkfirewall_tls_inspection_configuration", - "aws_networkmanager_attachment_accepter", - "aws_networkmanager_connect_attachment", - "aws_networkmanager_connect_peer", - "aws_networkmanager_connection", - "aws_networkmanager_core_network", - "aws_networkmanager_core_network_policy_attachment", - "aws_networkmanager_customer_gateway_association", - "aws_networkmanager_device", - "aws_networkmanager_global_network", - "aws_networkmanager_link", - "aws_networkmanager_link_association", - "aws_networkmanager_site", - "aws_networkmanager_site_to_site_vpn_attachment", - "aws_networkmanager_transit_gateway_connect_peer_association", - "aws_networkmanager_transit_gateway_peering", - "aws_networkmanager_transit_gateway_registration", - "aws_networkmanager_transit_gateway_route_table_attachment", - "aws_networkmanager_vpc_attachment", - "aws_networkmonitor_monitor", - "aws_networkmonitor_probe", - "aws_oam_link", - "aws_oam_sink", - "aws_oam_sink_policy", - "aws_opensearch_domain", - "aws_opensearch_domain_policy", - "aws_opensearch_domain_saml_options", - "aws_opensearch_inbound_connection_accepter", - "aws_opensearch_outbound_connection", - "aws_opensearch_package", - "aws_opensearch_package_association", - "aws_opensearch_vpc_endpoint", - "aws_opensearchserverless_access_policy", - "aws_opensearchserverless_collection", - "aws_opensearchserverless_lifecycle_policy", - "aws_opensearchserverless_security_config", - "aws_opensearchserverless_security_policy", - "aws_opensearchserverless_vpc_endpoint", - "aws_opsworks_application", - "aws_opsworks_custom_layer", - "aws_opsworks_ecs_cluster_layer", - "aws_opsworks_ganglia_layer", - "aws_opsworks_haproxy_layer", - "aws_opsworks_instance", - "aws_opsworks_java_app_layer", - "aws_opsworks_memcached_layer", - "aws_opsworks_mysql_layer", - "aws_opsworks_nodejs_app_layer", - "aws_opsworks_permission", - "aws_opsworks_php_app_layer", - "aws_opsworks_rails_app_layer", - "aws_opsworks_rds_db_instance", - "aws_opsworks_stack", - "aws_opsworks_static_web_layer", - "aws_opsworks_user_profile", - "aws_organizations_account", - "aws_organizations_delegated_administrator", - "aws_organizations_organization", - "aws_organizations_organizational_unit", - "aws_organizations_policy", - "aws_organizations_policy_attachment", - "aws_organizations_resource_policy", - "aws_osis_pipeline", - "aws_paymentcryptography_key", - "aws_paymentcryptography_key_alias", - "aws_pinpoint_adm_channel", - "aws_pinpoint_apns_channel", - "aws_pinpoint_apns_sandbox_channel", - "aws_pinpoint_apns_voip_channel", - "aws_pinpoint_apns_voip_sandbox_channel", - "aws_pinpoint_app", - "aws_pinpoint_baidu_channel", - "aws_pinpoint_email_channel", - "aws_pinpoint_event_stream", - "aws_pinpoint_gcm_channel", - "aws_pinpoint_sms_channel", - "aws_pipes_pipe", - "aws_placement_group", - "aws_prometheus_alert_manager_definition", - "aws_prometheus_rule_group_namespace", - "aws_prometheus_scraper", - "aws_prometheus_workspace", - "aws_proxy_protocol_policy", - "aws_qldb_ledger", - "aws_qldb_stream", - "aws_quicksight_account_subscription", - "aws_quicksight_analysis", - "aws_quicksight_dashboard", - "aws_quicksight_data_set", - "aws_quicksight_data_source", - "aws_quicksight_folder", - "aws_quicksight_folder_membership", - "aws_quicksight_group", - "aws_quicksight_group_membership", - "aws_quicksight_iam_policy_assignment", - "aws_quicksight_ingestion", - "aws_quicksight_namespace", - "aws_quicksight_refresh_schedule", - "aws_quicksight_template", - "aws_quicksight_template_alias", - "aws_quicksight_theme", - "aws_quicksight_user", - "aws_quicksight_vpc_connection", - "aws_ram_principal_association", - "aws_ram_resource_association", - "aws_ram_resource_share", - "aws_ram_resource_share_accepter", - "aws_ram_sharing_with_organization", - "aws_rbin_rule", - "aws_rds_certificate", - "aws_rds_cluster", - "aws_rds_cluster_activity_stream", - "aws_rds_cluster_endpoint", - "aws_rds_cluster_instance", - "aws_rds_cluster_parameter_group", - "aws_rds_cluster_role_association", - "aws_rds_custom_db_engine_version", - "aws_rds_export_task", - "aws_rds_global_cluster", - "aws_rds_integration", - "aws_rds_reserved_instance", - "aws_redshift_authentication_profile", - "aws_redshift_cluster", - "aws_redshift_cluster_iam_roles", - "aws_redshift_cluster_snapshot", - "aws_redshift_data_share_authorization", - "aws_redshift_data_share_consumer_association", - "aws_redshift_endpoint_access", - "aws_redshift_endpoint_authorization", - "aws_redshift_event_subscription", - "aws_redshift_hsm_client_certificate", - "aws_redshift_hsm_configuration", - "aws_redshift_logging", - "aws_redshift_parameter_group", - "aws_redshift_partner", - "aws_redshift_resource_policy", - "aws_redshift_scheduled_action", - "aws_redshift_snapshot_copy", - "aws_redshift_snapshot_copy_grant", - "aws_redshift_snapshot_schedule", - "aws_redshift_snapshot_schedule_association", - "aws_redshift_subnet_group", - "aws_redshift_usage_limit", - "aws_redshiftdata_statement", - "aws_redshiftserverless_custom_domain_association", - "aws_redshiftserverless_endpoint_access", - "aws_redshiftserverless_namespace", - "aws_redshiftserverless_resource_policy", - "aws_redshiftserverless_snapshot", - "aws_redshiftserverless_usage_limit", - "aws_redshiftserverless_workgroup", - "aws_rekognition_collection", - "aws_rekognition_project", - "aws_rekognition_stream_processor", - "aws_resourceexplorer2_index", - "aws_resourceexplorer2_view", - "aws_resourcegroups_group", - "aws_resourcegroups_resource", - "aws_rolesanywhere_profile", - "aws_rolesanywhere_trust_anchor", - "aws_route", - "aws_route53_cidr_collection", - "aws_route53_cidr_location", - "aws_route53_delegation_set", - "aws_route53_health_check", - "aws_route53_hosted_zone_dnssec", - "aws_route53_key_signing_key", - "aws_route53_query_log", - "aws_route53_record", - "aws_route53_resolver_config", - "aws_route53_resolver_dnssec_config", - "aws_route53_resolver_endpoint", - "aws_route53_resolver_firewall_config", - "aws_route53_resolver_firewall_domain_list", - "aws_route53_resolver_firewall_rule", - "aws_route53_resolver_firewall_rule_group", - "aws_route53_resolver_firewall_rule_group_association", - "aws_route53_resolver_query_log_config", - "aws_route53_resolver_query_log_config_association", - "aws_route53_resolver_rule", - "aws_route53_resolver_rule_association", - "aws_route53_traffic_policy", - "aws_route53_traffic_policy_instance", - "aws_route53_vpc_association_authorization", - "aws_route53_zone", - "aws_route53_zone_association", - "aws_route53domains_delegation_signer_record", - "aws_route53domains_registered_domain", - "aws_route53recoverycontrolconfig_cluster", - "aws_route53recoverycontrolconfig_control_panel", - "aws_route53recoverycontrolconfig_routing_control", - "aws_route53recoverycontrolconfig_safety_rule", - "aws_route53recoveryreadiness_cell", - "aws_route53recoveryreadiness_readiness_check", - "aws_route53recoveryreadiness_recovery_group", - "aws_route53recoveryreadiness_resource_set", - "aws_route_table", - "aws_route_table_association", - "aws_rum_app_monitor", - "aws_rum_metrics_destination", - "aws_s3_access_point", - "aws_s3_account_public_access_block", - "aws_s3_bucket", - "aws_s3_bucket_accelerate_configuration", - "aws_s3_bucket_acl", - "aws_s3_bucket_analytics_configuration", - "aws_s3_bucket_cors_configuration", - "aws_s3_bucket_intelligent_tiering_configuration", - "aws_s3_bucket_inventory", - "aws_s3_bucket_lifecycle_configuration", - "aws_s3_bucket_logging", - "aws_s3_bucket_metric", - "aws_s3_bucket_notification", - "aws_s3_bucket_object", - "aws_s3_bucket_object_lock_configuration", - "aws_s3_bucket_ownership_controls", - "aws_s3_bucket_policy", - "aws_s3_bucket_public_access_block", - "aws_s3_bucket_replication_configuration", - "aws_s3_bucket_request_payment_configuration", - "aws_s3_bucket_server_side_encryption_configuration", - "aws_s3_bucket_versioning", - "aws_s3_bucket_website_configuration", - "aws_s3_directory_bucket", - "aws_s3_object", - "aws_s3_object_copy", - "aws_s3control_access_grant", - "aws_s3control_access_grants_instance", - "aws_s3control_access_grants_instance_resource_policy", - "aws_s3control_access_grants_location", - "aws_s3control_access_point_policy", - "aws_s3control_bucket", - "aws_s3control_bucket_lifecycle_configuration", - "aws_s3control_bucket_policy", - "aws_s3control_multi_region_access_point", - "aws_s3control_multi_region_access_point_policy", - "aws_s3control_object_lambda_access_point", - "aws_s3control_object_lambda_access_point_policy", - "aws_s3control_storage_lens_configuration", - "aws_s3outposts_endpoint", - "aws_sagemaker_app", - "aws_sagemaker_app_image_config", - "aws_sagemaker_code_repository", - "aws_sagemaker_data_quality_job_definition", - "aws_sagemaker_device", - "aws_sagemaker_device_fleet", - "aws_sagemaker_domain", - "aws_sagemaker_endpoint", - "aws_sagemaker_endpoint_configuration", - "aws_sagemaker_feature_group", - "aws_sagemaker_flow_definition", - "aws_sagemaker_human_task_ui", - "aws_sagemaker_image", - "aws_sagemaker_image_version", - "aws_sagemaker_model", - "aws_sagemaker_model_package_group", - "aws_sagemaker_model_package_group_policy", - "aws_sagemaker_monitoring_schedule", - "aws_sagemaker_notebook_instance", - "aws_sagemaker_notebook_instance_lifecycle_configuration", - "aws_sagemaker_pipeline", - "aws_sagemaker_project", - "aws_sagemaker_servicecatalog_portfolio_status", - "aws_sagemaker_space", - "aws_sagemaker_studio_lifecycle_config", - "aws_sagemaker_user_profile", - "aws_sagemaker_workforce", - "aws_sagemaker_workteam", - "aws_scheduler_schedule", - "aws_scheduler_schedule_group", - "aws_schemas_discoverer", - "aws_schemas_registry", - "aws_schemas_registry_policy", - "aws_schemas_schema", - "aws_secretsmanager_secret", - "aws_secretsmanager_secret_policy", - "aws_secretsmanager_secret_rotation", - "aws_secretsmanager_secret_version", - "aws_security_group", - "aws_security_group_rule", - "aws_securityhub_account", - "aws_securityhub_action_target", - "aws_securityhub_automation_rule", - "aws_securityhub_configuration_policy", - "aws_securityhub_configuration_policy_association", - "aws_securityhub_finding_aggregator", - "aws_securityhub_insight", - "aws_securityhub_invite_accepter", - "aws_securityhub_member", - "aws_securityhub_organization_admin_account", - "aws_securityhub_organization_configuration", - "aws_securityhub_product_subscription", - "aws_securityhub_standards_control", - "aws_securityhub_standards_subscription", - "aws_securitylake_aws_log_source", - "aws_securitylake_custom_log_source", - "aws_securitylake_data_lake", - "aws_securitylake_subscriber", - "aws_securitylake_subscriber_notification", - "aws_serverlessapplicationrepository_cloudformation_stack", - "aws_service_discovery_http_namespace", - "aws_service_discovery_instance", - "aws_service_discovery_private_dns_namespace", - "aws_service_discovery_public_dns_namespace", - "aws_service_discovery_service", - "aws_servicecatalog_budget_resource_association", - "aws_servicecatalog_constraint", - "aws_servicecatalog_organizations_access", - "aws_servicecatalog_portfolio", - "aws_servicecatalog_portfolio_share", - "aws_servicecatalog_principal_portfolio_association", - "aws_servicecatalog_product", - "aws_servicecatalog_product_portfolio_association", - "aws_servicecatalog_provisioned_product", - "aws_servicecatalog_provisioning_artifact", - "aws_servicecatalog_service_action", - "aws_servicecatalog_tag_option", - "aws_servicecatalog_tag_option_resource_association", - "aws_servicecatalogappregistry_application", - "aws_servicequotas_service_quota", - "aws_servicequotas_template", - "aws_servicequotas_template_association", - "aws_ses_active_receipt_rule_set", - "aws_ses_configuration_set", - "aws_ses_domain_dkim", - "aws_ses_domain_identity", - "aws_ses_domain_identity_verification", - "aws_ses_domain_mail_from", - "aws_ses_email_identity", - "aws_ses_event_destination", - "aws_ses_identity_notification_topic", - "aws_ses_identity_policy", - "aws_ses_receipt_filter", - "aws_ses_receipt_rule", - "aws_ses_receipt_rule_set", - "aws_ses_template", - "aws_sesv2_account_vdm_attributes", - "aws_sesv2_configuration_set", - "aws_sesv2_configuration_set_event_destination", - "aws_sesv2_contact_list", - "aws_sesv2_dedicated_ip_assignment", - "aws_sesv2_dedicated_ip_pool", - "aws_sesv2_email_identity", - "aws_sesv2_email_identity_feedback_attributes", - "aws_sesv2_email_identity_mail_from_attributes", - "aws_sesv2_email_identity_policy", - "aws_sfn_activity", - "aws_sfn_alias", - "aws_sfn_state_machine", - "aws_shield_application_layer_automatic_response", - "aws_shield_drt_access_log_bucket_association", - "aws_shield_drt_access_role_arn_association", - "aws_shield_proactive_engagement", - "aws_shield_protection", - "aws_shield_protection_group", - "aws_shield_protection_health_check_association", - "aws_shield_subscription", - "aws_signer_signing_job", - "aws_signer_signing_profile", - "aws_signer_signing_profile_permission", - "aws_simpledb_domain", - "aws_snapshot_create_volume_permission", - "aws_sns_platform_application", - "aws_sns_sms_preferences", - "aws_sns_topic", - "aws_sns_topic_data_protection_policy", - "aws_sns_topic_policy", - "aws_sns_topic_subscription", - "aws_spot_datafeed_subscription", - "aws_spot_fleet_request", - "aws_spot_instance_request", - "aws_sqs_queue", - "aws_sqs_queue_policy", - "aws_sqs_queue_redrive_allow_policy", - "aws_sqs_queue_redrive_policy", - "aws_ssm_activation", - "aws_ssm_association", - "aws_ssm_default_patch_baseline", - "aws_ssm_document", - "aws_ssm_maintenance_window", - "aws_ssm_maintenance_window_target", - "aws_ssm_maintenance_window_task", - "aws_ssm_parameter", - "aws_ssm_patch_baseline", - "aws_ssm_patch_group", - "aws_ssm_resource_data_sync", - "aws_ssm_service_setting", - "aws_ssmcontacts_contact", - "aws_ssmcontacts_contact_channel", - "aws_ssmcontacts_plan", - "aws_ssmcontacts_rotation", - "aws_ssmincidents_replication_set", - "aws_ssmincidents_response_plan", - "aws_ssoadmin_account_assignment", - "aws_ssoadmin_application", - "aws_ssoadmin_application_access_scope", - "aws_ssoadmin_application_assignment", - "aws_ssoadmin_application_assignment_configuration", - "aws_ssoadmin_customer_managed_policy_attachment", - "aws_ssoadmin_instance_access_control_attributes", - "aws_ssoadmin_managed_policy_attachment", - "aws_ssoadmin_permission_set", - "aws_ssoadmin_permission_set_inline_policy", - "aws_ssoadmin_permissions_boundary_attachment", - "aws_ssoadmin_trusted_token_issuer", - "aws_storagegateway_cache", - "aws_storagegateway_cached_iscsi_volume", - "aws_storagegateway_file_system_association", - "aws_storagegateway_gateway", - "aws_storagegateway_nfs_file_share", - "aws_storagegateway_smb_file_share", - "aws_storagegateway_stored_iscsi_volume", - "aws_storagegateway_tape_pool", - "aws_storagegateway_upload_buffer", - "aws_storagegateway_working_storage", - "aws_subnet", - "aws_swf_domain", - "aws_synthetics_canary", - "aws_synthetics_group", - "aws_synthetics_group_association", - "aws_timestreaminfluxdb_db_instance", - "aws_timestreamwrite_database", - "aws_timestreamwrite_table", - "aws_transcribe_language_model", - "aws_transcribe_medical_vocabulary", - "aws_transcribe_vocabulary", - "aws_transcribe_vocabulary_filter", - "aws_transfer_access", - "aws_transfer_agreement", - "aws_transfer_certificate", - "aws_transfer_connector", - "aws_transfer_profile", - "aws_transfer_server", - "aws_transfer_ssh_key", - "aws_transfer_tag", - "aws_transfer_user", - "aws_transfer_workflow", - "aws_verifiedaccess_endpoint", - "aws_verifiedaccess_group", - "aws_verifiedaccess_instance", - "aws_verifiedaccess_instance_logging_configuration", - "aws_verifiedaccess_instance_trust_provider_attachment", - "aws_verifiedaccess_trust_provider", - "aws_verifiedpermissions_identity_source", - "aws_verifiedpermissions_policy", - "aws_verifiedpermissions_policy_store", - "aws_verifiedpermissions_policy_template", - "aws_verifiedpermissions_schema", - "aws_volume_attachment", - "aws_vpc", - "aws_vpc_dhcp_options", - "aws_vpc_dhcp_options_association", - "aws_vpc_endpoint", - "aws_vpc_endpoint_connection_accepter", - "aws_vpc_endpoint_connection_notification", - "aws_vpc_endpoint_policy", - "aws_vpc_endpoint_private_dns", - "aws_vpc_endpoint_route_table_association", - "aws_vpc_endpoint_security_group_association", - "aws_vpc_endpoint_service", - "aws_vpc_endpoint_service_allowed_principal", - "aws_vpc_endpoint_service_private_dns_verification", - "aws_vpc_endpoint_subnet_association", - "aws_vpc_ipam", - "aws_vpc_ipam_organization_admin_account", - "aws_vpc_ipam_pool", - "aws_vpc_ipam_pool_cidr", - "aws_vpc_ipam_pool_cidr_allocation", - "aws_vpc_ipam_preview_next_cidr", - "aws_vpc_ipam_resource_discovery", - "aws_vpc_ipam_resource_discovery_association", - "aws_vpc_ipam_scope", - "aws_vpc_ipv4_cidr_block_association", - "aws_vpc_ipv6_cidr_block_association", - "aws_vpc_network_performance_metric_subscription", - "aws_vpc_peering_connection", - "aws_vpc_peering_connection_accepter", - "aws_vpc_peering_connection_options", - "aws_vpc_security_group_egress_rule", - "aws_vpc_security_group_ingress_rule", - "aws_vpclattice_access_log_subscription", - "aws_vpclattice_auth_policy", - "aws_vpclattice_listener", - "aws_vpclattice_listener_rule", - "aws_vpclattice_resource_policy", - "aws_vpclattice_service", - "aws_vpclattice_service_network", - "aws_vpclattice_service_network_service_association", - "aws_vpclattice_service_network_vpc_association", - "aws_vpclattice_target_group", - "aws_vpclattice_target_group_attachment", - "aws_vpn_connection", - "aws_vpn_connection_route", - "aws_vpn_gateway", - "aws_vpn_gateway_attachment", - "aws_vpn_gateway_route_propagation", - "aws_waf_byte_match_set", - "aws_waf_geo_match_set", - "aws_waf_ipset", - "aws_waf_rate_based_rule", - "aws_waf_regex_match_set", - "aws_waf_regex_pattern_set", - "aws_waf_rule", - "aws_waf_rule_group", - "aws_waf_size_constraint_set", - "aws_waf_sql_injection_match_set", - "aws_waf_web_acl", - "aws_waf_xss_match_set", - "aws_wafregional_byte_match_set", - "aws_wafregional_geo_match_set", - "aws_wafregional_ipset", - "aws_wafregional_rate_based_rule", - "aws_wafregional_regex_match_set", - "aws_wafregional_regex_pattern_set", - "aws_wafregional_rule", - "aws_wafregional_rule_group", - "aws_wafregional_size_constraint_set", - "aws_wafregional_sql_injection_match_set", - "aws_wafregional_web_acl", - "aws_wafregional_web_acl_association", - "aws_wafregional_xss_match_set", - "aws_wafv2_ip_set", - "aws_wafv2_regex_pattern_set", - "aws_wafv2_rule_group", - "aws_wafv2_web_acl", - "aws_wafv2_web_acl_association", - "aws_wafv2_web_acl_logging_configuration", - "aws_worklink_fleet", - "aws_worklink_website_certificate_authority_association", - "aws_workspaces_connection_alias", - "aws_workspaces_directory", - "aws_workspaces_ip_group", - "aws_workspaces_workspace", - "aws_xray_encryption_config", - "aws_xray_group", - "aws_xray_sampling_rule" - ] -} + "resources": [ + "aws_accessanalyzer_analyzer", + "aws_accessanalyzer_archive_rule", + "aws_account_alternate_contact", + "aws_account_primary_contact", + "aws_account_region", + "aws_acm_certificate", + "aws_acm_certificate_validation", + "aws_acmpca_certificate", + "aws_acmpca_certificate_authority", + "aws_acmpca_certificate_authority_certificate", + "aws_acmpca_permission", + "aws_acmpca_policy", + "aws_alb", + "aws_ami", + "aws_ami_copy", + "aws_ami_from_instance", + "aws_ami_launch_permission", + "aws_amplify_app", + "aws_amplify_backend_environment", + "aws_amplify_branch", + "aws_amplify_domain_association", + "aws_amplify_webhook", + "aws_api_gateway_account", + "aws_api_gateway_api_key", + "aws_api_gateway_authorizer", + "aws_api_gateway_base_path_mapping", + "aws_api_gateway_client_certificate", + "aws_api_gateway_deployment", + "aws_api_gateway_documentation_part", + "aws_api_gateway_documentation_version", + "aws_api_gateway_domain_name", + "aws_api_gateway_domain_name_access_association", + "aws_api_gateway_gateway_response", + "aws_api_gateway_integration", + "aws_api_gateway_integration_response", + "aws_api_gateway_method", + "aws_api_gateway_method_response", + "aws_api_gateway_method_settings", + "aws_api_gateway_model", + "aws_api_gateway_request_validator", + "aws_api_gateway_resource", + "aws_api_gateway_rest_api", + "aws_api_gateway_rest_api_policy", + "aws_api_gateway_rest_api_put", + "aws_api_gateway_stage", + "aws_api_gateway_usage_plan", + "aws_api_gateway_usage_plan_key", + "aws_api_gateway_vpc_link", + "aws_apigatewayv2_api", + "aws_apigatewayv2_api_mapping", + "aws_apigatewayv2_authorizer", + "aws_apigatewayv2_deployment", + "aws_apigatewayv2_domain_name", + "aws_apigatewayv2_integration", + "aws_apigatewayv2_integration_response", + "aws_apigatewayv2_model", + "aws_apigatewayv2_route", + "aws_apigatewayv2_route_response", + "aws_apigatewayv2_stage", + "aws_apigatewayv2_vpc_link", + "aws_app_cookie_stickiness_policy", + "aws_appautoscaling_policy", + "aws_appautoscaling_scheduled_action", + "aws_appautoscaling_target", + "aws_appconfig_application", + "aws_appconfig_configuration_profile", + "aws_appconfig_deployment", + "aws_appconfig_deployment_strategy", + "aws_appconfig_environment", + "aws_appconfig_extension", + "aws_appconfig_extension_association", + "aws_appconfig_hosted_configuration_version", + "aws_appfabric_app_authorization", + "aws_appfabric_app_authorization_connection", + "aws_appfabric_app_bundle", + "aws_appfabric_ingestion", + "aws_appfabric_ingestion_destination", + "aws_appflow_connector_profile", + "aws_appflow_flow", + "aws_appintegrations_data_integration", + "aws_appintegrations_event_integration", + "aws_applicationinsights_application", + "aws_appmesh_gateway_route", + "aws_appmesh_mesh", + "aws_appmesh_route", + "aws_appmesh_virtual_gateway", + "aws_appmesh_virtual_node", + "aws_appmesh_virtual_router", + "aws_appmesh_virtual_service", + "aws_apprunner_auto_scaling_configuration_version", + "aws_apprunner_connection", + "aws_apprunner_custom_domain_association", + "aws_apprunner_default_auto_scaling_configuration_version", + "aws_apprunner_deployment", + "aws_apprunner_observability_configuration", + "aws_apprunner_service", + "aws_apprunner_vpc_connector", + "aws_apprunner_vpc_ingress_connection", + "aws_appstream_directory_config", + "aws_appstream_fleet", + "aws_appstream_fleet_stack_association", + "aws_appstream_image_builder", + "aws_appstream_stack", + "aws_appstream_user", + "aws_appstream_user_stack_association", + "aws_appsync_api", + "aws_appsync_api_cache", + "aws_appsync_api_key", + "aws_appsync_channel_namespace", + "aws_appsync_datasource", + "aws_appsync_domain_name", + "aws_appsync_domain_name_api_association", + "aws_appsync_function", + "aws_appsync_graphql_api", + "aws_appsync_resolver", + "aws_appsync_source_api_association", + "aws_appsync_type", + "aws_athena_capacity_reservation", + "aws_athena_data_catalog", + "aws_athena_database", + "aws_athena_named_query", + "aws_athena_prepared_statement", + "aws_athena_workgroup", + "aws_auditmanager_account_registration", + "aws_auditmanager_assessment", + "aws_auditmanager_assessment_delegation", + "aws_auditmanager_assessment_report", + "aws_auditmanager_control", + "aws_auditmanager_framework", + "aws_auditmanager_framework_share", + "aws_auditmanager_organization_admin_account_registration", + "aws_autoscaling_attachment", + "aws_autoscaling_group", + "aws_autoscaling_group_tag", + "aws_autoscaling_lifecycle_hook", + "aws_autoscaling_notification", + "aws_autoscaling_policy", + "aws_autoscaling_schedule", + "aws_autoscaling_traffic_source_attachment", + "aws_autoscalingplans_scaling_plan", + "aws_backup_framework", + "aws_backup_global_settings", + "aws_backup_logically_air_gapped_vault", + "aws_backup_plan", + "aws_backup_region_settings", + "aws_backup_report_plan", + "aws_backup_selection", + "aws_backup_vault", + "aws_backup_vault_lock_configuration", + "aws_backup_vault_notifications", + "aws_backup_vault_policy", + "aws_batch_compute_environment", + "aws_batch_job_definition", + "aws_batch_job_queue", + "aws_batch_scheduling_policy", + "aws_bcmdataexports_export", + "aws_bedrock_custom_model", + "aws_bedrock_guardrail", + "aws_bedrock_guardrail_version", + "aws_bedrock_inference_profile", + "aws_bedrock_model_invocation_logging_configuration", + "aws_bedrock_provisioned_model_throughput", + "aws_bedrockagent_agent", + "aws_bedrockagent_agent_action_group", + "aws_bedrockagent_agent_alias", + "aws_bedrockagent_agent_collaborator", + "aws_bedrockagent_agent_knowledge_base_association", + "aws_bedrockagent_data_source", + "aws_bedrockagent_flow", + "aws_bedrockagent_knowledge_base", + "aws_bedrockagent_prompt", + "aws_bedrockagentcore_agent_runtime", + "aws_bedrockagentcore_agent_runtime_endpoint", + "aws_bedrockagentcore_api_key_credential_provider", + "aws_bedrockagentcore_browser", + "aws_bedrockagentcore_code_interpreter", + "aws_bedrockagentcore_gateway", + "aws_bedrockagentcore_gateway_target", + "aws_bedrockagentcore_memory", + "aws_bedrockagentcore_memory_strategy", + "aws_bedrockagentcore_oauth2_credential_provider", + "aws_bedrockagentcore_token_vault_cmk", + "aws_bedrockagentcore_workload_identity", + "aws_budgets_budget", + "aws_budgets_budget_action", + "aws_ce_anomaly_monitor", + "aws_ce_anomaly_subscription", + "aws_ce_cost_allocation_tag", + "aws_ce_cost_category", + "aws_chatbot_slack_channel_configuration", + "aws_chatbot_teams_channel_configuration", + "aws_chime_voice_connector", + "aws_chime_voice_connector_group", + "aws_chime_voice_connector_logging", + "aws_chime_voice_connector_origination", + "aws_chime_voice_connector_streaming", + "aws_chime_voice_connector_termination", + "aws_chime_voice_connector_termination_credentials", + "aws_chimesdkmediapipelines_media_insights_pipeline_configuration", + "aws_chimesdkvoice_global_settings", + "aws_chimesdkvoice_sip_media_application", + "aws_chimesdkvoice_sip_rule", + "aws_chimesdkvoice_voice_profile_domain", + "aws_cleanrooms_collaboration", + "aws_cleanrooms_configured_table", + "aws_cleanrooms_membership", + "aws_cloud9_environment_ec2", + "aws_cloud9_environment_membership", + "aws_cloudcontrolapi_resource", + "aws_cloudformation_stack", + "aws_cloudformation_stack_instances", + "aws_cloudformation_stack_set", + "aws_cloudformation_stack_set_instance", + "aws_cloudformation_type", + "aws_cloudfront_cache_policy", + "aws_cloudfront_continuous_deployment_policy", + "aws_cloudfront_distribution", + "aws_cloudfront_field_level_encryption_config", + "aws_cloudfront_field_level_encryption_profile", + "aws_cloudfront_function", + "aws_cloudfront_key_group", + "aws_cloudfront_key_value_store", + "aws_cloudfront_monitoring_subscription", + "aws_cloudfront_origin_access_control", + "aws_cloudfront_origin_access_identity", + "aws_cloudfront_origin_request_policy", + "aws_cloudfront_public_key", + "aws_cloudfront_realtime_log_config", + "aws_cloudfront_response_headers_policy", + "aws_cloudfront_vpc_origin", + "aws_cloudfrontkeyvaluestore_key", + "aws_cloudfrontkeyvaluestore_keys_exclusive", + "aws_cloudhsm_v2_cluster", + "aws_cloudhsm_v2_hsm", + "aws_cloudsearch_domain", + "aws_cloudsearch_domain_service_access_policy", + "aws_cloudtrail", + "aws_cloudtrail_event_data_store", + "aws_cloudtrail_organization_delegated_admin_account", + "aws_cloudwatch_composite_alarm", + "aws_cloudwatch_contributor_insight_rule", + "aws_cloudwatch_contributor_managed_insight_rule", + "aws_cloudwatch_dashboard", + "aws_cloudwatch_event_api_destination", + "aws_cloudwatch_event_archive", + "aws_cloudwatch_event_bus", + "aws_cloudwatch_event_bus_policy", + "aws_cloudwatch_event_connection", + "aws_cloudwatch_event_endpoint", + "aws_cloudwatch_event_permission", + "aws_cloudwatch_event_rule", + "aws_cloudwatch_event_target", + "aws_cloudwatch_log_account_policy", + "aws_cloudwatch_log_anomaly_detector", + "aws_cloudwatch_log_data_protection_policy", + "aws_cloudwatch_log_delivery", + "aws_cloudwatch_log_delivery_destination", + "aws_cloudwatch_log_delivery_destination_policy", + "aws_cloudwatch_log_delivery_source", + "aws_cloudwatch_log_destination", + "aws_cloudwatch_log_destination_policy", + "aws_cloudwatch_log_group", + "aws_cloudwatch_log_index_policy", + "aws_cloudwatch_log_metric_filter", + "aws_cloudwatch_log_resource_policy", + "aws_cloudwatch_log_stream", + "aws_cloudwatch_log_subscription_filter", + "aws_cloudwatch_metric_alarm", + "aws_cloudwatch_metric_stream", + "aws_cloudwatch_query_definition", + "aws_codeartifact_domain", + "aws_codeartifact_domain_permissions_policy", + "aws_codeartifact_repository", + "aws_codeartifact_repository_permissions_policy", + "aws_codebuild_fleet", + "aws_codebuild_project", + "aws_codebuild_report_group", + "aws_codebuild_resource_policy", + "aws_codebuild_source_credential", + "aws_codebuild_webhook", + "aws_codecatalyst_dev_environment", + "aws_codecatalyst_project", + "aws_codecatalyst_source_repository", + "aws_codecommit_approval_rule_template", + "aws_codecommit_approval_rule_template_association", + "aws_codecommit_repository", + "aws_codecommit_trigger", + "aws_codeconnections_connection", + "aws_codeconnections_host", + "aws_codedeploy_app", + "aws_codedeploy_deployment_config", + "aws_codedeploy_deployment_group", + "aws_codeguruprofiler_profiling_group", + "aws_codegurureviewer_repository_association", + "aws_codepipeline", + "aws_codepipeline_custom_action_type", + "aws_codepipeline_webhook", + "aws_codestarconnections_connection", + "aws_codestarconnections_host", + "aws_codestarnotifications_notification_rule", + "aws_cognito_identity_pool", + "aws_cognito_identity_pool_provider_principal_tag", + "aws_cognito_identity_pool_roles_attachment", + "aws_cognito_identity_provider", + "aws_cognito_log_delivery_configuration", + "aws_cognito_managed_login_branding", + "aws_cognito_managed_user_pool_client", + "aws_cognito_resource_server", + "aws_cognito_risk_configuration", + "aws_cognito_user", + "aws_cognito_user_group", + "aws_cognito_user_in_group", + "aws_cognito_user_pool", + "aws_cognito_user_pool_client", + "aws_cognito_user_pool_domain", + "aws_cognito_user_pool_ui_customization", + "aws_comprehend_document_classifier", + "aws_comprehend_entity_recognizer", + "aws_computeoptimizer_enrollment_status", + "aws_computeoptimizer_recommendation_preferences", + "aws_config_aggregate_authorization", + "aws_config_config_rule", + "aws_config_configuration_aggregator", + "aws_config_configuration_recorder", + "aws_config_configuration_recorder_status", + "aws_config_conformance_pack", + "aws_config_delivery_channel", + "aws_config_organization_conformance_pack", + "aws_config_organization_custom_policy_rule", + "aws_config_organization_custom_rule", + "aws_config_organization_managed_rule", + "aws_config_remediation_configuration", + "aws_config_retention_configuration", + "aws_connect_bot_association", + "aws_connect_contact_flow", + "aws_connect_contact_flow_module", + "aws_connect_hours_of_operation", + "aws_connect_instance", + "aws_connect_instance_storage_config", + "aws_connect_lambda_function_association", + "aws_connect_phone_number", + "aws_connect_phone_number_contact_flow_association", + "aws_connect_queue", + "aws_connect_quick_connect", + "aws_connect_routing_profile", + "aws_connect_security_profile", + "aws_connect_user", + "aws_connect_user_hierarchy_group", + "aws_connect_user_hierarchy_structure", + "aws_connect_vocabulary", + "aws_controltower_baseline", + "aws_controltower_control", + "aws_controltower_landing_zone", + "aws_costoptimizationhub_enrollment_status", + "aws_costoptimizationhub_preferences", + "aws_cur_report_definition", + "aws_customer_gateway", + "aws_customerprofiles_domain", + "aws_customerprofiles_profile", + "aws_dataexchange_data_set", + "aws_dataexchange_event_action", + "aws_dataexchange_revision", + "aws_dataexchange_revision_assets", + "aws_datapipeline_pipeline", + "aws_datapipeline_pipeline_definition", + "aws_datasync_agent", + "aws_datasync_location_azure_blob", + "aws_datasync_location_efs", + "aws_datasync_location_fsx_lustre_file_system", + "aws_datasync_location_fsx_ontap_file_system", + "aws_datasync_location_fsx_openzfs_file_system", + "aws_datasync_location_fsx_windows_file_system", + "aws_datasync_location_hdfs", + "aws_datasync_location_nfs", + "aws_datasync_location_object_storage", + "aws_datasync_location_s3", + "aws_datasync_location_smb", + "aws_datasync_task", + "aws_datazone_asset_type", + "aws_datazone_domain", + "aws_datazone_environment", + "aws_datazone_environment_blueprint_configuration", + "aws_datazone_environment_profile", + "aws_datazone_form_type", + "aws_datazone_glossary", + "aws_datazone_glossary_term", + "aws_datazone_project", + "aws_datazone_user_profile", + "aws_dax_cluster", + "aws_dax_parameter_group", + "aws_dax_subnet_group", + "aws_db_cluster_snapshot", + "aws_db_event_subscription", + "aws_db_instance", + "aws_db_instance_automated_backups_replication", + "aws_db_instance_role_association", + "aws_db_option_group", + "aws_db_parameter_group", + "aws_db_proxy", + "aws_db_proxy_default_target_group", + "aws_db_proxy_endpoint", + "aws_db_proxy_target", + "aws_db_snapshot", + "aws_db_snapshot_copy", + "aws_db_subnet_group", + "aws_default_network_acl", + "aws_default_route_table", + "aws_default_security_group", + "aws_default_subnet", + "aws_default_vpc", + "aws_default_vpc_dhcp_options", + "aws_detective_graph", + "aws_detective_invitation_accepter", + "aws_detective_member", + "aws_detective_organization_admin_account", + "aws_detective_organization_configuration", + "aws_devicefarm_device_pool", + "aws_devicefarm_instance_profile", + "aws_devicefarm_network_profile", + "aws_devicefarm_project", + "aws_devicefarm_upload", + "aws_devopsguru_event_sources_config", + "aws_devopsguru_notification_channel", + "aws_devopsguru_resource_collection", + "aws_devopsguru_service_integration", + "aws_directory_service_conditional_forwarder", + "aws_directory_service_directory", + "aws_directory_service_log_subscription", + "aws_directory_service_radius_settings", + "aws_directory_service_region", + "aws_directory_service_shared_directory", + "aws_directory_service_shared_directory_accepter", + "aws_directory_service_trust", + "aws_dlm_lifecycle_policy", + "aws_dms_certificate", + "aws_dms_endpoint", + "aws_dms_event_subscription", + "aws_dms_replication_config", + "aws_dms_replication_instance", + "aws_dms_replication_subnet_group", + "aws_dms_replication_task", + "aws_dms_s3_endpoint", + "aws_docdb_cluster", + "aws_docdb_cluster_instance", + "aws_docdb_cluster_parameter_group", + "aws_docdb_cluster_snapshot", + "aws_docdb_event_subscription", + "aws_docdb_global_cluster", + "aws_docdb_subnet_group", + "aws_docdbelastic_cluster", + "aws_drs_replication_configuration_template", + "aws_dsql_cluster", + "aws_dsql_cluster_peering", + "aws_dx_bgp_peer", + "aws_dx_connection", + "aws_dx_connection_association", + "aws_dx_connection_confirmation", + "aws_dx_gateway", + "aws_dx_gateway_association", + "aws_dx_gateway_association_proposal", + "aws_dx_hosted_connection", + "aws_dx_hosted_private_virtual_interface", + "aws_dx_hosted_private_virtual_interface_accepter", + "aws_dx_hosted_public_virtual_interface", + "aws_dx_hosted_public_virtual_interface_accepter", + "aws_dx_hosted_transit_virtual_interface", + "aws_dx_hosted_transit_virtual_interface_accepter", + "aws_dx_lag", + "aws_dx_macsec_key_association", + "aws_dx_private_virtual_interface", + "aws_dx_public_virtual_interface", + "aws_dx_transit_virtual_interface", + "aws_dynamodb_contributor_insights", + "aws_dynamodb_global_table", + "aws_dynamodb_kinesis_streaming_destination", + "aws_dynamodb_resource_policy", + "aws_dynamodb_table", + "aws_dynamodb_table_export", + "aws_dynamodb_table_item", + "aws_dynamodb_table_replica", + "aws_dynamodb_tag", + "aws_ebs_default_kms_key", + "aws_ebs_encryption_by_default", + "aws_ebs_fast_snapshot_restore", + "aws_ebs_snapshot", + "aws_ebs_snapshot_block_public_access", + "aws_ebs_snapshot_copy", + "aws_ebs_snapshot_import", + "aws_ebs_volume", + "aws_ec2_allowed_images_settings", + "aws_ec2_availability_zone_group", + "aws_ec2_capacity_block_reservation", + "aws_ec2_capacity_reservation", + "aws_ec2_carrier_gateway", + "aws_ec2_client_vpn_authorization_rule", + "aws_ec2_client_vpn_endpoint", + "aws_ec2_client_vpn_network_association", + "aws_ec2_client_vpn_route", + "aws_ec2_default_credit_specification", + "aws_ec2_fleet", + "aws_ec2_host", + "aws_ec2_image_block_public_access", + "aws_ec2_instance", + "aws_ec2_instance_connect_endpoint", + "aws_ec2_instance_metadata_defaults", + "aws_ec2_instance_state", + "aws_ec2_local_gateway_route", + "aws_ec2_local_gateway_route_table_vpc_association", + "aws_ec2_managed_prefix_list", + "aws_ec2_managed_prefix_list_entry", + "aws_ec2_network_insights_analysis", + "aws_ec2_network_insights_path", + "aws_ec2_serial_console_access", + "aws_ec2_subnet_cidr_reservation", + "aws_ec2_tag", + "aws_ec2_traffic_mirror_filter", + "aws_ec2_traffic_mirror_filter_rule", + "aws_ec2_traffic_mirror_session", + "aws_ec2_traffic_mirror_target", + "aws_ec2_transit_gateway", + "aws_ec2_transit_gateway_connect", + "aws_ec2_transit_gateway_connect_peer", + "aws_ec2_transit_gateway_default_route_table_association", + "aws_ec2_transit_gateway_default_route_table_propagation", + "aws_ec2_transit_gateway_multicast_domain", + "aws_ec2_transit_gateway_multicast_domain_association", + "aws_ec2_transit_gateway_multicast_group_member", + "aws_ec2_transit_gateway_multicast_group_source", + "aws_ec2_transit_gateway_peering_attachment", + "aws_ec2_transit_gateway_peering_attachment_accepter", + "aws_ec2_transit_gateway_policy_table", + "aws_ec2_transit_gateway_policy_table_association", + "aws_ec2_transit_gateway_prefix_list_reference", + "aws_ec2_transit_gateway_route", + "aws_ec2_transit_gateway_route_table", + "aws_ec2_transit_gateway_route_table_association", + "aws_ec2_transit_gateway_route_table_propagation", + "aws_ec2_transit_gateway_vpc_attachment", + "aws_ec2_transit_gateway_vpc_attachment_accepter", + "aws_ecr_account_setting", + "aws_ecr_lifecycle_policy", + "aws_ecr_pull_through_cache_rule", + "aws_ecr_registry_policy", + "aws_ecr_registry_scanning_configuration", + "aws_ecr_replication_configuration", + "aws_ecr_repository", + "aws_ecr_repository_creation_template", + "aws_ecr_repository_policy", + "aws_ecrpublic_repository", + "aws_ecrpublic_repository_policy", + "aws_ecs_account_setting_default", + "aws_ecs_capacity_provider", + "aws_ecs_cluster", + "aws_ecs_cluster_capacity_providers", + "aws_ecs_service", + "aws_ecs_tag", + "aws_ecs_task_definition", + "aws_ecs_task_set", + "aws_efs_access_point", + "aws_efs_backup_policy", + "aws_efs_file_system", + "aws_efs_file_system_policy", + "aws_efs_mount_target", + "aws_efs_replication_configuration", + "aws_egress_only_internet_gateway", + "aws_eip", + "aws_eip_association", + "aws_eip_domain_name", + "aws_eks_access_entry", + "aws_eks_access_policy_association", + "aws_eks_addon", + "aws_eks_cluster", + "aws_eks_fargate_profile", + "aws_eks_identity_provider_config", + "aws_eks_node_group", + "aws_eks_pod_identity_association", + "aws_elastic_beanstalk_application", + "aws_elastic_beanstalk_application_version", + "aws_elastic_beanstalk_configuration_template", + "aws_elastic_beanstalk_environment", + "aws_elasticache_cluster", + "aws_elasticache_global_replication_group", + "aws_elasticache_parameter_group", + "aws_elasticache_replication_group", + "aws_elasticache_reserved_cache_node", + "aws_elasticache_serverless_cache", + "aws_elasticache_subnet_group", + "aws_elasticache_user", + "aws_elasticache_user_group", + "aws_elasticache_user_group_association", + "aws_elasticsearch_domain", + "aws_elasticsearch_domain_policy", + "aws_elasticsearch_domain_saml_options", + "aws_elasticsearch_vpc_endpoint", + "aws_elastictranscoder_pipeline", + "aws_elastictranscoder_preset", + "aws_elb", + "aws_elb_attachment", + "aws_emr_block_public_access_configuration", + "aws_emr_cluster", + "aws_emr_instance_fleet", + "aws_emr_instance_group", + "aws_emr_managed_scaling_policy", + "aws_emr_security_configuration", + "aws_emr_studio", + "aws_emr_studio_session_mapping", + "aws_emrcontainers_job_template", + "aws_emrcontainers_virtual_cluster", + "aws_emrserverless_application", + "aws_evidently_feature", + "aws_evidently_launch", + "aws_evidently_project", + "aws_evidently_segment", + "aws_finspace_kx_cluster", + "aws_finspace_kx_database", + "aws_finspace_kx_dataview", + "aws_finspace_kx_environment", + "aws_finspace_kx_scaling_group", + "aws_finspace_kx_user", + "aws_finspace_kx_volume", + "aws_fis_experiment_template", + "aws_fis_target_account_configuration", + "aws_flow_log", + "aws_fms_admin_account", + "aws_fms_policy", + "aws_fms_resource_set", + "aws_fsx_backup", + "aws_fsx_data_repository_association", + "aws_fsx_file_cache", + "aws_fsx_lustre_file_system", + "aws_fsx_ontap_file_system", + "aws_fsx_ontap_storage_virtual_machine", + "aws_fsx_ontap_volume", + "aws_fsx_openzfs_file_system", + "aws_fsx_openzfs_snapshot", + "aws_fsx_openzfs_volume", + "aws_fsx_s3_access_point_attachment", + "aws_fsx_windows_file_system", + "aws_gamelift_alias", + "aws_gamelift_build", + "aws_gamelift_fleet", + "aws_gamelift_game_server_group", + "aws_gamelift_game_session_queue", + "aws_gamelift_script", + "aws_glacier_vault", + "aws_glacier_vault_lock", + "aws_globalaccelerator_accelerator", + "aws_globalaccelerator_cross_account_attachment", + "aws_globalaccelerator_custom_routing_accelerator", + "aws_globalaccelerator_custom_routing_endpoint_group", + "aws_globalaccelerator_custom_routing_listener", + "aws_globalaccelerator_endpoint_group", + "aws_globalaccelerator_listener", + "aws_glue_catalog_database", + "aws_glue_catalog_table", + "aws_glue_catalog_table_optimizer", + "aws_glue_classifier", + "aws_glue_connection", + "aws_glue_crawler", + "aws_glue_data_catalog_encryption_settings", + "aws_glue_data_quality_ruleset", + "aws_glue_dev_endpoint", + "aws_glue_job", + "aws_glue_ml_transform", + "aws_glue_partition", + "aws_glue_partition_index", + "aws_glue_registry", + "aws_glue_resource_policy", + "aws_glue_schema", + "aws_glue_security_configuration", + "aws_glue_trigger", + "aws_glue_user_defined_function", + "aws_glue_workflow", + "aws_grafana_license_association", + "aws_grafana_role_association", + "aws_grafana_workspace", + "aws_grafana_workspace_api_key", + "aws_grafana_workspace_saml_configuration", + "aws_grafana_workspace_service_account", + "aws_grafana_workspace_service_account_token", + "aws_guardduty_detector", + "aws_guardduty_detector_feature", + "aws_guardduty_filter", + "aws_guardduty_invite_accepter", + "aws_guardduty_ipset", + "aws_guardduty_malware_protection_plan", + "aws_guardduty_member", + "aws_guardduty_member_detector_feature", + "aws_guardduty_organization_admin_account", + "aws_guardduty_organization_configuration", + "aws_guardduty_organization_configuration_feature", + "aws_guardduty_publishing_destination", + "aws_guardduty_threatintelset", + "aws_iam_access_key", + "aws_iam_account_alias", + "aws_iam_account_password_policy", + "aws_iam_group", + "aws_iam_group_membership", + "aws_iam_group_policies_exclusive", + "aws_iam_group_policy", + "aws_iam_group_policy_attachment", + "aws_iam_group_policy_attachments_exclusive", + "aws_iam_instance_profile", + "aws_iam_openid_connect_provider", + "aws_iam_organizations_features", + "aws_iam_policy", + "aws_iam_policy_attachment", + "aws_iam_role", + "aws_iam_role_policies_exclusive", + "aws_iam_role_policy", + "aws_iam_role_policy_attachment", + "aws_iam_role_policy_attachments_exclusive", + "aws_iam_saml_provider", + "aws_iam_security_token_service_preferences", + "aws_iam_server_certificate", + "aws_iam_service_linked_role", + "aws_iam_service_specific_credential", + "aws_iam_signing_certificate", + "aws_iam_user", + "aws_iam_user_group_membership", + "aws_iam_user_login_profile", + "aws_iam_user_policies_exclusive", + "aws_iam_user_policy", + "aws_iam_user_policy_attachment", + "aws_iam_user_policy_attachments_exclusive", + "aws_iam_user_ssh_key", + "aws_iam_virtual_mfa_device", + "aws_identitystore_group", + "aws_identitystore_group_membership", + "aws_identitystore_user", + "aws_imagebuilder_component", + "aws_imagebuilder_container_recipe", + "aws_imagebuilder_distribution_configuration", + "aws_imagebuilder_image", + "aws_imagebuilder_image_pipeline", + "aws_imagebuilder_image_recipe", + "aws_imagebuilder_infrastructure_configuration", + "aws_imagebuilder_lifecycle_policy", + "aws_imagebuilder_workflow", + "aws_inspector2_delegated_admin_account", + "aws_inspector2_enabler", + "aws_inspector2_filter", + "aws_inspector2_member_association", + "aws_inspector2_organization_configuration", + "aws_inspector_assessment_target", + "aws_inspector_assessment_template", + "aws_inspector_resource_group", + "aws_instance", + "aws_internet_gateway", + "aws_internet_gateway_attachment", + "aws_internetmonitor_monitor", + "aws_invoicing_invoice_unit", + "aws_iot_authorizer", + "aws_iot_billing_group", + "aws_iot_ca_certificate", + "aws_iot_certificate", + "aws_iot_domain_configuration", + "aws_iot_event_configurations", + "aws_iot_indexing_configuration", + "aws_iot_logging_options", + "aws_iot_policy", + "aws_iot_policy_attachment", + "aws_iot_provisioning_template", + "aws_iot_role_alias", + "aws_iot_thing", + "aws_iot_thing_group", + "aws_iot_thing_group_membership", + "aws_iot_thing_principal_attachment", + "aws_iot_thing_type", + "aws_iot_topic_rule", + "aws_iot_topic_rule_destination", + "aws_ivs_channel", + "aws_ivs_playback_key_pair", + "aws_ivs_recording_configuration", + "aws_ivschat_logging_configuration", + "aws_ivschat_room", + "aws_kendra_data_source", + "aws_kendra_experience", + "aws_kendra_faq", + "aws_kendra_index", + "aws_kendra_query_suggestions_block_list", + "aws_kendra_thesaurus", + "aws_key_pair", + "aws_keyspaces_keyspace", + "aws_keyspaces_table", + "aws_kinesis_analytics_application", + "aws_kinesis_firehose_delivery_stream", + "aws_kinesis_resource_policy", + "aws_kinesis_stream", + "aws_kinesis_stream_consumer", + "aws_kinesis_video_stream", + "aws_kinesisanalyticsv2_application", + "aws_kinesisanalyticsv2_application_snapshot", + "aws_kms_alias", + "aws_kms_ciphertext", + "aws_kms_custom_key_store", + "aws_kms_external_key", + "aws_kms_grant", + "aws_kms_key", + "aws_kms_key_policy", + "aws_kms_replica_external_key", + "aws_kms_replica_key", + "aws_lakeformation_data_cells_filter", + "aws_lakeformation_data_lake_settings", + "aws_lakeformation_identity_center_configuration", + "aws_lakeformation_lf_tag", + "aws_lakeformation_lf_tag_expression", + "aws_lakeformation_opt_in", + "aws_lakeformation_permissions", + "aws_lakeformation_resource", + "aws_lakeformation_resource_lf_tag", + "aws_lakeformation_resource_lf_tags", + "aws_lambda_alias", + "aws_lambda_code_signing_config", + "aws_lambda_event_source_mapping", + "aws_lambda_function", + "aws_lambda_function_event_invoke_config", + "aws_lambda_function_recursion_config", + "aws_lambda_function_url", + "aws_lambda_invocation", + "aws_lambda_layer_version", + "aws_lambda_layer_version_permission", + "aws_lambda_permission", + "aws_lambda_provisioned_concurrency_config", + "aws_lambda_runtime_management_config", + "aws_launch_configuration", + "aws_launch_template", + "aws_lb", + "aws_lb_cookie_stickiness_policy", + "aws_lb_listener", + "aws_lb_listener_certificate", + "aws_lb_listener_rule", + "aws_lb_ssl_negotiation_policy", + "aws_lb_target_group", + "aws_lb_target_group_attachment", + "aws_lb_trust_store", + "aws_lb_trust_store_revocation", + "aws_lex_bot", + "aws_lex_bot_alias", + "aws_lex_intent", + "aws_lex_slot_type", + "aws_lexv2models_bot", + "aws_lexv2models_bot_locale", + "aws_lexv2models_bot_version", + "aws_lexv2models_intent", + "aws_lexv2models_slot", + "aws_lexv2models_slot_type", + "aws_licensemanager_association", + "aws_licensemanager_grant", + "aws_licensemanager_grant_accepter", + "aws_licensemanager_license_configuration", + "aws_lightsail_bucket", + "aws_lightsail_bucket_access_key", + "aws_lightsail_bucket_resource_access", + "aws_lightsail_certificate", + "aws_lightsail_container_service", + "aws_lightsail_container_service_deployment_version", + "aws_lightsail_database", + "aws_lightsail_disk", + "aws_lightsail_disk_attachment", + "aws_lightsail_distribution", + "aws_lightsail_domain", + "aws_lightsail_domain_entry", + "aws_lightsail_instance", + "aws_lightsail_instance_public_ports", + "aws_lightsail_key_pair", + "aws_lightsail_lb", + "aws_lightsail_lb_attachment", + "aws_lightsail_lb_certificate", + "aws_lightsail_lb_certificate_attachment", + "aws_lightsail_lb_https_redirection_policy", + "aws_lightsail_lb_stickiness_policy", + "aws_lightsail_static_ip", + "aws_lightsail_static_ip_attachment", + "aws_load_balancer_backend_server_policy", + "aws_load_balancer_listener_policy", + "aws_load_balancer_policy", + "aws_location_geofence_collection", + "aws_location_map", + "aws_location_place_index", + "aws_location_route_calculator", + "aws_location_tracker", + "aws_location_tracker_association", + "aws_m2_application", + "aws_m2_deployment", + "aws_m2_environment", + "aws_macie2_account", + "aws_macie2_classification_export_configuration", + "aws_macie2_classification_job", + "aws_macie2_custom_data_identifier", + "aws_macie2_findings_filter", + "aws_macie2_invitation_accepter", + "aws_macie2_member", + "aws_macie2_organization_admin_account", + "aws_macie2_organization_configuration", + "aws_main_route_table_association", + "aws_media_convert_queue", + "aws_media_package_channel", + "aws_media_packagev2_channel_group", + "aws_media_store_container", + "aws_media_store_container_policy", + "aws_medialive_channel", + "aws_medialive_input", + "aws_medialive_input_security_group", + "aws_medialive_multiplex", + "aws_medialive_multiplex_program", + "aws_memorydb_acl", + "aws_memorydb_cluster", + "aws_memorydb_multi_region_cluster", + "aws_memorydb_parameter_group", + "aws_memorydb_snapshot", + "aws_memorydb_subnet_group", + "aws_memorydb_user", + "aws_mq_broker", + "aws_mq_configuration", + "aws_msk_cluster", + "aws_msk_cluster_policy", + "aws_msk_configuration", + "aws_msk_replicator", + "aws_msk_scram_secret_association", + "aws_msk_serverless_cluster", + "aws_msk_single_scram_secret_association", + "aws_msk_vpc_connection", + "aws_mskconnect_connector", + "aws_mskconnect_custom_plugin", + "aws_mskconnect_worker_configuration", + "aws_mwaa_environment", + "aws_nat_gateway", + "aws_nat_gateway_eip_association", + "aws_neptune_cluster", + "aws_neptune_cluster_endpoint", + "aws_neptune_cluster_instance", + "aws_neptune_cluster_parameter_group", + "aws_neptune_cluster_snapshot", + "aws_neptune_event_subscription", + "aws_neptune_global_cluster", + "aws_neptune_parameter_group", + "aws_neptune_subnet_group", + "aws_neptunegraph_graph", + "aws_network_acl", + "aws_network_acl_association", + "aws_network_acl_rule", + "aws_network_interface", + "aws_network_interface_attachment", + "aws_network_interface_permission", + "aws_network_interface_sg_attachment", + "aws_networkfirewall_firewall", + "aws_networkfirewall_firewall_policy", + "aws_networkfirewall_firewall_transit_gateway_attachment_accepter", + "aws_networkfirewall_logging_configuration", + "aws_networkfirewall_resource_policy", + "aws_networkfirewall_rule_group", + "aws_networkfirewall_tls_inspection_configuration", + "aws_networkfirewall_vpc_endpoint_association", + "aws_networkflowmonitor_monitor", + "aws_networkflowmonitor_scope", + "aws_networkmanager_attachment_accepter", + "aws_networkmanager_connect_attachment", + "aws_networkmanager_connect_peer", + "aws_networkmanager_connection", + "aws_networkmanager_core_network", + "aws_networkmanager_core_network_policy_attachment", + "aws_networkmanager_customer_gateway_association", + "aws_networkmanager_device", + "aws_networkmanager_dx_gateway_attachment", + "aws_networkmanager_global_network", + "aws_networkmanager_link", + "aws_networkmanager_link_association", + "aws_networkmanager_site", + "aws_networkmanager_site_to_site_vpn_attachment", + "aws_networkmanager_transit_gateway_connect_peer_association", + "aws_networkmanager_transit_gateway_peering", + "aws_networkmanager_transit_gateway_registration", + "aws_networkmanager_transit_gateway_route_table_attachment", + "aws_networkmanager_vpc_attachment", + "aws_networkmonitor_monitor", + "aws_networkmonitor_probe", + "aws_notifications_channel_association", + "aws_notifications_event_rule", + "aws_notifications_notification_configuration", + "aws_notifications_notification_hub", + "aws_notificationscontacts_email_contact", + "aws_oam_link", + "aws_oam_sink", + "aws_oam_sink_policy", + "aws_observabilityadmin_centralization_rule_for_organization", + "aws_odb_cloud_autonomous_vm_cluster", + "aws_odb_cloud_exadata_infrastructure", + "aws_odb_cloud_vm_cluster", + "aws_odb_network", + "aws_odb_network_peering_connection", + "aws_opensearch_authorize_vpc_endpoint_access", + "aws_opensearch_domain", + "aws_opensearch_domain_policy", + "aws_opensearch_domain_saml_options", + "aws_opensearch_inbound_connection_accepter", + "aws_opensearch_outbound_connection", + "aws_opensearch_package", + "aws_opensearch_package_association", + "aws_opensearch_vpc_endpoint", + "aws_opensearchserverless_access_policy", + "aws_opensearchserverless_collection", + "aws_opensearchserverless_lifecycle_policy", + "aws_opensearchserverless_security_config", + "aws_opensearchserverless_security_policy", + "aws_opensearchserverless_vpc_endpoint", + "aws_organizations_account", + "aws_organizations_delegated_administrator", + "aws_organizations_organization", + "aws_organizations_organizational_unit", + "aws_organizations_policy", + "aws_organizations_policy_attachment", + "aws_organizations_resource_policy", + "aws_osis_pipeline", + "aws_paymentcryptography_key", + "aws_paymentcryptography_key_alias", + "aws_pinpoint_adm_channel", + "aws_pinpoint_apns_channel", + "aws_pinpoint_apns_sandbox_channel", + "aws_pinpoint_apns_voip_channel", + "aws_pinpoint_apns_voip_sandbox_channel", + "aws_pinpoint_app", + "aws_pinpoint_baidu_channel", + "aws_pinpoint_email_channel", + "aws_pinpoint_email_template", + "aws_pinpoint_event_stream", + "aws_pinpoint_gcm_channel", + "aws_pinpoint_sms_channel", + "aws_pinpointsmsvoicev2_configuration_set", + "aws_pinpointsmsvoicev2_opt_out_list", + "aws_pinpointsmsvoicev2_phone_number", + "aws_pipes_pipe", + "aws_placement_group", + "aws_prometheus_alert_manager_definition", + "aws_prometheus_query_logging_configuration", + "aws_prometheus_resource_policy", + "aws_prometheus_rule_group_namespace", + "aws_prometheus_scraper", + "aws_prometheus_workspace", + "aws_prometheus_workspace_configuration", + "aws_proxy_protocol_policy", + "aws_qbusiness_application", + "aws_qldb_ledger", + "aws_qldb_stream", + "aws_quicksight_account_settings", + "aws_quicksight_account_subscription", + "aws_quicksight_analysis", + "aws_quicksight_custom_permissions", + "aws_quicksight_dashboard", + "aws_quicksight_data_set", + "aws_quicksight_data_source", + "aws_quicksight_folder", + "aws_quicksight_folder_membership", + "aws_quicksight_group", + "aws_quicksight_group_membership", + "aws_quicksight_iam_policy_assignment", + "aws_quicksight_ingestion", + "aws_quicksight_ip_restriction", + "aws_quicksight_key_registration", + "aws_quicksight_namespace", + "aws_quicksight_refresh_schedule", + "aws_quicksight_role_custom_permission", + "aws_quicksight_role_membership", + "aws_quicksight_template", + "aws_quicksight_template_alias", + "aws_quicksight_theme", + "aws_quicksight_user", + "aws_quicksight_user_custom_permission", + "aws_quicksight_vpc_connection", + "aws_ram_principal_association", + "aws_ram_resource_association", + "aws_ram_resource_share", + "aws_ram_resource_share_accepter", + "aws_ram_sharing_with_organization", + "aws_rbin_rule", + "aws_rds_certificate", + "aws_rds_cluster", + "aws_rds_cluster_activity_stream", + "aws_rds_cluster_endpoint", + "aws_rds_cluster_instance", + "aws_rds_cluster_parameter_group", + "aws_rds_cluster_role_association", + "aws_rds_cluster_snapshot_copy", + "aws_rds_custom_db_engine_version", + "aws_rds_export_task", + "aws_rds_global_cluster", + "aws_rds_instance_state", + "aws_rds_integration", + "aws_rds_reserved_instance", + "aws_rds_shard_group", + "aws_redshift_authentication_profile", + "aws_redshift_cluster", + "aws_redshift_cluster_iam_roles", + "aws_redshift_cluster_snapshot", + "aws_redshift_data_share_authorization", + "aws_redshift_data_share_consumer_association", + "aws_redshift_endpoint_access", + "aws_redshift_endpoint_authorization", + "aws_redshift_event_subscription", + "aws_redshift_hsm_client_certificate", + "aws_redshift_hsm_configuration", + "aws_redshift_integration", + "aws_redshift_logging", + "aws_redshift_parameter_group", + "aws_redshift_partner", + "aws_redshift_resource_policy", + "aws_redshift_scheduled_action", + "aws_redshift_snapshot_copy", + "aws_redshift_snapshot_copy_grant", + "aws_redshift_snapshot_schedule", + "aws_redshift_snapshot_schedule_association", + "aws_redshift_subnet_group", + "aws_redshift_usage_limit", + "aws_redshiftdata_statement", + "aws_redshiftserverless_custom_domain_association", + "aws_redshiftserverless_endpoint_access", + "aws_redshiftserverless_namespace", + "aws_redshiftserverless_resource_policy", + "aws_redshiftserverless_snapshot", + "aws_redshiftserverless_usage_limit", + "aws_redshiftserverless_workgroup", + "aws_rekognition_collection", + "aws_rekognition_project", + "aws_rekognition_stream_processor", + "aws_resiliencehub_resiliency_policy", + "aws_resourceexplorer2_index", + "aws_resourceexplorer2_view", + "aws_resourcegroups_group", + "aws_resourcegroups_resource", + "aws_rolesanywhere_profile", + "aws_rolesanywhere_trust_anchor", + "aws_route", + "aws_route53_cidr_collection", + "aws_route53_cidr_location", + "aws_route53_delegation_set", + "aws_route53_health_check", + "aws_route53_hosted_zone_dnssec", + "aws_route53_key_signing_key", + "aws_route53_query_log", + "aws_route53_record", + "aws_route53_records_exclusive", + "aws_route53_resolver_config", + "aws_route53_resolver_dnssec_config", + "aws_route53_resolver_endpoint", + "aws_route53_resolver_firewall_config", + "aws_route53_resolver_firewall_domain_list", + "aws_route53_resolver_firewall_rule", + "aws_route53_resolver_firewall_rule_group", + "aws_route53_resolver_firewall_rule_group_association", + "aws_route53_resolver_query_log_config", + "aws_route53_resolver_query_log_config_association", + "aws_route53_resolver_rule", + "aws_route53_resolver_rule_association", + "aws_route53_traffic_policy", + "aws_route53_traffic_policy_instance", + "aws_route53_vpc_association_authorization", + "aws_route53_zone", + "aws_route53_zone_association", + "aws_route53domains_delegation_signer_record", + "aws_route53domains_domain", + "aws_route53domains_registered_domain", + "aws_route53profiles_association", + "aws_route53profiles_profile", + "aws_route53profiles_resource_association", + "aws_route53recoverycontrolconfig_cluster", + "aws_route53recoverycontrolconfig_control_panel", + "aws_route53recoverycontrolconfig_routing_control", + "aws_route53recoverycontrolconfig_safety_rule", + "aws_route53recoveryreadiness_cell", + "aws_route53recoveryreadiness_readiness_check", + "aws_route53recoveryreadiness_recovery_group", + "aws_route53recoveryreadiness_resource_set", + "aws_route_table", + "aws_route_table_association", + "aws_rum_app_monitor", + "aws_rum_metrics_destination", + "aws_s3_access_point", + "aws_s3_account_public_access_block", + "aws_s3_bucket", + "aws_s3_bucket_accelerate_configuration", + "aws_s3_bucket_acl", + "aws_s3_bucket_analytics_configuration", + "aws_s3_bucket_cors_configuration", + "aws_s3_bucket_intelligent_tiering_configuration", + "aws_s3_bucket_inventory", + "aws_s3_bucket_lifecycle_configuration", + "aws_s3_bucket_logging", + "aws_s3_bucket_metadata_configuration", + "aws_s3_bucket_metric", + "aws_s3_bucket_notification", + "aws_s3_bucket_object", + "aws_s3_bucket_object_lock_configuration", + "aws_s3_bucket_ownership_controls", + "aws_s3_bucket_policy", + "aws_s3_bucket_public_access_block", + "aws_s3_bucket_replication_configuration", + "aws_s3_bucket_request_payment_configuration", + "aws_s3_bucket_server_side_encryption_configuration", + "aws_s3_bucket_versioning", + "aws_s3_bucket_website_configuration", + "aws_s3_directory_bucket", + "aws_s3_object", + "aws_s3_object_copy", + "aws_s3control_access_grant", + "aws_s3control_access_grants_instance", + "aws_s3control_access_grants_instance_resource_policy", + "aws_s3control_access_grants_location", + "aws_s3control_access_point_policy", + "aws_s3control_bucket", + "aws_s3control_bucket_lifecycle_configuration", + "aws_s3control_bucket_policy", + "aws_s3control_directory_bucket_access_point_scope", + "aws_s3control_multi_region_access_point", + "aws_s3control_multi_region_access_point_policy", + "aws_s3control_object_lambda_access_point", + "aws_s3control_object_lambda_access_point_policy", + "aws_s3control_storage_lens_configuration", + "aws_s3outposts_endpoint", + "aws_s3tables_namespace", + "aws_s3tables_table", + "aws_s3tables_table_bucket", + "aws_s3tables_table_bucket_policy", + "aws_s3tables_table_policy", + "aws_sagemaker_app", + "aws_sagemaker_app_image_config", + "aws_sagemaker_code_repository", + "aws_sagemaker_data_quality_job_definition", + "aws_sagemaker_device", + "aws_sagemaker_device_fleet", + "aws_sagemaker_domain", + "aws_sagemaker_endpoint", + "aws_sagemaker_endpoint_configuration", + "aws_sagemaker_feature_group", + "aws_sagemaker_flow_definition", + "aws_sagemaker_hub", + "aws_sagemaker_human_task_ui", + "aws_sagemaker_image", + "aws_sagemaker_image_version", + "aws_sagemaker_mlflow_tracking_server", + "aws_sagemaker_model", + "aws_sagemaker_model_package_group", + "aws_sagemaker_model_package_group_policy", + "aws_sagemaker_monitoring_schedule", + "aws_sagemaker_notebook_instance", + "aws_sagemaker_notebook_instance_lifecycle_configuration", + "aws_sagemaker_pipeline", + "aws_sagemaker_project", + "aws_sagemaker_servicecatalog_portfolio_status", + "aws_sagemaker_space", + "aws_sagemaker_studio_lifecycle_config", + "aws_sagemaker_user_profile", + "aws_sagemaker_workforce", + "aws_sagemaker_workteam", + "aws_scheduler_schedule", + "aws_scheduler_schedule_group", + "aws_schemas_discoverer", + "aws_schemas_registry", + "aws_schemas_registry_policy", + "aws_schemas_schema", + "aws_secretsmanager_secret", + "aws_secretsmanager_secret_policy", + "aws_secretsmanager_secret_rotation", + "aws_secretsmanager_secret_version", + "aws_security_group", + "aws_security_group_rule", + "aws_securityhub_account", + "aws_securityhub_action_target", + "aws_securityhub_automation_rule", + "aws_securityhub_configuration_policy", + "aws_securityhub_configuration_policy_association", + "aws_securityhub_finding_aggregator", + "aws_securityhub_insight", + "aws_securityhub_invite_accepter", + "aws_securityhub_member", + "aws_securityhub_organization_admin_account", + "aws_securityhub_organization_configuration", + "aws_securityhub_product_subscription", + "aws_securityhub_standards_control", + "aws_securityhub_standards_control_association", + "aws_securityhub_standards_subscription", + "aws_securitylake_aws_log_source", + "aws_securitylake_custom_log_source", + "aws_securitylake_data_lake", + "aws_securitylake_subscriber", + "aws_securitylake_subscriber_notification", + "aws_serverlessapplicationrepository_cloudformation_stack", + "aws_service_discovery_http_namespace", + "aws_service_discovery_instance", + "aws_service_discovery_private_dns_namespace", + "aws_service_discovery_public_dns_namespace", + "aws_service_discovery_service", + "aws_servicecatalog_budget_resource_association", + "aws_servicecatalog_constraint", + "aws_servicecatalog_organizations_access", + "aws_servicecatalog_portfolio", + "aws_servicecatalog_portfolio_share", + "aws_servicecatalog_principal_portfolio_association", + "aws_servicecatalog_product", + "aws_servicecatalog_product_portfolio_association", + "aws_servicecatalog_provisioned_product", + "aws_servicecatalog_provisioning_artifact", + "aws_servicecatalog_service_action", + "aws_servicecatalog_tag_option", + "aws_servicecatalog_tag_option_resource_association", + "aws_servicecatalogappregistry_application", + "aws_servicecatalogappregistry_attribute_group", + "aws_servicecatalogappregistry_attribute_group_association", + "aws_servicequotas_service_quota", + "aws_servicequotas_template", + "aws_servicequotas_template_association", + "aws_ses_active_receipt_rule_set", + "aws_ses_configuration_set", + "aws_ses_domain_dkim", + "aws_ses_domain_identity", + "aws_ses_domain_identity_verification", + "aws_ses_domain_mail_from", + "aws_ses_email_identity", + "aws_ses_event_destination", + "aws_ses_identity_notification_topic", + "aws_ses_identity_policy", + "aws_ses_receipt_filter", + "aws_ses_receipt_rule", + "aws_ses_receipt_rule_set", + "aws_ses_template", + "aws_sesv2_account_suppression_attributes", + "aws_sesv2_account_vdm_attributes", + "aws_sesv2_configuration_set", + "aws_sesv2_configuration_set_event_destination", + "aws_sesv2_contact_list", + "aws_sesv2_dedicated_ip_assignment", + "aws_sesv2_dedicated_ip_pool", + "aws_sesv2_email_identity", + "aws_sesv2_email_identity_feedback_attributes", + "aws_sesv2_email_identity_mail_from_attributes", + "aws_sesv2_email_identity_policy", + "aws_sfn_activity", + "aws_sfn_alias", + "aws_sfn_state_machine", + "aws_shield_application_layer_automatic_response", + "aws_shield_drt_access_log_bucket_association", + "aws_shield_drt_access_role_arn_association", + "aws_shield_proactive_engagement", + "aws_shield_protection", + "aws_shield_protection_group", + "aws_shield_protection_health_check_association", + "aws_shield_subscription", + "aws_signer_signing_job", + "aws_signer_signing_profile", + "aws_signer_signing_profile_permission", + "aws_snapshot_create_volume_permission", + "aws_sns_platform_application", + "aws_sns_sms_preferences", + "aws_sns_topic", + "aws_sns_topic_data_protection_policy", + "aws_sns_topic_policy", + "aws_sns_topic_subscription", + "aws_spot_datafeed_subscription", + "aws_spot_fleet_request", + "aws_spot_instance_request", + "aws_sqs_queue", + "aws_sqs_queue_policy", + "aws_sqs_queue_redrive_allow_policy", + "aws_sqs_queue_redrive_policy", + "aws_ssm_activation", + "aws_ssm_association", + "aws_ssm_default_patch_baseline", + "aws_ssm_document", + "aws_ssm_maintenance_window", + "aws_ssm_maintenance_window_target", + "aws_ssm_maintenance_window_task", + "aws_ssm_parameter", + "aws_ssm_patch_baseline", + "aws_ssm_patch_group", + "aws_ssm_resource_data_sync", + "aws_ssm_service_setting", + "aws_ssmcontacts_contact", + "aws_ssmcontacts_contact_channel", + "aws_ssmcontacts_plan", + "aws_ssmcontacts_rotation", + "aws_ssmincidents_replication_set", + "aws_ssmincidents_response_plan", + "aws_ssmquicksetup_configuration_manager", + "aws_ssoadmin_account_assignment", + "aws_ssoadmin_application", + "aws_ssoadmin_application_access_scope", + "aws_ssoadmin_application_assignment", + "aws_ssoadmin_application_assignment_configuration", + "aws_ssoadmin_customer_managed_policy_attachment", + "aws_ssoadmin_instance_access_control_attributes", + "aws_ssoadmin_managed_policy_attachment", + "aws_ssoadmin_permission_set", + "aws_ssoadmin_permission_set_inline_policy", + "aws_ssoadmin_permissions_boundary_attachment", + "aws_ssoadmin_trusted_token_issuer", + "aws_storagegateway_cache", + "aws_storagegateway_cached_iscsi_volume", + "aws_storagegateway_file_system_association", + "aws_storagegateway_gateway", + "aws_storagegateway_nfs_file_share", + "aws_storagegateway_smb_file_share", + "aws_storagegateway_stored_iscsi_volume", + "aws_storagegateway_tape_pool", + "aws_storagegateway_upload_buffer", + "aws_storagegateway_working_storage", + "aws_subnet", + "aws_swf_domain", + "aws_synthetics_canary", + "aws_synthetics_group", + "aws_synthetics_group_association", + "aws_timestreaminfluxdb_db_cluster", + "aws_timestreaminfluxdb_db_instance", + "aws_timestreamquery_scheduled_query", + "aws_timestreamwrite_database", + "aws_timestreamwrite_table", + "aws_transcribe_language_model", + "aws_transcribe_medical_vocabulary", + "aws_transcribe_vocabulary", + "aws_transcribe_vocabulary_filter", + "aws_transfer_access", + "aws_transfer_agreement", + "aws_transfer_certificate", + "aws_transfer_connector", + "aws_transfer_host_key", + "aws_transfer_profile", + "aws_transfer_server", + "aws_transfer_ssh_key", + "aws_transfer_tag", + "aws_transfer_user", + "aws_transfer_web_app", + "aws_transfer_web_app_customization", + "aws_transfer_workflow", + "aws_verifiedaccess_endpoint", + "aws_verifiedaccess_group", + "aws_verifiedaccess_instance", + "aws_verifiedaccess_instance_logging_configuration", + "aws_verifiedaccess_instance_trust_provider_attachment", + "aws_verifiedaccess_trust_provider", + "aws_verifiedpermissions_identity_source", + "aws_verifiedpermissions_policy", + "aws_verifiedpermissions_policy_store", + "aws_verifiedpermissions_policy_template", + "aws_verifiedpermissions_schema", + "aws_volume_attachment", + "aws_vpc", + "aws_vpc_block_public_access_exclusion", + "aws_vpc_block_public_access_options", + "aws_vpc_dhcp_options", + "aws_vpc_dhcp_options_association", + "aws_vpc_endpoint", + "aws_vpc_endpoint_connection_accepter", + "aws_vpc_endpoint_connection_notification", + "aws_vpc_endpoint_policy", + "aws_vpc_endpoint_private_dns", + "aws_vpc_endpoint_route_table_association", + "aws_vpc_endpoint_security_group_association", + "aws_vpc_endpoint_service", + "aws_vpc_endpoint_service_allowed_principal", + "aws_vpc_endpoint_service_private_dns_verification", + "aws_vpc_endpoint_subnet_association", + "aws_vpc_ipam", + "aws_vpc_ipam_organization_admin_account", + "aws_vpc_ipam_pool", + "aws_vpc_ipam_pool_cidr", + "aws_vpc_ipam_pool_cidr_allocation", + "aws_vpc_ipam_preview_next_cidr", + "aws_vpc_ipam_resource_discovery", + "aws_vpc_ipam_resource_discovery_association", + "aws_vpc_ipam_scope", + "aws_vpc_ipv4_cidr_block_association", + "aws_vpc_ipv6_cidr_block_association", + "aws_vpc_network_performance_metric_subscription", + "aws_vpc_peering_connection", + "aws_vpc_peering_connection_accepter", + "aws_vpc_peering_connection_options", + "aws_vpc_route_server", + "aws_vpc_route_server_association", + "aws_vpc_route_server_endpoint", + "aws_vpc_route_server_peer", + "aws_vpc_route_server_propagation", + "aws_vpc_route_server_vpc_association", + "aws_vpc_security_group_egress_rule", + "aws_vpc_security_group_ingress_rule", + "aws_vpc_security_group_vpc_association", + "aws_vpclattice_access_log_subscription", + "aws_vpclattice_auth_policy", + "aws_vpclattice_listener", + "aws_vpclattice_listener_rule", + "aws_vpclattice_resource_configuration", + "aws_vpclattice_resource_gateway", + "aws_vpclattice_resource_policy", + "aws_vpclattice_service", + "aws_vpclattice_service_network", + "aws_vpclattice_service_network_resource_association", + "aws_vpclattice_service_network_service_association", + "aws_vpclattice_service_network_vpc_association", + "aws_vpclattice_target_group", + "aws_vpclattice_target_group_attachment", + "aws_vpn_connection", + "aws_vpn_connection_route", + "aws_vpn_gateway", + "aws_vpn_gateway_attachment", + "aws_vpn_gateway_route_propagation", + "aws_waf_byte_match_set", + "aws_waf_geo_match_set", + "aws_waf_ipset", + "aws_waf_rate_based_rule", + "aws_waf_regex_match_set", + "aws_waf_regex_pattern_set", + "aws_waf_rule", + "aws_waf_rule_group", + "aws_waf_size_constraint_set", + "aws_waf_sql_injection_match_set", + "aws_waf_web_acl", + "aws_waf_xss_match_set", + "aws_wafregional_byte_match_set", + "aws_wafregional_geo_match_set", + "aws_wafregional_ipset", + "aws_wafregional_rate_based_rule", + "aws_wafregional_regex_match_set", + "aws_wafregional_regex_pattern_set", + "aws_wafregional_rule", + "aws_wafregional_rule_group", + "aws_wafregional_size_constraint_set", + "aws_wafregional_sql_injection_match_set", + "aws_wafregional_web_acl", + "aws_wafregional_web_acl_association", + "aws_wafregional_xss_match_set", + "aws_wafv2_api_key", + "aws_wafv2_ip_set", + "aws_wafv2_regex_pattern_set", + "aws_wafv2_rule_group", + "aws_wafv2_web_acl", + "aws_wafv2_web_acl_association", + "aws_wafv2_web_acl_logging_configuration", + "aws_wafv2_web_acl_rule_group_association", + "aws_workspaces_connection_alias", + "aws_workspaces_directory", + "aws_workspaces_ip_group", + "aws_workspaces_workspace", + "aws_workspacesweb_browser_settings", + "aws_workspacesweb_browser_settings_association", + "aws_workspacesweb_data_protection_settings", + "aws_workspacesweb_data_protection_settings_association", + "aws_workspacesweb_identity_provider", + "aws_workspacesweb_ip_access_settings", + "aws_workspacesweb_ip_access_settings_association", + "aws_workspacesweb_network_settings", + "aws_workspacesweb_network_settings_association", + "aws_workspacesweb_portal", + "aws_workspacesweb_session_logger", + "aws_workspacesweb_session_logger_association", + "aws_workspacesweb_trust_store", + "aws_workspacesweb_trust_store_association", + "aws_workspacesweb_user_access_logging_settings", + "aws_workspacesweb_user_access_logging_settings_association", + "aws_workspacesweb_user_settings", + "aws_workspacesweb_user_settings_association", + "aws_xray_encryption_config", + "aws_xray_group", + "aws_xray_resource_policy", + "aws_xray_sampling_rule" + ], + "dataSources": [ + "aws_account_primary_contact", + "aws_acm_certificate", + "aws_acmpca_certificate", + "aws_acmpca_certificate_authority", + "aws_ami", + "aws_ami_ids", + "aws_api_gateway_api_key", + "aws_api_gateway_api_keys", + "aws_api_gateway_authorizer", + "aws_api_gateway_authorizers", + "aws_api_gateway_domain_name", + "aws_api_gateway_export", + "aws_api_gateway_resource", + "aws_api_gateway_rest_api", + "aws_api_gateway_sdk", + "aws_api_gateway_vpc_link", + "aws_apigatewayv2_api", + "aws_apigatewayv2_apis", + "aws_apigatewayv2_export", + "aws_apigatewayv2_vpc_link", + "aws_appconfig_application", + "aws_appconfig_configuration_profile", + "aws_appconfig_configuration_profiles", + "aws_appconfig_environment", + "aws_appconfig_environments", + "aws_appintegrations_event_integration", + "aws_appmesh_gateway_route", + "aws_appmesh_mesh", + "aws_appmesh_route", + "aws_appmesh_virtual_gateway", + "aws_appmesh_virtual_node", + "aws_appmesh_virtual_router", + "aws_appmesh_virtual_service", + "aws_apprunner_hosted_zone_id", + "aws_appstream_image", + "aws_arn", + "aws_athena_named_query", + "aws_auditmanager_control", + "aws_auditmanager_framework", + "aws_autoscaling_group", + "aws_autoscaling_groups", + "aws_availability_zone", + "aws_availability_zones", + "aws_backup_framework", + "aws_backup_plan", + "aws_backup_report_plan", + "aws_backup_selection", + "aws_backup_vault", + "aws_batch_compute_environment", + "aws_batch_job_definition", + "aws_batch_job_queue", + "aws_batch_scheduling_policy", + "aws_bedrock_custom_model", + "aws_bedrock_custom_models", + "aws_bedrock_foundation_model", + "aws_bedrock_foundation_models", + "aws_bedrock_inference_profile", + "aws_bedrock_inference_profiles", + "aws_bedrockagent_agent_versions", + "aws_billing_service_account", + "aws_billing_views", + "aws_budgets_budget", + "aws_caller_identity", + "aws_canonical_user_id", + "aws_ce_cost_category", + "aws_ce_tags", + "aws_chatbot_slack_workspace", + "aws_cloudcontrolapi_resource", + "aws_cloudformation_export", + "aws_cloudformation_stack", + "aws_cloudformation_type", + "aws_cloudfront_cache_policy", + "aws_cloudfront_distribution", + "aws_cloudfront_function", + "aws_cloudfront_log_delivery_canonical_user_id", + "aws_cloudfront_origin_access_control", + "aws_cloudfront_origin_access_identities", + "aws_cloudfront_origin_access_identity", + "aws_cloudfront_origin_request_policy", + "aws_cloudfront_realtime_log_config", + "aws_cloudfront_response_headers_policy", + "aws_cloudhsm_v2_cluster", + "aws_cloudtrail_service_account", + "aws_cloudwatch_contributor_managed_insight_rules", + "aws_cloudwatch_event_bus", + "aws_cloudwatch_event_buses", + "aws_cloudwatch_event_connection", + "aws_cloudwatch_event_source", + "aws_cloudwatch_log_data_protection_policy_document", + "aws_cloudwatch_log_group", + "aws_cloudwatch_log_groups", + "aws_codeartifact_authorization_token", + "aws_codeartifact_repository_endpoint", + "aws_codebuild_fleet", + "aws_codecatalyst_dev_environment", + "aws_codecommit_approval_rule_template", + "aws_codecommit_repository", + "aws_codeguruprofiler_profiling_group", + "aws_codestarconnections_connection", + "aws_cognito_identity_pool", + "aws_cognito_user_group", + "aws_cognito_user_groups", + "aws_cognito_user_pool", + "aws_cognito_user_pool_client", + "aws_cognito_user_pool_clients", + "aws_cognito_user_pool_signing_certificate", + "aws_cognito_user_pools", + "aws_connect_bot_association", + "aws_connect_contact_flow", + "aws_connect_contact_flow_module", + "aws_connect_hours_of_operation", + "aws_connect_instance", + "aws_connect_instance_storage_config", + "aws_connect_lambda_function_association", + "aws_connect_prompt", + "aws_connect_queue", + "aws_connect_quick_connect", + "aws_connect_routing_profile", + "aws_connect_security_profile", + "aws_connect_user", + "aws_connect_user_hierarchy_group", + "aws_connect_user_hierarchy_structure", + "aws_connect_vocabulary", + "aws_controltower_controls", + "aws_cur_report_definition", + "aws_customer_gateway", + "aws_datapipeline_pipeline", + "aws_datapipeline_pipeline_definition", + "aws_datazone_domain", + "aws_datazone_environment_blueprint", + "aws_db_cluster_snapshot", + "aws_db_event_categories", + "aws_db_instance", + "aws_db_instances", + "aws_db_parameter_group", + "aws_db_proxy", + "aws_db_snapshot", + "aws_db_subnet_group", + "aws_default_tags", + "aws_devopsguru_notification_channel", + "aws_devopsguru_resource_collection", + "aws_directory_service_directory", + "aws_dms_certificate", + "aws_dms_endpoint", + "aws_dms_replication_instance", + "aws_dms_replication_subnet_group", + "aws_dms_replication_task", + "aws_docdb_engine_version", + "aws_docdb_orderable_db_instance", + "aws_dx_connection", + "aws_dx_gateway", + "aws_dx_location", + "aws_dx_locations", + "aws_dx_router_configuration", + "aws_dynamodb_table", + "aws_dynamodb_table_item", + "aws_dynamodb_tables", + "aws_ebs_default_kms_key", + "aws_ebs_encryption_by_default", + "aws_ebs_snapshot", + "aws_ebs_snapshot_ids", + "aws_ebs_volume", + "aws_ebs_volumes", + "aws_ec2_capacity_block_offering", + "aws_ec2_client_vpn_endpoint", + "aws_ec2_coip_pool", + "aws_ec2_coip_pools", + "aws_ec2_host", + "aws_ec2_instance_type", + "aws_ec2_instance_type_offering", + "aws_ec2_instance_type_offerings", + "aws_ec2_instance_types", + "aws_ec2_local_gateway", + "aws_ec2_local_gateway_route_table", + "aws_ec2_local_gateway_route_tables", + "aws_ec2_local_gateway_virtual_interface", + "aws_ec2_local_gateway_virtual_interface_group", + "aws_ec2_local_gateway_virtual_interface_groups", + "aws_ec2_local_gateways", + "aws_ec2_managed_prefix_list", + "aws_ec2_managed_prefix_lists", + "aws_ec2_network_insights_analysis", + "aws_ec2_network_insights_path", + "aws_ec2_public_ipv4_pool", + "aws_ec2_public_ipv4_pools", + "aws_ec2_serial_console_access", + "aws_ec2_spot_price", + "aws_ec2_transit_gateway", + "aws_ec2_transit_gateway_attachment", + "aws_ec2_transit_gateway_attachments", + "aws_ec2_transit_gateway_connect", + "aws_ec2_transit_gateway_connect_peer", + "aws_ec2_transit_gateway_dx_gateway_attachment", + "aws_ec2_transit_gateway_multicast_domain", + "aws_ec2_transit_gateway_peering_attachment", + "aws_ec2_transit_gateway_peering_attachments", + "aws_ec2_transit_gateway_route_table", + "aws_ec2_transit_gateway_route_table_associations", + "aws_ec2_transit_gateway_route_table_propagations", + "aws_ec2_transit_gateway_route_table_routes", + "aws_ec2_transit_gateway_route_tables", + "aws_ec2_transit_gateway_vpc_attachment", + "aws_ec2_transit_gateway_vpc_attachments", + "aws_ec2_transit_gateway_vpn_attachment", + "aws_ecr_authorization_token", + "aws_ecr_image", + "aws_ecr_images", + "aws_ecr_lifecycle_policy_document", + "aws_ecr_pull_through_cache_rule", + "aws_ecr_repositories", + "aws_ecr_repository", + "aws_ecr_repository_creation_template", + "aws_ecrpublic_authorization_token", + "aws_ecrpublic_images", + "aws_ecs_cluster", + "aws_ecs_clusters", + "aws_ecs_container_definition", + "aws_ecs_service", + "aws_ecs_task_definition", + "aws_ecs_task_execution", + "aws_efs_access_point", + "aws_efs_access_points", + "aws_efs_file_system", + "aws_efs_mount_target", + "aws_eip", + "aws_eips", + "aws_eks_access_entry", + "aws_eks_addon", + "aws_eks_addon_version", + "aws_eks_cluster", + "aws_eks_cluster_auth", + "aws_eks_cluster_versions", + "aws_eks_clusters", + "aws_eks_node_group", + "aws_eks_node_groups", + "aws_elastic_beanstalk_application", + "aws_elastic_beanstalk_hosted_zone", + "aws_elastic_beanstalk_solution_stack", + "aws_elasticache_cluster", + "aws_elasticache_replication_group", + "aws_elasticache_reserved_cache_node_offering", + "aws_elasticache_serverless_cache", + "aws_elasticache_subnet_group", + "aws_elasticache_user", + "aws_elasticsearch_domain", + "aws_elb", + "aws_elb_hosted_zone_id", + "aws_elb_service_account", + "aws_emr_release_labels", + "aws_emr_supported_instance_types", + "aws_emrcontainers_virtual_cluster", + "aws_fis_experiment_templates", + "aws_fsx_ontap_file_system", + "aws_fsx_ontap_storage_virtual_machine", + "aws_fsx_ontap_storage_virtual_machines", + "aws_fsx_openzfs_snapshot", + "aws_fsx_windows_file_system", + "aws_globalaccelerator_accelerator", + "aws_globalaccelerator_custom_routing_accelerator", + "aws_glue_catalog_table", + "aws_glue_connection", + "aws_glue_data_catalog_encryption_settings", + "aws_glue_registry", + "aws_glue_script", + "aws_grafana_workspace", + "aws_guardduty_detector", + "aws_guardduty_finding_ids", + "aws_iam_access_keys", + "aws_iam_account_alias", + "aws_iam_group", + "aws_iam_instance_profile", + "aws_iam_instance_profiles", + "aws_iam_openid_connect_provider", + "aws_iam_policy", + "aws_iam_policy_document", + "aws_iam_principal_policy_simulation", + "aws_iam_role", + "aws_iam_roles", + "aws_iam_saml_provider", + "aws_iam_server_certificate", + "aws_iam_session_context", + "aws_iam_user", + "aws_iam_user_ssh_key", + "aws_iam_users", + "aws_identitystore_group", + "aws_identitystore_group_memberships", + "aws_identitystore_groups", + "aws_identitystore_user", + "aws_identitystore_users", + "aws_imagebuilder_component", + "aws_imagebuilder_components", + "aws_imagebuilder_container_recipe", + "aws_imagebuilder_container_recipes", + "aws_imagebuilder_distribution_configuration", + "aws_imagebuilder_distribution_configurations", + "aws_imagebuilder_image", + "aws_imagebuilder_image_pipeline", + "aws_imagebuilder_image_pipelines", + "aws_imagebuilder_image_recipe", + "aws_imagebuilder_image_recipes", + "aws_imagebuilder_infrastructure_configuration", + "aws_imagebuilder_infrastructure_configurations", + "aws_inspector_rules_packages", + "aws_instance", + "aws_instances", + "aws_internet_gateway", + "aws_iot_endpoint", + "aws_iot_registration_code", + "aws_ip_ranges", + "aws_ivs_stream_key", + "aws_kendra_experience", + "aws_kendra_faq", + "aws_kendra_index", + "aws_kendra_query_suggestions_block_list", + "aws_kendra_thesaurus", + "aws_key_pair", + "aws_kinesis_firehose_delivery_stream", + "aws_kinesis_stream", + "aws_kinesis_stream_consumer", + "aws_kms_alias", + "aws_kms_ciphertext", + "aws_kms_custom_key_store", + "aws_kms_key", + "aws_kms_public_key", + "aws_kms_secret", + "aws_kms_secrets", + "aws_lakeformation_data_lake_settings", + "aws_lakeformation_permissions", + "aws_lakeformation_resource", + "aws_lambda_alias", + "aws_lambda_code_signing_config", + "aws_lambda_function", + "aws_lambda_function_url", + "aws_lambda_functions", + "aws_lambda_invocation", + "aws_lambda_layer_version", + "aws_launch_configuration", + "aws_launch_template", + "aws_lb", + "aws_lb_hosted_zone_id", + "aws_lb_listener", + "aws_lb_listener_rule", + "aws_lb_target_group", + "aws_lb_trust_store", + "aws_lbs", + "aws_lex_bot", + "aws_lex_bot_alias", + "aws_lex_intent", + "aws_lex_slot_type", + "aws_licensemanager_grants", + "aws_licensemanager_received_license", + "aws_licensemanager_received_licenses", + "aws_location_geofence_collection", + "aws_location_map", + "aws_location_place_index", + "aws_location_route_calculator", + "aws_location_tracker", + "aws_location_tracker_association", + "aws_location_tracker_associations", + "aws_media_convert_queue", + "aws_medialive_input", + "aws_memorydb_acl", + "aws_memorydb_cluster", + "aws_memorydb_parameter_group", + "aws_memorydb_snapshot", + "aws_memorydb_subnet_group", + "aws_memorydb_user", + "aws_mq_broker", + "aws_mq_broker_engine_types", + "aws_mq_broker_instance_type_offerings", + "aws_msk_bootstrap_brokers", + "aws_msk_broker_nodes", + "aws_msk_cluster", + "aws_msk_configuration", + "aws_msk_kafka_version", + "aws_msk_vpc_connection", + "aws_mskconnect_connector", + "aws_mskconnect_custom_plugin", + "aws_mskconnect_worker_configuration", + "aws_nat_gateway", + "aws_nat_gateways", + "aws_neptune_engine_version", + "aws_neptune_orderable_db_instance", + "aws_network_acls", + "aws_network_interface", + "aws_network_interfaces", + "aws_networkfirewall_firewall", + "aws_networkfirewall_firewall_policy", + "aws_networkfirewall_resource_policy", + "aws_networkmanager_connection", + "aws_networkmanager_connections", + "aws_networkmanager_core_network_policy_document", + "aws_networkmanager_device", + "aws_networkmanager_devices", + "aws_networkmanager_global_network", + "aws_networkmanager_global_networks", + "aws_networkmanager_link", + "aws_networkmanager_links", + "aws_networkmanager_site", + "aws_networkmanager_sites", + "aws_oam_link", + "aws_oam_links", + "aws_oam_sink", + "aws_oam_sinks", + "aws_odb_cloud_autonomous_vm_cluster", + "aws_odb_cloud_autonomous_vm_clusters", + "aws_odb_cloud_exadata_infrastructure", + "aws_odb_cloud_exadata_infrastructures", + "aws_odb_cloud_vm_cluster", + "aws_odb_cloud_vm_clusters", + "aws_odb_db_node", + "aws_odb_db_nodes", + "aws_odb_db_server", + "aws_odb_db_servers", + "aws_odb_db_system_shapes", + "aws_odb_gi_versions", + "aws_odb_network", + "aws_odb_network_peering_connection", + "aws_odb_network_peering_connections", + "aws_odb_networks", + "aws_opensearch_domain", + "aws_opensearchserverless_access_policy", + "aws_opensearchserverless_collection", + "aws_opensearchserverless_lifecycle_policy", + "aws_opensearchserverless_security_config", + "aws_opensearchserverless_security_policy", + "aws_opensearchserverless_vpc_endpoint", + "aws_organizations_delegated_administrators", + "aws_organizations_delegated_services", + "aws_organizations_organization", + "aws_organizations_organizational_unit", + "aws_organizations_organizational_unit_child_accounts", + "aws_organizations_organizational_unit_descendant_accounts", + "aws_organizations_organizational_unit_descendant_organizational_units", + "aws_organizations_organizational_units", + "aws_organizations_policies", + "aws_organizations_policies_for_target", + "aws_organizations_policy", + "aws_organizations_resource_tags", + "aws_outposts_asset", + "aws_outposts_assets", + "aws_outposts_outpost", + "aws_outposts_outpost_instance_type", + "aws_outposts_outpost_instance_types", + "aws_outposts_outposts", + "aws_outposts_site", + "aws_outposts_sites", + "aws_partition", + "aws_polly_voices", + "aws_prefix_list", + "aws_pricing_product", + "aws_prometheus_default_scraper_configuration", + "aws_prometheus_workspace", + "aws_prometheus_workspaces", + "aws_qldb_ledger", + "aws_quicksight_analysis", + "aws_quicksight_data_set", + "aws_quicksight_group", + "aws_quicksight_theme", + "aws_quicksight_user", + "aws_ram_resource_share", + "aws_rds_certificate", + "aws_rds_cluster", + "aws_rds_cluster_parameter_group", + "aws_rds_clusters", + "aws_rds_engine_version", + "aws_rds_global_cluster", + "aws_rds_orderable_db_instance", + "aws_rds_reserved_instance_offering", + "aws_redshift_cluster", + "aws_redshift_cluster_credentials", + "aws_redshift_data_shares", + "aws_redshift_orderable_cluster", + "aws_redshift_producer_data_shares", + "aws_redshift_subnet_group", + "aws_redshiftserverless_credentials", + "aws_redshiftserverless_namespace", + "aws_redshiftserverless_workgroup", + "aws_region", + "aws_regions", + "aws_resourceexplorer2_search", + "aws_resourcegroupstaggingapi_resources", + "aws_route", + "aws_route53_delegation_set", + "aws_route53_records", + "aws_route53_resolver_endpoint", + "aws_route53_resolver_firewall_config", + "aws_route53_resolver_firewall_domain_list", + "aws_route53_resolver_firewall_rule_group", + "aws_route53_resolver_firewall_rule_group_association", + "aws_route53_resolver_firewall_rules", + "aws_route53_resolver_query_log_config", + "aws_route53_resolver_rule", + "aws_route53_resolver_rules", + "aws_route53_traffic_policy_document", + "aws_route53_zone", + "aws_route53_zones", + "aws_route53profiles_profiles", + "aws_route_table", + "aws_route_tables", + "aws_s3_access_point", + "aws_s3_account_public_access_block", + "aws_s3_bucket", + "aws_s3_bucket_object", + "aws_s3_bucket_objects", + "aws_s3_bucket_policy", + "aws_s3_directory_buckets", + "aws_s3_object", + "aws_s3_objects", + "aws_s3control_multi_region_access_point", + "aws_sagemaker_prebuilt_ecr_image", + "aws_secretsmanager_random_password", + "aws_secretsmanager_secret", + "aws_secretsmanager_secret_rotation", + "aws_secretsmanager_secret_version", + "aws_secretsmanager_secret_versions", + "aws_secretsmanager_secrets", + "aws_security_group", + "aws_security_groups", + "aws_securityhub_standards_control_associations", + "aws_serverlessapplicationrepository_application", + "aws_service", + "aws_service_discovery_dns_namespace", + "aws_service_discovery_http_namespace", + "aws_service_discovery_service", + "aws_service_principal", + "aws_servicecatalog_constraint", + "aws_servicecatalog_launch_paths", + "aws_servicecatalog_portfolio", + "aws_servicecatalog_portfolio_constraints", + "aws_servicecatalog_product", + "aws_servicecatalog_provisioning_artifacts", + "aws_servicecatalogappregistry_application", + "aws_servicecatalogappregistry_attribute_group", + "aws_servicecatalogappregistry_attribute_group_associations", + "aws_servicequotas_service", + "aws_servicequotas_service_quota", + "aws_servicequotas_templates", + "aws_ses_active_receipt_rule_set", + "aws_ses_domain_identity", + "aws_ses_email_identity", + "aws_sesv2_configuration_set", + "aws_sesv2_dedicated_ip_pool", + "aws_sesv2_email_identity", + "aws_sesv2_email_identity_mail_from_attributes", + "aws_sfn_activity", + "aws_sfn_alias", + "aws_sfn_state_machine", + "aws_sfn_state_machine_versions", + "aws_shield_protection", + "aws_signer_signing_job", + "aws_signer_signing_profile", + "aws_sns_topic", + "aws_spot_datafeed_subscription", + "aws_sqs_queue", + "aws_sqs_queues", + "aws_ssm_document", + "aws_ssm_instances", + "aws_ssm_maintenance_windows", + "aws_ssm_parameter", + "aws_ssm_parameters_by_path", + "aws_ssm_patch_baseline", + "aws_ssm_patch_baselines", + "aws_ssmcontacts_contact", + "aws_ssmcontacts_contact_channel", + "aws_ssmcontacts_plan", + "aws_ssmcontacts_rotation", + "aws_ssmincidents_replication_set", + "aws_ssmincidents_response_plan", + "aws_ssoadmin_application", + "aws_ssoadmin_application_assignments", + "aws_ssoadmin_application_providers", + "aws_ssoadmin_instances", + "aws_ssoadmin_permission_set", + "aws_ssoadmin_permission_sets", + "aws_ssoadmin_principal_application_assignments", + "aws_storagegateway_local_disk", + "aws_subnet", + "aws_subnet_ids", + "aws_subnets", + "aws_synthetics_runtime_version", + "aws_synthetics_runtime_versions", + "aws_timestreamwrite_database", + "aws_timestreamwrite_table", + "aws_transfer_connector", + "aws_transfer_server", + "aws_verifiedpermissions_policy_store", + "aws_vpc", + "aws_vpc_dhcp_options", + "aws_vpc_endpoint", + "aws_vpc_endpoint_associations", + "aws_vpc_endpoint_service", + "aws_vpc_ipam", + "aws_vpc_ipam_pool", + "aws_vpc_ipam_pool_cidrs", + "aws_vpc_ipam_pools", + "aws_vpc_ipam_preview_next_cidr", + "aws_vpc_ipams", + "aws_vpc_peering_connection", + "aws_vpc_peering_connections", + "aws_vpc_security_group_rule", + "aws_vpc_security_group_rules", + "aws_vpclattice_auth_policy", + "aws_vpclattice_listener", + "aws_vpclattice_resource_policy", + "aws_vpclattice_service", + "aws_vpclattice_service_network", + "aws_vpcs", + "aws_vpn_connection", + "aws_vpn_gateway", + "aws_waf_ipset", + "aws_waf_rate_based_rule", + "aws_waf_rule", + "aws_waf_subscribed_rule_group", + "aws_waf_web_acl", + "aws_wafregional_ipset", + "aws_wafregional_rate_based_rule", + "aws_wafregional_rule", + "aws_wafregional_subscribed_rule_group", + "aws_wafregional_web_acl", + "aws_wafv2_ip_set", + "aws_wafv2_regex_pattern_set", + "aws_wafv2_rule_group", + "aws_wafv2_web_acl", + "aws_workspaces_bundle", + "aws_workspaces_directory", + "aws_workspaces_image", + "aws_workspaces_workspace" + ] +} \ No newline at end of file diff --git a/src/parse/azurerm-members.json b/src/parse/azurerm-members.json index b1e1b48f..753b8536 100755 --- a/src/parse/azurerm-members.json +++ b/src/parse/azurerm-members.json @@ -5,6 +5,10 @@ "azurerm_active_directory_domain_service_replica_set", "azurerm_active_directory_domain_service_trust", "azurerm_advanced_threat_protection", + "azurerm_advisor_suppression", + "azurerm_ai_foundry", + "azurerm_ai_foundry_project", + "azurerm_ai_services", "azurerm_analysis_services_server", "azurerm_api_connection", "azurerm_api_management", @@ -51,9 +55,15 @@ "azurerm_api_management_product_policy", "azurerm_api_management_product_tag", "azurerm_api_management_redis_cache", + "azurerm_api_management_standalone_gateway", "azurerm_api_management_subscription", "azurerm_api_management_tag", "azurerm_api_management_user", + "azurerm_api_management_workspace", + "azurerm_api_management_workspace_api_version_set", + "azurerm_api_management_workspace_certificate", + "azurerm_api_management_workspace_policy", + "azurerm_api_management_workspace_policy_fragment", "azurerm_app_configuration", "azurerm_app_configuration_feature", "azurerm_app_configuration_key", @@ -64,7 +74,6 @@ "azurerm_app_service_certificate_order", "azurerm_app_service_connection", "azurerm_app_service_custom_hostname_binding", - "azurerm_app_service_environment", "azurerm_app_service_environment_v3", "azurerm_app_service_hybrid_connection", "azurerm_app_service_managed_certificate", @@ -86,11 +95,15 @@ "azurerm_application_insights_workbook_template", "azurerm_application_load_balancer", "azurerm_application_load_balancer_frontend", + "azurerm_application_load_balancer_security_policy", "azurerm_application_load_balancer_subnet_association", "azurerm_application_security_group", "azurerm_arc_kubernetes_cluster", "azurerm_arc_kubernetes_cluster_extension", "azurerm_arc_kubernetes_flux_configuration", + "azurerm_arc_kubernetes_provisioned_cluster", + "azurerm_arc_machine", + "azurerm_arc_machine_automanage_configuration_assignment", "azurerm_arc_machine_extension", "azurerm_arc_private_link_scope", "azurerm_arc_resource_bridge_appliance", @@ -164,7 +177,6 @@ "azurerm_cdn_frontdoor_origin_group", "azurerm_cdn_frontdoor_profile", "azurerm_cdn_frontdoor_route", - "azurerm_cdn_frontdoor_route_disable_link_to_default_domain", "azurerm_cdn_frontdoor_rule", "azurerm_cdn_frontdoor_rule_set", "azurerm_cdn_frontdoor_secret", @@ -175,8 +187,11 @@ "azurerm_chaos_studio_target", "azurerm_cognitive_account", "azurerm_cognitive_account_customer_managed_key", + "azurerm_cognitive_account_rai_blocklist", + "azurerm_cognitive_account_rai_policy", "azurerm_cognitive_deployment", "azurerm_communication_service", + "azurerm_communication_service_email_domain_association", "azurerm_confidential_ledger", "azurerm_consumption_budget_management_group", "azurerm_consumption_budget_resource_group", @@ -194,6 +209,7 @@ "azurerm_container_registry", "azurerm_container_registry_agent_pool", "azurerm_container_registry_cache_rule", + "azurerm_container_registry_credential_set", "azurerm_container_registry_scope_map", "azurerm_container_registry_task", "azurerm_container_registry_task_schedule_run_now", @@ -211,7 +227,6 @@ "azurerm_cosmosdb_mongo_database", "azurerm_cosmosdb_mongo_role_definition", "azurerm_cosmosdb_mongo_user_definition", - "azurerm_cosmosdb_notebook_workspace", "azurerm_cosmosdb_postgresql_cluster", "azurerm_cosmosdb_postgresql_coordinator_configuration", "azurerm_cosmosdb_postgresql_firewall_rule", @@ -232,10 +247,12 @@ "azurerm_custom_provider", "azurerm_dashboard", "azurerm_dashboard_grafana", + "azurerm_dashboard_grafana_managed_private_endpoint", "azurerm_data_factory", "azurerm_data_factory_credential_service_principal", "azurerm_data_factory_credential_user_managed_identity", "azurerm_data_factory_custom_dataset", + "azurerm_data_factory_customer_managed_key", "azurerm_data_factory_data_flow", "azurerm_data_factory_dataset_azure_blob", "azurerm_data_factory_dataset_azure_sql_table", @@ -252,7 +269,6 @@ "azurerm_data_factory_flowlet_data_flow", "azurerm_data_factory_integration_runtime_azure", "azurerm_data_factory_integration_runtime_azure_ssis", - "azurerm_data_factory_integration_runtime_managed", "azurerm_data_factory_integration_runtime_self_hosted", "azurerm_data_factory_linked_custom_service", "azurerm_data_factory_linked_service_azure_blob_storage", @@ -285,14 +301,17 @@ "azurerm_data_protection_backup_instance_blob_storage", "azurerm_data_protection_backup_instance_disk", "azurerm_data_protection_backup_instance_kubernetes_cluster", + "azurerm_data_protection_backup_instance_mysql_flexible_server", "azurerm_data_protection_backup_instance_postgresql", "azurerm_data_protection_backup_instance_postgresql_flexible_server", "azurerm_data_protection_backup_policy_blob_storage", "azurerm_data_protection_backup_policy_disk", "azurerm_data_protection_backup_policy_kubernetes_cluster", + "azurerm_data_protection_backup_policy_mysql_flexible_server", "azurerm_data_protection_backup_policy_postgresql", "azurerm_data_protection_backup_policy_postgresql_flexible_server", "azurerm_data_protection_backup_vault", + "azurerm_data_protection_backup_vault_customer_managed_key", "azurerm_data_protection_resource_guard", "azurerm_data_share", "azurerm_data_share_account", @@ -303,7 +322,6 @@ "azurerm_database_migration_project", "azurerm_database_migration_service", "azurerm_databox_edge_device", - "azurerm_databox_edge_order", "azurerm_databricks_access_connector", "azurerm_databricks_virtual_network_peering", "azurerm_databricks_workspace", @@ -315,12 +333,15 @@ "azurerm_dedicated_host", "azurerm_dedicated_host_group", "azurerm_dev_center", + "azurerm_dev_center_attached_network", "azurerm_dev_center_catalog", "azurerm_dev_center_dev_box_definition", "azurerm_dev_center_environment_type", "azurerm_dev_center_gallery", "azurerm_dev_center_network_connection", "azurerm_dev_center_project", + "azurerm_dev_center_project_environment_type", + "azurerm_dev_center_project_pool", "azurerm_digital_twins_endpoint_eventgrid", "azurerm_digital_twins_endpoint_eventhub", "azurerm_digital_twins_endpoint_servicebus", @@ -328,10 +349,6 @@ "azurerm_digital_twins_time_series_database_connection", "azurerm_disk_access", "azurerm_disk_encryption_set", - "azurerm_disk_pool", - "azurerm_disk_pool_iscsi_target", - "azurerm_disk_pool_iscsi_target_lun", - "azurerm_disk_pool_managed_disk_attachment", "azurerm_dns_a_record", "azurerm_dns_aaaa_record", "azurerm_dns_caa_record", @@ -342,15 +359,22 @@ "azurerm_dns_srv_record", "azurerm_dns_txt_record", "azurerm_dns_zone", + "azurerm_dynatrace_monitor", + "azurerm_dynatrace_tag_rules", "azurerm_elastic_cloud_elasticsearch", "azurerm_elastic_san", "azurerm_elastic_san_volume", "azurerm_elastic_san_volume_group", "azurerm_email_communication_service", "azurerm_email_communication_service_domain", + "azurerm_email_communication_service_domain_sender_username", "azurerm_eventgrid_domain", "azurerm_eventgrid_domain_topic", "azurerm_eventgrid_event_subscription", + "azurerm_eventgrid_namespace", + "azurerm_eventgrid_partner_configuration", + "azurerm_eventgrid_partner_namespace", + "azurerm_eventgrid_partner_registration", "azurerm_eventgrid_system_topic", "azurerm_eventgrid_system_topic_event_subscription", "azurerm_eventgrid_topic", @@ -371,6 +395,8 @@ "azurerm_express_route_gateway", "azurerm_express_route_port", "azurerm_express_route_port_authorization", + "azurerm_extended_location_custom_location", + "azurerm_fabric_capacity", "azurerm_federated_identity_credential", "azurerm_firewall", "azurerm_firewall_application_rule_collection", @@ -386,12 +412,12 @@ "azurerm_function_app", "azurerm_function_app_active_slot", "azurerm_function_app_connection", + "azurerm_function_app_flex_consumption", "azurerm_function_app_function", "azurerm_function_app_hybrid_connection", "azurerm_function_app_slot", "azurerm_gallery_application", "azurerm_gallery_application_version", - "azurerm_graph_account", "azurerm_graph_services_account", "azurerm_hdinsight_hadoop_cluster", "azurerm_hdinsight_hbase_cluster", @@ -411,15 +437,8 @@ "azurerm_hpc_cache_blob_target", "azurerm_hpc_cache_nfs_target", "azurerm_image", - "azurerm_integration_service_environment", "azurerm_iot_security_device_group", "azurerm_iot_security_solution", - "azurerm_iot_time_series_insights_access_policy", - "azurerm_iot_time_series_insights_event_source_eventhub", - "azurerm_iot_time_series_insights_event_source_iothub", - "azurerm_iot_time_series_insights_gen2_environment", - "azurerm_iot_time_series_insights_reference_data_set", - "azurerm_iot_time_series_insights_standard_environment", "azurerm_iotcentral_application", "azurerm_iotcentral_application_network_rule_set", "azurerm_iotcentral_organization", @@ -451,6 +470,7 @@ "azurerm_key_vault_key", "azurerm_key_vault_managed_hardware_security_module", "azurerm_key_vault_managed_hardware_security_module_key", + "azurerm_key_vault_managed_hardware_security_module_key_rotation_policy", "azurerm_key_vault_managed_hardware_security_module_role_assignment", "azurerm_key_vault_managed_hardware_security_module_role_definition", "azurerm_key_vault_managed_storage_account", @@ -477,10 +497,6 @@ "azurerm_kusto_eventhub_data_connection", "azurerm_kusto_iothub_data_connection", "azurerm_kusto_script", - "azurerm_lab_service_lab", - "azurerm_lab_service_plan", - "azurerm_lab_service_schedule", - "azurerm_lab_service_user", "azurerm_lb", "azurerm_lb_backend_address_pool", "azurerm_lb_backend_address_pool_address", @@ -528,10 +544,6 @@ "azurerm_logic_app_trigger_http_request", "azurerm_logic_app_trigger_recurrence", "azurerm_logic_app_workflow", - "azurerm_logz_monitor", - "azurerm_logz_sub_account", - "azurerm_logz_sub_account_tag_rule", - "azurerm_logz_tag_rule", "azurerm_machine_learning_compute_cluster", "azurerm_machine_learning_compute_instance", "azurerm_machine_learning_datastore_blobstorage", @@ -540,6 +552,9 @@ "azurerm_machine_learning_inference_cluster", "azurerm_machine_learning_synapse_spark", "azurerm_machine_learning_workspace", + "azurerm_machine_learning_workspace_network_outbound_rule_fqdn", + "azurerm_machine_learning_workspace_network_outbound_rule_private_endpoint", + "azurerm_machine_learning_workspace_network_outbound_rule_service_tag", "azurerm_maintenance_assignment_dedicated_host", "azurerm_maintenance_assignment_dynamic_scope", "azurerm_maintenance_assignment_virtual_machine", @@ -550,33 +565,21 @@ "azurerm_managed_disk", "azurerm_managed_disk_sas_token", "azurerm_managed_lustre_file_system", + "azurerm_managed_redis", + "azurerm_managed_redis_geo_replication", "azurerm_management_group", "azurerm_management_group_policy_assignment", "azurerm_management_group_policy_exemption", "azurerm_management_group_policy_remediation", + "azurerm_management_group_policy_set_definition", "azurerm_management_group_subscription_association", "azurerm_management_group_template_deployment", "azurerm_management_lock", "azurerm_maps_account", "azurerm_maps_creator", - "azurerm_mariadb_configuration", - "azurerm_mariadb_database", - "azurerm_mariadb_firewall_rule", - "azurerm_mariadb_server", - "azurerm_mariadb_virtual_network_rule", "azurerm_marketplace_agreement", "azurerm_marketplace_role_assignment", - "azurerm_media_asset", - "azurerm_media_asset_filter", - "azurerm_media_content_key_policy", - "azurerm_media_job", - "azurerm_media_live_event", - "azurerm_media_live_event_output", "azurerm_media_services_account", - "azurerm_media_services_account_filter", - "azurerm_media_streaming_endpoint", - "azurerm_media_streaming_locator", - "azurerm_media_streaming_policy", "azurerm_media_transform", "azurerm_mobile_network", "azurerm_mobile_network_attached_data_network", @@ -589,10 +592,10 @@ "azurerm_mobile_network_sim_policy", "azurerm_mobile_network_site", "azurerm_mobile_network_slice", + "azurerm_mongo_cluster", + "azurerm_mongo_cluster_firewall_rule", "azurerm_monitor_aad_diagnostic_setting", "azurerm_monitor_action_group", - "azurerm_monitor_action_rule_action_group", - "azurerm_monitor_action_rule_suppression", "azurerm_monitor_activity_log_alert", "azurerm_monitor_alert_processing_rule_action_group", "azurerm_monitor_alert_processing_rule_suppression", @@ -602,7 +605,6 @@ "azurerm_monitor_data_collection_rule", "azurerm_monitor_data_collection_rule_association", "azurerm_monitor_diagnostic_setting", - "azurerm_monitor_log_profile", "azurerm_monitor_metric_alert", "azurerm_monitor_private_link_scope", "azurerm_monitor_private_link_scoped_service", @@ -617,13 +619,18 @@ "azurerm_mssql_elasticpool", "azurerm_mssql_failover_group", "azurerm_mssql_firewall_rule", + "azurerm_mssql_job", "azurerm_mssql_job_agent", "azurerm_mssql_job_credential", + "azurerm_mssql_job_schedule", + "azurerm_mssql_job_step", + "azurerm_mssql_job_target_group", "azurerm_mssql_managed_database", "azurerm_mssql_managed_instance", "azurerm_mssql_managed_instance_active_directory_administrator", "azurerm_mssql_managed_instance_failover_group", "azurerm_mssql_managed_instance_security_alert_policy", + "azurerm_mssql_managed_instance_start_stop_schedule", "azurerm_mssql_managed_instance_transparent_data_encryption", "azurerm_mssql_managed_instance_vulnerability_assessment", "azurerm_mssql_outbound_firewall_rule", @@ -638,27 +645,23 @@ "azurerm_mssql_virtual_machine_availability_group_listener", "azurerm_mssql_virtual_machine_group", "azurerm_mssql_virtual_network_rule", - "azurerm_mysql_active_directory_administrator", - "azurerm_mysql_configuration", - "azurerm_mysql_database", - "azurerm_mysql_firewall_rule", "azurerm_mysql_flexible_database", "azurerm_mysql_flexible_server", "azurerm_mysql_flexible_server_active_directory_administrator", "azurerm_mysql_flexible_server_configuration", "azurerm_mysql_flexible_server_firewall_rule", - "azurerm_mysql_server", - "azurerm_mysql_server_key", - "azurerm_mysql_virtual_network_rule", "azurerm_nat_gateway", "azurerm_nat_gateway_public_ip_association", "azurerm_nat_gateway_public_ip_prefix_association", "azurerm_netapp_account", "azurerm_netapp_account_encryption", + "azurerm_netapp_backup_policy", + "azurerm_netapp_backup_vault", "azurerm_netapp_pool", "azurerm_netapp_snapshot", "azurerm_netapp_snapshot_policy", "azurerm_netapp_volume", + "azurerm_netapp_volume_group_oracle", "azurerm_netapp_volume_group_sap_hana", "azurerm_netapp_volume_quota_rule", "azurerm_network_connection_monitor", @@ -676,13 +679,19 @@ "azurerm_network_manager_admin_rule_collection", "azurerm_network_manager_connectivity_configuration", "azurerm_network_manager_deployment", + "azurerm_network_manager_ipam_pool", + "azurerm_network_manager_ipam_pool_static_cidr", "azurerm_network_manager_management_group_connection", "azurerm_network_manager_network_group", + "azurerm_network_manager_routing_configuration", + "azurerm_network_manager_routing_rule", + "azurerm_network_manager_routing_rule_collection", "azurerm_network_manager_scope_connection", "azurerm_network_manager_security_admin_configuration", "azurerm_network_manager_static_member", "azurerm_network_manager_subscription_connection", - "azurerm_network_packet_capture", + "azurerm_network_manager_verifier_workspace", + "azurerm_network_manager_verifier_workspace_reachability_analysis_intent", "azurerm_network_profile", "azurerm_network_security_group", "azurerm_network_security_rule", @@ -690,12 +699,21 @@ "azurerm_network_watcher_flow_log", "azurerm_new_relic_monitor", "azurerm_new_relic_tag_rule", + "azurerm_nginx_api_key", "azurerm_nginx_certificate", "azurerm_nginx_configuration", "azurerm_nginx_deployment", "azurerm_notification_hub", "azurerm_notification_hub_authorization_rule", "azurerm_notification_hub_namespace", + "azurerm_oracle_autonomous_database", + "azurerm_oracle_autonomous_database_backup", + "azurerm_oracle_autonomous_database_clone_from_backup", + "azurerm_oracle_autonomous_database_clone_from_database", + "azurerm_oracle_cloud_vm_cluster", + "azurerm_oracle_exadata_infrastructure", + "azurerm_oracle_exascale_database_storage_vault", + "azurerm_oracle_resource_anchor", "azurerm_orbital_contact", "azurerm_orbital_contact_profile", "azurerm_orbital_spacecraft", @@ -726,9 +744,11 @@ "azurerm_postgresql_firewall_rule", "azurerm_postgresql_flexible_server", "azurerm_postgresql_flexible_server_active_directory_administrator", + "azurerm_postgresql_flexible_server_backup", "azurerm_postgresql_flexible_server_configuration", "azurerm_postgresql_flexible_server_database", "azurerm_postgresql_flexible_server_firewall_rule", + "azurerm_postgresql_flexible_server_virtual_endpoint", "azurerm_postgresql_server", "azurerm_postgresql_server_key", "azurerm_postgresql_virtual_network_rule", @@ -756,6 +776,7 @@ "azurerm_public_ip", "azurerm_public_ip_prefix", "azurerm_purview_account", + "azurerm_qumulo_file_system", "azurerm_recovery_services_vault", "azurerm_recovery_services_vault_resource_guard_association", "azurerm_redhat_openshift_cluster", @@ -801,7 +822,6 @@ "azurerm_security_center_auto_provisioning", "azurerm_security_center_automation", "azurerm_security_center_contact", - "azurerm_security_center_server_vulnerability_assessment", "azurerm_security_center_server_vulnerability_assessment_virtual_machine", "azurerm_security_center_server_vulnerability_assessments_setting", "azurerm_security_center_setting", @@ -845,8 +865,8 @@ "azurerm_service_plan", "azurerm_servicebus_namespace", "azurerm_servicebus_namespace_authorization_rule", + "azurerm_servicebus_namespace_customer_managed_key", "azurerm_servicebus_namespace_disaster_recovery_config", - "azurerm_servicebus_namespace_network_rule_set", "azurerm_servicebus_queue", "azurerm_servicebus_queue_authorization_rule", "azurerm_servicebus_subscription", @@ -877,7 +897,6 @@ "azurerm_site_recovery_vmware_replication_policy_association", "azurerm_snapshot", "azurerm_source_control_token", - "azurerm_spatial_anchors_account", "azurerm_spring_cloud_accelerator", "azurerm_spring_cloud_active_deployment", "azurerm_spring_cloud_api_portal", @@ -908,20 +927,18 @@ "azurerm_spring_cloud_new_relic_application_performance_monitoring", "azurerm_spring_cloud_service", "azurerm_spring_cloud_storage", - "azurerm_sql_active_directory_administrator", - "azurerm_sql_database", - "azurerm_sql_elasticpool", - "azurerm_sql_failover_group", "azurerm_sql_firewall_rule", - "azurerm_sql_managed_database", - "azurerm_sql_managed_instance", - "azurerm_sql_managed_instance_active_directory_administrator", - "azurerm_sql_managed_instance_failover_group", "azurerm_sql_server", "azurerm_sql_virtual_network_rule", "azurerm_ssh_public_key", "azurerm_stack_hci_cluster", + "azurerm_stack_hci_deployment_setting", + "azurerm_stack_hci_extension", "azurerm_stack_hci_logical_network", + "azurerm_stack_hci_marketplace_gallery_image", + "azurerm_stack_hci_network_interface", + "azurerm_stack_hci_storage_path", + "azurerm_stack_hci_virtual_hard_disk", "azurerm_static_site", "azurerm_static_site_custom_domain", "azurerm_static_web_app", @@ -931,6 +948,8 @@ "azurerm_storage_account_customer_managed_key", "azurerm_storage_account_local_user", "azurerm_storage_account_network_rules", + "azurerm_storage_account_queue_properties", + "azurerm_storage_account_static_website", "azurerm_storage_blob", "azurerm_storage_blob_inventory_policy", "azurerm_storage_container", @@ -961,6 +980,7 @@ "azurerm_stream_analytics_function_javascript_udf", "azurerm_stream_analytics_job", "azurerm_stream_analytics_job_schedule", + "azurerm_stream_analytics_job_storage_account", "azurerm_stream_analytics_managed_private_endpoint", "azurerm_stream_analytics_output_blob", "azurerm_stream_analytics_output_cosmosdb", @@ -1015,17 +1035,18 @@ "azurerm_system_center_virtual_machine_manager_availability_set", "azurerm_system_center_virtual_machine_manager_cloud", "azurerm_system_center_virtual_machine_manager_server", + "azurerm_system_center_virtual_machine_manager_virtual_machine_instance", + "azurerm_system_center_virtual_machine_manager_virtual_machine_instance_guest_agent", "azurerm_system_center_virtual_machine_manager_virtual_machine_template", "azurerm_system_center_virtual_machine_manager_virtual_network", - "azurerm_template_deployment", "azurerm_tenant_template_deployment", "azurerm_traffic_manager_azure_endpoint", "azurerm_traffic_manager_external_endpoint", "azurerm_traffic_manager_nested_endpoint", "azurerm_traffic_manager_profile", + "azurerm_trusted_signing_account", "azurerm_user_assigned_identity", - "azurerm_video_analyzer", - "azurerm_video_analyzer_edge_module", + "azurerm_video_indexer_account", "azurerm_virtual_desktop_application", "azurerm_virtual_desktop_application_group", "azurerm_virtual_desktop_host_pool", @@ -1055,6 +1076,7 @@ "azurerm_virtual_machine_scale_set", "azurerm_virtual_machine_scale_set_extension", "azurerm_virtual_machine_scale_set_packet_capture", + "azurerm_virtual_machine_scale_set_standby_pool", "azurerm_virtual_network", "azurerm_virtual_network_dns_servers", "azurerm_virtual_network_gateway", @@ -1083,6 +1105,7 @@ "azurerm_web_pubsub_network_acl", "azurerm_web_pubsub_service", "azurerm_web_pubsub_shared_private_link_resource", + "azurerm_web_pubsub_socketio", "azurerm_windows_function_app", "azurerm_windows_function_app_slot", "azurerm_windows_virtual_machine", @@ -1097,6 +1120,7 @@ "azurerm_aadb2c_directory", "azurerm_active_directory_domain_service", "azurerm_advisor_recommendations", + "azurerm_api_connection", "azurerm_api_management", "azurerm_api_management_api", "azurerm_api_management_api_version_set", @@ -1104,6 +1128,7 @@ "azurerm_api_management_gateway_host_name_configuration", "azurerm_api_management_group", "azurerm_api_management_product", + "azurerm_api_management_subscription", "azurerm_api_management_user", "azurerm_app_configuration", "azurerm_app_configuration_key", @@ -1111,7 +1136,6 @@ "azurerm_app_service", "azurerm_app_service_certificate", "azurerm_app_service_certificate_order", - "azurerm_app_service_environment", "azurerm_app_service_environment_v3", "azurerm_app_service_plan", "azurerm_application_gateway", @@ -1119,7 +1143,7 @@ "azurerm_application_security_group", "azurerm_arc_machine", "azurerm_arc_resource_bridge_appliance", - "azurerm_attestation", + "azurerm_attestation_provider", "azurerm_automation_account", "azurerm_automation_runbook", "azurerm_automation_variable_bool", @@ -1156,8 +1180,8 @@ "azurerm_consumption_budget_resource_group", "azurerm_consumption_budget_subscription", "azurerm_container_app", - "azurerm_container_app_environment.", - "azurerm_container_app_environment_certificate.", + "azurerm_container_app_environment", + "azurerm_container_app_environment_certificate", "azurerm_container_app_environment_dapr_component.", "azurerm_container_group", "azurerm_container_registry", @@ -1168,6 +1192,7 @@ "azurerm_cosmosdb_mongo_database", "azurerm_cosmosdb_restorable_database_accounts", "azurerm_cosmosdb_sql_database", + "azurerm_cosmosdb_sql_role_definition", "azurerm_dashboard_grafana", "azurerm_data_factory", "azurerm_data_factory_trigger_schedule", @@ -1183,11 +1208,22 @@ "azurerm_data_share_dataset_kusto_database", "azurerm_database_migration_project", "azurerm_database_migration_service", + "azurerm_databox_edge_device", "azurerm_databricks_access_connector", "azurerm_databricks_workspace", "azurerm_databricks_workspace_private_endpoint_connection", "azurerm_dedicated_host", "azurerm_dedicated_host_group", + "azurerm_dev_center", + "azurerm_dev_center_attached_network", + "azurerm_dev_center_catalog", + "azurerm_dev_center_dev_box_definition", + "azurerm_dev_center_environment_type", + "azurerm_dev_center_gallery", + "azurerm_dev_center_network_connection", + "azurerm_dev_center_project", + "azurerm_dev_center_project_environment_type", + "azurerm_dev_center_project_pool", "azurerm_digital_twins_instance", "azurerm_disk_access", "azurerm_disk_encryption_set", @@ -1202,15 +1238,19 @@ "azurerm_dns_srv_record", "azurerm_dns_txt_record", "azurerm_dns_zone", + "azurerm_dynatrace_monitor", "azurerm_elastic_cloud_elasticsearch", "azurerm_elastic_san", "azurerm_elastic_san_volume_group", "azurerm_elastic_san_volume_snapshot", "azurerm_eventgrid_domain", "azurerm_eventgrid_domain_topic", + "azurerm_eventgrid_partner_namespace", + "azurerm_eventgrid_partner_registration", "azurerm_eventgrid_system_topic", "azurerm_eventgrid_topic", "azurerm_eventhub", + "azurerm_eventhub_authorization_rule", "azurerm_eventhub_cluster", "azurerm_eventhub_consumer_group", "azurerm_eventhub_namespace", @@ -1218,18 +1258,19 @@ "azurerm_eventhub_sas", "azurerm_express_route_circuit", "azurerm_express_route_circuit_peering", + "azurerm_extended_location_custom_location", "azurerm_extended_locations", "azurerm_firewall", "azurerm_firewall_policy", "azurerm_function_app", "azurerm_function_app_host_keys", + "azurerm_graph_services_account", "azurerm_hdinsight_cluster", "azurerm_healthcare_dicom_service", "azurerm_healthcare_fhir_service", "azurerm_healthcare_medtech_service", "azurerm_healthcare_service", "azurerm_healthcare_workspace", - "azurerm_hybrid_compute_machine", "azurerm_image", "azurerm_images", "azurerm_iothub", @@ -1247,11 +1288,13 @@ "azurerm_key_vault_encrypted_value", "azurerm_key_vault_key", "azurerm_key_vault_managed_hardware_security_module", + "azurerm_key_vault_managed_hardware_security_module_key", "azurerm_key_vault_managed_hardware_security_module_role_definition", "azurerm_key_vault_secret", "azurerm_key_vault_secrets", "azurerm_kubernetes_cluster", "azurerm_kubernetes_cluster_node_pool", + "azurerm_kubernetes_fleet_manager", "azurerm_kubernetes_node_pool_snapshot", "azurerm_kubernetes_service_versions", "azurerm_kusto_cluster", @@ -1265,6 +1308,7 @@ "azurerm_local_network_gateway", "azurerm_location", "azurerm_log_analytics_workspace", + "azurerm_log_analytics_workspace_table", "azurerm_logic_app_integration_account", "azurerm_logic_app_standard", "azurerm_logic_app_workflow", @@ -1273,43 +1317,81 @@ "azurerm_managed_api", "azurerm_managed_application_definition", "azurerm_managed_disk", + "azurerm_managed_disks", + "azurerm_managed_redis", "azurerm_management_group", "azurerm_management_group_template_deployment", "azurerm_maps_account", - "azurerm_mariadb_server", + "azurerm_marketplace_agreement", + "azurerm_mobile_network", + "azurerm_mobile_network_attached_data_network", + "azurerm_mobile_network_data_network", + "azurerm_mobile_network_packet_core_control_plane", + "azurerm_mobile_network_packet_core_data_plane", + "azurerm_mobile_network_service", + "azurerm_mobile_network_sim", + "azurerm_mobile_network_sim_group", + "azurerm_mobile_network_sim_policy", + "azurerm_mobile_network_site", + "azurerm_mobile_network_slice", "azurerm_monitor_action_group", "azurerm_monitor_data_collection_endpoint", "azurerm_monitor_data_collection_rule", "azurerm_monitor_diagnostic_categories", - "azurerm_monitor_log_profile", "azurerm_monitor_scheduled_query_rules_alert", "azurerm_monitor_scheduled_query_rules_log", "azurerm_monitor_workspace", "azurerm_mssql_database", "azurerm_mssql_elasticpool", + "azurerm_mssql_failover_group", + "azurerm_mssql_managed_database", "azurerm_mssql_managed_instance", "azurerm_mssql_server", + "azurerm_mysql_flexible_server", "azurerm_nat_gateway", "azurerm_netapp_account", "azurerm_netapp_account_encryption", + "azurerm_netapp_backup_policy", + "azurerm_netapp_backup_vault", "azurerm_netapp_pool", "azurerm_netapp_snapshot", "azurerm_netapp_snapshot_policy", "azurerm_netapp_volume", + "azurerm_netapp_volume_group_oracle", "azurerm_netapp_volume_group_sap_hana", "azurerm_netapp_volume_quota_rule", "azurerm_network_ddos_protection_plan", "azurerm_network_interface", + "azurerm_network_manager", "azurerm_network_manager_connectivity_configuration", + "azurerm_network_manager_ipam_pool", + "azurerm_network_manager_network_group", "azurerm_network_security_group", "azurerm_network_service_tags", "azurerm_network_watcher", + "azurerm_nginx_api_key", "azurerm_nginx_certificate", "azurerm_nginx_configuration", "azurerm_nginx_deployment", "azurerm_notification_hub", "azurerm_notification_hub_namespace", + "azurerm_oracle_adbs_character_sets", + "azurerm_oracle_adbs_national_character_sets", + "azurerm_oracle_autonomous_database", + "azurerm_oracle_autonomous_database_backup", + "azurerm_oracle_autonomous_database_backups", + "azurerm_oracle_autonomous_database_clone_from_backup", + "azurerm_oracle_autonomous_database_clone_from_database", + "azurerm_oracle_cloud_vm_cluster", + "azurerm_oracle_db_nodes", + "azurerm_oracle_db_servers", + "azurerm_oracle_db_system_shapes", + "azurerm_oracle_exadata_infrastructure", + "azurerm_oracle_exascale_database_storage_vault", + "azurerm_oracle_gi_versions", + "azurerm_oracle_resource_anchor", "azurerm_orchestrated_virtual_machine_scale_set", + "azurerm_palo_alto_local_rulestack", "azurerm_platform_image", "azurerm_policy_assignment", "azurerm_policy_definition", @@ -1349,16 +1431,19 @@ "azurerm_resource_group", "azurerm_resource_group_template_deployment", "azurerm_resources", + "azurerm_role_assignments", "azurerm_role_definition", "azurerm_role_management_policy", "azurerm_route_filter", "azurerm_route_table", + "azurerm_search_service", "azurerm_sentinel_alert_rule", "azurerm_sentinel_alert_rule_anomaly", "azurerm_sentinel_alert_rule_template", "azurerm_service_plan", "azurerm_servicebus_namespace", "azurerm_servicebus_namespace_authorization_rule", + "azurerm_servicebus_namespace_disaster_recovery_config", "azurerm_servicebus_queue", "azurerm_servicebus_queue_authorization_rule", "azurerm_servicebus_subscription", @@ -1372,15 +1457,14 @@ "azurerm_site_recovery_fabric", "azurerm_site_recovery_protection_container", "azurerm_site_recovery_replication_policy", + "azurerm_site_recovery_replication_recovery_plan", "azurerm_snapshot", "azurerm_source_control_token", "azurerm_spring_cloud_app", "azurerm_spring_cloud_service", - "azurerm_sql_database", - "azurerm_sql_managed_instance", - "azurerm_sql_server", "azurerm_ssh_public_key", "azurerm_stack_hci_cluster", + "azurerm_stack_hci_storage_path", "azurerm_static_web_app", "azurerm_storage_account", "azurerm_storage_account_blob_container_sas", @@ -1395,6 +1479,7 @@ "azurerm_storage_sync", "azurerm_storage_sync_group", "azurerm_storage_table", + "azurerm_storage_table_entities", "azurerm_storage_table_entity", "azurerm_stream_analytics_job", "azurerm_subnet", @@ -1407,6 +1492,7 @@ "azurerm_tenant_template_deployment", "azurerm_traffic_manager_geographical_location", "azurerm_traffic_manager_profile", + "azurerm_trusted_signing_account", "azurerm_user_assigned_identity", "azurerm_virtual_desktop_application_group", "azurerm_virtual_desktop_host_pool", @@ -1419,9 +1505,11 @@ "azurerm_virtual_network", "azurerm_virtual_network_gateway", "azurerm_virtual_network_gateway_connection", + "azurerm_virtual_network_peering", "azurerm_virtual_wan", "azurerm_vmware_private_cloud", "azurerm_vpn_gateway", + "azurerm_vpn_server_configuration", "azurerm_web_application_firewall_policy", "azurerm_web_pubsub", "azurerm_web_pubsub_private_link_resource", diff --git a/src/parse/google-members.json b/src/parse/google-members.json index 78cf27be..ec006955 100755 --- a/src/parse/google-members.json +++ b/src/parse/google-members.json @@ -1,1252 +1,1664 @@ { - "dataSources": [ - "google_access_approval_folder_service_account", - "google_access_approval_organization_service_account", - "google_access_approval_project_service_account", - "google_access_context_manager_access_policy_iam_policy", - "google_active_folder", - "google_alloydb_locations", - "google_alloydb_supported_database_flags", - "google_api_gateway_api_config_iam_policy", - "google_api_gateway_api_iam_policy", - "google_api_gateway_gateway_iam_policy", - "google_apigee_environment_iam_policy", - "google_app_engine_default_service_account", - "google_apphub_application", - "google_apphub_discovered_service", - "google_apphub_discovered_workload", - "google_artifact_registry_docker_image", - "google_artifact_registry_repository", - "google_artifact_registry_repository_iam_policy", - "google_beyondcorp_app_connection", - "google_beyondcorp_app_connector", - "google_beyondcorp_app_gateway", - "google_bigquery_analytics_hub_data_exchange_iam_policy", - "google_bigquery_analytics_hub_listing_iam_policy", - "google_bigquery_connection_iam_policy", - "google_bigquery_datapolicy_data_policy_iam_policy", - "google_bigquery_dataset", - "google_bigquery_dataset_iam_policy", - "google_bigquery_default_service_account", - "google_bigquery_table_iam_policy", - "google_bigtable_instance_iam_policy", - "google_bigtable_table_iam_policy", - "google_billing_account", - "google_billing_account_iam_policy", - "google_binary_authorization_attestor_iam_policy", - "google_certificate_manager_certificate_map", - "google_client_config", - "google_client_openid_userinfo", - "google_cloud_identity_group_lookup", - "google_cloud_identity_group_memberships", - "google_cloud_identity_groups", - "google_cloud_quotas_quota_info", - "google_cloud_quotas_quota_infos", - "google_cloud_run_locations", - "google_cloud_run_service", - "google_cloud_run_service_iam_policy", - "google_cloud_run_v2_job", - "google_cloud_run_v2_job_iam_policy", - "google_cloud_run_v2_service", - "google_cloud_run_v2_service_iam_policy", - "google_cloud_tasks_queue_iam_policy", - "google_cloudbuild_trigger", - "google_cloudbuildv2_connection_iam_policy", - "google_clouddeploy_custom_target_type_iam_policy", - "google_clouddeploy_delivery_pipeline_iam_policy", - "google_clouddeploy_target_iam_policy", - "google_cloudfunctions2_function", - "google_cloudfunctions2_function_iam_policy", - "google_cloudfunctions_function", - "google_cloudfunctions_function_iam_policy", - "google_composer_environment", - "google_composer_image_versions", - "google_composer_user_workloads_config_map", - "google_composer_user_workloads_secret", - "google_compute_address", - "google_compute_addresses", - "google_compute_backend_bucket", - "google_compute_backend_bucket_iam_policy", - "google_compute_backend_service", - "google_compute_backend_service_iam_policy", - "google_compute_default_service_account", - "google_compute_disk", - "google_compute_disk_iam_policy", - "google_compute_forwarding_rule", - "google_compute_forwarding_rules", - "google_compute_global_address", - "google_compute_global_forwarding_rule", - "google_compute_ha_vpn_gateway", - "google_compute_health_check", - "google_compute_image", - "google_compute_image_iam_policy", - "google_compute_instance", - "google_compute_instance_group", - "google_compute_instance_group_manager", - "google_compute_instance_iam_policy", - "google_compute_instance_serial_port", - "google_compute_instance_template", - "google_compute_lb_ip_ranges", - "google_compute_machine_image_iam_policy", - "google_compute_machine_types", - "google_compute_network", - "google_compute_network_endpoint_group", - "google_compute_network_peering", - "google_compute_networks", - "google_compute_node_types", - "google_compute_region_backend_service_iam_policy", - "google_compute_region_disk", - "google_compute_region_disk_iam_policy", - "google_compute_region_instance_group", - "google_compute_region_instance_template", - "google_compute_region_network_endpoint_group", - "google_compute_region_ssl_certificate", - "google_compute_regions", - "google_compute_reservation", - "google_compute_resource_policy", - "google_compute_router", - "google_compute_router_nat", - "google_compute_router_status", - "google_compute_security_policy", - "google_compute_snapshot", - "google_compute_snapshot_iam_policy", - "google_compute_ssl_certificate", - "google_compute_ssl_policy", - "google_compute_subnetwork", - "google_compute_subnetwork_iam_policy", - "google_compute_subnetworks", - "google_compute_vpn_gateway", - "google_compute_zones", - "google_container_analysis_note_iam_policy", - "google_container_attached_install_manifest", - "google_container_attached_versions", - "google_container_aws_versions", - "google_container_azure_versions", - "google_container_cluster", - "google_container_engine_versions", - "google_container_registry_image", - "google_container_registry_repository", - "google_data_catalog_entry_group_iam_policy", - "google_data_catalog_policy_tag_iam_policy", - "google_data_catalog_tag_template_iam_policy", - "google_data_catalog_taxonomy_iam_policy", - "google_data_fusion_instance_iam_policy", - "google_dataform_repository_iam_policy", - "google_dataplex_aspect_type_iam_policy", - "google_dataplex_asset_iam_policy", - "google_dataplex_datascan_iam_policy", - "google_dataplex_entry_group_iam_policy", - "google_dataplex_entry_type_iam_policy", - "google_dataplex_lake_iam_policy", - "google_dataplex_task_iam_policy", - "google_dataplex_zone_iam_policy", - "google_dataproc_autoscaling_policy_iam_policy", - "google_dataproc_cluster_iam_policy", - "google_dataproc_job_iam_policy", - "google_dataproc_metastore_federation_iam_policy", - "google_dataproc_metastore_service", - "google_dataproc_metastore_service_iam_policy", - "google_datastream_static_ips", - "google_dns_keys", - "google_dns_managed_zone", - "google_dns_managed_zone_iam_policy", - "google_dns_managed_zones", - "google_dns_record_set", - "google_endpoints_service_consumers_iam_policy", - "google_endpoints_service_iam_policy", - "google_filestore_instance", - "google_firebase_web_app_config", - "google_folder", - "google_folder_iam_policy", - "google_folder_organization_policy", - "google_folders", - "google_gke_backup_backup_plan_iam_policy", - "google_gke_backup_restore_plan_iam_policy", - "google_gke_hub_feature_iam_policy", - "google_gke_hub_membership_iam_policy", - "google_gke_hub_scope_iam_policy", - "google_healthcare_consent_store_iam_policy", - "google_healthcare_dataset_iam_policy", - "google_healthcare_dicom_store_iam_policy", - "google_healthcare_fhir_store_iam_policy", - "google_healthcare_hl7_v2_store_iam_policy", - "google_iam_policy", - "google_iam_role", - "google_iam_workload_identity_pool", - "google_iam_workload_identity_pool_provider", - "google_iap_app_engine_service_iam_policy", - "google_iap_app_engine_version_iam_policy", - "google_iap_client", - "google_iap_tunnel_dest_group_iam_policy", - "google_iap_tunnel_iam_policy", - "google_iap_tunnel_instance_iam_policy", - "google_iap_web_backend_service_iam_policy", - "google_iap_web_iam_policy", - "google_iap_web_region_backend_service_iam_policy", - "google_iap_web_type_app_engine_iam_policy", - "google_iap_web_type_compute_iam_policy", - "google_kms_crypto_key", - "google_kms_crypto_key_iam_policy", - "google_kms_crypto_key_version", - "google_kms_crypto_keys", - "google_kms_key_ring", - "google_kms_key_ring_iam_policy", - "google_kms_key_rings", - "google_kms_secret", - "google_kms_secret_asymmetric", - "google_kms_secret_ciphertext", - "google_logging_folder_settings", - "google_logging_log_view_iam_policy", - "google_logging_organization_settings", - "google_logging_project_cmek_settings", - "google_logging_project_settings", - "google_monitoring_app_engine_service", - "google_monitoring_cluster_istio_service", - "google_monitoring_istio_canonical_service", - "google_monitoring_mesh_istio_service", - "google_monitoring_notification_channel", - "google_monitoring_uptime_check_ips", - "google_netblock_ip_ranges", - "google_network_security_address_group_iam_policy", - "google_notebooks_instance_iam_policy", - "google_notebooks_runtime_iam_policy", - "google_organization", - "google_organization_iam_policy", - "google_privateca_ca_pool_iam_policy", - "google_privateca_certificate_authority", - "google_privateca_certificate_template_iam_policy", - "google_project", - "google_project_iam_policy", - "google_project_organization_policy", - "google_project_service", - "google_projects", - "google_pubsub_schema_iam_policy", - "google_pubsub_subscription", - "google_pubsub_subscription_iam_policy", - "google_pubsub_topic", - "google_pubsub_topic_iam_policy", - "google_redis_instance", - "google_runtimeconfig_config", - "google_runtimeconfig_config_iam_policy", - "google_runtimeconfig_variable", - "google_scc_source_iam_policy", - "google_secret_manager_secret", - "google_secret_manager_secret_iam_policy", - "google_secret_manager_secret_version", - "google_secret_manager_secret_version_access", - "google_secret_manager_secrets", - "google_secure_source_manager_instance_iam_policy", - "google_secure_source_manager_repository_iam_policy", - "google_service_account", - "google_service_account_access_token", - "google_service_account_iam_policy", - "google_service_account_id_token", - "google_service_account_jwt", - "google_service_account_key", - "google_service_directory_namespace_iam_policy", - "google_service_directory_service_iam_policy", - "google_site_verification_token", - "google_sourcerepo_repository", - "google_sourcerepo_repository_iam_policy", - "google_spanner_database_iam_policy", - "google_spanner_instance", - "google_spanner_instance_iam_policy", - "google_sql_backup_run", - "google_sql_ca_certs", - "google_sql_database", - "google_sql_database_instance", - "google_sql_database_instance_latest_recovery_time", - "google_sql_database_instances", - "google_sql_databases", - "google_sql_tiers", - "google_storage_bucket", - "google_storage_bucket_iam_policy", - "google_storage_bucket_object", - "google_storage_bucket_object_content", - "google_storage_bucket_objects", - "google_storage_buckets", - "google_storage_object_signed_url", - "google_storage_project_service_account", - "google_storage_transfer_project_service_account", - "google_tags_tag_key", - "google_tags_tag_key_iam_policy", - "google_tags_tag_keys", - "google_tags_tag_value", - "google_tags_tag_value_iam_policy", - "google_tags_tag_values", - "google_tpu_tensorflow_versions", - "google_tpu_v2_accelerator_types", - "google_tpu_v2_runtime_versions", - "google_vertex_ai_endpoint_iam_policy", - "google_vertex_ai_featurestore_entitytype_iam_policy", - "google_vertex_ai_featurestore_iam_policy", - "google_vmwareengine_cluster", - "google_vmwareengine_external_access_rule", - "google_vmwareengine_external_address", - "google_vmwareengine_network", - "google_vmwareengine_network_peering", - "google_vmwareengine_network_policy", - "google_vmwareengine_nsx_credentials", - "google_vmwareengine_private_cloud", - "google_vmwareengine_subnet", - "google_vmwareengine_vcenter_credentials", - "google_vpc_access_connector", - "google_workbench_instance_iam_policy", - "google_workstations_workstation_config_iam_policy", - "google_workstations_workstation_iam_policy" - ], - "resources": [ - "google_access_context_manager_access_level", - "google_access_context_manager_access_level_condition", - "google_access_context_manager_access_levels", - "google_access_context_manager_access_policy", - "google_access_context_manager_access_policy_iam_binding", - "google_access_context_manager_access_policy_iam_member", - "google_access_context_manager_access_policy_iam_policy", - "google_access_context_manager_authorized_orgs_desc", - "google_access_context_manager_gcp_user_access_binding", - "google_access_context_manager_service_perimeter", - "google_access_context_manager_service_perimeter_dry_run_egress_policy", - "google_access_context_manager_service_perimeter_dry_run_ingress_policy", - "google_access_context_manager_service_perimeter_dry_run_resource", - "google_access_context_manager_service_perimeter_egress_policy", - "google_access_context_manager_service_perimeter_ingress_policy", - "google_access_context_manager_service_perimeter_resource", - "google_access_context_manager_service_perimeters", - "google_active_directory_domain", - "google_active_directory_domain_trust", - "google_active_directory_peering", - "google_alloydb_backup", - "google_alloydb_cluster", - "google_alloydb_instance", - "google_alloydb_user", - "google_api_gateway_api", - "google_api_gateway_api_config", - "google_api_gateway_api_config_iam_binding", - "google_api_gateway_api_config_iam_member", - "google_api_gateway_api_config_iam_policy", - "google_api_gateway_api_iam_binding", - "google_api_gateway_api_iam_member", - "google_api_gateway_api_iam_policy", - "google_api_gateway_gateway", - "google_api_gateway_gateway_iam_binding", - "google_api_gateway_gateway_iam_member", - "google_api_gateway_gateway_iam_policy", - "google_apigee_addons_config", - "google_apigee_endpoint_attachment", - "google_apigee_env_keystore", - "google_apigee_envgroup", - "google_apigee_envgroup_attachment", - "google_apigee_environment", - "google_apigee_environment_iam_binding", - "google_apigee_environment_iam_member", - "google_apigee_environment_iam_policy", - "google_apigee_environment_keyvaluemaps", - "google_apigee_environment_keyvaluemaps_entries", - "google_apigee_instance", - "google_apigee_instance_attachment", - "google_apigee_keystores_aliases_self_signed_cert", - "google_apigee_nat_address", - "google_apigee_organization", - "google_apigee_sync_authorization", - "google_apigee_target_server", - "google_apikeys_key", - "google_app_engine_application", - "google_app_engine_application_url_dispatch_rules", - "google_app_engine_domain_mapping", - "google_app_engine_firewall_rule", - "google_app_engine_flexible_app_version", - "google_app_engine_service_network_settings", - "google_app_engine_service_split_traffic", - "google_app_engine_standard_app_version", - "google_apphub_application", - "google_apphub_service", - "google_apphub_service_project_attachment", - "google_apphub_workload", - "google_artifact_registry_repository", - "google_artifact_registry_repository_iam_binding", - "google_artifact_registry_repository_iam_member", - "google_artifact_registry_repository_iam_policy", - "google_artifact_registry_vpcsc_config", - "google_assured_workloads_workload", - "google_backup_dr_management_server", - "google_beyondcorp_app_connection", - "google_beyondcorp_app_connector", - "google_beyondcorp_app_gateway", - "google_biglake_catalog", - "google_biglake_database", - "google_biglake_table", - "google_bigquery_analytics_hub_data_exchange", - "google_bigquery_analytics_hub_data_exchange_iam_binding", - "google_bigquery_analytics_hub_data_exchange_iam_member", - "google_bigquery_analytics_hub_data_exchange_iam_policy", - "google_bigquery_analytics_hub_listing", - "google_bigquery_analytics_hub_listing_iam_binding", - "google_bigquery_analytics_hub_listing_iam_member", - "google_bigquery_analytics_hub_listing_iam_policy", - "google_bigquery_bi_reservation", - "google_bigquery_capacity_commitment", - "google_bigquery_connection", - "google_bigquery_connection_iam_binding", - "google_bigquery_connection_iam_member", - "google_bigquery_connection_iam_policy", - "google_bigquery_data_transfer_config", - "google_bigquery_datapolicy_data_policy", - "google_bigquery_datapolicy_data_policy_iam_binding", - "google_bigquery_datapolicy_data_policy_iam_member", - "google_bigquery_datapolicy_data_policy_iam_policy", - "google_bigquery_dataset", - "google_bigquery_dataset_access", - "google_bigquery_dataset_iam_binding", - "google_bigquery_dataset_iam_member", - "google_bigquery_dataset_iam_policy", - "google_bigquery_job", - "google_bigquery_reservation", - "google_bigquery_reservation_assignment", - "google_bigquery_routine", - "google_bigquery_table", - "google_bigquery_table_iam_binding", - "google_bigquery_table_iam_member", - "google_bigquery_table_iam_policy", - "google_bigtable_app_profile", - "google_bigtable_authorized_view", - "google_bigtable_gc_policy", - "google_bigtable_instance", - "google_bigtable_instance_iam_binding", - "google_bigtable_instance_iam_member", - "google_bigtable_instance_iam_policy", - "google_bigtable_table", - "google_bigtable_table_iam_binding", - "google_bigtable_table_iam_member", - "google_bigtable_table_iam_policy", - "google_billing_account_iam_binding", - "google_billing_account_iam_member", - "google_billing_account_iam_policy", - "google_billing_budget", - "google_billing_project_info", - "google_billing_subaccount", - "google_binary_authorization_attestor", - "google_binary_authorization_attestor_iam_binding", - "google_binary_authorization_attestor_iam_member", - "google_binary_authorization_attestor_iam_policy", - "google_binary_authorization_policy", - "google_blockchain_node_engine_blockchain_nodes", - "google_certificate_manager_certificate", - "google_certificate_manager_certificate_issuance_config", - "google_certificate_manager_certificate_map", - "google_certificate_manager_certificate_map_entry", - "google_certificate_manager_dns_authorization", - "google_certificate_manager_trust_config", - "google_cloud_asset_folder_feed", - "google_cloud_asset_organization_feed", - "google_cloud_asset_project_feed", - "google_cloud_identity_group", - "google_cloud_identity_group_membership", - "google_cloud_ids_endpoint", - "google_cloud_quotas_quota_preference", - "google_cloud_run_domain_mapping", - "google_cloud_run_service", - "google_cloud_run_service_iam_binding", - "google_cloud_run_service_iam_member", - "google_cloud_run_service_iam_policy", - "google_cloud_run_v2_job", - "google_cloud_run_v2_job_iam_binding", - "google_cloud_run_v2_job_iam_member", - "google_cloud_run_v2_job_iam_policy", - "google_cloud_run_v2_service", - "google_cloud_run_v2_service_iam_binding", - "google_cloud_run_v2_service_iam_member", - "google_cloud_run_v2_service_iam_policy", - "google_cloud_scheduler_job", - "google_cloud_tasks_queue", - "google_cloud_tasks_queue_iam_binding", - "google_cloud_tasks_queue_iam_member", - "google_cloud_tasks_queue_iam_policy", - "google_cloudbuild_bitbucket_server_config", - "google_cloudbuild_trigger", - "google_cloudbuild_worker_pool", - "google_cloudbuildv2_connection", - "google_cloudbuildv2_connection_iam_binding", - "google_cloudbuildv2_connection_iam_member", - "google_cloudbuildv2_connection_iam_policy", - "google_cloudbuildv2_repository", - "google_clouddeploy_automation", - "google_clouddeploy_custom_target_type", - "google_clouddeploy_custom_target_type_iam_binding", - "google_clouddeploy_custom_target_type_iam_member", - "google_clouddeploy_custom_target_type_iam_policy", - "google_clouddeploy_delivery_pipeline", - "google_clouddeploy_delivery_pipeline_iam_binding", - "google_clouddeploy_delivery_pipeline_iam_member", - "google_clouddeploy_delivery_pipeline_iam_policy", - "google_clouddeploy_target", - "google_clouddeploy_target_iam_binding", - "google_clouddeploy_target_iam_member", - "google_clouddeploy_target_iam_policy", - "google_clouddomains_registration", - "google_cloudfunctions2_function", - "google_cloudfunctions2_function_iam_binding", - "google_cloudfunctions2_function_iam_member", - "google_cloudfunctions2_function_iam_policy", - "google_cloudfunctions_function", - "google_cloudfunctions_function_iam_binding", - "google_cloudfunctions_function_iam_member", - "google_cloudfunctions_function_iam_policy", - "google_cloudiot_registry", - "google_composer_environment", - "google_composer_user_workloads_config_map", - "google_composer_user_workloads_secret", - "google_compute_address", - "google_compute_attached_disk", - "google_compute_autoscaler", - "google_compute_backend_bucket", - "google_compute_backend_bucket_iam_binding", - "google_compute_backend_bucket_iam_member", - "google_compute_backend_bucket_iam_policy", - "google_compute_backend_bucket_signed_url_key", - "google_compute_backend_service", - "google_compute_backend_service_iam_binding", - "google_compute_backend_service_iam_member", - "google_compute_backend_service_iam_policy", - "google_compute_backend_service_signed_url_key", - "google_compute_disk", - "google_compute_disk_async_replication", - "google_compute_disk_iam_binding", - "google_compute_disk_iam_member", - "google_compute_disk_iam_policy", - "google_compute_disk_resource_policy_attachment", - "google_compute_external_vpn_gateway", - "google_compute_firewall", - "google_compute_firewall_policy", - "google_compute_firewall_policy_association", - "google_compute_firewall_policy_rule", - "google_compute_forwarding_rule", - "google_compute_global_address", - "google_compute_global_forwarding_rule", - "google_compute_global_network_endpoint", - "google_compute_global_network_endpoint_group", - "google_compute_ha_vpn_gateway", - "google_compute_health_check", - "google_compute_http_health_check", - "google_compute_https_health_check", - "google_compute_image", - "google_compute_image_iam_binding", - "google_compute_image_iam_member", - "google_compute_image_iam_policy", - "google_compute_instance", - "google_compute_instance_from_machine_image", - "google_compute_instance_from_template", - "google_compute_instance_group", - "google_compute_instance_group_manager", - "google_compute_instance_group_membership", - "google_compute_instance_group_named_port", - "google_compute_instance_iam_binding", - "google_compute_instance_iam_member", - "google_compute_instance_iam_policy", - "google_compute_instance_settings", - "google_compute_instance_template", - "google_compute_interconnect", - "google_compute_interconnect_attachment", - "google_compute_machine_image", - "google_compute_machine_image_iam_binding", - "google_compute_machine_image_iam_member", - "google_compute_machine_image_iam_policy", - "google_compute_managed_ssl_certificate", - "google_compute_network", - "google_compute_network_attachment", - "google_compute_network_edge_security_service", - "google_compute_network_endpoint", - "google_compute_network_endpoint_group", - "google_compute_network_endpoints", - "google_compute_network_firewall_policy", - "google_compute_network_firewall_policy_association", - "google_compute_network_firewall_policy_rule", - "google_compute_network_peering", - "google_compute_network_peering_routes_config", - "google_compute_node_group", - "google_compute_node_template", - "google_compute_organization_security_policy", - "google_compute_organization_security_policy_association", - "google_compute_organization_security_policy_rule", - "google_compute_packet_mirroring", - "google_compute_per_instance_config", - "google_compute_project_cloud_armor_tier", - "google_compute_project_default_network_tier", - "google_compute_project_metadata", - "google_compute_project_metadata_item", - "google_compute_public_advertised_prefix", - "google_compute_public_delegated_prefix", - "google_compute_region_autoscaler", - "google_compute_region_backend_service", - "google_compute_region_backend_service_iam_binding", - "google_compute_region_backend_service_iam_member", - "google_compute_region_backend_service_iam_policy", - "google_compute_region_commitment", - "google_compute_region_disk", - "google_compute_region_disk_iam_binding", - "google_compute_region_disk_iam_member", - "google_compute_region_disk_iam_policy", - "google_compute_region_disk_resource_policy_attachment", - "google_compute_region_health_check", - "google_compute_region_instance_group_manager", - "google_compute_region_instance_template", - "google_compute_region_network_endpoint", - "google_compute_region_network_endpoint_group", - "google_compute_region_network_firewall_policy", - "google_compute_region_network_firewall_policy_association", - "google_compute_region_network_firewall_policy_rule", - "google_compute_region_per_instance_config", - "google_compute_region_security_policy", - "google_compute_region_security_policy_rule", - "google_compute_region_ssl_certificate", - "google_compute_region_target_http_proxy", - "google_compute_region_target_https_proxy", - "google_compute_region_target_tcp_proxy", - "google_compute_region_url_map", - "google_compute_reservation", - "google_compute_resize_request", - "google_compute_resource_policy", - "google_compute_route", - "google_compute_router", - "google_compute_router_interface", - "google_compute_router_nat", - "google_compute_router_peer", - "google_compute_router_route_policy", - "google_compute_security_policy", - "google_compute_security_policy_rule", - "google_compute_service_attachment", - "google_compute_shared_vpc_host_project", - "google_compute_shared_vpc_service_project", - "google_compute_snapshot", - "google_compute_snapshot_iam_binding", - "google_compute_snapshot_iam_member", - "google_compute_snapshot_iam_policy", - "google_compute_ssl_certificate", - "google_compute_ssl_policy", - "google_compute_subnetwork", - "google_compute_subnetwork_iam_binding", - "google_compute_subnetwork_iam_member", - "google_compute_subnetwork_iam_policy", - "google_compute_target_grpc_proxy", - "google_compute_target_http_proxy", - "google_compute_target_https_proxy", - "google_compute_target_instance", - "google_compute_target_pool", - "google_compute_target_ssl_proxy", - "google_compute_target_tcp_proxy", - "google_compute_url_map", - "google_compute_vpn_gateway", - "google_compute_vpn_tunnel", - "google_container_analysis_note", - "google_container_analysis_note_iam_binding", - "google_container_analysis_note_iam_member", - "google_container_analysis_note_iam_policy", - "google_container_analysis_occurrence", - "google_container_attached_cluster", - "google_container_aws_cluster", - "google_container_aws_node_pool", - "google_container_azure_client", - "google_container_azure_cluster", - "google_container_azure_node_pool", - "google_container_cluster", - "google_container_node_pool", - "google_container_registry", - "google_data_catalog_entry", - "google_data_catalog_entry_group", - "google_data_catalog_entry_group_iam_binding", - "google_data_catalog_entry_group_iam_member", - "google_data_catalog_entry_group_iam_policy", - "google_data_catalog_policy_tag", - "google_data_catalog_policy_tag_iam_binding", - "google_data_catalog_policy_tag_iam_member", - "google_data_catalog_policy_tag_iam_policy", - "google_data_catalog_tag", - "google_data_catalog_tag_template", - "google_data_catalog_tag_template_iam_binding", - "google_data_catalog_tag_template_iam_member", - "google_data_catalog_tag_template_iam_policy", - "google_data_catalog_taxonomy", - "google_data_catalog_taxonomy_iam_binding", - "google_data_catalog_taxonomy_iam_member", - "google_data_catalog_taxonomy_iam_policy", - "google_data_fusion_instance", - "google_data_fusion_instance_iam_binding", - "google_data_fusion_instance_iam_member", - "google_data_fusion_instance_iam_policy", - "google_data_loss_prevention_deidentify_template", - "google_data_loss_prevention_discovery_config", - "google_data_loss_prevention_inspect_template", - "google_data_loss_prevention_job_trigger", - "google_data_loss_prevention_stored_info_type", - "google_data_pipeline_pipeline", - "google_database_migration_service_connection_profile", - "google_database_migration_service_private_connection", - "google_dataflow_flex_template_job", - "google_dataflow_job", - "google_dataform_repository", - "google_dataform_repository_iam_binding", - "google_dataform_repository_iam_member", - "google_dataform_repository_iam_policy", - "google_dataform_repository_release_config", - "google_dataform_repository_workflow_config", - "google_dataplex_aspect_type", - "google_dataplex_aspect_type_iam_binding", - "google_dataplex_aspect_type_iam_member", - "google_dataplex_aspect_type_iam_policy", - "google_dataplex_asset", - "google_dataplex_asset_iam_binding", - "google_dataplex_asset_iam_member", - "google_dataplex_asset_iam_policy", - "google_dataplex_datascan", - "google_dataplex_datascan_iam_binding", - "google_dataplex_datascan_iam_member", - "google_dataplex_datascan_iam_policy", - "google_dataplex_entry_group", - "google_dataplex_entry_group_iam_binding", - "google_dataplex_entry_group_iam_member", - "google_dataplex_entry_group_iam_policy", - "google_dataplex_entry_type", - "google_dataplex_entry_type_iam_binding", - "google_dataplex_entry_type_iam_member", - "google_dataplex_entry_type_iam_policy", - "google_dataplex_lake", - "google_dataplex_lake_iam_binding", - "google_dataplex_lake_iam_member", - "google_dataplex_lake_iam_policy", - "google_dataplex_task", - "google_dataplex_task_iam_binding", - "google_dataplex_task_iam_member", - "google_dataplex_task_iam_policy", - "google_dataplex_zone", - "google_dataplex_zone_iam_binding", - "google_dataplex_zone_iam_member", - "google_dataplex_zone_iam_policy", - "google_dataproc_autoscaling_policy", - "google_dataproc_autoscaling_policy_iam_binding", - "google_dataproc_autoscaling_policy_iam_member", - "google_dataproc_autoscaling_policy_iam_policy", - "google_dataproc_cluster", - "google_dataproc_cluster_iam_binding", - "google_dataproc_cluster_iam_member", - "google_dataproc_cluster_iam_policy", - "google_dataproc_job", - "google_dataproc_job_iam_binding", - "google_dataproc_job_iam_member", - "google_dataproc_job_iam_policy", - "google_dataproc_metastore_federation", - "google_dataproc_metastore_federation_iam_binding", - "google_dataproc_metastore_federation_iam_member", - "google_dataproc_metastore_federation_iam_policy", - "google_dataproc_metastore_service", - "google_dataproc_metastore_service_iam_binding", - "google_dataproc_metastore_service_iam_member", - "google_dataproc_metastore_service_iam_policy", - "google_dataproc_workflow_template", - "google_datastore_index", - "google_datastream_connection_profile", - "google_datastream_private_connection", - "google_datastream_stream", - "google_deployment_manager_deployment", - "google_dialogflow_agent", - "google_dialogflow_cx_agent", - "google_dialogflow_cx_entity_type", - "google_dialogflow_cx_environment", - "google_dialogflow_cx_flow", - "google_dialogflow_cx_intent", - "google_dialogflow_cx_page", - "google_dialogflow_cx_security_settings", - "google_dialogflow_cx_version", - "google_dialogflow_cx_webhook", - "google_dialogflow_entity_type", - "google_dialogflow_fulfillment", - "google_dialogflow_intent", - "google_discovery_engine_chat_engine", - "google_discovery_engine_data_store", - "google_discovery_engine_search_engine", - "google_dns_managed_zone", - "google_dns_managed_zone_iam_binding", - "google_dns_managed_zone_iam_member", - "google_dns_managed_zone_iam_policy", - "google_dns_policy", - "google_dns_record_set", - "google_dns_response_policy", - "google_dns_response_policy_rule", - "google_document_ai_processor", - "google_document_ai_processor_default_version", - "google_document_ai_warehouse_document_schema", - "google_document_ai_warehouse_location", - "google_edgecontainer_cluster", - "google_edgecontainer_node_pool", - "google_edgecontainer_vpn_connection", - "google_edgenetwork_network", - "google_edgenetwork_subnet", - "google_endpoints_service", - "google_endpoints_service_consumers_iam_binding", - "google_endpoints_service_consumers_iam_member", - "google_endpoints_service_consumers_iam_policy", - "google_endpoints_service_iam_binding", - "google_endpoints_service_iam_member", - "google_endpoints_service_iam_policy", - "google_essential_contacts_contact", - "google_eventarc_channel", - "google_eventarc_google_channel_config", - "google_eventarc_trigger", - "google_filestore_backup", - "google_filestore_instance", - "google_filestore_snapshot", - "google_firebase_android_app", - "google_firebase_app_check_app_attest_config", - "google_firebase_app_check_debug_token", - "google_firebase_app_check_device_check_config", - "google_firebase_app_check_play_integrity_config", - "google_firebase_app_check_recaptcha_enterprise_config", - "google_firebase_app_check_recaptcha_v3_config", - "google_firebase_app_check_service_config", - "google_firebase_apple_app", - "google_firebase_database_instance", - "google_firebase_extensions_instance", - "google_firebase_hosting_channel", - "google_firebase_hosting_custom_domain", - "google_firebase_hosting_release", - "google_firebase_hosting_site", - "google_firebase_hosting_version", - "google_firebase_project", - "google_firebase_project_location", - "google_firebase_storage_bucket", - "google_firebase_web_app", - "google_firebaserules_release", - "google_firebaserules_ruleset", - "google_firestore_backup_schedule", - "google_firestore_database", - "google_firestore_document", - "google_firestore_field", - "google_firestore_index", - "google_folder", - "google_folder_access_approval_settings", - "google_folder_iam_audit_config", - "google_folder_iam_binding", - "google_folder_iam_member", - "google_folder_iam_policy", - "google_folder_organization_policy", - "google_gke_backup_backup_plan", - "google_gke_backup_backup_plan_iam_binding", - "google_gke_backup_backup_plan_iam_member", - "google_gke_backup_backup_plan_iam_policy", - "google_gke_backup_restore_plan", - "google_gke_backup_restore_plan_iam_binding", - "google_gke_backup_restore_plan_iam_member", - "google_gke_backup_restore_plan_iam_policy", - "google_gke_hub_feature", - "google_gke_hub_feature_iam_binding", - "google_gke_hub_feature_iam_member", - "google_gke_hub_feature_iam_policy", - "google_gke_hub_feature_membership", - "google_gke_hub_fleet", - "google_gke_hub_membership", - "google_gke_hub_membership_binding", - "google_gke_hub_membership_iam_binding", - "google_gke_hub_membership_iam_member", - "google_gke_hub_membership_iam_policy", - "google_gke_hub_membership_rbac_role_binding", - "google_gke_hub_namespace", - "google_gke_hub_scope", - "google_gke_hub_scope_iam_binding", - "google_gke_hub_scope_iam_member", - "google_gke_hub_scope_iam_policy", - "google_gke_hub_scope_rbac_role_binding", - "google_gkeonprem_bare_metal_admin_cluster", - "google_gkeonprem_bare_metal_cluster", - "google_gkeonprem_bare_metal_node_pool", - "google_gkeonprem_vmware_cluster", - "google_gkeonprem_vmware_node_pool", - "google_healthcare_consent_store", - "google_healthcare_consent_store_iam_binding", - "google_healthcare_consent_store_iam_member", - "google_healthcare_consent_store_iam_policy", - "google_healthcare_dataset", - "google_healthcare_dataset_iam_binding", - "google_healthcare_dataset_iam_member", - "google_healthcare_dataset_iam_policy", - "google_healthcare_dicom_store", - "google_healthcare_dicom_store_iam_binding", - "google_healthcare_dicom_store_iam_member", - "google_healthcare_dicom_store_iam_policy", - "google_healthcare_fhir_store", - "google_healthcare_fhir_store_iam_binding", - "google_healthcare_fhir_store_iam_member", - "google_healthcare_fhir_store_iam_policy", - "google_healthcare_hl7_v2_store", - "google_healthcare_hl7_v2_store_iam_binding", - "google_healthcare_hl7_v2_store_iam_member", - "google_healthcare_hl7_v2_store_iam_policy", - "google_iam_access_boundary_policy", - "google_iam_deny_policy", - "google_iam_workforce_pool", - "google_iam_workforce_pool_provider", - "google_iam_workload_identity_pool", - "google_iam_workload_identity_pool_provider", - "google_iap_app_engine_service_iam_binding", - "google_iap_app_engine_service_iam_member", - "google_iap_app_engine_service_iam_policy", - "google_iap_app_engine_version_iam_binding", - "google_iap_app_engine_version_iam_member", - "google_iap_app_engine_version_iam_policy", - "google_iap_brand", - "google_iap_client", - "google_iap_tunnel_dest_group", - "google_iap_tunnel_dest_group_iam_binding", - "google_iap_tunnel_dest_group_iam_member", - "google_iap_tunnel_dest_group_iam_policy", - "google_iap_tunnel_iam_binding", - "google_iap_tunnel_iam_member", - "google_iap_tunnel_iam_policy", - "google_iap_tunnel_instance_iam_binding", - "google_iap_tunnel_instance_iam_member", - "google_iap_tunnel_instance_iam_policy", - "google_iap_web_backend_service_iam_binding", - "google_iap_web_backend_service_iam_member", - "google_iap_web_backend_service_iam_policy", - "google_iap_web_iam_binding", - "google_iap_web_iam_member", - "google_iap_web_iam_policy", - "google_iap_web_region_backend_service_iam_binding", - "google_iap_web_region_backend_service_iam_member", - "google_iap_web_region_backend_service_iam_policy", - "google_iap_web_type_app_engine_iam_binding", - "google_iap_web_type_app_engine_iam_member", - "google_iap_web_type_app_engine_iam_policy", - "google_iap_web_type_compute_iam_binding", - "google_iap_web_type_compute_iam_member", - "google_iap_web_type_compute_iam_policy", - "google_identity_platform_config", - "google_identity_platform_default_supported_idp_config", - "google_identity_platform_inbound_saml_config", - "google_identity_platform_oauth_idp_config", - "google_identity_platform_project_default_config", - "google_identity_platform_tenant", - "google_identity_platform_tenant_default_supported_idp_config", - "google_identity_platform_tenant_inbound_saml_config", - "google_identity_platform_tenant_oauth_idp_config", - "google_integration_connectors_connection", - "google_integration_connectors_endpoint_attachment", - "google_integration_connectors_managed_zone", - "google_integrations_auth_config", - "google_integrations_client", - "google_kms_autokey_config", - "google_kms_crypto_key", - "google_kms_crypto_key_iam_binding", - "google_kms_crypto_key_iam_member", - "google_kms_crypto_key_iam_policy", - "google_kms_crypto_key_version", - "google_kms_ekm_connection", - "google_kms_key_handle", - "google_kms_key_ring", - "google_kms_key_ring_iam_binding", - "google_kms_key_ring_iam_member", - "google_kms_key_ring_iam_policy", - "google_kms_key_ring_import_job", - "google_kms_secret_ciphertext", - "google_logging_billing_account_bucket_config", - "google_logging_billing_account_exclusion", - "google_logging_billing_account_sink", - "google_logging_folder_bucket_config", - "google_logging_folder_exclusion", - "google_logging_folder_settings", - "google_logging_folder_sink", - "google_logging_linked_dataset", - "google_logging_log_view", - "google_logging_log_view_iam_binding", - "google_logging_log_view_iam_member", - "google_logging_log_view_iam_policy", - "google_logging_metric", - "google_logging_organization_bucket_config", - "google_logging_organization_exclusion", - "google_logging_organization_settings", - "google_logging_organization_sink", - "google_logging_project_bucket_config", - "google_logging_project_exclusion", - "google_logging_project_sink", - "google_looker_instance", - "google_managed_kafka_cluster", - "google_managed_kafka_topic", - "google_memcache_instance", - "google_migration_center_group", - "google_migration_center_preference_set", - "google_ml_engine_model", - "google_monitoring_alert_policy", - "google_monitoring_custom_service", - "google_monitoring_dashboard", - "google_monitoring_group", - "google_monitoring_metric_descriptor", - "google_monitoring_monitored_project", - "google_monitoring_notification_channel", - "google_monitoring_service", - "google_monitoring_slo", - "google_monitoring_uptime_check_config", - "google_netapp_active_directory", - "google_netapp_backup", - "google_netapp_backup_policy", - "google_netapp_backup_vault", - "google_netapp_kmsconfig", - "google_netapp_storage_pool", - "google_netapp_volume", - "google_netapp_volume_replication", - "google_netapp_volume_snapshot", - "google_network_connectivity_hub", - "google_network_connectivity_internal_range", - "google_network_connectivity_policy_based_route", - "google_network_connectivity_regional_endpoint", - "google_network_connectivity_service_connection_policy", - "google_network_connectivity_spoke", - "google_network_security_address_group", - "google_network_security_address_group_iam_binding", - "google_network_security_address_group_iam_member", - "google_network_security_address_group_iam_policy", - "google_network_security_authorization_policy", - "google_network_security_client_tls_policy", - "google_network_security_firewall_endpoint", - "google_network_security_firewall_endpoint_association", - "google_network_security_gateway_security_policy", - "google_network_security_gateway_security_policy_rule", - "google_network_security_security_profile", - "google_network_security_security_profile_group", - "google_network_security_server_tls_policy", - "google_network_security_tls_inspection_policy", - "google_network_security_url_lists", - "google_network_services_edge_cache_keyset", - "google_network_services_edge_cache_origin", - "google_network_services_edge_cache_service", - "google_network_services_endpoint_policy", - "google_network_services_gateway", - "google_network_services_grpc_route", - "google_network_services_http_route", - "google_network_services_lb_route_extension", - "google_network_services_lb_traffic_extension", - "google_network_services_mesh", - "google_network_services_service_binding", - "google_network_services_service_lb_policies", - "google_network_services_tcp_route", - "google_network_services_tls_route", - "google_notebooks_environment", - "google_notebooks_instance", - "google_notebooks_instance_iam_binding", - "google_notebooks_instance_iam_member", - "google_notebooks_instance_iam_policy", - "google_notebooks_runtime", - "google_notebooks_runtime_iam_binding", - "google_notebooks_runtime_iam_member", - "google_notebooks_runtime_iam_policy", - "google_org_policy_custom_constraint", - "google_org_policy_policy", - "google_organization_access_approval_settings", - "google_organization_iam_audit_config", - "google_organization_iam_binding", - "google_organization_iam_custom_role", - "google_organization_iam_member", - "google_organization_iam_policy", - "google_organization_policy", - "google_os_config_guest_policies", - "google_os_config_os_policy_assignment", - "google_os_config_patch_deployment", - "google_os_login_ssh_public_key", - "google_parallelstore_instance", - "google_privateca_ca_pool", - "google_privateca_ca_pool_iam_binding", - "google_privateca_ca_pool_iam_member", - "google_privateca_ca_pool_iam_policy", - "google_privateca_certificate", - "google_privateca_certificate_authority", - "google_privateca_certificate_template", - "google_privateca_certificate_template_iam_binding", - "google_privateca_certificate_template_iam_member", - "google_privateca_certificate_template_iam_policy", - "google_privileged_access_manager_entitlement", - "google_project", - "google_project_access_approval_settings", - "google_project_default_service_accounts", - "google_project_iam_audit_config", - "google_project_iam_binding", - "google_project_iam_custom_role", - "google_project_iam_member", - "google_project_iam_member_remove", - "google_project_iam_policy", - "google_project_organization_policy", - "google_project_service", - "google_project_service_identity", - "google_project_services", - "google_project_usage_export_bucket", - "google_public_ca_external_account_key", - "google_pubsub_lite_reservation", - "google_pubsub_lite_subscription", - "google_pubsub_lite_topic", - "google_pubsub_schema", - "google_pubsub_schema_iam_binding", - "google_pubsub_schema_iam_member", - "google_pubsub_schema_iam_policy", - "google_pubsub_subscription", - "google_pubsub_subscription_iam_binding", - "google_pubsub_subscription_iam_member", - "google_pubsub_subscription_iam_policy", - "google_pubsub_topic", - "google_pubsub_topic_iam_binding", - "google_pubsub_topic_iam_member", - "google_pubsub_topic_iam_policy", - "google_recaptcha_enterprise_key", - "google_redis_cluster", - "google_redis_instance", - "google_resource_manager_lien", - "google_runtimeconfig_config", - "google_runtimeconfig_config_iam_binding", - "google_runtimeconfig_config_iam_member", - "google_runtimeconfig_config_iam_policy", - "google_runtimeconfig_variable", - "google_scc_event_threat_detection_custom_module", - "google_scc_folder_custom_module", - "google_scc_management_folder_security_health_analytics_custom_module", - "google_scc_management_organization_event_threat_detection_custom_module", - "google_scc_management_organization_security_health_analytics_custom_module", - "google_scc_management_project_security_health_analytics_custom_module", - "google_scc_mute_config", - "google_scc_notification_config", - "google_scc_organization_custom_module", - "google_scc_project_custom_module", - "google_scc_project_notification_config", - "google_scc_source", - "google_scc_source_iam_binding", - "google_scc_source_iam_member", - "google_scc_source_iam_policy", - "google_scc_v2_folder_mute_config", - "google_scc_v2_organization_mute_config", - "google_scc_v2_organization_notification_config", - "google_scc_v2_project_mute_config", - "google_secret_manager_secret", - "google_secret_manager_secret_iam_binding", - "google_secret_manager_secret_iam_member", - "google_secret_manager_secret_iam_policy", - "google_secret_manager_secret_version", - "google_secure_source_manager_instance", - "google_secure_source_manager_instance_iam_binding", - "google_secure_source_manager_instance_iam_member", - "google_secure_source_manager_instance_iam_policy", - "google_secure_source_manager_repository", - "google_secure_source_manager_repository_iam_binding", - "google_secure_source_manager_repository_iam_member", - "google_secure_source_manager_repository_iam_policy", - "google_security_scanner_scan_config", - "google_securityposture_posture", - "google_service_account", - "google_service_account_iam_binding", - "google_service_account_iam_member", - "google_service_account_iam_policy", - "google_service_account_key", - "google_service_directory_endpoint", - "google_service_directory_namespace", - "google_service_directory_namespace_iam_binding", - "google_service_directory_namespace_iam_member", - "google_service_directory_namespace_iam_policy", - "google_service_directory_service", - "google_service_directory_service_iam_binding", - "google_service_directory_service_iam_member", - "google_service_directory_service_iam_policy", - "google_service_networking_connection", - "google_service_networking_peered_dns_domain", - "google_service_networking_vpc_service_controls", - "google_service_usage_consumer_quota_override", - "google_sourcerepo_repository", - "google_sourcerepo_repository_iam_binding", - "google_sourcerepo_repository_iam_member", - "google_sourcerepo_repository_iam_policy", - "google_spanner_database", - "google_spanner_database_iam_binding", - "google_spanner_database_iam_member", - "google_spanner_database_iam_policy", - "google_spanner_instance", - "google_spanner_instance_config", - "google_spanner_instance_iam_binding", - "google_spanner_instance_iam_member", - "google_spanner_instance_iam_policy", - "google_sql_database", - "google_sql_database_instance", - "google_sql_source_representation_instance", - "google_sql_ssl_cert", - "google_sql_user", - "google_storage_bucket", - "google_storage_bucket_access_control", - "google_storage_bucket_acl", - "google_storage_bucket_iam_binding", - "google_storage_bucket_iam_member", - "google_storage_bucket_iam_policy", - "google_storage_bucket_object", - "google_storage_default_object_access_control", - "google_storage_default_object_acl", - "google_storage_hmac_key", - "google_storage_insights_report_config", - "google_storage_managed_folder", - "google_storage_managed_folder_iam_binding", - "google_storage_managed_folder_iam_member", - "google_storage_managed_folder_iam_policy", - "google_storage_notification", - "google_storage_object_access_control", - "google_storage_object_acl", - "google_storage_transfer_agent_pool", - "google_storage_transfer_job", - "google_tags_location_tag_binding", - "google_tags_tag_binding", - "google_tags_tag_key", - "google_tags_tag_key_iam_binding", - "google_tags_tag_key_iam_member", - "google_tags_tag_key_iam_policy", - "google_tags_tag_value", - "google_tags_tag_value_iam_binding", - "google_tags_tag_value_iam_member", - "google_tags_tag_value_iam_policy", - "google_tpu_node", - "google_tpu_v2_vm", - "google_vertex_ai_dataset", - "google_vertex_ai_deployment_resource_pool", - "google_vertex_ai_endpoint", - "google_vertex_ai_endpoint_iam_binding", - "google_vertex_ai_endpoint_iam_member", - "google_vertex_ai_endpoint_iam_policy", - "google_vertex_ai_feature_group", - "google_vertex_ai_feature_group_feature", - "google_vertex_ai_feature_online_store", - "google_vertex_ai_feature_online_store_featureview", - "google_vertex_ai_featurestore", - "google_vertex_ai_featurestore_entitytype", - "google_vertex_ai_featurestore_entitytype_feature", - "google_vertex_ai_featurestore_entitytype_iam_binding", - "google_vertex_ai_featurestore_entitytype_iam_member", - "google_vertex_ai_featurestore_entitytype_iam_policy", - "google_vertex_ai_featurestore_iam_binding", - "google_vertex_ai_featurestore_iam_member", - "google_vertex_ai_featurestore_iam_policy", - "google_vertex_ai_index", - "google_vertex_ai_index_endpoint", - "google_vertex_ai_metadata_store", - "google_vertex_ai_tensorboard", - "google_vmwareengine_cluster", - "google_vmwareengine_external_access_rule", - "google_vmwareengine_external_address", - "google_vmwareengine_network", - "google_vmwareengine_network_peering", - "google_vmwareengine_network_policy", - "google_vmwareengine_private_cloud", - "google_vmwareengine_subnet", - "google_vpc_access_connector", - "google_workbench_instance", - "google_workbench_instance_iam_binding", - "google_workbench_instance_iam_member", - "google_workbench_instance_iam_policy", - "google_workflows_workflow", - "google_workstations_workstation", - "google_workstations_workstation_cluster", - "google_workstations_workstation_config", - "google_workstations_workstation_config_iam_binding", - "google_workstations_workstation_config_iam_member", - "google_workstations_workstation_config_iam_policy", - "google_workstations_workstation_iam_binding", - "google_workstations_workstation_iam_member", - "google_workstations_workstation_iam_policy" - ] -} + "resources": [ + "google_access_context_manager_access_level", + "google_access_context_manager_access_level_condition", + "google_access_context_manager_access_levels", + "google_access_context_manager_access_policy", + "google_access_context_manager_access_policy_iam_binding", + "google_access_context_manager_access_policy_iam_member", + "google_access_context_manager_access_policy_iam_policy", + "google_access_context_manager_authorized_orgs_desc", + "google_access_context_manager_gcp_user_access_binding", + "google_access_context_manager_service_perimeter", + "google_access_context_manager_service_perimeter_dry_run_egress_policy", + "google_access_context_manager_service_perimeter_dry_run_ingress_policy", + "google_access_context_manager_service_perimeter_dry_run_resource", + "google_access_context_manager_service_perimeter_egress_policy", + "google_access_context_manager_service_perimeter_ingress_policy", + "google_access_context_manager_service_perimeter_resource", + "google_access_context_manager_service_perimeters", + "google_active_directory_domain", + "google_active_directory_domain_trust", + "google_active_directory_peering", + "google_alloydb_backup", + "google_alloydb_cluster", + "google_alloydb_instance", + "google_alloydb_user", + "google_api_gateway_api", + "google_api_gateway_api_config", + "google_api_gateway_api_config_iam_binding", + "google_api_gateway_api_config_iam_member", + "google_api_gateway_api_config_iam_policy", + "google_api_gateway_api_iam_binding", + "google_api_gateway_api_iam_member", + "google_api_gateway_api_iam_policy", + "google_api_gateway_gateway", + "google_api_gateway_gateway_iam_binding", + "google_api_gateway_gateway_iam_member", + "google_api_gateway_gateway_iam_policy", + "google_apigee_addons_config", + "google_apigee_api", + "google_apigee_api_deployment", + "google_apigee_api_product", + "google_apigee_app_group", + "google_apigee_control_plane_access", + "google_apigee_developer", + "google_apigee_developer_app", + "google_apigee_dns_zone", + "google_apigee_env_keystore", + "google_apigee_envgroup", + "google_apigee_envgroup_attachment", + "google_apigee_environment", + "google_apigee_environment_addons_config", + "google_apigee_environment_api_revision_deployment", + "google_apigee_environment_iam_binding", + "google_apigee_environment_iam_member", + "google_apigee_environment_iam_policy", + "google_apigee_environment_keyvaluemaps", + "google_apigee_environment_keyvaluemaps_entries", + "google_apigee_instance", + "google_apigee_instance_attachment", + "google_apigee_keystores_aliases_self_signed_cert", + "google_apigee_nat_address", + "google_apigee_organization", + "google_apigee_security_action", + "google_apigee_security_monitoring_condition", + "google_apigee_security_profile_v2", + "google_apigee_sync_authorization", + "google_apigee_target_server", + "google_apihub_api_hub_instance", + "google_apihub_curation", + "google_apihub_host_project_registration", + "google_apihub_plugin", + "google_apihub_plugin_instance", + "google_apikeys_key", + "google_app_engine_application", + "google_app_engine_application_url_dispatch_rules", + "google_app_engine_domain_mapping", + "google_app_engine_firewall_rule", + "google_app_engine_flexible_app_version", + "google_app_engine_service_network_settings", + "google_app_engine_service_split_traffic", + "google_app_engine_standard_app_version", + "google_apphub_application", + "google_apphub_service", + "google_apphub_service_project_attachment", + "google_apphub_workload", + "google_artifact_registry_package", + "google_artifact_registry_repository", + "google_artifact_registry_repository_iam_binding", + "google_artifact_registry_repository_iam_member", + "google_artifact_registry_repository_iam_policy", + "google_artifact_registry_vpcsc_config", + "google_assured_workloads_workload", + "google_backup_dr_backup_plan", + "google_backup_dr_backup_plan_association", + "google_backup_dr_backup_vault", + "google_backup_dr_management_server", + "google_backup_dr_service_config", + "google_beyondcorp_app_connection", + "google_beyondcorp_app_connector", + "google_beyondcorp_app_gateway", + "google_beyondcorp_security_gateway", + "google_beyondcorp_security_gateway_application", + "google_beyondcorp_security_gateway_application_iam_binding", + "google_beyondcorp_security_gateway_application_iam_member", + "google_beyondcorp_security_gateway_application_iam_policy", + "google_beyondcorp_security_gateway_iam_binding", + "google_beyondcorp_security_gateway_iam_member", + "google_beyondcorp_security_gateway_iam_policy", + "google_biglake_catalog", + "google_biglake_database", + "google_biglake_table", + "google_bigquery_analytics_hub_data_exchange", + "google_bigquery_analytics_hub_data_exchange_iam_binding", + "google_bigquery_analytics_hub_data_exchange_iam_member", + "google_bigquery_analytics_hub_data_exchange_iam_policy", + "google_bigquery_analytics_hub_data_exchange_subscription", + "google_bigquery_analytics_hub_listing", + "google_bigquery_analytics_hub_listing_iam_binding", + "google_bigquery_analytics_hub_listing_iam_member", + "google_bigquery_analytics_hub_listing_iam_policy", + "google_bigquery_analytics_hub_listing_subscription", + "google_bigquery_bi_reservation", + "google_bigquery_capacity_commitment", + "google_bigquery_connection", + "google_bigquery_connection_iam_binding", + "google_bigquery_connection_iam_member", + "google_bigquery_connection_iam_policy", + "google_bigquery_data_transfer_config", + "google_bigquery_datapolicy_data_policy", + "google_bigquery_datapolicy_data_policy_iam_binding", + "google_bigquery_datapolicy_data_policy_iam_member", + "google_bigquery_datapolicy_data_policy_iam_policy", + "google_bigquery_datapolicyv2_data_policy", + "google_bigquery_datapolicyv2_data_policy_iam_binding", + "google_bigquery_datapolicyv2_data_policy_iam_member", + "google_bigquery_datapolicyv2_data_policy_iam_policy", + "google_bigquery_dataset", + "google_bigquery_dataset_access", + "google_bigquery_dataset_iam_binding", + "google_bigquery_dataset_iam_member", + "google_bigquery_dataset_iam_policy", + "google_bigquery_job", + "google_bigquery_reservation", + "google_bigquery_reservation_assignment", + "google_bigquery_routine", + "google_bigquery_row_access_policy", + "google_bigquery_table", + "google_bigquery_table_iam_binding", + "google_bigquery_table_iam_member", + "google_bigquery_table_iam_policy", + "google_bigtable_app_profile", + "google_bigtable_authorized_view", + "google_bigtable_gc_policy", + "google_bigtable_instance", + "google_bigtable_instance_iam_binding", + "google_bigtable_instance_iam_member", + "google_bigtable_instance_iam_policy", + "google_bigtable_logical_view", + "google_bigtable_materialized_view", + "google_bigtable_schema_bundle", + "google_bigtable_table", + "google_bigtable_table_iam_binding", + "google_bigtable_table_iam_member", + "google_bigtable_table_iam_policy", + "google_billing_account_iam_binding", + "google_billing_account_iam_member", + "google_billing_account_iam_policy", + "google_billing_budget", + "google_billing_project_info", + "google_billing_subaccount", + "google_binary_authorization_attestor", + "google_binary_authorization_attestor_iam_binding", + "google_binary_authorization_attestor_iam_member", + "google_binary_authorization_attestor_iam_policy", + "google_binary_authorization_policy", + "google_blockchain_node_engine_blockchain_nodes", + "google_certificate_manager_certificate", + "google_certificate_manager_certificate_issuance_config", + "google_certificate_manager_certificate_map", + "google_certificate_manager_certificate_map_entry", + "google_certificate_manager_dns_authorization", + "google_certificate_manager_trust_config", + "google_ces_agent", + "google_ces_app", + "google_ces_deployment", + "google_ces_example", + "google_ces_guardrail", + "google_ces_tool", + "google_ces_toolset", + "google_chronicle_data_access_label", + "google_chronicle_data_access_scope", + "google_chronicle_reference_list", + "google_chronicle_retrohunt", + "google_chronicle_rule", + "google_chronicle_rule_deployment", + "google_chronicle_watchlist", + "google_cloud_asset_folder_feed", + "google_cloud_asset_organization_feed", + "google_cloud_asset_project_feed", + "google_cloud_identity_group", + "google_cloud_identity_group_membership", + "google_cloud_ids_endpoint", + "google_cloud_quotas_quota_adjuster_settings", + "google_cloud_quotas_quota_preference", + "google_cloud_run_domain_mapping", + "google_cloud_run_service", + "google_cloud_run_service_iam_binding", + "google_cloud_run_service_iam_member", + "google_cloud_run_service_iam_policy", + "google_cloud_run_v2_job", + "google_cloud_run_v2_job_iam_binding", + "google_cloud_run_v2_job_iam_member", + "google_cloud_run_v2_job_iam_policy", + "google_cloud_run_v2_service", + "google_cloud_run_v2_service_iam_binding", + "google_cloud_run_v2_service_iam_member", + "google_cloud_run_v2_service_iam_policy", + "google_cloud_run_v2_worker_pool", + "google_cloud_run_v2_worker_pool_iam_binding", + "google_cloud_run_v2_worker_pool_iam_member", + "google_cloud_run_v2_worker_pool_iam_policy", + "google_cloud_scheduler_job", + "google_cloud_security_compliance_cloud_control", + "google_cloud_security_compliance_framework", + "google_cloud_security_compliance_framework_deployment", + "google_cloud_tasks_queue", + "google_cloud_tasks_queue_iam_binding", + "google_cloud_tasks_queue_iam_member", + "google_cloud_tasks_queue_iam_policy", + "google_cloudbuild_bitbucket_server_config", + "google_cloudbuild_trigger", + "google_cloudbuild_worker_pool", + "google_cloudbuildv2_connection", + "google_cloudbuildv2_connection_iam_binding", + "google_cloudbuildv2_connection_iam_member", + "google_cloudbuildv2_connection_iam_policy", + "google_cloudbuildv2_repository", + "google_clouddeploy_automation", + "google_clouddeploy_custom_target_type", + "google_clouddeploy_custom_target_type_iam_binding", + "google_clouddeploy_custom_target_type_iam_member", + "google_clouddeploy_custom_target_type_iam_policy", + "google_clouddeploy_delivery_pipeline", + "google_clouddeploy_delivery_pipeline_iam_binding", + "google_clouddeploy_delivery_pipeline_iam_member", + "google_clouddeploy_delivery_pipeline_iam_policy", + "google_clouddeploy_deploy_policy", + "google_clouddeploy_target", + "google_clouddeploy_target_iam_binding", + "google_clouddeploy_target_iam_member", + "google_clouddeploy_target_iam_policy", + "google_clouddomains_registration", + "google_cloudfunctions2_function", + "google_cloudfunctions2_function_iam_binding", + "google_cloudfunctions2_function_iam_member", + "google_cloudfunctions2_function_iam_policy", + "google_cloudfunctions_function", + "google_cloudfunctions_function_iam_binding", + "google_cloudfunctions_function_iam_member", + "google_cloudfunctions_function_iam_policy", + "google_cloudiot_registry", + "google_colab_notebook_execution", + "google_colab_runtime", + "google_colab_runtime_template", + "google_colab_runtime_template_iam_binding", + "google_colab_runtime_template_iam_member", + "google_colab_runtime_template_iam_policy", + "google_colab_schedule", + "google_composer_environment", + "google_composer_user_workloads_config_map", + "google_composer_user_workloads_secret", + "google_compute_address", + "google_compute_attached_disk", + "google_compute_autoscaler", + "google_compute_backend_bucket", + "google_compute_backend_bucket_iam_binding", + "google_compute_backend_bucket_iam_member", + "google_compute_backend_bucket_iam_policy", + "google_compute_backend_bucket_signed_url_key", + "google_compute_backend_service", + "google_compute_backend_service_iam_binding", + "google_compute_backend_service_iam_member", + "google_compute_backend_service_iam_policy", + "google_compute_backend_service_signed_url_key", + "google_compute_cross_site_network", + "google_compute_disk", + "google_compute_disk_async_replication", + "google_compute_disk_iam_binding", + "google_compute_disk_iam_member", + "google_compute_disk_iam_policy", + "google_compute_disk_resource_policy_attachment", + "google_compute_external_vpn_gateway", + "google_compute_firewall", + "google_compute_firewall_policy", + "google_compute_firewall_policy_association", + "google_compute_firewall_policy_rule", + "google_compute_firewall_policy_with_rules", + "google_compute_forwarding_rule", + "google_compute_future_reservation", + "google_compute_global_address", + "google_compute_global_forwarding_rule", + "google_compute_global_network_endpoint", + "google_compute_global_network_endpoint_group", + "google_compute_ha_vpn_gateway", + "google_compute_health_check", + "google_compute_http_health_check", + "google_compute_https_health_check", + "google_compute_image", + "google_compute_image_iam_binding", + "google_compute_image_iam_member", + "google_compute_image_iam_policy", + "google_compute_instance", + "google_compute_instance_from_machine_image", + "google_compute_instance_from_template", + "google_compute_instance_group", + "google_compute_instance_group_manager", + "google_compute_instance_group_membership", + "google_compute_instance_group_named_port", + "google_compute_instance_iam_binding", + "google_compute_instance_iam_member", + "google_compute_instance_iam_policy", + "google_compute_instance_settings", + "google_compute_instance_template", + "google_compute_instance_template_iam_binding", + "google_compute_instance_template_iam_member", + "google_compute_instance_template_iam_policy", + "google_compute_instant_snapshot", + "google_compute_instant_snapshot_iam_binding", + "google_compute_instant_snapshot_iam_member", + "google_compute_instant_snapshot_iam_policy", + "google_compute_interconnect", + "google_compute_interconnect_attachment", + "google_compute_interconnect_attachment_group", + "google_compute_interconnect_group", + "google_compute_machine_image", + "google_compute_machine_image_iam_binding", + "google_compute_machine_image_iam_member", + "google_compute_machine_image_iam_policy", + "google_compute_managed_ssl_certificate", + "google_compute_network", + "google_compute_network_attachment", + "google_compute_network_edge_security_service", + "google_compute_network_endpoint", + "google_compute_network_endpoint_group", + "google_compute_network_endpoints", + "google_compute_network_firewall_policy", + "google_compute_network_firewall_policy_association", + "google_compute_network_firewall_policy_packet_mirroring_rule", + "google_compute_network_firewall_policy_rule", + "google_compute_network_firewall_policy_with_rules", + "google_compute_network_peering", + "google_compute_network_peering_routes_config", + "google_compute_node_group", + "google_compute_node_template", + "google_compute_organization_security_policy", + "google_compute_organization_security_policy_association", + "google_compute_organization_security_policy_rule", + "google_compute_packet_mirroring", + "google_compute_per_instance_config", + "google_compute_preview_feature", + "google_compute_project_cloud_armor_tier", + "google_compute_project_default_network_tier", + "google_compute_project_metadata", + "google_compute_project_metadata_item", + "google_compute_public_advertised_prefix", + "google_compute_public_delegated_prefix", + "google_compute_region_autoscaler", + "google_compute_region_backend_service", + "google_compute_region_backend_service_iam_binding", + "google_compute_region_backend_service_iam_member", + "google_compute_region_backend_service_iam_policy", + "google_compute_region_commitment", + "google_compute_region_disk", + "google_compute_region_disk_iam_binding", + "google_compute_region_disk_iam_member", + "google_compute_region_disk_iam_policy", + "google_compute_region_disk_resource_policy_attachment", + "google_compute_region_health_aggregation_policy", + "google_compute_region_health_check", + "google_compute_region_instance_group_manager", + "google_compute_region_instance_template", + "google_compute_region_network_endpoint", + "google_compute_region_network_endpoint_group", + "google_compute_region_network_firewall_policy", + "google_compute_region_network_firewall_policy_association", + "google_compute_region_network_firewall_policy_rule", + "google_compute_region_network_firewall_policy_with_rules", + "google_compute_region_per_instance_config", + "google_compute_region_resize_request", + "google_compute_region_security_policy", + "google_compute_region_security_policy_rule", + "google_compute_region_ssl_certificate", + "google_compute_region_target_http_proxy", + "google_compute_region_target_https_proxy", + "google_compute_region_target_tcp_proxy", + "google_compute_region_url_map", + "google_compute_reservation", + "google_compute_resize_request", + "google_compute_resource_policy", + "google_compute_resource_policy_attachment", + "google_compute_route", + "google_compute_router", + "google_compute_router_interface", + "google_compute_router_nat", + "google_compute_router_nat_address", + "google_compute_router_peer", + "google_compute_router_route_policy", + "google_compute_security_policy", + "google_compute_security_policy_rule", + "google_compute_service_attachment", + "google_compute_shared_vpc_host_project", + "google_compute_shared_vpc_service_project", + "google_compute_snapshot", + "google_compute_snapshot_iam_binding", + "google_compute_snapshot_iam_member", + "google_compute_snapshot_iam_policy", + "google_compute_snapshot_settings", + "google_compute_ssl_certificate", + "google_compute_ssl_policy", + "google_compute_storage_pool", + "google_compute_storage_pool_iam_binding", + "google_compute_storage_pool_iam_member", + "google_compute_storage_pool_iam_policy", + "google_compute_subnetwork", + "google_compute_subnetwork_iam_binding", + "google_compute_subnetwork_iam_member", + "google_compute_subnetwork_iam_policy", + "google_compute_target_grpc_proxy", + "google_compute_target_http_proxy", + "google_compute_target_https_proxy", + "google_compute_target_instance", + "google_compute_target_pool", + "google_compute_target_ssl_proxy", + "google_compute_target_tcp_proxy", + "google_compute_url_map", + "google_compute_vpn_gateway", + "google_compute_vpn_tunnel", + "google_compute_wire_group", + "google_contact_center_insights_analysis_rule", + "google_contact_center_insights_view", + "google_container_analysis_note", + "google_container_analysis_note_iam_binding", + "google_container_analysis_note_iam_member", + "google_container_analysis_note_iam_policy", + "google_container_analysis_occurrence", + "google_container_attached_cluster", + "google_container_aws_cluster", + "google_container_aws_node_pool", + "google_container_azure_client", + "google_container_azure_cluster", + "google_container_azure_node_pool", + "google_container_cluster", + "google_container_node_pool", + "google_container_registry", + "google_data_catalog_entry", + "google_data_catalog_entry_group", + "google_data_catalog_entry_group_iam_binding", + "google_data_catalog_entry_group_iam_member", + "google_data_catalog_entry_group_iam_policy", + "google_data_catalog_policy_tag", + "google_data_catalog_policy_tag_iam_binding", + "google_data_catalog_policy_tag_iam_member", + "google_data_catalog_policy_tag_iam_policy", + "google_data_catalog_tag", + "google_data_catalog_tag_template", + "google_data_catalog_tag_template_iam_binding", + "google_data_catalog_tag_template_iam_member", + "google_data_catalog_tag_template_iam_policy", + "google_data_catalog_taxonomy", + "google_data_catalog_taxonomy_iam_binding", + "google_data_catalog_taxonomy_iam_member", + "google_data_catalog_taxonomy_iam_policy", + "google_data_fusion_instance", + "google_data_fusion_instance_iam_binding", + "google_data_fusion_instance_iam_member", + "google_data_fusion_instance_iam_policy", + "google_data_loss_prevention_deidentify_template", + "google_data_loss_prevention_discovery_config", + "google_data_loss_prevention_inspect_template", + "google_data_loss_prevention_job_trigger", + "google_data_loss_prevention_stored_info_type", + "google_data_pipeline_pipeline", + "google_database_migration_service_connection_profile", + "google_database_migration_service_migration_job", + "google_database_migration_service_private_connection", + "google_dataflow_flex_template_job", + "google_dataflow_job", + "google_dataform_repository", + "google_dataform_repository_iam_binding", + "google_dataform_repository_iam_member", + "google_dataform_repository_iam_policy", + "google_dataform_repository_release_config", + "google_dataform_repository_workflow_config", + "google_dataplex_aspect_type", + "google_dataplex_aspect_type_iam_binding", + "google_dataplex_aspect_type_iam_member", + "google_dataplex_aspect_type_iam_policy", + "google_dataplex_asset", + "google_dataplex_asset_iam_binding", + "google_dataplex_asset_iam_member", + "google_dataplex_asset_iam_policy", + "google_dataplex_datascan", + "google_dataplex_datascan_iam_binding", + "google_dataplex_datascan_iam_member", + "google_dataplex_datascan_iam_policy", + "google_dataplex_entry", + "google_dataplex_entry_group", + "google_dataplex_entry_group_iam_binding", + "google_dataplex_entry_group_iam_member", + "google_dataplex_entry_group_iam_policy", + "google_dataplex_entry_link", + "google_dataplex_entry_type", + "google_dataplex_entry_type_iam_binding", + "google_dataplex_entry_type_iam_member", + "google_dataplex_entry_type_iam_policy", + "google_dataplex_glossary", + "google_dataplex_glossary_category", + "google_dataplex_glossary_iam_binding", + "google_dataplex_glossary_iam_member", + "google_dataplex_glossary_iam_policy", + "google_dataplex_glossary_term", + "google_dataplex_lake", + "google_dataplex_lake_iam_binding", + "google_dataplex_lake_iam_member", + "google_dataplex_lake_iam_policy", + "google_dataplex_task", + "google_dataplex_task_iam_binding", + "google_dataplex_task_iam_member", + "google_dataplex_task_iam_policy", + "google_dataplex_zone", + "google_dataplex_zone_iam_binding", + "google_dataplex_zone_iam_member", + "google_dataplex_zone_iam_policy", + "google_dataproc_autoscaling_policy", + "google_dataproc_autoscaling_policy_iam_binding", + "google_dataproc_autoscaling_policy_iam_member", + "google_dataproc_autoscaling_policy_iam_policy", + "google_dataproc_batch", + "google_dataproc_cluster", + "google_dataproc_cluster_iam_binding", + "google_dataproc_cluster_iam_member", + "google_dataproc_cluster_iam_policy", + "google_dataproc_gdc_application_environment", + "google_dataproc_gdc_service_instance", + "google_dataproc_gdc_spark_application", + "google_dataproc_job", + "google_dataproc_job_iam_binding", + "google_dataproc_job_iam_member", + "google_dataproc_job_iam_policy", + "google_dataproc_metastore_database_iam_binding", + "google_dataproc_metastore_database_iam_member", + "google_dataproc_metastore_database_iam_policy", + "google_dataproc_metastore_federation", + "google_dataproc_metastore_federation_iam_binding", + "google_dataproc_metastore_federation_iam_member", + "google_dataproc_metastore_federation_iam_policy", + "google_dataproc_metastore_service", + "google_dataproc_metastore_service_iam_binding", + "google_dataproc_metastore_service_iam_member", + "google_dataproc_metastore_service_iam_policy", + "google_dataproc_metastore_table_iam_binding", + "google_dataproc_metastore_table_iam_member", + "google_dataproc_metastore_table_iam_policy", + "google_dataproc_session_template", + "google_dataproc_workflow_template", + "google_datastream_connection_profile", + "google_datastream_private_connection", + "google_datastream_stream", + "google_deployment_manager_deployment", + "google_developer_connect_account_connector", + "google_developer_connect_connection", + "google_developer_connect_git_repository_link", + "google_developer_connect_insights_config", + "google_dialogflow_agent", + "google_dialogflow_conversation_profile", + "google_dialogflow_cx_agent", + "google_dialogflow_cx_entity_type", + "google_dialogflow_cx_environment", + "google_dialogflow_cx_flow", + "google_dialogflow_cx_generative_settings", + "google_dialogflow_cx_generator", + "google_dialogflow_cx_intent", + "google_dialogflow_cx_page", + "google_dialogflow_cx_playbook", + "google_dialogflow_cx_security_settings", + "google_dialogflow_cx_tool", + "google_dialogflow_cx_version", + "google_dialogflow_cx_webhook", + "google_dialogflow_encryption_spec", + "google_dialogflow_entity_type", + "google_dialogflow_fulfillment", + "google_dialogflow_intent", + "google_discovery_engine_acl_config", + "google_discovery_engine_assistant", + "google_discovery_engine_chat_engine", + "google_discovery_engine_cmek_config", + "google_discovery_engine_control", + "google_discovery_engine_data_connector", + "google_discovery_engine_data_store", + "google_discovery_engine_license_config", + "google_discovery_engine_recommendation_engine", + "google_discovery_engine_schema", + "google_discovery_engine_search_engine", + "google_discovery_engine_sitemap", + "google_discovery_engine_target_site", + "google_discovery_engine_user_store", + "google_dns_managed_zone", + "google_dns_managed_zone_iam_binding", + "google_dns_managed_zone_iam_member", + "google_dns_managed_zone_iam_policy", + "google_dns_policy", + "google_dns_record_set", + "google_dns_response_policy", + "google_dns_response_policy_rule", + "google_document_ai_processor", + "google_document_ai_processor_default_version", + "google_document_ai_warehouse_document_schema", + "google_document_ai_warehouse_location", + "google_edgecontainer_cluster", + "google_edgecontainer_node_pool", + "google_edgecontainer_vpn_connection", + "google_edgenetwork_interconnect_attachment", + "google_edgenetwork_network", + "google_edgenetwork_subnet", + "google_endpoints_service", + "google_endpoints_service_consumers_iam_binding", + "google_endpoints_service_consumers_iam_member", + "google_endpoints_service_consumers_iam_policy", + "google_endpoints_service_iam_binding", + "google_endpoints_service_iam_member", + "google_endpoints_service_iam_policy", + "google_essential_contacts_contact", + "google_eventarc_channel", + "google_eventarc_enrollment", + "google_eventarc_google_api_source", + "google_eventarc_google_channel_config", + "google_eventarc_message_bus", + "google_eventarc_pipeline", + "google_eventarc_trigger", + "google_filestore_backup", + "google_filestore_instance", + "google_filestore_snapshot", + "google_firebase_android_app", + "google_firebase_app_check_app_attest_config", + "google_firebase_app_check_debug_token", + "google_firebase_app_check_device_check_config", + "google_firebase_app_check_play_integrity_config", + "google_firebase_app_check_recaptcha_enterprise_config", + "google_firebase_app_check_recaptcha_v3_config", + "google_firebase_app_check_service_config", + "google_firebase_app_hosting_backend", + "google_firebase_app_hosting_build", + "google_firebase_app_hosting_default_domain", + "google_firebase_app_hosting_domain", + "google_firebase_app_hosting_traffic", + "google_firebase_apple_app", + "google_firebase_data_connect_service", + "google_firebase_database_instance", + "google_firebase_extensions_instance", + "google_firebase_hosting_channel", + "google_firebase_hosting_custom_domain", + "google_firebase_hosting_release", + "google_firebase_hosting_site", + "google_firebase_hosting_version", + "google_firebase_project", + "google_firebase_project_location", + "google_firebase_storage_bucket", + "google_firebase_web_app", + "google_firebaserules_release", + "google_firebaserules_ruleset", + "google_firestore_backup_schedule", + "google_firestore_database", + "google_firestore_document", + "google_firestore_field", + "google_firestore_index", + "google_firestore_user_creds", + "google_folder", + "google_folder_access_approval_settings", + "google_folder_iam_audit_config", + "google_folder_iam_binding", + "google_folder_iam_member", + "google_folder_iam_policy", + "google_folder_organization_policy", + "google_folder_service_identity", + "google_gemini_code_repository_index", + "google_gemini_code_tools_setting", + "google_gemini_code_tools_setting_binding", + "google_gemini_data_sharing_with_google_setting", + "google_gemini_data_sharing_with_google_setting_binding", + "google_gemini_gemini_gcp_enablement_setting", + "google_gemini_gemini_gcp_enablement_setting_binding", + "google_gemini_logging_setting", + "google_gemini_logging_setting_binding", + "google_gemini_release_channel_setting", + "google_gemini_release_channel_setting_binding", + "google_gemini_repository_group", + "google_gemini_repository_group_iam_binding", + "google_gemini_repository_group_iam_member", + "google_gemini_repository_group_iam_policy", + "google_gke_backup_backup_channel", + "google_gke_backup_backup_plan", + "google_gke_backup_backup_plan_iam_binding", + "google_gke_backup_backup_plan_iam_member", + "google_gke_backup_backup_plan_iam_policy", + "google_gke_backup_restore_channel", + "google_gke_backup_restore_plan", + "google_gke_backup_restore_plan_iam_binding", + "google_gke_backup_restore_plan_iam_member", + "google_gke_backup_restore_plan_iam_policy", + "google_gke_hub_feature", + "google_gke_hub_feature_iam_binding", + "google_gke_hub_feature_iam_member", + "google_gke_hub_feature_iam_policy", + "google_gke_hub_feature_membership", + "google_gke_hub_fleet", + "google_gke_hub_membership", + "google_gke_hub_membership_binding", + "google_gke_hub_membership_iam_binding", + "google_gke_hub_membership_iam_member", + "google_gke_hub_membership_iam_policy", + "google_gke_hub_membership_rbac_role_binding", + "google_gke_hub_namespace", + "google_gke_hub_scope", + "google_gke_hub_scope_iam_binding", + "google_gke_hub_scope_iam_member", + "google_gke_hub_scope_iam_policy", + "google_gke_hub_scope_rbac_role_binding", + "google_gkeonprem_bare_metal_admin_cluster", + "google_gkeonprem_bare_metal_cluster", + "google_gkeonprem_bare_metal_node_pool", + "google_gkeonprem_vmware_admin_cluster", + "google_gkeonprem_vmware_cluster", + "google_gkeonprem_vmware_node_pool", + "google_healthcare_consent_store", + "google_healthcare_consent_store_iam_binding", + "google_healthcare_consent_store_iam_member", + "google_healthcare_consent_store_iam_policy", + "google_healthcare_dataset", + "google_healthcare_dataset_iam_binding", + "google_healthcare_dataset_iam_member", + "google_healthcare_dataset_iam_policy", + "google_healthcare_dicom_store", + "google_healthcare_dicom_store_iam_binding", + "google_healthcare_dicom_store_iam_member", + "google_healthcare_dicom_store_iam_policy", + "google_healthcare_fhir_store", + "google_healthcare_fhir_store_iam_binding", + "google_healthcare_fhir_store_iam_member", + "google_healthcare_fhir_store_iam_policy", + "google_healthcare_hl7_v2_store", + "google_healthcare_hl7_v2_store_iam_binding", + "google_healthcare_hl7_v2_store_iam_member", + "google_healthcare_hl7_v2_store_iam_policy", + "google_healthcare_pipeline_job", + "google_healthcare_workspace", + "google_iam_access_boundary_policy", + "google_iam_deny_policy", + "google_iam_folders_policy_binding", + "google_iam_oauth_client", + "google_iam_oauth_client_credential", + "google_iam_organizations_policy_binding", + "google_iam_principal_access_boundary_policy", + "google_iam_projects_policy_binding", + "google_iam_workforce_pool", + "google_iam_workforce_pool_iam_binding", + "google_iam_workforce_pool_iam_member", + "google_iam_workforce_pool_iam_policy", + "google_iam_workforce_pool_provider", + "google_iam_workforce_pool_provider_key", + "google_iam_workforce_pool_provider_scim_tenant", + "google_iam_workload_identity_pool", + "google_iam_workload_identity_pool_iam_binding", + "google_iam_workload_identity_pool_iam_member", + "google_iam_workload_identity_pool_iam_policy", + "google_iam_workload_identity_pool_managed_identity", + "google_iam_workload_identity_pool_namespace", + "google_iam_workload_identity_pool_provider", + "google_iap_app_engine_service_iam_binding", + "google_iap_app_engine_service_iam_member", + "google_iap_app_engine_service_iam_policy", + "google_iap_app_engine_version_iam_binding", + "google_iap_app_engine_version_iam_member", + "google_iap_app_engine_version_iam_policy", + "google_iap_brand", + "google_iap_client", + "google_iap_settings", + "google_iap_tunnel_dest_group", + "google_iap_tunnel_dest_group_iam_binding", + "google_iap_tunnel_dest_group_iam_member", + "google_iap_tunnel_dest_group_iam_policy", + "google_iap_tunnel_iam_binding", + "google_iap_tunnel_iam_member", + "google_iap_tunnel_iam_policy", + "google_iap_tunnel_instance_iam_binding", + "google_iap_tunnel_instance_iam_member", + "google_iap_tunnel_instance_iam_policy", + "google_iap_web_backend_service_iam_binding", + "google_iap_web_backend_service_iam_member", + "google_iap_web_backend_service_iam_policy", + "google_iap_web_cloud_run_service_iam_binding", + "google_iap_web_cloud_run_service_iam_member", + "google_iap_web_cloud_run_service_iam_policy", + "google_iap_web_forwarding_rule_service_iam_binding", + "google_iap_web_forwarding_rule_service_iam_member", + "google_iap_web_forwarding_rule_service_iam_policy", + "google_iap_web_iam_binding", + "google_iap_web_iam_member", + "google_iap_web_iam_policy", + "google_iap_web_region_backend_service_iam_binding", + "google_iap_web_region_backend_service_iam_member", + "google_iap_web_region_backend_service_iam_policy", + "google_iap_web_region_forwarding_rule_service_iam_binding", + "google_iap_web_region_forwarding_rule_service_iam_member", + "google_iap_web_region_forwarding_rule_service_iam_policy", + "google_iap_web_type_app_engine_iam_binding", + "google_iap_web_type_app_engine_iam_member", + "google_iap_web_type_app_engine_iam_policy", + "google_iap_web_type_compute_iam_binding", + "google_iap_web_type_compute_iam_member", + "google_iap_web_type_compute_iam_policy", + "google_identity_platform_config", + "google_identity_platform_default_supported_idp_config", + "google_identity_platform_inbound_saml_config", + "google_identity_platform_oauth_idp_config", + "google_identity_platform_tenant", + "google_identity_platform_tenant_default_supported_idp_config", + "google_identity_platform_tenant_inbound_saml_config", + "google_identity_platform_tenant_oauth_idp_config", + "google_integration_connectors_connection", + "google_integration_connectors_endpoint_attachment", + "google_integration_connectors_managed_zone", + "google_integrations_auth_config", + "google_integrations_client", + "google_kms_autokey_config", + "google_kms_crypto_key", + "google_kms_crypto_key_iam_binding", + "google_kms_crypto_key_iam_member", + "google_kms_crypto_key_iam_policy", + "google_kms_crypto_key_version", + "google_kms_ekm_connection", + "google_kms_ekm_connection_iam_binding", + "google_kms_ekm_connection_iam_member", + "google_kms_ekm_connection_iam_policy", + "google_kms_folder_kaj_policy_config", + "google_kms_key_handle", + "google_kms_key_ring", + "google_kms_key_ring_iam_binding", + "google_kms_key_ring_iam_member", + "google_kms_key_ring_iam_policy", + "google_kms_key_ring_import_job", + "google_kms_organization_kaj_policy_config", + "google_kms_project_kaj_policy_config", + "google_kms_secret_ciphertext", + "google_logging_billing_account_bucket_config", + "google_logging_billing_account_exclusion", + "google_logging_billing_account_sink", + "google_logging_folder_bucket_config", + "google_logging_folder_exclusion", + "google_logging_folder_settings", + "google_logging_folder_sink", + "google_logging_linked_dataset", + "google_logging_log_scope", + "google_logging_log_view", + "google_logging_log_view_iam_binding", + "google_logging_log_view_iam_member", + "google_logging_log_view_iam_policy", + "google_logging_metric", + "google_logging_organization_bucket_config", + "google_logging_organization_exclusion", + "google_logging_organization_settings", + "google_logging_organization_sink", + "google_logging_project_bucket_config", + "google_logging_project_exclusion", + "google_logging_project_sink", + "google_looker_instance", + "google_lustre_instance", + "google_managed_kafka_acl", + "google_managed_kafka_cluster", + "google_managed_kafka_connect_cluster", + "google_managed_kafka_connector", + "google_managed_kafka_topic", + "google_memcache_instance", + "google_memorystore_instance", + "google_memorystore_instance_desired_user_created_endpoints", + "google_migration_center_group", + "google_migration_center_preference_set", + "google_ml_engine_model", + "google_model_armor_floorsetting", + "google_model_armor_template", + "google_monitoring_alert_policy", + "google_monitoring_custom_service", + "google_monitoring_dashboard", + "google_monitoring_group", + "google_monitoring_metric_descriptor", + "google_monitoring_monitored_project", + "google_monitoring_notification_channel", + "google_monitoring_service", + "google_monitoring_slo", + "google_monitoring_uptime_check_config", + "google_netapp_active_directory", + "google_netapp_backup", + "google_netapp_backup_policy", + "google_netapp_backup_vault", + "google_netapp_host_group", + "google_netapp_kmsconfig", + "google_netapp_storage_pool", + "google_netapp_volume", + "google_netapp_volume_quota_rule", + "google_netapp_volume_replication", + "google_netapp_volume_snapshot", + "google_network_connectivity_group", + "google_network_connectivity_hub", + "google_network_connectivity_internal_range", + "google_network_connectivity_policy_based_route", + "google_network_connectivity_regional_endpoint", + "google_network_connectivity_service_connection_policy", + "google_network_connectivity_spoke", + "google_network_management_organization_vpc_flow_logs_config", + "google_network_management_vpc_flow_logs_config", + "google_network_security_address_group", + "google_network_security_address_group_iam_binding", + "google_network_security_address_group_iam_member", + "google_network_security_address_group_iam_policy", + "google_network_security_authorization_policy", + "google_network_security_authz_policy", + "google_network_security_backend_authentication_config", + "google_network_security_client_tls_policy", + "google_network_security_dns_threat_detector", + "google_network_security_firewall_endpoint", + "google_network_security_firewall_endpoint_association", + "google_network_security_gateway_security_policy", + "google_network_security_gateway_security_policy_rule", + "google_network_security_intercept_deployment", + "google_network_security_intercept_deployment_group", + "google_network_security_intercept_endpoint_group", + "google_network_security_intercept_endpoint_group_association", + "google_network_security_mirroring_deployment", + "google_network_security_mirroring_deployment_group", + "google_network_security_mirroring_endpoint", + "google_network_security_mirroring_endpoint_group", + "google_network_security_mirroring_endpoint_group_association", + "google_network_security_security_profile", + "google_network_security_security_profile_group", + "google_network_security_server_tls_policy", + "google_network_security_tls_inspection_policy", + "google_network_security_url_lists", + "google_network_services_authz_extension", + "google_network_services_edge_cache_keyset", + "google_network_services_edge_cache_origin", + "google_network_services_edge_cache_service", + "google_network_services_endpoint_policy", + "google_network_services_gateway", + "google_network_services_grpc_route", + "google_network_services_http_route", + "google_network_services_lb_route_extension", + "google_network_services_lb_traffic_extension", + "google_network_services_mesh", + "google_network_services_multicast_domain", + "google_network_services_service_binding", + "google_network_services_service_lb_policies", + "google_network_services_tcp_route", + "google_network_services_tls_route", + "google_network_services_wasm_plugin", + "google_notebooks_environment", + "google_notebooks_instance", + "google_notebooks_instance_iam_binding", + "google_notebooks_instance_iam_member", + "google_notebooks_instance_iam_policy", + "google_notebooks_runtime", + "google_notebooks_runtime_iam_binding", + "google_notebooks_runtime_iam_member", + "google_notebooks_runtime_iam_policy", + "google_observability_trace_scope", + "google_oracle_database_autonomous_database", + "google_oracle_database_cloud_exadata_infrastructure", + "google_oracle_database_cloud_vm_cluster", + "google_oracle_database_db_system", + "google_oracle_database_exascale_db_storage_vault", + "google_oracle_database_odb_network", + "google_oracle_database_odb_subnet", + "google_org_policy_custom_constraint", + "google_org_policy_policy", + "google_organization_access_approval_settings", + "google_organization_iam_audit_config", + "google_organization_iam_binding", + "google_organization_iam_custom_role", + "google_organization_iam_member", + "google_organization_iam_policy", + "google_organization_policy", + "google_os_config_guest_policies", + "google_os_config_os_policy_assignment", + "google_os_config_patch_deployment", + "google_os_config_v2_policy_orchestrator", + "google_os_config_v2_policy_orchestrator_for_folder", + "google_os_config_v2_policy_orchestrator_for_organization", + "google_os_login_ssh_public_key", + "google_parallelstore_instance", + "google_parameter_manager_parameter", + "google_parameter_manager_parameter_version", + "google_parameter_manager_regional_parameter", + "google_parameter_manager_regional_parameter_version", + "google_privateca_ca_pool", + "google_privateca_ca_pool_iam_binding", + "google_privateca_ca_pool_iam_member", + "google_privateca_ca_pool_iam_policy", + "google_privateca_certificate", + "google_privateca_certificate_authority", + "google_privateca_certificate_template", + "google_privateca_certificate_template_iam_binding", + "google_privateca_certificate_template_iam_member", + "google_privateca_certificate_template_iam_policy", + "google_privileged_access_manager_entitlement", + "google_privileged_access_manager_settings", + "google_project", + "google_project_access_approval_settings", + "google_project_default_service_accounts", + "google_project_iam_audit_config", + "google_project_iam_binding", + "google_project_iam_custom_role", + "google_project_iam_member", + "google_project_iam_member_remove", + "google_project_iam_policy", + "google_project_organization_policy", + "google_project_service", + "google_project_service_identity", + "google_project_services", + "google_project_usage_export_bucket", + "google_public_ca_external_account_key", + "google_pubsub_lite_reservation", + "google_pubsub_lite_subscription", + "google_pubsub_lite_topic", + "google_pubsub_schema", + "google_pubsub_schema_iam_binding", + "google_pubsub_schema_iam_member", + "google_pubsub_schema_iam_policy", + "google_pubsub_subscription", + "google_pubsub_subscription_iam_binding", + "google_pubsub_subscription_iam_member", + "google_pubsub_subscription_iam_policy", + "google_pubsub_topic", + "google_pubsub_topic_iam_binding", + "google_pubsub_topic_iam_member", + "google_pubsub_topic_iam_policy", + "google_recaptcha_enterprise_key", + "google_redis_cluster", + "google_redis_cluster_user_created_connections", + "google_redis_instance", + "google_resource_manager_capability", + "google_resource_manager_lien", + "google_runtimeconfig_config", + "google_runtimeconfig_config_iam_binding", + "google_runtimeconfig_config_iam_member", + "google_runtimeconfig_config_iam_policy", + "google_runtimeconfig_variable", + "google_saas_runtime_release", + "google_saas_runtime_rollout_kind", + "google_saas_runtime_saas", + "google_saas_runtime_tenant", + "google_saas_runtime_unit", + "google_saas_runtime_unit_kind", + "google_scc_event_threat_detection_custom_module", + "google_scc_folder_custom_module", + "google_scc_folder_notification_config", + "google_scc_folder_scc_big_query_export", + "google_scc_management_folder_security_health_analytics_custom_module", + "google_scc_management_organization_event_threat_detection_custom_module", + "google_scc_management_organization_security_health_analytics_custom_module", + "google_scc_management_project_security_health_analytics_custom_module", + "google_scc_mute_config", + "google_scc_notification_config", + "google_scc_organization_custom_module", + "google_scc_organization_scc_big_query_export", + "google_scc_project_custom_module", + "google_scc_project_notification_config", + "google_scc_project_scc_big_query_export", + "google_scc_source", + "google_scc_source_iam_binding", + "google_scc_source_iam_member", + "google_scc_source_iam_policy", + "google_scc_v2_folder_mute_config", + "google_scc_v2_folder_notification_config", + "google_scc_v2_folder_scc_big_query_export", + "google_scc_v2_organization_mute_config", + "google_scc_v2_organization_notification_config", + "google_scc_v2_organization_scc_big_query_export", + "google_scc_v2_organization_scc_big_query_exports", + "google_scc_v2_organization_source_iam_binding", + "google_scc_v2_organization_source_iam_member", + "google_scc_v2_organization_source_iam_policy", + "google_scc_v2_project_mute_config", + "google_scc_v2_project_notification_config", + "google_scc_v2_project_scc_big_query_export", + "google_secret_manager_regional_secret", + "google_secret_manager_regional_secret_iam_binding", + "google_secret_manager_regional_secret_iam_member", + "google_secret_manager_regional_secret_iam_policy", + "google_secret_manager_regional_secret_version", + "google_secret_manager_secret", + "google_secret_manager_secret_iam_binding", + "google_secret_manager_secret_iam_member", + "google_secret_manager_secret_iam_policy", + "google_secret_manager_secret_version", + "google_secure_source_manager_branch_rule", + "google_secure_source_manager_hook", + "google_secure_source_manager_instance", + "google_secure_source_manager_instance_iam_binding", + "google_secure_source_manager_instance_iam_member", + "google_secure_source_manager_instance_iam_policy", + "google_secure_source_manager_repository", + "google_secure_source_manager_repository_iam_binding", + "google_secure_source_manager_repository_iam_member", + "google_secure_source_manager_repository_iam_policy", + "google_security_scanner_scan_config", + "google_securityposture_posture", + "google_service_account", + "google_service_account_iam_binding", + "google_service_account_iam_member", + "google_service_account_iam_policy", + "google_service_account_key", + "google_service_directory_endpoint", + "google_service_directory_namespace", + "google_service_directory_namespace_iam_binding", + "google_service_directory_namespace_iam_member", + "google_service_directory_namespace_iam_policy", + "google_service_directory_service", + "google_service_directory_service_iam_binding", + "google_service_directory_service_iam_member", + "google_service_directory_service_iam_policy", + "google_service_networking_connection", + "google_service_networking_peered_dns_domain", + "google_service_networking_vpc_service_controls", + "google_service_usage_consumer_quota_override", + "google_site_verification_owner", + "google_site_verification_web_resource", + "google_sourcerepo_repository", + "google_sourcerepo_repository_iam_binding", + "google_sourcerepo_repository_iam_member", + "google_sourcerepo_repository_iam_policy", + "google_spanner_backup_schedule", + "google_spanner_database", + "google_spanner_database_iam_binding", + "google_spanner_database_iam_member", + "google_spanner_database_iam_policy", + "google_spanner_instance", + "google_spanner_instance_config", + "google_spanner_instance_iam_binding", + "google_spanner_instance_iam_member", + "google_spanner_instance_iam_policy", + "google_spanner_instance_partition", + "google_sql_database", + "google_sql_database_instance", + "google_sql_source_representation_instance", + "google_sql_ssl_cert", + "google_sql_user", + "google_storage_anywhere_cache", + "google_storage_batch_operations_job", + "google_storage_bucket", + "google_storage_bucket_access_control", + "google_storage_bucket_acl", + "google_storage_bucket_iam_binding", + "google_storage_bucket_iam_member", + "google_storage_bucket_iam_policy", + "google_storage_bucket_object", + "google_storage_control_folder_intelligence_config", + "google_storage_control_organization_intelligence_config", + "google_storage_control_project_intelligence_config", + "google_storage_default_object_access_control", + "google_storage_default_object_acl", + "google_storage_folder", + "google_storage_hmac_key", + "google_storage_insights_dataset_config", + "google_storage_insights_report_config", + "google_storage_managed_folder", + "google_storage_managed_folder_iam_binding", + "google_storage_managed_folder_iam_member", + "google_storage_managed_folder_iam_policy", + "google_storage_notification", + "google_storage_object_access_control", + "google_storage_object_acl", + "google_storage_transfer_agent_pool", + "google_storage_transfer_job", + "google_tags_location_tag_binding", + "google_tags_tag_binding", + "google_tags_tag_key", + "google_tags_tag_key_iam_binding", + "google_tags_tag_key_iam_member", + "google_tags_tag_key_iam_policy", + "google_tags_tag_value", + "google_tags_tag_value_iam_binding", + "google_tags_tag_value_iam_member", + "google_tags_tag_value_iam_policy", + "google_tpu_node", + "google_tpu_v2_queued_resource", + "google_tpu_v2_vm", + "google_transcoder_job", + "google_transcoder_job_template", + "google_vertex_ai_cache_config", + "google_vertex_ai_dataset", + "google_vertex_ai_deployment_resource_pool", + "google_vertex_ai_endpoint", + "google_vertex_ai_endpoint_iam_binding", + "google_vertex_ai_endpoint_iam_member", + "google_vertex_ai_endpoint_iam_policy", + "google_vertex_ai_endpoint_with_model_garden_deployment", + "google_vertex_ai_feature_group", + "google_vertex_ai_feature_group_feature", + "google_vertex_ai_feature_group_iam_binding", + "google_vertex_ai_feature_group_iam_member", + "google_vertex_ai_feature_group_iam_policy", + "google_vertex_ai_feature_online_store", + "google_vertex_ai_feature_online_store_featureview", + "google_vertex_ai_feature_online_store_featureview_iam_binding", + "google_vertex_ai_feature_online_store_featureview_iam_member", + "google_vertex_ai_feature_online_store_featureview_iam_policy", + "google_vertex_ai_feature_online_store_iam_binding", + "google_vertex_ai_feature_online_store_iam_member", + "google_vertex_ai_feature_online_store_iam_policy", + "google_vertex_ai_featurestore", + "google_vertex_ai_featurestore_entitytype", + "google_vertex_ai_featurestore_entitytype_feature", + "google_vertex_ai_featurestore_entitytype_iam_binding", + "google_vertex_ai_featurestore_entitytype_iam_member", + "google_vertex_ai_featurestore_entitytype_iam_policy", + "google_vertex_ai_featurestore_iam_binding", + "google_vertex_ai_featurestore_iam_member", + "google_vertex_ai_featurestore_iam_policy", + "google_vertex_ai_index", + "google_vertex_ai_index_endpoint", + "google_vertex_ai_index_endpoint_deployed_index", + "google_vertex_ai_metadata_store", + "google_vertex_ai_rag_engine_config", + "google_vertex_ai_reasoning_engine", + "google_vertex_ai_tensorboard", + "google_vmwareengine_cluster", + "google_vmwareengine_external_access_rule", + "google_vmwareengine_external_address", + "google_vmwareengine_network", + "google_vmwareengine_network_peering", + "google_vmwareengine_network_policy", + "google_vmwareengine_private_cloud", + "google_vmwareengine_subnet", + "google_vpc_access_connector", + "google_workbench_instance", + "google_workbench_instance_iam_binding", + "google_workbench_instance_iam_member", + "google_workbench_instance_iam_policy", + "google_workflows_workflow", + "google_workstations_workstation", + "google_workstations_workstation_cluster", + "google_workstations_workstation_config", + "google_workstations_workstation_config_iam_binding", + "google_workstations_workstation_config_iam_member", + "google_workstations_workstation_config_iam_policy", + "google_workstations_workstation_iam_binding", + "google_workstations_workstation_iam_member", + "google_workstations_workstation_iam_policy" + ], + "dataSources": [ + "google_access_approval_folder_service_account", + "google_access_approval_organization_service_account", + "google_access_approval_project_service_account", + "google_access_context_manager_access_policy", + "google_access_context_manager_access_policy_iam_policy", + "google_active_folder", + "google_alloydb_cluster", + "google_alloydb_instance", + "google_alloydb_locations", + "google_alloydb_supported_database_flags", + "google_api_gateway_api_config_iam_policy", + "google_api_gateway_api_iam_policy", + "google_api_gateway_gateway_iam_policy", + "google_apigee_environment_iam_policy", + "google_app_engine_default_service_account", + "google_apphub_application", + "google_apphub_discovered_service", + "google_apphub_discovered_workload", + "google_artifact_registry_docker_image", + "google_artifact_registry_docker_images", + "google_artifact_registry_locations", + "google_artifact_registry_maven_artifact", + "google_artifact_registry_maven_artifacts", + "google_artifact_registry_npm_package", + "google_artifact_registry_npm_packages", + "google_artifact_registry_packages", + "google_artifact_registry_python_package", + "google_artifact_registry_python_packages", + "google_artifact_registry_repositories", + "google_artifact_registry_repository", + "google_artifact_registry_repository_iam_policy", + "google_artifact_registry_tags", + "google_artifact_registry_versions", + "google_backup_dr_backup", + "google_backup_dr_backup_plan_association", + "google_backup_dr_backup_plan_associations", + "google_backup_dr_backup_vault", + "google_backup_dr_data_source", + "google_backup_dr_data_source_reference", + "google_backup_dr_data_source_references", + "google_beyondcorp_app_connection", + "google_beyondcorp_app_connector", + "google_beyondcorp_app_gateway", + "google_beyondcorp_security_gateway", + "google_beyondcorp_security_gateway_application_iam_policy", + "google_beyondcorp_security_gateway_iam_policy", + "google_bigquery_analytics_hub_data_exchange_iam_policy", + "google_bigquery_analytics_hub_listing_iam_policy", + "google_bigquery_connection_iam_policy", + "google_bigquery_datapolicy_data_policy_iam_policy", + "google_bigquery_datapolicyv2_data_policy_iam_policy", + "google_bigquery_dataset", + "google_bigquery_dataset_iam_policy", + "google_bigquery_datasets", + "google_bigquery_default_service_account", + "google_bigquery_table", + "google_bigquery_table_iam_policy", + "google_bigquery_tables", + "google_bigtable_instance_iam_policy", + "google_bigtable_table_iam_policy", + "google_billing_account", + "google_billing_account_iam_policy", + "google_binary_authorization_attestor_iam_policy", + "google_certificate_manager_certificate_map", + "google_certificate_manager_certificates", + "google_certificate_manager_dns_authorization", + "google_client_config", + "google_client_openid_userinfo", + "google_cloud_identity_group_lookup", + "google_cloud_identity_group_memberships", + "google_cloud_identity_group_transitive_memberships", + "google_cloud_identity_groups", + "google_cloud_identity_policy", + "google_cloud_quotas_quota_info", + "google_cloud_quotas_quota_infos", + "google_cloud_run_locations", + "google_cloud_run_service", + "google_cloud_run_service_iam_policy", + "google_cloud_run_v2_job", + "google_cloud_run_v2_job_iam_policy", + "google_cloud_run_v2_service", + "google_cloud_run_v2_service_iam_policy", + "google_cloud_run_v2_worker_pool", + "google_cloud_run_v2_worker_pool_iam_policy", + "google_cloud_tasks_queue_iam_policy", + "google_cloudbuild_trigger", + "google_cloudbuildv2_connection_iam_policy", + "google_clouddeploy_custom_target_type_iam_policy", + "google_clouddeploy_delivery_pipeline_iam_policy", + "google_clouddeploy_target_iam_policy", + "google_cloudfunctions2_function", + "google_cloudfunctions2_function_iam_policy", + "google_cloudfunctions_function", + "google_cloudfunctions_function_iam_policy", + "google_colab_runtime_template_iam_policy", + "google_composer_environment", + "google_composer_image_versions", + "google_composer_user_workloads_config_map", + "google_composer_user_workloads_secret", + "google_compute_address", + "google_compute_addresses", + "google_compute_backend_bucket", + "google_compute_backend_bucket_iam_policy", + "google_compute_backend_service", + "google_compute_backend_service_iam_policy", + "google_compute_default_service_account", + "google_compute_disk", + "google_compute_disk_iam_policy", + "google_compute_forwarding_rule", + "google_compute_forwarding_rules", + "google_compute_global_address", + "google_compute_global_forwarding_rule", + "google_compute_ha_vpn_gateway", + "google_compute_health_check", + "google_compute_image", + "google_compute_image_iam_policy", + "google_compute_images", + "google_compute_instance", + "google_compute_instance_group", + "google_compute_instance_group_manager", + "google_compute_instance_guest_attributes", + "google_compute_instance_iam_policy", + "google_compute_instance_serial_port", + "google_compute_instance_template", + "google_compute_instance_template_iam_policy", + "google_compute_instant_snapshot_iam_policy", + "google_compute_interconnect_location", + "google_compute_interconnect_locations", + "google_compute_lb_ip_ranges", + "google_compute_machine_image_iam_policy", + "google_compute_machine_types", + "google_compute_network", + "google_compute_network_attachment", + "google_compute_network_endpoint_group", + "google_compute_network_peering", + "google_compute_networks", + "google_compute_node_types", + "google_compute_region_backend_service", + "google_compute_region_backend_service_iam_policy", + "google_compute_region_disk", + "google_compute_region_disk_iam_policy", + "google_compute_region_instance_group", + "google_compute_region_instance_group_manager", + "google_compute_region_instance_template", + "google_compute_region_network_endpoint_group", + "google_compute_region_ssl_certificate", + "google_compute_regions", + "google_compute_reservation", + "google_compute_reservation_block", + "google_compute_reservation_sub_block", + "google_compute_resource_policy", + "google_compute_router", + "google_compute_router_nat", + "google_compute_router_status", + "google_compute_security_policy", + "google_compute_snapshot", + "google_compute_snapshot_iam_policy", + "google_compute_ssl_certificate", + "google_compute_ssl_policy", + "google_compute_storage_pool_iam_policy", + "google_compute_storage_pool_types", + "google_compute_subnetwork", + "google_compute_subnetwork_iam_policy", + "google_compute_subnetworks", + "google_compute_vpn_gateway", + "google_compute_zones", + "google_container_analysis_note_iam_policy", + "google_container_attached_install_manifest", + "google_container_attached_versions", + "google_container_aws_versions", + "google_container_azure_versions", + "google_container_cluster", + "google_container_engine_versions", + "google_container_registry_image", + "google_container_registry_repository", + "google_data_catalog_entry_group_iam_policy", + "google_data_catalog_policy_tag_iam_policy", + "google_data_catalog_tag_template_iam_policy", + "google_data_catalog_taxonomy_iam_policy", + "google_data_fusion_instance_iam_policy", + "google_dataform_repository_iam_policy", + "google_dataplex_aspect_type_iam_policy", + "google_dataplex_asset_iam_policy", + "google_dataplex_data_quality_rules", + "google_dataplex_datascan_iam_policy", + "google_dataplex_entry_group_iam_policy", + "google_dataplex_entry_type_iam_policy", + "google_dataplex_glossary_iam_policy", + "google_dataplex_lake_iam_policy", + "google_dataplex_task_iam_policy", + "google_dataplex_zone_iam_policy", + "google_dataproc_autoscaling_policy_iam_policy", + "google_dataproc_cluster_iam_policy", + "google_dataproc_job_iam_policy", + "google_dataproc_metastore_database_iam_policy", + "google_dataproc_metastore_federation_iam_policy", + "google_dataproc_metastore_service", + "google_dataproc_metastore_service_iam_policy", + "google_dataproc_metastore_table_iam_policy", + "google_datastream_static_ips", + "google_dns_keys", + "google_dns_managed_zone", + "google_dns_managed_zone_iam_policy", + "google_dns_managed_zones", + "google_dns_record_set", + "google_endpoints_service_consumers_iam_policy", + "google_endpoints_service_iam_policy", + "google_filestore_instance", + "google_firebase_web_app_config", + "google_folder", + "google_folder_iam_policy", + "google_folder_organization_policy", + "google_folders", + "google_gemini_repository_group_iam_policy", + "google_gke_backup_backup_plan_iam_policy", + "google_gke_backup_restore_plan_iam_policy", + "google_gke_hub_feature", + "google_gke_hub_feature_iam_policy", + "google_gke_hub_membership", + "google_gke_hub_membership_iam_policy", + "google_gke_hub_scope_iam_policy", + "google_healthcare_consent_store_iam_policy", + "google_healthcare_dataset_iam_policy", + "google_healthcare_dicom_store_iam_policy", + "google_healthcare_fhir_store_iam_policy", + "google_healthcare_hl7_v2_store_iam_policy", + "google_iam_policy", + "google_iam_role", + "google_iam_workforce_pool_iam_policy", + "google_iam_workload_identity_pool", + "google_iam_workload_identity_pool_iam_policy", + "google_iam_workload_identity_pool_provider", + "google_iap_app_engine_service_iam_policy", + "google_iap_app_engine_version_iam_policy", + "google_iap_client", + "google_iap_tunnel_dest_group_iam_policy", + "google_iap_tunnel_iam_policy", + "google_iap_tunnel_instance_iam_policy", + "google_iap_web_backend_service_iam_policy", + "google_iap_web_cloud_run_service_iam_policy", + "google_iap_web_forwarding_rule_service_iam_policy", + "google_iap_web_iam_policy", + "google_iap_web_region_backend_service_iam_policy", + "google_iap_web_region_forwarding_rule_service_iam_policy", + "google_iap_web_type_app_engine_iam_policy", + "google_iap_web_type_compute_iam_policy", + "google_kms_autokey_config", + "google_kms_crypto_key", + "google_kms_crypto_key_iam_policy", + "google_kms_crypto_key_latest_version", + "google_kms_crypto_key_version", + "google_kms_crypto_key_versions", + "google_kms_crypto_keys", + "google_kms_ekm_connection_iam_policy", + "google_kms_key_handle", + "google_kms_key_handles", + "google_kms_key_ring", + "google_kms_key_ring_iam_policy", + "google_kms_key_rings", + "google_kms_secret", + "google_kms_secret_asymmetric", + "google_kms_secret_ciphertext", + "google_logging_folder_settings", + "google_logging_log_view_iam_policy", + "google_logging_organization_settings", + "google_logging_project_cmek_settings", + "google_logging_project_settings", + "google_lustre_instance", + "google_memcache_instance", + "google_memorystore_instance", + "google_monitoring_app_engine_service", + "google_monitoring_cluster_istio_service", + "google_monitoring_istio_canonical_service", + "google_monitoring_mesh_istio_service", + "google_monitoring_notification_channel", + "google_monitoring_uptime_check_ips", + "google_netblock_ip_ranges", + "google_network_security_address_group_iam_policy", + "google_notebooks_instance_iam_policy", + "google_notebooks_runtime_iam_policy", + "google_oracle_database_autonomous_database", + "google_oracle_database_autonomous_databases", + "google_oracle_database_cloud_exadata_infrastructure", + "google_oracle_database_cloud_exadata_infrastructures", + "google_oracle_database_cloud_vm_cluster", + "google_oracle_database_cloud_vm_clusters", + "google_oracle_database_db_nodes", + "google_oracle_database_db_servers", + "google_organization", + "google_organization_iam_custom_role", + "google_organization_iam_custom_roles", + "google_organization_iam_policy", + "google_organizations", + "google_parameter_manager_parameter", + "google_parameter_manager_parameter_version", + "google_parameter_manager_parameter_version_render", + "google_parameter_manager_parameters", + "google_parameter_manager_regional_parameter", + "google_parameter_manager_regional_parameter_version", + "google_parameter_manager_regional_parameter_version_render", + "google_parameter_manager_regional_parameters", + "google_privateca_ca_pool_iam_policy", + "google_privateca_certificate_authority", + "google_privateca_certificate_template_iam_policy", + "google_privileged_access_manager_entitlement", + "google_project", + "google_project_ancestry", + "google_project_iam_custom_role", + "google_project_iam_custom_roles", + "google_project_iam_policy", + "google_project_organization_policy", + "google_project_service", + "google_projects", + "google_pubsub_schema_iam_policy", + "google_pubsub_subscription", + "google_pubsub_subscription_iam_policy", + "google_pubsub_topic", + "google_pubsub_topic_iam_policy", + "google_redis_cluster", + "google_redis_instance", + "google_runtimeconfig_config", + "google_runtimeconfig_config_iam_policy", + "google_runtimeconfig_variable", + "google_scc_source_iam_policy", + "google_scc_v2_organization_source_iam_policy", + "google_secret_manager_regional_secret", + "google_secret_manager_regional_secret_iam_policy", + "google_secret_manager_regional_secret_version", + "google_secret_manager_regional_secret_version_access", + "google_secret_manager_regional_secrets", + "google_secret_manager_secret", + "google_secret_manager_secret_iam_policy", + "google_secret_manager_secret_version", + "google_secret_manager_secret_version_access", + "google_secret_manager_secrets", + "google_secure_source_manager_instance_iam_policy", + "google_secure_source_manager_repository_iam_policy", + "google_service_account", + "google_service_account_access_token", + "google_service_account_iam_policy", + "google_service_account_id_token", + "google_service_account_jwt", + "google_service_account_key", + "google_service_accounts", + "google_service_directory_namespace_iam_policy", + "google_service_directory_service_iam_policy", + "google_site_verification_token", + "google_sourcerepo_repository", + "google_sourcerepo_repository_iam_policy", + "google_spanner_database", + "google_spanner_database_iam_policy", + "google_spanner_instance", + "google_spanner_instance_iam_policy", + "google_sql_backup_run", + "google_sql_ca_certs", + "google_sql_database", + "google_sql_database_instance", + "google_sql_database_instance_latest_recovery_time", + "google_sql_database_instances", + "google_sql_databases", + "google_sql_tiers", + "google_storage_bucket", + "google_storage_bucket_iam_policy", + "google_storage_bucket_object", + "google_storage_bucket_object_content", + "google_storage_bucket_objects", + "google_storage_buckets", + "google_storage_control_folder_intelligence_config", + "google_storage_control_organization_intelligence_config", + "google_storage_control_project_intelligence_config", + "google_storage_insights_dataset_config", + "google_storage_object_signed_url", + "google_storage_project_service_account", + "google_storage_transfer_project_service_account", + "google_tags_tag_key", + "google_tags_tag_key_iam_policy", + "google_tags_tag_keys", + "google_tags_tag_value", + "google_tags_tag_value_iam_policy", + "google_tags_tag_values", + "google_tpu_tensorflow_versions", + "google_tpu_v2_accelerator_types", + "google_tpu_v2_runtime_versions", + "google_vertex_ai_endpoint_iam_policy", + "google_vertex_ai_feature_group_iam_policy", + "google_vertex_ai_feature_online_store_featureview_iam_policy", + "google_vertex_ai_feature_online_store_iam_policy", + "google_vertex_ai_featurestore_entitytype_iam_policy", + "google_vertex_ai_featurestore_iam_policy", + "google_vmwareengine_cluster", + "google_vmwareengine_external_access_rule", + "google_vmwareengine_external_address", + "google_vmwareengine_network", + "google_vmwareengine_network_peering", + "google_vmwareengine_network_policy", + "google_vmwareengine_nsx_credentials", + "google_vmwareengine_private_cloud", + "google_vmwareengine_subnet", + "google_vmwareengine_vcenter_credentials", + "google_vpc_access_connector", + "google_workbench_instance_iam_policy", + "google_workstations_workstation_config_iam_policy", + "google_workstations_workstation_iam_policy" + ] +} \ No newline at end of file diff --git a/src/parse/parse.go b/src/parse/parse.go index 0ca80e19..cad2a1c5 100644 --- a/src/parse/parse.go +++ b/src/parse/parse.go @@ -2,6 +2,8 @@ package parse import ( "encoding/json" + "errors" + "fmt" "os" "path/filepath" "regexp" @@ -17,6 +19,10 @@ type provider struct { } func Parse(codebase string, name string) error { + if name == "" || codebase == "" { + return errors.New("name or codebase is required") + } + var err error var jsonOut []byte @@ -29,32 +35,32 @@ func Parse(codebase string, name string) error { case "google": { match := `resource "(` + name + `_.*?)"` - myProvider.Resources, err = GetMatches(codebase, match, "markdown") + myProvider.Resources, err = getMatches(codebase, match, "markdown") + if err != nil { return err } - myProvider.DataSources, err = GetMatches(codebase, `data "(`+name+`_.*?)"`, "markdown") + myProvider.DataSources, err = getMatches(codebase, `data "(`+name+`_.*?)"`, "markdown") if err != nil { return err } } default: match := `resource "(` + name + `_.*?)"` - myProvider.Resources, err = GetMatches(codebase, match, "markdown") + myProvider.Resources, err = getMatches(codebase, match, "markdown") if err != nil { return err } - myProvider.DataSources, err = GetMatches(codebase, `# Data Source:(.*)`, "markdown") + myProvider.DataSources, err = getMatches(codebase, `# Data Source:(.*)`, "markdown") if err != nil { return err } } jsonOut, err = json.MarshalIndent(myProvider, "", " ") - if err != nil { return err } @@ -69,8 +75,8 @@ func Parse(codebase string, name string) error { return nil } -func GetMatches(source string, match string, extension string) ([]string, error) { - files, err := GetGoFiles(source, extension) +func getMatches(source string, match string, extension string) ([]string, error) { + files, err := getGoFiles(source, extension) if err != nil { return nil, err } @@ -100,12 +106,16 @@ func GetMatches(source string, match string, extension string) ([]string, error) } } - keys := GetKeys(matches) + keys := getKeys(matches) return keys, nil } -func GetGoFiles(path string, extension string) ([]string, error) { +func getGoFiles(path string, extension string) ([]string, error) { + if path == "" || extension == "" { + return nil, errors.New("path or extension are required") + } + libRegEx, err := regexp.Compile("^.+\\." + extension + "$") if err != nil { return nil, err @@ -113,10 +123,15 @@ func GetGoFiles(path string, extension string) ([]string, error) { absPath, err := filepath.Abs(path) - log.Info().Msgf(absPath) + log.Info().Msg(absPath) if err != nil { - return nil, err + return nil, fmt.Errorf("absolute path error %v", err) + } + + _, err = os.Stat(absPath) + if err != nil { + return nil, fmt.Errorf("path does not exist error %v", err) } var files []string @@ -131,7 +146,6 @@ func GetGoFiles(path string, extension string) ([]string, error) { return nil }) - if err != nil { return nil, err } @@ -139,7 +153,7 @@ func GetGoFiles(path string, extension string) ([]string, error) { return files, nil } -func GetKeys(m map[string]bool) []string { +func getKeys(m map[string]bool) []string { var keys []string for k := range m { diff --git a/src/parse/parse_test.go b/src/parse/parse_test.go index 5eb3d597..ae16107b 100644 --- a/src/parse/parse_test.go +++ b/src/parse/parse_test.go @@ -28,18 +28,37 @@ func TestGetGoFiles(t *testing.T) { }{ {name: "Pass", args: args{path: "./testdata", extension: "go"}, want: wanted}, {name: "None", args: args{path: "../mapping", extension: "go"}}, + { + name: "Valid path", + args: args{ + path: "./testdata", + extension: "markdown", + }, + wantErr: false, + }, + { + name: "Invalid path", + args: args{ + path: "/nonexistent", + extension: "markdown", + }, + wantErr: true, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := GetGoFiles(tt.args.path, tt.args.extension) + + got, err := getGoFiles(tt.args.path, tt.args.extension) + if (err != nil) != tt.wantErr { t.Errorf("GetGoFiles() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetGoFiles() got = %v, want %v", got, tt.want) } @@ -59,6 +78,7 @@ func TestGetKeys(t *testing.T) { } nothing := map[string]bool{} + var bumpkis []string myKeys := []string{"first"} @@ -69,6 +89,21 @@ func TestGetKeys(t *testing.T) { }{ {name: "pass", args: args{sample}, want: myKeys}, {name: "nil", args: args{nothing}}, + + { + name: "Non-empty map", args: args{ + m: map[string]bool{ + "key1": true, + "key2": true, + }, + }, + want: []string{"key1", "key2"}, + }, + { + name: "Empty map", + args: args{m: map[string]bool{}}, + want: bumpkis, + }, } for _, tt := range tests { @@ -76,7 +111,7 @@ func TestGetKeys(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got := GetKeys(tt.args.m); !reflect.DeepEqual(got, tt.want) { + if got := getKeys(tt.args.m); !reflect.DeepEqual(got, tt.want) { t.Errorf("GetKeys() = %v, want %v", got, tt.want) } }) @@ -86,6 +121,8 @@ func TestGetKeys(t *testing.T) { func TestGetMatches(t *testing.T) { t.Parallel() + var empty []string + type args struct { source string match string @@ -98,19 +135,42 @@ func TestGetMatches(t *testing.T) { want []string wantErr bool }{ - {name: "pass"}, + {name: "pass", wantErr: true}, {name: "go", args: args{source: "./testdata", match: "(aws_.*?)", extension: "go"}, want: []string{"aws_"}}, + { + name: "Valid pattern", + args: args{ + source: "./testdata", + match: `resource "(test_.*?)"`, + extension: "markdown", + }, + want: empty, + wantErr: false, + }, + { + name: "Invalid regex pattern", + args: args{ + source: "./testdata", + match: "[", + extension: "markdown", + }, + want: empty, + wantErr: false, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := GetMatches(tt.args.source, tt.args.match, tt.args.extension) + + got, err := getMatches(tt.args.source, tt.args.match, tt.args.extension) + if (err != nil) != tt.wantErr { t.Errorf("GetMatches() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetMatches() got = %v, want %v", got, tt.want) } @@ -153,11 +213,9 @@ func teardown(cloud string) { case "google": _ = os.RemoveAll("./terraform-provider-google") } - } func TestParse(t *testing.T) { - type args struct { codebase string name string @@ -171,6 +229,11 @@ func TestParse(t *testing.T) { {name: "aws", args: args{codebase: "./terraform-provider-aws", name: "aws"}}, {name: "azure", args: args{codebase: "./terraform-provider-azurerm", name: "azurerm"}}, {name: "google", args: args{codebase: "./terraform-provider-google", name: "google"}}, + { + name: "Empty codebase", + args: args{codebase: "", name: "azure"}, + wantErr: true, + }, } for _, tt := range tests { @@ -179,9 +242,11 @@ func TestParse(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() setup(tt.args.name) + if err := Parse(tt.args.codebase, tt.args.name); (err != nil) != tt.wantErr { t.Errorf("Parse() error = %v, wantErr %v", err, tt.wantErr) } + teardown(tt.args.name) }) } @@ -228,12 +293,56 @@ func Test_add(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() got, got1 := add(tt.args.s, tt.args.m, tt.args.a) + if !reflect.DeepEqual(got, tt.want) { t.Errorf("add() got = %v, want %v", got, tt.want) } + if !reflect.DeepEqual(got1, tt.want1) { t.Errorf("add() got1 = %v, want %v", got1, tt.want1) } }) } } + +func TestAdd(t *testing.T) { + tests := []struct { + name string + s string + m map[string]bool + a []string + wantSlice []string + wantMap map[string]bool + }{ + { + name: "New element", + s: "test", + m: map[string]bool{}, + a: []string{}, + wantSlice: []string{"test"}, + wantMap: map[string]bool{"test": true}, + }, + { + name: "Duplicate element", + s: "test", + m: map[string]bool{"test": true}, + a: []string{"test"}, + wantSlice: []string{"test"}, + wantMap: map[string]bool{"test": true}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotSlice, gotMap := add(tt.s, tt.m, tt.a) + + if !reflect.DeepEqual(gotSlice, tt.wantSlice) { + t.Errorf("add() gotSlice = %v, want %v", gotSlice, tt.wantSlice) + } + + if !reflect.DeepEqual(gotMap, tt.wantMap) { + t.Errorf("add() gotMap = %v, want %v", gotMap, tt.wantMap) + } + }) + } +} diff --git a/src/policy.go b/src/policy.go index 41c8db4d..71f407a8 100644 --- a/src/policy.go +++ b/src/policy.go @@ -4,8 +4,6 @@ import ( "bytes" _ "embed" // required for embed "encoding/json" - "errors" - "fmt" "reflect" "sort" "strconv" @@ -22,8 +20,19 @@ var policyTemplate []byte //go:embed aws_iam_role.tf var roleTemplate []byte +type policyDetails struct { + Policy string + Name string + Path string + Description string +} + // NewAWSPolicy constructor. func NewAWSPolicy(actions []string, resources bool) (Policy, error) { + if len(actions) == 0 { + return Policy{}, &emptyActionsError{} + } + something := Policy{Version: "2012-10-17"} sort.Strings(actions) @@ -41,6 +50,7 @@ func NewAWSPolicy(actions []string, resources bool) (Policy, error) { } sections := Unique(categories) + var statements []Statement for count, section := range sections { @@ -58,7 +68,7 @@ func NewAWSPolicy(actions []string, resources bool) (Policy, error) { } if myActions == nil { - return something, fmt.Errorf("failed to find any action") + return something, &emptyActionsError{} } // todo expand with new plan function @@ -68,9 +78,11 @@ func NewAWSPolicy(actions []string, resources bool) (Policy, error) { myResource = myArn.Builder() } - state := Statement{ - Sid: "VisualEditor" + strconv.Itoa(count), Effect: "Allow", Action: myActions, Resource: myResource, - } + state := NewStatement( + "VisualEditor"+strconv.Itoa(count), + allow, + myActions, + myResource) statements = append(statements, state) } @@ -81,7 +93,7 @@ func NewAWSPolicy(actions []string, resources bool) (Policy, error) { } // GetPolicy creates new iam polices from a list of Permissions. -func GetPolicy(actions Sorted, resources bool) (OutputPolicy, error) { +func GetPolicy(actions Sorted, resources bool, policyName string) (OutputPolicy, error) { var ( OutPolicy OutputPolicy Empty bool @@ -89,14 +101,14 @@ func GetPolicy(actions Sorted, resources bool) (OutputPolicy, error) { Empty = true - v := reflect.ValueOf(actions) - typeOfV := v.Type() - values := make([]interface{}, v.NumField()) + actionsValue := reflect.ValueOf(actions) + typeOfV := actionsValue.Type() + values := make([]interface{}, actionsValue.NumField()) var err error - for i := 0; i < v.NumField(); i++ { - values[i] = v.Field(i).Interface() + for i := 0; i < actionsValue.NumField(); i++ { + values[i] = actionsValue.Field(i).Interface() switch typeOfV.Field(i).Name { case "AWS": @@ -107,10 +119,10 @@ func GetPolicy(actions Sorted, resources bool) (OutputPolicy, error) { Empty = false // dedupe AWSPermissions := Unique(actions.AWS) - OutPolicy.AWS, err = AWSPolicy(AWSPermissions, resources) + OutPolicy.AWS, err = AWSPolicy(AWSPermissions, resources, policyName) if err != nil { - log.Print(err) + log.Error().Err(err) continue } @@ -123,10 +135,10 @@ func GetPolicy(actions Sorted, resources bool) (OutputPolicy, error) { Empty = false // dedupe GCPPermissions := Unique(actions.GCP) - OutPolicy.GCP, err = GCPPolicy(GCPPermissions) + OutPolicy.GCP, err = GCPPolicy(GCPPermissions, policyName) if err != nil { - log.Print(err) + log.Error().Err(err) continue } @@ -139,10 +151,10 @@ func GetPolicy(actions Sorted, resources bool) (OutputPolicy, error) { Empty = false // dedupe AZUREPermissions := Unique(actions.AZURE) - OutPolicy.AZURE, err = AZUREPolicy(AZUREPermissions) + OutPolicy.AZURE, err = AZUREPolicy(AZUREPermissions, policyName) if err != nil { - log.Print(err) + log.Error().Err(err) continue } @@ -150,47 +162,44 @@ func GetPolicy(actions Sorted, resources bool) (OutputPolicy, error) { } if Empty { - return OutPolicy, errors.New("no permissions found") + return OutPolicy, &emptyPermissionsError{} } return OutPolicy, nil } // AWSPolicy create an IAM policy. -func AWSPolicy(permissions []string, resources bool) (AwsOutput, error) { +func AWSPolicy(permissions []string, resources bool, policyName string) (AwsOutput, error) { var OutPolicy AwsOutput Policy, err := NewAWSPolicy(permissions, resources) if err != nil { - return OutPolicy, err + return OutPolicy, &newAWSPolicyError{err} } indent, err := json.MarshalIndent(Policy, "", " ") if err != nil { - fmt.Println(err) + log.Info().Err(err) - return OutPolicy, err + return OutPolicy, &marshallAWSPolicyError{err} } - type policyDetails struct { - Policy string - Name string - Path string - Description string - } + var theDetails policyDetails - PolicyName := "terraform_pike" - theDetails := policyDetails{string(indent), PolicyName, "/", "Pike Autogenerated policy from IAC"} + if policyName != "" { + theDetails = policyDetails{string(indent), policyName, "/", "Pike Autogenerated policy from IAC"} + } else { + theDetails = policyDetails{string(indent), defaultPolicyName, "/", "Pike Autogenerated policy from IAC"} + } var output bytes.Buffer tmpl, err := template.New("test").Parse(string(policyTemplate)) if err != nil { - panic(err) + return OutPolicy, &templateParseError{err} } err = tmpl.Execute(&output, theDetails) - if err != nil { panic(err) } @@ -201,7 +210,7 @@ func AWSPolicy(permissions []string, resources bool) (AwsOutput, error) { return OutPolicy, nil } -// Unique make slice unique +// Unique make slice unique. func Unique(s []string) []string { inResult := make(map[string]bool) @@ -219,3 +228,11 @@ func Unique(s []string) []string { return result } + +func Minify(JSONOut string) string { + return strings.ReplaceAll( + strings.ReplaceAll( + strings.ReplaceAll( + strings.ReplaceAll( + strings.ReplaceAll(JSONOut, "\n", ""), " ", ""), " ", ""), "\r", ""), "\t", "") +} diff --git a/src/policy_test.go b/src/policy_test.go index 2455d896..5f490211 100644 --- a/src/policy_test.go +++ b/src/policy_test.go @@ -1,12 +1,9 @@ -package pike_test +package pike import ( _ "embed" "reflect" - "strings" "testing" - - pike "github.com/jameswoolfenden/pike/src" ) func TestNewAWSPolicy(t *testing.T) { @@ -19,7 +16,7 @@ func TestNewAWSPolicy(t *testing.T) { tests := []struct { name string args args - want pike.Policy + want Policy wantErr bool }{ { @@ -44,9 +41,9 @@ func TestNewAWSPolicy(t *testing.T) { "s3:GetReplicationConfiguration", "s3:ListBucket", }}, - pike.Policy{ + Policy{ Version: "2012-10-17", - Statements: []pike.Statement{ + Statements: []Statement{ {"VisualEditor0", "Allow", []string{ "s3:CreateBucket", "s3:DeleteBucket", @@ -77,12 +74,15 @@ func TestNewAWSPolicy(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.NewAWSPolicy(tt.args.Actions, false) + + got, err := NewAWSPolicy(tt.args.Actions, false) + if (err != nil) != tt.wantErr { t.Errorf("NewAWSPolicy() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("NewAWSPolicy() = %v, want %v", got, tt.want) } @@ -94,7 +94,7 @@ func TestGetPolicy(t *testing.T) { t.Parallel() type args struct { - actions pike.Sorted + actions Sorted } tests := []struct { @@ -105,15 +105,15 @@ func TestGetPolicy(t *testing.T) { }{ { "first", - args{pike.Sorted{ + args{Sorted{ AWS: []string{}, }}, - "{\"Version\": \"2012-10-17\",\"Statement\": null\n}", + ``, false, }, { "aws", - args{pike.Sorted{AWS: []string{ + args{Sorted{AWS: []string{ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", @@ -128,13 +128,51 @@ func TestGetPolicy(t *testing.T) { "ec2:StopInstances", "ec2:TerminateInstances", }}}, - "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"VisualEditor0\",\"Effect\":\"Allow\",\"Action\":[\"ec2:DescribeInstanceAttribute\",\"ec2:DescribeInstanceCreditSpecifications\",\"ec2:DescribeInstanceTypes\",\"ec2:DescribeInstances\",\"ec2:DescribeTags\",\"ec2:DescribeVolumes\",\"ec2:ModifyInstanceAttribute\",\"ec2:RunInstances\",\"ec2:StartInstances\",\"ec2:StopInstances\",\"ec2:TerminateInstances\"],\"Resource\":[\"*\"]}]}", + `{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceCreditSpecifications", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:ModifyInstanceAttribute", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Resource": [ + "*" + ] + } + ] +}`, false, }, { "short", - args{pike.Sorted{AWS: []string{"s3:*"}}}, - "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"VisualEditor0\",\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}", + args{Sorted{AWS: []string{"s3:*"}}}, + `{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "*" + ] + } + ] +}`, false, }, } @@ -143,14 +181,18 @@ func TestGetPolicy(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.GetPolicy(tt.args.actions, false) + + got, err := GetPolicy(tt.args.actions, false, "") + if (err != nil) != tt.wantErr { t.Errorf("GetPolicy() error = %v, wantErr %v", err, tt.wantErr) return } + newGot := Minify(got.AWS.JSONOut) reallyWant := Minify(tt.want) + if newGot != reallyWant { t.Errorf("GetPolicy() = %v, want %v", got.AWS.JSONOut, tt.want) } @@ -158,14 +200,6 @@ func TestGetPolicy(t *testing.T) { } } -func Minify(JSONOut string) string { - return strings.ReplaceAll( - strings.ReplaceAll( - strings.ReplaceAll( - strings.ReplaceAll( - strings.ReplaceAll(JSONOut, "\n", ""), " ", ""), " ", ""), "\r", ""), "\t", "") -} - func TestAWSPolicy(t *testing.T) { t.Parallel() @@ -176,20 +210,34 @@ func TestAWSPolicy(t *testing.T) { tests := []struct { name string args args - want pike.AwsOutput + want AwsOutput wantErr bool }{ { "fail", args{[]string{"woof"}}, - pike.AwsOutput{}, + AwsOutput{}, true, }, - {"fail2", args{[]string{"woof", "meow:*"}}, pike.AwsOutput{}, true}, + {"fail2", args{[]string{"woof", "meow:*"}}, AwsOutput{}, true}, { "pass", args{[]string{"woof:*"}}, - pike.AwsOutput{JSONOut: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"woof:*\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}"}, + AwsOutput{JSONOut: `{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "woof:*" + ], + "Resource": [ + "*" + ] + } + ] +}`}, false, }, } @@ -198,12 +246,15 @@ func TestAWSPolicy(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.AWSPolicy(tt.args.Permissions, false) + + got, err := AWSPolicy(tt.args.Permissions, false, "") + if (err != nil) != tt.wantErr { t.Errorf("AWSPolicy() error = %v, wantErr %v", err, tt.wantErr) return } + if Minify(got.JSONOut) != Minify(tt.want.JSONOut) { t.Errorf("AWSPolicy() = %v, want %v", got.JSONOut, tt.want.JSONOut) } @@ -230,7 +281,8 @@ func Test_unique(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got := pike.Unique(tt.args.s); !reflect.DeepEqual(got, tt.want) { + + if got := Unique(tt.args.s); !reflect.DeepEqual(got, tt.want) { t.Errorf("Unique() = %v, want %v", got, tt.want) } }) diff --git a/src/readme.go b/src/readme.go index f338f316..bafb6c8c 100644 --- a/src/readme.go +++ b/src/readme.go @@ -2,25 +2,44 @@ package pike import ( "errors" + "fmt" "os" + "path" "strings" "github.com/rs/zerolog/log" ) +type replaceSectionError struct { + err error +} + +type fileDoesNotExistError struct { + file string + err error +} + +func (e fileDoesNotExistError) Error() string { + return fmt.Sprintf("file %s does not exist %v", e.file, e.err) +} + +func (m *replaceSectionError) Error() string { + return fmt.Sprintf("failed to replace section %v", m.err) +} + // Readme Updates a README.md file. func Readme(dirName string, output string, init bool, autoAppend bool) error { - file := dirName + "/README.md" + file := path.Join(dirName, "README.md") if _, err := os.Stat(file); errors.Is(err, os.ErrNotExist) { - return err + return &fileDoesNotExistError{file, err} } - OutPolicy, err2 := MakePolicy(dirName, nil, init, false) - if err2 != nil { - log.Print("failed to make policy") + OutPolicy, err := MakePolicy(dirName, nil, init, false, "", "") + if err != nil { + log.Info().Msg("failed to make policy") - return err2 + return &makePolicyError{err} } var markdown string @@ -31,12 +50,21 @@ func Readme(dirName string, output string, init bool, autoAppend bool) error { case "json": markdown = "\nThe Policy required is:\n\n```json\n" + OutPolicy.AsString(output) + "\n```\n" default: - return errors.New("output formats are terraform or json") + return &tfPolicyFormatError{} } - err := ReplaceSection(file, markdown, autoAppend) + err = ReplaceSection(file, markdown, autoAppend) + if err != nil { + return &replaceSectionError{err} + } - log.Print("readme updated") + log.Info().Msg("readme updated") return err } + +type tfPolicyFormatError struct{} + +func (m *tfPolicyFormatError) Error() string { + return "output formats are Terraform and JSON" +} diff --git a/src/repository.go b/src/repository.go index 90d00881..e12c314d 100644 --- a/src/repository.go +++ b/src/repository.go @@ -1,6 +1,7 @@ package pike import ( + "fmt" "os" "path/filepath" @@ -8,6 +9,36 @@ import ( "github.com/rs/zerolog/log" ) +type gitCloneError struct { + repository string + destination string + err error +} + +func (m *gitCloneError) Error() string { + return fmt.Sprintf("failed to clone repository %s %s %v", m.repository, m.destination, m.err) +} + +type gitHeadError struct { + repository string + destination string + err error +} + +func (m *gitHeadError) Error() string { + return fmt.Sprintf("failed to get head %s %s %v", m.repository, m.destination, m.err) +} + +type gitCommitObjectError struct { + repository string + destination string + err error +} + +func (m *gitCommitObjectError) Error() string { + return fmt.Sprintf("failed to get commit object %s %s %v", m.repository, m.destination, m.err) +} + func Repository(repository, destination, directory, output string, init, write, enableResources bool) error { if _, err := os.Stat(destination); !os.IsNotExist(err) { log.Info().Msgf("%s was not empty, removing", destination) @@ -23,19 +54,19 @@ func Repository(repository, destination, directory, output string, init, write, Depth: 1, }) if err != nil { - return err + return &gitCloneError{repository, destination, err} } // ... retrieving the branch being pointed by HEAD ref, err := r.Head() if err != nil { - return err + return &gitHeadError{repository, destination, err} } // ... retrieving the commit object _, err = r.CommitObject(ref.Hash()) if err != nil { - return err + return &gitCommitObjectError{repository, destination, err} } - return Scan(filepath.Join(destination, directory), output, nil, init, write, enableResources) + return Scan(filepath.Join(destination, directory), output, nil, init, write, enableResources, "", "", "") } diff --git a/src/repository_internal_test.go b/src/repository_internal_test.go new file mode 100644 index 00000000..78f7c580 --- /dev/null +++ b/src/repository_internal_test.go @@ -0,0 +1,175 @@ +package pike + +import ( + "errors" + "testing" +) + +func TestGitCloneError_Error(t *testing.T) { + tests := []struct { + name string + repository string + destination string + err error + expected string + }{ + { + name: "basic error message", + repository: "https://github.com/user/repo.git", + destination: "/tmp/repo", + err: errors.New("connection failed"), + expected: "failed to clone repository https://github.com/user/repo.git /tmp/repo connection failed", + }, + { + name: "empty repository", + repository: "", + destination: "/tmp/repo", + err: errors.New("invalid URL"), + expected: "failed to clone repository /tmp/repo invalid URL", + }, + { + name: "empty destination", + repository: "https://github.com/user/repo.git", + destination: "", + err: errors.New("no destination"), + expected: "failed to clone repository https://github.com/user/repo.git no destination", + }, + { + name: "nil error", + repository: "https://github.com/user/repo.git", + destination: "/tmp/repo", + err: nil, + expected: "failed to clone repository https://github.com/user/repo.git /tmp/repo ", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &gitCloneError{ + repository: tt.repository, + destination: tt.destination, + err: tt.err, + } + if got := e.Error(); got != tt.expected { + t.Errorf("gitCloneError.Error() = %v, want %v", got, tt.expected) + } + }) + } +} + +func TestGitHeadError_Error(t *testing.T) { + tests := []struct { + name string + repository string + destination string + err error + expected string + }{ + { + name: "basic error message", + repository: "https://github.com/user/repo.git", + destination: "/tmp/repo", + err: errors.New("head not found"), + expected: "failed to get head https://github.com/user/repo.git /tmp/repo head not found", + }, + { + name: "empty strings", + repository: "", + destination: "", + err: errors.New("reference error"), + expected: "failed to get head reference error", + }, + { + name: "nil error", + repository: "repo", + destination: "dest", + err: nil, + expected: "failed to get head repo dest ", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &gitHeadError{ + repository: tt.repository, + destination: tt.destination, + err: tt.err, + } + if got := e.Error(); got != tt.expected { + t.Errorf("gitHeadError.Error() = %v, want %v", got, tt.expected) + } + }) + } +} + +func TestGitCommitObjectError_Error(t *testing.T) { + tests := []struct { + name string + repository string + destination string + err error + expected string + }{ + { + name: "basic error message", + repository: "https://github.com/user/repo.git", + destination: "/tmp/repo", + err: errors.New("commit not found"), + expected: "failed to get commit object https://github.com/user/repo.git /tmp/repo commit not found", + }, + { + name: "long repository URL", + repository: "https://very-long-domain-name.example.com/organization/very-long-repository-name.git", + destination: "/very/long/path/to/destination/directory", + err: errors.New("object does not exist"), + expected: "failed to get commit object https://very-long-domain-name.example.com/organization/very-long-repository-name.git /very/long/path/to/destination/directory object does not exist", + }, + { + name: "all empty except error", + repository: "", + destination: "", + err: errors.New("some error"), + expected: "failed to get commit object some error", + }, + { + name: "nil error", + repository: "repo", + destination: "dest", + err: nil, + expected: "failed to get commit object repo dest ", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &gitCommitObjectError{ + repository: tt.repository, + destination: tt.destination, + err: tt.err, + } + if got := e.Error(); got != tt.expected { + t.Errorf("gitCommitObjectError.Error() = %v, want %v", got, tt.expected) + } + }) + } +} + +func TestErrorTypes_ImplementErrorInterface(t *testing.T) { + var err error + + // Test that all error types implement the error interface + err = &gitCloneError{repository: "repo", destination: "dest", err: errors.New("test")} + if err.Error() == "" { + t.Error("gitCloneError should implement error interface") + } + + err = &gitHeadError{repository: "repo", destination: "dest", err: errors.New("test")} + if err.Error() == "" { + t.Error("gitHeadError should implement error interface") + } + + err = &gitCommitObjectError{repository: "repo", destination: "dest", err: errors.New("test")} + if err.Error() == "" { + t.Error("gitCommitObjectError should implement error interface") + } +} diff --git a/src/scan.go b/src/scan.go index bd389fd3..6b6d9515 100644 --- a/src/scan.go +++ b/src/scan.go @@ -6,11 +6,13 @@ import ( "fmt" "os" "os/exec" + "path" "path/filepath" "strings" + "sync" + "time" "github.com/hashicorp/go-version" - "github.com/hashicorp/hc-install/product" "github.com/hashicorp/hc-install/releases" "github.com/hashicorp/terraform-exec/tfexec" @@ -19,89 +21,218 @@ import ( const tfVersion = "1.5.4" +const ( + modulesJSON = "modules.json" + dsStore = ".DS_Store" + dotTfModules = ".terraform/modules" +) + +var ( + terraformMutex sync.Mutex + initMutex sync.Map // per-directory mutex +) + type emptyIACError struct{} func (m *emptyIACError) Error() string { return "no IAC found" } +type makePolicyError struct { + err error +} + +func (m *makePolicyError) Error() string { + return fmt.Sprintf("failed to make policy %v", m.err) +} + +type emptyScanLocationError struct{} + +func (m *emptyScanLocationError) Error() string { + return "no scan location" +} + +type makeDirectoryError struct { + directory string + err error +} + +func (m *makeDirectoryError) Error() string { + return fmt.Sprintf("failed to make directory %s %v", m.directory, m.err) +} + +type locateTerraformError struct { + err error +} + +func (m *locateTerraformError) Error() string { + return fmt.Sprintf("failed to find Terraform %v", m.err) +} + +type terraformExecError struct { + err error +} + +func (m *terraformExecError) Error() string { + return fmt.Sprintf("Terraform execution error %v", m.err) +} + +type terraformInitError struct { + err error +} + +func (m *terraformInitError) Error() string { + return fmt.Sprintf("Terraform init error %v", m.err) +} + +type readDirectoryError struct { + directory string + err error +} + +func (m *readDirectoryError) Error() string { + return fmt.Sprintf("failed to read directory %s %v", m.directory, m.err) +} + +type absolutePathError struct { + directory string + err error +} + +func (m *absolutePathError) Error() string { + return fmt.Sprintf("failed to get absolute path %s %v", m.directory, m.err) +} + +type getTFError struct { + directory string + err error +} + +func (m *getTFError) Error() string { + return fmt.Sprintf("failed to get Terraform templates %s %v", m.directory, m.err) +} + +type getPolicyError struct { + err error +} + +func (m *getPolicyError) Error() string { + return fmt.Sprintf("failed to get policy %v", m.err) +} + // Scan looks for resources in a given directory. -func Scan(dirName string, output string, file *string, init bool, write bool, enableResources bool) error { - OutPolicy, err := MakePolicy(dirName, file, init, enableResources) +func Scan(dirName string, outputType string, file *string, init bool, write bool, enableResources bool, provider string, outFile string, policyName string) error { + if dirName == "" && file == nil { + return &emptyScanLocationError{} + } + + OutPolicy, err := MakePolicy(dirName, file, init, enableResources, provider, policyName) if err != nil { - return err + fmt.Print(err.Error()) + return &makePolicyError{err} } if write { - err2 := WriteOutput(OutPolicy, output, dirName) - if err2 != nil { - return err2 + err = WriteOutput(OutPolicy, outputType, dirName, outFile) + if err != nil { + return &writeFileError{file: outputType, err: err} } } else { - fmt.Print(OutPolicy.AsString(output)) + fmt.Print(OutPolicy.AsString(outputType)) // permit } return err } -// WriteOutput writes out the policy as json or terraform. -func WriteOutput(outPolicy OutputPolicy, output, location string) error { - newPath, _ := filepath.Abs(location + "/.pike") - err := os.MkdirAll(newPath, os.ModePerm) - if err != nil { - return err - } +// WriteOutput writes out the policy as JSON or Terraform. +func WriteOutput(outPolicy OutputPolicy, outputType string, scanPath string, outFile string) error { - var outFile string + var newPath string - d1 := []byte(outPolicy.AsString(output)) + d1 := []byte(outPolicy.AsString(outputType)) - switch strings.ToLower(output) { - case terraform: - outFile = newPath + "/pike.generated_policy.tf" + if outFile != "" { - if outPolicy.AWS.Terraform != "" { - err = os.WriteFile(newPath+"/aws_iam_role.terraform_pike.tf", roleTemplate, 0o644) + } else { + if scanPath == "" { + scanPath = "." } + newPath, _ = filepath.Abs(path.Join(scanPath, ".pike")) + + err := os.MkdirAll(newPath, os.ModePerm) if err != nil { - return err + return &makeDirectoryError{directory: newPath, err: err} } - case "json": - outFile = newPath + "/pike.generated_policy.json" - default: - return errors.New("output format supports only json and terraform") - } - err = os.WriteFile(outFile, d1, 0o644) + switch strings.ToLower(outputType) { + case terraform: + outFile = filepath.Join(newPath, "pike.generated_policy.tf") //path.join does not work here + + if outPolicy.AWS.Terraform != "" { + roleFile := path.Join(newPath, "aws_iam_role.terraform_pike.tf") + err = os.WriteFile(roleFile, roleTemplate, 0o644) + + if err != nil { + return &writeFileError{file: roleFile, err: err} + } + } + + case "json": + outFile = path.Join(newPath, "pike.generated_policy.json") + default: + return &tfPolicyFormatError{} + } + } + err := os.WriteFile(outFile, d1, 0o644) if err != nil { - return err + return &writeFileError{file: outFile, err: err} } + log.Info().Msgf("wrote %s", outFile) + return nil } // Init can download and install terraform if required and then terraform init your specified directory. + func Init(dirName string) (*string, []string, error) { + // Per-directory locking + dirMutex, _ := initMutex.LoadOrStore(dirName, &sync.Mutex{}) + mutex := dirMutex.(*sync.Mutex) + mutex.Lock() + defer mutex.Unlock() + tfPath, err := LocateTerraform() if err != nil { - return nil, nil, err + return nil, nil, &locateTerraformError{err} } tf, err := tfexec.NewTerraform(dirName, tfPath) + if err != nil { - return nil, nil, err + return nil, nil, &terraformExecError{err} } - err = tf.Init(context.Background(), tfexec.Upgrade(true)) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) + defer cancel() + err = tf.Init(ctx, tfexec.Upgrade(true)) if err != nil { - return nil, nil, fmt.Errorf("init failed %w", err) + if errors.Is(context.DeadlineExceeded, ctx.Err()) { + return nil, nil, fmt.Errorf("terraform init timed out after 10 minutes: %w", err) + } + return nil, nil, &terraformInitError{err} } - log.Printf("terraform init at %s", dirName) + log.Info().Msgf("terraform init at %s", dirName) - modules, err := os.ReadDir(dirName + "/" + ".terraform/modules") + modulesDir := path.Join(dirName, dotTfModules) + modules, err := os.ReadDir(modulesDir) + + if err != nil { + return &tfPath, nil, &readDirectoryError{directory: modulesDir, err: err} + } // filter var found []string @@ -114,20 +245,19 @@ func Init(dirName string) (*string, []string, error) { found = append(found, module.Name()) } - if err != nil { - return &tfPath, nil, err - } - - return &tfPath, found, err + return &tfPath, found, nil } -// LocateTerraform finds the Terraform executable or installs it +// LocateTerraform finds the Terraform executable or installs it. func LocateTerraform() (string, error) { + terraformMutex.Lock() + defer terraformMutex.Unlock() + tfPath, err := exec.LookPath(terraform) // if you don't have tf installed, we have to install it if err != nil || tfPath == "" { - log.Printf("installing Terraform %s\n", tfVersion) + log.Info().Msgf("installing Terraform %s\n", tfVersion) installer := &releases.ExactVersion{ Product: product.Terraform, Version: version.Must(version.NewVersion(tfVersion)), @@ -137,7 +267,7 @@ func LocateTerraform() (string, error) { tfPath, err = installer.Install(context.Background()) if err != nil { - return "", err + return "", &locateTerraformError{err} } } @@ -145,16 +275,43 @@ func LocateTerraform() (string, error) { } // MakePolicy does the guts of determining a policy from code. -func MakePolicy(dirName string, file *string, init bool, EnableResources bool) (OutputPolicy, error) { - var ( - files []string - Output OutputPolicy - ) +func MakePolicy(dirName string, file *string, init bool, enableResources bool, provider string, policyName string) (OutputPolicy, error) { + // Validate inputs early + if dirName == "" && file == nil { + return OutputPolicy{}, errors.New("either directory or file should be be set") + } + + var output OutputPolicy + + permissionsBag, err := makePermissionBag(dirName, file, init, provider) + if err != nil { + return output, fmt.Errorf("failed to create permission bag: %w", err) + } + + output, err = GetPolicy(permissionsBag, enableResources, policyName) + if err != nil { + return output, &getPolicyError{err: err} + } + + return output, nil +} + +// Extract common absolute path logic +func getAbsolutePath(path string) (string, error) { + absPath, err := filepath.Abs(path) + if err != nil { + return "", &absolutePathError{directory: path, err: err} + } + return absPath, nil +} +func makePermissionBag(dirName string, file *string, init bool, provider string) (Sorted, error) { + + var files []string if file == nil { - fullPath, err := filepath.Abs(dirName) + fullPath, err := getAbsolutePath(dirName) if err != nil { - return Output, err + return Sorted{}, err } if init { @@ -169,35 +326,37 @@ func MakePolicy(dirName string, file *string, init bool, EnableResources bool) ( } files, err = GetTF(fullPath) - if err != nil { - return Output, err + return Sorted{}, &getTFError{directory: fullPath, err: err} } } else { - myFile, err := filepath.Abs(*file) + myFile, err := getAbsolutePath(*file) if err != nil { - return Output, err + return Sorted{}, err } // is this a tfFile? if !(FileExists(myFile)) { - return Output, os.ErrNotExist + return Sorted{}, os.ErrNotExist } files = append(files, myFile) } if len(files) == 0 { - return Output, &emptyIACError{} + return Sorted{}, &emptyIACError{} } var resources []ResourceV2 + var failedFiles []string + var criticalErrors []error for _, tfFile := range files { resource, err := GetResources(tfFile, dirName) if err != nil { - // parse the other files - log.Print(err) + failedFiles = append(failedFiles, tfFile) + criticalErrors = append(criticalErrors, fmt.Errorf("failed to parse %s: %w", tfFile, err)) + continue } if resource != nil { @@ -205,42 +364,65 @@ func MakePolicy(dirName string, file *string, init bool, EnableResources bool) ( } } - var PermissionBag Sorted + // Fail fast if too many critical files failed + if len(criticalErrors) > 0 { + if len(failedFiles) > len(files)/2 { // More than 50% failed + return Sorted{}, fmt.Errorf("critical parsing failures in %d/%d files: %v", + len(failedFiles), len(files), criticalErrors) + } + log.Warn().Int("failed_files", len(failedFiles)).Msg("some terraform files failed to parse") + } + permissionsBag := GetPermissionBag(resources, provider) + return permissionsBag, nil +} +func GetPermissionBag(resources []ResourceV2, provider string) Sorted { + var permissionBag Sorted var newPerms Sorted for _, resource := range resources { var err error - newPerms, err = GetPermission(resource) - if err != nil { + // implement provider filter + if provider == "" || provider == resource.Provider { + newPerms, err = GetPermission(resource) + } else { continue } - PermissionBag.AWS = append(PermissionBag.AWS, newPerms.AWS...) - PermissionBag.GCP = append(PermissionBag.GCP, newPerms.GCP...) - PermissionBag.AZURE = append(PermissionBag.AZURE, newPerms.AZURE...) - } + if err != nil { + continue + } - Output, err2 := GetPolicy(PermissionBag, EnableResources) - if err2 != nil { - return Output, err2 + switch strings.ToLower(provider) { + case "aws": + permissionBag.AWS = append(permissionBag.AWS, newPerms.AWS...) + case "gcp", "google": + permissionBag.GCP = append(permissionBag.GCP, newPerms.GCP...) + case "azure", "azurerm": + permissionBag.AZURE = append(permissionBag.AZURE, newPerms.AZURE...) + case "": + permissionBag.AWS = append(permissionBag.AWS, newPerms.AWS...) + permissionBag.GCP = append(permissionBag.GCP, newPerms.GCP...) + permissionBag.AZURE = append(permissionBag.AZURE, newPerms.AZURE...) + } } - - return Output, nil + return permissionBag } -// GetTF return tf files in a directory +// GetTF return tf files in a directory. func GetTF(dirName string) ([]string, error) { files, err := GetTFFiles(dirName) + if err != nil { - return nil, fmt.Errorf("folder %s can't be found, may not be local path", dirName) + return nil, &directoryNotFoundError{dirName} } - modulePath := dirName + "/.terraform/modules" + modulePath := path.Join(dirName, dotTfModules) if modules, err := os.ReadDir(modulePath); err == nil { for _, module := range modules { - moreFiles, _ := GetTFFiles(modulePath + "/" + module.Name()) + tfFilesPath := path.Join(modulePath, module.Name()) + moreFiles, _ := GetTFFiles(tfFilesPath) files = append(files, moreFiles...) } } @@ -248,9 +430,12 @@ func GetTF(dirName string) ([]string, error) { return files, nil } -// GetTFFiles get tf files in directory +// GetTFFiles get tf files in directory. func GetTFFiles(dirName string) ([]string, error) { rawFiles, err := os.ReadDir(dirName) + if err != nil { + return nil, &readDirectoryError{dirName, err} + } var files []string @@ -261,13 +446,14 @@ func GetTFFiles(dirName string) ([]string, error) { continue } - files = append(files, dirName+"/"+file.Name()) + newFile := path.Join(dirName, file.Name()) + files = append(files, newFile) } - return files, err + return files, nil } -// StringInSlice looks for item in slice +// StringInSlice looks for item in slice. func StringInSlice(a string, list []string) bool { for _, b := range list { if b == a { @@ -278,7 +464,20 @@ func StringInSlice(a string, list []string) bool { return false } -// GetHCLType gets the resource Name +// GetHCLType gets the resource Name. func GetHCLType(resourceName string) string { return strings.Split(resourceName, "_")[0] } + +const ( + maxFiles = 1000 + maxFileSize = 10 * 1024 * 1024 // 10MB + maxResources = 50000 +) + +func validateLimits(files []string) error { + if len(files) > maxFiles { + return fmt.Errorf("too many files: %d > %d", len(files), maxFiles) + } + return nil +} diff --git a/src/scan_test.go b/src/scan_test.go index 4862ba97..e575bda6 100644 --- a/src/scan_test.go +++ b/src/scan_test.go @@ -1,4 +1,4 @@ -package pike_test +package pike import ( "os" @@ -7,7 +7,6 @@ import ( "runtime" "testing" - pike "github.com/jameswoolfenden/pike/src" "github.com/rs/zerolog/log" ) @@ -20,23 +19,24 @@ func TestScan(t *testing.T) { write bool } - testpath, _ := filepath.Abs("../terraform/aws/backup") + testPath, _ := filepath.Abs("../terraform/aws/backup") tests := []struct { name string args args wantErr bool }{ - {"aws", args{testpath, "json", false}, false}, - {"aws-out", args{testpath, "terraform", true}, false}, - {"google", args{testpath, "json", false}, false}, + {"aws", args{testPath, "json", false}, false}, + {"aws-out", args{testPath, "terraform", true}, false}, + {"google", args{testPath, "json", false}, false}, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if err := pike.Scan(tt.args.dirname, tt.args.output, nil, false, tt.args.write, false); (err != nil) != tt.wantErr { + + if err := Scan(tt.args.dirname, tt.args.output, nil, false, tt.args.write, false, "", "", ""); (err != nil) != tt.wantErr { t.Errorf("Scan() error = %v, wantErr %v", err, tt.wantErr) } }) @@ -72,12 +72,15 @@ func TestGetTF(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.GetTF(tt.args.dirname) + + got, err := GetTF(tt.args.dirname) + if (err != nil) != tt.wantErr { t.Errorf("GetTF() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetTF() = %v, want %v", got, tt.want) } @@ -85,78 +88,99 @@ func TestGetTF(t *testing.T) { } } -func Test_stringInSlice(t *testing.T) { +func TestGetPermissionBag(t *testing.T) { t.Parallel() type args struct { - a string - list []string + resources []ResourceV2 + provider string } + //goland:noinspection GoLinter tests := []struct { name string args args - want bool + want Sorted }{ - {"pass", args{"a", []string{"a", "b", "c"}}, true}, - {"fail", args{"d", []string{"a", "b", "c"}}, false}, + { + "basic_aws", + args{ + resources: []ResourceV2{ + { + TypeName: "terraform", + Name: "aws_s3_bucket", + Provider: "aws", + Attributes: []string{ + "tags", + }, + }, + }, + }, + Sorted{ + AWS: []string{ + "s3:PutBucketTagging", + "s3:DeleteBucket", + "s3:CreateBucket", + "s3:GetLifecycleConfiguration", + "s3:GetBucketTagging", + "s3:GetBucketWebsite", + "s3:GetBucketLogging", + "s3:ListBucket", + "s3:GetAccelerateConfiguration", + "s3:GetBucketVersioning", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:GetReplicationConfiguration", + "s3:GetBucketObjectLockConfiguration", + "s3:GetObjectAcl", + "s3:GetObject", + "s3:GetEncryptionConfiguration", + "s3:GetBucketRequestPayment", + "s3:GetBucketCORS", + "s3:DeleteBucket", + }, + }, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got := pike.StringInSlice(tt.args.a, tt.args.list); got != tt.want { - t.Errorf("StringInSlice() = %v, want %v", got, tt.want) + + permissionBag := GetPermissionBag(tt.args.resources, tt.args.provider) + + if !reflect.DeepEqual(permissionBag, tt.want) { + t.Errorf("MakePolicy() = %v, want %v", permissionBag, tt.want) } }) } } -func TestInit(t *testing.T) { +func Test_stringInSlice(t *testing.T) { t.Parallel() type args struct { - dirName string + a string + list []string } - dirName, _ := filepath.Abs("testdata/init/nicconf") - - err := os.RemoveAll(filepath.Join(dirName, ".terraform")) - - log.Print(err) - tests := []struct { - name string - args args - want []string - wantErr bool + name string + args args + want bool }{ - //todo - //{ - // "remote", - // args{dirName}, - // []string{"api_gateway", "dynamodb_table", "lambda_get", "lambda_post"}, - // false, - //}, + {"pass", args{"a", []string{"a", "b", "c"}}, true}, + {"fail", args{"d", []string{"a", "b", "c"}}, false}, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, modules, err := pike.Init(tt.args.dirName) - log.Print(modules) - if (err != nil) != tt.wantErr { - t.Errorf("Init() error = %v, wantErr %v", err, tt.wantErr) - return - } - if *got == "" { - t.Error("init should return new path to Terraform") - } - if !reflect.DeepEqual(modules, tt.want) { - t.Errorf("Init() got1 = %v, want %v", modules, tt.want) + if got := StringInSlice(tt.args.a, tt.args.list); got != tt.want { + t.Errorf("StringInSlice() = %v, want %v", got, tt.want) } }) } @@ -188,147 +212,229 @@ func TestMakePolicy(t *testing.T) { "testdata/init/nicconf", nil, true, }, `{ - "Version": "2012-10-17", - "Statement": [{ - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": ["apigateway:DELETE", "apigateway:GET", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT"], - "Resource": ["*"] - }, { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget" - ], - "Resource": ["*"] - }, { - "Sid": "VisualEditor2", - "Effect": "Allow", - "Action": [ - "dynamodb:BatchWriteItem", - "dynamodb:CreateTable", - "dynamodb:CreateTableReplica", - "dynamodb:DeleteItem", - "dynamodb:DeleteTable", - "dynamodb:DeleteTableReplica", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeTable", - "dynamodb:DescribeTimeToLive", - "dynamodb:GetItem", - "dynamodb:ListTagsOfResource", - "dynamodb:PutItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:TagResource", - "dynamodb:UntagResource", - "dynamodb:UpdateContinuousBackups", - "dynamodb:UpdateItem", - "dynamodb:UpdateTable", - "dynamodb:UpdateTimeToLive" - ], - "Resource": ["*"] - }, { - "Sid": "VisualEditor3", - "Effect": "Allow", - "Action": ["ec2:DescribeAccountAttributes", "ec2:DescribeNetworkInterfaces"], - "Resource": ["*"] - }, { - "Sid": "VisualEditor4", - "Effect": "Allow", - "Action": [ - "iam:AttachRolePolicy", - "iam:CreatePolicy", - "iam:CreateRole", - "iam:CreateServiceLinkedRole", - "iam:DeletePolicy", - "iam:DeleteRole", - "iam:DeleteRolePermissionsBoundary", - "iam:DetachRolePolicy", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfilesForRole", - "iam:ListPolicies", - "iam:ListPolicyVersions", - "iam:ListRolePolicies", - "iam:PassRole", - "iam:PutRolePermissionsBoundary", - "iam:TagPolicy", - "iam:TagRole", - "iam:UntagPolicy", - "iam:UpdateRoleDescription" - ], - "Resource": ["*"] - }, { - "Sid": "VisualEditor5", - "Effect": "Allow", - "Action": [ - "lambda:AddPermission", - "lambda:CreateEventSourceMapping", - "lambda:CreateFunction", - "lambda:CreateFunctionUrlConfig", - "lambda:DeleteEventSourceMapping", - "lambda:DeleteFunction", - "lambda:DeleteFunctionEventInvokeConfig", - "lambda:DeleteFunctionUrlConfig", - "lambda:DeleteLayerVersion", - "lambda:DeleteProvisionedConcurrencyConfig", - "lambda:GetCodeSigningConfig", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionEventInvokeConfig", - "lambda:GetFunctionUrlConfig", - "lambda:GetLayerVersion", - "lambda:GetPolicy", - "lambda:GetProvisionedConcurrencyConfig", - "lambda:ListVersionsByFunction", - "lambda:PublishLayerVersion", - "lambda:PutFunctionEventInvokeConfig", - "lambda:PutProvisionedConcurrencyConfig", - "lambda:RemovePermission", - "lambda:TagResource", - "lambda:UntagResource", - "lambda:UpdateEventSourceMapping", - "lambda:UpdateFunctionEventInvokeConfig", - "lambda:UpdateFunctionUrlConfig" - ], - "Resource": ["*"] - }, { - "Sid": "VisualEditor6", - "Effect": "Allow", - "Action": [ - "logs:AssociateKmsKey", - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:DeleteRetentionPolicy", - "logs:DescribeLogGroups", - "logs:DisassociateKmsKey", - "logs:ListTagsLogGroup", - "logs:PutRetentionPolicy", - "logs:TagLogGroup", - "logs:UntagLogGroup" - ], - "Resource": ["*"] - }, { - "Sid": "VisualEditor7", - "Effect": "Allow", - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectTagging", - "s3:GetObjectVersion", - "s3:PutObject" -], - "Resource": ["*"] - }] - }`, + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "apigateway:DELETE", + "apigateway:GET", + "apigateway:PATCH", + "apigateway:POST", + "apigateway:PUT" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor1", + "Effect": "Allow", + "Action": [ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:RegisterScalableTarget" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor2", + "Effect": "Allow", + "Action": [ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:PutMetricAlarm" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor3", + "Effect": "Allow", + "Action": [ + "dynamodb:BatchWriteItem", + "dynamodb:CreateTable", + "dynamodb:CreateTableReplica", + "dynamodb:DeleteItem", + "dynamodb:DeleteTable", + "dynamodb:DeleteTableReplica", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeKinesisStreamingDestination", + "dynamodb:DescribeTable", + "dynamodb:DescribeTimeToLive", + "dynamodb:DisableKinesisStreamingDestination", + "dynamodb:EnableKinesisStreamingDestination", + "dynamodb:GetItem", + "dynamodb:ListTagsOfResource", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:TagResource", + "dynamodb:UntagResource", + "dynamodb:UpdateContinuousBackups", + "dynamodb:UpdateItem", + "dynamodb:UpdateTable", + "dynamodb:UpdateTimeToLive" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor4", + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeNetworkInterfaces" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor5", + "Effect": "Allow", + "Action": [ + "iam:AttachRolePolicy", + "iam:CreatePolicy", + "iam:CreateRole", + "iam:CreateServiceLinkedRole", + "iam:DeletePolicy", + "iam:DeleteRole", + "iam:DeleteRolePermissionsBoundary", + "iam:DetachRolePolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicies", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:PassRole", + "iam:PutRolePermissionsBoundary", + "iam:TagPolicy", + "iam:TagRole", + "iam:UntagPolicy", + "iam:UntagRole", + "iam:UpdateRoleDescription" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor6", + "Effect": "Allow", + "Action": [ + "kinesis:DescribeStream", + "kinesis:PutRecords" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor7", + "Effect": "Allow", + "Action": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:ListAliases", + "kms:RevokeGrant" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor8", + "Effect": "Allow", + "Action": [ + "lambda:AddPermission", + "lambda:CreateEventSourceMapping", + "lambda:CreateFunction", + "lambda:CreateFunctionUrlConfig", + "lambda:DeleteEventSourceMapping", + "lambda:DeleteFunction", + "lambda:DeleteFunctionEventInvokeConfig", + "lambda:DeleteFunctionUrlConfig", + "lambda:DeleteLayerVersion", + "lambda:DeleteProvisionedConcurrencyConfig", + "lambda:GetCodeSigningConfig", + "lambda:GetEventSourceMapping", + "lambda:GetFunction", + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetFunctionEventInvokeConfig", + "lambda:GetFunctionUrlConfig", + "lambda:GetLayerVersion", + "lambda:GetPolicy", + "lambda:GetProvisionedConcurrencyConfig", + "lambda:ListTags", + "lambda:ListVersionsByFunction", + "lambda:PublishLayerVersion", + "lambda:PutFunctionEventInvokeConfig", + "lambda:PutProvisionedConcurrencyConfig", + "lambda:RemovePermission", + "lambda:TagResource", + "lambda:UntagResource", + "lambda:UpdateEventSourceMapping", + "lambda:UpdateFunctionEventInvokeConfig", + "lambda:UpdateFunctionUrlConfig" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor9", + "Effect": "Allow", + "Action": [ + "logs:AssociateKmsKey", + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:DeleteRetentionPolicy", + "logs:DescribeLogGroups", + "logs:DisassociateKmsKey", + "logs:ListTagsForResource", + "logs:ListTagsLogGroup", + "logs:PutRetentionPolicy", + "logs:TagLogGroup", + "logs:UntagLogGroup" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor10", + "Effect": "Allow", + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:PutObject" + ], + "Resource": [ + "*" + ] + } + ] +}`, false, }, { @@ -340,7 +446,39 @@ func TestMakePolicy(t *testing.T) { { "a file", args{"", &actual, false}, - "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:CreateBucket\",\n \"s3:DeleteBucket\",\n \"s3:GetAccelerateConfiguration\",\n \"s3:GetBucketAcl\",\n \"s3:GetBucketCORS\",\n \"s3:GetBucketLogging\",\n \"s3:GetBucketObjectLockConfiguration\",\n \"s3:GetBucketPolicy\",\n \"s3:GetBucketRequestPayment\",\n \"s3:GetBucketTagging\",\n \"s3:GetBucketVersioning\",\n \"s3:GetBucketWebsite\",\n \"s3:GetEncryptionConfiguration\",\n \"s3:GetLifecycleConfiguration\",\n \"s3:GetObject\",\n \"s3:GetObjectAcl\",\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n", + ` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:GetAccelerateConfiguration", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLogging", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetReplicationConfiguration", + "s3:ListBucket" + ], + "Resource": [ + "*" + ] + } + ] +}`, false, }, { @@ -359,13 +497,62 @@ func TestMakePolicy(t *testing.T) { "dynamic", args{"", &dynamic, false}, `{ - "Version": "2012-10-17", - "Statement": [{ - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": ["autoscaling:CreateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteTags", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeScalingActivities", "autoscaling:UpdateAutoScalingGroup"], - "Resource": ["*"] - }] + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags", + "autoscaling:Describe*", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeScalingActivities", + "autoscaling:UpdateAutoScalingGroup" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor1", + "Effect": "Allow", + "Action": [ + "ec2:Describe*", + "ec2:Get*", + "ec2:RunInstances" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor2", + "Effect": "Allow", + "Action": [ + "managed-fleets:DeleteAutoScalingGroup", + "managed-fleets:DeregisterAutoScalingGroup", + "managed-fleets:Get*", + "managed-fleets:RegisterAutoScalingGroup", + "managed-fleets:UpdateAutoScalingGroup" + ], + "Resource": [ + "*" + ] + }, + { + "Sid": "VisualEditor3", + "Effect": "Allow", + "Action": [ + "ssm:Get*" + ], + "Resource": [ + "*" + ] + } + ] }`, false, }, @@ -375,7 +562,9 @@ func TestMakePolicy(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.MakePolicy(tt.args.dirName, tt.args.file, tt.args.init, false) + + got, err := MakePolicy(tt.args.dirName, tt.args.file, tt.args.init, false, "", "") + if (err != nil) != tt.wantErr { t.Errorf("MakePolicy() error = %v, wantErr %v", err, tt.wantErr) @@ -384,6 +573,7 @@ func TestMakePolicy(t *testing.T) { JSONOut := Minify(got.AWS.JSONOut) want := Minify(tt.want) + if !reflect.DeepEqual(JSONOut, want) { t.Errorf("MakePolicy() = %v, want %v", JSONOut, want) } @@ -404,13 +594,16 @@ func TestGetHCLType(t *testing.T) { want string }{ {"basic", args{"aws_s3_bucket"}, "aws"}, + {"gcp", args{"google_storage_bucket"}, "google"}, + {"azurerm", args{"azurerm_storage_account"}, "azurerm"}, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got := pike.GetHCLType(tt.args.resourceName); got != tt.want { + + if got := GetHCLType(tt.args.resourceName); got != tt.want { t.Errorf("GetHCLType() = %v, want %v", got, tt.want) } }) @@ -451,12 +644,15 @@ func Test_getTFFiles(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.GetTFFiles(tt.args.dirName) + + got, err := GetTFFiles(tt.args.dirName) + if (err != nil) != tt.wantErr { t.Errorf("GetTFFiles() error = %v, wantErr %v", err, tt.wantErr) return } + if !reflect.DeepEqual(got, tt.want) { t.Errorf("GetTFFiles() = %v, want %v", got, tt.want) } @@ -468,12 +664,12 @@ func TestWriteOutput(t *testing.T) { t.Parallel() type args struct { - OutPolicy pike.OutputPolicy + OutPolicy OutputPolicy output string location string } - out := pike.OutputPolicy{AWS: pike.AwsOutput{ + out := OutputPolicy{AWS: AwsOutput{ JSONOut: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"SNS:CreateTopic\",\n \"SNS:DeleteTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:ListTagsForResource\",\n \"SNS:ListTopics\",\n \"SNS:SetTopicAttributes\",\n \"SNS:TagResource\",\n \"SNS:UnTagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor1\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm:AddTagsToCertificate\",\n \"acm:DeleteCertificate\",\n \"acm:DescribeCertificate\",\n \"acm:ListTagsForCertificate\",\n \"acm:RemoveTagsFromCertificate\",\n \"acm:RequestCertificate\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor2\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm-pa:DescribeCertificateAuthority\",\n \"acm-pa:ListTags\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor3\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm-pca:CreateCertificateAuthority\",\n \"acm-pca:DeleteCertificateAuthority\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:UpdateCertificateAuthority\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor4\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"apigateway:DELETE\",\n \"apigateway:GET\",\n \"apigateway:PATCH\",\n \"apigateway:POST\",\n \"apigateway:PUT\",\n \"apigateway:UpdateRestApiPolicy\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor5\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"application-autoscaling:DeleteScalingPolicy\",\n \"application-autoscaling:DeleteScheduledAction\",\n \"application-autoscaling:DeregisterScalableTarget\",\n \"application-autoscaling:DescribeScalableTargets\",\n \"application-autoscaling:DescribeScalingPolicies\",\n \"application-autoscaling:DescribeScheduledActions\",\n \"application-autoscaling:PutScalingPolicy\",\n \"application-autoscaling:PutScheduledAction\",\n \"application-autoscaling:RegisterScalableTarget\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor6\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"application-autoscaling:DeleteScalingPolicy\",\n \"application-autoscaling:DeleteScheduledAction\",\n \"application-autoscaling:DeregisterScalableTarget\",\n \"application-autoscaling:DescribeScalableTargets\",\n \"application-autoscaling:DescribeScalingPolicies\",\n \"application-autoscaling:DescribeScheduledActions\",\n \"application-autoscaling:PutScalingPolicy\",\n \"application-autoscaling:PutScheduledAction\",\n \"application-autoscaling:RegisterScalableTarget\",\n \"autoscaling:AttachLoadBalancers\",\n \"autoscaling:CreateAutoScalingGroup\",\n \"autoscaling:CreateLaunchConfiguration\",\n \"autoscaling:DeleteAutoScalingGroup\",\n \"autoscaling:DeleteLaunchConfiguration\",\n \"autoscaling:DescribeAutoScalingGroups\",\n \"autoscaling:DescribeLaunchConfigurations\",\n \"autoscaling:DescribeScalingActivities\",\n \"autoscaling:DetachLoadBalancers\",\n \"autoscaling:UpdateAutoScalingGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor7\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"budgets:ModifyBudget\",\n \"budgets:ViewBudget\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor8\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cloudtrail:AddTags\",\n \"cloudtrail:CreateTrail\",\n \"cloudtrail:DeleteTrail\",\n \"cloudtrail:DescribeTrails\",\n \"cloudtrail:GetEventSelectors\",\n \"cloudtrail:GetTrailStatus\",\n \"cloudtrail:ListTags\",\n \"cloudtrail:PutEventSelectors\",\n \"cloudtrail:RemoveTags\",\n \"cloudtrail:StartLogging\",\n \"cloudtrail:UpdateTrail\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor9\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cloudwatch:DeleteAlarms\",\n \"cloudwatch:DescribeAlarms\",\n \"cloudwatch:ListTagsForResource\",\n \"cloudwatch:PutMetricAlarm\",\n \"cloudwatch:TagResource\",\n \"cloudwatch:UnTagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor10\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codeartifact:CreateDomain\",\n \"codeartifact:CreateRepository\",\n \"codeartifact:DeleteDomain\",\n \"codeartifact:DeleteDomainPermissionsPolicy\",\n \"codeartifact:DeleteRepository\",\n \"codeartifact:DeleteRepositoryPermissionsPolicy\",\n \"codeartifact:DescribeDomain\",\n \"codeartifact:DescribeRepository\",\n \"codeartifact:GetDomainPermissionsPolicy\",\n \"codeartifact:GetRepositoryPermissionsPolicy\",\n \"codeartifact:ListTagsForResource\",\n \"codeartifact:PutDomainPermissionsPolicy\",\n \"codeartifact:PutRepositoryPermissionsPolicy\",\n \"codeartifact:TagResource\",\n \"codeartifact:UntagResource\",\n \"codeartifact:UpdateRepository\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor11\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetProjects\",\n \"codebuild:CreateProject\",\n \"codebuild:DeleteProject\",\n \"codebuild:UpdateProject\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor12\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codecommit:CreateRepository\",\n \"codecommit:DeleteRepository\",\n \"codecommit:GetRepository\",\n \"codecommit:ListBranches\",\n \"codecommit:ListTagsForResource\",\n \"codecommit:TagResource\",\n \"codecommit:UntagResource\",\n \"codecommit:UpdateRepositoryDescription\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor13\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codepipeline:CreatePipeline\",\n \"codepipeline:DeletePipeline\",\n \"codepipeline:GetPipeline\",\n \"codepipeline:ListTagsForResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor14\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cognito-idp:AddCustomAttributes\",\n \"cognito-idp:AdminAddUserToGroup\",\n \"cognito-idp:AdminCreateUser\",\n \"cognito-idp:AdminDeleteUser\",\n \"cognito-idp:AdminGetUser\",\n \"cognito-idp:AdminListGroupsForUser\",\n \"cognito-idp:AdminRemoveUserFromGroup\",\n \"cognito-idp:CreateGroup\",\n \"cognito-idp:CreateIdentityProvider\",\n \"cognito-idp:CreateResourceServer\",\n \"cognito-idp:CreateUserPool\",\n \"cognito-idp:CreateUserPoolClient\",\n \"cognito-idp:CreateUserPoolDomain\",\n \"cognito-idp:DeleteGroup\",\n \"cognito-idp:DeleteIdentityProvider\",\n \"cognito-idp:DeleteResourceServer\",\n \"cognito-idp:DeleteUserPool\",\n \"cognito-idp:DeleteUserPoolClient\",\n \"cognito-idp:DeleteUserPoolDomain\",\n \"cognito-idp:DescribeIdentityProvider\",\n \"cognito-idp:DescribeResourceServer\",\n \"cognito-idp:DescribeUserPool\",\n \"cognito-idp:DescribeUserPoolClient\",\n \"cognito-idp:DescribeUserPoolDomain\",\n \"cognito-idp:GetGroup\",\n \"cognito-idp:GetSigningCertificate\",\n \"cognito-idp:GetUICustomization\",\n \"cognito-idp:GetUserPoolMfaConfig\",\n \"cognito-idp:ListUserPoolClients\",\n \"cognito-idp:ListUserPools\",\n \"cognito-idp:SetUICustomization\",\n \"cognito-idp:SetUserPoolMfaConfig\",\n \"cognito-idp:TagResource\",\n \"cognito-idp:UntagResource\",\n \"cognito-idp:UpdateGroup\",\n \"cognito-idp:UpdateIdentityProvider\",\n \"cognito-idp:UpdateResourceServer\",\n \"cognito-idp:UpdateUserPool\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor15\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"dax:CreateParameterGroup\",\n \"dax:CreateSubnetGroup\",\n \"dax:DeleteParameterGroup\",\n \"dax:DeleteSubnetGroup\",\n \"dax:DescribeParameterGroups\",\n \"dax:DescribeParameters\",\n \"dax:DescribeSubnetGroups\",\n \"dax:UpdateParameterGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor16\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ds:AddTagsToResource\",\n \"ds:CreateDirectory\",\n \"ds:CreateLogSubscription\",\n \"ds:DeleteDirectory\",\n \"ds:DeleteLogSubscription\",\n \"ds:ListTagsForResource\",\n \"ds:RemoveTagsFromResource\",\n \"rds:AddRoleToDBCluster\",\n \"rds:AddTagsToResource\",\n \"rds:CreateDBCluster\",\n \"rds:CreateDBClusterEndpoint\",\n \"rds:CreateDBClusterParameterGroup\",\n \"rds:CreateDBClusterSnapshot\",\n \"rds:CreateDBInstance\",\n \"rds:CreateDBParameterGroup\",\n \"rds:CreateDBSubnetGroup\",\n \"rds:CreateGlobalCluster\",\n \"rds:CreateOptionGroup\",\n \"rds:DeleteDBCluster\",\n \"rds:DeleteDBClusterEndpoint\",\n \"rds:DeleteDBClusterParameterGroup\",\n \"rds:DeleteDBClusterSnapshot\",\n \"rds:DeleteDBParameterGroup\",\n \"rds:DeleteDBSubnetGroup\",\n \"rds:DeleteGlobalCluster\",\n \"rds:DeleteOptionGroup\",\n \"rds:DescribeCertificates\",\n \"rds:DescribeDBClusterParameterGroups\",\n \"rds:DescribeDBClusterParameters\",\n \"rds:DescribeDBClusterSnapshots\",\n \"rds:DescribeDBClusters\",\n \"rds:DescribeDBEngineVersions\",\n \"rds:DescribeDBInstances\",\n \"rds:DescribeDBParameterGroups\",\n \"rds:DescribeDBParameters\",\n \"rds:DescribeDBSnapshots\",\n \"rds:DescribeDBSubnetGroups\",\n \"rds:DescribeEventCategories\",\n \"rds:DescribeGlobalClusters\",\n \"rds:DescribeOptionGroups\",\n \"rds:DescribeOrderableDBInstanceOptions\",\n \"rds:ListTagsForResource\",\n \"rds:ModifyDBCluster\",\n \"rds:ModifyDBClusterEndpoint\",\n \"rds:ModifyDBClusterParameterGroup\",\n \"rds:ModifyDBInstance\",\n \"rds:ModifyDBParameterGroup\",\n \"rds:ModifyGlobalCluster\",\n \"rds:ModifyOptionGroup\",\n \"rds:RemoveRoleFromDBCluster\",\n \"rds:RemoveTagsFromResource\",\n \"rds:StartActivityStream\",\n \"rds:StopActivityStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor17\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:GetItem\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:Scan\",\n \"dynamodb:TagResource\",\n \"dynamodb:UntagResource\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor18\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:AllocateAddress\",\n \"ec2:AssociateAddress\",\n \"ec2:AssociateRouteTable\",\n \"ec2:AttachInternetGateway\",\n \"ec2:AttachVolume\",\n \"ec2:AttachVpnGateway\",\n \"ec2:AuthorizeSecurityGroupEgress\",\n \"ec2:AuthorizeSecurityGroupIngress\",\n \"ec2:CancelCapacityReservation\",\n \"ec2:CancelSpotInstanceRequests\",\n \"ec2:CreateCapacityReservation\",\n \"ec2:CreateDefaultVpc\",\n \"ec2:CreateFlowLogs\",\n \"ec2:CreateInternetGateway\",\n \"ec2:CreateKeyPair\",\n \"ec2:CreateLaunchTemplate\",\n \"ec2:CreateLaunchTemplateVersion\",\n \"ec2:CreateNatGateway\",\n \"ec2:CreateNetworkAcl\",\n \"ec2:CreateNetworkAclEntry\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:CreatePlacementGroup\",\n \"ec2:CreateRoute\",\n \"ec2:CreateRouteTable\",\n \"ec2:CreateSecurityGroup\",\n \"ec2:CreateSubnet\",\n \"ec2:CreateTags\",\n \"ec2:CreateVPC\",\n \"ec2:CreateVolume\",\n \"ec2:CreateVpcEndpoint\",\n \"ec2:CreateVpnGateway\",\n \"ec2:DeleteFlowLogs\",\n \"ec2:DeleteInternetGateway\",\n \"ec2:DeleteKeyPair\",\n \"ec2:DeleteLaunchTemplate\",\n \"ec2:DeleteNatGateway\",\n \"ec2:DeleteNetworkAcl\",\n \"ec2:DeleteNetworkAclEntry\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DeleteNetworkInterfacePermission\",\n \"ec2:DeletePlacementGroup\",\n \"ec2:DeleteRoute\",\n \"ec2:DeleteRouteTable\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:DeleteSubnet\",\n \"ec2:DeleteTags\",\n \"ec2:DeleteVPC\",\n \"ec2:DeleteVolume\",\n \"ec2:DeleteVpcEndpoints\",\n \"ec2:DeleteVpnGateway\",\n \"ec2:DescribeAccountAttributes\",\n \"ec2:DescribeAddresses\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeCapacityReservations\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeFlowLogs\",\n \"ec2:DescribeImages\",\n \"ec2:DescribeInstanceAttribute\",\n \"ec2:DescribeInstanceCreditSpecifications\",\n \"ec2:DescribeInstanceTypes\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeKeyPairs\",\n \"ec2:DescribeLaunchTemplateVersions\",\n \"ec2:DescribeLaunchTemplates\",\n \"ec2:DescribeNatGateways\",\n \"ec2:DescribeNetworkAcls\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribePlacementGroups\",\n \"ec2:DescribePrefixLists\",\n \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeSpotInstanceRequests\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVpcEndpointServices\",\n \"ec2:DescribeVpcEndpoints\",\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpnGateways\",\n \"ec2:DetachInternetGateway\",\n \"ec2:DetachNetworkInterface\",\n \"ec2:DetachVolume\",\n \"ec2:DetachVpnGateway\",\n \"ec2:DisassociateAddress\",\n \"ec2:DisassociateRouteTable\",\n \"ec2:GetEbsDefaultKmsKeyId\",\n \"ec2:ImportKeyPair\",\n \"ec2:ModifyCapacityReservation\",\n \"ec2:ModifyInstanceAttribute\",\n \"ec2:ModifyVolume\",\n \"ec2:ModifyVpcEndpoint\",\n \"ec2:MonitorInstances\",\n \"ec2:ReleaseAddress\",\n \"ec2:RequestSpotInstances\",\n \"ec2:RevokeSecurityGroupEgress\",\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:RunInstances\",\n \"ec2:StartInstances\",\n \"ec2:StopInstances\",\n \"ec2:TerminateInstances\",\n \"ec2:UnmonitorInstances\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor19\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecr:CreatePullThroughCacheRule\",\n \"ecr:CreateRepository\",\n \"ecr:DeleteLifecyclePolicy\",\n \"ecr:DeletePullThroughCacheRule\",\n \"ecr:DeleteRepository\",\n \"ecr:DescribePullThroughCacheRules\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:GetLifecyclePolicy\",\n \"ecr:ListTagsForResource\",\n \"ecr:PutImageScanningConfiguration\",\n \"ecr:PutLifecyclePolicy\",\n \"ecr:TagResource\",\n \"ecr:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor20\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecs:CreateCluster\",\n \"ecs:CreateService\",\n \"ecs:DeleteCluster\",\n \"ecs:DeleteService\",\n \"ecs:DeregisterTaskDefinition\",\n \"ecs:DescribeClusters\",\n \"ecs:DescribeServices\",\n \"ecs:DescribeTaskDefinition\",\n \"ecs:UpdateCluster\",\n \"ecs:RegisterTaskDefinition\",\n \"ecs:TagResource\",\n \"ecs:UntagResource\",\n \"ecs:UpdateService\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor21\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"eks:DescribeCluster\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor22\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticache:AddTagsToResource\",\n \"elasticache:CreateCacheParameterGroup\",\n \"elasticache:CreateCacheSubnetGroup\",\n \"elasticache:DeleteCacheParameterGroup\",\n \"elasticache:DeleteCacheSubnetGroup\",\n \"elasticache:DescribeCacheParameterGroups\",\n \"elasticache:DescribeCacheParameters\",\n \"elasticache:DescribeCacheSubnetGroups\",\n \"elasticache:ListTagsForResource\",\n \"elasticache:ModifyCacheParameterGroup\",\n \"elasticache:ModifyCacheSubnetGroup\",\n \"elasticache:RemoveTagsFromResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor23\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticbeanstalk:AddTags\",\n \"elasticbeanstalk:CreateApplication\",\n \"elasticbeanstalk:DeleteApplication\",\n \"elasticbeanstalk:DescribeApplications\",\n \"elasticbeanstalk:ListAvailableSolutionStacks\",\n \"elasticbeanstalk:ListTagsForResource\",\n \"elasticbeanstalk:RemoveTags\",\n \"elasticbeanstalk:UpdateApplicationResourceLifecycle\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor24\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticfilesystem:CreateAccessPoint\",\n \"elasticfilesystem:CreateFileSystem\",\n \"elasticfilesystem:CreateReplicationConfiguration\",\n \"elasticfilesystem:DeleteAccessPoint\",\n \"elasticfilesystem:DeleteFileSystem\",\n \"elasticfilesystem:DeleteFileSystemPolicy\",\n \"elasticfilesystem:DeleteReplicationConfiguration\",\n \"elasticfilesystem:DescribeAccessPoints\",\n \"elasticfilesystem:DescribeBackupPolicy\",\n \"elasticfilesystem:DescribeFileSystemPolicy\",\n \"elasticfilesystem:DescribeFileSystems\",\n \"elasticfilesystem:DescribeLifecycleConfiguration\",\n \"elasticfilesystem:DescribeMountTargetSecurityGroups\",\n \"elasticfilesystem:DescribeMountTargets\",\n \"elasticfilesystem:DescribeReplicationConfigurations\",\n \"elasticfilesystem:PutBackupPolicy\",\n \"elasticfilesystem:PutFileSystemPolicy\",\n \"elasticfilesystem:TagResource\",\n \"elasticfilesystem:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor25\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:AddTags\",\n \"elasticloadbalancing:AttachLoadBalancerToSubnets\",\n \"elasticloadbalancing:CreateListener\",\n \"elasticloadbalancing:CreateLoadBalancer\",\n \"elasticloadbalancing:CreateLoadBalancerListeners\",\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:DeleteListener\",\n \"elasticloadbalancing:DeleteLoadBalancer\",\n \"elasticloadbalancing:DeleteTargetGroup\",\n \"elasticloadbalancing:DeregisterTargets\",\n \"elasticloadbalancing:DescribeListeners\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeTargetGroupAttributes\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticloadbalancing:DescribeTargetHealth\",\n \"elasticloadbalancing:ModifyListener\",\n \"elasticloadbalancing:ModifyLoadBalancerAttributes\",\n \"elasticloadbalancing:ModifyTargetGroupAttributes\",\n \"elasticloadbalancing:RegisterTargets\",\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:SetSecurityGroups\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor26\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"events:DeleteRule\",\n \"events:DescribeRule\",\n \"events:ListTagsForResource\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"events:TagResource\",\n \"events:UnTagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor27\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"firehose:CreateDeliveryStream\",\n \"firehose:DeleteDeliveryStream\",\n \"firehose:DescribeDeliveryStream\",\n \"firehose:ListTagsForDeliveryStream\",\n \"firehose:TagDeliveryStream\",\n \"firehose:UntagDeliveryStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor28\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"glue:CreateClassifier\",\n \"glue:CreateConnection\",\n \"glue:CreateCrawler\",\n \"glue:CreateDatabase\",\n \"glue:CreateJob\",\n \"glue:CreateMLTransform\",\n \"glue:CreateRegistry\",\n \"glue:CreateSchema\",\n \"glue:CreateScript\",\n \"glue:CreateSecurityConfiguration\",\n \"glue:CreateTable\",\n \"glue:CreateTrigger\",\n \"glue:CreateUserDefinedFunction\",\n \"glue:CreateWorkflow\",\n \"glue:DeleteClassifier\",\n \"glue:DeleteConnection\",\n \"glue:DeleteCrawler\",\n \"glue:DeleteDatabase\",\n \"glue:DeleteJob\",\n \"glue:DeleteMLTransform\",\n \"glue:DeleteRegistry\",\n \"glue:DeleteResourcePolicy\",\n \"glue:DeleteSchema\",\n \"glue:DeleteSecurityConfiguration\",\n \"glue:DeleteTable\",\n \"glue:DeleteTrigger\",\n \"glue:DeleteUserDefinedFunction\",\n \"glue:DeleteWorkflow\",\n \"glue:GetClassifier\",\n \"glue:GetConnection\",\n \"glue:GetCrawler\",\n \"glue:GetDataCatalogEncryptionSettings\",\n \"glue:GetDatabase\",\n \"glue:GetJob\",\n \"glue:GetMLTransform\",\n \"glue:GetRegistry\",\n \"glue:GetResourcePolicy\",\n \"glue:GetSchema\",\n \"glue:GetSchemaVersion\",\n \"glue:GetSecurityConfiguration\",\n \"glue:GetTable\",\n \"glue:GetTags\",\n \"glue:GetTrigger\",\n \"glue:GetUserDefinedFunction\",\n \"glue:GetWorkflow\",\n \"glue:PutDataCatalogEncryptionSettings\",\n \"glue:PutResourcePolicy\",\n \"glue:TagResource\",\n \"glue:UntagResource\",\n \"glue:UpdateClassifier\",\n \"glue:UpdateConnection\",\n \"glue:UpdateCrawler\",\n \"glue:UpdateDatabase\",\n \"glue:UpdateJob\",\n \"glue:UpdateMLTransform\",\n \"glue:UpdateRegistry\",\n \"glue:UpdateSchema\",\n \"glue:UpdateTable\",\n \"glue:UpdateTrigger\",\n \"glue:UpdateUserDefinedFunction\",\n \"glue:UpdateWorkflow\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor29\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:AddRoleToInstanceProfile\",\n \"iam:AddUserToGroup\",\n \"iam:AttachGroupPolicy\",\n \"iam:AttachRolePolicy\",\n \"iam:AttachUserPolicy\",\n \"iam:CreateAccessKey\",\n \"iam:CreateGroup\",\n \"iam:CreateInstanceProfile\",\n \"iam:CreateLoginProfile\",\n \"iam:CreatePolicy\",\n \"iam:CreateRole\",\n \"iam:CreateServiceLinkedRole\",\n \"iam:CreateUser\",\n \"iam:DeleteAccessKey\",\n \"iam:DeleteGroup\",\n \"iam:DeleteGroupPolicy\",\n \"iam:DeleteInstanceProfile\",\n \"iam:DeleteLoginProfile\",\n \"iam:DeletePolicy\",\n \"iam:DeleteRole\",\n \"iam:DeleteRolePolicy\",\n \"iam:DeleteServiceLinkedRole\",\n \"iam:DeleteUser\",\n \"iam:DeleteUserPolicy\",\n \"iam:DetachGroupPolicy\",\n \"iam:DetachRolePolicy\",\n \"iam:DetachUserPolicy\",\n \"iam:GetGroup\",\n \"iam:GetGroupPolicy\",\n \"iam:GetInstanceProfile\",\n \"iam:GetLoginProfile\",\n \"iam:GetPolicy\",\n \"iam:GetPolicyVersion\",\n \"iam:GetRole\",\n \"iam:GetRolePolicy\",\n \"iam:GetServiceLinkedRoleDeletionStatus\",\n \"iam:GetUser\",\n \"iam:GetUserPolicy\",\n \"iam:ListAccessKeys\",\n \"iam:ListAttachedGroupPolicies\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListAttachedUserPolicies\",\n \"iam:ListEntitiesForPolicy\",\n \"iam:ListGroupsForUser\",\n \"iam:ListInstanceProfilesForRole\",\n \"iam:ListPolicies\",\n \"iam:ListPolicyVersions\",\n \"iam:ListRolePolicies\",\n \"iam:PassRole\",\n \"iam:PutGroupPolicy\",\n \"iam:PutRolePolicy\",\n \"iam:PutUserPolicy\",\n \"iam:RemoveRoleFromInstanceProfile\",\n \"iam:RemoveUserFromGroup\",\n \"iam:TagPolicy\",\n \"iam:TagRole\",\n \"iam:TagUser\",\n \"iam:UnTagRole\",\n \"iam:UnTagUser\",\n \"iam:UntagPolicy\",\n \"iam:UpdateAccessKey\",\n \"iam:UpdateRoleDescription\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor30\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"inspector:CreateAssessmentTarget\",\n \"inspector:CreateAssessmentTemplate\",\n \"inspector:CreateResourceGroup\",\n \"inspector:DeleteAssessmentTarget\",\n \"inspector:DeleteAssessmentTemplate\",\n \"inspector:DescribeAssessmentTargets\",\n \"inspector:DescribeAssessmentTemplates\",\n \"inspector:DescribeResourceGroups\",\n \"inspector:ListEventSubscriptions\",\n \"inspector:ListRulesPackages\",\n \"inspector:ListTagsForResource\",\n \"inspector:SetTagsForResource\",\n \"inspector:SubscribeToEvent\",\n \"inspector:UnsubscribeFromEvent\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor31\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kinesis:AddTagsToStream\",\n \"kinesis:CreateStream\",\n \"kinesis:DeleteStream\",\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:EnableEnhancedMonitoring\",\n \"kinesis:IncreaseStreamRetentionPeriod\",\n \"kinesis:ListTagsForStream\",\n \"kinesis:RemoveTagsFromStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor32\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kinesisvideo:CreateStream\",\n \"kinesisvideo:DeleteStream\",\n \"kinesisvideo:DescribeStream\",\n \"kinesisvideo:ListTagsForStream\",\n \"kinesisvideo:TagStream\",\n \"kinesisvideo:UntagStream\",\n \"kinesisvideo:UpdateStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor33\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:CreateAlias\",\n \"kms:CreateGrant\",\n \"kms:CreateKey\",\n \"kms:Decrypt\",\n \"kms:DeleteAlias\",\n \"kms:DescribeKey\",\n \"kms:DisableKey\",\n \"kms:EnableKey\",\n \"kms:EnableKeyRotation\",\n \"kms:Encrypt\",\n \"kms:GenerateDataKey*\",\n \"kms:GetKeyPolicy\",\n \"kms:GetKeyRotationStatus\",\n \"kms:ListAliases\",\n \"kms:ListResourceTags\",\n \"kms:PutKeyPolicy\",\n \"kms:ReEncrypt*\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:TagResource\",\n \"kms:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor34\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"lambda:AddPermission\",\n \"lambda:CreateAlias\",\n \"lambda:CreateFunction\",\n \"lambda:DeleteAlias\",\n \"lambda:DeleteFunction\",\n \"lambda:GetAlias\",\n \"lambda:GetFunction\",\n \"lambda:GetFunctionCodeSigningConfig\",\n \"lambda:GetPolicy\",\n \"lambda:ListVersionsByFunction\",\n \"lambda:RemovePermission\",\n \"lambda:TagResource\",\n \"lambda:UntagResource\",\n \"lambda:UpdateAlias\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor35\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:DeleteLogGroup\",\n \"logs:DeleteMetricFilter\",\n \"logs:DeleteResourcePolicy\",\n \"logs:DeleteRetentionPolicy\",\n \"logs:DeleteSubscriptionFilter\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeMetricFilters\",\n \"logs:DescribeResourcePolicies\",\n \"logs:DescribeSubscriptionFilters\",\n \"logs:ListTagsLogGroup\",\n \"logs:PutMetricFilter\",\n \"logs:PutResourcePolicy\",\n \"logs:PutRetentionPolicy\",\n \"logs:PutSubscriptionFilter\",\n \"logs:TagLogGroup\",\n \"logs:UntagLogGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor36\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"memorydb:CreateSubnetGroup\",\n \"memorydb:DeleteSubnetGroup\",\n \"memorydb:DescribeSubnetGroups\",\n \"memorydb:ListTags\",\n \"memorydb:TagResource\",\n \"memorydb:UntagResource\",\n \"memorydb:UpdateSubnetGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor37\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"mq:CreateBroker\",\n \"mq:CreateConfiguration\",\n \"mq:CreateTags\",\n \"mq:CreateUser\",\n \"mq:DeleteBroker\",\n \"mq:DeleteTags\",\n \"mq:DeleteUser\",\n \"mq:DescribeBroker\",\n \"mq:DescribeConfiguration\",\n \"mq:DescribeConfigurationRevision\",\n \"mq:DescribeUser\",\n \"mq:RebootBroker\",\n \"mq:UpdateBroker\",\n \"mq:UpdateConfiguration\",\n \"mq:UpdateUser\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor38\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"organizations:DescribeOrganization\",\n \"organizations:ListAWSServiceAccessForOrganization\",\n \"organizations:ListAccounts\",\n \"organizations:ListRoots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor39\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"outposts:ListOutposts\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor40\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"rds:AddRoleToDBCluster\",\n \"rds:AddTagsToResource\",\n \"rds:CreateDBCluster\",\n \"rds:CreateDBClusterEndpoint\",\n \"rds:CreateDBClusterParameterGroup\",\n \"rds:CreateDBClusterSnapshot\",\n \"rds:CreateDBInstance\",\n \"rds:CreateDBParameterGroup\",\n \"rds:CreateDBSubnetGroup\",\n \"rds:CreateGlobalCluster\",\n \"rds:CreateOptionGroup\",\n \"rds:DeleteDBCluster\",\n \"rds:DeleteDBClusterEndpoint\",\n \"rds:DeleteDBClusterParameterGroup\",\n \"rds:DeleteDBClusterSnapshot\",\n \"rds:DeleteDBParameterGroup\",\n \"rds:DeleteDBSubnetGroup\",\n \"rds:DeleteGlobalCluster\",\n \"rds:DeleteOptionGroup\",\n \"rds:DescribeCertificates\",\n \"rds:DescribeDBClusterParameterGroups\",\n \"rds:DescribeDBClusterParameters\",\n \"rds:DescribeDBClusterSnapshots\",\n \"rds:DescribeDBClusters\",\n \"rds:DescribeDBEngineVersions\",\n \"rds:DescribeDBInstances\",\n \"rds:DescribeDBParameterGroups\",\n \"rds:DescribeDBParameters\",\n \"rds:DescribeDBSnapshots\",\n \"rds:DescribeDBSubnetGroups\",\n \"rds:DescribeEventCategories\",\n \"rds:DescribeGlobalClusters\",\n \"rds:DescribeOptionGroups\",\n \"rds:DescribeOrderableDBInstanceOptions\",\n \"rds:ListTagsForResource\",\n \"rds:ModifyDBCluster\",\n \"rds:ModifyDBClusterEndpoint\",\n \"rds:ModifyDBClusterParameterGroup\",\n \"rds:ModifyDBInstance\",\n \"rds:ModifyDBParameterGroup\",\n \"rds:ModifyGlobalCluster\",\n \"rds:ModifyOptionGroup\",\n \"rds:RemoveRoleFromDBCluster\",\n \"rds:RemoveTagsFromResource\",\n \"rds:StartActivityStream\",\n \"rds:StopActivityStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor41\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"redshift:CreateAuthenticationProfile\",\n \"redshift:CreateCluster\",\n \"redshift:CreateClusterParameterGroup\",\n \"redshift:CreateClusterSubnetGroup\",\n \"redshift:CreateEventSubscription\",\n \"redshift:CreateHsmClientCertificate\",\n \"redshift:CreateHsmConfiguration\",\n \"redshift:CreateScheduledAction\",\n \"redshift:CreateSnapshotCopyGrant\",\n \"redshift:CreateSnapshotSchedule\",\n \"redshift:CreateTags\",\n \"redshift:CreateUsageLimit\",\n \"redshift:DeleteAuthenticationProfile\",\n \"redshift:DeleteCluster\",\n \"redshift:DeleteClusterParameterGroup\",\n \"redshift:DeleteClusterSubnetGroup\",\n \"redshift:DeleteEventSubscription\",\n \"redshift:DeleteHsmClientCertificate\",\n \"redshift:DeleteHsmConfiguration\",\n \"redshift:DeleteScheduledAction\",\n \"redshift:DeleteSnapshotCopyGrant\",\n \"redshift:DeleteSnapshotSchedule\",\n \"redshift:DeleteTags\",\n \"redshift:DeleteUsageLimit\",\n \"redshift:DescribeAuthenticationProfiles\",\n \"redshift:DescribeClusterParameterGroups\",\n \"redshift:DescribeClusterParameters\",\n \"redshift:DescribeClusterSubnetGroups\",\n \"redshift:DescribeClusters\",\n \"redshift:DescribeEventSubscriptions\",\n \"redshift:DescribeHsmClientCertificates\",\n \"redshift:DescribeHsmConfigurations\",\n \"redshift:DescribeLoggingStatus\",\n \"redshift:DescribeOrderableClusterOptions\",\n \"redshift:DescribeScheduledActions\",\n \"redshift:DescribeSnapshotCopyGrants\",\n \"redshift:DescribeSnapshotSchedules\",\n \"redshift:DescribeUsageLimits\",\n \"redshift:DisableLogging\",\n \"redshift:EnableLogging\",\n \"redshift:GetClusterCredentials\",\n \"redshift:ModifyAuthenticationProfile\",\n \"redshift:ModifyCluster\",\n \"redshift:ModifyClusterIamRoles\",\n \"redshift:ModifyClusterParameterGroup\",\n \"redshift:ModifyClusterSnapshotSchedule\",\n \"redshift:ModifyClusterSubnetGroup\",\n \"redshift:ModifyEventSubscription\",\n \"redshift:ModifyScheduledAction\",\n \"redshift:ModifySnapshotSchedule\",\n \"redshift:ModifyUsageLimit\",\n \"redshift:PauseCluster\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor42\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"route53:AssociateVPCWithHostedZone\",\n \"route53:ChangeResourceRecordSets\",\n \"route53:ChangeTagsForResource\",\n \"route53:CreateHostedZone\",\n \"route53:DeleteHostedZone\",\n \"route53:GetChange\",\n \"route53:GetHostedZone\",\n \"route53:ListHostedZones\",\n \"route53:ListResourceRecordSets\",\n \"route53:ListTagsForResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor43\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:CreateBucket\",\n \"s3:DeleteBucket\",\n \"s3:DeleteObject\",\n \"s3:GetAccelerateConfiguration\",\n \"s3:GetBucketAcl\",\n \"s3:GetBucketCORS\",\n \"s3:GetBucketLocation\",\n \"s3:GetBucketLogging\",\n \"s3:GetBucketObjectLockConfiguration\",\n \"s3:GetBucketPolicy\",\n \"s3:GetBucketPublicAccessBlock\",\n \"s3:GetBucketRequestPayment\",\n \"s3:GetBucketTagging\",\n \"s3:GetBucketVersioning\",\n \"s3:GetBucketWebsite\",\n \"s3:GetEncryptionConfiguration\",\n \"s3:GetLifecycleConfiguration\",\n \"s3:GetObject\",\n \"s3:GetObjectAcl\",\n \"s3:GetObjectTagging\",\n \"s3:GetReplicationConfiguration\",\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:PutBucketAcl\",\n \"s3:PutBucketLogging\",\n \"s3:PutBucketObjectLockConfiguration\",\n \"s3:PutBucketPolicy\",\n \"s3:PutBucketPublicAccessBlock\",\n \"s3:PutBucketVersioning\",\n \"s3:PutEncryptionConfiguration\",\n \"s3:PutLifecycleConfiguration\",\n \"s3:PutObject\",\n \"s3:PutObjectLegalHold\",\n \"s3:PutObjectRetention\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor44\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"secretsmanager:CreateSecret\",\n \"secretsmanager:DeleteSecret\",\n \"secretsmanager:DescribeSecret\",\n \"secretsmanager:GetResourcePolicy\",\n \"secretsmanager:GetSecretValue\",\n \"secretsmanager:PutSecretValue\",\n \"secretsmanager:TagResource\",\n \"secretsmanager:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor45\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"servicecatalog:CreatePortfolio\",\n \"servicecatalog:DeletePortfolio\",\n \"servicecatalog:DescribePortfolio\",\n \"servicecatalog:TagResource\",\n \"servicecatalog:UpdatePortfolio\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor46\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sqs:GetQueueAttributes\",\n \"sqs:ListQueueTags\",\n \"sqs:SetQueueAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor47\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ssm:AddTagsToResource\",\n \"ssm:CreateDocument\",\n \"ssm:CreateMaintenanceWindow\",\n \"ssm:CreatePatchBaseline\",\n \"ssm:DeleteDocument\",\n \"ssm:DeleteMaintenanceWindow\",\n \"ssm:DeleteParameter\",\n \"ssm:DeletePatchBaseline\",\n \"ssm:DeregisterPatchBaselineForPatchGroup\",\n \"ssm:DeregisterTargetFromMaintenanceWindow\",\n \"ssm:DeregisterTaskFromMaintenanceWindow\",\n \"ssm:DescribeDocument\",\n \"ssm:DescribeDocumentPermission\",\n \"ssm:DescribeMaintenanceWindowTargets\",\n \"ssm:DescribeMaintenanceWindowTasks\",\n \"ssm:DescribeParameters\",\n \"ssm:DescribePatchGroups\",\n \"ssm:GetDocument\",\n \"ssm:GetMaintenanceWindow\",\n \"ssm:GetParameter\",\n \"ssm:GetParameters\",\n \"ssm:GetPatchBaseline\",\n \"ssm:ListTagsForResource\",\n \"ssm:PutParameter\",\n \"ssm:RegisterPatchBaselineForPatchGroup\",\n \"ssm:RegisterTargetWithMaintenanceWindow\",\n \"ssm:RegisterTaskWithMaintenanceWindow\",\n \"ssm:RemoveTagsFromResource\",\n \"ssm:UpdateDocument\",\n \"ssm:UpdateMaintenanceWindow\",\n \"ssm:UpdatePatchBaseline\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor48\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sso:ListInstances\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor49\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"states:CreateActivity\",\n \"states:CreateStateMachine\",\n \"states:DeleteActivity\",\n \"states:DeleteStateMachine\",\n \"states:DescribeActivity\",\n \"states:DescribeStateMachine\",\n \"states:ListTagsForResource\",\n \"states:TagResource\",\n \"states:UntagResource\",\n \"states:UpdateStateMachine\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor50\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"wafv2:CreateIpSet\",\n \"wafv2:CreateRegexPatternSet\",\n \"wafv2:CreateRuleGroup\",\n \"wafv2:CreateWebACL\",\n \"wafv2:DeleteIpSet\",\n \"wafv2:DeleteRegexPatternSet\",\n \"wafv2:DeleteRuleGroup\",\n \"wafv2:DeleteWebACL\",\n \"wafv2:GetIpSet\",\n \"wafv2:GetRegexPatternSet\",\n \"wafv2:GetRuleGroup\",\n \"wafv2:GetWebACL\",\n \"wafv2:ListIPSets\",\n \"wafv2:ListRegexPatternSets\",\n \"wafv2:ListRuleGroups\",\n \"wafv2:ListTagsForResource\",\n \"wafv2:ListWebACLs\",\n \"wafv2:TagResource\",\n \"wafv2:UntagResource\",\n \"wafv2:UpdateIpSet\",\n \"wafv2:UpdateRegexPatternSet\",\n \"wafv2:UpdateRuleGroup\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n", Terraform: "resource \"aws_iam_policy\" \"terraform_pike\" {\n name_prefix = \"terraform_pike\"\n path = \"/\"\n description = \"Pike Autogenerated policy from IAC\"\n\n policy = jsonencode({\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"SNS:CreateTopic\",\n \"SNS:DeleteTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:ListTagsForResource\",\n \"SNS:ListTopics\",\n \"SNS:SetTopicAttributes\",\n \"SNS:TagResource\",\n \"SNS:UnTagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor1\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm:AddTagsToCertificate\",\n \"acm:DeleteCertificate\",\n \"acm:DescribeCertificate\",\n \"acm:ListTagsForCertificate\",\n \"acm:RemoveTagsFromCertificate\",\n \"acm:RequestCertificate\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor2\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm-pa:DescribeCertificateAuthority\",\n \"acm-pa:ListTags\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor3\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm-pca:CreateCertificateAuthority\",\n \"acm-pca:DeleteCertificateAuthority\",\n \"acm-pca:GetCertificateAuthorityCertificate\",\n \"acm-pca:UpdateCertificateAuthority\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor4\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"apigateway:DELETE\",\n \"apigateway:GET\",\n \"apigateway:PATCH\",\n \"apigateway:POST\",\n \"apigateway:PUT\",\n \"apigateway:UpdateRestApiPolicy\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor5\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"application-autoscaling:DeleteScalingPolicy\",\n \"application-autoscaling:DeleteScheduledAction\",\n \"application-autoscaling:DeregisterScalableTarget\",\n \"application-autoscaling:DescribeScalableTargets\",\n \"application-autoscaling:DescribeScalingPolicies\",\n \"application-autoscaling:DescribeScheduledActions\",\n \"application-autoscaling:PutScalingPolicy\",\n \"application-autoscaling:PutScheduledAction\",\n \"application-autoscaling:RegisterScalableTarget\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor6\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"application-autoscaling:DeleteScalingPolicy\",\n \"application-autoscaling:DeleteScheduledAction\",\n \"application-autoscaling:DeregisterScalableTarget\",\n \"application-autoscaling:DescribeScalableTargets\",\n \"application-autoscaling:DescribeScalingPolicies\",\n \"application-autoscaling:DescribeScheduledActions\",\n \"application-autoscaling:PutScalingPolicy\",\n \"application-autoscaling:PutScheduledAction\",\n \"application-autoscaling:RegisterScalableTarget\",\n \"autoscaling:AttachLoadBalancers\",\n \"autoscaling:CreateAutoScalingGroup\",\n \"autoscaling:CreateLaunchConfiguration\",\n \"autoscaling:DeleteAutoScalingGroup\",\n \"autoscaling:DeleteLaunchConfiguration\",\n \"autoscaling:DescribeAutoScalingGroups\",\n \"autoscaling:DescribeLaunchConfigurations\",\n \"autoscaling:DescribeScalingActivities\",\n \"autoscaling:DetachLoadBalancers\",\n \"autoscaling:UpdateAutoScalingGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor7\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"budgets:ModifyBudget\",\n \"budgets:ViewBudget\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor8\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cloudtrail:AddTags\",\n \"cloudtrail:CreateTrail\",\n \"cloudtrail:DeleteTrail\",\n \"cloudtrail:DescribeTrails\",\n \"cloudtrail:GetEventSelectors\",\n \"cloudtrail:GetTrailStatus\",\n \"cloudtrail:ListTags\",\n \"cloudtrail:PutEventSelectors\",\n \"cloudtrail:RemoveTags\",\n \"cloudtrail:StartLogging\",\n \"cloudtrail:UpdateTrail\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor9\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cloudwatch:DeleteAlarms\",\n \"cloudwatch:DescribeAlarms\",\n \"cloudwatch:ListTagsForResource\",\n \"cloudwatch:PutMetricAlarm\",\n \"cloudwatch:TagResource\",\n \"cloudwatch:UnTagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor10\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codeartifact:CreateDomain\",\n \"codeartifact:CreateRepository\",\n \"codeartifact:DeleteDomain\",\n \"codeartifact:DeleteDomainPermissionsPolicy\",\n \"codeartifact:DeleteRepository\",\n \"codeartifact:DeleteRepositoryPermissionsPolicy\",\n \"codeartifact:DescribeDomain\",\n \"codeartifact:DescribeRepository\",\n \"codeartifact:GetDomainPermissionsPolicy\",\n \"codeartifact:GetRepositoryPermissionsPolicy\",\n \"codeartifact:ListTagsForResource\",\n \"codeartifact:PutDomainPermissionsPolicy\",\n \"codeartifact:PutRepositoryPermissionsPolicy\",\n \"codeartifact:TagResource\",\n \"codeartifact:UntagResource\",\n \"codeartifact:UpdateRepository\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor11\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetProjects\",\n \"codebuild:CreateProject\",\n \"codebuild:DeleteProject\",\n \"codebuild:UpdateProject\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor12\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codecommit:CreateRepository\",\n \"codecommit:DeleteRepository\",\n \"codecommit:GetRepository\",\n \"codecommit:ListBranches\",\n \"codecommit:ListTagsForResource\",\n \"codecommit:TagResource\",\n \"codecommit:UntagResource\",\n \"codecommit:UpdateRepositoryDescription\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor13\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codepipeline:CreatePipeline\",\n \"codepipeline:DeletePipeline\",\n \"codepipeline:GetPipeline\",\n \"codepipeline:ListTagsForResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor14\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"cognito-idp:AddCustomAttributes\",\n \"cognito-idp:AdminAddUserToGroup\",\n \"cognito-idp:AdminCreateUser\",\n \"cognito-idp:AdminDeleteUser\",\n \"cognito-idp:AdminGetUser\",\n \"cognito-idp:AdminListGroupsForUser\",\n \"cognito-idp:AdminRemoveUserFromGroup\",\n \"cognito-idp:CreateGroup\",\n \"cognito-idp:CreateIdentityProvider\",\n \"cognito-idp:CreateResourceServer\",\n \"cognito-idp:CreateUserPool\",\n \"cognito-idp:CreateUserPoolClient\",\n \"cognito-idp:CreateUserPoolDomain\",\n \"cognito-idp:DeleteGroup\",\n \"cognito-idp:DeleteIdentityProvider\",\n \"cognito-idp:DeleteResourceServer\",\n \"cognito-idp:DeleteUserPool\",\n \"cognito-idp:DeleteUserPoolClient\",\n \"cognito-idp:DeleteUserPoolDomain\",\n \"cognito-idp:DescribeIdentityProvider\",\n \"cognito-idp:DescribeResourceServer\",\n \"cognito-idp:DescribeUserPool\",\n \"cognito-idp:DescribeUserPoolClient\",\n \"cognito-idp:DescribeUserPoolDomain\",\n \"cognito-idp:GetGroup\",\n \"cognito-idp:GetSigningCertificate\",\n \"cognito-idp:GetUICustomization\",\n \"cognito-idp:GetUserPoolMfaConfig\",\n \"cognito-idp:ListUserPoolClients\",\n \"cognito-idp:ListUserPools\",\n \"cognito-idp:SetUICustomization\",\n \"cognito-idp:SetUserPoolMfaConfig\",\n \"cognito-idp:TagResource\",\n \"cognito-idp:UntagResource\",\n \"cognito-idp:UpdateGroup\",\n \"cognito-idp:UpdateIdentityProvider\",\n \"cognito-idp:UpdateResourceServer\",\n \"cognito-idp:UpdateUserPool\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor15\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"dax:CreateParameterGroup\",\n \"dax:CreateSubnetGroup\",\n \"dax:DeleteParameterGroup\",\n \"dax:DeleteSubnetGroup\",\n \"dax:DescribeParameterGroups\",\n \"dax:DescribeParameters\",\n \"dax:DescribeSubnetGroups\",\n \"dax:UpdateParameterGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor16\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ds:AddTagsToResource\",\n \"ds:CreateDirectory\",\n \"ds:CreateLogSubscription\",\n \"ds:DeleteDirectory\",\n \"ds:DeleteLogSubscription\",\n \"ds:ListTagsForResource\",\n \"ds:RemoveTagsFromResource\",\n \"rds:AddRoleToDBCluster\",\n \"rds:AddTagsToResource\",\n \"rds:CreateDBCluster\",\n \"rds:CreateDBClusterEndpoint\",\n \"rds:CreateDBClusterParameterGroup\",\n \"rds:CreateDBClusterSnapshot\",\n \"rds:CreateDBInstance\",\n \"rds:CreateDBParameterGroup\",\n \"rds:CreateDBSubnetGroup\",\n \"rds:CreateGlobalCluster\",\n \"rds:CreateOptionGroup\",\n \"rds:DeleteDBCluster\",\n \"rds:DeleteDBClusterEndpoint\",\n \"rds:DeleteDBClusterParameterGroup\",\n \"rds:DeleteDBClusterSnapshot\",\n \"rds:DeleteDBParameterGroup\",\n \"rds:DeleteDBSubnetGroup\",\n \"rds:DeleteGlobalCluster\",\n \"rds:DeleteOptionGroup\",\n \"rds:DescribeCertificates\",\n \"rds:DescribeDBClusterParameterGroups\",\n \"rds:DescribeDBClusterParameters\",\n \"rds:DescribeDBClusterSnapshots\",\n \"rds:DescribeDBClusters\",\n \"rds:DescribeDBEngineVersions\",\n \"rds:DescribeDBInstances\",\n \"rds:DescribeDBParameterGroups\",\n \"rds:DescribeDBParameters\",\n \"rds:DescribeDBSnapshots\",\n \"rds:DescribeDBSubnetGroups\",\n \"rds:DescribeEventCategories\",\n \"rds:DescribeGlobalClusters\",\n \"rds:DescribeOptionGroups\",\n \"rds:DescribeOrderableDBInstanceOptions\",\n \"rds:ListTagsForResource\",\n \"rds:ModifyDBCluster\",\n \"rds:ModifyDBClusterEndpoint\",\n \"rds:ModifyDBClusterParameterGroup\",\n \"rds:ModifyDBInstance\",\n \"rds:ModifyDBParameterGroup\",\n \"rds:ModifyGlobalCluster\",\n \"rds:ModifyOptionGroup\",\n \"rds:RemoveRoleFromDBCluster\",\n \"rds:RemoveTagsFromResource\",\n \"rds:StartActivityStream\",\n \"rds:StopActivityStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor17\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:GetItem\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:Scan\",\n \"dynamodb:TagResource\",\n \"dynamodb:UntagResource\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor18\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:AllocateAddress\",\n \"ec2:AssociateAddress\",\n \"ec2:AssociateRouteTable\",\n \"ec2:AttachInternetGateway\",\n \"ec2:AttachVolume\",\n \"ec2:AttachVpnGateway\",\n \"ec2:AuthorizeSecurityGroupEgress\",\n \"ec2:AuthorizeSecurityGroupIngress\",\n \"ec2:CancelCapacityReservation\",\n \"ec2:CancelSpotInstanceRequests\",\n \"ec2:CreateCapacityReservation\",\n \"ec2:CreateDefaultVpc\",\n \"ec2:CreateFlowLogs\",\n \"ec2:CreateInternetGateway\",\n \"ec2:CreateKeyPair\",\n \"ec2:CreateLaunchTemplate\",\n \"ec2:CreateLaunchTemplateVersion\",\n \"ec2:CreateNatGateway\",\n \"ec2:CreateNetworkAcl\",\n \"ec2:CreateNetworkAclEntry\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:CreatePlacementGroup\",\n \"ec2:CreateRoute\",\n \"ec2:CreateRouteTable\",\n \"ec2:CreateSecurityGroup\",\n \"ec2:CreateSubnet\",\n \"ec2:CreateTags\",\n \"ec2:CreateVPC\",\n \"ec2:CreateVolume\",\n \"ec2:CreateVpcEndpoint\",\n \"ec2:CreateVpnGateway\",\n \"ec2:DeleteFlowLogs\",\n \"ec2:DeleteInternetGateway\",\n \"ec2:DeleteKeyPair\",\n \"ec2:DeleteLaunchTemplate\",\n \"ec2:DeleteNatGateway\",\n \"ec2:DeleteNetworkAcl\",\n \"ec2:DeleteNetworkAclEntry\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DeleteNetworkInterfacePermission\",\n \"ec2:DeletePlacementGroup\",\n \"ec2:DeleteRoute\",\n \"ec2:DeleteRouteTable\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:DeleteSubnet\",\n \"ec2:DeleteTags\",\n \"ec2:DeleteVPC\",\n \"ec2:DeleteVolume\",\n \"ec2:DeleteVpcEndpoints\",\n \"ec2:DeleteVpnGateway\",\n \"ec2:DescribeAccountAttributes\",\n \"ec2:DescribeAddresses\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeCapacityReservations\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeFlowLogs\",\n \"ec2:DescribeImages\",\n \"ec2:DescribeInstanceAttribute\",\n \"ec2:DescribeInstanceCreditSpecifications\",\n \"ec2:DescribeInstanceTypes\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeKeyPairs\",\n \"ec2:DescribeLaunchTemplateVersions\",\n \"ec2:DescribeLaunchTemplates\",\n \"ec2:DescribeNatGateways\",\n \"ec2:DescribeNetworkAcls\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribePlacementGroups\",\n \"ec2:DescribePrefixLists\",\n \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeSpotInstanceRequests\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeTags\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVpcEndpointServices\",\n \"ec2:DescribeVpcEndpoints\",\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpnGateways\",\n \"ec2:DetachInternetGateway\",\n \"ec2:DetachNetworkInterface\",\n \"ec2:DetachVolume\",\n \"ec2:DetachVpnGateway\",\n \"ec2:DisassociateAddress\",\n \"ec2:DisassociateRouteTable\",\n \"ec2:GetEbsDefaultKmsKeyId\",\n \"ec2:ImportKeyPair\",\n \"ec2:ModifyCapacityReservation\",\n \"ec2:ModifyInstanceAttribute\",\n \"ec2:ModifyVolume\",\n \"ec2:ModifyVpcEndpoint\",\n \"ec2:MonitorInstances\",\n \"ec2:ReleaseAddress\",\n \"ec2:RequestSpotInstances\",\n \"ec2:RevokeSecurityGroupEgress\",\n \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:RunInstances\",\n \"ec2:StartInstances\",\n \"ec2:StopInstances\",\n \"ec2:TerminateInstances\",\n \"ec2:UnmonitorInstances\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor19\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecr:CreatePullThroughCacheRule\",\n \"ecr:CreateRepository\",\n \"ecr:DeleteLifecyclePolicy\",\n \"ecr:DeletePullThroughCacheRule\",\n \"ecr:DeleteRepository\",\n \"ecr:DescribePullThroughCacheRules\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetAuthorizationToken\",\n \"ecr:GetLifecyclePolicy\",\n \"ecr:ListTagsForResource\",\n \"ecr:PutImageScanningConfiguration\",\n \"ecr:PutLifecyclePolicy\",\n \"ecr:TagResource\",\n \"ecr:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor20\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecs:CreateCluster\",\n \"ecs:CreateService\",\n \"ecs:DeleteCluster\",\n \"ecs:DeleteService\",\n \"ecs:DeregisterTaskDefinition\",\n \"ecs:DescribeClusters\",\n \"ecs:DescribeServices\",\n \"ecs:DescribeTaskDefinition\",\n \"ecs:UpdateCluster\",\n \"ecs:RegisterTaskDefinition\",\n \"ecs:TagResource\",\n \"ecs:UntagResource\",\n \"ecs:UpdateService\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor21\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"eks:DescribeCluster\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor22\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticache:AddTagsToResource\",\n \"elasticache:CreateCacheParameterGroup\",\n \"elasticache:CreateCacheSubnetGroup\",\n \"elasticache:DeleteCacheParameterGroup\",\n \"elasticache:DeleteCacheSubnetGroup\",\n \"elasticache:DescribeCacheParameterGroups\",\n \"elasticache:DescribeCacheParameters\",\n \"elasticache:DescribeCacheSubnetGroups\",\n \"elasticache:ListTagsForResource\",\n \"elasticache:ModifyCacheParameterGroup\",\n \"elasticache:ModifyCacheSubnetGroup\",\n \"elasticache:RemoveTagsFromResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor23\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticbeanstalk:AddTags\",\n \"elasticbeanstalk:CreateApplication\",\n \"elasticbeanstalk:DeleteApplication\",\n \"elasticbeanstalk:DescribeApplications\",\n \"elasticbeanstalk:ListAvailableSolutionStacks\",\n \"elasticbeanstalk:ListTagsForResource\",\n \"elasticbeanstalk:RemoveTags\",\n \"elasticbeanstalk:UpdateApplicationResourceLifecycle\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor24\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticfilesystem:CreateAccessPoint\",\n \"elasticfilesystem:CreateFileSystem\",\n \"elasticfilesystem:CreateReplicationConfiguration\",\n \"elasticfilesystem:DeleteAccessPoint\",\n \"elasticfilesystem:DeleteFileSystem\",\n \"elasticfilesystem:DeleteFileSystemPolicy\",\n \"elasticfilesystem:DeleteReplicationConfiguration\",\n \"elasticfilesystem:DescribeAccessPoints\",\n \"elasticfilesystem:DescribeBackupPolicy\",\n \"elasticfilesystem:DescribeFileSystemPolicy\",\n \"elasticfilesystem:DescribeFileSystems\",\n \"elasticfilesystem:DescribeLifecycleConfiguration\",\n \"elasticfilesystem:DescribeMountTargetSecurityGroups\",\n \"elasticfilesystem:DescribeMountTargets\",\n \"elasticfilesystem:DescribeReplicationConfigurations\",\n \"elasticfilesystem:PutBackupPolicy\",\n \"elasticfilesystem:PutFileSystemPolicy\",\n \"elasticfilesystem:TagResource\",\n \"elasticfilesystem:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor25\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"elasticloadbalancing:AddTags\",\n \"elasticloadbalancing:AttachLoadBalancerToSubnets\",\n \"elasticloadbalancing:CreateListener\",\n \"elasticloadbalancing:CreateLoadBalancer\",\n \"elasticloadbalancing:CreateLoadBalancerListeners\",\n \"elasticloadbalancing:CreateTargetGroup\",\n \"elasticloadbalancing:DeleteListener\",\n \"elasticloadbalancing:DeleteLoadBalancer\",\n \"elasticloadbalancing:DeleteTargetGroup\",\n \"elasticloadbalancing:DeregisterTargets\",\n \"elasticloadbalancing:DescribeListeners\",\n \"elasticloadbalancing:DescribeLoadBalancerAttributes\",\n \"elasticloadbalancing:DescribeLoadBalancers\",\n \"elasticloadbalancing:DescribeTags\",\n \"elasticloadbalancing:DescribeTargetGroupAttributes\",\n \"elasticloadbalancing:DescribeTargetGroups\",\n \"elasticloadbalancing:DescribeTargetHealth\",\n \"elasticloadbalancing:ModifyListener\",\n \"elasticloadbalancing:ModifyLoadBalancerAttributes\",\n \"elasticloadbalancing:ModifyTargetGroupAttributes\",\n \"elasticloadbalancing:RegisterTargets\",\n \"elasticloadbalancing:RemoveTags\",\n \"elasticloadbalancing:SetSecurityGroups\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor26\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"events:DeleteRule\",\n \"events:DescribeRule\",\n \"events:ListTagsForResource\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\",\n \"events:TagResource\",\n \"events:UnTagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor27\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"firehose:CreateDeliveryStream\",\n \"firehose:DeleteDeliveryStream\",\n \"firehose:DescribeDeliveryStream\",\n \"firehose:ListTagsForDeliveryStream\",\n \"firehose:TagDeliveryStream\",\n \"firehose:UntagDeliveryStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor28\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"glue:CreateClassifier\",\n \"glue:CreateConnection\",\n \"glue:CreateCrawler\",\n \"glue:CreateDatabase\",\n \"glue:CreateJob\",\n \"glue:CreateMLTransform\",\n \"glue:CreateRegistry\",\n \"glue:CreateSchema\",\n \"glue:CreateScript\",\n \"glue:CreateSecurityConfiguration\",\n \"glue:CreateTable\",\n \"glue:CreateTrigger\",\n \"glue:CreateUserDefinedFunction\",\n \"glue:CreateWorkflow\",\n \"glue:DeleteClassifier\",\n \"glue:DeleteConnection\",\n \"glue:DeleteCrawler\",\n \"glue:DeleteDatabase\",\n \"glue:DeleteJob\",\n \"glue:DeleteMLTransform\",\n \"glue:DeleteRegistry\",\n \"glue:DeleteResourcePolicy\",\n \"glue:DeleteSchema\",\n \"glue:DeleteSecurityConfiguration\",\n \"glue:DeleteTable\",\n \"glue:DeleteTrigger\",\n \"glue:DeleteUserDefinedFunction\",\n \"glue:DeleteWorkflow\",\n \"glue:GetClassifier\",\n \"glue:GetConnection\",\n \"glue:GetCrawler\",\n \"glue:GetDataCatalogEncryptionSettings\",\n \"glue:GetDatabase\",\n \"glue:GetJob\",\n \"glue:GetMLTransform\",\n \"glue:GetRegistry\",\n \"glue:GetResourcePolicy\",\n \"glue:GetSchema\",\n \"glue:GetSchemaVersion\",\n \"glue:GetSecurityConfiguration\",\n \"glue:GetTable\",\n \"glue:GetTags\",\n \"glue:GetTrigger\",\n \"glue:GetUserDefinedFunction\",\n \"glue:GetWorkflow\",\n \"glue:PutDataCatalogEncryptionSettings\",\n \"glue:PutResourcePolicy\",\n \"glue:TagResource\",\n \"glue:UntagResource\",\n \"glue:UpdateClassifier\",\n \"glue:UpdateConnection\",\n \"glue:UpdateCrawler\",\n \"glue:UpdateDatabase\",\n \"glue:UpdateJob\",\n \"glue:UpdateMLTransform\",\n \"glue:UpdateRegistry\",\n \"glue:UpdateSchema\",\n \"glue:UpdateTable\",\n \"glue:UpdateTrigger\",\n \"glue:UpdateUserDefinedFunction\",\n \"glue:UpdateWorkflow\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor29\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:AddRoleToInstanceProfile\",\n \"iam:AddUserToGroup\",\n \"iam:AttachGroupPolicy\",\n \"iam:AttachRolePolicy\",\n \"iam:AttachUserPolicy\",\n \"iam:CreateAccessKey\",\n \"iam:CreateGroup\",\n \"iam:CreateInstanceProfile\",\n \"iam:CreateLoginProfile\",\n \"iam:CreatePolicy\",\n \"iam:CreateRole\",\n \"iam:CreateServiceLinkedRole\",\n \"iam:CreateUser\",\n \"iam:DeleteAccessKey\",\n \"iam:DeleteGroup\",\n \"iam:DeleteGroupPolicy\",\n \"iam:DeleteInstanceProfile\",\n \"iam:DeleteLoginProfile\",\n \"iam:DeletePolicy\",\n \"iam:DeleteRole\",\n \"iam:DeleteRolePolicy\",\n \"iam:DeleteServiceLinkedRole\",\n \"iam:DeleteUser\",\n \"iam:DeleteUserPolicy\",\n \"iam:DetachGroupPolicy\",\n \"iam:DetachRolePolicy\",\n \"iam:DetachUserPolicy\",\n \"iam:GetGroup\",\n \"iam:GetGroupPolicy\",\n \"iam:GetInstanceProfile\",\n \"iam:GetLoginProfile\",\n \"iam:GetPolicy\",\n \"iam:GetPolicyVersion\",\n \"iam:GetRole\",\n \"iam:GetRolePolicy\",\n \"iam:GetServiceLinkedRoleDeletionStatus\",\n \"iam:GetUser\",\n \"iam:GetUserPolicy\",\n \"iam:ListAccessKeys\",\n \"iam:ListAttachedGroupPolicies\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListAttachedUserPolicies\",\n \"iam:ListEntitiesForPolicy\",\n \"iam:ListGroupsForUser\",\n \"iam:ListInstanceProfilesForRole\",\n \"iam:ListPolicies\",\n \"iam:ListPolicyVersions\",\n \"iam:ListRolePolicies\",\n \"iam:PassRole\",\n \"iam:PutGroupPolicy\",\n \"iam:PutRolePolicy\",\n \"iam:PutUserPolicy\",\n \"iam:RemoveRoleFromInstanceProfile\",\n \"iam:RemoveUserFromGroup\",\n \"iam:TagPolicy\",\n \"iam:TagRole\",\n \"iam:TagUser\",\n \"iam:UnTagRole\",\n \"iam:UnTagUser\",\n \"iam:UntagPolicy\",\n \"iam:UpdateAccessKey\",\n \"iam:UpdateRoleDescription\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor30\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"inspector:CreateAssessmentTarget\",\n \"inspector:CreateAssessmentTemplate\",\n \"inspector:CreateResourceGroup\",\n \"inspector:DeleteAssessmentTarget\",\n \"inspector:DeleteAssessmentTemplate\",\n \"inspector:DescribeAssessmentTargets\",\n \"inspector:DescribeAssessmentTemplates\",\n \"inspector:DescribeResourceGroups\",\n \"inspector:ListEventSubscriptions\",\n \"inspector:ListRulesPackages\",\n \"inspector:ListTagsForResource\",\n \"inspector:SetTagsForResource\",\n \"inspector:SubscribeToEvent\",\n \"inspector:UnsubscribeFromEvent\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor31\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kinesis:AddTagsToStream\",\n \"kinesis:CreateStream\",\n \"kinesis:DeleteStream\",\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:EnableEnhancedMonitoring\",\n \"kinesis:IncreaseStreamRetentionPeriod\",\n \"kinesis:ListTagsForStream\",\n \"kinesis:RemoveTagsFromStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor32\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kinesisvideo:CreateStream\",\n \"kinesisvideo:DeleteStream\",\n \"kinesisvideo:DescribeStream\",\n \"kinesisvideo:ListTagsForStream\",\n \"kinesisvideo:TagStream\",\n \"kinesisvideo:UntagStream\",\n \"kinesisvideo:UpdateStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor33\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:CreateAlias\",\n \"kms:CreateGrant\",\n \"kms:CreateKey\",\n \"kms:Decrypt\",\n \"kms:DeleteAlias\",\n \"kms:DescribeKey\",\n \"kms:DisableKey\",\n \"kms:EnableKey\",\n \"kms:EnableKeyRotation\",\n \"kms:Encrypt\",\n \"kms:GenerateDataKey*\",\n \"kms:GetKeyPolicy\",\n \"kms:GetKeyRotationStatus\",\n \"kms:ListAliases\",\n \"kms:ListResourceTags\",\n \"kms:PutKeyPolicy\",\n \"kms:ReEncrypt*\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:TagResource\",\n \"kms:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor34\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"lambda:AddPermission\",\n \"lambda:CreateAlias\",\n \"lambda:CreateFunction\",\n \"lambda:DeleteAlias\",\n \"lambda:DeleteFunction\",\n \"lambda:GetAlias\",\n \"lambda:GetFunction\",\n \"lambda:GetFunctionCodeSigningConfig\",\n \"lambda:GetPolicy\",\n \"lambda:ListVersionsByFunction\",\n \"lambda:RemovePermission\",\n \"lambda:TagResource\",\n \"lambda:UntagResource\",\n \"lambda:UpdateAlias\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor35\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:DeleteLogGroup\",\n \"logs:DeleteMetricFilter\",\n \"logs:DeleteResourcePolicy\",\n \"logs:DeleteRetentionPolicy\",\n \"logs:DeleteSubscriptionFilter\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeMetricFilters\",\n \"logs:DescribeResourcePolicies\",\n \"logs:DescribeSubscriptionFilters\",\n \"logs:ListTagsLogGroup\",\n \"logs:PutMetricFilter\",\n \"logs:PutResourcePolicy\",\n \"logs:PutRetentionPolicy\",\n \"logs:PutSubscriptionFilter\",\n \"logs:TagLogGroup\",\n \"logs:UntagLogGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor36\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"memorydb:CreateSubnetGroup\",\n \"memorydb:DeleteSubnetGroup\",\n \"memorydb:DescribeSubnetGroups\",\n \"memorydb:ListTags\",\n \"memorydb:TagResource\",\n \"memorydb:UntagResource\",\n \"memorydb:UpdateSubnetGroup\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor37\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"mq:CreateBroker\",\n \"mq:CreateConfiguration\",\n \"mq:CreateTags\",\n \"mq:CreateUser\",\n \"mq:DeleteBroker\",\n \"mq:DeleteTags\",\n \"mq:DeleteUser\",\n \"mq:DescribeBroker\",\n \"mq:DescribeConfiguration\",\n \"mq:DescribeConfigurationRevision\",\n \"mq:DescribeUser\",\n \"mq:RebootBroker\",\n \"mq:UpdateBroker\",\n \"mq:UpdateConfiguration\",\n \"mq:UpdateUser\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor38\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"organizations:DescribeOrganization\",\n \"organizations:ListAWSServiceAccessForOrganization\",\n \"organizations:ListAccounts\",\n \"organizations:ListRoots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor39\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"outposts:ListOutposts\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor40\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"rds:AddRoleToDBCluster\",\n \"rds:AddTagsToResource\",\n \"rds:CreateDBCluster\",\n \"rds:CreateDBClusterEndpoint\",\n \"rds:CreateDBClusterParameterGroup\",\n \"rds:CreateDBClusterSnapshot\",\n \"rds:CreateDBInstance\",\n \"rds:CreateDBParameterGroup\",\n \"rds:CreateDBSubnetGroup\",\n \"rds:CreateGlobalCluster\",\n \"rds:CreateOptionGroup\",\n \"rds:DeleteDBCluster\",\n \"rds:DeleteDBClusterEndpoint\",\n \"rds:DeleteDBClusterParameterGroup\",\n \"rds:DeleteDBClusterSnapshot\",\n \"rds:DeleteDBParameterGroup\",\n \"rds:DeleteDBSubnetGroup\",\n \"rds:DeleteGlobalCluster\",\n \"rds:DeleteOptionGroup\",\n \"rds:DescribeCertificates\",\n \"rds:DescribeDBClusterParameterGroups\",\n \"rds:DescribeDBClusterParameters\",\n \"rds:DescribeDBClusterSnapshots\",\n \"rds:DescribeDBClusters\",\n \"rds:DescribeDBEngineVersions\",\n \"rds:DescribeDBInstances\",\n \"rds:DescribeDBParameterGroups\",\n \"rds:DescribeDBParameters\",\n \"rds:DescribeDBSnapshots\",\n \"rds:DescribeDBSubnetGroups\",\n \"rds:DescribeEventCategories\",\n \"rds:DescribeGlobalClusters\",\n \"rds:DescribeOptionGroups\",\n \"rds:DescribeOrderableDBInstanceOptions\",\n \"rds:ListTagsForResource\",\n \"rds:ModifyDBCluster\",\n \"rds:ModifyDBClusterEndpoint\",\n \"rds:ModifyDBClusterParameterGroup\",\n \"rds:ModifyDBInstance\",\n \"rds:ModifyDBParameterGroup\",\n \"rds:ModifyGlobalCluster\",\n \"rds:ModifyOptionGroup\",\n \"rds:RemoveRoleFromDBCluster\",\n \"rds:RemoveTagsFromResource\",\n \"rds:StartActivityStream\",\n \"rds:StopActivityStream\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor41\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"redshift:CreateAuthenticationProfile\",\n \"redshift:CreateCluster\",\n \"redshift:CreateClusterParameterGroup\",\n \"redshift:CreateClusterSubnetGroup\",\n \"redshift:CreateEventSubscription\",\n \"redshift:CreateHsmClientCertificate\",\n \"redshift:CreateHsmConfiguration\",\n \"redshift:CreateScheduledAction\",\n \"redshift:CreateSnapshotCopyGrant\",\n \"redshift:CreateSnapshotSchedule\",\n \"redshift:CreateTags\",\n \"redshift:CreateUsageLimit\",\n \"redshift:DeleteAuthenticationProfile\",\n \"redshift:DeleteCluster\",\n \"redshift:DeleteClusterParameterGroup\",\n \"redshift:DeleteClusterSubnetGroup\",\n \"redshift:DeleteEventSubscription\",\n \"redshift:DeleteHsmClientCertificate\",\n \"redshift:DeleteHsmConfiguration\",\n \"redshift:DeleteScheduledAction\",\n \"redshift:DeleteSnapshotCopyGrant\",\n \"redshift:DeleteSnapshotSchedule\",\n \"redshift:DeleteTags\",\n \"redshift:DeleteUsageLimit\",\n \"redshift:DescribeAuthenticationProfiles\",\n \"redshift:DescribeClusterParameterGroups\",\n \"redshift:DescribeClusterParameters\",\n \"redshift:DescribeClusterSubnetGroups\",\n \"redshift:DescribeClusters\",\n \"redshift:DescribeEventSubscriptions\",\n \"redshift:DescribeHsmClientCertificates\",\n \"redshift:DescribeHsmConfigurations\",\n \"redshift:DescribeLoggingStatus\",\n \"redshift:DescribeOrderableClusterOptions\",\n \"redshift:DescribeScheduledActions\",\n \"redshift:DescribeSnapshotCopyGrants\",\n \"redshift:DescribeSnapshotSchedules\",\n \"redshift:DescribeUsageLimits\",\n \"redshift:DisableLogging\",\n \"redshift:EnableLogging\",\n \"redshift:GetClusterCredentials\",\n \"redshift:ModifyAuthenticationProfile\",\n \"redshift:ModifyCluster\",\n \"redshift:ModifyClusterIamRoles\",\n \"redshift:ModifyClusterParameterGroup\",\n \"redshift:ModifyClusterSnapshotSchedule\",\n \"redshift:ModifyClusterSubnetGroup\",\n \"redshift:ModifyEventSubscription\",\n \"redshift:ModifyScheduledAction\",\n \"redshift:ModifySnapshotSchedule\",\n \"redshift:ModifyUsageLimit\",\n \"redshift:PauseCluster\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor42\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"route53:AssociateVPCWithHostedZone\",\n \"route53:ChangeResourceRecordSets\",\n \"route53:ChangeTagsForResource\",\n \"route53:CreateHostedZone\",\n \"route53:DeleteHostedZone\",\n \"route53:GetChange\",\n \"route53:GetHostedZone\",\n \"route53:ListHostedZones\",\n \"route53:ListResourceRecordSets\",\n \"route53:ListTagsForResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor43\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:CreateBucket\",\n \"s3:DeleteBucket\",\n \"s3:DeleteObject\",\n \"s3:GetAccelerateConfiguration\",\n \"s3:GetBucketAcl\",\n \"s3:GetBucketCORS\",\n \"s3:GetBucketLocation\",\n \"s3:GetBucketLogging\",\n \"s3:GetBucketObjectLockConfiguration\",\n \"s3:GetBucketPolicy\",\n \"s3:GetBucketPublicAccessBlock\",\n \"s3:GetBucketRequestPayment\",\n \"s3:GetBucketTagging\",\n \"s3:GetBucketVersioning\",\n \"s3:GetBucketWebsite\",\n \"s3:GetEncryptionConfiguration\",\n \"s3:GetLifecycleConfiguration\",\n \"s3:GetObject\",\n \"s3:GetObjectAcl\",\n \"s3:GetObjectTagging\",\n \"s3:GetReplicationConfiguration\",\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:PutBucketAcl\",\n \"s3:PutBucketLogging\",\n \"s3:PutBucketObjectLockConfiguration\",\n \"s3:PutBucketPolicy\",\n \"s3:PutBucketPublicAccessBlock\",\n \"s3:PutBucketVersioning\",\n \"s3:PutEncryptionConfiguration\",\n \"s3:PutLifecycleConfiguration\",\n \"s3:PutObject\",\n \"s3:PutObjectLegalHold\",\n \"s3:PutObjectRetention\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor44\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"secretsmanager:CreateSecret\",\n \"secretsmanager:DeleteSecret\",\n \"secretsmanager:DescribeSecret\",\n \"secretsmanager:GetResourcePolicy\",\n \"secretsmanager:GetSecretValue\",\n \"secretsmanager:PutSecretValue\",\n \"secretsmanager:TagResource\",\n \"secretsmanager:UntagResource\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor45\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"servicecatalog:CreatePortfolio\",\n \"servicecatalog:DeletePortfolio\",\n \"servicecatalog:DescribePortfolio\",\n \"servicecatalog:TagResource\",\n \"servicecatalog:UpdatePortfolio\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor46\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sqs:GetQueueAttributes\",\n \"sqs:ListQueueTags\",\n \"sqs:SetQueueAttributes\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor47\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ssm:AddTagsToResource\",\n \"ssm:CreateDocument\",\n \"ssm:CreateMaintenanceWindow\",\n \"ssm:CreatePatchBaseline\",\n \"ssm:DeleteDocument\",\n \"ssm:DeleteMaintenanceWindow\",\n \"ssm:DeleteParameter\",\n \"ssm:DeletePatchBaseline\",\n \"ssm:DeregisterPatchBaselineForPatchGroup\",\n \"ssm:DeregisterTargetFromMaintenanceWindow\",\n \"ssm:DeregisterTaskFromMaintenanceWindow\",\n \"ssm:DescribeDocument\",\n \"ssm:DescribeDocumentPermission\",\n \"ssm:DescribeMaintenanceWindowTargets\",\n \"ssm:DescribeMaintenanceWindowTasks\",\n \"ssm:DescribeParameters\",\n \"ssm:DescribePatchGroups\",\n \"ssm:GetDocument\",\n \"ssm:GetMaintenanceWindow\",\n \"ssm:GetParameter\",\n \"ssm:GetParameters\",\n \"ssm:GetPatchBaseline\",\n \"ssm:ListTagsForResource\",\n \"ssm:PutParameter\",\n \"ssm:RegisterPatchBaselineForPatchGroup\",\n \"ssm:RegisterTargetWithMaintenanceWindow\",\n \"ssm:RegisterTaskWithMaintenanceWindow\",\n \"ssm:RemoveTagsFromResource\",\n \"ssm:UpdateDocument\",\n \"ssm:UpdateMaintenanceWindow\",\n \"ssm:UpdatePatchBaseline\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor48\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sso:ListInstances\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor49\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"states:CreateActivity\",\n \"states:CreateStateMachine\",\n \"states:DeleteActivity\",\n \"states:DeleteStateMachine\",\n \"states:DescribeActivity\",\n \"states:DescribeStateMachine\",\n \"states:ListTagsForResource\",\n \"states:TagResource\",\n \"states:UntagResource\",\n \"states:UpdateStateMachine\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"VisualEditor50\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"wafv2:CreateIpSet\",\n \"wafv2:CreateRegexPatternSet\",\n \"wafv2:CreateRuleGroup\",\n \"wafv2:CreateWebACL\",\n \"wafv2:DeleteIpSet\",\n \"wafv2:DeleteRegexPatternSet\",\n \"wafv2:DeleteRuleGroup\",\n \"wafv2:DeleteWebACL\",\n \"wafv2:GetIpSet\",\n \"wafv2:GetRegexPatternSet\",\n \"wafv2:GetRuleGroup\",\n \"wafv2:GetWebACL\",\n \"wafv2:ListIPSets\",\n \"wafv2:ListRegexPatternSets\",\n \"wafv2:ListRuleGroups\",\n \"wafv2:ListTagsForResource\",\n \"wafv2:ListWebACLs\",\n \"wafv2:TagResource\",\n \"wafv2:UntagResource\",\n \"wafv2:UpdateIpSet\",\n \"wafv2:UpdateRegexPatternSet\",\n \"wafv2:UpdateRuleGroup\"\n ],\n \"Resource\": \"*\"\n }\n ]\n})\n}\n", }, GCP: "", AZURE: ""} @@ -492,7 +688,8 @@ func TestWriteOutput(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if err := pike.WriteOutput(tt.args.OutPolicy, tt.args.output, tt.args.location); (err != nil) != tt.wantErr { + + if err := WriteOutput(tt.args.OutPolicy, tt.args.output, tt.args.location, ""); (err != nil) != tt.wantErr { t.Errorf("WriteOutput() error = %v, wantErr %v", err, tt.wantErr) } }) @@ -518,17 +715,163 @@ func TestLocateTerraform(t *testing.T) { if tt.os == runtime.GOOS { t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := pike.LocateTerraform() + + got, err := LocateTerraform() + if (err != nil) != tt.wantErr { t.Errorf("LocateTerraform() error = %v, wantErr %v", err, tt.wantErr) return } + if got == "" { t.Errorf("LocateTerraform() = %v, expected %v", got, tt.want) } + log.Info().Msgf("terraform is at %s", got) }) } } } + +func TestInitWithEmptyDir(t *testing.T) { + t.Parallel() + + tempDir, err := os.MkdirTemp("", "empty_tf_test") + if err != nil { + t.Fatal(err) + } + //goland:noinspection GoUnhandledErrorResult + defer os.RemoveAll(tempDir) + + tfPath, modules, err := Init(tempDir) + if err == nil { + t.Error("Expected error for empty directory, got nil") + } + + if tfPath == nil { + t.Error("TFPath was not set") + } + + if modules != nil { + t.Errorf("Expected nil modules for empty directory, got %v", modules) + } +} + +//goland:noinspection GoUnhandledErrorResult +func TestInitWithInvalidTerraformConfig(t *testing.T) { + t.Parallel() + + tempDir, err := os.MkdirTemp("", "invalid_tf_test") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tempDir) + + // Create invalid terraform configuration + invalidConfig := []byte(` + resource "invalid" { + bad config + } + `) + + err = os.WriteFile(filepath.Join(tempDir, "main.tf"), invalidConfig, 0o644) + + if err != nil { + t.Fatal(err) + } + + _, modules, err := Init(tempDir) + if err == nil { + t.Error("Expected error for invalid terraform config, got nil") + } + + if modules != nil { + t.Errorf("Expected nil modules for invalid config, got %v", modules) + } +} + +//goland:noinspection GoUnhandledErrorResult +func TestInitWithModulesJsonOnly(t *testing.T) { + t.Parallel() + + tempDir, err := os.MkdirTemp("", "modulesjson_tf_test") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tempDir) + + // Create .terraform/modules directory with only modules.json + modulesDir := filepath.Join(tempDir, ".terraform", "modules") + err = os.MkdirAll(modulesDir, 0o755) + + if err != nil { + t.Fatal(err) + } + + err = os.WriteFile(filepath.Join(modulesDir, "modules.json"), []byte("{}"), 0o644) + if err != nil { + t.Fatal(err) + } + + _, modules, err := Init(tempDir) + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + + if len(modules) != 0 { + t.Errorf("Expected empty modules slice, got %v", modules) + } +} + +//goland:noinspection GoUnhandledErrorResult +func TestInitWithDSStoreOnly(t *testing.T) { + t.Parallel() + + tempDir, err := os.MkdirTemp("", "dsstore_tf_test") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tempDir) + + // Create .terraform/modules directory with only .DS_Store + modulesDir := filepath.Join(tempDir, ".terraform", "modules") + err = os.MkdirAll(modulesDir, 0o755) + + if err != nil { + t.Fatal(err) + } + + err = os.WriteFile(filepath.Join(modulesDir, ".DS_Store"), []byte{}, 0o644) + + if err != nil { + t.Fatal(err) + } + + _, modules, err := Init(tempDir) + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + + if len(modules) != 0 { + t.Errorf("Expected empty modules slice, got %v", modules) + } +} + +func TestInitWithNonExistentDir(t *testing.T) { + t.Parallel() + + tfPath, modules, err := Init("/path/that/does/not/exist") + + if err == nil { + t.Error("Expected error for non-existent directory, got nil") + } + + if tfPath != nil { + t.Errorf("Expected nil tfPath for non-existent directory, got %v", *tfPath) + } + + if modules != nil { + t.Errorf("Expected nil modules for non-existent directory, got %v", modules) + } +} diff --git a/src/schema/README.md b/src/schema/README.md new file mode 100644 index 00000000..b7c0cb69 --- /dev/null +++ b/src/schema/README.md @@ -0,0 +1,6 @@ +# lookup + +from + +Using us-east-1 as base. + diff --git a/src/schema/aws-accessanalyzer-analyzer.json b/src/schema/aws-accessanalyzer-analyzer.json index 9962d498..45df2177 100644 --- a/src/schema/aws-accessanalyzer-analyzer.json +++ b/src/schema/aws-accessanalyzer-analyzer.json @@ -1,11 +1,36 @@ { "additionalProperties": false, + "conditionalCreateOnlyProperties": [ + "/properties/AnalyzerConfiguration" + ], "createOnlyProperties": [ "/properties/AnalyzerName", - "/properties/Type", - "/properties/AnalyzerConfiguration" + "/properties/Type" ], "definitions": { + "AnalysisRuleCriteria": { + "additionalProperties": false, + "description": "The criteria for an analysis rule for an analyzer.", + "properties": { + "AccountIds": { + "description": "A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "ResourceTags": { + "description": "An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.\n\nFor the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.\n\nFor the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tags" + }, + "type": "array" + } + }, + "type": "object" + }, "ArchiveRule": { "additionalProperties": false, "description": "An Access Analyzer archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.", @@ -76,25 +101,48 @@ "type": "string" }, "Value": { - "description": "The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "description": "The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", "maxLength": 255, - "minLength": 1, + "minLength": 0, "type": "string" } }, "required": [ - "Key", - "Value" + "Key" ], "type": "object" }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + }, "UnusedAccessConfiguration": { "additionalProperties": false, "description": "The Configuration for Unused Access Analyzer", "properties": { + "AnalysisRule": { + "additionalProperties": false, + "description": "Contains information about rules for the analyzer.", + "properties": { + "Exclusions": { + "description": "A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AnalysisRuleCriteria" + }, + "type": "array" + } + }, + "type": "object" + }, "UnusedAccessAge": { - "description": "The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.", - "maximum": 180, + "description": "The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.", + "maximum": 365, "minimum": 1, "type": "integer" } @@ -137,6 +185,7 @@ "access-analyzer:ListAnalyzers", "access-analyzer:TagResource", "access-analyzer:UntagResource", + "access-analyzer:UpdateAnalyzer", "access-analyzer:UpdateArchiveRule" ] } @@ -206,6 +255,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-accessanalyzer.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "access-analyzer:UntagResource", + "access-analyzer:TagResource", + "access-analyzer:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-acmpca-certificateauthority.json b/src/schema/aws-acmpca-certificateauthority.json index b6dd23a2..ae9ebcc1 100644 --- a/src/schema/aws-acmpca-certificateauthority.json +++ b/src/schema/aws-acmpca-certificateauthority.json @@ -54,9 +54,15 @@ "CrlDistributionPointExtensionConfiguration": { "$ref": "#/definitions/CrlDistributionPointExtensionConfiguration" }, + "CrlType": { + "type": "string" + }, "CustomCname": { "type": "string" }, + "CustomPath": { + "type": "string" + }, "Enabled": { "type": "boolean" }, @@ -362,7 +368,8 @@ "permissions": [ "acm-pca:CreateCertificateAuthority", "acm-pca:DescribeCertificateAuthority", - "acm-pca:GetCertificateAuthorityCsr" + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:TagCertificateAuthority" ] }, "delete": { @@ -388,7 +395,6 @@ }, "update": { "permissions": [ - "acm-pca:ListTags", "acm-pca:TagCertificateAuthority", "acm-pca:UntagCertificateAuthority", "acm-pca:UpdateCertificateAuthority" @@ -459,6 +465,10 @@ "sourceUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ACMPCA.html", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "acm-pca:TagCertificateAuthority", + "acm-pca:UntagCertificateAuthority" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -466,10 +476,8 @@ }, "typeName": "AWS::ACMPCA::CertificateAuthority", "writeOnlyProperties": [ - "/properties/Subject", "/properties/Subject", "/properties/CsrExtensions", - "/properties/Tags", "/properties/RevocationConfiguration", "/properties/KeyStorageSecurityStandard" ] diff --git a/src/schema/aws-amazonmq-broker.json b/src/schema/aws-amazonmq-broker.json index 1c0c3349..5af359cd 100644 --- a/src/schema/aws-amazonmq-broker.json +++ b/src/schema/aws-amazonmq-broker.json @@ -155,6 +155,9 @@ "type": "array", "uniqueItems": false }, + "JolokiaApiAccess": { + "type": "string" + }, "Password": { "type": "string" }, diff --git a/src/schema/aws-amazonmq-configuration.json b/src/schema/aws-amazonmq-configuration.json index b6b88b11..624855ef 100644 --- a/src/schema/aws-amazonmq-configuration.json +++ b/src/schema/aws-amazonmq-configuration.json @@ -1,10 +1,10 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/EngineType", - "/properties/Name", "/properties/AuthenticationStrategy", - "/properties/EngineVersion" + "/properties/EngineType", + "/properties/EngineVersion", + "/properties/Name" ], "definitions": { "TagsEntry": { @@ -25,54 +25,115 @@ } }, "description": "Resource Type definition for AWS::AmazonMQ::Configuration", + "handlers": { + "create": { + "permissions": [ + "mq:CreateConfiguration", + "mq:CreateTags", + "mq:UpdateConfiguration" + ] + }, + "delete": { + "permissions": [ + "mq:DeleteConfiguration" + ] + }, + "list": { + "permissions": [ + "mq:ListConfigurations" + ] + }, + "read": { + "permissions": [ + "mq:DescribeConfiguration", + "mq:ListTags" + ] + }, + "update": { + "permissions": [ + "mq:UpdateConfiguration", + "mq:CreateTags", + "mq:DeleteTags" + ] + } + }, "primaryIdentifier": [ "/properties/Id" ], "properties": { "Arn": { + "description": "The Amazon Resource Name (ARN) of the Amazon MQ configuration.", "type": "string" }, "AuthenticationStrategy": { + "description": "The authentication strategy associated with the configuration. The default is SIMPLE.", "type": "string" }, "Data": { + "description": "The base64-encoded XML configuration.", "type": "string" }, "Description": { + "description": "The description of the configuration.", "type": "string" }, "EngineType": { + "description": "The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations.", "type": "string" }, "EngineVersion": { + "description": "The version of the broker engine.", "type": "string" }, "Id": { + "description": "The ID of the Amazon MQ configuration.", "type": "string" }, "Name": { + "description": "The name of the configuration.", "type": "string" }, "Revision": { - "type": "integer" + "description": "The revision number of the configuration.", + "type": "string" }, "Tags": { + "description": "Create tags when creating the configuration.", + "insertionOrder": false, "items": { "$ref": "#/definitions/TagsEntry" }, - "type": "array", - "uniqueItems": false + "type": "array" } }, + "propertyTransform": { + "/properties/AuthenticationStrategy": "$uppercase(AuthenticationStrategy)", + "/properties/EngineType": "$uppercase(EngineType)" + }, "readOnlyProperties": [ - "/properties/Revision", + "/properties/Arn", "/properties/Id", - "/properties/Arn" + "/properties/Revision" ], "required": [ "EngineType", - "Data", "Name" ], - "typeName": "AWS::AmazonMQ::Configuration" + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "mq:ListTags", + "mq:CreateTags", + "mq:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::AmazonMQ::Configuration", + "writeOnlyProperties": [ + "/properties/Data" + ] } diff --git a/src/schema/aws-amplify-app.json b/src/schema/aws-amplify-app.json index 12cd3e0f..0d59ae5e 100644 --- a/src/schema/aws-amplify-app.json +++ b/src/schema/aws-amplify-app.json @@ -82,6 +82,19 @@ }, "type": "object" }, + "CacheConfig": { + "additionalProperties": false, + "properties": { + "Type": { + "enum": [ + "AMPLIFY_MANAGED", + "AMPLIFY_MANAGED_NO_COOKIES" + ], + "type": "string" + } + }, + "type": "object" + }, "CustomRule": { "additionalProperties": false, "properties": { @@ -257,6 +270,15 @@ "pattern": "(?s).+", "type": "string" }, + "CacheConfig": { + "$ref": "#/definitions/CacheConfig" + }, + "ComputeRoleArn": { + "maxLength": 1000, + "minLength": 0, + "pattern": "(?s).*", + "type": "string" + }, "CustomHeaders": { "maxLength": 25000, "minLength": 0, @@ -336,6 +358,19 @@ "required": [ "Name" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplify", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "amplify:TagResource", + "amplify:ListTagsForResource", + "amplify:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Amplify::App", "writeOnlyProperties": [ "/properties/AccessToken", diff --git a/src/schema/aws-amplify-branch.json b/src/schema/aws-amplify-branch.json index 7192a8d6..48565ba8 100644 --- a/src/schema/aws-amplify-branch.json +++ b/src/schema/aws-amplify-branch.json @@ -195,6 +195,12 @@ "pattern": "(?s).+", "type": "string" }, + "ComputeRoleArn": { + "maxLength": 1000, + "minLength": 0, + "pattern": "(?s).*", + "type": "string" + }, "Description": { "maxLength": 1000, "pattern": "(?s).*", @@ -209,6 +215,9 @@ "EnablePullRequestPreview": { "type": "boolean" }, + "EnableSkewProtection": { + "type": "boolean" + }, "EnvironmentVariables": { "items": { "$ref": "#/definitions/EnvironmentVariable" @@ -252,6 +261,18 @@ "BranchName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplify", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "amplify:TagResource", + "amplify:ListTagsForResource", + "amplify:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Amplify::Branch", "writeOnlyProperties": [ "/properties/BasicAuthConfig" diff --git a/src/schema/aws-amplify-domain.json b/src/schema/aws-amplify-domain.json index 65427d64..b42d6ebe 100644 --- a/src/schema/aws-amplify-domain.json +++ b/src/schema/aws-amplify-domain.json @@ -69,6 +69,7 @@ "handlers": { "create": { "permissions": [ + "amplify:GetDomainAssociation", "amplify:CreateDomainAssociation", "route53:ListHostedZones", "route53:ChangeResourceRecordSets", @@ -78,9 +79,10 @@ }, "delete": { "permissions": [ + "amplify:GetDomainAssociation", "amplify:DeleteDomainAssociation", - "iam:PassRole", - "amplify:DeleteDomainAssociation" + "route53:ListHostedZones", + "iam:PassRole" ] }, "list": { @@ -100,6 +102,7 @@ }, "update": { "permissions": [ + "amplify:GetDomainAssociation", "amplify:UpdateDomainAssociation", "route53:ListHostedZones", "route53:ChangeResourceRecordSets", diff --git a/src/schema/aws-amplifyuibuilder-component.json b/src/schema/aws-amplifyuibuilder-component.json index cbc3d08d..9f181a63 100644 --- a/src/schema/aws-amplifyuibuilder-component.json +++ b/src/schema/aws-amplifyuibuilder-component.json @@ -574,6 +574,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplifyuibuilder", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-amplifyuibuilder-form.json b/src/schema/aws-amplifyuibuilder-form.json index 0b76f109..0998a6c2 100644 --- a/src/schema/aws-amplifyuibuilder-form.json +++ b/src/schema/aws-amplifyuibuilder-form.json @@ -485,15 +485,13 @@ "amplify:GetApp", "amplifyuibuilder:CreateForm", "amplifyuibuilder:GetForm", - "amplifyuibuilder:TagResource", - "amplifyuibuilder:UntagResource" + "amplifyuibuilder:TagResource" ] }, "delete": { "permissions": [ "amplify:GetApp", "amplifyuibuilder:DeleteForm", - "amplifyuibuilder:TagResource", "amplifyuibuilder:UntagResource" ] }, @@ -520,8 +518,7 @@ "read": { "permissions": [ "amplify:GetApp", - "amplifyuibuilder:GetForm", - "amplifyuibuilder:TagResource" + "amplifyuibuilder:GetForm" ] }, "update": { @@ -588,6 +585,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplifyuibuilder", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-amplifyuibuilder-theme.json b/src/schema/aws-amplifyuibuilder-theme.json index 2e30b989..c525f08e 100644 --- a/src/schema/aws-amplifyuibuilder-theme.json +++ b/src/schema/aws-amplifyuibuilder-theme.json @@ -149,6 +149,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-amplifyuibuilder", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-apigateway-account.json b/src/schema/aws-apigateway-account.json index a3ef206b..b252714b 100644 --- a/src/schema/aws-apigateway-account.json +++ b/src/schema/aws-apigateway-account.json @@ -32,7 +32,7 @@ ], "properties": { "CloudWatchRoleArn": { - "description": "The ARN of an Amazon CloudWatch role for the current Account.", + "description": "", "type": "string" }, "Id": { diff --git a/src/schema/aws-apigateway-apikey.json b/src/schema/aws-apigateway-apikey.json index f2d0744c..b513da61 100644 --- a/src/schema/aws-apigateway-apikey.json +++ b/src/schema/aws-apigateway-apikey.json @@ -11,11 +11,11 @@ "description": "``StageKey`` is a property of the [AWS::ApiGateway::ApiKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html) resource that specifies the stage to associate with the API key. This association allows only clients with the key to make requests to methods in that stage.", "properties": { "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "StageName": { - "description": "The stage name associated with the stage key.", + "description": "", "type": "string" } }, @@ -87,20 +87,20 @@ "type": "string" }, "CustomerId": { - "description": "An MKT customer identifier, when integrating with the AWS SaaS Marketplace.", + "description": "", "type": "string" }, "Description": { - "description": "The description of the ApiKey.", + "description": "", "type": "string" }, "Enabled": { "default": false, - "description": "Specifies whether the ApiKey can be used by callers.", + "description": "", "type": "boolean" }, "GenerateDistinctId": { - "description": "Specifies whether (``true``) or not (``false``) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used.", + "description": "", "type": "boolean" }, "Name": { @@ -108,7 +108,7 @@ "type": "string" }, "StageKeys": { - "description": "DEPRECATED FOR USAGE PLANS - Specifies stages associated with the API key.", + "description": "", "items": { "$ref": "#/definitions/StageKey" }, @@ -116,7 +116,7 @@ "uniqueItems": true }, "Tags": { - "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters.", + "description": "", "items": { "$ref": "#/definitions/Tag" }, @@ -124,7 +124,7 @@ "uniqueItems": false }, "Value": { - "description": "Specifies a value of the API key.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-authorizer.json b/src/schema/aws-apigateway-authorizer.json index 906cedaf..e5b433de 100644 --- a/src/schema/aws-apigateway-authorizer.json +++ b/src/schema/aws-apigateway-authorizer.json @@ -50,11 +50,11 @@ ], "properties": { "AuthType": { - "description": "Optional customer-defined field, used in OpenAPI imports and exports without functional impact.", + "description": "", "type": "string" }, "AuthorizerCredentials": { - "description": "Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.", + "description": "", "type": "string" }, "AuthorizerId": { @@ -62,27 +62,27 @@ "type": "string" }, "AuthorizerResultTtlInSeconds": { - "description": "The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.", + "description": "", "type": "integer" }, "AuthorizerUri": { - "description": "Specifies the authorizer's Uniform Resource Identifier (URI). For ``TOKEN`` or ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where ``{region}`` is the same as the region hosting the Lambda function, ``path`` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``.", + "description": "", "type": "string" }, "IdentitySource": { - "description": "The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.", + "description": "", "type": "string" }, "IdentityValidationExpression": { - "description": "A validation expression for the incoming identity token. For ``TOKEN`` authorizers, this value is a regular expression. For ``COGNITO_USER_POOLS`` authorizers, API Gateway will match the ``aud`` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the ``REQUEST`` authorizer.", + "description": "", "type": "string" }, "Name": { - "description": "The name of the authorizer.", + "description": "", "type": "string" }, "ProviderARNs": { - "description": "A list of the Amazon Cognito user pool ARNs for the ``COGNITO_USER_POOLS`` authorizer. Each element is of this format: ``arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}``. For a ``TOKEN`` or ``REQUEST`` authorizer, this is not defined.", + "description": "", "insertionOrder": false, "items": { "type": "string" @@ -91,11 +91,11 @@ "uniqueItems": true }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "Type": { - "description": "The authorizer type. Valid values are ``TOKEN`` for a Lambda function using a single authorization token submitted in a custom header, ``REQUEST`` for a Lambda function using incoming request parameters, and ``COGNITO_USER_POOLS`` for using an Amazon Cognito user pool.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-basepathmapping.json b/src/schema/aws-apigateway-basepathmapping.json index 7718f4ed..9b18de4e 100644 --- a/src/schema/aws-apigateway-basepathmapping.json +++ b/src/schema/aws-apigateway-basepathmapping.json @@ -51,19 +51,19 @@ ], "properties": { "BasePath": { - "description": "The base path name that callers of the API must provide as part of the URL after the domain name.", + "description": "", "type": "string" }, "DomainName": { - "description": "The domain name of the BasePathMapping resource to be described.", + "description": "", "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "Stage": { - "description": "The name of the associated stage.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-basepathmappingv2.json b/src/schema/aws-apigateway-basepathmappingv2.json new file mode 100644 index 00000000..f213a290 --- /dev/null +++ b/src/schema/aws-apigateway-basepathmappingv2.json @@ -0,0 +1,88 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DomainNameArn", + "/properties/BasePath" + ], + "description": "Resource Type definition for AWS::ApiGateway::BasePathMappingV2", + "handlers": { + "create": { + "permissions": [ + "apigateway:POST", + "apigateway:GET" + ] + }, + "delete": { + "permissions": [ + "apigateway:DELETE" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "DomainNameArn": { + "$ref": "resource-schema.json#/properties/DomainNameArn" + } + }, + "required": [ + "DomainNameArn" + ] + }, + "permissions": [ + "apigateway:GET" + ] + }, + "read": { + "permissions": [ + "apigateway:GET" + ] + }, + "update": { + "permissions": [ + "apigateway:GET", + "apigateway:DELETE", + "apigateway:PATCH" + ] + } + }, + "primaryIdentifier": [ + "/properties/BasePathMappingArn" + ], + "properties": { + "BasePath": { + "description": "The base path name that callers of the API must provide in the URL after the domain name.", + "type": "string" + }, + "BasePathMappingArn": { + "description": "Amazon Resource Name (ARN) of the resource.", + "type": "string" + }, + "DomainNameArn": { + "description": "The Arn of an AWS::ApiGateway::DomainNameV2 resource.", + "type": "string" + }, + "RestApiId": { + "description": "The ID of the API.", + "type": "string" + }, + "Stage": { + "description": "The name of the API's stage.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/BasePathMappingArn" + ], + "required": [ + "DomainNameArn", + "RestApiId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-apigateway", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::ApiGateway::BasePathMappingV2" +} diff --git a/src/schema/aws-apigateway-clientcertificate.json b/src/schema/aws-apigateway-clientcertificate.json index 27216b93..88bc1d7e 100644 --- a/src/schema/aws-apigateway-clientcertificate.json +++ b/src/schema/aws-apigateway-clientcertificate.json @@ -61,11 +61,11 @@ "type": "string" }, "Description": { - "description": "The description of the client certificate.", + "description": "", "type": "string" }, "Tags": { - "description": "The collection of tags. Each tag element is associated with a given resource.", + "description": "", "items": { "$ref": "#/definitions/Tag" }, diff --git a/src/schema/aws-apigateway-deployment.json b/src/schema/aws-apigateway-deployment.json index 26f315ee..7786496e 100644 --- a/src/schema/aws-apigateway-deployment.json +++ b/src/schema/aws-apigateway-deployment.json @@ -10,11 +10,11 @@ "description": "The ``AccessLogSetting`` property type specifies settings for logging access in this stage.\n ``AccessLogSetting`` is a property of the [StageDescription](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-deployment-stagedescription.html) property type.", "properties": { "DestinationArn": { - "description": "The Amazon Resource Name (ARN) of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with ``amazon-apigateway-``.", + "description": "", "type": "string" }, "Format": { - "description": "A single line format of the access logs of data, as specified by selected $context variables. The format must include at least ``$context.requestId``.", + "description": "", "type": "string" } }, @@ -25,12 +25,12 @@ "description": "The ``CanarySetting`` property type specifies settings for the canary deployment in this stage.\n ``CanarySetting`` is a property of the [StageDescription](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-deployment-stagedescription.html) property type.", "properties": { "PercentTraffic": { - "description": "The percent (0-100) of traffic diverted to a canary deployment.", + "description": "", "type": "number" }, "StageVariableOverrides": { "additionalProperties": false, - "description": "Stage variables overridden for a canary release deployment, including new stage variables introduced in the canary. These stage variables are represented as a string-to-string map between stage variable names and their values.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -39,7 +39,7 @@ "type": "object" }, "UseStageCache": { - "description": "A Boolean flag to indicate whether the canary deployment uses the stage cache or not.", + "description": "", "type": "boolean" } }, @@ -50,12 +50,12 @@ "description": "The ``DeploymentCanarySettings`` property type specifies settings for the canary deployment.", "properties": { "PercentTraffic": { - "description": "The percentage (0.0-100.0) of traffic routed to the canary deployment.", + "description": "", "type": "number" }, "StageVariableOverrides": { "additionalProperties": false, - "description": "A stage variable overrides used for the canary release deployment. They can override existing stage variables or add new stage variables for the canary release deployment. These stage variables are represented as a string-to-string map between stage variable names and their values.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -64,7 +64,7 @@ "type": "object" }, "UseStageCache": { - "description": "A Boolean flag to indicate whether the canary release deployment uses the stage cache or not.", + "description": "", "type": "boolean" } }, @@ -75,19 +75,19 @@ "description": "The ``MethodSetting`` property type configures settings for all methods in a stage.\n The ``MethodSettings`` property of the [Amazon API Gateway Deployment StageDescription](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-deployment-stagedescription.html) property type contains a list of ``MethodSetting`` property types.", "properties": { "CacheDataEncrypted": { - "description": "Specifies whether the cached responses are encrypted.", + "description": "", "type": "boolean" }, "CacheTtlInSeconds": { - "description": "Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached.", + "description": "", "type": "integer" }, "CachingEnabled": { - "description": "Specifies whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached.", + "description": "", "type": "boolean" }, "DataTraceEnabled": { - "description": "Specifies whether data trace logging is enabled for this method, which affects the log entries pushed to Amazon CloudWatch Logs. This can be useful to troubleshoot APIs, but can result in logging sensitive data. We recommend that you don't enable this option for production APIs.", + "description": "", "type": "boolean" }, "HttpMethod": { @@ -95,11 +95,11 @@ "type": "string" }, "LoggingLevel": { - "description": "Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are ``OFF``, ``ERROR``, and ``INFO``. Choose ``ERROR`` to write only error-level entries to CloudWatch Logs, or choose ``INFO`` to include all ``ERROR`` events as well as extra informational events.", + "description": "", "type": "string" }, "MetricsEnabled": { - "description": "Specifies whether Amazon CloudWatch metrics are enabled for this method.", + "description": "", "type": "boolean" }, "ResourcePath": { @@ -107,11 +107,11 @@ "type": "string" }, "ThrottlingBurstLimit": { - "description": "Specifies the throttling burst limit.", + "description": "", "type": "integer" }, "ThrottlingRateLimit": { - "description": "Specifies the throttling rate limit.", + "description": "", "type": "number" } }, @@ -126,7 +126,7 @@ "description": "Specifies settings for logging access in this stage." }, "CacheClusterEnabled": { - "description": "Specifies whether a cache cluster is enabled for the stage.", + "description": "", "type": "boolean" }, "CacheClusterSize": { @@ -288,18 +288,18 @@ "properties": { "DeploymentCanarySettings": { "$ref": "#/definitions/DeploymentCanarySettings", - "description": "The input configuration for a canary deployment." + "description": "" }, "DeploymentId": { "description": "", "type": "string" }, "Description": { - "description": "The description for the Deployment resource to create.", + "description": "", "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "StageDescription": { @@ -307,7 +307,7 @@ "description": "The description of the Stage resource for the Deployment resource to create. To specify a stage description, you must also provide a stage name." }, "StageName": { - "description": "The name of the Stage resource for the Deployment resource to create.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-documentationpart.json b/src/schema/aws-apigateway-documentationpart.json index 366a7f25..3ecf7901 100644 --- a/src/schema/aws-apigateway-documentationpart.json +++ b/src/schema/aws-apigateway-documentationpart.json @@ -10,23 +10,23 @@ "description": "The ``Location`` property specifies the location of the Amazon API Gateway API entity that the documentation applies to. ``Location`` is a property of the [AWS::ApiGateway::DocumentationPart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-documentationpart.html) resource.\n For more information about each property, including constraints and valid values, see [DocumentationPart](https://docs.aws.amazon.com/apigateway/latest/api/API_DocumentationPartLocation.html) in the *Amazon API Gateway REST API Reference*.", "properties": { "Method": { - "description": "The HTTP verb of a method. It is a valid field for the API entity types of ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any method. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``method`` attribute must match that of the parent entity exactly.", + "description": "", "type": "string" }, "Name": { - "description": "The name of the targeted API entity. It is a valid and required field for the API entity types of ``AUTHORIZER``, ``MODEL``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY`` and ``RESPONSE_HEADER``. It is an invalid field for any other entity type.", + "description": "", "type": "string" }, "Path": { - "description": "The URL path of the target. It is a valid field for the API entity types of ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``/`` for the root resource. When an applicable child entity inherits the content of another entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``path`` attribute must match that of the parent entity as a prefix.", + "description": "", "type": "string" }, "StatusCode": { - "description": "The HTTP status code of a response. It is a valid field for the API entity types of ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any status code. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``statusCode`` attribute must match that of the parent entity exactly.", + "description": "", "type": "string" }, "Type": { - "description": "The type of API entity to which the documentation content applies. Valid values are ``API``, ``AUTHORIZER``, ``MODEL``, ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. Content inheritance does not apply to any entity of the ``API``, ``AUTHORIZER``, ``METHOD``, ``MODEL``, ``REQUEST_BODY``, or ``RESOURCE`` type.", + "description": "", "enum": [ "API", "AUTHORIZER", @@ -98,14 +98,14 @@ }, "Location": { "$ref": "#/definitions/Location", - "description": "The location of the targeted API entity of the to-be-created documentation part." + "description": "" }, "Properties": { - "description": "The new documentation content map of the targeted API entity. Enclosed key-value pairs are API-specific, but only OpenAPI-compliant key-value pairs can be exported and, hence, published.", + "description": "", "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-documentationversion.json b/src/schema/aws-apigateway-documentationversion.json index e95eade5..6d58d308 100644 --- a/src/schema/aws-apigateway-documentationversion.json +++ b/src/schema/aws-apigateway-documentationversion.json @@ -51,16 +51,16 @@ ], "properties": { "Description": { - "description": "A description about the new documentation snapshot.", + "description": "", "type": "string" }, "DocumentationVersion": { - "description": "The version identifier of the to-be-updated documentation version.", + "description": "", "minLength": 1, "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "minLength": 1, "type": "string" } diff --git a/src/schema/aws-apigateway-domainname.json b/src/schema/aws-apigateway-domainname.json index 9e880a03..4b57bfee 100644 --- a/src/schema/aws-apigateway-domainname.json +++ b/src/schema/aws-apigateway-domainname.json @@ -7,6 +7,9 @@ "EndpointConfiguration": { "additionalProperties": false, "properties": { + "IpAddressType": { + "type": "string" + }, "Types": { "items": { "type": "string" @@ -45,27 +48,32 @@ "handlers": { "create": { "permissions": [ - "apigateway:*" + "apigateway:POST", + "apigateway:PUT", + "apigateway:GET" ] }, "delete": { "permissions": [ - "apigateway:*" + "apigateway:GET", + "apigateway:DELETE" ] }, "list": { "permissions": [ - "apigateway:*" + "apigateway:GET" ] }, "read": { "permissions": [ - "apigateway:*" + "apigateway:GET" ] }, "update": { "permissions": [ - "apigateway:*" + "apigateway:GET", + "apigateway:PUT", + "apigateway:PATCH" ] } }, diff --git a/src/schema/aws-apigateway-domainnameaccessassociation.json b/src/schema/aws-apigateway-domainnameaccessassociation.json new file mode 100644 index 00000000..e122ad8a --- /dev/null +++ b/src/schema/aws-apigateway-domainnameaccessassociation.json @@ -0,0 +1,106 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DomainNameArn", + "/properties/AccessAssociationSource", + "/properties/AccessAssociationSourceType", + "/properties/Tags" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::ApiGateway::DomainNameAccessAssociation.", + "handlers": { + "create": { + "permissions": [ + "apigateway:POST", + "apigateway:GET" + ] + }, + "delete": { + "permissions": [ + "apigateway:DELETE", + "apigateway:GET" + ] + }, + "list": { + "permissions": [ + "apigateway:GET" + ] + }, + "read": { + "permissions": [ + "apigateway:GET" + ] + } + }, + "primaryIdentifier": [ + "/properties/DomainNameAccessAssociationArn" + ], + "properties": { + "AccessAssociationSource": { + "description": "The source of the domain name access association resource.", + "type": "string" + }, + "AccessAssociationSourceType": { + "description": "The source type of the domain name access association resource.", + "enum": [ + "VPCE" + ], + "type": "string" + }, + "DomainNameAccessAssociationArn": { + "description": "The amazon resource name (ARN) of the domain name access association resource.", + "type": "string" + }, + "DomainNameArn": { + "description": "The amazon resource name (ARN) of the domain name resource.", + "type": "string" + }, + "Tags": { + "description": "An array of arbitrary tags (key-value pairs) to associate with the domainname access association.", + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + } + }, + "readOnlyProperties": [ + "/properties/DomainNameAccessAssociationArn" + ], + "required": [ + "DomainNameArn", + "AccessAssociationSource", + "AccessAssociationSourceType" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-apigateway", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "apigateway:POST", + "apigateway:DELETE", + "apigateway:GET" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::ApiGateway::DomainNameAccessAssociation" +} diff --git a/src/schema/aws-apigateway-domainnamev2.json b/src/schema/aws-apigateway-domainnamev2.json new file mode 100644 index 00000000..64563f1a --- /dev/null +++ b/src/schema/aws-apigateway-domainnamev2.json @@ -0,0 +1,125 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DomainName", + "/properties/SecurityPolicy", + "/properties/EndpointConfiguration" + ], + "definitions": { + "EndpointConfiguration": { + "additionalProperties": false, + "properties": { + "Types": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Resource Type definition for AWS::ApiGateway::DomainNameV2.", + "handlers": { + "create": { + "permissions": [ + "apigateway:POST", + "apigateway:GET", + "apigateway:UpdateDomainNamePolicy" + ] + }, + "delete": { + "permissions": [ + "apigateway:DELETE", + "apigateway:GET", + "apigateway:UpdateDomainNamePolicy" + ] + }, + "list": { + "permissions": [ + "apigateway:GET" + ] + }, + "read": { + "permissions": [ + "apigateway:GET" + ] + }, + "update": { + "permissions": [ + "apigateway:GET", + "apigateway:PUT", + "apigateway:PATCH", + "apigateway:UpdateDomainNamePolicy" + ] + } + }, + "primaryIdentifier": [ + "/properties/DomainNameArn" + ], + "properties": { + "CertificateArn": { + "type": "string" + }, + "DomainName": { + "type": "string" + }, + "DomainNameArn": { + "description": "The amazon resource name (ARN) of the domain name resource.", + "type": "string" + }, + "DomainNameId": { + "type": "string" + }, + "EndpointConfiguration": { + "$ref": "#/definitions/EndpointConfiguration" + }, + "Policy": { + "type": [ + "object", + "string" + ] + }, + "SecurityPolicy": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/DomainNameId", + "/properties/DomainNameArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "apigateway:PUT", + "apigateway:PATCH", + "apigateway:DELETE", + "apigateway:GET", + "apigateway:POST" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::ApiGateway::DomainNameV2" +} diff --git a/src/schema/aws-apigateway-gatewayresponse.json b/src/schema/aws-apigateway-gatewayresponse.json index 019a99c6..e114720e 100644 --- a/src/schema/aws-apigateway-gatewayresponse.json +++ b/src/schema/aws-apigateway-gatewayresponse.json @@ -55,7 +55,7 @@ }, "ResponseParameters": { "additionalProperties": false, - "description": "Response parameters (paths, query strings and headers) of the GatewayResponse as a string-to-string map of key-value pairs.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -65,7 +65,7 @@ }, "ResponseTemplates": { "additionalProperties": false, - "description": "Response templates of the GatewayResponse as a string-to-string map of key-value pairs.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -74,15 +74,15 @@ "type": "object" }, "ResponseType": { - "description": "The response type of the associated GatewayResponse.", + "description": "", "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "StatusCode": { - "description": "The HTTP status code for this GatewayResponse.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-method.json b/src/schema/aws-apigateway-method.json index 9d030bdd..dc77e777 100644 --- a/src/schema/aws-apigateway-method.json +++ b/src/schema/aws-apigateway-method.json @@ -11,7 +11,7 @@ "description": "``Integration`` is a property of the [AWS::ApiGateway::Method](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html) resource that specifies information about the target backend that a method calls.", "properties": { "CacheKeyParameters": { - "description": "A list of request parameters whose values API Gateway caches. To be valid values for ``cacheKeyParameters``, these parameters must also be specified for Method ``requestParameters``.", + "description": "", "items": { "type": "string" }, @@ -19,15 +19,15 @@ "uniqueItems": true }, "CacheNamespace": { - "description": "Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the ``cacheNamespace``. You can specify the same ``cacheNamespace`` across resources to return the same cached data for requests to different resources.", + "description": "", "type": "string" }, "ConnectionId": { - "description": "The ID of the VpcLink used for the integration when ``connectionType=VPC_LINK`` and undefined, otherwise.", + "description": "", "type": "string" }, "ConnectionType": { - "description": "The type of the network connection to the integration endpoint. The valid value is ``INTERNET`` for connections through the public routable internet or ``VPC_LINK`` for private connections between API Gateway and a network load balancer in a VPC. The default value is ``INTERNET``.", + "description": "", "enum": [ "INTERNET", "VPC_LINK" @@ -35,7 +35,7 @@ "type": "string" }, "ContentHandling": { - "description": "Specifies how to handle request payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors:\n If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the ``passthroughBehavior`` is configured to support payload pass-through.", + "description": "", "enum": [ "CONVERT_TO_BINARY", "CONVERT_TO_TEXT" @@ -43,15 +43,15 @@ "type": "string" }, "Credentials": { - "description": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string ``arn:aws:iam::\\*:user/\\*``. To use resource-based permissions on supported AWS services, specify null.", + "description": "", "type": "string" }, "IntegrationHttpMethod": { - "description": "Specifies the integration's HTTP method type. For the Type property, if you specify ``MOCK``, this property is optional. For Lambda integrations, you must set the integration method to ``POST``. For all other types, you must specify this property.", + "description": "", "type": "string" }, "IntegrationResponses": { - "description": "Specifies the integration's responses.", + "description": "", "items": { "$ref": "#/definitions/IntegrationResponse" }, @@ -59,7 +59,7 @@ "uniqueItems": true }, "PassthroughBehavior": { - "description": "Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified in ``requestTemplates``. The valid value is one of the following: ``WHEN_NO_MATCH``: passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request. ``WHEN_NO_TEMPLATES``: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response. ``NEVER``: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request.", + "description": "", "enum": [ "WHEN_NO_MATCH", "WHEN_NO_TEMPLATES", @@ -69,7 +69,7 @@ }, "RequestParameters": { "additionalProperties": false, - "description": "A key-value map specifying request parameters that are passed from the method request to the back end. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the back end. The method request parameter value must match the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` must be a valid and unique method request parameter name.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -79,7 +79,7 @@ }, "RequestTemplates": { "additionalProperties": false, - "description": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -88,12 +88,12 @@ "type": "object" }, "TimeoutInMillis": { - "description": "Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds.", + "description": "", "minimum": 50, "type": "integer" }, "Type": { - "description": "Specifies an API method integration type. The valid value is one of the following:\n For the HTTP and HTTP proxy integrations, each integration can specify a protocol (``http/https``), port and path. Standard 80 and 443 ports are supported as well as custom ports above 1024. An HTTP or HTTP proxy integration with a ``connectionType`` of ``VPC_LINK`` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.", + "description": "", "enum": [ "AWS", "AWS_PROXY", @@ -104,7 +104,7 @@ "type": "string" }, "Uri": { - "description": "Specifies Uniform Resource Identifier (URI) of the integration endpoint.\n For ``HTTP`` or ``HTTP_PROXY`` integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. If ``connectionType`` is ``VPC_LINK`` specify the Network Load Balancer DNS name. For ``AWS`` or ``AWS_PROXY`` integrations, the URI is of the form ``arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}``. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}&{p1}={v1}&p2={v2}... query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either ``arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key}`` or ``arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}``", + "description": "", "type": "string" } }, @@ -118,7 +118,7 @@ "description": "``IntegrationResponse`` is a property of the [Amazon API Gateway Method Integration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apitgateway-method-integration.html) property type that specifies the response that API Gateway sends after a method's backend finishes processing a request.", "properties": { "ContentHandling": { - "description": "Specifies how to handle response payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors:\n If this property is not defined, the response payload will be passed through from the integration response to the method response without modification.", + "description": "", "enum": [ "CONVERT_TO_BINARY", "CONVERT_TO_TEXT" @@ -127,7 +127,7 @@ }, "ResponseParameters": { "additionalProperties": false, - "description": "A key-value map specifying response parameters that are passed to the method response from the back end. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of ``method.response.header.{name}``, where ``name`` is a valid and unique header name. The mapped non-static value must match the pattern of ``integration.response.header.{name}`` or ``integration.response.body.{JSON-expression}``, where ``name`` is a valid and unique response header name and ``JSON-expression`` is a valid JSON expression without the ``$`` prefix.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -137,7 +137,7 @@ }, "ResponseTemplates": { "additionalProperties": false, - "description": "Specifies the templates used to transform the integration response body. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -146,11 +146,11 @@ "type": "object" }, "SelectionPattern": { - "description": "Specifies the regular expression (regex) pattern used to choose an integration response based on the response from the back end. For example, if the success response returns nothing and the error response returns some string, you could use the ``.+`` regex to match error response. However, make sure that the error response does not contain any newline (``\\n``) character in such cases. If the back end is an LAMlong function, the LAMlong function error header is matched. For all other HTTP and AWS back ends, the HTTP status code is matched.", + "description": "", "type": "string" }, "StatusCode": { - "description": "Specifies the status code that is used to map the integration response to an existing MethodResponse.", + "description": "", "type": "string" } }, @@ -161,11 +161,11 @@ }, "MethodResponse": { "additionalProperties": false, - "description": "Represents a method response of a given HTTP status code returned to the client. The method response is passed from the back end through the associated integration response that can be transformed using a mapping template.", + "description": "", "properties": { "ResponseModels": { "additionalProperties": false, - "description": "Specifies the Model resources used for the response's content-type. Response models are represented as a key/value map, with a content-type as the key and a Model name as the value.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -175,7 +175,7 @@ }, "ResponseParameters": { "additionalProperties": false, - "description": "A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern ``method.response.header.{name}``, where ``name`` is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to the mapping you prescribe in the API's IntegrationResponse. The integration response data that can be mapped include an integration response header expressed in ``integration.response.header.{name}``, a static value enclosed within a pair of single quotes (e.g., ``'application/json'``), or a JSON expression from the back-end response payload in the form of ``integration.response.body.{JSON-expression}``, where ``JSON-expression`` is a valid JSON expression without the ``$`` prefix.)", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": [ @@ -187,7 +187,7 @@ "type": "object" }, "StatusCode": { - "description": "The method response's status code.", + "description": "", "type": "string" } }, @@ -232,11 +232,11 @@ ], "properties": { "ApiKeyRequired": { - "description": "A boolean flag specifying whether a valid ApiKey is required to invoke this method.", + "description": "", "type": "boolean" }, "AuthorizationScopes": { - "description": "A list of authorization scopes configured on the method. The scopes are used with a ``COGNITO_USER_POOLS`` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide an access token instead of an identity token for authorization purposes.", + "description": "", "items": { "type": "string" }, @@ -247,19 +247,19 @@ "type": "string" }, "AuthorizerId": { - "description": "The identifier of an authorizer to use on this method. The method's authorization type must be ``CUSTOM`` or ``COGNITO_USER_POOLS``.", + "description": "", "type": "string" }, "HttpMethod": { - "description": "The method's HTTP verb.", + "description": "", "type": "string" }, "Integration": { "$ref": "#/definitions/Integration", - "description": "Represents an ``HTTP``, ``HTTP_PROXY``, ``AWS``, ``AWS_PROXY``, or Mock integration." + "description": "" }, "MethodResponses": { - "description": "Gets a method response associated with a given HTTP status code.", + "description": "", "items": { "$ref": "#/definitions/MethodResponse" }, @@ -267,12 +267,12 @@ "uniqueItems": true }, "OperationName": { - "description": "A human-friendly operation identifier for the method. For example, you can assign the ``operationName`` of ``ListPets`` for the ``GET /pets`` method in the ``PetStore`` example.", + "description": "", "type": "string" }, "RequestModels": { "additionalProperties": false, - "description": "A key-value map specifying data schemas, represented by Model resources, (as the mapped value) of the request payloads of given content types (as the mapping key).", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -282,7 +282,7 @@ }, "RequestParameters": { "additionalProperties": false, - "description": "A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required (``true``) or optional (``false``). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": [ @@ -294,15 +294,15 @@ "type": "object" }, "RequestValidatorId": { - "description": "The identifier of a RequestValidator for request validation.", + "description": "", "type": "string" }, "ResourceId": { - "description": "The Resource identifier for the MethodResponse resource.", + "description": "", "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-model.json b/src/schema/aws-apigateway-model.json index fe20c308..7590e21f 100644 --- a/src/schema/aws-apigateway-model.json +++ b/src/schema/aws-apigateway-model.json @@ -52,11 +52,11 @@ ], "properties": { "ContentType": { - "description": "The content-type for the model.", + "description": "", "type": "string" }, "Description": { - "description": "The description of the model.", + "description": "", "type": "string" }, "Name": { @@ -64,11 +64,11 @@ "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "Schema": { - "description": "The schema for the model. For ``application/json`` models, this should be JSON schema draft 4 model. Do not include \"\\*/\" characters in the description of any properties because such \"\\*/\" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail.", + "description": "", "type": [ "object", "string" diff --git a/src/schema/aws-apigateway-requestvalidator.json b/src/schema/aws-apigateway-requestvalidator.json index e81a5b2f..ece75b03 100644 --- a/src/schema/aws-apigateway-requestvalidator.json +++ b/src/schema/aws-apigateway-requestvalidator.json @@ -50,7 +50,7 @@ ], "properties": { "Name": { - "description": "The name of this RequestValidator", + "description": "", "type": "string" }, "RequestValidatorId": { @@ -58,15 +58,15 @@ "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "ValidateRequestBody": { - "description": "A Boolean flag to indicate whether to validate a request body according to the configured Model schema.", + "description": "", "type": "boolean" }, "ValidateRequestParameters": { - "description": "A Boolean flag to indicate whether to validate request parameters (``true``) or not (``false``).", + "description": "", "type": "boolean" } }, diff --git a/src/schema/aws-apigateway-resource.json b/src/schema/aws-apigateway-resource.json index c3b76a9c..473b265d 100644 --- a/src/schema/aws-apigateway-resource.json +++ b/src/schema/aws-apigateway-resource.json @@ -50,11 +50,11 @@ ], "properties": { "ParentId": { - "description": "The parent resource's identifier.", + "description": "", "type": "string" }, "PathPart": { - "description": "The last path segment for this resource.", + "description": "", "type": "string" }, "ResourceId": { @@ -62,7 +62,7 @@ "type": "string" }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-restapi.json b/src/schema/aws-apigateway-restapi.json index ff7d41da..772f19d6 100644 --- a/src/schema/aws-apigateway-restapi.json +++ b/src/schema/aws-apigateway-restapi.json @@ -5,8 +5,12 @@ "additionalProperties": false, "description": "The ``EndpointConfiguration`` property type specifies the endpoint types of a REST API.\n ``EndpointConfiguration`` is a property of the [AWS::ApiGateway::RestApi](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html) resource.", "properties": { + "IpAddressType": { + "description": "", + "type": "string" + }, "Types": { - "description": "A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is ``\"EDGE\"``. For a regional API and its custom domain name, the endpoint type is ``REGIONAL``. For a private API, the endpoint type is ``PRIVATE``.", + "description": "", "items": { "type": "string" }, @@ -14,7 +18,7 @@ "uniqueItems": true }, "VpcEndpointIds": { - "description": "A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for ``PRIVATE`` endpoint type.", + "description": "", "items": { "relationshipRef": { "propertyPath": "/properties/Id", @@ -118,11 +122,11 @@ ], "properties": { "ApiKeySourceType": { - "description": "The source of the API key for metering requests according to a usage plan. Valid values are: ``HEADER`` to read the API key from the ``X-API-Key`` header of a request. ``AUTHORIZER`` to read the API key from the ``UsageIdentifierKey`` from a custom authorizer.", + "description": "", "type": "string" }, "BinaryMediaTypes": { - "description": "The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.", + "description": "", "items": { "type": "string" }, @@ -141,15 +145,15 @@ "description": "The Amazon Simple Storage Service (Amazon S3) location that points to an OpenAPI file, which defines a set of RESTful APIs in JSON or YAML format." }, "CloneFrom": { - "description": "The ID of the RestApi that you want to clone from.", + "description": "", "type": "string" }, "Description": { - "description": "The description of the RestApi.", + "description": "", "type": "string" }, "DisableExecuteApiEndpoint": { - "description": "Specifies whether clients can invoke your API by using the default ``execute-api`` endpoint. By default, clients can invoke your API with the default ``https://{api_id}.execute-api.{region}.amazonaws.com`` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint", + "description": "", "type": "boolean" }, "EndpointConfiguration": { @@ -157,11 +161,11 @@ "description": "A list of the endpoint types of the API. Use this property when creating an API. When importing an existing API, specify the endpoint configuration types using the ``Parameters`` property." }, "FailOnWarnings": { - "description": "A query parameter to indicate whether to rollback the API update (``true``) or not (``false``) when a warning is encountered. The default value is ``false``.", + "description": "", "type": "boolean" }, "MinimumCompressionSize": { - "description": "A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.", + "description": "", "type": "integer" }, "Mode": { @@ -174,7 +178,7 @@ }, "Parameters": { "additionalProperties": false, - "description": "Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ``ignore=documentation`` as a ``parameters`` value, as in the AWS CLI command of ``aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'``.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -201,7 +205,7 @@ "type": "string" }, "Tags": { - "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters.", + "description": "", "items": { "$ref": "#/definitions/Tag" }, diff --git a/src/schema/aws-apigateway-stage.json b/src/schema/aws-apigateway-stage.json index 4eabc444..1531efd8 100644 --- a/src/schema/aws-apigateway-stage.json +++ b/src/schema/aws-apigateway-stage.json @@ -22,21 +22,21 @@ }, "CanarySetting": { "additionalProperties": false, - "description": "Configuration settings of a canary deployment.", + "description": "", "properties": { "DeploymentId": { - "description": "The ID of the canary deployment.", + "description": "", "type": "string" }, "PercentTraffic": { - "description": "The percent (0-100) of traffic diverted to a canary deployment.", + "description": "", "maximum": 100, "minimum": 0, "type": "number" }, "StageVariableOverrides": { "additionalProperties": false, - "description": "Stage variables overridden for a canary release deployment, including new stage variables introduced in the canary. These stage variables are represented as a string-to-string map between stage variable names and their values.", + "description": "", "patternProperties": { "[a-zA-Z0-9]+": { "type": "string" @@ -45,7 +45,7 @@ "type": "object" }, "UseStageCache": { - "description": "A Boolean flag to indicate whether the canary deployment uses the stage cache or not.", + "description": "", "type": "boolean" } }, @@ -56,19 +56,19 @@ "description": "The ``MethodSetting`` property type configures settings for all methods in a stage.\n The ``MethodSettings`` property of the ``AWS::ApiGateway::Stage`` resource contains a list of ``MethodSetting`` property types.", "properties": { "CacheDataEncrypted": { - "description": "Specifies whether the cached responses are encrypted.", + "description": "", "type": "boolean" }, "CacheTtlInSeconds": { - "description": "Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached.", + "description": "", "type": "integer" }, "CachingEnabled": { - "description": "Specifies whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached.", + "description": "", "type": "boolean" }, "DataTraceEnabled": { - "description": "Specifies whether data trace logging is enabled for this method, which affects the log entries pushed to Amazon CloudWatch Logs. This can be useful to troubleshoot APIs, but can result in logging sensitive data. We recommend that you don't enable this option for production APIs.", + "description": "", "type": "boolean" }, "HttpMethod": { @@ -76,11 +76,11 @@ "type": "string" }, "LoggingLevel": { - "description": "Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are ``OFF``, ``ERROR``, and ``INFO``. Choose ``ERROR`` to write only error-level entries to CloudWatch Logs, or choose ``INFO`` to include all ``ERROR`` events as well as extra informational events.", + "description": "", "type": "string" }, "MetricsEnabled": { - "description": "Specifies whether Amazon CloudWatch metrics are enabled for this method.", + "description": "", "type": "boolean" }, "ResourcePath": { @@ -88,12 +88,12 @@ "type": "string" }, "ThrottlingBurstLimit": { - "description": "Specifies the throttling burst limit.", + "description": "", "minimum": 0, "type": "integer" }, "ThrottlingRateLimit": { - "description": "Specifies the throttling rate limit.", + "description": "", "minimum": 0, "type": "number" } @@ -175,38 +175,38 @@ "properties": { "AccessLogSetting": { "$ref": "#/definitions/AccessLogSetting", - "description": "Access log settings, including the access log format and access log destination ARN." + "description": "" }, "CacheClusterEnabled": { - "description": "Specifies whether a cache cluster is enabled for the stage.", + "description": "", "type": "boolean" }, "CacheClusterSize": { - "description": "The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html).", + "description": "", "type": "string" }, "CanarySetting": { "$ref": "#/definitions/CanarySetting", - "description": "Settings for the canary deployment in this stage." + "description": "" }, "ClientCertificateId": { - "description": "The identifier of a client certificate for an API stage.", + "description": "", "type": "string" }, "DeploymentId": { - "description": "The identifier of the Deployment that the stage points to.", + "description": "", "type": "string" }, "Description": { - "description": "The stage's description.", + "description": "", "type": "string" }, "DocumentationVersion": { - "description": "The version of the associated API documentation.", + "description": "", "type": "string" }, "MethodSettings": { - "description": "A map that defines the method settings for a Stage resource. Keys (designated as ``/{method_setting_key`` below) are method paths defined as ``{resource_path}/{http_method}`` for an individual method override, or ``/\\*/\\*`` for overriding all methods in the stage.", + "description": "", "insertionOrder": false, "items": { "$ref": "#/definitions/MethodSetting" @@ -215,15 +215,15 @@ "uniqueItems": true }, "RestApiId": { - "description": "The string identifier of the associated RestApi.", + "description": "", "type": "string" }, "StageName": { - "description": "The name of the stage is the first path segment in the Uniform Resource Identifier (URI) of a call to API Gateway. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.", + "description": "", "type": "string" }, "Tags": { - "description": "The collection of tags. Each tag element is associated with a given resource.", + "description": "", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -232,7 +232,7 @@ "uniqueItems": false }, "TracingEnabled": { - "description": "Specifies whether active tracing with X-ray is enabled for the Stage.", + "description": "", "type": "boolean" }, "Variables": { diff --git a/src/schema/aws-apigateway-usageplan.json b/src/schema/aws-apigateway-usageplan.json index 01660ba4..6eb0cc78 100644 --- a/src/schema/aws-apigateway-usageplan.json +++ b/src/schema/aws-apigateway-usageplan.json @@ -3,19 +3,19 @@ "definitions": { "ApiStage": { "additionalProperties": false, - "description": "API stage name of the associated API stage in a usage plan.", + "description": "", "properties": { "ApiId": { - "description": "API Id of the associated API stage in a usage plan.", + "description": "", "type": "string" }, "Stage": { - "description": "API stage name of the associated API stage in a usage plan.", + "description": "", "type": "string" }, "Throttle": { "additionalProperties": false, - "description": "Map containing method level throttling information for API stage in a usage plan.", + "description": "", "patternProperties": { ".*": { "$ref": "#/definitions/ThrottleSettings" @@ -31,17 +31,17 @@ "description": "``QuotaSettings`` is a property of the [AWS::ApiGateway::UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html) resource that specifies a target for the maximum number of requests users can make to your REST APIs.\n In some cases clients can exceed the targets that you set. Don\u2019t rely on usage plans to control costs. Consider using [](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html) to monitor costs and [](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) to manage API requests.", "properties": { "Limit": { - "description": "The target maximum number of requests that can be made in a given time period.", + "description": "", "minimum": 0, "type": "integer" }, "Offset": { - "description": "The number of requests subtracted from the given limit in the initial time period.", + "description": "", "minimum": 0, "type": "integer" }, "Period": { - "description": "The time period in which the limit applies. Valid values are \"DAY\", \"WEEK\" or \"MONTH\".", + "description": "", "type": "string" } }, @@ -75,12 +75,12 @@ "description": "``ThrottleSettings`` is a property of the [AWS::ApiGateway::UsagePlan](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html) resource that specifies the overall request rate (average requests per second) and burst capacity when users call your REST APIs.", "properties": { "BurstLimit": { - "description": "The API target request burst rate limit. This allows more requests through for a period of time than the target rate limit.", + "description": "", "minimum": 0, "type": "integer" }, "RateLimit": { - "description": "The API target request rate limit.", + "description": "", "minimum": 0, "type": "number" } @@ -128,7 +128,7 @@ ], "properties": { "ApiStages": { - "description": "The associated API stages of a usage plan.", + "description": "", "items": { "$ref": "#/definitions/ApiStage" }, @@ -136,7 +136,7 @@ "uniqueItems": true }, "Description": { - "description": "The description of a usage plan.", + "description": "", "type": "string" }, "Id": { @@ -145,10 +145,10 @@ }, "Quota": { "$ref": "#/definitions/QuotaSettings", - "description": "The target maximum number of permitted requests per a given unit time interval." + "description": "" }, "Tags": { - "description": "The collection of tags. Each tag element is associated with a given resource.", + "description": "", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -158,10 +158,10 @@ }, "Throttle": { "$ref": "#/definitions/ThrottleSettings", - "description": "A map containing method level throttling information for API stage in a usage plan." + "description": "" }, "UsagePlanName": { - "description": "The name of a usage plan.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-apigateway-usageplankey.json b/src/schema/aws-apigateway-usageplankey.json index c38e9932..9a216f1d 100644 --- a/src/schema/aws-apigateway-usageplankey.json +++ b/src/schema/aws-apigateway-usageplankey.json @@ -53,7 +53,7 @@ "type": "string" }, "KeyType": { - "description": "The type of a UsagePlanKey resource for a plan customer.", + "description": "", "enum": [ "API_KEY" ], diff --git a/src/schema/aws-apigateway-vpclink.json b/src/schema/aws-apigateway-vpclink.json index 5662f39e..dd3227e7 100644 --- a/src/schema/aws-apigateway-vpclink.json +++ b/src/schema/aws-apigateway-vpclink.json @@ -81,11 +81,11 @@ ], "properties": { "Description": { - "description": "The description of the VPC link.", + "description": "", "type": "string" }, "Name": { - "description": "The name used to label and identify the VPC link.", + "description": "", "type": "string" }, "Tags": { @@ -98,7 +98,7 @@ "uniqueItems": true }, "TargetArns": { - "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner.", + "description": "", "insertionOrder": false, "items": { "type": "string" diff --git a/src/schema/aws-apigatewayv2-api.json b/src/schema/aws-apigatewayv2-api.json index 6bff540a..0bc603a3 100644 --- a/src/schema/aws-apigatewayv2-api.json +++ b/src/schema/aws-apigatewayv2-api.json @@ -165,6 +165,10 @@ "description": "Specifies whether to rollback the API creation when a warning is encountered. By default, API creation continues if a warning is encountered.", "type": "boolean" }, + "IpAddressType": { + "description": "", + "type": "string" + }, "Name": { "description": "The name of the API. Required unless you specify an OpenAPI definition for ``Body`` or ``S3BodyLocation``.", "type": "string" diff --git a/src/schema/aws-apigatewayv2-domainname.json b/src/schema/aws-apigatewayv2-domainname.json index 78422677..5c2537c2 100644 --- a/src/schema/aws-apigatewayv2-domainname.json +++ b/src/schema/aws-apigatewayv2-domainname.json @@ -6,7 +6,7 @@ "definitions": { "DomainNameConfiguration": { "additionalProperties": false, - "description": "The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name.\n ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource.", + "description": "The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name.\n ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource.", "properties": { "CertificateArn": { "description": "An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source.", @@ -20,6 +20,10 @@ "description": "The endpoint type.", "type": "string" }, + "IpAddressType": { + "description": "", + "type": "string" + }, "OwnershipVerificationCertificateArn": { "description": "The Amazon resource name (ARN) for the public certificate issued by ACMlong. This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn.", "type": "string" @@ -85,7 +89,11 @@ ], "properties": { "DomainName": { - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", + "type": "string" + }, + "DomainNameArn": { + "description": "", "type": "string" }, "DomainNameConfigurations": { @@ -121,7 +129,8 @@ }, "readOnlyProperties": [ "/properties/RegionalDomainName", - "/properties/RegionalHostedZoneId" + "/properties/RegionalHostedZoneId", + "/properties/DomainNameArn" ], "required": [ "DomainName" diff --git a/src/schema/aws-apigatewayv2-integration.json b/src/schema/aws-apigatewayv2-integration.json index 7a644c3d..3021ed58 100644 --- a/src/schema/aws-apigatewayv2-integration.json +++ b/src/schema/aws-apigatewayv2-integration.json @@ -4,8 +4,62 @@ "/properties/ApiId" ], "definitions": { + "ResponseParameter": { + "additionalProperties": false, + "description": "response parameter", + "properties": { + "Destination": { + "type": "string" + }, + "Source": { + "type": "string" + } + }, + "type": "object" + }, + "ResponseParameterList": { + "description": "list of response parameters", + "items": { + "$ref": "#/definitions/ResponseParameter" + }, + "type": "array" + }, + "ResponseParameterMap": { + "additionalProperties": false, + "description": "map of response parameter lists", + "properties": { + "ResponseParameters": { + "$ref": "#/definitions/ResponseParameterList" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, "TlsConfig": { "additionalProperties": false, + "description": "The TlsConfig property specifies the TLS configuration for a private integration. Supported only for HTTP APIs.", "properties": { "ServerNameToVerify": { "type": "string" @@ -14,75 +68,157 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::ApiGatewayV2::Integration", + "description": "An example resource schema demonstrating some basic constructs and validation rules.", + "handlers": { + "create": { + "permissions": [ + "apigateway:POST" + ] + }, + "delete": { + "permissions": [ + "apigateway:GET", + "apigateway:DELETE" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ApiId": { + "$ref": "resource-schema.json#/properties/ApiId" + } + }, + "required": [ + "ApiId" + ] + }, + "permissions": [ + "apigateway:GET" + ] + }, + "read": { + "permissions": [ + "apigateway:GET" + ] + }, + "update": { + "permissions": [ + "apigateway:PATCH", + "apigateway:GET", + "apigateway:PUT" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/ApiId", + "/properties/IntegrationId" ], "properties": { "ApiId": { + "description": "The API identifier.", "type": "string" }, "ConnectionId": { + "description": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.", "type": "string" }, "ConnectionType": { + "description": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.", "type": "string" }, "ContentHandlingStrategy": { + "description": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT.", "type": "string" }, "CredentialsArn": { + "description": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, don't specify this parameter.", "type": "string" }, "Description": { + "description": "The description of the integration.", "type": "string" }, - "Id": { + "IntegrationId": { + "description": "The integration ID.", "type": "string" }, "IntegrationMethod": { + "description": "Specifies the integration's HTTP method type.", "type": "string" }, "IntegrationSubtype": { + "description": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke.", "type": "string" }, "IntegrationType": { + "description": "The integration type of an integration.", "type": "string" }, "IntegrationUri": { + "description": "For a Lambda integration, specify the URI of a Lambda function. For an HTTP integration, specify a fully-qualified URL. For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service.", "type": "string" }, "PassthroughBehavior": { + "description": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.", "type": "string" }, "PayloadFormatVersion": { + "description": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. For HTTP APIs, supported values for Lambda proxy integrations are 1.0 and 2.0 For all other integrations, 1.0 is the only supported value.", "type": "string" }, "RequestParameters": { + "additionalProperties": false, + "description": "A key-value map specifying parameters.", + "patternProperties": { + "[a-zA-Z0-9]+": { + "type": "string" + } + }, "type": "object" }, "RequestTemplates": { + "additionalProperties": false, + "description": "A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client.", + "patternProperties": { + "[a-zA-Z0-9]+": { + "type": "string" + } + }, "type": "object" }, "ResponseParameters": { + "additionalProperties": false, + "description": "Parameters that transform the HTTP response from a backend integration before returning the response to clients. Supported only for HTTP APIs.", + "patternProperties": { + "[a-zA-Z0-9]+": { + "$ref": "#/definitions/ResponseParameterMap" + } + }, "type": "object" }, "TemplateSelectionExpression": { + "description": "The template selection expression for the integration. Supported only for WebSocket APIs.", "type": "string" }, "TimeoutInMillis": { + "description": "Custom timeout between 50 and 29000 milliseconds for WebSocket APIs and between 50 and 30000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.", "type": "integer" }, "TlsConfig": { - "$ref": "#/definitions/TlsConfig" + "$ref": "#/definitions/TlsConfig", + "description": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs." } }, "readOnlyProperties": [ - "/properties/Id" + "/properties/IntegrationId" ], "required": [ "ApiId", "IntegrationType" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "taggable": false + }, "typeName": "AWS::ApiGatewayV2::Integration" } diff --git a/src/schema/aws-appconfig-application.json b/src/schema/aws-appconfig-application.json index 94b68313..e44aab55 100644 --- a/src/schema/aws-appconfig-application.json +++ b/src/schema/aws-appconfig-application.json @@ -9,7 +9,6 @@ "description": "The key-value string map. The valid character set is [a-zA-Z1-9 +-=._:/-]. The tag key can be up to 128 characters and must not start with aws:.", "maxLength": 128, "minLength": 1, - "pattern": "^(?!aws:.)[a-zA-Z1-9+=._:/-]*$", "type": "string" }, "Value": { @@ -96,6 +95,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-appconfig-configurationprofile.json b/src/schema/aws-appconfig-configurationprofile.json index a65a7bd3..7317e6a6 100644 --- a/src/schema/aws-appconfig-configurationprofile.json +++ b/src/schema/aws-appconfig-configurationprofile.json @@ -14,7 +14,6 @@ "description": "The key-value string map. The tag key can be up to 128 characters and must not start with aws:.", "maxLength": 128, "minLength": 1, - "pattern": "^(?!aws:.)[a-zA-Z0-9 +=._:/-]*$", "type": "string" }, "Value": { @@ -104,6 +103,15 @@ "description": "The configuration profile ID", "type": "string" }, + "DeletionProtectionCheck": { + "description": "On resource deletion this controls whether the Deletion Protection check should be applied, bypassed, or (the default) whether the behavior should be controlled by the account-level Deletion Protection setting. See https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html", + "enum": [ + "ACCOUNT_DEFAULT", + "APPLY", + "BYPASS" + ], + "type": "string" + }, "Description": { "description": "A description of the configuration profile.", "maxLength": 1024, @@ -178,10 +186,18 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::AppConfig::ConfigurationProfile" + "typeName": "AWS::AppConfig::ConfigurationProfile", + "writeOnlyProperties": [ + "/properties/DeletionProtectionCheck" + ] } diff --git a/src/schema/aws-appconfig-deployment.json b/src/schema/aws-appconfig-deployment.json index 8e7f2d13..a8c878d3 100644 --- a/src/schema/aws-appconfig-deployment.json +++ b/src/schema/aws-appconfig-deployment.json @@ -1,15 +1,15 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/KmsKeyIdentifier", - "/properties/DeploymentStrategyId", - "/properties/ConfigurationVersion", "/properties/ApplicationId", "/properties/ConfigurationProfileId", - "/properties/Tags", + "/properties/DeploymentStrategyId", "/properties/EnvironmentId", "/properties/Description", - "/properties/DynamicExtensionParameters" + "/properties/ConfigurationVersion", + "/properties/KmsKeyIdentifier", + "/properties/DynamicExtensionParameters", + "/properties/Tags" ], "definitions": { "DynamicExtensionParameters": { @@ -27,13 +27,16 @@ }, "type": "object" }, - "Tags": { + "Tag": { "additionalProperties": false, + "description": "Metadata to assign to the deployment. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.", "properties": { "Key": { + "description": "The key-value string map. The valid character set is [a-zA-Z1-9+-=._:/]. The tag key can be up to 128 characters and must not start with aws:.", "type": "string" }, "Value": { + "description": "The tag value can be up to 256 characters.", "type": "string" } }, @@ -41,23 +44,76 @@ } }, "description": "Resource Type definition for AWS::AppConfig::Deployment", + "handlers": { + "create": { + "permissions": [ + "appconfig:StartDeployment", + "appconfig:GetDeployment", + "appconfig:TagResource", + "appconfig:ListTagsForResource", + "kms:GenerateDataKey" + ], + "timeoutInMinutes": 1445 + }, + "delete": { + "permissions": [ + "appconfig:StopDeployment" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ApplicationId": { + "$ref": "resource-schema.json#/properties/ApplicationId" + }, + "EnvironmentId": { + "$ref": "resource-schema.json#/properties/EnvironmentId" + } + }, + "required": [ + "ApplicationId", + "EnvironmentId" + ] + }, + "permissions": [ + "appconfig:ListDeployments" + ] + }, + "read": { + "permissions": [ + "appconfig:GetDeployment", + "appconfig:ListTagsForResource" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/ApplicationId", + "/properties/EnvironmentId", + "/properties/DeploymentNumber" ], "properties": { "ApplicationId": { + "description": "The application ID.", "type": "string" }, "ConfigurationProfileId": { + "description": "The configuration profile ID.", "type": "string" }, "ConfigurationVersion": { + "description": "The configuration version to deploy. If deploying an AWS AppConfig hosted configuration version, you can specify either the version number or version label. For all other configurations, you must specify the version number.", + "type": "string" + }, + "DeploymentNumber": { + "description": "The sequence number of the deployment.", "type": "string" }, "DeploymentStrategyId": { + "description": "The deployment strategy ID.", "type": "string" }, "Description": { + "description": "A description of the deployment.", "type": "string" }, "DynamicExtensionParameters": { @@ -68,31 +124,49 @@ "uniqueItems": false }, "EnvironmentId": { - "type": "string" - }, - "Id": { + "description": "The environment ID.", "type": "string" }, "KmsKeyIdentifier": { + "description": "The AWS Key Management Service key identifier (key ID, key alias, or key ARN) provided when the resource was created or updated.", + "pattern": "^[\\da-f]{8}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:[a-z]{2}(-gov|-iso(b?))?-[a-z]+-\\d{1}:\\d{12}:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$", "type": "string" }, "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, "items": { - "$ref": "#/definitions/Tags" + "$ref": "#/definitions/Tag" }, "type": "array", - "uniqueItems": false + "uniqueItems": true } }, "readOnlyProperties": [ - "/properties/Id" + "/properties/DeploymentNumber" ], "required": [ - "DeploymentStrategyId", + "ApplicationId", "ConfigurationProfileId", + "DeploymentStrategyId", "EnvironmentId", - "ConfigurationVersion", - "ApplicationId" + "ConfigurationVersion" ], - "typeName": "AWS::AppConfig::Deployment" + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::AppConfig::Deployment", + "writeOnlyProperties": [ + "/properties/DynamicExtensionParameters" + ] } diff --git a/src/schema/aws-appconfig-deploymentstrategy.json b/src/schema/aws-appconfig-deploymentstrategy.json index 9dc2661b..bfdc966b 100644 --- a/src/schema/aws-appconfig-deploymentstrategy.json +++ b/src/schema/aws-appconfig-deploymentstrategy.json @@ -5,13 +5,16 @@ "/properties/ReplicateTo" ], "definitions": { - "Tags": { + "Tag": { "additionalProperties": false, + "description": "Metadata to assign to the deployment strategy. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" } }, @@ -19,50 +22,112 @@ } }, "description": "Resource Type definition for AWS::AppConfig::DeploymentStrategy", + "handlers": { + "create": { + "permissions": [ + "appconfig:CreateDeploymentStrategy", + "appconfig:TagResource" + ] + }, + "delete": { + "permissions": [ + "appconfig:DeleteDeploymentStrategy" + ] + }, + "list": { + "permissions": [ + "appconfig:ListDeploymentStrategies" + ] + }, + "read": { + "permissions": [ + "appconfig:GetDeploymentStrategy", + "appconfig:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "appconfig:UpdateDeploymentStrategy", + "appconfig:TagResource", + "appconfig:UntagResource" + ] + } + }, "primaryIdentifier": [ "/properties/Id" ], "properties": { "DeploymentDurationInMinutes": { + "description": "Total amount of time for a deployment to last.", "type": "number" }, "Description": { + "description": "A description of the deployment strategy.", "type": "string" }, "FinalBakeTimeInMinutes": { + "description": "Specifies the amount of time AWS AppConfig monitors for Amazon CloudWatch alarms after the configuration has been deployed to 100% of its targets, before considering the deployment to be complete. If an alarm is triggered during this time, AWS AppConfig rolls back the deployment. You must configure permissions for AWS AppConfig to roll back based on CloudWatch alarms. For more information, see Configuring permissions for rollback based on Amazon CloudWatch alarms in the AWS AppConfig User Guide.", "type": "number" }, "GrowthFactor": { + "description": "The percentage of targets to receive a deployed configuration during each interval.", "type": "number" }, "GrowthType": { + "description": "The algorithm used to define how percentage grows over time. AWS AppConfig supports the following growth types:\n\nLinear: For this type, AWS AppConfig processes the deployment by dividing the total number of targets by the value specified for Step percentage. For example, a linear deployment that uses a Step percentage of 10 deploys the configuration to 10 percent of the hosts. After those deployments are complete, the system deploys the configuration to the next 10 percent. This continues until 100% of the targets have successfully received the configuration.\n\nExponential: For this type, AWS AppConfig processes the deployment exponentially using the following formula: G*(2^N). In this formula, G is the growth factor specified by the user and N is the number of steps until the configuration is deployed to all targets. For example, if you specify a growth factor of 2, then the system rolls out the configuration as follows:\n\n2*(2^0)\n\n2*(2^1)\n\n2*(2^2)\n\nExpressed numerically, the deployment rolls out as follows: 2% of the targets, 4% of the targets, 8% of the targets, and continues until the configuration has been deployed to all targets.", + "enum": [ + "EXPONENTIAL", + "LINEAR" + ], "type": "string" }, "Id": { + "description": "The deployment strategy ID.", "type": "string" }, "Name": { + "description": "A name for the deployment strategy.", "type": "string" }, "ReplicateTo": { + "description": "Save the deployment strategy to a Systems Manager (SSM) document.", + "enum": [ + "NONE", + "SSM_DOCUMENT" + ], "type": "string" }, "Tags": { + "description": "Assigns metadata to an AWS AppConfig resource. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define. You can specify a maximum of 50 tags for a resource.", + "insertionOrder": false, "items": { - "$ref": "#/definitions/Tags" + "$ref": "#/definitions/Tag" }, "type": "array", - "uniqueItems": false + "uniqueItems": true } }, "readOnlyProperties": [ "/properties/Id" ], "required": [ - "ReplicateTo", "DeploymentDurationInMinutes", "GrowthFactor", - "Name" + "Name", + "ReplicateTo" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::AppConfig::DeploymentStrategy" } diff --git a/src/schema/aws-appconfig-environment.json b/src/schema/aws-appconfig-environment.json index 95aef1ab..273b0ce2 100644 --- a/src/schema/aws-appconfig-environment.json +++ b/src/schema/aws-appconfig-environment.json @@ -43,7 +43,6 @@ "description": "The key-value string map. The valid character set is [a-zA-Z1-9+-=._:/]. The tag key can be up to 128 characters and must not start with aws:.", "maxLength": 128, "minLength": 1, - "pattern": "^(?!aws:.)[a-zA-Z1-9+=._:/-]*$", "type": "string" }, "Value": { @@ -117,6 +116,15 @@ "pattern": "[a-z0-9]{4,7}", "type": "string" }, + "DeletionProtectionCheck": { + "description": "On resource deletion this controls whether the Deletion Protection check should be applied, bypassed, or (the default) whether the behavior should be controlled by the account-level Deletion Protection setting. See https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html", + "enum": [ + "ACCOUNT_DEFAULT", + "APPLY", + "BYPASS" + ], + "type": "string" + }, "Description": { "description": "A description of the environment.", "maxLength": 1024, @@ -164,10 +172,18 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appconfig.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::AppConfig::Environment" + "typeName": "AWS::AppConfig::Environment", + "writeOnlyProperties": [ + "/properties/DeletionProtectionCheck" + ] } diff --git a/src/schema/aws-appconfig-extension.json b/src/schema/aws-appconfig-extension.json index e668da3e..bb19114c 100644 --- a/src/schema/aws-appconfig-extension.json +++ b/src/schema/aws-appconfig-extension.json @@ -1,10 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Name", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/Name" ], "definitions": { "Action": { @@ -119,7 +116,8 @@ }, "read": { "permissions": [ - "appconfig:GetExtension" + "appconfig:GetExtension", + "appconfig:ListTagsForResource" ] }, "update": { @@ -176,7 +174,7 @@ "$ref": "#/definitions/Tag" }, "type": "array", - "uniqueItems": false + "uniqueItems": true }, "VersionNumber": { "type": "integer" @@ -194,6 +192,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -201,9 +204,6 @@ }, "typeName": "AWS::AppConfig::Extension", "writeOnlyProperties": [ - "/properties/LatestVersionNumber", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/LatestVersionNumber" ] } diff --git a/src/schema/aws-appconfig-extensionassociation.json b/src/schema/aws-appconfig-extensionassociation.json index 6833dfe8..de75794a 100644 --- a/src/schema/aws-appconfig-extensionassociation.json +++ b/src/schema/aws-appconfig-extensionassociation.json @@ -3,10 +3,7 @@ "createOnlyProperties": [ "/properties/ExtensionIdentifier", "/properties/ResourceIdentifier", - "/properties/ExtensionVersionNumber", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/ExtensionVersionNumber" ], "definitions": { "Tag": { @@ -54,7 +51,8 @@ }, "read": { "permissions": [ - "appconfig:GetExtensionAssociation" + "appconfig:GetExtensionAssociation", + "appconfig:ListTagsForResource" ] }, "update": { @@ -106,7 +104,7 @@ "$ref": "#/definitions/Tag" }, "type": "array", - "uniqueItems": false + "uniqueItems": true } }, "readOnlyProperties": [ @@ -118,6 +116,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "appconfig:TagResource", + "appconfig:UntagResource", + "appconfig:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -126,9 +129,6 @@ "typeName": "AWS::AppConfig::ExtensionAssociation", "writeOnlyProperties": [ "/properties/ExtensionIdentifier", - "/properties/ResourceIdentifier", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/ResourceIdentifier" ] } diff --git a/src/schema/aws-appflow-connector.json b/src/schema/aws-appflow-connector.json index 426abfab..4887b173 100644 --- a/src/schema/aws-appflow-connector.json +++ b/src/schema/aws-appflow-connector.json @@ -69,7 +69,7 @@ "ConnectorArn": { "description": " The arn of the connector. The arn is unique for each ConnectorRegistration in your AWS account.", "maxLength": 512, - "pattern": "arn:*:appflow:.*:[0-9]+:.*", + "pattern": "arn:.*:appflow:.*:[0-9]+:.*", "type": "string" }, "ConnectorLabel": { diff --git a/src/schema/aws-appflow-flow.json b/src/schema/aws-appflow-flow.json index 9f8ed447..ab03f3b1 100644 --- a/src/schema/aws-appflow-flow.json +++ b/src/schema/aws-appflow-flow.json @@ -1659,6 +1659,7 @@ }, "update": { "permissions": [ + "appflow:DescribeFlow", "appflow:UpdateFlow", "appflow:StartFlow", "appflow:StopFlow", @@ -1762,7 +1763,13 @@ "sourceUrl": "https://docs.aws.amazon.com/appflow/latest/userguide/what-is-appflow.html", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "appflow:TagResource", + "appflow:UntagResource", + "appflow:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": false, "taggable": true }, diff --git a/src/schema/aws-appintegrations-application.json b/src/schema/aws-appintegrations-application.json index add288aa..161a39cc 100644 --- a/src/schema/aws-appintegrations-application.json +++ b/src/schema/aws-appintegrations-application.json @@ -172,12 +172,17 @@ ], "required": [ "Name", + "Namespace", "Description", "ApplicationSourceConfig" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "app-integrations:TagResource", + "app-integrations:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-appintegrations-dataintegration.json b/src/schema/aws-appintegrations-dataintegration.json index 8e0bfd55..6677fdfd 100644 --- a/src/schema/aws-appintegrations-dataintegration.json +++ b/src/schema/aws-appintegrations-dataintegration.json @@ -273,6 +273,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "app-integrations:TagResource", + "app-integrations:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-appintegrations-eventintegration.json b/src/schema/aws-appintegrations-eventintegration.json index af31dad8..00afd9cf 100644 --- a/src/schema/aws-appintegrations-eventintegration.json +++ b/src/schema/aws-appintegrations-eventintegration.json @@ -13,7 +13,7 @@ "description": "The source of the events.", "maxLength": 256, "minLength": 1, - "pattern": "^aws\\.partner\\/.*$", + "pattern": "^aws\\.(partner\\/.*|cases)$", "type": "string" } }, @@ -159,6 +159,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "app-integrations:TagResource", + "app-integrations:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-applicationautoscaling-scalingpolicy.json b/src/schema/aws-applicationautoscaling-scalingpolicy.json index 68ceb40b..73a7113d 100644 --- a/src/schema/aws-applicationautoscaling-scalingpolicy.json +++ b/src/schema/aws-applicationautoscaling-scalingpolicy.json @@ -86,6 +86,275 @@ ], "type": "object" }, + "PredictiveScalingCustomizedCapacityMetric": { + "additionalProperties": false, + "description": "Represents a CloudWatch metric of your choosing for a predictive scaling policy.", + "properties": { + "MetricDataQueries": { + "description": "One or more metric data queries to provide data points for a metric specification.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PredictiveScalingMetricDataQuery" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "MetricDataQueries" + ], + "type": "object" + }, + "PredictiveScalingCustomizedLoadMetric": { + "additionalProperties": false, + "description": "The customized load metric specification.", + "properties": { + "MetricDataQueries": { + "description": "", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PredictiveScalingMetricDataQuery" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "MetricDataQueries" + ], + "type": "object" + }, + "PredictiveScalingCustomizedScalingMetric": { + "additionalProperties": false, + "description": "One or more metric data queries to provide data points for a metric specification.", + "properties": { + "MetricDataQueries": { + "description": "One or more metric data queries to provide data points for a metric specification.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PredictiveScalingMetricDataQuery" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "MetricDataQueries" + ], + "type": "object" + }, + "PredictiveScalingMetric": { + "additionalProperties": false, + "description": "Describes the scaling metric.", + "properties": { + "Dimensions": { + "description": "Describes the dimensions of the metric.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PredictiveScalingMetricDimension" + }, + "type": "array", + "uniqueItems": false + }, + "MetricName": { + "description": "The name of the metric.", + "type": "string" + }, + "Namespace": { + "description": "The namespace of the metric.", + "type": "string" + } + }, + "type": "object" + }, + "PredictiveScalingMetricDataQuery": { + "additionalProperties": false, + "description": "The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp.", + "properties": { + "Expression": { + "description": "The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the ``Id`` of the other metrics to refer to those metrics, and can also use the ``Id`` of other expressions to use the result of those expressions. \n Conditional: Within each ``MetricDataQuery`` object, you must specify either ``Expression`` or ``MetricStat``, but not both.", + "type": "string" + }, + "Id": { + "description": "A short name that identifies the object's results in the response. This name must be unique among all ``MetricDataQuery`` objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter.", + "type": "string" + }, + "Label": { + "description": "A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.", + "type": "string" + }, + "MetricStat": { + "$ref": "#/definitions/PredictiveScalingMetricStat", + "description": "Information about the metric data to return. \n Conditional: Within each ``MetricDataQuery`` object, you must specify either ``Expression`` or ``MetricStat``, but not both." + }, + "ReturnData": { + "description": "Indicates whether to return the timestamps and raw data values of this metric. \n If you use any math expressions, specify ``true`` for this value for only the final math expression that the metric specification is based on. You must specify ``false`` for ``ReturnData`` for all the other metrics and expressions used in the metric specification.\n If you are only retrieving metrics and not performing any math expressions, do not specify anything for ``ReturnData``. This sets it to its default (``true``).", + "type": "boolean" + } + }, + "type": "object" + }, + "PredictiveScalingMetricDimension": { + "additionalProperties": false, + "description": "Describes the dimension of a metric.", + "properties": { + "Name": { + "description": "The name of the dimension.", + "type": "string" + }, + "Value": { + "description": "The value of the dimension.", + "type": "string" + } + }, + "type": "object" + }, + "PredictiveScalingMetricSpecification": { + "additionalProperties": false, + "description": "This structure specifies the metrics and target utilization settings for a predictive scaling policy. \n You must specify either a metric pair, or a load metric and a scaling metric individually. Specifying a metric pair instead of individual metrics provides a simpler way to configure metrics for a scaling policy. You choose the metric pair, and the policy automatically knows the correct sum and average statistics to use for the load metric and the scaling metric.", + "properties": { + "CustomizedCapacityMetricSpecification": { + "$ref": "#/definitions/PredictiveScalingCustomizedCapacityMetric", + "description": "The customized capacity metric specification." + }, + "CustomizedLoadMetricSpecification": { + "$ref": "#/definitions/PredictiveScalingCustomizedLoadMetric", + "description": "The customized load metric specification." + }, + "CustomizedScalingMetricSpecification": { + "$ref": "#/definitions/PredictiveScalingCustomizedScalingMetric", + "description": "The customized scaling metric specification." + }, + "PredefinedLoadMetricSpecification": { + "$ref": "#/definitions/PredictiveScalingPredefinedLoadMetric", + "description": "The predefined load metric specification." + }, + "PredefinedMetricPairSpecification": { + "$ref": "#/definitions/PredictiveScalingPredefinedMetricPair", + "description": "The predefined metric pair specification that determines the appropriate scaling metric and load metric to use." + }, + "PredefinedScalingMetricSpecification": { + "$ref": "#/definitions/PredictiveScalingPredefinedScalingMetric", + "description": "The predefined scaling metric specification." + }, + "TargetValue": { + "description": "Specifies the target utilization.", + "type": "number" + } + }, + "required": [ + "TargetValue" + ], + "type": "object" + }, + "PredictiveScalingMetricStat": { + "additionalProperties": false, + "description": "This structure defines the CloudWatch metric to return, along with the statistic and unit.", + "properties": { + "Metric": { + "$ref": "#/definitions/PredictiveScalingMetric", + "description": "The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the [Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html) object that is returned by a call to [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html)." + }, + "Stat": { + "description": "The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the *Amazon CloudWatch User Guide*. \n The most commonly used metrics for predictive scaling are ``Average`` and ``Sum``.", + "type": "string" + }, + "Unit": { + "description": "The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the [MetricDatum](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html) data type in the *Amazon CloudWatch API Reference*.", + "type": "string" + } + }, + "type": "object" + }, + "PredictiveScalingPolicyConfiguration": { + "additionalProperties": false, + "description": "Represents a predictive scaling policy configuration.", + "properties": { + "MaxCapacityBreachBehavior": { + "description": "Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity. Defaults to ``HonorMaxCapacity`` if not specified.", + "type": "string" + }, + "MaxCapacityBuffer": { + "description": "The size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. The value is specified as a percentage relative to the forecast capacity. For example, if the buffer is 10, this means a 10 percent buffer, such that if the forecast capacity is 50, and the maximum capacity is 40, then the effective maximum capacity is 55. \n Required if the ``MaxCapacityBreachBehavior`` property is set to ``IncreaseMaxCapacity``, and cannot be used otherwise.", + "type": "integer" + }, + "MetricSpecifications": { + "description": "This structure includes the metrics and target utilization to use for predictive scaling. \n This is an array, but we currently only support a single metric specification. That is, you can specify a target value and a single metric pair, or a target value and one scaling metric and one load metric.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PredictiveScalingMetricSpecification" + }, + "type": "array", + "uniqueItems": true + }, + "Mode": { + "description": "The predictive scaling mode. Defaults to ``ForecastOnly`` if not specified.", + "type": "string" + }, + "SchedulingBufferTime": { + "description": "The amount of time, in seconds, that the start time can be advanced. \n The value must be less than the forecast interval duration of 3600 seconds (60 minutes). Defaults to 300 seconds if not specified.", + "type": "integer" + } + }, + "required": [ + "MetricSpecifications" + ], + "type": "object" + }, + "PredictiveScalingPredefinedLoadMetric": { + "additionalProperties": false, + "description": "Describes a load metric for a predictive scaling policy. \n When returned in the output of ``DescribePolicies``, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.", + "properties": { + "PredefinedMetricType": { + "description": "The metric type.", + "type": "string" + }, + "ResourceLabel": { + "description": "A label that uniquely identifies a target group.", + "type": "string" + } + }, + "required": [ + "PredefinedMetricType" + ], + "type": "object" + }, + "PredictiveScalingPredefinedMetricPair": { + "additionalProperties": false, + "description": "Represents a metric pair for a predictive scaling policy.", + "properties": { + "PredefinedMetricType": { + "description": "Indicates which metrics to use. There are two different types of metrics for each metric type: one is a load metric and one is a scaling metric.", + "type": "string" + }, + "ResourceLabel": { + "description": "A label that uniquely identifies a specific target group from which to determine the total and average request count.", + "type": "string" + } + }, + "required": [ + "PredefinedMetricType" + ], + "type": "object" + }, + "PredictiveScalingPredefinedScalingMetric": { + "additionalProperties": false, + "description": "Describes a scaling metric for a predictive scaling policy. \n When returned in the output of ``DescribePolicies``, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.", + "properties": { + "PredefinedMetricType": { + "description": "The metric type.", + "type": "string" + }, + "ResourceLabel": { + "description": "A label that uniquely identifies a specific target group from which to determine the average request count.", + "type": "string" + } + }, + "required": [ + "PredefinedMetricType" + ], + "type": "object" + }, "StepAdjustment": { "additionalProperties": false, "description": "``StepAdjustment`` specifies a step adjustment for the ``StepAdjustments`` property of the [AWS::ApplicationAutoScaling::ScalingPolicy StepScalingPolicyConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-stepscalingpolicyconfiguration.html) property type. \n For the following examples, suppose that you have an alarm with a breach threshold of 50: \n + To trigger a step adjustment when the metric is greater than or equal to 50 and less than 60, specify a lower bound of 0 and an upper bound of 10. \n + To trigger a step adjustment when the metric is greater than 40 and less than or equal to 50, specify a lower bound of -10 and an upper bound of 0. \n \n For more information, see [Step adjustments](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html#as-scaling-steps) in the *Application Auto Scaling User Guide*.\n You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-applicationautoscaling-scalingpolicy.html#aws-resource-applicationautoscaling-scalingpolicy--examples) section of the ``AWS::ApplicationAutoScaling::ScalingPolicy`` documentation.", @@ -265,7 +534,8 @@ "create": { "permissions": [ "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy" + "application-autoscaling:PutScalingPolicy", + "cloudwatch:GetMetricData" ] }, "delete": { @@ -298,7 +568,8 @@ "update": { "permissions": [ "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy" + "application-autoscaling:PutScalingPolicy", + "cloudwatch:GetMetricData" ] } }, @@ -319,6 +590,10 @@ "description": "The scaling policy type.\n The following policy types are supported: \n ``TargetTrackingScaling``\u2014Not supported for Amazon EMR\n ``StepScaling``\u2014Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.", "type": "string" }, + "PredictiveScalingPolicyConfiguration": { + "$ref": "#/definitions/PredictiveScalingPolicyConfiguration", + "description": "The predictive scaling policy configuration." + }, "ResourceId": { "description": "The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.\n + ECS service - The resource type is ``service`` and the unique identifier is the cluster name and service name. Example: ``service/my-cluster/my-service``.\n + Spot Fleet - The resource type is ``spot-fleet-request`` and the unique identifier is the Spot Fleet request ID. Example: ``spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE``.\n + EMR cluster - The resource type is ``instancegroup`` and the unique identifier is the cluster ID and instance group ID. Example: ``instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0``.\n + AppStream 2.0 fleet - The resource type is ``fleet`` and the unique identifier is the fleet name. Example: ``fleet/sample-fleet``.\n + DynamoDB table - The resource type is ``table`` and the unique identifier is the table name. Example: ``table/my-table``.\n + DynamoDB global secondary index - The resource type is ``index`` and the unique identifier is the index name. Example: ``table/my-table/index/my-table-index``.\n + Aurora DB cluster - The resource type is ``cluster`` and the unique identifier is the cluster name. Example: ``cluster:my-db-cluster``.\n + SageMaker endpoint variant - The resource type is ``variant`` and the unique identifier is the resource ID. Example: ``endpoint/my-end-point/variant/KMeansClustering``.\n + Custom resources are not supported with a resource type. This parameter must specify the ``OutputValue`` from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our [GitHub repository](https://docs.aws.amazon.com/https://github.com/aws/aws-auto-scaling-custom-resource).\n + Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: ``arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE``.\n + Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: ``arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE``.\n + Lambda provisioned concurrency - The resource type is ``function`` and the unique identifier is the function name with a function version or alias name suffix that is not ``$LATEST``. Example: ``function:my-function:prod`` or ``function:my-function:1``.\n + Amazon Keyspaces table - The resource type is ``table`` and the unique identifier is the table name. Example: ``keyspace/mykeyspace/table/mytable``.\n + Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: ``arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5``.\n + Amazon ElastiCache replication group - The resource type is ``replication-group`` and the unique identifier is the replication group name. Example: ``replication-group/mycluster``.\n + Neptune cluster - The resource type is ``cluster`` and the unique identifier is the cluster name. Example: ``cluster:mycluster``.\n + SageMaker serverless endpoint - The resource type is ``variant`` and the unique identifier is the resource ID. Example: ``endpoint/my-end-point/variant/KMeansClustering``.\n + SageMaker inference component - The resource type is ``inference-component`` and the unique identifier is the resource ID. Example: ``inference-component/my-inference-component``.\n + Pool of WorkSpaces - The resource type is ``workspacespool`` and the unique identifier is the pool ID. Example: ``workspacespool/wspool-123456``.", "type": "string" diff --git a/src/schema/aws-applicationinsights-application.json b/src/schema/aws-applicationinsights-application.json index 8de46451..a398f9d5 100644 --- a/src/schema/aws-applicationinsights-application.json +++ b/src/schema/aws-applicationinsights-application.json @@ -601,28 +601,93 @@ "handlers": { "create": { "permissions": [ - "*" + "applicationinsights:CreateApplication", + "applicationinsights:DescribeApplication", + "applicationinsights:CreateComponent", + "applicationinsights:DescribeComponent", + "applicationinsights:CreateLogPattern", + "applicationinsights:DescribeLogPattern", + "applicationinsights:DescribeComponentConfigurationRecommendation", + "applicationinsights:UpdateComponentConfiguration", + "applicationinsights:ListComponents", + "applicationinsights:TagResource", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "sqs:ListQueues", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "autoscaling:DescribeAutoScalingGroups", + "lambda:ListFunctions", + "dynamodb:ListTables", + "s3:ListAllMyBuckets", + "sns:ListTopics", + "states:ListStateMachines", + "apigateway:GET", + "ecs:ListClusters", + "ecs:DescribeTaskDefinition", + "ecs:ListServices", + "ecs:ListTasks", + "eks:ListClusters", + "eks:ListNodegroups", + "fsx:DescribeFileSystems", + "logs:DescribeLogGroups", + "elasticfilesystem:DescribeFileSystems" ], "timeoutInMinutes": 600 }, "delete": { "permissions": [ - "*" + "applicationinsights:DeleteApplication", + "applicationinsights:DescribeApplication" ] }, "list": { "permissions": [ - "*" + "applicationinsights:ListApplications", + "applicationinsights:DescribeApplication", + "applicationinsights:ListTagsForResource", + "applicationinsights:DescribeComponent", + "applicationinsights:ListComponents", + "applicationinsights:DescribeLogPattern", + "applicationinsights:ListLogPatterns", + "applicationinsights:ListLogPatternSets" ] }, "read": { "permissions": [ - "*" + "applicationinsights:DescribeApplication", + "applicationinsights:ListTagsForResource", + "applicationinsights:DescribeComponent", + "applicationinsights:ListComponents", + "applicationinsights:DescribeLogPattern", + "applicationinsights:ListLogPatterns", + "applicationinsights:ListLogPatternSets" ] }, "update": { "permissions": [ - "*" + "applicationinsights:CreateApplication", + "applicationinsights:DescribeApplication", + "applicationinsights:UpdateApplication", + "applicationinsights:TagResource", + "applicationinsights:UntagResource", + "applicationinsights:ListTagsForResource", + "applicationinsights:CreateComponent", + "applicationinsights:DescribeComponent", + "applicationinsights:DeleteComponent", + "applicationinsights:ListComponents", + "applicationinsights:CreateLogPattern", + "applicationinsights:DeleteLogPattern", + "applicationinsights:DescribeLogPattern", + "applicationinsights:ListLogPatterns", + "applicationinsights:ListLogPatternSets", + "applicationinsights:UpdateLogPattern", + "applicationinsights:DescribeComponentConfiguration", + "applicationinsights:DescribeComponentConfigurationRecommendation", + "applicationinsights:UpdateComponentConfiguration" ], "timeoutInMinutes": 600 } @@ -699,6 +764,13 @@ "pattern": "[a-zA-Z0-9.-_]*", "type": "string" }, + "SNSNotificationArn": { + "description": "Application Insights sends notifications to this SNS topic whenever there is a problem update in the associated application.", + "maxLength": 300, + "minLength": 20, + "pattern": "^arn:aws(-[\\w]+)*:[\\w\\d-]+:([\\w\\d-]*)?:[\\w\\d_-]*([:/].+)*$", + "type": "string" + }, "Tags": { "description": "The tags of Application Insights application.", "insertionOrder": true, @@ -716,7 +788,18 @@ "ResourceGroupName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-applicationinsights.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "applicationinsights:ListTagsForResource", + "applicationinsights:TagResource", + "applicationinsights:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::ApplicationInsights::Application", "writeOnlyProperties": [ "/properties/ComponentMonitoringSettings", @@ -724,6 +807,7 @@ "/properties/CustomComponents", "/properties/GroupingType", "/properties/OpsItemSNSTopicArn", + "/properties/SNSNotificationArn", "/properties/AttachMissingPermission" ] } diff --git a/src/schema/aws-applicationsignals-discovery.json b/src/schema/aws-applicationsignals-discovery.json new file mode 100644 index 00000000..8691b275 --- /dev/null +++ b/src/schema/aws-applicationsignals-discovery.json @@ -0,0 +1,59 @@ +{ + "additionalProperties": false, + "definitions": { + "AccountId": { + "description": "The identifier for the specified AWS account.", + "maxLength": 12, + "minLength": 12, + "pattern": "^[0-9]{12}$", + "type": "string" + } + }, + "description": "Resource Type definition for AWS::ApplicationSignals::Discovery", + "handlers": { + "create": { + "permissions": [ + "application-signals:StartDiscovery", + "application-signals:ListServices", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "application-signals:ListServices" + ] + }, + "list": { + "permissions": [ + "application-signals:ListServices" + ] + }, + "read": { + "permissions": [ + "application-signals:ListServices" + ] + }, + "update": { + "permissions": [ + "application-signals:ListServices" + ] + } + }, + "primaryIdentifier": [ + "/properties/AccountId" + ], + "properties": { + "AccountId": { + "$ref": "#/definitions/AccountId" + } + }, + "readOnlyProperties": [ + "/properties/AccountId" + ], + "required": [], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-applicationsignals", + "tagging": { + "taggable": false + }, + "typeName": "AWS::ApplicationSignals::Discovery" +} diff --git a/src/schema/aws-applicationsignals-servicelevelobjective.json b/src/schema/aws-applicationsignals-servicelevelobjective.json index a7f44cf5..f7aeb714 100644 --- a/src/schema/aws-applicationsignals-servicelevelobjective.json +++ b/src/schema/aws-applicationsignals-servicelevelobjective.json @@ -4,6 +4,33 @@ "/properties/Name" ], "definitions": { + "BurnRateConfiguration": { + "additionalProperties": false, + "description": "This object defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly.\nFor example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following:\nburn rate = error rate over the look-back window / (1 - attainment goal percentage)", + "properties": { + "LookBackWindowMinutes": { + "description": "The number of minutes to use as the look-back window.", + "maximum": 10080, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "LookBackWindowMinutes" + ], + "type": "object" + }, + "BurnRateConfigurations": { + "description": "Each object in this array defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/BurnRateConfiguration" + }, + "maxItems": 10, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, "CalendarInterval": { "additionalProperties": false, "description": "If the interval for this service level objective is a calendar interval, this structure contains the interval specifications.", @@ -27,6 +54,35 @@ ], "type": "object" }, + "DependencyConfig": { + "additionalProperties": false, + "description": "Configuration for identifying a dependency and its operation", + "properties": { + "DependencyKeyAttributes": { + "$ref": "#/definitions/DependencyKeyAttributes" + }, + "DependencyOperationName": { + "description": "When the SLO monitors a specific operation of the dependency, this field specifies the name of that operation in the dependency.", + "maxLength": 255, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "DependencyKeyAttributes", + "DependencyOperationName" + ], + "type": "object" + }, + "DependencyKeyAttributes": { + "additionalProperties": false, + "description": "If this SLO is related to a metric collected by Application Signals, you must use this field to specify which dependency the SLO metric is related to.", + "patternProperties": { + "^.+$": { + "type": "string" + } + } + }, "Dimension": { "additionalProperties": false, "description": "A dimension is a name/value pair that is part of the identity of a metric. Because dimensions are part of the unique identifier for a metric, whenever you add a unique name/value pair to one of your metrics, you are creating a new variation of that metric. For example, many Amazon EC2 metrics publish `InstanceId` as a dimension name, and the actual instance ID as the value for that dimension. You can assign up to 30 dimensions to a metric.", @@ -47,18 +103,58 @@ "type": "object" }, "Duration": { - "description": "Specifies the duration of each calendar interval. For example, if `Duration` is 1 and `DurationUnit` is `MONTH`, each interval is one month, aligned with the calendar.", + "description": "Specifies the duration of each interval. For example, if `Duration` is 1 and `DurationUnit` is `MONTH`, each interval is one month, aligned with the calendar.", "minimum": 1, "type": "integer" }, "DurationUnit": { - "description": "Specifies the calendar interval unit.", + "description": "Specifies the interval unit.", "enum": [ + "MINUTE", + "HOUR", "DAY", "MONTH" ], "type": "string" }, + "ExclusionWindow": { + "additionalProperties": false, + "description": "This object defines a time exclusion window for this SLO. The time exclusion window is used to exclude breaching data points from affecting attainment rate, error budget, and burn rate metrics.", + "properties": { + "Reason": { + "default": "No reason", + "description": "An optional reason for scheduling this time exclusion window. Default is 'No reason'.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "RecurrenceRule": { + "$ref": "#/definitions/RecurrenceRule" + }, + "StartTime": { + "description": "The time you want the exclusion window to start at. Note that time exclusion windows can only be scheduled in the future, not the past.", + "type": "string" + }, + "Window": { + "$ref": "#/definitions/Window" + } + }, + "required": [ + "Window" + ], + "type": "object" + }, + "ExclusionWindows": { + "description": "Each object in this array defines a time exclusion window for this SLO. The time exclusion window is used to exclude breaching data points from affecting attainment rate, error budget, and burn rate metrics.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ExclusionWindow" + }, + "maxItems": 10, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, "Goal": { "additionalProperties": false, "description": "A structure that contains the attributes that determine the goal of the SLO. This includes the time period for evaluation and the attainment threshold.", @@ -189,6 +285,98 @@ ], "type": "object" }, + "MonitoredRequestCountMetric": { + "additionalProperties": false, + "description": "This structure defines the metric that is used as the \"good request\" or \"bad request\" value for a request-based SLO. This value observed for the metric defined in `TotalRequestCountMetric` is divided by the number found for `MonitoredRequestCountMetric` to determine the percentage of successful requests that this SLO tracks.", + "properties": { + "BadCountMetric": { + "$ref": "#/definitions/MetricDataQueries", + "description": "If you want to count \"bad requests\" to determine the percentage of successful requests for this request-based SLO, specify the metric to use as \"bad requests\" in this structure." + }, + "GoodCountMetric": { + "$ref": "#/definitions/MetricDataQueries", + "description": "If you want to count \"good requests\" to determine the percentage of successful requests for this request-based SLO, specify the metric to use as \"good requests\" in this structure." + } + }, + "type": "object" + }, + "RecurrenceRule": { + "additionalProperties": false, + "description": "This object defines how often to repeat a time exclusion window.", + "properties": { + "Expression": { + "description": "A cron or rate expression denoting how often to repeat this exclusion window.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Expression" + ], + "type": "object" + }, + "RequestBasedSli": { + "additionalProperties": false, + "description": "This structure contains information about the performance metric that a request-based SLO monitors.", + "properties": { + "ComparisonOperator": { + "description": "The arithmetic operation used when comparing the specified metric to the threshold.", + "enum": [ + "GreaterThanOrEqualTo", + "LessThanOrEqualTo", + "LessThan", + "GreaterThan" + ], + "type": "string" + }, + "MetricThreshold": { + "description": "The value that the SLI metric is compared to.", + "type": "number" + }, + "RequestBasedSliMetric": { + "$ref": "#/definitions/RequestBasedSliMetric" + } + }, + "required": [ + "RequestBasedSliMetric" + ], + "type": "object" + }, + "RequestBasedSliMetric": { + "additionalProperties": false, + "description": "This structure contains the information about the metric that is used for a request-based SLO.", + "properties": { + "DependencyConfig": { + "$ref": "#/definitions/DependencyConfig" + }, + "KeyAttributes": { + "$ref": "#/definitions/KeyAttributes" + }, + "MetricType": { + "description": "If the SLO monitors either the LATENCY or AVAILABILITY metric that Application Signals collects, this field displays which of those metrics is used.", + "enum": [ + "LATENCY", + "AVAILABILITY" + ], + "type": "string" + }, + "MonitoredRequestCountMetric": { + "$ref": "#/definitions/MonitoredRequestCountMetric" + }, + "OperationName": { + "description": "If the SLO monitors a specific operation of the service, this field displays that operation name.", + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "TotalRequestCountMetric": { + "$ref": "#/definitions/MetricDataQueries", + "description": "This structure defines the metric that is used as the \"total requests\" number for a request-based SLO. The number observed for this metric is divided by the number of \"good requests\" or \"bad requests\" that is observed for the metric defined in `MonitoredRequestCountMetric`." + } + }, + "type": "object" + }, "RollingInterval": { "additionalProperties": false, "description": "If the interval is a calendar interval, this structure contains the interval specifications.", @@ -239,6 +427,9 @@ "additionalProperties": false, "description": "A structure that contains information about the metric that the SLO monitors.", "properties": { + "DependencyConfig": { + "$ref": "#/definitions/DependencyConfig" + }, "KeyAttributes": { "$ref": "#/definitions/KeyAttributes" }, @@ -307,6 +498,23 @@ "minItems": 1, "type": "array", "uniqueItems": true + }, + "Window": { + "additionalProperties": false, + "description": "This object defines the length of time an exclusion window should span.", + "properties": { + "Duration": { + "$ref": "#/definitions/Duration" + }, + "DurationUnit": { + "$ref": "#/definitions/DurationUnit" + } + }, + "required": [ + "DurationUnit", + "Duration" + ], + "type": "object" } }, "description": "Resource Type definition for AWS::ApplicationSignals::ServiceLevelObjective", @@ -319,7 +527,9 @@ "application-signals:GetServiceLevelObjective", "application-signals:ListTagsForResource", "iam:GetRole", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "application-signals:ListServiceLevelObjectiveExclusionWindows", + "application-signals:BatchUpdateExclusionWindows" ] }, "delete": { @@ -332,13 +542,15 @@ "list": { "permissions": [ "application-signals:ListServiceLevelObjectives", - "application-signals:ListTagsForResource" + "application-signals:ListTagsForResource", + "application-signals:ListServiceLevelObjectiveExclusionWindows" ] }, "read": { "permissions": [ "application-signals:GetServiceLevelObjective", - "application-signals:ListTagsForResource" + "application-signals:ListTagsForResource", + "application-signals:ListServiceLevelObjectiveExclusionWindows" ] }, "update": { @@ -348,7 +560,9 @@ "application-signals:TagResource", "application-signals:UntagResource", "application-signals:GetServiceLevelObjective", - "application-signals:ListTagsForResource" + "application-signals:ListTagsForResource", + "application-signals:ListServiceLevelObjectiveExclusionWindows", + "application-signals:BatchUpdateExclusionWindows" ] } }, @@ -361,6 +575,9 @@ "pattern": "^arn:[^:]*:application-signals:[^:]*:[^:]*:slo\\/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$", "type": "string" }, + "BurnRateConfigurations": { + "$ref": "#/definitions/BurnRateConfigurations" + }, "CreatedTime": { "description": "Epoch time in seconds of the time that this SLO was created", "minimum": 946684800, @@ -373,6 +590,17 @@ "minLength": 1, "type": "string" }, + "EvaluationType": { + "description": "Displays whether this is a period-based SLO or a request-based SLO.", + "enum": [ + "PeriodBased", + "RequestBased" + ], + "type": "string" + }, + "ExclusionWindows": { + "$ref": "#/definitions/ExclusionWindows" + }, "Goal": { "$ref": "#/definitions/Goal" }, @@ -386,6 +614,9 @@ "pattern": "^[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$", "type": "string" }, + "RequestBasedSli": { + "$ref": "#/definitions/RequestBasedSli" + }, "Sli": { "$ref": "#/definitions/Sli" }, @@ -396,15 +627,20 @@ "readOnlyProperties": [ "/properties/Arn", "/properties/CreatedTime", - "/properties/LastUpdatedTime" + "/properties/LastUpdatedTime", + "/properties/EvaluationType" ], "required": [ - "Name", - "Sli" + "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-applicationsignals", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "application-signals:ListTagsForResource", + "application-signals:TagResource", + "application-signals:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-appsync-api.json b/src/schema/aws-appsync-api.json new file mode 100644 index 00000000..d9d352a4 --- /dev/null +++ b/src/schema/aws-appsync-api.json @@ -0,0 +1,332 @@ +{ + "additionalProperties": false, + "definitions": { + "ApiName": { + "description": "The name of the AppSync API.", + "maxLength": 50, + "minLength": 1, + "pattern": "[A-Za-z0-9_\\-\\ ]+", + "type": "string" + }, + "AuthMode": { + "additionalProperties": false, + "description": "An auth mode.", + "properties": { + "AuthType": { + "$ref": "#/definitions/AuthenticationType" + } + }, + "type": "object" + }, + "AuthModes": { + "description": "A list of auth modes for the AppSync API.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AuthMode" + }, + "type": "array" + }, + "AuthProvider": { + "additionalProperties": false, + "description": "An auth provider for the AppSync API.", + "properties": { + "AuthType": { + "$ref": "#/definitions/AuthenticationType" + }, + "CognitoConfig": { + "$ref": "#/definitions/CognitoConfig" + }, + "LambdaAuthorizerConfig": { + "$ref": "#/definitions/LambdaAuthorizerConfig" + }, + "OpenIDConnectConfig": { + "$ref": "#/definitions/OpenIDConnectConfig" + } + }, + "required": [ + "AuthType" + ], + "type": "object" + }, + "AuthProviders": { + "description": "A list of auth providers for the AppSync API.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AuthProvider" + }, + "type": "array" + }, + "AuthenticationType": { + "description": "Security configuration for your AppSync API.", + "enum": [ + "AMAZON_COGNITO_USER_POOLS", + "AWS_IAM", + "API_KEY", + "OPENID_CONNECT", + "AWS_LAMBDA" + ], + "type": "string" + }, + "CognitoConfig": { + "additionalProperties": false, + "description": "Optional authorization configuration for using Amazon Cognito user pools with your API endpoint.", + "properties": { + "AppIdClientRegex": { + "type": "string" + }, + "AwsRegion": { + "type": "string" + }, + "UserPoolId": { + "type": "string" + } + }, + "required": [ + "UserPoolId", + "AwsRegion" + ], + "type": "object" + }, + "DnsMap": { + "additionalProperties": false, + "description": "A map of DNS names for the AppSync API.", + "properties": { + "Http": { + "type": "string" + }, + "Realtime": { + "type": "string" + } + }, + "type": "object" + }, + "EventConfig": { + "additionalProperties": false, + "description": "The configuration for an Event Api", + "properties": { + "AuthProviders": { + "$ref": "#/definitions/AuthProviders" + }, + "ConnectionAuthModes": { + "$ref": "#/definitions/AuthModes" + }, + "DefaultPublishAuthModes": { + "$ref": "#/definitions/AuthModes" + }, + "DefaultSubscribeAuthModes": { + "$ref": "#/definitions/AuthModes" + }, + "LogConfig": { + "$ref": "#/definitions/EventLogConfig" + } + }, + "required": [ + "AuthProviders", + "ConnectionAuthModes", + "DefaultPublishAuthModes", + "DefaultSubscribeAuthModes" + ], + "type": "object" + }, + "EventLogConfig": { + "additionalProperties": false, + "description": "The log config for the AppSync API.", + "properties": { + "CloudWatchLogsRoleArn": { + "type": "string" + }, + "LogLevel": { + "$ref": "#/definitions/EventLogLevel" + } + }, + "required": [ + "LogLevel", + "CloudWatchLogsRoleArn" + ], + "type": "object" + }, + "EventLogLevel": { + "description": "Logging level for the AppSync API.", + "enum": [ + "NONE", + "ERROR", + "ALL", + "INFO", + "DEBUG" + ], + "type": "string" + }, + "LambdaAuthorizerConfig": { + "additionalProperties": false, + "description": "A LambdaAuthorizerConfig holds configuration on how to authorize AWS AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an AWS AppSync API may have only one Lambda authorizer configured at a time.", + "properties": { + "AuthorizerResultTtlInSeconds": { + "maximum": 3600, + "minimum": 0, + "type": "integer" + }, + "AuthorizerUri": { + "type": "string" + }, + "IdentityValidationExpression": { + "type": "string" + } + }, + "required": [ + "AuthorizerUri" + ], + "type": "object" + }, + "OpenIDConnectConfig": { + "additionalProperties": false, + "description": "The OpenID Connect configuration.", + "properties": { + "AuthTTL": { + "type": "number" + }, + "ClientId": { + "type": "string" + }, + "IatTTL": { + "type": "number" + }, + "Issuer": { + "type": "string" + } + }, + "required": [ + "Issuer" + ], + "type": "object" + }, + "OwnerContact": { + "description": "The owner contact information for an API resource.", + "maxLength": 250, + "minLength": 1, + "pattern": "[A-Za-z0-9_\\-\\ \\.]+", + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "An arbitrary set of tags (key-value pairs) for this AppSync API.", + "properties": { + "Key": { + "description": "A string used to identify this tag. You can specify a maximum of 128 characters for a tag key.", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)[ a-zA-Z+-=._:/]+$", + "type": "string" + }, + "Value": { + "description": "A string containing the value for this tag. You can specify a maximum of 256 characters for a tag value.", + "maxLength": 256, + "minLength": 0, + "pattern": "^[\\s\\w+-=\\.:/@]*$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Tags": { + "description": "An arbitrary set of tags (key-value pairs) for this AppSync API.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "description": "Resource schema for AppSync Api", + "handlers": { + "create": { + "permissions": [ + "appsync:CreateApi", + "appsync:TagResource", + "appsync:GetApi", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "appsync:DeleteApi", + "appsync:UntagResource" + ] + }, + "list": { + "permissions": [ + "appsync:ListApis" + ] + }, + "read": { + "permissions": [ + "appsync:GetApi", + "appsync:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "appsync:UpdateApi", + "appsync:TagResource", + "appsync:UntagResource", + "appsync:GetApi", + "iam:PassRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/ApiArn" + ], + "properties": { + "ApiArn": { + "description": "The Amazon Resource Name (ARN) of the AppSync Api", + "type": "string" + }, + "ApiId": { + "description": "The unique identifier for the AppSync Api generated by the service", + "type": "string" + }, + "Dns": { + "$ref": "#/definitions/DnsMap" + }, + "EventConfig": { + "$ref": "#/definitions/EventConfig" + }, + "Name": { + "$ref": "#/definitions/ApiName" + }, + "OwnerContact": { + "$ref": "#/definitions/OwnerContact" + }, + "Tags": { + "$ref": "#/definitions/Tags" + } + }, + "readOnlyProperties": [ + "/properties/ApiId", + "/properties/Dns", + "/properties/Dns/Realtime", + "/properties/Dns/Http", + "/properties/ApiArn" + ], + "required": [ + "Name" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "appsync:TagResource", + "appsync:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::AppSync::Api" +} diff --git a/src/schema/aws-appsync-channelnamespace.json b/src/schema/aws-appsync-channelnamespace.json new file mode 100644 index 00000000..c51009d3 --- /dev/null +++ b/src/schema/aws-appsync-channelnamespace.json @@ -0,0 +1,269 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ApiId", + "/properties/Name" + ], + "definitions": { + "AuthMode": { + "additionalProperties": false, + "description": "An auth mode.", + "properties": { + "AuthType": { + "$ref": "#/definitions/AuthenticationType" + } + }, + "type": "object" + }, + "AuthModes": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AuthMode" + }, + "type": "array" + }, + "AuthenticationType": { + "description": "Security configuration for your AppSync API.", + "enum": [ + "AMAZON_COGNITO_USER_POOLS", + "AWS_IAM", + "API_KEY", + "OPENID_CONNECT", + "AWS_LAMBDA" + ], + "type": "string" + }, + "ChannelNamespaceArn": { + "description": "The Amazon Resource Name (ARN) for the Channel Namespace.", + "type": "string" + }, + "Code": { + "description": "String of APPSYNC_JS code to be used by the handlers.", + "maxLength": 32768, + "minLength": 1, + "type": "string" + }, + "HandlerBehavior": { + "description": "Integration behavior for a handler configuration.", + "enum": [ + "CODE", + "DIRECT" + ], + "type": "string" + }, + "HandlerConfig": { + "additionalProperties": false, + "properties": { + "Behavior": { + "$ref": "#/definitions/HandlerBehavior" + }, + "Integration": { + "$ref": "#/definitions/Integration" + } + }, + "required": [ + "Behavior", + "Integration" + ], + "type": "object" + }, + "HandlerConfigs": { + "additionalProperties": false, + "properties": { + "OnPublish": { + "$ref": "#/definitions/HandlerConfig" + }, + "OnSubscribe": { + "$ref": "#/definitions/HandlerConfig" + } + }, + "type": "object" + }, + "Integration": { + "additionalProperties": false, + "properties": { + "DataSourceName": { + "description": "Data source to invoke for this integration.", + "maxLength": 512, + "minLength": 1, + "pattern": "([_A-Za-z][_0-9A-Za-z]{0,511})?", + "type": "string" + }, + "LambdaConfig": { + "$ref": "#/definitions/LambdaConfig" + } + }, + "required": [ + "DataSourceName" + ], + "type": "object" + }, + "InvokeType": { + "description": "Invocation type for direct lambda integrations.", + "enum": [ + "REQUEST_RESPONSE", + "EVENT" + ], + "type": "string" + }, + "LambdaConfig": { + "additionalProperties": false, + "properties": { + "InvokeType": { + "$ref": "#/definitions/InvokeType" + } + }, + "required": [ + "InvokeType" + ], + "type": "object" + }, + "Namespace": { + "description": "Namespace indentifier.", + "maxLength": 50, + "minLength": 1, + "pattern": "([A-Za-z0-9](?:[A-Za-z0-9\\-]{0,48}[A-Za-z0-9])?)", + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "An arbitrary set of tags (key-value pairs) for this AppSync API.", + "properties": { + "Key": { + "description": "A string used to identify this tag. You can specify a maximum of 128 characters for a tag key.", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)[ a-zA-Z+-=._:/]+$", + "type": "string" + }, + "Value": { + "description": "A string containing the value for this tag. You can specify a maximum of 256 characters for a tag value.", + "maxLength": 256, + "minLength": 0, + "pattern": "^[\\s\\w+-=\\.:/@]*$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Tags": { + "description": "An arbitrary set of tags (key-value pairs) for this AppSync API.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "description": "Resource schema for AppSync ChannelNamespace", + "handlers": { + "create": { + "permissions": [ + "appsync:CreateChannelNamespace", + "appsync:TagResource", + "appsync:GetChannelNamespace", + "s3:GetObject" + ] + }, + "delete": { + "permissions": [ + "appsync:DeleteChannelNamespace", + "appsync:UntagResource" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ApiId": { + "$ref": "resource-schema.json#/properties/ApiId" + } + }, + "required": [ + "ApiId" + ] + }, + "permissions": [ + "appsync:ListChannelNamespaces" + ] + }, + "read": { + "permissions": [ + "appsync:GetChannelNamespace", + "appsync:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "appsync:UpdateChannelNamespace", + "appsync:TagResource", + "appsync:UntagResource", + "appsync:GetChannelNamespace", + "s3:GetObject" + ] + } + }, + "primaryIdentifier": [ + "/properties/ChannelNamespaceArn" + ], + "properties": { + "ApiId": { + "description": "AppSync Api Id that this Channel Namespace belongs to.", + "type": "string" + }, + "ChannelNamespaceArn": { + "$ref": "#/definitions/ChannelNamespaceArn" + }, + "CodeHandlers": { + "$ref": "#/definitions/Code" + }, + "CodeS3Location": { + "description": "The Amazon S3 endpoint where the code is located.", + "type": "string" + }, + "HandlerConfigs": { + "$ref": "#/definitions/HandlerConfigs" + }, + "Name": { + "$ref": "#/definitions/Namespace" + }, + "PublishAuthModes": { + "$ref": "#/definitions/AuthModes", + "description": "List of AuthModes supported for Publish operations." + }, + "SubscribeAuthModes": { + "$ref": "#/definitions/AuthModes", + "description": "List of AuthModes supported for Subscribe operations." + }, + "Tags": { + "$ref": "#/definitions/Tags" + } + }, + "readOnlyProperties": [ + "/properties/ChannelNamespaceArn" + ], + "required": [ + "ApiId", + "Name" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "appsync:TagResource", + "appsync:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::AppSync::ChannelNamespace", + "writeOnlyProperties": [ + "/properties/CodeS3Location" + ] +} diff --git a/src/schema/aws-appsync-datasource.json b/src/schema/aws-appsync-datasource.json index f6a87a78..dff9f6ad 100644 --- a/src/schema/aws-appsync-datasource.json +++ b/src/schema/aws-appsync-datasource.json @@ -9,10 +9,12 @@ "additionalProperties": false, "properties": { "AuthorizationType": { + "description": "The authorization type that the HTTP endpoint requires.", "type": "string" }, "AwsIamConfig": { - "$ref": "#/definitions/AwsIamConfig" + "$ref": "#/definitions/AwsIamConfig", + "description": "The AWS Identity and Access Management settings." } }, "required": [ @@ -24,9 +26,11 @@ "additionalProperties": false, "properties": { "SigningRegion": { + "description": "The signing Region for AWS Identity and Access Management authorization.", "type": "string" }, "SigningServiceName": { + "description": "The signing service name for AWS Identity and Access Management authorization.", "type": "string" } }, @@ -36,12 +40,15 @@ "additionalProperties": false, "properties": { "BaseTableTTL": { + "description": "The number of minutes that an Item is stored in the data source.", "type": "string" }, "DeltaSyncTableName": { + "description": "The Delta Sync table name.", "type": "string" }, "DeltaSyncTableTTL": { + "description": "The number of minutes that a Delta Sync log entry is stored in the Delta Sync table.", "type": "string" } }, @@ -56,18 +63,23 @@ "additionalProperties": false, "properties": { "AwsRegion": { + "description": "The AWS Region.", "type": "string" }, "DeltaSyncConfig": { - "$ref": "#/definitions/DeltaSyncConfig" + "$ref": "#/definitions/DeltaSyncConfig", + "description": "The DeltaSyncConfig for a versioned datasource." }, "TableName": { + "description": "The table name.", "type": "string" }, "UseCallerCredentials": { + "description": "Set to TRUE to use AWS Identity and Access Management with this data source.", "type": "boolean" }, "Versioned": { + "description": "Set to TRUE to use Conflict Detection and Resolution with this data source.", "type": "boolean" } }, @@ -81,9 +93,11 @@ "additionalProperties": false, "properties": { "AwsRegion": { + "description": "The AWS Region.", "type": "string" }, "Endpoint": { + "description": "The endpoint.", "type": "string" } }, @@ -97,6 +111,7 @@ "additionalProperties": false, "properties": { "EventBusArn": { + "description": "ARN for the EventBridge bus.", "type": "string" } }, @@ -109,9 +124,11 @@ "additionalProperties": false, "properties": { "AuthorizationConfig": { - "$ref": "#/definitions/AuthorizationConfig" + "$ref": "#/definitions/AuthorizationConfig", + "description": "The authorization configuration." }, "Endpoint": { + "description": "The endpoint.", "type": "string" } }, @@ -124,6 +141,7 @@ "additionalProperties": false, "properties": { "LambdaFunctionArn": { + "description": "The ARN for the Lambda function.", "type": "string" } }, @@ -136,9 +154,11 @@ "additionalProperties": false, "properties": { "AwsRegion": { + "description": "The AWS Region.", "type": "string" }, "Endpoint": { + "description": "The endpoint.", "type": "string" } }, @@ -152,18 +172,23 @@ "additionalProperties": false, "properties": { "AwsRegion": { + "description": "AWS Region for RDS HTTP endpoint.", "type": "string" }, "AwsSecretStoreArn": { + "description": "The ARN for database credentials stored in AWS Secrets Manager.", "type": "string" }, "DatabaseName": { + "description": "Logical database name.", "type": "string" }, "DbClusterIdentifier": { + "description": "Amazon RDS cluster Amazon Resource Name (ARN).", "type": "string" }, "Schema": { + "description": "Logical schema name.", "type": "string" } }, @@ -178,9 +203,11 @@ "additionalProperties": false, "properties": { "RdsHttpEndpointConfig": { - "$ref": "#/definitions/RdsHttpEndpointConfig" + "$ref": "#/definitions/RdsHttpEndpointConfig", + "description": "Information about the Amazon RDS resource." }, "RelationalDatabaseSourceType": { + "description": "The type of relational data source.", "type": "string" } }, @@ -190,59 +217,117 @@ "type": "object" } }, + "deprecatedProperties": [ + "/properties/ElasticsearchConfig" + ], "description": "Resource Type definition for AWS::AppSync::DataSource", + "handlers": { + "create": { + "permissions": [ + "appsync:CreateDataSource", + "appsync:GetDataSource", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "appsync:DeleteDataSource", + "appsync:GetDataSource" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ApiId": { + "$ref": "resource-schema.json#/properties/ApiId" + } + }, + "required": [ + "ApiId" + ] + }, + "permissions": [ + "appsync:ListDataSources" + ] + }, + "read": { + "permissions": [ + "appsync:GetDataSource" + ] + }, + "update": { + "permissions": [ + "appsync:UpdateDataSource", + "iam:PassRole" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/DataSourceArn" ], "properties": { "ApiId": { + "description": "Unique AWS AppSync GraphQL API identifier where this data source will be created.", "type": "string" }, "DataSourceArn": { + "description": "The Amazon Resource Name (ARN) of the API key, such as arn:aws:appsync:us-east-1:123456789012:apis/graphqlapiid/datasources/datasourcename.", "type": "string" }, "Description": { + "description": "The description of the data source.", "type": "string" }, "DynamoDBConfig": { - "$ref": "#/definitions/DynamoDBConfig" + "$ref": "#/definitions/DynamoDBConfig", + "description": "AWS Region and TableName for an Amazon DynamoDB table in your account." }, "ElasticsearchConfig": { - "$ref": "#/definitions/ElasticsearchConfig" + "$ref": "#/definitions/ElasticsearchConfig", + "description": "AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account.\nAs of September 2021, Amazon Elasticsearch Service is Amazon OpenSearch Service. This property is deprecated. For new data sources, use OpenSearchServiceConfig to specify an OpenSearch Service data source." }, "EventBridgeConfig": { - "$ref": "#/definitions/EventBridgeConfig" + "$ref": "#/definitions/EventBridgeConfig", + "description": "ARN for the EventBridge bus." }, "HttpConfig": { - "$ref": "#/definitions/HttpConfig" - }, - "Id": { - "type": "string" + "$ref": "#/definitions/HttpConfig", + "description": "Endpoints for an HTTP data source." }, "LambdaConfig": { - "$ref": "#/definitions/LambdaConfig" + "$ref": "#/definitions/LambdaConfig", + "description": "An ARN of a Lambda function in valid ARN format. This can be the ARN of a Lambda function that exists in the current account or in another account." }, "MetricsConfig": { + "description": "", + "enum": [ + "DISABLED", + "ENABLED" + ], "type": "string" }, "Name": { + "description": "Friendly name for you to identify your AppSync data source after creation.", "type": "string" }, "OpenSearchServiceConfig": { - "$ref": "#/definitions/OpenSearchServiceConfig" + "$ref": "#/definitions/OpenSearchServiceConfig", + "description": "AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account." }, "RelationalDatabaseConfig": { - "$ref": "#/definitions/RelationalDatabaseConfig" + "$ref": "#/definitions/RelationalDatabaseConfig", + "description": "Relational Database configuration of the relational database data source." }, "ServiceRoleArn": { + "description": "The AWS Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source.", "type": "string" }, "Type": { + "description": "The type of the data source.", "type": "string" } }, "readOnlyProperties": [ - "/properties/Id", "/properties/DataSourceArn" ], "required": [ @@ -250,5 +335,9 @@ "ApiId", "Name" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-appsync", + "tagging": { + "taggable": false + }, "typeName": "AWS::AppSync::DataSource" } diff --git a/src/schema/aws-appsync-domainname.json b/src/schema/aws-appsync-domainname.json index b2614a57..56968cae 100644 --- a/src/schema/aws-appsync-domainname.json +++ b/src/schema/aws-appsync-domainname.json @@ -4,6 +4,42 @@ "/properties/DomainName", "/properties/CertificateArn" ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "An arbitrary set of tags (key-value pairs) for this Domain Name.", + "properties": { + "Key": { + "description": "A string used to identify this tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)[ a-zA-Z+-=._:/]+$", + "type": "string" + }, + "Value": { + "description": "A string containing the value for this tag. You can specify a maximum of 256 characters for a tag value.", + "maxLength": 256, + "minLength": 0, + "pattern": "^[\\s\\w+-=\\.:/@]*$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Tags": { + "description": "An arbitrary set of tags (key-value pairs) for this Domain Name.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, "description": "Resource Type definition for AWS::AppSync::DomainName", "handlers": { "create": { @@ -11,13 +47,15 @@ "appsync:CreateDomainName", "appsync:GetDomainName", "acm:DescribeCertificate", - "cloudfront:UpdateDistribution" + "cloudfront:UpdateDistribution", + "appsync:TagResource" ] }, "delete": { "permissions": [ "appsync:GetDomainName", - "appsync:DeleteDomainName" + "appsync:DeleteDomainName", + "appsync:UntagResource" ] }, "list": { @@ -32,7 +70,10 @@ }, "update": { "permissions": [ - "appsync:UpdateDomainName" + "appsync:UpdateDomainName", + "appsync:TagResource", + "appsync:UntagResource", + "appsync:GetDomainName" ] } }, @@ -60,23 +101,36 @@ "pattern": "^(\\*[a-z\\d-]*\\.)?([a-z\\d-]+\\.)+[a-z\\d-]+$", "type": "string" }, + "DomainNameArn": { + "description": "The Amazon Resource Name (ARN) for the Domain Name.", + "type": "string" + }, "HostedZoneId": { "type": "string" + }, + "Tags": { + "$ref": "#/definitions/Tags" } }, "readOnlyProperties": [ "/properties/AppSyncDomainName", - "/properties/HostedZoneId" + "/properties/HostedZoneId", + "/properties/DomainNameArn" ], "required": [ "DomainName", "CertificateArn" ], "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "appsync:TagResource", + "appsync:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::AppSync::DomainName" } diff --git a/src/schema/aws-appsync-graphqlapi.json b/src/schema/aws-appsync-graphqlapi.json index b2ac3db2..2c21b709 100644 --- a/src/schema/aws-appsync-graphqlapi.json +++ b/src/schema/aws-appsync-graphqlapi.json @@ -5,6 +5,7 @@ "additionalProperties": false, "properties": { "AuthenticationType": { + "description": "The authentication type for API key, AWS Identity and Access Management, OIDC, Amazon Cognito user pools, or AWS Lambda.", "type": "string" }, "LambdaAuthorizerConfig": { @@ -26,12 +27,15 @@ "additionalProperties": false, "properties": { "AppIdClientRegex": { + "description": "A regular expression for validating the incoming Amazon Cognito user pool app client ID. ", "type": "string" }, "AwsRegion": { + "description": "The AWS Region in which the user pool was created.", "type": "string" }, "UserPoolId": { + "description": "The user pool ID", "type": "string" } }, @@ -41,12 +45,15 @@ "additionalProperties": false, "properties": { "DataSourceLevelMetricsBehavior": { + "description": "Controls how data source metrics will be emitted to CloudWatch. Data source metrics include:\n\n", "type": "string" }, "OperationLevelMetricsConfig": { + "description": "Controls how operation metrics will be emitted to CloudWatch. Operation metrics include:\n\n", "type": "string" }, "ResolverLevelMetricsBehavior": { + "description": "Controls how resolver metrics will be emitted to CloudWatch. Resolver metrics include:\n\n", "type": "string" } }, @@ -61,12 +68,15 @@ "additionalProperties": false, "properties": { "AuthorizerResultTtlInSeconds": { - "type": "number" + "description": "The number of seconds a response should be cached for.", + "type": "integer" }, "AuthorizerUri": { + "description": "The ARN of the Lambda function to be called for authorization.", "type": "string" }, "IdentityValidationExpression": { + "description": "A regular expression for validation of tokens before the Lambda function is called.", "type": "string" } }, @@ -76,12 +86,15 @@ "additionalProperties": false, "properties": { "CloudWatchLogsRoleArn": { + "description": "The service role that AWS AppSync will assume to publish to Amazon CloudWatch Logs in your account.", "type": "string" }, "ExcludeVerboseContent": { + "description": "Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.", "type": "boolean" }, "FieldLogLevel": { + "description": "The field logging level. Values can be NONE, ERROR, INFO, DEBUG, or ALL.", "type": "string" } }, @@ -91,15 +104,19 @@ "additionalProperties": false, "properties": { "AuthTTL": { + "description": "The number of milliseconds that a token is valid after being authenticated.", "type": "number" }, "ClientId": { + "description": "The client identifier of the Relying party at the OpenID identity provider.", "type": "string" }, "IatTTL": { + "description": "The number of milliseconds that a token is valid after it's issued to a user.\n\n", "type": "number" }, "Issuer": { + "description": "The issuer for the OIDC configuration. ", "type": "string" } }, @@ -125,15 +142,19 @@ "additionalProperties": false, "properties": { "AppIdClientRegex": { + "description": "A regular expression for validating the incoming Amazon Cognito user pool app client ID.", "type": "string" }, "AwsRegion": { + "description": "The AWS Region in which the user pool was created.", "type": "string" }, "DefaultAction": { + "description": "The action that you want your GraphQL API to take when a request that uses Amazon Cognito user pool authentication doesn't match the Amazon Cognito user pool configuration.", "type": "string" }, "UserPoolId": { + "description": "The user pool ID.", "type": "string" } }, @@ -141,110 +162,182 @@ } }, "description": "Resource Type definition for AWS::AppSync::GraphQLApi", + "handlers": { + "create": { + "permissions": [ + "appsync:CreateGraphqlApi", + "appsync:TagResource" + ] + }, + "delete": { + "permissions": [ + "appsync:DeleteGraphqlApi" + ] + }, + "list": { + "permissions": [ + "appsync:ListGraphqlApis" + ] + }, + "read": { + "permissions": [ + "appsync:GetGraphqlApi", + "appsync:GetGraphqlApiEnvironmentVariables", + "appsync:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "appsync:GetGraphqlApi", + "appsync:UpdateGraphqlApi", + "appsync:TagResource", + "appsync:UntagResource" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/ApiId" ], "properties": { "AdditionalAuthenticationProviders": { + "description": "A list of additional authentication providers for the GraphqlApi API.", "items": { "$ref": "#/definitions/AdditionalAuthenticationProvider" }, "type": "array", - "uniqueItems": false + "uniqueItems": true }, "ApiId": { + "description": "Unique AWS AppSync GraphQL API identifier.", "type": "string" }, "ApiType": { + "description": "The value that indicates whether the GraphQL API is a standard API (GRAPHQL) or merged API (MERGED).", "type": "string" }, "Arn": { + "description": "The Amazon Resource Name (ARN) of the API key", "type": "string" }, "AuthenticationType": { + "description": "Security configuration for your GraphQL API", "type": "string" }, "EnhancedMetricsConfig": { - "$ref": "#/definitions/EnhancedMetricsConfig" + "$ref": "#/definitions/EnhancedMetricsConfig", + "description": "Enables and controls the enhanced metrics feature. Enhanced metrics emit granular data on API usage and performance such as AppSync request and error counts, latency, and cache hits/misses. All enhanced metric data is sent to your CloudWatch account, and you can configure the types of data that will be sent." }, "EnvironmentVariables": { + "additionalProperties": false, + "description": "A map containing the list of resources with their properties and environment variables.", + "patternProperties": { + "^[A-Za-z]+\\w*$": { + "type": "string" + } + }, "type": "object" }, "GraphQLDns": { + "description": "The fully qualified domain name (FQDN) of the endpoint URL of your GraphQL API.", "type": "string" }, "GraphQLEndpointArn": { + "description": "The GraphQL endpoint ARN.", "type": "string" }, "GraphQLUrl": { - "type": "string" - }, - "Id": { + "description": "The Endpoint URL of your GraphQL API.", "type": "string" }, "IntrospectionConfig": { + "description": "Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled.", "type": "string" }, "LambdaAuthorizerConfig": { - "$ref": "#/definitions/LambdaAuthorizerConfig" + "$ref": "#/definitions/LambdaAuthorizerConfig", + "description": "A LambdaAuthorizerConfig holds configuration on how to authorize AWS AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an AWS AppSync API may have only one Lambda authorizer configured at a time." }, "LogConfig": { - "$ref": "#/definitions/LogConfig" + "$ref": "#/definitions/LogConfig", + "description": "The Amazon CloudWatch Logs configuration." }, "MergedApiExecutionRoleArn": { + "description": "The AWS Identity and Access Management service role ARN for a merged API. ", "type": "string" }, "Name": { + "description": "The API name", "type": "string" }, "OpenIDConnectConfig": { - "$ref": "#/definitions/OpenIDConnectConfig" + "$ref": "#/definitions/OpenIDConnectConfig", + "description": "The OpenID Connect configuration." }, "OwnerContact": { + "description": "The owner contact information for an API resource.", "type": "string" }, "QueryDepthLimit": { + "description": "The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query.", "type": "integer" }, "RealtimeDns": { + "description": "The fully qualified domain name (FQDN) of the real-time endpoint URL of your GraphQL API.", "type": "string" }, "RealtimeUrl": { + "description": "The GraphQL API real-time endpoint URL.", "type": "string" }, "ResolverCountLimit": { + "description": "The maximum number of resolvers that can be invoked in a single request.", "type": "integer" }, "Tags": { + "description": "An arbitrary set of tags (key-value pairs) for this GraphQL API.\n\n", "items": { "$ref": "#/definitions/Tag" }, "type": "array", - "uniqueItems": false + "uniqueItems": true }, "UserPoolConfig": { - "$ref": "#/definitions/UserPoolConfig" + "$ref": "#/definitions/UserPoolConfig", + "description": "Optional authorization configuration for using Amazon Cognito user pools with your GraphQL endpoint.\n\n" }, "Visibility": { + "description": "Sets the scope of the GraphQL API to public (GLOBAL) or private (PRIVATE). By default, the scope is set to Global if no value is provided.", "type": "string" }, "XrayEnabled": { + "description": "A flag indicating whether to use AWS X-Ray tracing for this GraphqlApi.\n\n", "type": "boolean" } }, "readOnlyProperties": [ "/properties/ApiId", + "/properties/Arn", "/properties/GraphQLEndpointArn", - "/properties/Id", "/properties/GraphQLDns", "/properties/GraphQLUrl", "/properties/RealtimeDns", - "/properties/RealtimeUrl", - "/properties/Arn" + "/properties/RealtimeUrl" ], "required": [ "Name", "AuthenticationType" ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "appsync:TagResource", + "appsync:UntagResource", + "appsync:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::AppSync::GraphQLApi" } diff --git a/src/schema/aws-aps-rulegroupsnamespace.json b/src/schema/aws-aps-rulegroupsnamespace.json index dbcf9167..f04c1acd 100644 --- a/src/schema/aws-aps-rulegroupsnamespace.json +++ b/src/schema/aws-aps-rulegroupsnamespace.json @@ -121,6 +121,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-aps", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "aps:TagResource", + "aps:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-aps-scraper.json b/src/schema/aws-aps-scraper.json index 6b6a108b..c0b5100d 100644 --- a/src/schema/aws-aps-scraper.json +++ b/src/schema/aws-aps-scraper.json @@ -1,10 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/ScrapeConfiguration", - "/properties/Source", - "/properties/Destination", - "/properties/Alias" + "/properties/Source" ], "definitions": { "Destination": { @@ -36,6 +33,21 @@ }, "type": "object" }, + "RoleConfiguration": { + "additionalProperties": false, + "description": "Role configuration", + "properties": { + "SourceRoleArn": { + "description": "IAM Role in source account", + "type": "string" + }, + "TargetRoleArn": { + "description": "IAM Role in the target account", + "type": "string" + } + }, + "type": "object" + }, "ScrapeConfiguration": { "additionalProperties": false, "description": "Scraper configuration", @@ -147,7 +159,8 @@ "eks:DescribeCluster", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "iam:PassRole" ] }, "delete": { @@ -176,10 +189,14 @@ }, "update": { "permissions": [ + "aps:CreateScraper", "aps:DescribeScraper", + "aps:UpdateScraper", + "aps:DescribeWorkspace", "aps:TagResource", "aps:UntagResource", - "aps:ListTagsForResource" + "aps:ListTagsForResource", + "iam:PassRole" ] } }, @@ -209,6 +226,9 @@ "pattern": "^arn:(aws|aws-us-gov|aws-cn):iam::[0-9]{12}:role/[a-zA-Z0-9-]+$", "type": "string" }, + "RoleConfiguration": { + "$ref": "#/definitions/RoleConfiguration" + }, "ScrapeConfiguration": { "$ref": "#/definitions/ScrapeConfiguration" }, @@ -245,6 +265,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-aps", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "aps:TagResource", + "aps:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-aps-workspace.json b/src/schema/aws-aps-workspace.json index a2dd22ab..f0119881 100644 --- a/src/schema/aws-aps-workspace.json +++ b/src/schema/aws-aps-workspace.json @@ -4,6 +4,64 @@ "/properties/KmsKeyArn" ], "definitions": { + "Label": { + "additionalProperties": false, + "description": "Series label", + "properties": { + "Name": { + "description": "Name of the label", + "minLength": 1, + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "Value": { + "description": "Value of the label", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Name", + "Value" + ], + "type": "object" + }, + "LimitsPerLabelSet": { + "additionalProperties": false, + "description": "Label set and its associated limits", + "properties": { + "LabelSet": { + "description": "An array of series labels", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Label" + }, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, + "Limits": { + "$ref": "#/definitions/LimitsPerLabelSetEntry" + } + }, + "required": [ + "Limits", + "LabelSet" + ], + "type": "object" + }, + "LimitsPerLabelSetEntry": { + "additionalProperties": false, + "description": "Limits that can be applied to a label set", + "properties": { + "MaxSeries": { + "description": "The maximum number of active series that can be ingested for this label set", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "LoggingConfiguration": { "additionalProperties": false, "description": "Logging configuration", @@ -39,6 +97,28 @@ "Value" ], "type": "object" + }, + "WorkspaceConfiguration": { + "additionalProperties": false, + "description": "Workspace configuration", + "properties": { + "LimitsPerLabelSets": { + "description": "An array of label set and associated limits", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/LimitsPerLabelSet" + }, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, + "RetentionPeriodInDays": { + "description": "How many days that metrics are retained in the workspace", + "minimum": 1, + "type": "integer" + } + }, + "type": "object" } }, "description": "Resource Type definition for AWS::APS::Workspace", @@ -51,6 +131,8 @@ "aps:CreateAlertManagerDefinition", "aps:DescribeAlertManagerDefinition", "aps:CreateLoggingConfiguration", + "aps:DescribeWorkspaceConfiguration", + "aps:UpdateWorkspaceConfiguration", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:ListLogDeliveries", @@ -80,7 +162,8 @@ "aps:DescribeWorkspace", "aps:ListTagsForResource", "aps:DescribeAlertManagerDefinition", - "aps:DescribeLoggingConfiguration" + "aps:DescribeLoggingConfiguration", + "aps:DescribeWorkspaceConfiguration" ] }, "update": { @@ -97,6 +180,8 @@ "aps:DescribeLoggingConfiguration", "aps:UpdateLoggingConfiguration", "aps:DeleteLoggingConfiguration", + "aps:DescribeWorkspaceConfiguration", + "aps:UpdateWorkspaceConfiguration", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", @@ -150,6 +235,9 @@ "type": "array", "uniqueItems": true }, + "WorkspaceConfiguration": { + "$ref": "#/definitions/WorkspaceConfiguration" + }, "WorkspaceId": { "description": "Required to identify a specific APS Workspace.", "maxLength": 100, @@ -167,6 +255,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "aps:TagResource", + "aps:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-athena-capacityreservation.json b/src/schema/aws-athena-capacityreservation.json index de44f914..89dfa309 100644 --- a/src/schema/aws-athena-capacityreservation.json +++ b/src/schema/aws-athena-capacityreservation.json @@ -197,6 +197,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-athena.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "athena:UntagResource", + "athena:TagResource", + "athena:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-athena-datacatalog.json b/src/schema/aws-athena-datacatalog.json index d3fc2aa0..549d6b59 100644 --- a/src/schema/aws-athena-datacatalog.json +++ b/src/schema/aws-athena-datacatalog.json @@ -37,17 +37,60 @@ "create": { "permissions": [ "athena:CreateDataCatalog", - "athena:TagResource" + "athena:GetDataCatalog", + "athena:TagResource", + "s3:ListBucket", + "glue:TagResource", + "glue:CreateConnection", + "glue:DeleteConnection", + "glue:UpdateConnection", + "serverlessrepo:CreateCloudFormationTemplate", + "serverlessrepo:GetCloudFormationTemplate", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks", + "cloudformation:CreateChangeSet", + "iam:AttachRolePolicy", + "iam:DetachRolePolicy", + "iam:DeleteRolePolicy", + "iam:PutRolePolicy", + "iam:CreateRole", + "iam:TagRole", + "iam:DeleteRole", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:PassRole", + "lambda:DeleteFunction", + "lambda:CreateFunction", + "lambda:TagResource", + "lambda:GetFunction", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "secretsmanager:ListSecrets", + "glue:GetConnection", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ] }, "delete": { "permissions": [ - "athena:DeleteDataCatalog" + "athena:DeleteDataCatalog", + "athena:GetDataCatalog", + "glue:GetConnection", + "glue:UpdateConnection", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks", + "lambda:DeleteFunction", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "s3:ListBucket" ] }, "list": { "permissions": [ - "athena:ListDataCatalog" + "athena:ListDataCatalogs" ] }, "read": { @@ -70,12 +113,20 @@ "/properties/Name" ], "properties": { + "ConnectionType": { + "description": "The type of connection for a FEDERATED data catalog", + "type": "string" + }, "Description": { "description": "A description of the data catalog to be created. ", "maxLength": 1024, "minLength": 1, "type": "string" }, + "Error": { + "description": "Text of the error that occurred during data catalog creation or deletion.", + "type": "string" + }, "Name": { "description": "The name of the data catalog to create. The catalog name must be unique for the AWS account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters. ", "maxLength": 256, @@ -93,16 +144,32 @@ }, "type": "object" }, + "Status": { + "description": "The status of the creation or deletion of the data catalog. LAMBDA, GLUE, and HIVE data catalog types are created synchronously. Their status is either CREATE_COMPLETE or CREATE_FAILED. The FEDERATED data catalog type is created asynchronously.", + "enum": [ + "CREATE_IN_PROGRESS", + "CREATE_COMPLETE", + "CREATE_FAILED", + "CREATE_FAILED_CLEANUP_IN_PROGRESS", + "CREATE_FAILED_CLEANUP_COMPLETE", + "CREATE_FAILED_CLEANUP_FAILED", + "DELETE_IN_PROGRESS", + "DELETE_COMPLETE", + "DELETE_FAILED" + ], + "type": "string" + }, "Tags": { "$ref": "#/definitions/Tags", "description": "A list of comma separated tags to add to the data catalog that is created. " }, "Type": { - "description": "The type of data catalog to create: LAMBDA for a federated catalog, GLUE for AWS Glue Catalog, or HIVE for an external hive metastore. ", + "description": "The type of data catalog to create: LAMBDA for a federated catalog, GLUE for AWS Glue Catalog, or HIVE for an external hive metastore. FEDERATED is a federated catalog for which Athena creates the connection and the Lambda function for you based on the parameters that you pass.", "enum": [ "LAMBDA", "GLUE", - "HIVE" + "HIVE", + "FEDERATED" ], "type": "string" } @@ -112,6 +179,17 @@ "Type" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-athena.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "athena:UntagResource", + "athena:TagResource", + "athena:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Athena::DataCatalog" } diff --git a/src/schema/aws-athena-workgroup.json b/src/schema/aws-athena-workgroup.json index 7521c2d1..71ddb29f 100644 --- a/src/schema/aws-athena-workgroup.json +++ b/src/schema/aws-athena-workgroup.json @@ -402,7 +402,18 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-athena.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "athena:UntagResource", + "athena:TagResource", + "athena:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Athena::WorkGroup", "writeOnlyProperties": [ "/properties/WorkGroupConfigurationUpdates", diff --git a/src/schema/aws-auditmanager-assessment.json b/src/schema/aws-auditmanager-assessment.json index 0d402de2..284d8158 100644 --- a/src/schema/aws-auditmanager-assessment.json +++ b/src/schema/aws-auditmanager-assessment.json @@ -278,12 +278,14 @@ }, "delete": { "permissions": [ - "auditmanager:DeleteAssessment" + "auditmanager:DeleteAssessment", + "auditmanager:UntagResource" ] }, "list": { "permissions": [ - "auditmanager:ListAssessments" + "auditmanager:ListAssessments", + "auditmanager:ListTagsForResource" ] }, "read": { @@ -363,6 +365,18 @@ ], "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "auditmanager:TagResource", + "auditmanager:ListTagsForResource", + "auditmanager:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::AuditManager::Assessment", "writeOnlyProperties": [ "/properties/Name", diff --git a/src/schema/aws-autoscaling-autoscalinggroup.json b/src/schema/aws-autoscaling-autoscalinggroup.json index d4290ea9..87dae38f 100644 --- a/src/schema/aws-autoscaling-autoscalinggroup.json +++ b/src/schema/aws-autoscaling-autoscalinggroup.json @@ -3,7 +3,6 @@ "conditionalCreateOnlyProperties": [ "/properties/LaunchConfigurationName", "/properties/VPCZoneIdentifier", - "/properties/PlacementGroup", "/properties/LaunchTemplate", "/properties/MixedInstancesPolicy" ], @@ -42,6 +41,44 @@ }, "type": "object" }, + "AvailabilityZoneDistribution": { + "additionalProperties": false, + "description": "``AvailabilityZoneDistribution`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource.", + "properties": { + "CapacityDistributionStrategy": { + "description": "If launches fail in an Availability Zone, the following strategies are available. The default is ``balanced-best-effort``. \n + ``balanced-only`` - If launches fail in an Availability Zone, Auto Scaling will continue to attempt to launch in the unhealthy zone to preserve a balanced distribution.\n + ``balanced-best-effort`` - If launches fail in an Availability Zone, Auto Scaling will attempt to launch in another healthy Availability Zone instead.", + "enum": [ + "balanced-best-effort", + "balanced-only" + ], + "type": "string" + } + }, + "type": "object" + }, + "AvailabilityZoneImpairmentPolicy": { + "additionalProperties": false, + "description": "Describes an Availability Zone impairment policy.", + "properties": { + "ImpairedZoneHealthCheckBehavior": { + "description": "Specifies the health check behavior for the impaired Availability Zone in an active zonal shift. If you select ``Replace unhealthy``, instances that appear unhealthy will be replaced in all Availability Zones. If you select ``Ignore unhealthy``, instances will not be replaced in the Availability Zone with the active zonal shift. For more information, see [Auto Scaling group zonal shift](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-zonal-shift.html) in the *Amazon EC2 Auto Scaling User Guide*.", + "enum": [ + "IgnoreUnhealthy", + "ReplaceUnhealthy" + ], + "type": "string" + }, + "ZonalShiftEnabled": { + "description": "If ``true``, enable zonal shift for your Auto Scaling group.", + "type": "boolean" + } + }, + "required": [ + "ImpairedZoneHealthCheckBehavior", + "ZonalShiftEnabled" + ], + "type": "object" + }, "BaselineEbsBandwidthMbpsRequest": { "additionalProperties": false, "description": "``BaselineEbsBandwidthMbpsRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum baseline bandwidth performance for an instance type, in Mbps.", @@ -57,6 +94,73 @@ }, "type": "object" }, + "BaselinePerformanceFactorsRequest": { + "additionalProperties": false, + "description": "", + "properties": { + "Cpu": { + "$ref": "#/definitions/CpuPerformanceFactorRequest", + "description": "" + } + }, + "type": "object" + }, + "CapacityReservationIds": { + "insertionOrder": true, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, + "CapacityReservationResourceGroupArns": { + "insertionOrder": true, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, + "CapacityReservationSpecification": { + "additionalProperties": false, + "description": "", + "properties": { + "CapacityReservationPreference": { + "type": "string" + }, + "CapacityReservationTarget": { + "$ref": "#/definitions/CapacityReservationTarget" + } + }, + "required": [ + "CapacityReservationPreference" + ], + "type": "object" + }, + "CapacityReservationTarget": { + "additionalProperties": false, + "description": "", + "properties": { + "CapacityReservationIds": { + "$ref": "#/definitions/CapacityReservationIds" + }, + "CapacityReservationResourceGroupArns": { + "$ref": "#/definitions/CapacityReservationResourceGroupArns" + } + }, + "type": "object" + }, + "CpuPerformanceFactorRequest": { + "additionalProperties": false, + "description": "", + "properties": { + "References": { + "$ref": "#/definitions/PerformanceFactorReferenceSetRequest", + "description": "" + } + }, + "type": "object" + }, "InstanceMaintenancePolicy": { "additionalProperties": false, "dependencies": { @@ -136,6 +240,10 @@ "$ref": "#/definitions/BaselineEbsBandwidthMbpsRequest", "description": "The minimum and maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide for Linux Instances*.\n Default: No minimum or maximum limits" }, + "BaselinePerformanceFactors": { + "$ref": "#/definitions/BaselinePerformanceFactorsRequest", + "description": "" + }, "BurstablePerformance": { "description": "Indicates whether burstable performance instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) in the *Amazon EC2 User Guide for Linux Instances*.\n Default: ``excluded``", "type": "string" @@ -495,6 +603,25 @@ ], "type": "object" }, + "PerformanceFactorReferenceRequest": { + "additionalProperties": false, + "description": "", + "properties": { + "InstanceFamily": { + "description": "", + "type": "string" + } + }, + "type": "object" + }, + "PerformanceFactorReferenceSetRequest": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/PerformanceFactorReferenceRequest" + }, + "type": "array", + "uniqueItems": true + }, "TagProperty": { "additionalProperties": false, "description": "A structure that specifies a tag for the ``Tags`` property of [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource.\n For more information, see [Tag Auto Scaling groups and instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-tagging.html) in the *Amazon EC2 Auto Scaling User Guide*. You can find a sample template snippet in the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html#aws-resource-autoscaling-autoscalinggroup--examples) section of the ``AWS::AutoScaling::AutoScalingGroup`` resource.\n CloudFormation adds the following tags to all Auto Scaling groups and associated instances: \n + aws:cloudformation:stack-name\n + aws:cloudformation:stack-id\n + aws:cloudformation:logical-id", @@ -534,6 +661,25 @@ }, "type": "object" }, + "TrafficSourceIdentifier": { + "additionalProperties": false, + "description": "Identifying information for a traffic source.", + "properties": { + "Identifier": { + "description": "Identifies the traffic source.\n For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region.\n For example: \n + Application Load Balancer ARN: ``arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/1234567890123456`` \n + Classic Load Balancer name: ``my-classic-load-balancer`` \n + VPC Lattice ARN: ``arn:aws:vpc-lattice:us-west-2:123456789012:targetgroup/tg-1234567890123456`` \n \n To get the ARN of a target group for a Application Load Balancer, Gateway Load Balancer, or Network Load Balancer, or the name of a Classic Load Balancer, use the Elastic Load Balancing [DescribeTargetGroups](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) and [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) API operations.\n To get the ARN of a target group for VPC Lattice, use the VPC Lattice [GetTargetGroup](https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetTargetGroup.html) API operation.", + "type": "string" + }, + "Type": { + "description": "Provides additional context for the value of ``Identifier``.\n The following lists the valid values:\n + ``elb`` if ``Identifier`` is the name of a Classic Load Balancer.\n + ``elbv2`` if ``Identifier`` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group.\n + ``vpc-lattice`` if ``Identifier`` is the ARN of a VPC Lattice target group.\n \n Required if the identifier is the name of a Classic Load Balancer.", + "type": "string" + } + }, + "required": [ + "Identifier", + "Type" + ], + "type": "object" + }, "VCpuCountRequest": { "additionalProperties": false, "description": "``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type.", @@ -573,7 +719,11 @@ "managed-fleets:Get*", "managed-fleets:CreateAutoScalingGroup", "managed-fleets:UpdateAutoScalingGroup", - "ssm:Get*" + "ssm:Get*", + "vpc-lattice:DeregisterTargets", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:ListTargets", + "vpc-lattice:RegisterTargets" ], "timeoutInMinutes": 360 }, @@ -627,7 +777,11 @@ "managed-fleets:RegisterAutoScalingGroup", "managed-fleets:DeregisterAutoScalingGroup", "managed-fleets:UpdateAutoScalingGroup", - "ssm:Get*" + "ssm:Get*", + "vpc-lattice:DeregisterTargets", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:ListTargets", + "vpc-lattice:RegisterTargets" ], "timeoutInMinutes": 660 } @@ -640,6 +794,14 @@ "description": "The name of the Auto Scaling group. This name must be unique per Region per account.\n The name can contain any ASCII character 33 to 126 including most punctuation characters, digits, and upper and lowercased letters.\n You cannot use a colon (:) in the name.", "type": "string" }, + "AvailabilityZoneDistribution": { + "$ref": "#/definitions/AvailabilityZoneDistribution", + "description": "The instance capacity distribution across Availability Zones." + }, + "AvailabilityZoneImpairmentPolicy": { + "$ref": "#/definitions/AvailabilityZoneImpairmentPolicy", + "description": "The Availability Zone impairment policy." + }, "AvailabilityZones": { "description": "A list of Availability Zones where instances in the Auto Scaling group can be created. Used for launching into the default VPC subnet in each Availability Zone when not using the ``VPCZoneIdentifier`` property, or for attaching a network interface when an existing network interface ID is specified in a launch template.", "insertionOrder": false, @@ -653,6 +815,10 @@ "description": "Indicates whether Capacity Rebalancing is enabled. Otherwise, Capacity Rebalancing is disabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. For more information, see [Use Capacity Rebalancing to handle Amazon EC2 Spot Interruptions](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html) in the in the *Amazon EC2 Auto Scaling User Guide*.", "type": "boolean" }, + "CapacityReservationSpecification": { + "$ref": "#/definitions/CapacityReservationSpecification", + "description": "" + }, "Context": { "description": "Reserved.", "type": "string" @@ -679,7 +845,7 @@ "type": "integer" }, "HealthCheckType": { - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set.", + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set.", "type": "string" }, "InstanceId": { @@ -768,6 +934,10 @@ "description": "The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS service on your behalf. By default, Amazon EC2 Auto Scaling uses a service-linked role named ``AWSServiceRoleForAutoScaling``, which it creates if it does not exist. For more information, see [Service-linked roles](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html) in the *Amazon EC2 Auto Scaling User Guide*.", "type": "string" }, + "SkipZonalShiftValidation": { + "description": "", + "type": "boolean" + }, "Tags": { "description": "One or more tags. You can tag your Auto Scaling group and propagate the tags to the Amazon EC2 instances it launches. Tags are not propagated to Amazon EBS volumes. To add tags to Amazon EBS volumes, specify the tags in a launch template but use caution. If the launch template specifies an instance tag with a key that is also specified for the Auto Scaling group, Amazon EC2 Auto Scaling overrides the value of that instance tag with the value specified by the Auto Scaling group. For more information, see [Tag Auto Scaling groups and instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html) in the *Amazon EC2 Auto Scaling User Guide*.", "insertionOrder": false, @@ -794,6 +964,15 @@ "type": "array", "uniqueItems": false }, + "TrafficSources": { + "description": "The traffic sources associated with this Auto Scaling group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/TrafficSourceIdentifier" + }, + "type": "array", + "uniqueItems": true + }, "VPCZoneIdentifier": { "description": "A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created.\n If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html).\n When you update ``VPCZoneIdentifier``, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html).\n Required to launch instances into a nondefault VPC. If you specify ``VPCZoneIdentifier`` with ``AvailabilityZones``, the subnets that you specify for this property must reside in those Availability Zones.", "insertionOrder": false, @@ -820,6 +999,7 @@ }, "typeName": "AWS::AutoScaling::AutoScalingGroup", "writeOnlyProperties": [ + "/properties/SkipZonalShiftValidation", "/properties/InstanceId" ] } diff --git a/src/schema/aws-autoscaling-scalingpolicy.json b/src/schema/aws-autoscaling-scalingpolicy.json index 94372895..e5543999 100644 --- a/src/schema/aws-autoscaling-scalingpolicy.json +++ b/src/schema/aws-autoscaling-scalingpolicy.json @@ -29,6 +29,9 @@ "Namespace": { "type": "string" }, + "Period": { + "type": "integer" + }, "Statistic": { "type": "string" }, @@ -347,6 +350,9 @@ "MetricStat": { "$ref": "#/definitions/TargetTrackingMetricStat" }, + "Period": { + "type": "integer" + }, "ReturnData": { "type": "boolean" } @@ -362,6 +368,9 @@ "Metric": { "$ref": "#/definitions/Metric" }, + "Period": { + "type": "integer" + }, "Stat": { "type": "string" }, diff --git a/src/schema/aws-autoscaling-warmpool.json b/src/schema/aws-autoscaling-warmpool.json index d80d5844..52e34384 100644 --- a/src/schema/aws-autoscaling-warmpool.json +++ b/src/schema/aws-autoscaling-warmpool.json @@ -66,5 +66,8 @@ "AutoScalingGroupName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-autoscaling", + "tagging": { + "taggable": false + }, "typeName": "AWS::AutoScaling::WarmPool" } diff --git a/src/schema/aws-b2bi-capability.json b/src/schema/aws-b2bi-capability.json index 3ca99317..10aafe57 100644 --- a/src/schema/aws-b2bi-capability.json +++ b/src/schema/aws-b2bi-capability.json @@ -21,6 +21,13 @@ } ] }, + "CapabilityDirection": { + "enum": [ + "INBOUND", + "OUTBOUND" + ], + "type": "string" + }, "CapabilityType": { "enum": [ "edi" @@ -30,6 +37,9 @@ "EdiConfiguration": { "additionalProperties": false, "properties": { + "CapabilityDirection": { + "$ref": "#/definitions/CapabilityDirection" + }, "InputLocation": { "$ref": "#/definitions/S3Location" }, @@ -121,57 +131,324 @@ }, "X12TransactionSet": { "enum": [ + "X12_100", + "X12_101", + "X12_102", + "X12_103", + "X12_104", + "X12_105", + "X12_106", + "X12_107", + "X12_108", + "X12_109", "X12_110", + "X12_111", + "X12_112", + "X12_113", + "X12_120", + "X12_121", + "X12_124", + "X12_125", + "X12_126", + "X12_127", + "X12_128", + "X12_129", + "X12_130", + "X12_131", + "X12_132", + "X12_133", + "X12_135", + "X12_138", + "X12_139", + "X12_140", + "X12_141", + "X12_142", + "X12_143", + "X12_144", + "X12_146", + "X12_147", + "X12_148", + "X12_149", + "X12_150", + "X12_151", + "X12_152", + "X12_153", + "X12_154", + "X12_155", + "X12_157", + "X12_158", + "X12_159", + "X12_160", + "X12_161", + "X12_163", + "X12_170", + "X12_175", + "X12_176", + "X12_179", "X12_180", + "X12_185", + "X12_186", + "X12_187", + "X12_188", + "X12_189", + "X12_190", + "X12_191", + "X12_194", + "X12_195", + "X12_196", + "X12_197", + "X12_198", + "X12_199", + "X12_200", + "X12_201", + "X12_202", + "X12_203", "X12_204", + "X12_205", + "X12_206", "X12_210", "X12_211", + "X12_212", + "X12_213", "X12_214", "X12_215", + "X12_216", + "X12_217", + "X12_218", + "X12_219", + "X12_220", + "X12_222", + "X12_223", + "X12_224", + "X12_225", + "X12_227", + "X12_228", + "X12_240", + "X12_242", + "X12_244", + "X12_245", + "X12_248", + "X12_249", + "X12_250", + "X12_251", + "X12_252", + "X12_255", + "X12_256", "X12_259", "X12_260", + "X12_261", + "X12_262", + "X12_263", + "X12_264", + "X12_265", "X12_266", + "X12_267", + "X12_268", "X12_269", "X12_270", "X12_271", + "X12_272", + "X12_273", "X12_274", "X12_275", "X12_276", "X12_277", "X12_278", + "X12_280", + "X12_283", + "X12_284", + "X12_285", + "X12_286", + "X12_288", + "X12_290", + "X12_300", + "X12_301", + "X12_303", + "X12_304", + "X12_309", "X12_310", + "X12_311", + "X12_312", + "X12_313", "X12_315", + "X12_317", + "X12_319", "X12_322", + "X12_323", + "X12_324", + "X12_325", + "X12_326", + "X12_350", + "X12_352", + "X12_353", + "X12_354", + "X12_355", + "X12_356", + "X12_357", + "X12_358", + "X12_361", + "X12_362", "X12_404", "X12_410", + "X12_412", + "X12_414", "X12_417", + "X12_418", + "X12_419", + "X12_420", "X12_421", + "X12_422", + "X12_423", + "X12_424", + "X12_425", "X12_426", + "X12_429", + "X12_431", + "X12_432", + "X12_433", + "X12_434", + "X12_435", + "X12_436", + "X12_437", + "X12_440", + "X12_451", + "X12_452", + "X12_453", + "X12_455", + "X12_456", + "X12_460", + "X12_463", + "X12_466", + "X12_468", + "X12_470", + "X12_475", + "X12_485", + "X12_486", + "X12_490", + "X12_492", + "X12_494", + "X12_500", + "X12_501", + "X12_503", + "X12_504", + "X12_511", + "X12_517", + "X12_521", + "X12_527", + "X12_536", + "X12_540", + "X12_561", + "X12_567", + "X12_568", + "X12_601", + "X12_602", + "X12_620", + "X12_625", + "X12_650", + "X12_715", + "X12_753", + "X12_754", + "X12_805", + "X12_806", "X12_810", + "X12_811", + "X12_812", + "X12_813", + "X12_814", + "X12_815", + "X12_816", + "X12_818", + "X12_819", "X12_820", + "X12_821", + "X12_822", + "X12_823", "X12_824", + "X12_826", + "X12_827", + "X12_828", + "X12_829", "X12_830", + "X12_831", "X12_832", + "X12_833", "X12_834", "X12_835", + "X12_836", "X12_837", + "X12_838", + "X12_839", + "X12_840", + "X12_841", + "X12_842", + "X12_843", "X12_844", + "X12_845", "X12_846", + "X12_847", + "X12_848", "X12_849", "X12_850", + "X12_851", "X12_852", + "X12_853", + "X12_854", "X12_855", "X12_856", + "X12_857", + "X12_858", + "X12_859", "X12_860", "X12_861", + "X12_862", + "X12_863", "X12_864", "X12_865", + "X12_866", + "X12_867", + "X12_868", "X12_869", "X12_870", + "X12_871", + "X12_872", + "X12_873", + "X12_874", + "X12_875", + "X12_876", + "X12_877", + "X12_878", + "X12_879", + "X12_880", + "X12_881", + "X12_882", + "X12_883", + "X12_884", + "X12_885", + "X12_886", + "X12_887", + "X12_888", + "X12_889", + "X12_891", + "X12_893", + "X12_894", + "X12_895", + "X12_896", + "X12_920", + "X12_924", + "X12_925", + "X12_926", + "X12_928", "X12_940", + "X12_943", + "X12_944", "X12_945", + "X12_947", + "X12_980", "X12_990", + "X12_993", + "X12_996", "X12_997", + "X12_998", "X12_999", "X12_270_X279", "X12_271_X279", @@ -203,6 +480,8 @@ "enum": [ "VERSION_4010", "VERSION_4030", + "VERSION_4050", + "VERSION_4060", "VERSION_5010", "VERSION_5010_HIPAA" ], @@ -319,6 +598,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-b2bi-partnership.json b/src/schema/aws-b2bi-partnership.json index c2197619..0e3a67ba 100644 --- a/src/schema/aws-b2bi-partnership.json +++ b/src/schema/aws-b2bi-partnership.json @@ -6,6 +6,32 @@ "/properties/ProfileId" ], "definitions": { + "CapabilityOptions": { + "additionalProperties": false, + "properties": { + "OutboundEdi": { + "$ref": "#/definitions/OutboundEdiOptions" + } + }, + "type": "object" + }, + "OutboundEdiOptions": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "X12": { + "$ref": "#/definitions/X12Envelope" + } + }, + "required": [ + "X12" + ], + "title": "X12", + "type": "object" + } + ] + }, "Tag": { "additionalProperties": false, "properties": { @@ -25,6 +51,128 @@ "Value" ], "type": "object" + }, + "X12Delimiters": { + "additionalProperties": false, + "properties": { + "ComponentSeparator": { + "maxLength": 1, + "minLength": 1, + "pattern": "^[!&'()*+,\\-./:;?=%@\\[\\]_{}|<>~^`\"]$", + "type": "string" + }, + "DataElementSeparator": { + "maxLength": 1, + "minLength": 1, + "pattern": "^[!&'()*+,\\-./:;?=%@\\[\\]_{}|<>~^`\"]$", + "type": "string" + }, + "SegmentTerminator": { + "maxLength": 1, + "minLength": 1, + "pattern": "^[!&'()*+,\\-./:;?=%@\\[\\]_{}|<>~^`\"]$", + "type": "string" + } + }, + "type": "object" + }, + "X12Envelope": { + "additionalProperties": false, + "properties": { + "Common": { + "$ref": "#/definitions/X12OutboundEdiHeaders" + } + }, + "type": "object" + }, + "X12FunctionalGroupHeaders": { + "additionalProperties": false, + "properties": { + "ApplicationReceiverCode": { + "maxLength": 15, + "minLength": 2, + "pattern": "^[a-zA-Z0-9 ]*$", + "type": "string" + }, + "ApplicationSenderCode": { + "maxLength": 15, + "minLength": 2, + "pattern": "^[a-zA-Z0-9 ]*$", + "type": "string" + }, + "ResponsibleAgencyCode": { + "maxLength": 2, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]*$", + "type": "string" + } + }, + "type": "object" + }, + "X12InterchangeControlHeaders": { + "additionalProperties": false, + "properties": { + "AcknowledgmentRequestedCode": { + "maxLength": 1, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]*$", + "type": "string" + }, + "ReceiverId": { + "maxLength": 15, + "minLength": 15, + "pattern": "^[a-zA-Z0-9 ]*$", + "type": "string" + }, + "ReceiverIdQualifier": { + "maxLength": 2, + "minLength": 2, + "pattern": "^[a-zA-Z0-9]*$", + "type": "string" + }, + "RepetitionSeparator": { + "maxLength": 1, + "minLength": 1, + "type": "string" + }, + "SenderId": { + "maxLength": 15, + "minLength": 15, + "pattern": "^[a-zA-Z0-9 ]*$", + "type": "string" + }, + "SenderIdQualifier": { + "maxLength": 2, + "minLength": 2, + "pattern": "^[a-zA-Z0-9]*$", + "type": "string" + }, + "UsageIndicatorCode": { + "maxLength": 1, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]*$", + "type": "string" + } + }, + "type": "object" + }, + "X12OutboundEdiHeaders": { + "additionalProperties": false, + "properties": { + "Delimiters": { + "$ref": "#/definitions/X12Delimiters" + }, + "FunctionalGroupHeaders": { + "$ref": "#/definitions/X12FunctionalGroupHeaders" + }, + "InterchangeControlHeaders": { + "$ref": "#/definitions/X12InterchangeControlHeaders" + }, + "ValidateEdi": { + "type": "boolean" + } + }, + "type": "object" } }, "description": "Definition of AWS::B2BI::Partnership Resource Type", @@ -73,6 +221,9 @@ }, "type": "array" }, + "CapabilityOptions": { + "$ref": "#/definitions/CapabilityOptions" + }, "CreatedAt": { "format": "date-time", "type": "string" @@ -138,12 +289,18 @@ "/properties/TradingPartnerId" ], "required": [ + "Capabilities", "Email", "Name", "ProfileId" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-b2bi-profile.json b/src/schema/aws-b2bi-profile.json index a58963a9..5b086080 100644 --- a/src/schema/aws-b2bi-profile.json +++ b/src/schema/aws-b2bi-profile.json @@ -152,6 +152,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-b2bi-transformer.json b/src/schema/aws-b2bi-transformer.json index 7c8e75ae..4f71b4c1 100644 --- a/src/schema/aws-b2bi-transformer.json +++ b/src/schema/aws-b2bi-transformer.json @@ -21,10 +21,125 @@ "FileFormat": { "enum": [ "XML", - "JSON" + "JSON", + "NOT_USED" ], "type": "string" }, + "FormatOptions": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "X12": { + "$ref": "#/definitions/X12Details" + } + }, + "required": [ + "X12" + ], + "title": "X12", + "type": "object" + } + ] + }, + "FromFormat": { + "enum": [ + "X12" + ], + "type": "string" + }, + "InputConversion": { + "additionalProperties": false, + "properties": { + "FormatOptions": { + "$ref": "#/definitions/FormatOptions" + }, + "FromFormat": { + "$ref": "#/definitions/FromFormat" + } + }, + "required": [ + "FromFormat" + ], + "type": "object" + }, + "Mapping": { + "additionalProperties": false, + "properties": { + "Template": { + "maxLength": 350000, + "minLength": 0, + "type": "string" + }, + "TemplateLanguage": { + "$ref": "#/definitions/MappingTemplateLanguage" + } + }, + "required": [ + "TemplateLanguage" + ], + "type": "object" + }, + "MappingTemplateLanguage": { + "enum": [ + "XSLT", + "JSONATA" + ], + "type": "string" + }, + "OutputConversion": { + "additionalProperties": false, + "properties": { + "FormatOptions": { + "$ref": "#/definitions/FormatOptions" + }, + "ToFormat": { + "$ref": "#/definitions/ToFormat" + } + }, + "required": [ + "ToFormat" + ], + "type": "object" + }, + "SampleDocumentKeys": { + "additionalProperties": false, + "properties": { + "Input": { + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "Output": { + "maxLength": 1024, + "minLength": 0, + "type": "string" + } + }, + "type": "object" + }, + "SampleDocuments": { + "additionalProperties": false, + "properties": { + "BucketName": { + "maxLength": 63, + "minLength": 3, + "type": "string" + }, + "Keys": { + "items": { + "$ref": "#/definitions/SampleDocumentKeys" + }, + "type": "array" + } + }, + "required": [ + "BucketName", + "Keys" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -45,6 +160,12 @@ ], "type": "object" }, + "ToFormat": { + "enum": [ + "X12" + ], + "type": "string" + }, "TransformerStatus": { "enum": [ "active", @@ -66,57 +187,324 @@ }, "X12TransactionSet": { "enum": [ + "X12_100", + "X12_101", + "X12_102", + "X12_103", + "X12_104", + "X12_105", + "X12_106", + "X12_107", + "X12_108", + "X12_109", "X12_110", + "X12_111", + "X12_112", + "X12_113", + "X12_120", + "X12_121", + "X12_124", + "X12_125", + "X12_126", + "X12_127", + "X12_128", + "X12_129", + "X12_130", + "X12_131", + "X12_132", + "X12_133", + "X12_135", + "X12_138", + "X12_139", + "X12_140", + "X12_141", + "X12_142", + "X12_143", + "X12_144", + "X12_146", + "X12_147", + "X12_148", + "X12_149", + "X12_150", + "X12_151", + "X12_152", + "X12_153", + "X12_154", + "X12_155", + "X12_157", + "X12_158", + "X12_159", + "X12_160", + "X12_161", + "X12_163", + "X12_170", + "X12_175", + "X12_176", + "X12_179", "X12_180", + "X12_185", + "X12_186", + "X12_187", + "X12_188", + "X12_189", + "X12_190", + "X12_191", + "X12_194", + "X12_195", + "X12_196", + "X12_197", + "X12_198", + "X12_199", + "X12_200", + "X12_201", + "X12_202", + "X12_203", "X12_204", + "X12_205", + "X12_206", "X12_210", "X12_211", + "X12_212", + "X12_213", "X12_214", "X12_215", + "X12_216", + "X12_217", + "X12_218", + "X12_219", + "X12_220", + "X12_222", + "X12_223", + "X12_224", + "X12_225", + "X12_227", + "X12_228", + "X12_240", + "X12_242", + "X12_244", + "X12_245", + "X12_248", + "X12_249", + "X12_250", + "X12_251", + "X12_252", + "X12_255", + "X12_256", "X12_259", "X12_260", + "X12_261", + "X12_262", + "X12_263", + "X12_264", + "X12_265", "X12_266", + "X12_267", + "X12_268", "X12_269", "X12_270", "X12_271", + "X12_272", + "X12_273", "X12_274", "X12_275", "X12_276", "X12_277", "X12_278", + "X12_280", + "X12_283", + "X12_284", + "X12_285", + "X12_286", + "X12_288", + "X12_290", + "X12_300", + "X12_301", + "X12_303", + "X12_304", + "X12_309", "X12_310", + "X12_311", + "X12_312", + "X12_313", "X12_315", + "X12_317", + "X12_319", "X12_322", + "X12_323", + "X12_324", + "X12_325", + "X12_326", + "X12_350", + "X12_352", + "X12_353", + "X12_354", + "X12_355", + "X12_356", + "X12_357", + "X12_358", + "X12_361", + "X12_362", "X12_404", "X12_410", + "X12_412", + "X12_414", "X12_417", + "X12_418", + "X12_419", + "X12_420", "X12_421", + "X12_422", + "X12_423", + "X12_424", + "X12_425", "X12_426", + "X12_429", + "X12_431", + "X12_432", + "X12_433", + "X12_434", + "X12_435", + "X12_436", + "X12_437", + "X12_440", + "X12_451", + "X12_452", + "X12_453", + "X12_455", + "X12_456", + "X12_460", + "X12_463", + "X12_466", + "X12_468", + "X12_470", + "X12_475", + "X12_485", + "X12_486", + "X12_490", + "X12_492", + "X12_494", + "X12_500", + "X12_501", + "X12_503", + "X12_504", + "X12_511", + "X12_517", + "X12_521", + "X12_527", + "X12_536", + "X12_540", + "X12_561", + "X12_567", + "X12_568", + "X12_601", + "X12_602", + "X12_620", + "X12_625", + "X12_650", + "X12_715", + "X12_753", + "X12_754", + "X12_805", + "X12_806", "X12_810", + "X12_811", + "X12_812", + "X12_813", + "X12_814", + "X12_815", + "X12_816", + "X12_818", + "X12_819", "X12_820", + "X12_821", + "X12_822", + "X12_823", "X12_824", + "X12_826", + "X12_827", + "X12_828", + "X12_829", "X12_830", + "X12_831", "X12_832", + "X12_833", "X12_834", "X12_835", + "X12_836", "X12_837", + "X12_838", + "X12_839", + "X12_840", + "X12_841", + "X12_842", + "X12_843", "X12_844", + "X12_845", "X12_846", + "X12_847", + "X12_848", "X12_849", "X12_850", + "X12_851", "X12_852", + "X12_853", + "X12_854", "X12_855", "X12_856", + "X12_857", + "X12_858", + "X12_859", "X12_860", "X12_861", + "X12_862", + "X12_863", "X12_864", "X12_865", + "X12_866", + "X12_867", + "X12_868", "X12_869", "X12_870", + "X12_871", + "X12_872", + "X12_873", + "X12_874", + "X12_875", + "X12_876", + "X12_877", + "X12_878", + "X12_879", + "X12_880", + "X12_881", + "X12_882", + "X12_883", + "X12_884", + "X12_885", + "X12_886", + "X12_887", + "X12_888", + "X12_889", + "X12_891", + "X12_893", + "X12_894", + "X12_895", + "X12_896", + "X12_920", + "X12_924", + "X12_925", + "X12_926", + "X12_928", "X12_940", + "X12_943", + "X12_944", "X12_945", + "X12_947", + "X12_980", "X12_990", + "X12_993", + "X12_996", "X12_997", + "X12_998", "X12_999", "X12_270_X279", "X12_271_X279", @@ -148,12 +536,20 @@ "enum": [ "VERSION_4010", "VERSION_4030", + "VERSION_4050", + "VERSION_4060", "VERSION_5010", "VERSION_5010_HIPAA" ], "type": "string" } }, + "deprecatedProperties": [ + "/properties/EdiType", + "/properties/FileFormat", + "/properties/MappingTemplate", + "/properties/SampleDocument" + ], "description": "Definition of AWS::B2BI::Transformer Resource Type", "handlers": { "create": { @@ -212,7 +608,14 @@ "FileFormat": { "$ref": "#/definitions/FileFormat" }, + "InputConversion": { + "$ref": "#/definitions/InputConversion" + }, + "Mapping": { + "$ref": "#/definitions/Mapping" + }, "MappingTemplate": { + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion.", "maxLength": 350000, "minLength": 0, "type": "string" @@ -224,13 +627,21 @@ "Name": { "maxLength": 254, "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]{1,512}$", "type": "string" }, + "OutputConversion": { + "$ref": "#/definitions/OutputConversion" + }, "SampleDocument": { + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion.", "maxLength": 1024, "minLength": 0, "type": "string" }, + "SampleDocuments": { + "$ref": "#/definitions/SampleDocuments" + }, "Status": { "$ref": "#/definitions/TransformerStatus" }, @@ -261,14 +672,16 @@ "/properties/TransformerId" ], "required": [ - "EdiType", - "FileFormat", - "MappingTemplate", "Name", "Status" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "b2bi:ListTagsForResource", + "b2bi:TagResource", + "b2bi:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-backup-backupplan.json b/src/schema/aws-backup-backupplan.json index 5ec7f146..c212e2e4 100644 --- a/src/schema/aws-backup-backupplan.json +++ b/src/schema/aws-backup-backupplan.json @@ -63,6 +63,14 @@ "EnableContinuousBackup": { "type": "boolean" }, + "IndexActions": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/IndexActionsResourceType" + }, + "type": "array", + "uniqueItems": false + }, "Lifecycle": { "$ref": "#/definitions/LifecycleResourceType" }, @@ -112,6 +120,15 @@ ], "type": "object" }, + "IndexActionsResourceType": { + "additionalProperties": false, + "properties": { + "ResourceTypes": { + "$ref": "#/definitions/ResourceTypes" + } + }, + "type": "object" + }, "LifecycleResourceType": { "additionalProperties": false, "properties": { @@ -126,6 +143,17 @@ } }, "type": "object" + }, + "ResourceType": { + "type": "string" + }, + "ResourceTypes": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ResourceType" + }, + "type": "array", + "uniqueItems": true } }, "description": "Resource Type definition for AWS::Backup::BackupPlan", @@ -200,6 +228,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "backup:TagResource", + "backup:UntagResource", + "backup:ListTags" + ], "tagOnCreate": true, "tagProperty": "/properties/BackupPlanTags", "tagUpdatable": true, diff --git a/src/schema/aws-backup-backupselection.json b/src/schema/aws-backup-backupselection.json index 60200614..539586f3 100644 --- a/src/schema/aws-backup-backupselection.json +++ b/src/schema/aws-backup-backupselection.json @@ -134,7 +134,8 @@ }, "list": { "permissions": [ - "backup:ListBackupSelections" + "backup:ListBackupSelections", + "backup:ListBackupPlans" ] }, "read": { diff --git a/src/schema/aws-backup-backupvault.json b/src/schema/aws-backup-backupvault.json index f0ca64f3..fb77ac97 100644 --- a/src/schema/aws-backup-backupvault.json +++ b/src/schema/aws-backup-backupvault.json @@ -144,6 +144,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "backup:TagResource", + "backup:UntagResource", + "backup:ListTags" + ], "tagOnCreate": true, "tagProperty": "/properties/BackupVaultTags", "tagUpdatable": true, diff --git a/src/schema/aws-backup-framework.json b/src/schema/aws-backup-framework.json index 99f4ee3a..6f70b39c 100644 --- a/src/schema/aws-backup-framework.json +++ b/src/schema/aws-backup-framework.json @@ -194,6 +194,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "backup:TagResource", + "backup:UntagResource", + "backup:ListTags" + ], "tagOnCreate": true, "tagProperty": "/properties/FrameworkTags", "tagUpdatable": true, diff --git a/src/schema/aws-backup-logicallyairgappedbackupvault.json b/src/schema/aws-backup-logicallyairgappedbackupvault.json new file mode 100644 index 00000000..e18f4f4a --- /dev/null +++ b/src/schema/aws-backup-logicallyairgappedbackupvault.json @@ -0,0 +1,151 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/BackupVaultName", + "/properties/MinRetentionDays", + "/properties/MaxRetentionDays" + ], + "definitions": { + "BackupVaultNamePattern": { + "pattern": "^[a-zA-Z0-9\\-\\_]{2,50}$", + "type": "string" + }, + "NotificationObjectType": { + "additionalProperties": false, + "properties": { + "BackupVaultEvents": { + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, + "SNSTopicArn": { + "type": "string" + } + }, + "required": [ + "SNSTopicArn", + "BackupVaultEvents" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault", + "handlers": { + "create": { + "permissions": [ + "backup:TagResource", + "backup:CreateLogicallyAirGappedBackupVault", + "backup:PutBackupVaultAccessPolicy", + "backup:PutBackupVaultNotifications", + "backup-storage:Mount", + "backup-storage:MountCapsule", + "backup:DescribeBackupVault" + ] + }, + "delete": { + "permissions": [ + "backup:DeleteBackupVault" + ] + }, + "list": { + "permissions": [ + "backup:ListBackupVaults" + ] + }, + "read": { + "permissions": [ + "backup:DescribeBackupVault", + "backup:GetBackupVaultNotifications", + "backup:GetBackupVaultAccessPolicy", + "backup:ListTags" + ] + }, + "update": { + "permissions": [ + "backup:DescribeBackupVault", + "backup:DeleteBackupVaultAccessPolicy", + "backup:DeleteBackupVaultNotifications", + "backup:DeleteBackupVaultLockConfiguration", + "backup:GetBackupVaultAccessPolicy", + "backup:ListTags", + "backup:TagResource", + "backup:UntagResource", + "backup:PutBackupVaultAccessPolicy", + "backup:PutBackupVaultNotifications", + "backup:PutBackupVaultLockConfiguration" + ] + } + }, + "primaryIdentifier": [ + "/properties/BackupVaultName" + ], + "properties": { + "AccessPolicy": { + "type": [ + "object", + "string" + ] + }, + "BackupVaultArn": { + "type": "string" + }, + "BackupVaultName": { + "$ref": "#/definitions/BackupVaultNamePattern" + }, + "BackupVaultTags": { + "additionalProperties": false, + "patternProperties": { + "^.{1,128}$": { + "type": "string" + } + }, + "type": "object" + }, + "EncryptionKeyArn": { + "type": "string" + }, + "MaxRetentionDays": { + "type": "integer" + }, + "MinRetentionDays": { + "type": "integer" + }, + "Notifications": { + "$ref": "#/definitions/NotificationObjectType" + }, + "VaultState": { + "type": "string" + }, + "VaultType": { + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/BackupVaultArn", + "/properties/EncryptionKeyArn", + "/properties/VaultState", + "/properties/VaultType" + ], + "required": [ + "BackupVaultName", + "MinRetentionDays", + "MaxRetentionDays" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "backup:TagResource", + "backup:UntagResource", + "backup:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/BackupVaultTags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Backup::LogicallyAirGappedBackupVault" +} diff --git a/src/schema/aws-backup-reportplan.json b/src/schema/aws-backup-reportplan.json index ed137ef2..aedcb4c3 100644 --- a/src/schema/aws-backup-reportplan.json +++ b/src/schema/aws-backup-reportplan.json @@ -180,6 +180,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "backup:TagResource", + "backup:UntagResource", + "backup:ListTags" + ], "tagOnCreate": true, "tagProperty": "/properties/ReportPlanTags", "tagUpdatable": true, diff --git a/src/schema/aws-backup-restoretestingplan.json b/src/schema/aws-backup-restoretestingplan.json index b2da7b76..d7c94298 100644 --- a/src/schema/aws-backup-restoretestingplan.json +++ b/src/schema/aws-backup-restoretestingplan.json @@ -162,6 +162,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "backup:TagResource", + "backup:UntagResource", + "backup:ListTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-backup-restoretestingselection.json b/src/schema/aws-backup-restoretestingselection.json index 03674597..717798f7 100644 --- a/src/schema/aws-backup-restoretestingselection.json +++ b/src/schema/aws-backup-restoretestingselection.json @@ -71,7 +71,8 @@ }, "list": { "permissions": [ - "backup:ListRestoreTestingSelections" + "backup:ListRestoreTestingSelections", + "backup:ListRestoreTestingPlans" ], "timeoutInMinutes": 5 }, diff --git a/src/schema/aws-backupgateway-hypervisor.json b/src/schema/aws-backupgateway-hypervisor.json index 1723261e..bce90bc7 100644 --- a/src/schema/aws-backupgateway-hypervisor.json +++ b/src/schema/aws-backupgateway-hypervisor.json @@ -50,6 +50,7 @@ "handlers": { "create": { "permissions": [ + "backup-gateway:ListTagsForResource", "backup-gateway:ImportHypervisorConfiguration", "backup-gateway:GetHypervisor", "backup-gateway:ListHypervisors", @@ -74,7 +75,8 @@ "read": { "permissions": [ "backup-gateway:GetHypervisor", - "backup-gateway:ListHypervisors" + "backup-gateway:ListHypervisors", + "backup-gateway:ListTagsForResource" ] }, "update": { @@ -83,7 +85,8 @@ "backup-gateway:GetHypervisor", "backup-gateway:ListHypervisors", "backup-gateway:ImportHypervisorConfiguration", - "backup-gateway:DeleteHypervisor" + "backup-gateway:DeleteHypervisor", + "backup-gateway:ListTagsForResource" ] } }, @@ -145,6 +148,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "backup-gateway:UntagResource", + "backup-gateway:TagResource", + "backup-gateway:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, @@ -156,7 +164,6 @@ "/properties/LogGroupArn", "/properties/Name", "/properties/Password", - "/properties/Tags", "/properties/Username" ] } diff --git a/src/schema/aws-batch-computeenvironment.json b/src/schema/aws-batch-computeenvironment.json index 57222a9f..e71b1705 100644 --- a/src/schema/aws-batch-computeenvironment.json +++ b/src/schema/aws-batch-computeenvironment.json @@ -166,6 +166,37 @@ "LaunchTemplateName": { "type": "string" }, + "Overrides": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/LaunchTemplateSpecificationOverride" + }, + "type": "array", + "uniqueItems": false + }, + "Version": { + "type": "string" + } + }, + "type": "object" + }, + "LaunchTemplateSpecificationOverride": { + "additionalProperties": false, + "properties": { + "LaunchTemplateId": { + "type": "string" + }, + "LaunchTemplateName": { + "type": "string" + }, + "TargetInstanceTypes": { + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, "Version": { "type": "string" } @@ -242,6 +273,9 @@ "ComputeResources": { "$ref": "#/definitions/ComputeResources" }, + "Context": { + "type": "string" + }, "EksConfiguration": { "$ref": "#/definitions/EksConfiguration" }, @@ -283,6 +317,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "Batch:TagResource", + "Batch:UnTagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/src/schema/aws-batch-consumableresource.json b/src/schema/aws-batch-consumableresource.json new file mode 100644 index 00000000..209887c1 --- /dev/null +++ b/src/schema/aws-batch-consumableresource.json @@ -0,0 +1,122 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ConsumableResourceName", + "/properties/ResourceType", + "/properties/Tags" + ], + "definitions": { + "ResourceArn": { + "description": "ARN of the Consumable Resource.", + "type": "string" + }, + "ResourceType": { + "description": "Type of Consumable Resource.", + "enum": [ + "REPLENISHABLE", + "NON_REPLENISHABLE" + ], + "type": "string" + } + }, + "description": "Resource Type definition for AWS::Batch::ConsumableResource", + "handlers": { + "create": { + "permissions": [ + "Batch:CreateConsumableResource", + "Batch:TagResource" + ] + }, + "delete": { + "permissions": [ + "Batch:DescribeConsumableResource", + "Batch:DeleteConsumableResource" + ] + }, + "list": { + "permissions": [ + "Batch:ListConsumableResources" + ] + }, + "read": { + "permissions": [ + "Batch:DescribeConsumableResource" + ] + }, + "update": { + "permissions": [ + "Batch:UpdateConsumableResource", + "Batch:TagResource", + "Batch:UnTagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/ConsumableResourceArn" + ], + "properties": { + "AvailableQuantity": { + "description": "Available Quantity of ConsumableResource.", + "format": "int64", + "type": "integer" + }, + "ConsumableResourceArn": { + "$ref": "#/definitions/ResourceArn" + }, + "ConsumableResourceName": { + "description": "Name of ConsumableResource.", + "pattern": "", + "type": "string" + }, + "CreatedAt": { + "format": "int64", + "type": "integer" + }, + "InUseQuantity": { + "description": "In-use Quantity of ConsumableResource.", + "format": "int64", + "type": "integer" + }, + "ResourceType": { + "$ref": "#/definitions/ResourceType" + }, + "Tags": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "TotalQuantity": { + "description": "Total Quantity of ConsumableResource.", + "format": "int64", + "type": "integer" + } + }, + "readOnlyProperties": [ + "/properties/ConsumableResourceArn", + "/properties/CreatedAt", + "/properties/InUseQuantity", + "/properties/AvailableQuantity" + ], + "required": [ + "ResourceType", + "TotalQuantity" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-batch.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "Batch:TagResource", + "Batch:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::Batch::ConsumableResource" +} diff --git a/src/schema/aws-batch-jobdefinition.json b/src/schema/aws-batch-jobdefinition.json index 2ca78eae..98b18231 100644 --- a/src/schema/aws-batch-jobdefinition.json +++ b/src/schema/aws-batch-jobdefinition.json @@ -1,33 +1,61 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Tags", "/properties/JobDefinitionName" ], "definitions": { - "AuthorizationConfig": { + "ConsumableResourceProperties": { "additionalProperties": false, "properties": { - "AccessPointId": { + "ConsumableResourceList": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ConsumableResourceRequirement" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "ConsumableResourceList" + ], + "type": "object" + }, + "ConsumableResourceRequirement": { + "additionalProperties": false, + "properties": { + "ConsumableResource": { + "description": "The ARN of the consumable resource the job definition should consume.", + "pattern": "arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}", "type": "string" }, - "Iam": { - "type": "string" + "Quantity": { + "format": "int64", + "type": "integer" } }, + "required": [ + "ConsumableResource", + "Quantity" + ], "type": "object" }, "ContainerProperties": { "additionalProperties": false, "properties": { "Command": { + "insertionOrder": true, "items": { "type": "string" }, "type": "array", "uniqueItems": false }, + "EnableExecuteCommand": { + "type": "boolean" + }, "Environment": { + "insertionOrder": true, "items": { "$ref": "#/definitions/Environment" }, @@ -41,14 +69,17 @@ "type": "string" }, "FargatePlatformConfiguration": { - "$ref": "#/definitions/FargatePlatformConfiguration" + "additionalProperties": false, + "properties": { + "PlatformVersion": { + "type": "string" + } + }, + "type": "object" }, "Image": { "type": "string" }, - "InstanceType": { - "type": "string" - }, "JobRoleArn": { "type": "string" }, @@ -62,8 +93,9 @@ "type": "integer" }, "MountPoints": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/MountPoints" + "$ref": "#/definitions/MountPoint" }, "type": "array", "uniqueItems": false @@ -81,6 +113,7 @@ "$ref": "#/definitions/RepositoryCredentials" }, "ResourceRequirements": { + "insertionOrder": false, "items": { "$ref": "#/definitions/ResourceRequirement" }, @@ -91,6 +124,7 @@ "$ref": "#/definitions/RuntimePlatform" }, "Secrets": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Secret" }, @@ -98,6 +132,7 @@ "uniqueItems": false }, "Ulimits": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Ulimit" }, @@ -111,8 +146,9 @@ "type": "integer" }, "Volumes": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/Volumes" + "$ref": "#/definitions/Volume" }, "type": "array", "uniqueItems": false @@ -133,6 +169,7 @@ "type": "string" }, "Permissions": { + "insertionOrder": false, "items": { "type": "string" }, @@ -142,10 +179,47 @@ }, "type": "object" }, + "EFSAuthorizationConfig": { + "additionalProperties": false, + "properties": { + "AccessPointId": { + "type": "string" + }, + "Iam": { + "type": "string" + } + }, + "type": "object" + }, + "EFSVolumeConfiguration": { + "additionalProperties": false, + "properties": { + "AuthorizationConfig": { + "$ref": "#/definitions/EFSAuthorizationConfig" + }, + "FileSystemId": { + "type": "string" + }, + "RootDirectory": { + "type": "string" + }, + "TransitEncryption": { + "type": "string" + }, + "TransitEncryptionPort": { + "type": "integer" + } + }, + "required": [ + "FileSystemId" + ], + "type": "object" + }, "EcsProperties": { "additionalProperties": false, "properties": { "TaskProperties": { + "insertionOrder": false, "items": { "$ref": "#/definitions/EcsTaskProperties" }, @@ -162,12 +236,16 @@ "additionalProperties": false, "properties": { "Containers": { + "insertionOrder": false, "items": { "$ref": "#/definitions/TaskContainerProperties" }, "type": "array", "uniqueItems": false }, + "EnableExecuteCommand": { + "type": "boolean" + }, "EphemeralStorage": { "$ref": "#/definitions/EphemeralStorage" }, @@ -193,8 +271,9 @@ "type": "string" }, "Volumes": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/Volumes" + "$ref": "#/definitions/Volume" }, "type": "array", "uniqueItems": false @@ -202,34 +281,11 @@ }, "type": "object" }, - "EfsVolumeConfiguration": { - "additionalProperties": false, - "properties": { - "AuthorizationConfig": { - "$ref": "#/definitions/AuthorizationConfig" - }, - "FileSystemId": { - "type": "string" - }, - "RootDirectory": { - "type": "string" - }, - "TransitEncryption": { - "type": "string" - }, - "TransitEncryptionPort": { - "type": "integer" - } - }, - "required": [ - "FileSystemId" - ], - "type": "object" - }, "EksContainer": { "additionalProperties": false, "properties": { "Args": { + "insertionOrder": true, "items": { "type": "string" }, @@ -237,6 +293,7 @@ "uniqueItems": false }, "Command": { + "insertionOrder": true, "items": { "type": "string" }, @@ -244,6 +301,7 @@ "uniqueItems": false }, "Env": { + "insertionOrder": false, "items": { "$ref": "#/definitions/EksContainerEnvironmentVariable" }, @@ -266,6 +324,7 @@ "$ref": "#/definitions/EksContainerSecurityContext" }, "VolumeMounts": { + "insertionOrder": false, "items": { "$ref": "#/definitions/EksContainerVolumeMount" }, @@ -297,9 +356,21 @@ "additionalProperties": false, "properties": { "Limits": { + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + }, "type": "object" }, "Requests": { + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + }, "type": "object" } }, @@ -340,6 +411,9 @@ }, "ReadOnly": { "type": "boolean" + }, + "SubPath": { + "type": "string" } }, "type": "object" @@ -365,11 +439,106 @@ }, "type": "object" }, + "EksMetadata": { + "additionalProperties": false, + "properties": { + "Annotations": { + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "Labels": { + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "Namespace": { + "type": "string" + } + }, + "type": "object" + }, + "EksPersistentVolumeClaim": { + "additionalProperties": false, + "properties": { + "ClaimName": { + "type": "string" + }, + "ReadOnly": { + "type": "boolean" + } + }, + "required": [ + "ClaimName" + ], + "type": "object" + }, + "EksPodProperties": { + "additionalProperties": false, + "properties": { + "Containers": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EksContainer" + }, + "type": "array", + "uniqueItems": false + }, + "DnsPolicy": { + "type": "string" + }, + "HostNetwork": { + "type": "boolean" + }, + "ImagePullSecrets": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ImagePullSecret" + }, + "type": "array", + "uniqueItems": false + }, + "InitContainers": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EksContainer" + }, + "type": "array", + "uniqueItems": false + }, + "Metadata": { + "$ref": "#/definitions/EksMetadata" + }, + "ServiceAccountName": { + "type": "string" + }, + "ShareProcessNamespace": { + "type": "boolean" + }, + "Volumes": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EksVolume" + }, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" + }, "EksProperties": { "additionalProperties": false, "properties": { "PodProperties": { - "$ref": "#/definitions/PodProperties" + "$ref": "#/definitions/EksPodProperties" } }, "type": "object" @@ -401,6 +570,9 @@ "Name": { "type": "string" }, + "PersistentVolumeClaim": { + "$ref": "#/definitions/EksPersistentVolumeClaim" + }, "Secret": { "$ref": "#/definitions/EksSecret" } @@ -455,10 +627,10 @@ ], "type": "object" }, - "FargatePlatformConfiguration": { + "Host": { "additionalProperties": false, "properties": { - "PlatformVersion": { + "SourcePath": { "type": "string" } }, @@ -471,15 +643,22 @@ "type": "string" } }, - "required": [ - "Name" - ], + "type": "object" + }, + "JobTimeout": { + "additionalProperties": false, + "properties": { + "AttemptDurationSeconds": { + "type": "integer" + } + }, "type": "object" }, "LinuxParameters": { "additionalProperties": false, "properties": { "Devices": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Device" }, @@ -499,6 +678,7 @@ "type": "integer" }, "Tmpfs": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Tmpfs" }, @@ -515,9 +695,16 @@ "type": "string" }, "Options": { + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + }, "type": "object" }, "SecretOptions": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Secret" }, @@ -530,16 +717,7 @@ ], "type": "object" }, - "Metadata": { - "additionalProperties": false, - "properties": { - "Labels": { - "type": "object" - } - }, - "type": "object" - }, - "MountPoints": { + "MountPoint": { "additionalProperties": false, "properties": { "ContainerPath": { @@ -554,114 +732,234 @@ }, "type": "object" }, - "NetworkConfiguration": { + "MultiNodeContainerProperties": { "additionalProperties": false, "properties": { - "AssignPublicIp": { + "Command": { + "insertionOrder": true, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, + "EnableExecuteCommand": { + "type": "boolean" + }, + "Environment": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Environment" + }, + "type": "array", + "uniqueItems": false + }, + "EphemeralStorage": { + "$ref": "#/definitions/EphemeralStorage" + }, + "ExecutionRoleArn": { "type": "string" - } - }, - "type": "object" - }, - "NodeProperties": { - "additionalProperties": false, - "properties": { - "MainNode": { + }, + "Image": { + "type": "string" + }, + "InstanceType": { + "type": "string" + }, + "JobRoleArn": { + "type": "string" + }, + "LinuxParameters": { + "$ref": "#/definitions/LinuxParameters" + }, + "LogConfiguration": { + "$ref": "#/definitions/LogConfiguration" + }, + "Memory": { "type": "integer" }, - "NodeRangeProperties": { + "MountPoints": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/NodeRangeProperty" + "$ref": "#/definitions/MountPoint" }, "type": "array", "uniqueItems": false }, - "NumNodes": { + "Privileged": { + "type": "boolean" + }, + "ReadonlyRootFilesystem": { + "type": "boolean" + }, + "RepositoryCredentials": { + "$ref": "#/definitions/RepositoryCredentials" + }, + "ResourceRequirements": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ResourceRequirement" + }, + "type": "array", + "uniqueItems": false + }, + "RuntimePlatform": { + "$ref": "#/definitions/RuntimePlatform" + }, + "Secrets": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Secret" + }, + "type": "array", + "uniqueItems": false + }, + "Ulimits": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Ulimit" + }, + "type": "array", + "uniqueItems": false + }, + "User": { + "type": "string" + }, + "Vcpus": { "type": "integer" + }, + "Volumes": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Volume" + }, + "type": "array", + "uniqueItems": false } }, "required": [ - "MainNode", - "NodeRangeProperties", - "NumNodes" + "Image" ], "type": "object" }, - "NodeRangeProperty": { + "MultiNodeEcsProperties": { "additionalProperties": false, "properties": { - "Container": { - "$ref": "#/definitions/ContainerProperties" - }, - "EcsProperties": { - "$ref": "#/definitions/EcsProperties" - }, - "EksProperties": { - "$ref": "#/definitions/EksProperties" - }, - "InstanceTypes": { + "TaskProperties": { + "insertionOrder": false, "items": { - "type": "string" + "$ref": "#/definitions/MultiNodeEcsTaskProperties" }, "type": "array", "uniqueItems": false - }, - "TargetNodes": { - "type": "string" } }, "required": [ - "TargetNodes" + "TaskProperties" ], "type": "object" }, - "PodProperties": { + "MultiNodeEcsTaskProperties": { "additionalProperties": false, "properties": { "Containers": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/EksContainer" + "$ref": "#/definitions/TaskContainerProperties" }, "type": "array", "uniqueItems": false }, - "DnsPolicy": { + "EnableExecuteCommand": { + "type": "boolean" + }, + "ExecutionRoleArn": { "type": "string" }, - "HostNetwork": { - "type": "boolean" + "IpcMode": { + "type": "string" }, - "ImagePullSecrets": { + "PidMode": { + "type": "string" + }, + "TaskRoleArn": { + "type": "string" + }, + "Volumes": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/ImagePullSecret" + "$ref": "#/definitions/Volume" }, "type": "array", "uniqueItems": false + } + }, + "type": "object" + }, + "NetworkConfiguration": { + "additionalProperties": false, + "properties": { + "AssignPublicIp": { + "type": "string" + } + }, + "type": "object" + }, + "NodeProperties": { + "additionalProperties": false, + "properties": { + "MainNode": { + "type": "integer" }, - "InitContainers": { + "NodeRangeProperties": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/EksContainer" + "$ref": "#/definitions/NodeRangeProperty" }, "type": "array", "uniqueItems": false }, - "Metadata": { - "$ref": "#/definitions/Metadata" + "NumNodes": { + "type": "integer" + } + }, + "required": [ + "NumNodes", + "MainNode", + "NodeRangeProperties" + ], + "type": "object" + }, + "NodeRangeProperty": { + "additionalProperties": false, + "properties": { + "ConsumableResourceProperties": { + "$ref": "#/definitions/ConsumableResourceProperties" }, - "ServiceAccountName": { - "type": "string" + "Container": { + "$ref": "#/definitions/MultiNodeContainerProperties" }, - "ShareProcessNamespace": { - "type": "boolean" + "EcsProperties": { + "$ref": "#/definitions/MultiNodeEcsProperties" }, - "Volumes": { + "EksProperties": { + "$ref": "#/definitions/EksProperties" + }, + "InstanceTypes": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/EksVolume" + "type": "string" }, "type": "array", "uniqueItems": false + }, + "TargetNodes": { + "type": "string" } }, + "required": [ + "TargetNodes" + ], "type": "object" }, "RepositoryCredentials": { @@ -695,6 +993,7 @@ "type": "integer" }, "EvaluateOnExit": { + "insertionOrder": false, "items": { "$ref": "#/definitions/EvaluateOnExit" }, @@ -727,8 +1026,8 @@ } }, "required": [ - "ValueFrom", - "Name" + "Name", + "ValueFrom" ], "type": "object" }, @@ -743,8 +1042,8 @@ } }, "required": [ - "Condition", - "ContainerName" + "ContainerName", + "Condition" ], "type": "object" }, @@ -752,6 +1051,7 @@ "additionalProperties": false, "properties": { "Command": { + "insertionOrder": true, "items": { "type": "string" }, @@ -759,6 +1059,7 @@ "uniqueItems": false }, "DependsOn": { + "insertionOrder": false, "items": { "$ref": "#/definitions/TaskContainerDependency" }, @@ -766,6 +1067,7 @@ "uniqueItems": false }, "Environment": { + "insertionOrder": true, "items": { "$ref": "#/definitions/Environment" }, @@ -775,6 +1077,27 @@ "Essential": { "type": "boolean" }, + "FirelensConfiguration": { + "additionalProperties": false, + "properties": { + "Options": { + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, "Image": { "type": "string" }, @@ -785,8 +1108,9 @@ "$ref": "#/definitions/LogConfiguration" }, "MountPoints": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/MountPoints" + "$ref": "#/definitions/MountPoint" }, "type": "array", "uniqueItems": false @@ -804,6 +1128,7 @@ "$ref": "#/definitions/RepositoryCredentials" }, "ResourceRequirements": { + "insertionOrder": false, "items": { "$ref": "#/definitions/ResourceRequirement" }, @@ -811,6 +1136,7 @@ "uniqueItems": false }, "Secrets": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Secret" }, @@ -818,6 +1144,7 @@ "uniqueItems": false }, "Ulimits": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Ulimit" }, @@ -833,15 +1160,6 @@ ], "type": "object" }, - "Timeout": { - "additionalProperties": false, - "properties": { - "AttemptDurationSeconds": { - "type": "integer" - } - }, - "type": "object" - }, "Tmpfs": { "additionalProperties": false, "properties": { @@ -849,6 +1167,7 @@ "type": "string" }, "MountOptions": { + "insertionOrder": false, "items": { "type": "string" }, @@ -860,8 +1179,8 @@ } }, "required": [ - "Size", - "ContainerPath" + "ContainerPath", + "Size" ], "type": "object" }, @@ -879,42 +1198,73 @@ } }, "required": [ - "SoftLimit", "HardLimit", - "Name" + "Name", + "SoftLimit" ], "type": "object" }, - "Volumes": { + "Volume": { "additionalProperties": false, "properties": { "EfsVolumeConfiguration": { - "$ref": "#/definitions/EfsVolumeConfiguration" + "$ref": "#/definitions/EFSVolumeConfiguration" }, "Host": { - "$ref": "#/definitions/VolumesHost" + "$ref": "#/definitions/Host" }, "Name": { "type": "string" } }, "type": "object" - }, - "VolumesHost": { - "additionalProperties": false, - "properties": { - "SourcePath": { - "type": "string" - } - }, - "type": "object" } }, "description": "Resource Type definition for AWS::Batch::JobDefinition", + "handlers": { + "create": { + "permissions": [ + "Batch:RegisterJobDefinition", + "Batch:TagResource", + "Batch:DescribeJobDefinitions", + "Iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "Batch:DescribeJobDefinitions", + "Batch:DeregisterJobDefinition", + "Iam:PassRole" + ] + }, + "list": { + "permissions": [ + "Batch:DescribeJobDefinitions" + ] + }, + "read": { + "permissions": [ + "Batch:DescribeJobDefinitions" + ] + }, + "update": { + "permissions": [ + "Batch:DescribeJobDefinitions", + "Batch:RegisterJobDefinition", + "Batch:DeregisterJobDefinition", + "Batch:TagResource", + "Batch:UntagResource", + "Iam:PassRole" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/JobDefinitionName" ], "properties": { + "ConsumableResourceProperties": { + "$ref": "#/definitions/ConsumableResourceProperties" + }, "ContainerProperties": { "$ref": "#/definitions/ContainerProperties" }, @@ -924,19 +1274,27 @@ "EksProperties": { "$ref": "#/definitions/EksProperties" }, - "Id": { + "JobDefinitionArn": { "type": "string" }, "JobDefinitionName": { + "maxLength": 128, "type": "string" }, "NodeProperties": { "$ref": "#/definitions/NodeProperties" }, "Parameters": { + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + }, "type": "object" }, "PlatformCapabilities": { + "insertionOrder": true, "items": { "type": "string" }, @@ -953,20 +1311,39 @@ "type": "integer" }, "Tags": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "patternProperties": { + ".*": { + "type": "string" + } + }, "type": "object" }, "Timeout": { - "$ref": "#/definitions/Timeout" + "$ref": "#/definitions/JobTimeout" }, "Type": { "type": "string" } }, "readOnlyProperties": [ - "/properties/Id" + "/properties/JobDefinitionArn" ], "required": [ "Type" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "Batch:TagResource", + "Batch:UnTagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Batch::JobDefinition" } diff --git a/src/schema/aws-batch-jobqueue.json b/src/schema/aws-batch-jobqueue.json index be83ed3f..74f27124 100644 --- a/src/schema/aws-batch-jobqueue.json +++ b/src/schema/aws-batch-jobqueue.json @@ -156,6 +156,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "Batch:TagResource", + "Batch:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/src/schema/aws-batch-schedulingpolicy.json b/src/schema/aws-batch-schedulingpolicy.json index 951d5d16..9387a883 100644 --- a/src/schema/aws-batch-schedulingpolicy.json +++ b/src/schema/aws-batch-schedulingpolicy.json @@ -51,7 +51,7 @@ "type": "object" } }, - "description": "Resource Type schema for AWS::Batch::SchedulingPolicy", + "description": "Resource Type definition for AWS::Batch::SchedulingPolicy", "handlers": { "create": { "permissions": [ @@ -116,6 +116,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-batch.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "Batch:TagResource", + "Batch:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/src/schema/aws-bcmdataexports-export.json b/src/schema/aws-bcmdataexports-export.json index a028d4d3..62b62edd 100644 --- a/src/schema/aws-bcmdataexports-export.json +++ b/src/schema/aws-bcmdataexports-export.json @@ -287,6 +287,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "bcm-data-exports:ListTagsForResource", + "bcm-data-exports:TagResource", + "bcm-data-exports:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-bedrock-agent.json b/src/schema/aws-bedrock-agent.json index 441664a1..46bc43d7 100644 --- a/src/schema/aws-bedrock-agent.json +++ b/src/schema/aws-bedrock-agent.json @@ -70,7 +70,8 @@ "ActionGroupSignature": { "description": "Action Group Signature for a BuiltIn Action", "enum": [ - "AMAZON.UserInput" + "AMAZON.UserInput", + "AMAZON.CodeInterpreter" ], "type": "string" }, @@ -82,6 +83,10 @@ ], "type": "string" }, + "AdditionalModelRequestFields": { + "description": "Additional Model Request Fields for Prompt Configuration", + "type": "object" + }, "AgentActionGroup": { "additionalProperties": false, "description": "Contains the information of an Agent Action Group", @@ -123,6 +128,50 @@ ], "type": "object" }, + "AgentCollaboration": { + "description": "Agent collaboration state", + "enum": [ + "DISABLED", + "SUPERVISOR", + "SUPERVISOR_ROUTER" + ], + "type": "string" + }, + "AgentCollaborator": { + "additionalProperties": false, + "description": "Agent Collaborator", + "properties": { + "AgentDescriptor": { + "additionalProperties": false, + "description": "Agent descriptor for agent collaborator", + "properties": { + "AliasArn": { + "description": "Alias ARN for agent descriptor", + "pattern": "^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$", + "type": "string" + } + }, + "type": "object" + }, + "CollaborationInstruction": { + "description": "Agent collaborator instruction", + "type": "string" + }, + "CollaboratorName": { + "description": "Agent collaborator name", + "type": "string" + }, + "RelayConversationHistory": { + "$ref": "#/definitions/RelayConversationHistory" + } + }, + "required": [ + "AgentDescriptor", + "CollaborationInstruction", + "CollaboratorName" + ], + "type": "object" + }, "AgentKnowledgeBase": { "additionalProperties": false, "description": "Agent Knowledge Base", @@ -177,6 +226,31 @@ ], "type": "string" }, + "CustomOrchestration": { + "additionalProperties": false, + "description": "Structure for custom orchestration", + "properties": { + "Executor": { + "$ref": "#/definitions/OrchestrationExecutor" + } + }, + "type": "object" + }, + "EnabledMemoryTypes": { + "description": "Types of session storage persisted in memory", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/MemoryType" + }, + "type": "array" + }, + "FoundationModel": { + "description": "ARN or name of a Bedrock model.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$", + "type": "string" + }, "Function": { "additionalProperties": false, "description": "Function definition", @@ -194,6 +268,9 @@ }, "Parameters": { "$ref": "#/definitions/ParameterMap" + }, + "RequireConfirmation": { + "$ref": "#/definitions/RequireConfirmation" } }, "required": [ @@ -287,6 +364,55 @@ ], "type": "string" }, + "MemoryConfiguration": { + "additionalProperties": false, + "description": "Configuration for memory storage", + "properties": { + "EnabledMemoryTypes": { + "$ref": "#/definitions/EnabledMemoryTypes" + }, + "SessionSummaryConfiguration": { + "$ref": "#/definitions/SessionSummaryConfiguration" + }, + "StorageDays": { + "description": "Maximum number of days to store session details", + "type": "number" + } + }, + "type": "object" + }, + "MemoryType": { + "description": "Memory type", + "enum": [ + "SESSION_SUMMARY" + ], + "type": "string" + }, + "OrchestrationExecutor": { + "additionalProperties": false, + "description": "Types of executors for custom orchestration strategy", + "properties": { + "Lambda": { + "description": "ARN of a Lambda.", + "maxLength": 2048, + "pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?$", + "type": "string" + } + }, + "required": [ + "Lambda" + ], + "title": "Lambda", + "type": "object" + }, + "OrchestrationType": { + "description": "Types of orchestration strategy for agents", + "enum": [ + "DEFAULT", + "CUSTOM_ORCHESTRATION" + ], + "type": "string" + }, "ParameterDetail": { "additionalProperties": false, "description": "Parameter detail", @@ -324,12 +450,18 @@ "additionalProperties": false, "description": "BasePromptConfiguration per Prompt Type.", "properties": { + "AdditionalModelRequestFields": { + "$ref": "#/definitions/AdditionalModelRequestFields" + }, "BasePromptTemplate": { "description": "Base Prompt Template.", "maxLength": 100000, "minLength": 1, "type": "string" }, + "FoundationModel": { + "$ref": "#/definitions/FoundationModel" + }, "InferenceConfiguration": { "$ref": "#/definitions/InferenceConfiguration" }, @@ -387,10 +519,28 @@ "PRE_PROCESSING", "ORCHESTRATION", "POST_PROCESSING", + "ROUTING_CLASSIFIER", + "MEMORY_SUMMARIZATION", "KNOWLEDGE_BASE_RESPONSE_GENERATION" ], "type": "string" }, + "RelayConversationHistory": { + "description": "Relay conversation history state", + "enum": [ + "TO_COLLABORATOR", + "DISABLED" + ], + "type": "string" + }, + "RequireConfirmation": { + "description": "ENUM to check if action requires user confirmation", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "S3Identifier": { "additionalProperties": false, "description": "The identifier for the S3 resource.", @@ -412,6 +562,17 @@ }, "type": "object" }, + "SessionSummaryConfiguration": { + "additionalProperties": false, + "description": "Configuration for Session Summarization", + "properties": { + "MaxRecentSessions": { + "description": "Maximum number of Sessions to Summarize", + "type": "number" + } + }, + "type": "object" + }, "TagsMap": { "additionalProperties": false, "description": "A map of tag keys and values", @@ -456,7 +617,15 @@ "bedrock:CreateGuardrail", "bedrock:CreateGuardrailVersion", "bedrock:GetGuardrail", - "iam:PassRole" + "bedrock:AssociateAgentCollaborator", + "bedrock:GetAgentCollaborator", + "bedrock:ListAgentCollaborators", + "iam:PassRole", + "kms:GenerateDataKeyWithoutPlainText", + "kms:ReEncryptFrom", + "kms:ReEncryptTo", + "kms:Decrypt", + "kms:GenerateDataKey" ] }, "delete": { @@ -464,7 +633,10 @@ "bedrock:GetAgent", "bedrock:DeleteAgent", "bedrock:DeleteGuardrail", - "bedrock:GetGuardrail" + "bedrock:GetGuardrail", + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey" ] }, "list": { @@ -482,7 +654,11 @@ "bedrock:ListAgentKnowledgeBases", "bedrock:ListTagsForResource", "bedrock:GetGuardrail", - "kms:Decrypt" + "bedrock:GetAgentCollaborator", + "bedrock:ListAgentCollaborators", + "kms:Decrypt", + "kms:GenerateDataKey", + "kms:Encrypt" ] }, "update": { @@ -505,7 +681,17 @@ "bedrock:ListTagsForResource", "bedrock:UpdateGuardrail", "bedrock:GetGuardrail", + "bedrock:AssociateAgentCollaborator", + "bedrock:GetAgentCollaborator", + "bedrock:ListAgentCollaborators", + "bedrock:DisassociateAgentCollaborator", + "bedrock:UpdateAgentCollaborator", "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:GenerateDataKeyWithoutPlainText", + "kms:ReEncryptFrom", + "kms:ReEncryptTo", "iam:PassRole" ] } @@ -528,6 +714,17 @@ "pattern": "^arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}$", "type": "string" }, + "AgentCollaboration": { + "$ref": "#/definitions/AgentCollaboration" + }, + "AgentCollaborators": { + "description": "List of Agent Collaborators", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AgentCollaborator" + }, + "type": "array" + }, "AgentId": { "description": "Identifier for a resource.", "pattern": "^[0-9a-zA-Z]{10}$", @@ -563,6 +760,9 @@ "format": "date-time", "type": "string" }, + "CustomOrchestration": { + "$ref": "#/definitions/CustomOrchestration" + }, "CustomerEncryptionKeyArn": { "description": "A KMS key ARN", "maxLength": 2048, @@ -588,11 +788,7 @@ "type": "array" }, "FoundationModel": { - "description": "ARN or name of a Bedrock model.", - "maxLength": 2048, - "minLength": 1, - "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$", - "type": "string" + "$ref": "#/definitions/FoundationModel" }, "GuardrailConfiguration": { "$ref": "#/definitions/GuardrailConfiguration" @@ -616,6 +812,12 @@ }, "type": "array" }, + "MemoryConfiguration": { + "$ref": "#/definitions/MemoryConfiguration" + }, + "OrchestrationType": { + "$ref": "#/definitions/OrchestrationType" + }, "PreparedAt": { "description": "Time Stamp.", "format": "date-time", @@ -668,6 +870,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-bedrock-agentalias.json b/src/schema/aws-bedrock-agentalias.json index 26ac30f2..537d5e8e 100644 --- a/src/schema/aws-bedrock-agentalias.json +++ b/src/schema/aws-bedrock-agentalias.json @@ -208,6 +208,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-bedrock-agents", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-bedrock-applicationinferenceprofile.json b/src/schema/aws-bedrock-applicationinferenceprofile.json new file mode 100644 index 00000000..95534c61 --- /dev/null +++ b/src/schema/aws-bedrock-applicationinferenceprofile.json @@ -0,0 +1,235 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Description", + "/properties/InferenceProfileName", + "/properties/ModelSource" + ], + "definitions": { + "InferenceProfileModel": { + "additionalProperties": false, + "description": "Model configuration", + "properties": { + "ModelArn": { + "description": "ARN for Foundation Models in Bedrock. These models can be used as base models for model customization jobs", + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}$", + "type": "string" + } + }, + "type": "object" + }, + "InferenceProfileModelSource": { + "description": "Various ways to encode a list of models in a CreateInferenceProfile request", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "CopyFrom": { + "description": "Source arns for a custom inference profile to copy its regional load balancing config from. This\ncan either be a foundation model or predefined inference profile ARN.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|foundation-model)/[a-zA-Z0-9-:.]+$", + "type": "string" + } + }, + "required": [ + "CopyFrom" + ], + "title": "CopyFrom", + "type": "object" + } + ] + }, + "InferenceProfileStatus": { + "description": "Status of the Inference Profile", + "enum": [ + "ACTIVE" + ], + "type": "string" + }, + "InferenceProfileType": { + "description": "Type of the Inference Profile", + "enum": [ + "APPLICATION", + "SYSTEM_DEFINED" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "Definition of the key/value pair for a tag", + "properties": { + "Key": { + "description": "Tag Key", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + }, + "Value": { + "description": "Tag Value", + "maxLength": 256, + "minLength": 0, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + } + }, + "description": "Definition of AWS::Bedrock::ApplicationInferenceProfile Resource Type", + "handlers": { + "create": { + "permissions": [ + "bedrock:CreateInferenceProfile", + "bedrock:GetInferenceProfile", + "bedrock:TagResource", + "bedrock:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "bedrock:DeleteInferenceProfile", + "bedrock:GetInferenceProfile" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "Type": { + "$ref": "resource-schema.json#/properties/Type" + } + } + }, + "permissions": [ + "bedrock:ListInferenceProfiles" + ] + }, + "read": { + "permissions": [ + "bedrock:GetInferenceProfile", + "bedrock:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "bedrock:GetInferenceProfile", + "bedrock:ListTagsForResource", + "bedrock:TagResource", + "bedrock:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/InferenceProfileIdentifier" + ], + "properties": { + "CreatedAt": { + "description": "Time Stamp", + "format": "date-time", + "type": "string" + }, + "Description": { + "description": "Description of the inference profile", + "maxLength": 200, + "minLength": 1, + "pattern": "^([0-9a-zA-Z:.][ _-]?)+$", + "type": "string" + }, + "InferenceProfileArn": { + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+$", + "type": "string" + }, + "InferenceProfileId": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-:.]+$", + "type": "string" + }, + "InferenceProfileIdentifier": { + "description": "Inference profile identifier. Supports both system-defined inference profile ids, and inference profile ARNs.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/)?[a-zA-Z0-9-:.]+$", + "type": "string" + }, + "InferenceProfileName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^([0-9a-zA-Z][ _-]?)+$", + "type": "string" + }, + "ModelSource": { + "$ref": "#/definitions/InferenceProfileModelSource" + }, + "Models": { + "description": "List of model configuration", + "items": { + "$ref": "#/definitions/InferenceProfileModel" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + }, + "Status": { + "$ref": "#/definitions/InferenceProfileStatus" + }, + "Tags": { + "description": "List of Tags", + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Type": { + "$ref": "#/definitions/InferenceProfileType" + }, + "UpdatedAt": { + "description": "Time Stamp", + "format": "date-time", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Models", + "/properties/InferenceProfileArn", + "/properties/InferenceProfileId", + "/properties/InferenceProfileIdentifier", + "/properties/Status", + "/properties/Type", + "/properties/CreatedAt", + "/properties/UpdatedAt" + ], + "required": [ + "InferenceProfileName" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-bedrock-application-inference-profile", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Bedrock::ApplicationInferenceProfile", + "writeOnlyProperties": [ + "/properties/ModelSource" + ] +} diff --git a/src/schema/aws-bedrock-blueprint.json b/src/schema/aws-bedrock-blueprint.json new file mode 100644 index 00000000..e03ca7c5 --- /dev/null +++ b/src/schema/aws-bedrock-blueprint.json @@ -0,0 +1,184 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/BlueprintName", + "/properties/Type" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "Definition of the key/value pair for a tag", + "properties": { + "Key": { + "description": "Key for the tag", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + }, + "Value": { + "description": "Value for the tag", + "maxLength": 256, + "minLength": 0, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Definition of AWS::Bedrock::Blueprint Resource Type", + "handlers": { + "create": { + "permissions": [ + "bedrock:CreateBlueprint", + "bedrock:GetBlueprint", + "bedrock:TagResource", + "bedrock:ListTagsForResource", + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" + ] + }, + "delete": { + "permissions": [ + "bedrock:DeleteBlueprint", + "bedrock:GetBlueprint", + "kms:DescribeKey", + "kms:Decrypt" + ] + }, + "list": { + "permissions": [ + "bedrock:ListBlueprints" + ] + }, + "read": { + "permissions": [ + "bedrock:GetBlueprint", + "bedrock:ListTagsForResource", + "kms:DescribeKey", + "kms:Decrypt" + ] + }, + "update": { + "permissions": [ + "bedrock:UpdateBlueprint", + "bedrock:GetBlueprint", + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource", + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" + ] + } + }, + "primaryIdentifier": [ + "/properties/BlueprintArn" + ], + "properties": { + "BlueprintArn": { + "description": "ARN of a Blueprint", + "maxLength": 128, + "pattern": "^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):blueprint/(bedrock-data-automation-public-[a-zA-Z0-9-_]{1,30}|[a-zA-Z0-9-]{12,36})$", + "type": "string" + }, + "BlueprintName": { + "description": "Name of the Blueprint", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-_]+$", + "type": "string" + }, + "BlueprintStage": { + "description": "Stage of the Blueprint", + "enum": [ + "DEVELOPMENT", + "LIVE" + ], + "type": "string" + }, + "CreationTime": { + "description": "Creation timestamp", + "format": "date-time", + "type": "string" + }, + "KmsEncryptionContext": { + "additionalProperties": false, + "dependencies": { + "KmsEncryptionContext": [ + "KmsKeyId" + ] + }, + "description": "KMS encryption context", + "patternProperties": { + "^.*$": { + "type": "string" + } + }, + "type": "object" + }, + "KmsKeyId": { + "description": "KMS key identifier", + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "LastModifiedTime": { + "description": "Last modified timestamp", + "format": "date-time", + "type": "string" + }, + "Schema": { + "description": "Schema of the blueprint", + "type": "object" + }, + "Tags": { + "description": "List of Tags", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Type": { + "description": "Modality Type", + "enum": [ + "DOCUMENT", + "IMAGE" + ], + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/BlueprintArn", + "/properties/BlueprintStage", + "/properties/CreationTime", + "/properties/LastModifiedTime" + ], + "required": [ + "BlueprintName", + "Schema", + "Type" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Bedrock::Blueprint" +} diff --git a/src/schema/aws-bedrock-dataautomationproject.json b/src/schema/aws-bedrock-dataautomationproject.json new file mode 100644 index 00000000..9cb5927c --- /dev/null +++ b/src/schema/aws-bedrock-dataautomationproject.json @@ -0,0 +1,695 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ProjectName" + ], + "definitions": { + "AudioExtractionCategory": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + }, + "Types": { + "items": { + "$ref": "#/definitions/AudioExtractionCategoryType" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "AudioExtractionCategoryType": { + "enum": [ + "AUDIO_CONTENT_MODERATION", + "TRANSCRIPT", + "TOPIC_CONTENT_MODERATION" + ], + "type": "string" + }, + "AudioStandardExtraction": { + "additionalProperties": false, + "properties": { + "Category": { + "$ref": "#/definitions/AudioExtractionCategory" + } + }, + "required": [ + "Category" + ], + "type": "object" + }, + "AudioStandardGenerativeField": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + }, + "Types": { + "items": { + "$ref": "#/definitions/AudioStandardGenerativeFieldType" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "AudioStandardGenerativeFieldType": { + "enum": [ + "AUDIO_SUMMARY", + "IAB", + "TOPIC_SUMMARY" + ], + "type": "string" + }, + "AudioStandardOutputConfiguration": { + "additionalProperties": false, + "properties": { + "Extraction": { + "$ref": "#/definitions/AudioStandardExtraction" + }, + "GenerativeField": { + "$ref": "#/definitions/AudioStandardGenerativeField" + } + }, + "type": "object" + }, + "BlueprintItem": { + "additionalProperties": false, + "properties": { + "BlueprintArn": { + "description": "ARN of a Blueprint", + "maxLength": 128, + "pattern": "^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):blueprint/(bedrock-data-automation-public-[a-zA-Z0-9-_]{1,30}|[a-zA-Z0-9-]{12,36})$", + "type": "string" + }, + "BlueprintStage": { + "$ref": "#/definitions/BlueprintStage" + }, + "BlueprintVersion": { + "description": "Blueprint Version", + "maxLength": 128, + "minLength": 1, + "pattern": "^[0-9]*$", + "type": "string" + } + }, + "required": [ + "BlueprintArn" + ], + "type": "object" + }, + "BlueprintStage": { + "description": "Stage of the Blueprint", + "enum": [ + "DEVELOPMENT", + "LIVE" + ], + "type": "string" + }, + "CustomOutputConfiguration": { + "additionalProperties": false, + "description": "Custom output configuration", + "properties": { + "Blueprints": { + "items": { + "$ref": "#/definitions/BlueprintItem" + }, + "type": "array" + } + }, + "type": "object" + }, + "DataAutomationProjectStage": { + "description": "Stage of the Project", + "enum": [ + "DEVELOPMENT", + "LIVE" + ], + "type": "string" + }, + "DataAutomationProjectStatus": { + "enum": [ + "COMPLETED", + "IN_PROGRESS", + "FAILED" + ], + "type": "string" + }, + "DocumentBoundingBox": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "DocumentExtractionGranularity": { + "additionalProperties": false, + "properties": { + "Types": { + "items": { + "$ref": "#/definitions/DocumentExtractionGranularityType" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "DocumentExtractionGranularityType": { + "enum": [ + "DOCUMENT", + "PAGE", + "ELEMENT", + "WORD", + "LINE" + ], + "type": "string" + }, + "DocumentOutputAdditionalFileFormat": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "DocumentOutputFormat": { + "additionalProperties": false, + "properties": { + "AdditionalFileFormat": { + "$ref": "#/definitions/DocumentOutputAdditionalFileFormat" + }, + "TextFormat": { + "$ref": "#/definitions/DocumentOutputTextFormat" + } + }, + "required": [ + "AdditionalFileFormat", + "TextFormat" + ], + "type": "object" + }, + "DocumentOutputTextFormat": { + "additionalProperties": false, + "properties": { + "Types": { + "items": { + "$ref": "#/definitions/DocumentOutputTextFormatType" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "DocumentOutputTextFormatType": { + "enum": [ + "PLAIN_TEXT", + "MARKDOWN", + "HTML", + "CSV" + ], + "type": "string" + }, + "DocumentOverrideConfiguration": { + "additionalProperties": false, + "properties": { + "Splitter": { + "$ref": "#/definitions/SplitterConfiguration" + } + }, + "type": "object" + }, + "DocumentStandardExtraction": { + "additionalProperties": false, + "properties": { + "BoundingBox": { + "$ref": "#/definitions/DocumentBoundingBox" + }, + "Granularity": { + "$ref": "#/definitions/DocumentExtractionGranularity" + } + }, + "required": [ + "BoundingBox", + "Granularity" + ], + "type": "object" + }, + "DocumentStandardGenerativeField": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "DocumentStandardOutputConfiguration": { + "additionalProperties": false, + "properties": { + "Extraction": { + "$ref": "#/definitions/DocumentStandardExtraction" + }, + "GenerativeField": { + "$ref": "#/definitions/DocumentStandardGenerativeField" + }, + "OutputFormat": { + "$ref": "#/definitions/DocumentOutputFormat" + } + }, + "type": "object" + }, + "ImageBoundingBox": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "ImageExtractionCategory": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + }, + "Types": { + "items": { + "$ref": "#/definitions/ImageExtractionCategoryType" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "ImageExtractionCategoryType": { + "enum": [ + "CONTENT_MODERATION", + "TEXT_DETECTION", + "LOGOS" + ], + "type": "string" + }, + "ImageStandardExtraction": { + "additionalProperties": false, + "properties": { + "BoundingBox": { + "$ref": "#/definitions/ImageBoundingBox" + }, + "Category": { + "$ref": "#/definitions/ImageExtractionCategory" + } + }, + "required": [ + "BoundingBox", + "Category" + ], + "type": "object" + }, + "ImageStandardGenerativeField": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + }, + "Types": { + "items": { + "$ref": "#/definitions/ImageStandardGenerativeFieldType" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "ImageStandardGenerativeFieldType": { + "enum": [ + "IMAGE_SUMMARY", + "IAB" + ], + "type": "string" + }, + "ImageStandardOutputConfiguration": { + "additionalProperties": false, + "properties": { + "Extraction": { + "$ref": "#/definitions/ImageStandardExtraction" + }, + "GenerativeField": { + "$ref": "#/definitions/ImageStandardGenerativeField" + } + }, + "type": "object" + }, + "OverrideConfiguration": { + "additionalProperties": false, + "description": "Override configuration", + "properties": { + "Document": { + "$ref": "#/definitions/DocumentOverrideConfiguration" + } + }, + "type": "object" + }, + "SplitterConfiguration": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + } + }, + "type": "object" + }, + "StandardOutputConfiguration": { + "additionalProperties": false, + "description": "Standard output configuration", + "properties": { + "Audio": { + "$ref": "#/definitions/AudioStandardOutputConfiguration" + }, + "Document": { + "$ref": "#/definitions/DocumentStandardOutputConfiguration" + }, + "Image": { + "$ref": "#/definitions/ImageStandardOutputConfiguration" + }, + "Video": { + "$ref": "#/definitions/VideoStandardOutputConfiguration" + } + }, + "type": "object" + }, + "State": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "Definition of the key/value pair for a tag", + "properties": { + "Key": { + "description": "Key for the tag", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + }, + "Value": { + "description": "Value for the tag", + "maxLength": 256, + "minLength": 0, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + }, + "VideoBoundingBox": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "VideoExtractionCategory": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + }, + "Types": { + "items": { + "$ref": "#/definitions/VideoExtractionCategoryType" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "VideoExtractionCategoryType": { + "enum": [ + "CONTENT_MODERATION", + "TEXT_DETECTION", + "TRANSCRIPT", + "LOGOS" + ], + "type": "string" + }, + "VideoStandardExtraction": { + "additionalProperties": false, + "properties": { + "BoundingBox": { + "$ref": "#/definitions/VideoBoundingBox" + }, + "Category": { + "$ref": "#/definitions/VideoExtractionCategory" + } + }, + "required": [ + "BoundingBox", + "Category" + ], + "type": "object" + }, + "VideoStandardGenerativeField": { + "additionalProperties": false, + "properties": { + "State": { + "$ref": "#/definitions/State" + }, + "Types": { + "items": { + "$ref": "#/definitions/VideoStandardGenerativeFieldType" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "State" + ], + "type": "object" + }, + "VideoStandardGenerativeFieldType": { + "enum": [ + "VIDEO_SUMMARY", + "IAB", + "CHAPTER_SUMMARY" + ], + "type": "string" + }, + "VideoStandardOutputConfiguration": { + "additionalProperties": false, + "properties": { + "Extraction": { + "$ref": "#/definitions/VideoStandardExtraction" + }, + "GenerativeField": { + "$ref": "#/definitions/VideoStandardGenerativeField" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::Bedrock::DataAutomationProject Resource Type", + "handlers": { + "create": { + "permissions": [ + "bedrock:CreateDataAutomationProject", + "bedrock:GetDataAutomationProject", + "bedrock:TagResource", + "bedrock:ListTagsForResource", + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" + ] + }, + "delete": { + "permissions": [ + "bedrock:DeleteDataAutomationProject", + "bedrock:GetDataAutomationProject", + "kms:DescribeKey", + "kms:Decrypt" + ] + }, + "list": { + "permissions": [ + "bedrock:ListDataAutomationProjects" + ] + }, + "read": { + "permissions": [ + "bedrock:GetDataAutomationProject", + "bedrock:ListTagsForResource", + "kms:DescribeKey", + "kms:Decrypt" + ] + }, + "update": { + "permissions": [ + "bedrock:UpdateDataAutomationProject", + "bedrock:GetDataAutomationProject", + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource", + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" + ] + } + }, + "primaryIdentifier": [ + "/properties/ProjectArn" + ], + "properties": { + "CreationTime": { + "description": "Time Stamp", + "format": "date-time", + "type": "string" + }, + "CustomOutputConfiguration": { + "$ref": "#/definitions/CustomOutputConfiguration" + }, + "KmsEncryptionContext": { + "additionalProperties": false, + "dependencies": { + "KmsEncryptionContext": [ + "KmsKeyId" + ] + }, + "description": "KMS encryption context", + "patternProperties": { + "^.*$": { + "type": "string" + } + }, + "type": "object" + }, + "KmsKeyId": { + "description": "KMS key identifier", + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "LastModifiedTime": { + "description": "Time Stamp", + "format": "date-time", + "type": "string" + }, + "OverrideConfiguration": { + "$ref": "#/definitions/OverrideConfiguration" + }, + "ProjectArn": { + "description": "ARN of a DataAutomationProject", + "maxLength": 128, + "pattern": "^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):data-automation-project/[a-zA-Z0-9-]{12,36}$", + "type": "string" + }, + "ProjectDescription": { + "description": "Description of the DataAutomationProject", + "type": "string" + }, + "ProjectName": { + "description": "Name of the DataAutomationProject", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-_]+$", + "type": "string" + }, + "ProjectStage": { + "$ref": "#/definitions/DataAutomationProjectStage" + }, + "StandardOutputConfiguration": { + "$ref": "#/definitions/StandardOutputConfiguration" + }, + "Status": { + "$ref": "#/definitions/DataAutomationProjectStatus" + }, + "Tags": { + "description": "List of Tags", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/CreationTime", + "/properties/LastModifiedTime", + "/properties/ProjectArn", + "/properties/ProjectStage", + "/properties/Status" + ], + "required": [ + "ProjectName" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Bedrock::DataAutomationProject" +} diff --git a/src/schema/aws-bedrock-datasource.json b/src/schema/aws-bedrock-datasource.json index 46ec8998..3945840a 100644 --- a/src/schema/aws-bedrock-datasource.json +++ b/src/schema/aws-bedrock-datasource.json @@ -2,9 +2,57 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/KnowledgeBaseId", - "/properties/VectorIngestionConfiguration" + "/properties/VectorIngestionConfiguration/ChunkingConfiguration", + "/properties/VectorIngestionConfiguration/ParsingConfiguration", + "/properties/DataSourceConfiguration/Type" ], "definitions": { + "BedrockDataAutomationConfiguration": { + "additionalProperties": false, + "description": "Settings for a Bedrock Data Automation used to parse documents for a data source.", + "properties": { + "ParsingModality": { + "$ref": "#/definitions/ParsingModality" + } + }, + "type": "object" + }, + "BedrockFoundationModelConfiguration": { + "additionalProperties": false, + "description": "Settings for a foundation model used to parse documents for a data source.", + "properties": { + "ModelArn": { + "$ref": "#/definitions/ModelArn" + }, + "ParsingModality": { + "$ref": "#/definitions/ParsingModality" + }, + "ParsingPrompt": { + "$ref": "#/definitions/ParsingPrompt" + } + }, + "required": [ + "ModelArn" + ], + "type": "object" + }, + "BedrockFoundationModelContextEnrichmentConfiguration": { + "additionalProperties": false, + "description": "Bedrock Foundation Model configuration to be used for Context Enrichment.", + "properties": { + "EnrichmentStrategyConfiguration": { + "$ref": "#/definitions/EnrichmentStrategyConfiguration" + }, + "ModelArn": { + "$ref": "#/definitions/ModelArn" + } + }, + "required": [ + "EnrichmentStrategyConfiguration", + "ModelArn" + ], + "type": "object" + }, "ChunkingConfiguration": { "additionalProperties": false, "description": "Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried.", @@ -14,6 +62,12 @@ }, "FixedSizeChunkingConfiguration": { "$ref": "#/definitions/FixedSizeChunkingConfiguration" + }, + "HierarchicalChunkingConfiguration": { + "$ref": "#/definitions/HierarchicalChunkingConfiguration" + }, + "SemanticChunkingConfiguration": { + "$ref": "#/definitions/SemanticChunkingConfiguration" } }, "required": [ @@ -25,10 +79,145 @@ "description": "Knowledge base can split your source data into chunks. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. You have the following options for chunking your data. If you opt for NONE, then you may want to pre-process your files by splitting them up such that each file corresponds to a chunk.", "enum": [ "FIXED_SIZE", - "NONE" + "NONE", + "HIERARCHICAL", + "SEMANTIC" + ], + "type": "string" + }, + "ConfluenceCrawlerConfiguration": { + "additionalProperties": false, + "description": "The configuration of the Confluence content. For example, configuring specific types of Confluence content.", + "properties": { + "FilterConfiguration": { + "$ref": "#/definitions/CrawlFilterConfiguration" + } + }, + "type": "object" + }, + "ConfluenceDataSourceConfiguration": { + "additionalProperties": false, + "description": "The configuration information to connect to Confluence as your data source.", + "properties": { + "CrawlerConfiguration": { + "$ref": "#/definitions/ConfluenceCrawlerConfiguration" + }, + "SourceConfiguration": { + "$ref": "#/definitions/ConfluenceSourceConfiguration" + } + }, + "required": [ + "SourceConfiguration" + ], + "type": "object" + }, + "ConfluenceSourceConfiguration": { + "additionalProperties": false, + "description": "The endpoint information to connect to your Confluence data source.", + "properties": { + "AuthType": { + "description": "The supported authentication type to authenticate and connect to your Confluence instance.", + "enum": [ + "BASIC", + "OAUTH2_CLIENT_CREDENTIALS" + ], + "type": "string" + }, + "CredentialsSecretArn": { + "description": "The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your Confluence instance URL. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see Confluence connection configuration.", + "pattern": "^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$", + "type": "string" + }, + "HostType": { + "description": "The supported host type, whether online/cloud or server/on-premises.", + "enum": [ + "SAAS" + ], + "type": "string" + }, + "HostUrl": { + "description": "The Confluence host URL or instance URL.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^https://[A-Za-z0-9][^\\s]*$", + "type": "string" + } + }, + "required": [ + "HostUrl", + "HostType", + "AuthType", + "CredentialsSecretArn" + ], + "type": "object" + }, + "ContextEnrichmentConfiguration": { + "additionalProperties": false, + "description": "Additional Enrichment Configuration for example when using GraphRag.", + "properties": { + "BedrockFoundationModelConfiguration": { + "$ref": "#/definitions/BedrockFoundationModelContextEnrichmentConfiguration" + }, + "Type": { + "$ref": "#/definitions/ContextEnrichmentType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "ContextEnrichmentType": { + "description": "Enrichment type to be used for the vector database.", + "enum": [ + "BEDROCK_FOUNDATION_MODEL" ], "type": "string" }, + "CrawlFilterConfiguration": { + "additionalProperties": false, + "description": "The type of filtering that you want to apply to certain objects or content of the data source. For example, the PATTERN type is regular expression patterns you can apply to filter your content.", + "properties": { + "PatternObjectFilter": { + "$ref": "#/definitions/PatternObjectFilterConfiguration" + }, + "Type": { + "description": "The crawl filter type.", + "enum": [ + "PATTERN" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "CustomTransformationConfiguration": { + "additionalProperties": false, + "description": "Settings for customizing steps in the data source content ingestion pipeline.", + "properties": { + "IntermediateStorage": { + "$ref": "#/definitions/IntermediateStorage" + }, + "Transformations": { + "description": "A list of Lambda functions that process documents.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Transformation" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "IntermediateStorage", + "Transformations" + ], + "type": "object" + }, "DataDeletionPolicy": { "description": "The deletion policy for the data source.", "enum": [ @@ -41,16 +230,27 @@ "additionalProperties": false, "description": "Specifies a raw data source location to ingest.", "properties": { + "ConfluenceConfiguration": { + "$ref": "#/definitions/ConfluenceDataSourceConfiguration" + }, "S3Configuration": { "$ref": "#/definitions/S3DataSourceConfiguration" }, + "SalesforceConfiguration": { + "$ref": "#/definitions/SalesforceDataSourceConfiguration" + }, + "SharePointConfiguration": { + "$ref": "#/definitions/SharePointDataSourceConfiguration" + }, "Type": { "$ref": "#/definitions/DataSourceType" + }, + "WebConfiguration": { + "$ref": "#/definitions/WebDataSourceConfiguration" } }, "required": [ - "Type", - "S3Configuration" + "Type" ], "type": "object" }, @@ -66,10 +266,48 @@ "DataSourceType": { "description": "The type of the data source location.", "enum": [ - "S3" + "S3", + "CONFLUENCE", + "SALESFORCE", + "SHAREPOINT", + "WEB", + "CUSTOM", + "REDSHIFT_METADATA" + ], + "type": "string" + }, + "EnrichmentStrategyConfiguration": { + "additionalProperties": false, + "description": "Strategy to be used when using Bedrock Foundation Model for Context Enrichment.", + "properties": { + "Method": { + "$ref": "#/definitions/EnrichmentStrategyMethod" + } + }, + "required": [ + "Method" + ], + "type": "object" + }, + "EnrichmentStrategyMethod": { + "description": "Enrichment Strategy method.", + "enum": [ + "CHUNK_ENTITY_EXTRACTION" ], "type": "string" }, + "FilterList": { + "description": "A set of regular expression filter patterns for a type of object.", + "insertionOrder": false, + "items": { + "description": "A list of one or more inclusion/exclusion regular expression patterns to include certain object types that adhere to the pattern. If you specify an inclusion and exclusion filter/pattern and both match a document, the exclusion filter takes precedence and the document isn't crawled.", + "maxLength": 1000, + "type": "string" + }, + "maxItems": 25, + "minItems": 1, + "type": "array" + }, "FixedSizeChunkingConfiguration": { "additionalProperties": false, "description": "Configurations for when you choose fixed-size chunking. If you set the chunkingStrategy as NONE, exclude this field.", @@ -92,9 +330,165 @@ ], "type": "object" }, + "HierarchicalChunkingConfiguration": { + "additionalProperties": false, + "description": "Configurations for when you choose hierarchical chunking. If you set the chunkingStrategy as NONE, exclude this field.", + "properties": { + "LevelConfigurations": { + "description": "Token settings for each layer.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/HierarchicalChunkingLevelConfiguration" + }, + "maxItems": 2, + "minItems": 2, + "type": "array" + }, + "OverlapTokens": { + "description": "The number of tokens to repeat across chunks in the same layer.", + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "LevelConfigurations", + "OverlapTokens" + ], + "type": "object" + }, + "HierarchicalChunkingLevelConfiguration": { + "additionalProperties": false, + "description": "Token settings for a layer in a hierarchical chunking configuration.", + "properties": { + "MaxTokens": { + "description": "The maximum number of tokens that a chunk can contain in this layer.", + "maximum": 8192, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "MaxTokens" + ], + "type": "object" + }, + "IntermediateStorage": { + "additionalProperties": false, + "description": "A location for storing content from data sources temporarily as it is processed by custom components in the ingestion pipeline.", + "properties": { + "S3Location": { + "$ref": "#/definitions/S3Location" + } + }, + "required": [ + "S3Location" + ], + "type": "object" + }, + "ModelArn": { + "description": "The model's ARN.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})|(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{1,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+)$", + "type": "string" + }, + "ParsingConfiguration": { + "additionalProperties": false, + "description": "Settings for parsing document contents", + "properties": { + "BedrockDataAutomationConfiguration": { + "$ref": "#/definitions/BedrockDataAutomationConfiguration" + }, + "BedrockFoundationModelConfiguration": { + "$ref": "#/definitions/BedrockFoundationModelConfiguration" + }, + "ParsingStrategy": { + "$ref": "#/definitions/ParsingStrategy" + } + }, + "required": [ + "ParsingStrategy" + ], + "type": "object" + }, + "ParsingModality": { + "description": "Determine how will parsed content be stored.", + "enum": [ + "MULTIMODAL" + ], + "type": "string" + }, + "ParsingPrompt": { + "additionalProperties": false, + "description": "Instructions for interpreting the contents of a document.", + "properties": { + "ParsingPromptText": { + "description": "Instructions for interpreting the contents of a document.", + "maxLength": 10000, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "ParsingPromptText" + ], + "type": "object" + }, + "ParsingStrategy": { + "description": "The parsing strategy for the data source.", + "enum": [ + "BEDROCK_FOUNDATION_MODEL", + "BEDROCK_DATA_AUTOMATION" + ], + "type": "string" + }, + "PatternObjectFilter": { + "additionalProperties": false, + "description": "The specific filters applied to your data source content. You can filter out or include certain content.", + "properties": { + "ExclusionFilters": { + "$ref": "#/definitions/FilterList" + }, + "InclusionFilters": { + "$ref": "#/definitions/FilterList" + }, + "ObjectType": { + "description": "The supported object type or content type of the data source.", + "maxLength": 50, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "ObjectType" + ], + "type": "object" + }, + "PatternObjectFilterConfiguration": { + "additionalProperties": false, + "description": "The configuration of specific filters applied to your data source content. You can filter out or include certain content.", + "properties": { + "Filters": { + "$ref": "#/definitions/PatternObjectFilterList" + } + }, + "required": [ + "Filters" + ], + "type": "object" + }, + "PatternObjectFilterList": { + "description": "Contains information", + "items": { + "$ref": "#/definitions/PatternObjectFilter" + }, + "maxItems": 25, + "minItems": 1, + "type": "array" + }, "S3DataSourceConfiguration": { "additionalProperties": false, - "description": "Contains information about the S3 configuration of the data source.", + "description": "The configuration information to connect to Amazon S3 as your data source.", "properties": { "BucketArn": { "description": "The ARN of the bucket that contains the data source.", @@ -129,6 +523,134 @@ ], "type": "object" }, + "S3Location": { + "additionalProperties": false, + "description": "An Amazon S3 location.", + "properties": { + "URI": { + "description": "The location's URI", + "maxLength": 2048, + "minLength": 1, + "pattern": "^s3://.{1,128}$", + "type": "string" + } + }, + "required": [ + "URI" + ], + "type": "object" + }, + "SalesforceCrawlerConfiguration": { + "additionalProperties": false, + "description": "The configuration of filtering the Salesforce content. For example, configuring regular expression patterns to include or exclude certain content.", + "properties": { + "FilterConfiguration": { + "$ref": "#/definitions/CrawlFilterConfiguration" + } + }, + "type": "object" + }, + "SalesforceDataSourceConfiguration": { + "additionalProperties": false, + "description": "The configuration information to connect to Salesforce as your data source.", + "properties": { + "CrawlerConfiguration": { + "$ref": "#/definitions/SalesforceCrawlerConfiguration" + }, + "SourceConfiguration": { + "$ref": "#/definitions/SalesforceSourceConfiguration" + } + }, + "required": [ + "SourceConfiguration" + ], + "type": "object" + }, + "SalesforceSourceConfiguration": { + "additionalProperties": false, + "description": "The endpoint information to connect to your Salesforce data source.", + "properties": { + "AuthType": { + "description": "The supported authentication type to authenticate and connect to your Salesforce instance.", + "enum": [ + "OAUTH2_CLIENT_CREDENTIALS" + ], + "type": "string" + }, + "CredentialsSecretArn": { + "description": "The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your Salesforce instance URL. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see Salesforce connection configuration.", + "pattern": "^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$", + "type": "string" + }, + "HostUrl": { + "description": "The Salesforce host URL or instance URL.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^https://[A-Za-z0-9][^\\s]*$", + "type": "string" + } + }, + "required": [ + "HostUrl", + "AuthType", + "CredentialsSecretArn" + ], + "type": "object" + }, + "SeedUrl": { + "additionalProperties": false, + "description": "A seed url object.", + "properties": { + "Url": { + "description": "A web url.", + "pattern": "^https?://[A-Za-z0-9][^\\s]*$", + "type": "string" + } + }, + "required": [ + "Url" + ], + "type": "object" + }, + "SeedUrls": { + "description": "A list of web urls.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SeedUrl" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "SemanticChunkingConfiguration": { + "additionalProperties": false, + "description": "Configurations for when you choose semantic chunking. If you set the chunkingStrategy as NONE, exclude this field.", + "properties": { + "BreakpointPercentileThreshold": { + "description": "The dissimilarity threshold for splitting chunks.", + "maximum": 99, + "minimum": 50, + "type": "integer" + }, + "BufferSize": { + "description": "The buffer size.", + "maximum": 1, + "minimum": 0, + "type": "integer" + }, + "MaxTokens": { + "description": "The maximum number of tokens that a chunk can contain.", + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "BreakpointPercentileThreshold", + "BufferSize", + "MaxTokens" + ], + "type": "object" + }, "ServerSideEncryptionConfiguration": { "additionalProperties": false, "description": "Contains details about the server-side encryption for the data source.", @@ -143,15 +665,257 @@ }, "type": "object" }, + "SharePointCrawlerConfiguration": { + "additionalProperties": false, + "description": "The configuration of the SharePoint content. For example, configuring specific types of SharePoint content.", + "properties": { + "FilterConfiguration": { + "$ref": "#/definitions/CrawlFilterConfiguration" + } + }, + "type": "object" + }, + "SharePointDataSourceConfiguration": { + "additionalProperties": false, + "description": "The configuration information to connect to SharePoint as your data source.", + "properties": { + "CrawlerConfiguration": { + "$ref": "#/definitions/SharePointCrawlerConfiguration" + }, + "SourceConfiguration": { + "$ref": "#/definitions/SharePointSourceConfiguration" + } + }, + "required": [ + "SourceConfiguration" + ], + "type": "object" + }, + "SharePointSourceConfiguration": { + "additionalProperties": false, + "description": "The endpoint information to connect to your SharePoint data source.", + "properties": { + "AuthType": { + "description": "The supported authentication type to authenticate and connect to your SharePoint site/sites.", + "enum": [ + "OAUTH2_CLIENT_CREDENTIALS", + "OAUTH2_SHAREPOINT_APP_ONLY_CLIENT_CREDENTIALS" + ], + "type": "string" + }, + "CredentialsSecretArn": { + "description": "The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your SharePoint site/sites. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see SharePoint connection configuration.", + "pattern": "^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$", + "type": "string" + }, + "Domain": { + "description": "The domain of your SharePoint instance or site URL/URLs.", + "maxLength": 50, + "minLength": 1, + "type": "string" + }, + "HostType": { + "description": "The supported host type, whether online/cloud or server/on-premises.", + "enum": [ + "ONLINE" + ], + "type": "string" + }, + "SiteUrls": { + "description": "A list of one or more SharePoint site URLs.", + "insertionOrder": false, + "items": { + "description": "A forced-HTTPS web url.", + "pattern": "^https://[A-Za-z0-9][^\\s]*$", + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "TenantId": { + "description": "The identifier of your Microsoft 365 tenant.", + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", + "type": "string" + } + }, + "required": [ + "Domain", + "SiteUrls", + "HostType", + "AuthType", + "CredentialsSecretArn" + ], + "type": "object" + }, + "Transformation": { + "additionalProperties": false, + "description": "A Lambda function that processes documents.", + "properties": { + "StepToApply": { + "description": "When the service applies the transformation.", + "enum": [ + "POST_CHUNKING" + ], + "type": "string" + }, + "TransformationFunction": { + "$ref": "#/definitions/TransformationFunction" + } + }, + "required": [ + "StepToApply", + "TransformationFunction" + ], + "type": "object" + }, + "TransformationFunction": { + "additionalProperties": false, + "description": "A Lambda function that processes documents.", + "properties": { + "TransformationLambdaConfiguration": { + "$ref": "#/definitions/TransformationLambdaConfiguration" + } + }, + "required": [ + "TransformationLambdaConfiguration" + ], + "type": "object" + }, + "TransformationLambdaConfiguration": { + "additionalProperties": false, + "description": "A Lambda function that processes documents.", + "properties": { + "LambdaArn": { + "description": "The function's ARN identifier.", + "maxLength": 2048, + "minLength": 0, + "pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?$", + "type": "string" + } + }, + "required": [ + "LambdaArn" + ], + "type": "object" + }, + "UrlConfiguration": { + "additionalProperties": false, + "description": "A url configuration.", + "properties": { + "SeedUrls": { + "$ref": "#/definitions/SeedUrls" + } + }, + "required": [ + "SeedUrls" + ], + "type": "object" + }, "VectorIngestionConfiguration": { "additionalProperties": false, "description": "Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried.", "properties": { "ChunkingConfiguration": { "$ref": "#/definitions/ChunkingConfiguration" + }, + "ContextEnrichmentConfiguration": { + "$ref": "#/definitions/ContextEnrichmentConfiguration" + }, + "CustomTransformationConfiguration": { + "$ref": "#/definitions/CustomTransformationConfiguration" + }, + "ParsingConfiguration": { + "$ref": "#/definitions/ParsingConfiguration" + } + }, + "type": "object" + }, + "WebCrawlerConfiguration": { + "additionalProperties": false, + "description": "Configuration for the web crawler.", + "properties": { + "CrawlerLimits": { + "$ref": "#/definitions/WebCrawlerLimits" + }, + "ExclusionFilters": { + "$ref": "#/definitions/FilterList" + }, + "InclusionFilters": { + "$ref": "#/definitions/FilterList" + }, + "Scope": { + "$ref": "#/definitions/WebScopeType" + }, + "UserAgent": { + "description": "The suffix that will be included in the user agent header.", + "maxLength": 40, + "minLength": 15, + "type": "string" + }, + "UserAgentHeader": { + "description": "The full user agent header, including UUID and suffix.", + "maxLength": 86, + "minLength": 61, + "type": "string" + } + }, + "type": "object" + }, + "WebCrawlerLimits": { + "additionalProperties": false, + "description": "Limit settings for the web crawler.", + "properties": { + "MaxPages": { + "description": "Maximum number of pages the crawler can crawl.", + "minimum": 1, + "type": "integer" + }, + "RateLimit": { + "description": "Rate of web URLs retrieved per minute.", + "maximum": 300, + "minimum": 1, + "type": "integer" } }, "type": "object" + }, + "WebDataSourceConfiguration": { + "additionalProperties": false, + "description": "Configures a web data source location.", + "properties": { + "CrawlerConfiguration": { + "$ref": "#/definitions/WebCrawlerConfiguration" + }, + "SourceConfiguration": { + "$ref": "#/definitions/WebSourceConfiguration" + } + }, + "required": [ + "SourceConfiguration" + ], + "type": "object" + }, + "WebScopeType": { + "description": "The scope that a web crawl job will be restricted to.", + "enum": [ + "HOST_ONLY", + "SUBDOMAINS" + ], + "type": "string" + }, + "WebSourceConfiguration": { + "additionalProperties": false, + "description": "A web source configuration.", + "properties": { + "UrlConfiguration": { + "$ref": "#/definitions/UrlConfiguration" + } + }, + "required": [ + "UrlConfiguration" + ], + "type": "object" } }, "description": "Definition of AWS::Bedrock::DataSource Resource Type", @@ -160,7 +924,8 @@ "permissions": [ "bedrock:CreateDataSource", "bedrock:GetDataSource", - "bedrock:GetKnowledgeBase" + "bedrock:GetKnowledgeBase", + "kms:GenerateDataKey" ] }, "delete": { @@ -192,7 +957,8 @@ "update": { "permissions": [ "bedrock:GetDataSource", - "bedrock:UpdateDataSource" + "bedrock:UpdateDataSource", + "kms:GenerateDataKey" ] } }, @@ -262,7 +1028,8 @@ "/properties/DataSourceStatus", "/properties/CreatedAt", "/properties/UpdatedAt", - "/properties/FailureReasons" + "/properties/FailureReasons", + "/properties/DataSourceConfiguration/WebConfiguration/CrawlerConfiguration/UserAgentHeader" ], "required": [ "DataSourceConfiguration", diff --git a/src/schema/aws-bedrock-flow.json b/src/schema/aws-bedrock-flow.json index ef77f1d4..a59a0821 100644 --- a/src/schema/aws-bedrock-flow.json +++ b/src/schema/aws-bedrock-flow.json @@ -6,6 +6,27 @@ ], "additionalProperties": false, "definitions": { + "AgentFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Agent flow node configuration", + "properties": { + "AgentAliasArn": { + "description": "Arn representation of the Agent Alias.", + "maxLength": 2048, + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$", + "type": "string" + } + }, + "required": [ + "AgentAliasArn" + ], + "type": "object" + }, + "CollectorFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Collector flow node configuration", + "type": "object" + }, "ConditionFlowNodeConfiguration": { "additionalProperties": false, "description": "Condition flow node configuration", @@ -188,7 +209,7 @@ "items": { "$ref": "#/definitions/FlowConnection" }, - "maxItems": 20, + "maxItems": 100, "type": "array" }, "Nodes": { @@ -197,7 +218,7 @@ "items": { "$ref": "#/definitions/FlowNode" }, - "maxItems": 20, + "maxItems": 40, "type": "array" } }, @@ -336,6 +357,71 @@ ], "title": "LambdaFunction", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Agent": { + "$ref": "#/definitions/AgentFlowNodeConfiguration" + } + }, + "required": [ + "Agent" + ], + "title": "Agent", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Storage": { + "$ref": "#/definitions/StorageFlowNodeConfiguration" + } + }, + "required": [ + "Storage" + ], + "title": "Storage", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Iterator": { + "$ref": "#/definitions/IteratorFlowNodeConfiguration" + } + }, + "required": [ + "Iterator" + ], + "title": "Iterator", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Collector": { + "$ref": "#/definitions/CollectorFlowNodeConfiguration" + } + }, + "required": [ + "Collector" + ], + "title": "Collector", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Retrieval": { + "$ref": "#/definitions/RetrievalFlowNodeConfiguration" + } + }, + "required": [ + "Retrieval" + ], + "title": "Retrieval", + "type": "object" } ] }, @@ -404,7 +490,12 @@ "Condition", "Lex", "Prompt", - "LambdaFunction" + "LambdaFunction", + "Agent", + "Storage", + "Retrieval", + "Iterator", + "Collector" ], "type": "string" }, @@ -418,15 +509,63 @@ ], "type": "string" }, + "FlowValidation": { + "additionalProperties": false, + "description": "Validation for Flow", + "properties": { + "Message": { + "description": "validation message", + "type": "string" + } + }, + "required": [ + "Message" + ], + "type": "object" + }, + "FlowValidations": { + "description": "List of flow validations", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/FlowValidation" + }, + "type": "array" + }, + "GuardrailConfiguration": { + "additionalProperties": false, + "description": "Configuration for a guardrail", + "properties": { + "GuardrailIdentifier": { + "description": "Identifier for the guardrail, could be the id or the arn", + "maxLength": 2048, + "pattern": "^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$", + "type": "string" + }, + "GuardrailVersion": { + "description": "Version of the guardrail", + "pattern": "^(([0-9]{1,8})|(DRAFT))$", + "type": "string" + } + }, + "type": "object" + }, "InputFlowNodeConfiguration": { "additionalProperties": false, "description": "Input flow node configuration", "type": "object" }, + "IteratorFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Iterator flow node configuration", + "type": "object" + }, "KnowledgeBaseFlowNodeConfiguration": { "additionalProperties": false, "description": "Knowledge base flow node configuration", "properties": { + "GuardrailConfiguration": { + "$ref": "#/definitions/GuardrailConfiguration" + }, "KnowledgeBaseId": { "description": "Identifier of the KnowledgeBase", "maxLength": 10, @@ -434,10 +573,10 @@ "type": "string" }, "ModelId": { - "description": "ARN or name of a Bedrock model.", + "description": "ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models.", "maxLength": 2048, "minLength": 1, - "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$", + "pattern": "^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$", "type": "string" } }, @@ -494,6 +633,9 @@ "additionalProperties": false, "description": "Prompt flow node configuration", "properties": { + "GuardrailConfiguration": { + "$ref": "#/definitions/GuardrailConfiguration" + }, "SourceConfiguration": { "$ref": "#/definitions/PromptFlowNodeSourceConfiguration" } @@ -511,10 +653,10 @@ "$ref": "#/definitions/PromptInferenceConfiguration" }, "ModelId": { - "description": "ARN or name of a Bedrock model.", + "description": "ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models.", "maxLength": 2048, "minLength": 1, - "pattern": "^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)$", + "pattern": "^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$", "type": "string" }, "TemplateConfiguration": { @@ -633,12 +775,6 @@ "minimum": 0, "type": "number" }, - "TopK": { - "description": "Sample from the k most likely next tokens", - "maximum": 500, - "minimum": 0, - "type": "number" - }, "TopP": { "description": "Cumulative probability cutoff for token selection", "maximum": 1, @@ -673,6 +809,49 @@ ], "type": "string" }, + "RetrievalFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Retrieval flow node configuration", + "properties": { + "ServiceConfiguration": { + "$ref": "#/definitions/RetrievalFlowNodeServiceConfiguration" + } + }, + "required": [ + "ServiceConfiguration" + ], + "type": "object" + }, + "RetrievalFlowNodeS3Configuration": { + "additionalProperties": false, + "description": "s3 Retrieval configuration for Retrieval node", + "properties": { + "BucketName": { + "description": "bucket name of an s3 that will be used for Retrieval flow node configuration", + "pattern": "^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$", + "type": "string" + } + }, + "required": [ + "BucketName" + ], + "type": "object" + }, + "RetrievalFlowNodeServiceConfiguration": { + "description": "Retrieval service configuration for Retrieval node", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "S3": { + "$ref": "#/definitions/RetrievalFlowNodeS3Configuration" + } + }, + "title": "S3", + "type": "object" + } + ] + }, "S3Location": { "additionalProperties": false, "description": "A bucket, key and optional version pointing to an S3 object containing a UTF-8 encoded JSON string Definition with the same schema as the Definition property of this resource", @@ -703,6 +882,49 @@ ], "type": "object" }, + "StorageFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Storage flow node configuration", + "properties": { + "ServiceConfiguration": { + "$ref": "#/definitions/StorageFlowNodeServiceConfiguration" + } + }, + "required": [ + "ServiceConfiguration" + ], + "type": "object" + }, + "StorageFlowNodeS3Configuration": { + "additionalProperties": false, + "description": "s3 storage configuration for storage node", + "properties": { + "BucketName": { + "description": "bucket name of an s3 that will be used for storage flow node configuration", + "pattern": "^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$", + "type": "string" + } + }, + "required": [ + "BucketName" + ], + "type": "object" + }, + "StorageFlowNodeServiceConfiguration": { + "description": "storage service configuration for storage node", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "S3": { + "$ref": "#/definitions/StorageFlowNodeS3Configuration" + } + }, + "title": "S3", + "type": "object" + } + ] + }, "TagsMap": { "additionalProperties": false, "description": "A map of tag keys and values", @@ -727,7 +949,7 @@ "items": { "$ref": "#/definitions/PromptInputVariable" }, - "maxItems": 5, + "maxItems": 20, "minItems": 0, "type": "array" }, @@ -757,25 +979,32 @@ "bedrock:TagResource", "bedrock:ListTagsForResource", "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "bedrock:CreateGuardrail", + "bedrock:CreateGuardrailVersion", + "bedrock:GetGuardrail" ] }, "delete": { "permissions": [ "bedrock:DeleteFlow", - "bedrock:GetFlow" + "bedrock:GetFlow", + "bedrock:DeleteGuardrail", + "bedrock:GetGuardrail" ] }, "list": { "permissions": [ - "bedrock:ListFlows" + "bedrock:ListFlows", + "bedrock:ListGuardrails" ] }, "read": { "permissions": [ "bedrock:GetFlow", "bedrock:ListTagsForResource", - "kms:Decrypt" + "kms:Decrypt", + "bedrock:GetGuardrail" ] }, "update": { @@ -790,7 +1019,9 @@ "bedrock:UntagResource", "bedrock:ListTagsForResource", "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "bedrock:UpdateGuardrail", + "bedrock:GetGuardrail" ] } }, @@ -867,6 +1098,9 @@ "format": "date-time", "type": "string" }, + "Validations": { + "$ref": "#/definitions/FlowValidations" + }, "Version": { "description": "Draft Version.", "maxLength": 5, @@ -881,7 +1115,8 @@ "/properties/Id", "/properties/Status", "/properties/UpdatedAt", - "/properties/Version" + "/properties/Version", + "/properties/Validations" ], "required": [ "ExecutionRoleArn", diff --git a/src/schema/aws-bedrock-flowalias.json b/src/schema/aws-bedrock-flowalias.json index c8f47474..f5e6e149 100644 --- a/src/schema/aws-bedrock-flowalias.json +++ b/src/schema/aws-bedrock-flowalias.json @@ -10,7 +10,7 @@ "properties": { "FlowVersion": { "description": "Version.", - "maxLength": 1, + "maxLength": 5, "minLength": 1, "pattern": "^(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})$", "type": "string" diff --git a/src/schema/aws-bedrock-flowversion.json b/src/schema/aws-bedrock-flowversion.json index 83a33c59..caf8cd9b 100644 --- a/src/schema/aws-bedrock-flowversion.json +++ b/src/schema/aws-bedrock-flowversion.json @@ -5,6 +5,27 @@ "/properties/FlowArn" ], "definitions": { + "AgentFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Agent flow node configuration", + "properties": { + "AgentAliasArn": { + "description": "Arn representation of the Agent Alias.", + "maxLength": 2048, + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$", + "type": "string" + } + }, + "required": [ + "AgentAliasArn" + ], + "type": "object" + }, + "CollectorFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Collector flow node configuration", + "type": "object" + }, "ConditionFlowNodeConfiguration": { "additionalProperties": false, "description": "Condition flow node configuration", @@ -165,7 +186,7 @@ "items": { "$ref": "#/definitions/FlowConnection" }, - "maxItems": 20, + "maxItems": 100, "type": "array" }, "Nodes": { @@ -174,7 +195,7 @@ "items": { "$ref": "#/definitions/FlowNode" }, - "maxItems": 20, + "maxItems": 40, "type": "array" } }, @@ -313,6 +334,71 @@ ], "title": "LambdaFunction", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Agent": { + "$ref": "#/definitions/AgentFlowNodeConfiguration" + } + }, + "required": [ + "Agent" + ], + "title": "Agent", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Storage": { + "$ref": "#/definitions/StorageFlowNodeConfiguration" + } + }, + "required": [ + "Storage" + ], + "title": "Storage", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Retrieval": { + "$ref": "#/definitions/RetrievalFlowNodeConfiguration" + } + }, + "required": [ + "Retrieval" + ], + "title": "Retrieval", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Iterator": { + "$ref": "#/definitions/IteratorFlowNodeConfiguration" + } + }, + "required": [ + "Iterator" + ], + "title": "Iterator", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Collector": { + "$ref": "#/definitions/CollectorFlowNodeConfiguration" + } + }, + "required": [ + "Collector" + ], + "title": "Collector", + "type": "object" } ] }, @@ -381,7 +467,12 @@ "Condition", "Lex", "Prompt", - "LambdaFunction" + "LambdaFunction", + "Agent", + "Iterator", + "Collector", + "Storage", + "Retrieval" ], "type": "string" }, @@ -395,15 +486,41 @@ ], "type": "string" }, + "GuardrailConfiguration": { + "additionalProperties": false, + "description": "Configuration for a guardrail", + "properties": { + "GuardrailIdentifier": { + "description": "Identifier for the guardrail, could be the id or the arn", + "maxLength": 2048, + "pattern": "^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$", + "type": "string" + }, + "GuardrailVersion": { + "description": "Version of the guardrail", + "pattern": "^(([0-9]{1,8})|(DRAFT))$", + "type": "string" + } + }, + "type": "object" + }, "InputFlowNodeConfiguration": { "additionalProperties": false, "description": "Input flow node configuration", "type": "object" }, + "IteratorFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Iterator flow node configuration", + "type": "object" + }, "KnowledgeBaseFlowNodeConfiguration": { "additionalProperties": false, "description": "Knowledge base flow node configuration", "properties": { + "GuardrailConfiguration": { + "$ref": "#/definitions/GuardrailConfiguration" + }, "KnowledgeBaseId": { "description": "Identifier of the KnowledgeBase", "maxLength": 10, @@ -411,10 +528,10 @@ "type": "string" }, "ModelId": { - "description": "ARN or name of a Bedrock model.", + "description": "ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models.", "maxLength": 2048, "minLength": 1, - "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$", + "pattern": "^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$", "type": "string" } }, @@ -471,6 +588,9 @@ "additionalProperties": false, "description": "Prompt flow node configuration", "properties": { + "GuardrailConfiguration": { + "$ref": "#/definitions/GuardrailConfiguration" + }, "SourceConfiguration": { "$ref": "#/definitions/PromptFlowNodeSourceConfiguration" } @@ -488,10 +608,10 @@ "$ref": "#/definitions/PromptInferenceConfiguration" }, "ModelId": { - "description": "ARN or name of a Bedrock model.", + "description": "ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models.", "maxLength": 2048, "minLength": 1, - "pattern": "^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)$", + "pattern": "^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$", "type": "string" }, "TemplateConfiguration": { @@ -610,12 +730,6 @@ "minimum": 0, "type": "number" }, - "TopK": { - "description": "Sample from the k most likely next tokens", - "maximum": 500, - "minimum": 0, - "type": "number" - }, "TopP": { "description": "Cumulative probability cutoff for token selection", "maximum": 1, @@ -650,6 +764,92 @@ ], "type": "string" }, + "RetrievalFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Retrieval flow node configuration", + "properties": { + "ServiceConfiguration": { + "$ref": "#/definitions/RetrievalFlowNodeServiceConfiguration" + } + }, + "required": [ + "ServiceConfiguration" + ], + "type": "object" + }, + "RetrievalFlowNodeS3Configuration": { + "additionalProperties": false, + "description": "s3 Retrieval configuration for Retrieval node", + "properties": { + "BucketName": { + "description": "bucket name of an s3 that will be used for Retrieval flow node configuration", + "pattern": "^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$", + "type": "string" + } + }, + "required": [ + "BucketName" + ], + "type": "object" + }, + "RetrievalFlowNodeServiceConfiguration": { + "description": "Retrieval service configuration for Retrieval node", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "S3": { + "$ref": "#/definitions/RetrievalFlowNodeS3Configuration" + } + }, + "title": "S3", + "type": "object" + } + ] + }, + "StorageFlowNodeConfiguration": { + "additionalProperties": false, + "description": "Storage flow node configuration", + "properties": { + "ServiceConfiguration": { + "$ref": "#/definitions/StorageFlowNodeServiceConfiguration" + } + }, + "required": [ + "ServiceConfiguration" + ], + "type": "object" + }, + "StorageFlowNodeS3Configuration": { + "additionalProperties": false, + "description": "s3 storage configuration for storage node", + "properties": { + "BucketName": { + "description": "bucket name of an s3 that will be used for storage flow node configuration", + "pattern": "^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$", + "type": "string" + } + }, + "required": [ + "BucketName" + ], + "type": "object" + }, + "StorageFlowNodeServiceConfiguration": { + "description": "storage service configuration for storage node", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "S3": { + "$ref": "#/definitions/StorageFlowNodeS3Configuration" + } + }, + "title": "S3", + "type": "object" + } + ] + }, "TextPromptTemplateConfiguration": { "additionalProperties": false, "description": "Configuration for text prompt template", @@ -660,7 +860,7 @@ "items": { "$ref": "#/definitions/PromptInputVariable" }, - "maxItems": 5, + "maxItems": 20, "minItems": 0, "type": "array" }, @@ -682,13 +882,20 @@ "create": { "permissions": [ "bedrock:CreateFlowVersion", - "bedrock:GetFlowVersion" + "bedrock:GetFlowVersion", + "kms:GenerateDataKey", + "kms:Decrypt", + "bedrock:CreateGuardrail", + "bedrock:CreateGuardrailVersion", + "bedrock:GetGuardrail" ] }, "delete": { "permissions": [ "bedrock:DeleteFlowVersion", - "bedrock:GetFlowVersion" + "bedrock:GetFlowVersion", + "bedrock:DeleteGuardrail", + "bedrock:GetGuardrail" ] }, "list": { @@ -703,12 +910,15 @@ ] }, "permissions": [ - "bedrock:ListFlowVersions" + "bedrock:ListFlowVersions", + "bedrock:ListGuardrails" ] }, "read": { "permissions": [ - "bedrock:GetFlowVersion" + "bedrock:GetFlowVersion", + "kms:Decrypt", + "bedrock:GetGuardrail" ] }, "update": { @@ -727,6 +937,13 @@ "format": "date-time", "type": "string" }, + "CustomerEncryptionKeyArn": { + "description": "A KMS key ARN", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$", + "type": "string" + }, "Definition": { "$ref": "#/definitions/FlowDefinition" }, @@ -773,7 +990,8 @@ "/properties/FlowId", "/properties/Name", "/properties/Status", - "/properties/Version" + "/properties/Version", + "/properties/CustomerEncryptionKeyArn" ], "required": [ "FlowArn" diff --git a/src/schema/aws-bedrock-guardrail.json b/src/schema/aws-bedrock-guardrail.json index 39196a8d..d414ee07 100644 --- a/src/schema/aws-bedrock-guardrail.json +++ b/src/schema/aws-bedrock-guardrail.json @@ -1,34 +1,48 @@ { "additionalProperties": false, "definitions": { - "ContentFilter": { - "additionalProperties": false, - "description": "Content filter in content policy.", - "properties": { - "InputStrength": { - "$ref": "#/definitions/FilterStrength" - }, - "OutputStrength": { - "$ref": "#/definitions/FilterStrength" - }, - "Type": { - "$ref": "#/definitions/ContentFilterType" - } - }, - "required": [ - "InputStrength", - "OutputStrength", - "Type" + "ContentFilterAction": { + "enum": [ + "BLOCK", + "NONE" ], - "type": "object" + "type": "string" }, "ContentFilterConfig": { "additionalProperties": false, "description": "Content filter config in content policy.", "properties": { + "InputAction": { + "$ref": "#/definitions/ContentFilterAction" + }, + "InputEnabled": { + "type": "boolean" + }, + "InputModalities": { + "description": "List of modalities", + "items": { + "$ref": "#/definitions/Modality" + }, + "minItems": 1, + "type": "array" + }, "InputStrength": { "$ref": "#/definitions/FilterStrength" }, + "OutputAction": { + "$ref": "#/definitions/ContentFilterAction" + }, + "OutputEnabled": { + "type": "boolean" + }, + "OutputModalities": { + "description": "List of modalities", + "items": { + "$ref": "#/definitions/Modality" + }, + "minItems": 1, + "type": "array" + }, "OutputStrength": { "$ref": "#/definitions/FilterStrength" }, @@ -74,6 +88,64 @@ ], "type": "object" }, + "ContextualGroundingAction": { + "enum": [ + "BLOCK", + "NONE" + ], + "type": "string" + }, + "ContextualGroundingFilterConfig": { + "additionalProperties": false, + "description": "A config for grounding filter.", + "properties": { + "Action": { + "$ref": "#/definitions/ContextualGroundingAction" + }, + "Enabled": { + "type": "boolean" + }, + "Threshold": { + "description": "The threshold for this filter.", + "minimum": 0, + "type": "number" + }, + "Type": { + "$ref": "#/definitions/ContextualGroundingFilterType" + } + }, + "required": [ + "Threshold", + "Type" + ], + "type": "object" + }, + "ContextualGroundingFilterType": { + "description": "Type of contextual grounding filter", + "enum": [ + "GROUNDING", + "RELEVANCE" + ], + "type": "string" + }, + "ContextualGroundingPolicyConfig": { + "additionalProperties": false, + "description": "Contextual grounding policy config for a guardrail.", + "properties": { + "FiltersConfig": { + "description": "List of contextual grounding filter configs.", + "items": { + "$ref": "#/definitions/ContextualGroundingFilterConfig" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "FiltersConfig" + ], + "type": "object" + }, "FilterStrength": { "description": "Strength for filters", "enum": [ @@ -96,23 +168,22 @@ ], "type": "string" }, - "ManagedWords": { - "additionalProperties": false, - "description": "A managed words definition.", - "properties": { - "Type": { - "$ref": "#/definitions/ManagedWordsType" - } - }, - "required": [ - "Type" - ], - "type": "object" - }, "ManagedWordsConfig": { "additionalProperties": false, "description": "A managed words config.", "properties": { + "InputAction": { + "$ref": "#/definitions/WordAction" + }, + "InputEnabled": { + "type": "boolean" + }, + "OutputAction": { + "$ref": "#/definitions/WordAction" + }, + "OutputEnabled": { + "type": "boolean" + }, "Type": { "$ref": "#/definitions/ManagedWordsType" } @@ -129,22 +200,13 @@ ], "type": "string" }, - "PiiEntity": { - "additionalProperties": false, - "description": "Entity name and behavior.", - "properties": { - "Action": { - "$ref": "#/definitions/SensitiveInformationAction" - }, - "Type": { - "$ref": "#/definitions/PiiEntityType" - } - }, - "required": [ - "Action", - "Type" + "Modality": { + "description": "Modality for filters", + "enum": [ + "TEXT", + "IMAGE" ], - "type": "object" + "type": "string" }, "PiiEntityConfig": { "additionalProperties": false, @@ -153,6 +215,18 @@ "Action": { "$ref": "#/definitions/SensitiveInformationAction" }, + "InputAction": { + "$ref": "#/definitions/SensitiveInformationAction" + }, + "InputEnabled": { + "type": "boolean" + }, + "OutputAction": { + "$ref": "#/definitions/SensitiveInformationAction" + }, + "OutputEnabled": { + "type": "boolean" + }, "Type": { "$ref": "#/definitions/PiiEntityType" } @@ -213,12 +287,24 @@ "minLength": 1, "type": "string" }, + "InputAction": { + "$ref": "#/definitions/SensitiveInformationAction" + }, + "InputEnabled": { + "type": "boolean" + }, "Name": { "description": "The regex name.", "maxLength": 100, "minLength": 1, "type": "string" }, + "OutputAction": { + "$ref": "#/definitions/SensitiveInformationAction" + }, + "OutputEnabled": { + "type": "boolean" + }, "Pattern": { "description": "The regex pattern.", "minLength": 1, @@ -236,7 +322,8 @@ "description": "Options for sensitive information action.", "enum": [ "BLOCK", - "ANONYMIZE" + "ANONYMIZE", + "NONE" ], "type": "string" }, @@ -289,44 +376,12 @@ ], "type": "object" }, - "Topic": { - "additionalProperties": false, - "description": "Topic in topic policy.", - "properties": { - "Definition": { - "description": "Definition of topic in topic policy", - "maxLength": 200, - "minLength": 1, - "type": "string" - }, - "Examples": { - "description": "List of text examples", - "items": { - "description": "Text example in topic policy", - "maxLength": 100, - "minLength": 1, - "type": "string" - }, - "minItems": 0, - "type": "array" - }, - "Name": { - "description": "Name of topic in topic policy", - "maxLength": 100, - "minLength": 1, - "pattern": "^[0-9a-zA-Z-_ !?.]+$", - "type": "string" - }, - "Type": { - "$ref": "#/definitions/TopicType" - } - }, - "required": [ - "Definition", - "Name", - "Type" + "TopicAction": { + "enum": [ + "BLOCK", + "NONE" ], - "type": "object" + "type": "string" }, "TopicConfig": { "additionalProperties": false, @@ -349,6 +404,12 @@ "minItems": 0, "type": "array" }, + "InputAction": { + "$ref": "#/definitions/TopicAction" + }, + "InputEnabled": { + "type": "boolean" + }, "Name": { "description": "Name of topic in topic policy", "maxLength": 100, @@ -356,6 +417,12 @@ "pattern": "^[0-9a-zA-Z-_ !?.]+$", "type": "string" }, + "OutputAction": { + "$ref": "#/definitions/TopicAction" + }, + "OutputEnabled": { + "type": "boolean" + }, "Type": { "$ref": "#/definitions/TopicType" } @@ -392,10 +459,29 @@ ], "type": "string" }, + "WordAction": { + "enum": [ + "BLOCK", + "NONE" + ], + "type": "string" + }, "WordConfig": { "additionalProperties": false, "description": "A custom word config.", "properties": { + "InputAction": { + "$ref": "#/definitions/WordAction" + }, + "InputEnabled": { + "type": "boolean" + }, + "OutputAction": { + "$ref": "#/definitions/WordAction" + }, + "OutputEnabled": { + "type": "boolean" + }, "Text": { "description": "The custom word text.", "minLength": 1, @@ -497,6 +583,9 @@ "ContentPolicyConfig": { "$ref": "#/definitions/ContentPolicyConfig" }, + "ContextualGroundingPolicyConfig": { + "$ref": "#/definitions/ContextualGroundingPolicyConfig" + }, "CreatedAt": { "description": "Time Stamp", "format": "date-time", @@ -605,6 +694,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "bedrock:ListTagsForResource", + "bedrock:TagResource", + "bedrock:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-bedrock-knowledgebase.json b/src/schema/aws-bedrock-knowledgebase.json index 4f6a2b8a..8b529083 100644 --- a/src/schema/aws-bedrock-knowledgebase.json +++ b/src/schema/aws-bedrock-knowledgebase.json @@ -2,9 +2,31 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/StorageConfiguration", - "/properties/KnowledgeBaseConfiguration" + "/properties/KnowledgeBaseConfiguration/Type", + "/properties/KnowledgeBaseConfiguration/VectorKnowledgeBaseConfiguration", + "/properties/KnowledgeBaseConfiguration/KendraKnowledgeBaseConfiguration", + "/properties/KnowledgeBaseConfiguration/SqlKnowledgeBaseConfiguration/Type", + "/properties/KnowledgeBaseConfiguration/SqlKnowledgeBaseConfiguration/RedshiftConfiguration/StorageConfigurations", + "/properties/KnowledgeBaseConfiguration/SqlKnowledgeBaseConfiguration/RedshiftConfiguration/QueryEngineConfiguration" ], "definitions": { + "AwsDataCatalogTableName": { + "description": "AWS Data Catalog table name", + "maxLength": 200, + "minLength": 1, + "pattern": "^.*\\.*$", + "type": "string" + }, + "AwsDataCatalogTableNames": { + "description": "List of table names in AWS Data Catalog. Must follow two part notation", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AwsDataCatalogTableName" + }, + "maxItems": 1000, + "minItems": 1, + "type": "array" + }, "BedrockEmbeddingModelConfiguration": { "additionalProperties": false, "description": "The vector configuration details for the Bedrock embeddings model.", @@ -14,10 +36,50 @@ "maximum": 4096, "minimum": 0, "type": "integer" + }, + "EmbeddingDataType": { + "description": "The data type for the vectors when using a model to convert text into vector embeddings.", + "enum": [ + "FLOAT32", + "BINARY" + ], + "type": "string" + } + }, + "type": "object" + }, + "CuratedQueries": { + "description": "List of example queries and results", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CuratedQuery" + }, + "maxItems": 10, + "type": "array" + }, + "CuratedQuery": { + "additionalProperties": false, + "description": "Curated query or question and answer pair", + "properties": { + "NaturalLanguage": { + "$ref": "#/definitions/NaturalLanguageString" + }, + "Sql": { + "$ref": "#/definitions/SqlString" } }, + "required": [ + "NaturalLanguage", + "Sql" + ], "type": "object" }, + "DescriptionString": { + "description": "Description for the attached entity", + "maxLength": 200, + "minLength": 1, + "type": "string" + }, "EmbeddingModelConfiguration": { "additionalProperties": false, "description": "The embeddings model configuration details for the vector model used in Knowledge Base.", @@ -28,10 +90,42 @@ }, "type": "object" }, + "InclusionType": { + "description": "Include or Exclude status for an entity", + "enum": [ + "INCLUDE", + "EXCLUDE" + ], + "type": "string" + }, + "KendraIndexArn": { + "description": "Arn of a Kendra index", + "pattern": "^arn:aws(|-cn|-us-gov):kendra:[a-z0-9-]{1,20}:([0-9]{12}|):index/([a-zA-Z0-9][a-zA-Z0-9-]{35}|[a-zA-Z0-9][a-zA-Z0-9-]{35}-[a-zA-Z0-9][a-zA-Z0-9-]{35})$", + "type": "string" + }, + "KendraKnowledgeBaseConfiguration": { + "additionalProperties": false, + "description": "Configurations for a Kendra knowledge base", + "properties": { + "KendraIndexArn": { + "$ref": "#/definitions/KendraIndexArn" + } + }, + "required": [ + "KendraIndexArn" + ], + "type": "object" + }, "KnowledgeBaseConfiguration": { "additionalProperties": false, "description": "Contains details about the embeddings model used for the knowledge base.", "properties": { + "KendraKnowledgeBaseConfiguration": { + "$ref": "#/definitions/KendraKnowledgeBaseConfiguration" + }, + "SqlKnowledgeBaseConfiguration": { + "$ref": "#/definitions/SqlKnowledgeBaseConfiguration" + }, "Type": { "$ref": "#/definitions/KnowledgeBaseType" }, @@ -40,8 +134,7 @@ } }, "required": [ - "Type", - "VectorKnowledgeBaseConfiguration" + "Type" ], "type": "object" }, @@ -63,14 +156,18 @@ "OPENSEARCH_SERVERLESS", "PINECONE", "RDS", - "MONGO_DB_ATLAS" + "MONGO_DB_ATLAS", + "NEPTUNE_ANALYTICS", + "OPENSEARCH_MANAGED_CLUSTER" ], "type": "string" }, "KnowledgeBaseType": { "description": "The type of a knowledge base.", "enum": [ - "VECTOR" + "VECTOR", + "KENDRA", + "SQL" ], "type": "string" }, @@ -110,6 +207,12 @@ "FieldMapping": { "$ref": "#/definitions/MongoDbAtlasFieldMapping" }, + "TextIndexName": { + "description": "Name of a MongoDB Atlas text index.", + "maxLength": 2048, + "pattern": "^.*$", + "type": "string" + }, "VectorIndexName": { "description": "Name of a MongoDB Atlas index.", "maxLength": 2048, @@ -157,6 +260,121 @@ ], "type": "object" }, + "NaturalLanguageString": { + "description": "Question for the curated query", + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, + "NeptuneAnalyticsConfiguration": { + "additionalProperties": false, + "description": "Contains the configurations to use Neptune Analytics as Vector Store.", + "properties": { + "FieldMapping": { + "$ref": "#/definitions/NeptuneAnalyticsFieldMapping" + }, + "GraphArn": { + "description": "ARN for Neptune Analytics graph database.", + "maxLength": 255, + "minLength": 1, + "pattern": "^arn:aws(|-cn|-us-gov):neptune-graph:[a-zA-Z0-9-]*:[0-9]{12}:graph\\/g-[a-zA-Z0-9]{10}$", + "type": "string" + } + }, + "required": [ + "GraphArn", + "FieldMapping" + ], + "type": "object" + }, + "NeptuneAnalyticsFieldMapping": { + "additionalProperties": false, + "description": "A mapping of Bedrock Knowledge Base fields to Neptune Analytics fields.", + "properties": { + "MetadataField": { + "description": "The name of the field in which Amazon Bedrock stores metadata about the vector store.", + "maxLength": 2048, + "pattern": "^.*$", + "type": "string" + }, + "TextField": { + "description": "The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.", + "maxLength": 2048, + "pattern": "^.*$", + "type": "string" + } + }, + "required": [ + "TextField", + "MetadataField" + ], + "type": "object" + }, + "OpenSearchManagedClusterConfiguration": { + "additionalProperties": false, + "description": "Contains the storage configuration of the knowledge base in Amazon OpenSearch Service.", + "properties": { + "DomainArn": { + "description": "The Amazon Resource Name (ARN) of the OpenSearch domain.", + "maxLength": 2048, + "pattern": "^arn:aws(|-cn|-us-gov|-iso):es:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:domain/[a-z][a-z0-9-]{3,28}$", + "type": "string" + }, + "DomainEndpoint": { + "description": "The endpoint URL the OpenSearch domain.", + "maxLength": 2048, + "pattern": "^https://.*$", + "type": "string" + }, + "FieldMapping": { + "$ref": "#/definitions/OpenSearchManagedClusterFieldMapping" + }, + "VectorIndexName": { + "description": "The name of the vector store.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^(?![\\-_+.])[a-z0-9][a-z0-9\\-_\\.]*$", + "type": "string" + } + }, + "required": [ + "DomainArn", + "DomainEndpoint", + "VectorIndexName", + "FieldMapping" + ], + "type": "object" + }, + "OpenSearchManagedClusterFieldMapping": { + "additionalProperties": false, + "description": "A mapping of Bedrock Knowledge Base fields to OpenSearch Managed Cluster field names", + "properties": { + "MetadataField": { + "description": "The name of the field in which Amazon Bedrock stores metadata about the vector store.", + "maxLength": 2048, + "pattern": "^.*$", + "type": "string" + }, + "TextField": { + "description": "The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.", + "maxLength": 2048, + "pattern": "^.*$", + "type": "string" + }, + "VectorField": { + "description": "The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.", + "maxLength": 2048, + "pattern": "^.*$", + "type": "string" + } + }, + "required": [ + "MetadataField", + "TextField", + "VectorField" + ], + "type": "object" + }, "OpenSearchServerlessConfiguration": { "additionalProperties": false, "description": "Contains the storage configuration of the knowledge base in Amazon OpenSearch Service.", @@ -164,7 +382,7 @@ "CollectionArn": { "description": "The ARN of the OpenSearch Service vector store.", "maxLength": 2048, - "pattern": "^arn:aws:aoss:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:collection/[a-z0-9-]{3,32}$", + "pattern": "^arn:aws(|-cn|-us-gov|-iso):aoss:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:collection/[a-z0-9-]{3,32}$", "type": "string" }, "FieldMapping": { @@ -269,6 +487,111 @@ ], "type": "object" }, + "QueryEngineType": { + "description": "SQL query engine type", + "enum": [ + "REDSHIFT" + ], + "type": "string" + }, + "QueryExecutionTimeoutSeconds": { + "description": "Max query execution timeout", + "maximum": 200, + "minimum": 1, + "type": "integer" + }, + "QueryGenerationColumn": { + "additionalProperties": false, + "description": "Redshift query generation column", + "properties": { + "Description": { + "$ref": "#/definitions/DescriptionString" + }, + "Inclusion": { + "$ref": "#/definitions/InclusionType" + }, + "Name": { + "$ref": "#/definitions/QueryGenerationColumnName" + } + }, + "type": "object" + }, + "QueryGenerationColumnName": { + "description": "Query generation column name", + "maxLength": 127, + "minLength": 1, + "type": "string" + }, + "QueryGenerationColumns": { + "description": "List of Redshift query generation columns", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/QueryGenerationColumn" + }, + "type": "array" + }, + "QueryGenerationConfiguration": { + "additionalProperties": false, + "description": "Configurations for generating Redshift engine queries", + "properties": { + "ExecutionTimeoutSeconds": { + "$ref": "#/definitions/QueryExecutionTimeoutSeconds" + }, + "GenerationContext": { + "$ref": "#/definitions/QueryGenerationContext" + } + }, + "type": "object" + }, + "QueryGenerationContext": { + "additionalProperties": false, + "description": "Context used to improve query generation", + "properties": { + "CuratedQueries": { + "$ref": "#/definitions/CuratedQueries" + }, + "Tables": { + "$ref": "#/definitions/QueryGenerationTables" + } + }, + "type": "object" + }, + "QueryGenerationTable": { + "additionalProperties": false, + "description": "Tables used for Redshift query generation context", + "properties": { + "Columns": { + "$ref": "#/definitions/QueryGenerationColumns" + }, + "Description": { + "$ref": "#/definitions/DescriptionString" + }, + "Inclusion": { + "$ref": "#/definitions/InclusionType" + }, + "Name": { + "$ref": "#/definitions/QueryGenerationTableName" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "QueryGenerationTableName": { + "description": "Query generation table name. Must follow three-part notation", + "pattern": "^.*\\..*\\..*$", + "type": "string" + }, + "QueryGenerationTables": { + "description": "List of tables used for Redshift query generation context", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/QueryGenerationTable" + }, + "maxItems": 50, + "type": "array" + }, "RdsConfiguration": { "additionalProperties": false, "description": "Contains details about the storage configuration of the knowledge base in Amazon RDS. For more information, see Create a vector index in Amazon RDS.", @@ -312,6 +635,12 @@ "additionalProperties": false, "description": "Contains the names of the fields to which to map information about the vector store.", "properties": { + "CustomMetadataField": { + "description": "The name of the field in which Amazon Bedrock stores custom metadata about the vector store.", + "maxLength": 63, + "pattern": "^[a-zA-Z0-9_\\-]+$", + "type": "string" + }, "MetadataField": { "description": "The name of the field in which Amazon Bedrock stores metadata about the vector store.", "maxLength": 63, @@ -408,6 +737,259 @@ ], "type": "object" }, + "RedshiftClusterIdentifier": { + "description": "Redshift cluster identifier", + "maxLength": 63, + "minLength": 1, + "type": "string" + }, + "RedshiftConfiguration": { + "additionalProperties": false, + "description": "Configurations for a Redshift knowledge base", + "properties": { + "QueryEngineConfiguration": { + "$ref": "#/definitions/RedshiftQueryEngineConfiguration" + }, + "QueryGenerationConfiguration": { + "$ref": "#/definitions/QueryGenerationConfiguration" + }, + "StorageConfigurations": { + "$ref": "#/definitions/RedshiftQueryEngineStorageConfigurations" + } + }, + "required": [ + "StorageConfigurations", + "QueryEngineConfiguration" + ], + "type": "object" + }, + "RedshiftDatabase": { + "description": "Redshift database name", + "maxLength": 200, + "minLength": 1, + "type": "string" + }, + "RedshiftProvisionedAuthConfiguration": { + "additionalProperties": false, + "description": "Configurations for Redshift query engine provisioned auth setup", + "properties": { + "DatabaseUser": { + "description": "Redshift database user", + "type": "string" + }, + "Type": { + "$ref": "#/definitions/RedshiftProvisionedAuthType" + }, + "UsernamePasswordSecretArn": { + "$ref": "#/definitions/SecretArn" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "RedshiftProvisionedAuthType": { + "description": "Provisioned Redshift auth type", + "enum": [ + "IAM", + "USERNAME_PASSWORD", + "USERNAME" + ], + "type": "string" + }, + "RedshiftProvisionedConfiguration": { + "additionalProperties": false, + "description": "Configurations for provisioned Redshift query engine", + "properties": { + "AuthConfiguration": { + "$ref": "#/definitions/RedshiftProvisionedAuthConfiguration" + }, + "ClusterIdentifier": { + "$ref": "#/definitions/RedshiftClusterIdentifier" + } + }, + "required": [ + "ClusterIdentifier", + "AuthConfiguration" + ], + "type": "object" + }, + "RedshiftQueryEngineAwsDataCatalogStorageConfiguration": { + "additionalProperties": false, + "description": "Configurations for Redshift query engine AWS Data Catalog backed storage", + "properties": { + "TableNames": { + "$ref": "#/definitions/AwsDataCatalogTableNames" + } + }, + "required": [ + "TableNames" + ], + "type": "object" + }, + "RedshiftQueryEngineConfiguration": { + "additionalProperties": false, + "description": "Configurations for Redshift query engine", + "properties": { + "ProvisionedConfiguration": { + "$ref": "#/definitions/RedshiftProvisionedConfiguration" + }, + "ServerlessConfiguration": { + "$ref": "#/definitions/RedshiftServerlessConfiguration" + }, + "Type": { + "$ref": "#/definitions/RedshiftQueryEngineType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "RedshiftQueryEngineRedshiftStorageConfiguration": { + "additionalProperties": false, + "description": "Configurations for Redshift query engine Redshift backed storage", + "properties": { + "DatabaseName": { + "$ref": "#/definitions/RedshiftDatabase" + } + }, + "required": [ + "DatabaseName" + ], + "type": "object" + }, + "RedshiftQueryEngineStorageConfiguration": { + "additionalProperties": false, + "description": "Configurations for available Redshift query engine storage types", + "properties": { + "AwsDataCatalogConfiguration": { + "$ref": "#/definitions/RedshiftQueryEngineAwsDataCatalogStorageConfiguration" + }, + "RedshiftConfiguration": { + "$ref": "#/definitions/RedshiftQueryEngineRedshiftStorageConfiguration" + }, + "Type": { + "$ref": "#/definitions/RedshiftQueryEngineStorageType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "RedshiftQueryEngineStorageConfigurations": { + "description": "List of configurations for available Redshift query engine storage types", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/RedshiftQueryEngineStorageConfiguration" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + }, + "RedshiftQueryEngineStorageType": { + "description": "Redshift query engine storage type", + "enum": [ + "REDSHIFT", + "AWS_DATA_CATALOG" + ], + "type": "string" + }, + "RedshiftQueryEngineType": { + "description": "Redshift query engine type", + "enum": [ + "SERVERLESS", + "PROVISIONED" + ], + "type": "string" + }, + "RedshiftServerlessAuthConfiguration": { + "additionalProperties": false, + "description": "Configurations for Redshift query engine serverless auth setup", + "properties": { + "Type": { + "$ref": "#/definitions/RedshiftServerlessAuthType" + }, + "UsernamePasswordSecretArn": { + "$ref": "#/definitions/SecretArn" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "RedshiftServerlessAuthType": { + "description": "Serverless Redshift auth type", + "enum": [ + "IAM", + "USERNAME_PASSWORD" + ], + "type": "string" + }, + "RedshiftServerlessConfiguration": { + "additionalProperties": false, + "description": "Configurations for serverless Redshift query engine", + "properties": { + "AuthConfiguration": { + "$ref": "#/definitions/RedshiftServerlessAuthConfiguration" + }, + "WorkgroupArn": { + "$ref": "#/definitions/WorkgroupArn" + } + }, + "required": [ + "WorkgroupArn", + "AuthConfiguration" + ], + "type": "object" + }, + "S3Location": { + "additionalProperties": false, + "description": "An Amazon S3 location.", + "properties": { + "URI": { + "description": "The location's URI", + "maxLength": 2048, + "minLength": 1, + "pattern": "^s3://.{1,128}$", + "type": "string" + } + }, + "required": [ + "URI" + ], + "type": "object" + }, + "SecretArn": { + "description": "Arn of a SecretsManager Secret", + "pattern": "^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$", + "type": "string" + }, + "SqlKnowledgeBaseConfiguration": { + "additionalProperties": false, + "description": "Configurations for a SQL knowledge base", + "properties": { + "RedshiftConfiguration": { + "$ref": "#/definitions/RedshiftConfiguration" + }, + "Type": { + "$ref": "#/definitions/QueryEngineType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "SqlString": { + "description": "Answer for the curated query", + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, "StorageConfiguration": { "additionalProperties": false, "description": "The vector store service in which the knowledge base is stored.", @@ -427,16 +1009,32 @@ "RdsConfiguration" ] }, + { + "required": [ + "NeptuneAnalyticsConfiguration" + ] + }, { "required": [ "MongoDbAtlasConfiguration" ] + }, + { + "required": [ + "OpensearchManagedClusterConfiguration" + ] } ], "properties": { "MongoDbAtlasConfiguration": { "$ref": "#/definitions/MongoDbAtlasConfiguration" }, + "NeptuneAnalyticsConfiguration": { + "$ref": "#/definitions/NeptuneAnalyticsConfiguration" + }, + "OpensearchManagedClusterConfiguration": { + "$ref": "#/definitions/OpenSearchManagedClusterConfiguration" + }, "OpensearchServerlessConfiguration": { "$ref": "#/definitions/OpenSearchServerlessConfiguration" }, @@ -455,6 +1053,52 @@ ], "type": "object" }, + "SupplementalDataStorageConfiguration": { + "additionalProperties": false, + "description": "Configurations for supplemental data storage.", + "properties": { + "SupplementalDataStorageLocations": { + "$ref": "#/definitions/SupplementalDataStorageLocations" + } + }, + "required": [ + "SupplementalDataStorageLocations" + ], + "type": "object" + }, + "SupplementalDataStorageLocation": { + "additionalProperties": false, + "description": "Supplemental data storage location.", + "properties": { + "S3Location": { + "$ref": "#/definitions/S3Location" + }, + "SupplementalDataStorageLocationType": { + "$ref": "#/definitions/SupplementalDataStorageLocationType" + } + }, + "required": [ + "SupplementalDataStorageLocationType" + ], + "type": "object" + }, + "SupplementalDataStorageLocationType": { + "description": "Supplemental data storage location type.", + "enum": [ + "S3" + ], + "type": "string" + }, + "SupplementalDataStorageLocations": { + "description": "List of supplemental data storage locations.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SupplementalDataStorageLocation" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + }, "TagsMap": { "additionalProperties": false, "description": "A map of tag keys and values", @@ -482,12 +1126,20 @@ }, "EmbeddingModelConfiguration": { "$ref": "#/definitions/EmbeddingModelConfiguration" + }, + "SupplementalDataStorageConfiguration": { + "$ref": "#/definitions/SupplementalDataStorageConfiguration" } }, "required": [ "EmbeddingModelArn" ], "type": "object" + }, + "WorkgroupArn": { + "description": "Workgroup arn", + "pattern": "^(arn:(aws(-[a-z]+)*):redshift-serverless:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:workgroup/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$", + "type": "string" } }, "description": "Definition of AWS::Bedrock::KnowledgeBase Resource Type", @@ -608,11 +1260,15 @@ "required": [ "KnowledgeBaseConfiguration", "Name", - "RoleArn", - "StorageConfiguration" + "RoleArn" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "bedrock:TagResource", + "bedrock:UntagResource", + "bedrock:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-bedrock-prompt.json b/src/schema/aws-bedrock-prompt.json index e4865726..318dfff5 100644 --- a/src/schema/aws-bedrock-prompt.json +++ b/src/schema/aws-bedrock-prompt.json @@ -1,6 +1,179 @@ { "additionalProperties": false, "definitions": { + "AdditionalModelRequestFields": { + "description": "Contains model-specific configurations", + "type": "object" + }, + "AnyToolChoice": { + "additionalProperties": false, + "description": "Any Tool choice", + "type": "object" + }, + "AutoToolChoice": { + "additionalProperties": false, + "description": "Auto Tool choice", + "type": "object" + }, + "CachePointBlock": { + "additionalProperties": false, + "description": "CachePointBlock", + "properties": { + "Type": { + "$ref": "#/definitions/CachePointType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "CachePointType": { + "description": "CachePoint types for CachePointBlock", + "enum": [ + "default" + ], + "type": "string" + }, + "ChatPromptTemplateConfiguration": { + "additionalProperties": false, + "description": "Configuration for chat prompt template", + "properties": { + "InputVariables": { + "description": "List of input variables", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/PromptInputVariable" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "Messages": { + "description": "List of messages for chat prompt template", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Message" + }, + "minItems": 0, + "type": "array" + }, + "System": { + "description": "Configuration for chat prompt template", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/SystemContentBlock" + }, + "minItems": 0, + "type": "array" + }, + "ToolConfiguration": { + "$ref": "#/definitions/ToolConfiguration" + } + }, + "required": [ + "Messages" + ], + "type": "object" + }, + "ContentBlock": { + "description": "Configuration for chat prompt template", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Text": { + "description": "Configuration for chat prompt template", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Text" + ], + "title": "Text", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + } + }, + "required": [ + "CachePoint" + ], + "title": "CachePoint", + "type": "object" + } + ] + }, + "ConversationRole": { + "description": "Conversation roles for the chat prompt", + "enum": [ + "user", + "assistant" + ], + "type": "string" + }, + "Message": { + "additionalProperties": false, + "description": "Chat prompt Message", + "properties": { + "Content": { + "description": "List of Content Blocks", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ContentBlock" + }, + "minItems": 1, + "type": "array" + }, + "Role": { + "$ref": "#/definitions/ConversationRole" + } + }, + "required": [ + "Role", + "Content" + ], + "type": "object" + }, + "PromptAgentResource": { + "additionalProperties": false, + "description": "Target Agent to invoke with Prompt", + "properties": { + "AgentIdentifier": { + "description": "Arn representation of the Agent Alias.", + "maxLength": 2048, + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$", + "type": "string" + } + }, + "required": [ + "AgentIdentifier" + ], + "type": "object" + }, + "PromptGenAiResource": { + "description": "Target resource to invoke with Prompt", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Agent": { + "$ref": "#/definitions/PromptAgentResource" + } + }, + "required": [ + "Agent" + ], + "title": "Agent", + "type": "object" + } + ] + }, "PromptInferenceConfiguration": { "description": "Model inference configuration", "oneOf": [ @@ -31,6 +204,47 @@ }, "type": "object" }, + "PromptMetadataEntry": { + "additionalProperties": false, + "description": "Contains a key-value pair that defines a metadata tag and value to attach to a prompt variant.", + "properties": { + "Key": { + "$ref": "#/definitions/PromptMetadataKey" + }, + "Value": { + "$ref": "#/definitions/PromptMetadataValue" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "PromptMetadataKey": { + "description": "The key of a metadata tag for a prompt variant.", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + }, + "PromptMetadataList": { + "description": "List of metadata to associate with the prompt variant.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/PromptMetadataEntry" + }, + "maxItems": 50, + "minItems": 0, + "type": "array" + }, + "PromptMetadataValue": { + "description": "The value of a metadata tag for a prompt variant.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + }, "PromptModelInferenceConfiguration": { "additionalProperties": false, "description": "Prompt model inference configuration", @@ -57,12 +271,6 @@ "minimum": 0, "type": "number" }, - "TopK": { - "description": "Sample from the k most likely next tokens", - "maximum": 500, - "minimum": 0, - "type": "number" - }, "TopP": { "description": "Cumulative probability cutoff for token selection", "maximum": 1, @@ -87,13 +295,27 @@ ], "title": "Text", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Chat": { + "$ref": "#/definitions/ChatPromptTemplateConfiguration" + } + }, + "required": [ + "Chat" + ], + "title": "Chat", + "type": "object" } ] }, "PromptTemplateType": { "description": "Prompt template type", "enum": [ - "TEXT" + "TEXT", + "CHAT" ], "type": "string" }, @@ -101,14 +323,23 @@ "additionalProperties": false, "description": "Prompt variant", "properties": { + "AdditionalModelRequestFields": { + "$ref": "#/definitions/AdditionalModelRequestFields" + }, + "GenAiResource": { + "$ref": "#/definitions/PromptGenAiResource" + }, "InferenceConfiguration": { "$ref": "#/definitions/PromptInferenceConfiguration" }, + "Metadata": { + "$ref": "#/definitions/PromptMetadataList" + }, "ModelId": { - "description": "ARN or name of a Bedrock model.", + "description": "ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models.", "maxLength": 2048, "minLength": 1, - "pattern": "^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)$", + "pattern": "^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$", "type": "string" }, "Name": { @@ -125,10 +356,61 @@ }, "required": [ "Name", - "TemplateType" + "TemplateType", + "TemplateConfiguration" ], "type": "object" }, + "SpecificToolChoice": { + "additionalProperties": false, + "description": "Specific Tool choice", + "properties": { + "Name": { + "description": "Tool name", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$", + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "SystemContentBlock": { + "description": "Configuration for chat prompt template", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Text": { + "description": "Configuration for chat prompt template", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Text" + ], + "title": "Text", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + } + }, + "required": [ + "CachePoint" + ], + "title": "CachePoint", + "type": "object" + } + ] + }, "TagsMap": { "additionalProperties": false, "description": "A map of tag keys and values", @@ -147,13 +429,16 @@ "additionalProperties": false, "description": "Configuration for text prompt template", "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + }, "InputVariables": { "description": "List of input variables", "insertionOrder": true, "items": { "$ref": "#/definitions/PromptInputVariable" }, - "maxItems": 5, + "maxItems": 20, "minItems": 0, "type": "array" }, @@ -199,6 +484,147 @@ "Key" ], "type": "object" + }, + "Tool": { + "description": "Tool details", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "ToolSpec": { + "$ref": "#/definitions/ToolSpecification" + } + }, + "required": [ + "ToolSpec" + ], + "title": "ToolSpec", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + } + }, + "required": [ + "CachePoint" + ], + "title": "CachePoint", + "type": "object" + } + ] + }, + "ToolChoice": { + "description": "Tool choice", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Auto": { + "$ref": "#/definitions/AutoToolChoice" + } + }, + "required": [ + "Auto" + ], + "title": "Auto", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Any": { + "$ref": "#/definitions/AnyToolChoice" + } + }, + "required": [ + "Any" + ], + "title": "Any", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Tool": { + "$ref": "#/definitions/SpecificToolChoice" + } + }, + "required": [ + "Tool" + ], + "title": "Tool", + "type": "object" + } + ] + }, + "ToolConfiguration": { + "additionalProperties": false, + "description": "Tool configuration", + "properties": { + "ToolChoice": { + "$ref": "#/definitions/ToolChoice" + }, + "Tools": { + "description": "List of Tools", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Tool" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Tools" + ], + "type": "object" + }, + "ToolInputSchema": { + "description": "Tool input schema", + "oneOf": [ + { + "additionalProperties": false, + "description": "Tool input schema json", + "properties": { + "Json": { + "type": "object" + } + }, + "required": [ + "Json" + ], + "title": "Json", + "type": "object" + } + ] + }, + "ToolSpecification": { + "additionalProperties": false, + "description": "Tool specification", + "properties": { + "Description": { + "minLength": 1, + "type": "string" + }, + "InputSchema": { + "$ref": "#/definitions/ToolInputSchema" + }, + "Name": { + "description": "Tool name", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$", + "type": "string" + } + }, + "required": [ + "Name", + "InputSchema" + ], + "type": "object" } }, "description": "Definition of AWS::Bedrock::Prompt Resource Type", @@ -305,7 +731,7 @@ "items": { "$ref": "#/definitions/PromptVariant" }, - "maxItems": 3, + "maxItems": 1, "minItems": 0, "type": "array" }, diff --git a/src/schema/aws-bedrock-promptversion.json b/src/schema/aws-bedrock-promptversion.json index 0311d8e3..a85d4b90 100644 --- a/src/schema/aws-bedrock-promptversion.json +++ b/src/schema/aws-bedrock-promptversion.json @@ -2,9 +2,183 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/PromptArn", - "/properties/Description" + "/properties/Description", + "/properties/Tags" ], "definitions": { + "AdditionalModelRequestFields": { + "description": "Contains model-specific configurations", + "type": "object" + }, + "AnyToolChoice": { + "additionalProperties": false, + "description": "Any Tool choice", + "type": "object" + }, + "AutoToolChoice": { + "additionalProperties": false, + "description": "Auto Tool choice", + "type": "object" + }, + "CachePointBlock": { + "additionalProperties": false, + "description": "CachePointBlock", + "properties": { + "Type": { + "$ref": "#/definitions/CachePointType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "CachePointType": { + "description": "CachePoint types for CachePointBlock", + "enum": [ + "default" + ], + "type": "string" + }, + "ChatPromptTemplateConfiguration": { + "additionalProperties": false, + "description": "Configuration for chat prompt template", + "properties": { + "InputVariables": { + "description": "List of input variables", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/PromptInputVariable" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "Messages": { + "description": "List of messages for chat prompt template", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Message" + }, + "minItems": 0, + "type": "array" + }, + "System": { + "description": "Configuration for chat prompt template", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/SystemContentBlock" + }, + "minItems": 0, + "type": "array" + }, + "ToolConfiguration": { + "$ref": "#/definitions/ToolConfiguration" + } + }, + "required": [ + "Messages" + ], + "type": "object" + }, + "ContentBlock": { + "description": "Configuration for chat prompt template", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Text": { + "description": "Configuration for chat prompt template", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Text" + ], + "title": "Text", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + } + }, + "required": [ + "CachePoint" + ], + "title": "CachePoint", + "type": "object" + } + ] + }, + "ConversationRole": { + "description": "Conversation roles for the chat prompt", + "enum": [ + "user", + "assistant" + ], + "type": "string" + }, + "Message": { + "additionalProperties": false, + "description": "Chat prompt Message", + "properties": { + "Content": { + "description": "List of Content Blocks", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ContentBlock" + }, + "minItems": 1, + "type": "array" + }, + "Role": { + "$ref": "#/definitions/ConversationRole" + } + }, + "required": [ + "Role", + "Content" + ], + "type": "object" + }, + "PromptAgentResource": { + "additionalProperties": false, + "description": "Target Agent to invoke with Prompt", + "properties": { + "AgentIdentifier": { + "description": "Arn representation of the Agent Alias.", + "maxLength": 2048, + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$", + "type": "string" + } + }, + "required": [ + "AgentIdentifier" + ], + "type": "object" + }, + "PromptGenAiResource": { + "description": "Target resource to invoke with Prompt", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Agent": { + "$ref": "#/definitions/PromptAgentResource" + } + }, + "required": [ + "Agent" + ], + "title": "Agent", + "type": "object" + } + ] + }, "PromptInferenceConfiguration": { "description": "Model inference configuration", "oneOf": [ @@ -35,6 +209,47 @@ }, "type": "object" }, + "PromptMetadataEntry": { + "additionalProperties": false, + "description": "Contains a key-value pair that defines a metadata tag and value to attach to a prompt variant.", + "properties": { + "Key": { + "$ref": "#/definitions/PromptMetadataKey" + }, + "Value": { + "$ref": "#/definitions/PromptMetadataValue" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "PromptMetadataKey": { + "description": "The key of a metadata tag for a prompt variant.", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + }, + "PromptMetadataList": { + "description": "List of metadata to associate with the prompt variant.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/PromptMetadataEntry" + }, + "maxItems": 50, + "minItems": 0, + "type": "array" + }, + "PromptMetadataValue": { + "description": "The value of a metadata tag for a prompt variant.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + }, "PromptModelInferenceConfiguration": { "additionalProperties": false, "description": "Prompt model inference configuration", @@ -61,12 +276,6 @@ "minimum": 0, "type": "number" }, - "TopK": { - "description": "Sample from the k most likely next tokens", - "maximum": 500, - "minimum": 0, - "type": "number" - }, "TopP": { "description": "Cumulative probability cutoff for token selection", "maximum": 1, @@ -91,13 +300,27 @@ ], "title": "Text", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Chat": { + "$ref": "#/definitions/ChatPromptTemplateConfiguration" + } + }, + "required": [ + "Chat" + ], + "title": "Chat", + "type": "object" } ] }, "PromptTemplateType": { "description": "Prompt template type", "enum": [ - "TEXT" + "TEXT", + "CHAT" ], "type": "string" }, @@ -105,14 +328,23 @@ "additionalProperties": false, "description": "Prompt variant", "properties": { + "AdditionalModelRequestFields": { + "$ref": "#/definitions/AdditionalModelRequestFields" + }, + "GenAiResource": { + "$ref": "#/definitions/PromptGenAiResource" + }, "InferenceConfiguration": { "$ref": "#/definitions/PromptInferenceConfiguration" }, + "Metadata": { + "$ref": "#/definitions/PromptMetadataList" + }, "ModelId": { - "description": "ARN or name of a Bedrock model.", + "description": "ARN or Id of a Bedrock Foundational Model or Inference Profile, or the ARN of a imported model, or a provisioned throughput ARN for custom models.", "maxLength": 2048, "minLength": 1, - "pattern": "^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)$", + "pattern": "^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$", "type": "string" }, "Name": { @@ -129,22 +361,90 @@ }, "required": [ "Name", - "TemplateType" + "TemplateType", + "TemplateConfiguration" ], "type": "object" }, + "SpecificToolChoice": { + "additionalProperties": false, + "description": "Specific Tool choice", + "properties": { + "Name": { + "description": "Tool name", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$", + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "SystemContentBlock": { + "description": "Configuration for chat prompt template", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Text": { + "description": "Configuration for chat prompt template", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Text" + ], + "title": "Text", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + } + }, + "required": [ + "CachePoint" + ], + "title": "CachePoint", + "type": "object" + } + ] + }, + "TagsMap": { + "additionalProperties": false, + "description": "A map of tag keys and values", + "patternProperties": { + "^[a-zA-Z0-9\\s._:/=+@-]*$": { + "description": "Value of a tag", + "maxLength": 256, + "minLength": 0, + "pattern": "^[a-zA-Z0-9\\s._:/=+@-]*$", + "type": "string" + } + }, + "type": "object" + }, "TextPromptTemplateConfiguration": { "additionalProperties": false, "description": "Configuration for text prompt template", "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + }, "InputVariables": { "description": "List of input variables", "insertionOrder": true, "items": { "$ref": "#/definitions/PromptInputVariable" }, - "maxItems": 5, - "minItems": 1, + "maxItems": 20, + "minItems": 0, "type": "array" }, "Text": { @@ -158,6 +458,147 @@ "Text" ], "type": "object" + }, + "Tool": { + "description": "Tool details", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "ToolSpec": { + "$ref": "#/definitions/ToolSpecification" + } + }, + "required": [ + "ToolSpec" + ], + "title": "ToolSpec", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "CachePoint": { + "$ref": "#/definitions/CachePointBlock" + } + }, + "required": [ + "CachePoint" + ], + "title": "CachePoint", + "type": "object" + } + ] + }, + "ToolChoice": { + "description": "Tool choice", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Auto": { + "$ref": "#/definitions/AutoToolChoice" + } + }, + "required": [ + "Auto" + ], + "title": "Auto", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Any": { + "$ref": "#/definitions/AnyToolChoice" + } + }, + "required": [ + "Any" + ], + "title": "Any", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Tool": { + "$ref": "#/definitions/SpecificToolChoice" + } + }, + "required": [ + "Tool" + ], + "title": "Tool", + "type": "object" + } + ] + }, + "ToolConfiguration": { + "additionalProperties": false, + "description": "Tool configuration", + "properties": { + "ToolChoice": { + "$ref": "#/definitions/ToolChoice" + }, + "Tools": { + "description": "List of Tools", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Tool" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Tools" + ], + "type": "object" + }, + "ToolInputSchema": { + "description": "Tool input schema", + "oneOf": [ + { + "additionalProperties": false, + "description": "Tool input schema json", + "properties": { + "Json": { + "type": "object" + } + }, + "required": [ + "Json" + ], + "title": "Json", + "type": "object" + } + ] + }, + "ToolSpecification": { + "additionalProperties": false, + "description": "Tool specification", + "properties": { + "Description": { + "minLength": 1, + "type": "string" + }, + "InputSchema": { + "$ref": "#/definitions/ToolInputSchema" + }, + "Name": { + "description": "Tool name", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$", + "type": "string" + } + }, + "required": [ + "Name", + "InputSchema" + ], + "type": "object" } }, "description": "Definition of AWS::Bedrock::PromptVersion Resource Type", @@ -165,7 +606,11 @@ "create": { "permissions": [ "bedrock:CreatePromptVersion", - "bedrock:GetPrompt" + "bedrock:GetPrompt", + "bedrock:TagResource", + "bedrock:ListTagsForResource", + "kms:GenerateDataKey", + "kms:Decrypt" ] }, "delete": { @@ -191,12 +636,9 @@ }, "read": { "permissions": [ - "bedrock:GetPrompt" - ] - }, - "update": { - "permissions": [ - "noservice:NoAction" + "bedrock:GetPrompt", + "bedrock:ListTagsForResource", + "kms:Decrypt" ] } }, @@ -216,6 +658,13 @@ "format": "date-time", "type": "string" }, + "CustomerEncryptionKeyArn": { + "description": "A KMS key ARN", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$", + "type": "string" + }, "DefaultVariant": { "description": "Name for a variant.", "pattern": "^([0-9a-zA-Z][_-]?){1,100}$", @@ -244,6 +693,9 @@ "pattern": "^[0-9a-zA-Z]{10}$", "type": "string" }, + "Tags": { + "$ref": "#/definitions/TagsMap" + }, "UpdatedAt": { "description": "Time Stamp.", "format": "date-time", @@ -255,7 +707,7 @@ "items": { "$ref": "#/definitions/PromptVariant" }, - "maxItems": 3, + "maxItems": 1, "minItems": 1, "type": "array" }, @@ -275,14 +727,23 @@ "/properties/Version", "/properties/Name", "/properties/DefaultVariant", - "/properties/Variants" + "/properties/Variants", + "/properties/CustomerEncryptionKeyArn" ], "required": [ "PromptArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-bedrock-prompts", "tagging": { - "taggable": false + "cloudFormationSystemTags": false, + "permissions": [ + "bedrock:TagResource", + "bedrock:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true }, "typeName": "AWS::Bedrock::PromptVersion" } diff --git a/src/schema/aws-billingconductor-billinggroup.json b/src/schema/aws-billingconductor-billinggroup.json index 34d54f56..67f07ee8 100644 --- a/src/schema/aws-billingconductor-billinggroup.json +++ b/src/schema/aws-billingconductor-billinggroup.json @@ -190,6 +190,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-billing-conductor.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "billingconductor:ListTagsForResource", + "billingconductor:TagResource", + "billingconductor:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-billingconductor-customlineitem.json b/src/schema/aws-billingconductor-customlineitem.json index b59134e4..8a6985a9 100644 --- a/src/schema/aws-billingconductor-customlineitem.json +++ b/src/schema/aws-billingconductor-customlineitem.json @@ -289,6 +289,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-billing-conductor.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "billingconductor:ListTagsForResource", + "billingconductor:TagResource", + "billingconductor:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-billingconductor-pricingplan.json b/src/schema/aws-billingconductor-pricingplan.json index 5d8f7f2d..3882ecdc 100644 --- a/src/schema/aws-billingconductor-pricingplan.json +++ b/src/schema/aws-billingconductor-pricingplan.json @@ -130,6 +130,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-billing-conductor.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "billingconductor:ListTagsForResource", + "billingconductor:TagResource", + "billingconductor:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-billingconductor-pricingrule.json b/src/schema/aws-billingconductor-pricingrule.json index d6e88342..883b2076 100644 --- a/src/schema/aws-billingconductor-pricingrule.json +++ b/src/schema/aws-billingconductor-pricingrule.json @@ -201,6 +201,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-billing-conductor.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "billingconductor:ListTagsForResource", + "billingconductor:TagResource", + "billingconductor:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-budgets-budgetsaction.json b/src/schema/aws-budgets-budgetsaction.json index 4291664d..fb2306b1 100644 --- a/src/schema/aws-budgets-budgetsaction.json +++ b/src/schema/aws-budgets-budgetsaction.json @@ -271,6 +271,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "budgets:TagResource", + "budgets:UntagResource", + "budgets:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/ResourceTags", "tagUpdatable": true, diff --git a/src/schema/aws-cassandra-keyspace.json b/src/schema/aws-cassandra-keyspace.json index 5cc178e2..caac1a6f 100644 --- a/src/schema/aws-cassandra-keyspace.json +++ b/src/schema/aws-cassandra-keyspace.json @@ -1,7 +1,6 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/ReplicationSpecification", "/properties/KeyspaceName" ], "definitions": { @@ -9,6 +8,7 @@ "insertionOrder": false, "items": { "enum": [ + "af-south-1", "ap-northeast-1", "ap-northeast-2", "ap-south-1", @@ -120,12 +120,23 @@ "permissions": [ "cassandra:Alter", "cassandra:AlterMultiRegionResource", + "cassandra:Modify", + "cassandra:ModifyMultiRegionResource", "cassandra:Select", "cassandra:SelectMultiRegionResource", "cassandra:TagResource", "cassandra:TagMultiRegionResource", "cassandra:UntagResource", - "cassandra:UntagMultiRegionResource" + "cassandra:UntagMultiRegionResource", + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm", + "iam:CreateServiceLinkedRole" ] } }, @@ -133,6 +144,10 @@ "/properties/KeyspaceName" ], "properties": { + "ClientSideTimestampsEnabled": { + "description": "Indicates whether client-side timestamps are enabled (true) or disabled (false) for all tables in the keyspace. To add a Region to a single-Region keyspace with at least one table, the value must be set to true. After you enabled client-side timestamps for a table, you can\u2019t disable it again.", + "type": "boolean" + }, "KeyspaceName": { "description": "Name for Cassandra keyspace", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_]{1,47}$", @@ -152,5 +167,18 @@ } }, "required": [], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "cassandra:TagResource", + "cassandra:TagMultiRegionResource", + "cassandra:UntagResource", + "cassandra:UntagMultiRegionResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Cassandra::Keyspace" } diff --git a/src/schema/aws-cassandra-table.json b/src/schema/aws-cassandra-table.json index 4b62acb2..45e6cc22 100644 --- a/src/schema/aws-cassandra-table.json +++ b/src/schema/aws-cassandra-table.json @@ -417,6 +417,19 @@ "KeyspaceName", "PartitionKeyColumns" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "cassandra:TagResource", + "cassandra:TagMultiRegionResource", + "cassandra:UntagResource", + "cassandra:UntagMultiRegionResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Cassandra::Table", "writeOnlyProperties": [ "/properties/AutoScalingSpecifications", diff --git a/src/schema/aws-cassandra-type.json b/src/schema/aws-cassandra-type.json new file mode 100644 index 00000000..a4b62c93 --- /dev/null +++ b/src/schema/aws-cassandra-type.json @@ -0,0 +1,120 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/KeyspaceName", + "/properties/TypeName", + "/properties/Fields" + ], + "definitions": { + "Field": { + "additionalProperties": false, + "properties": { + "FieldName": { + "type": "string" + }, + "FieldType": { + "type": "string" + } + }, + "required": [ + "FieldName", + "FieldType" + ], + "type": "object" + } + }, + "description": "Resource schema for AWS::Cassandra::Type", + "handlers": { + "create": { + "permissions": [ + "cassandra:Create", + "cassandra:Select" + ] + }, + "delete": { + "permissions": [ + "cassandra:Drop", + "cassandra:Select" + ] + }, + "list": { + "permissions": [ + "cassandra:Select" + ] + }, + "read": { + "permissions": [ + "cassandra:Select" + ] + } + }, + "primaryIdentifier": [ + "/properties/KeyspaceName", + "/properties/TypeName" + ], + "properties": { + "DirectParentTypes": { + "description": "List of parent User-Defined Types that directly reference the User-Defined Type in their fields.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, + "DirectReferringTables": { + "description": "List of Tables that directly reference the User-Defined Type in their columns.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, + "Fields": { + "description": "Field definitions of the User-Defined Type", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Field" + }, + "type": "array", + "uniqueItems": true + }, + "KeyspaceArn": { + "description": "ARN of the Keyspace which contains the User-Defined Type.", + "type": "string" + }, + "KeyspaceName": { + "description": "Name of the Keyspace which contains the User-Defined Type.", + "type": "string" + }, + "LastModifiedTimestamp": { + "description": "Timestamp of the last time the User-Defined Type's meta data was modified.", + "type": "number" + }, + "MaxNestingDepth": { + "description": "Maximum nesting depth of the User-Defined Type across the field types.", + "type": "integer" + }, + "TypeName": { + "description": "Name of the User-Defined Type.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/DirectReferringTables", + "/properties/DirectParentTypes", + "/properties/MaxNestingDepth", + "/properties/LastModifiedTimestamp", + "/properties/KeyspaceArn" + ], + "required": [ + "KeyspaceName", + "TypeName", + "Fields" + ], + "tagging": { + "taggable": false + }, + "typeName": "AWS::Cassandra::Type" +} diff --git a/src/schema/aws-ce-anomalymonitor.json b/src/schema/aws-ce-anomalymonitor.json index 7f750349..c6cf0d8b 100644 --- a/src/schema/aws-ce-anomalymonitor.json +++ b/src/schema/aws-ce-anomalymonitor.json @@ -57,7 +57,8 @@ }, "read": { "permissions": [ - "ce:GetAnomalyMonitors" + "ce:GetAnomalyMonitors", + "ce:ListTagsForResource" ] }, "update": { @@ -146,8 +147,15 @@ "MonitorType" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "typeName": "AWS::CE::AnomalyMonitor", - "writeOnlyProperties": [ - "/properties/ResourceTags" - ] + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ce:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/ResourceTags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::CE::AnomalyMonitor" } diff --git a/src/schema/aws-ce-anomalysubscription.json b/src/schema/aws-ce-anomalysubscription.json index e754b703..3ee9ba2b 100644 --- a/src/schema/aws-ce-anomalysubscription.json +++ b/src/schema/aws-ce-anomalysubscription.json @@ -82,7 +82,8 @@ }, "read": { "permissions": [ - "ce:GetAnomalySubscriptions" + "ce:GetAnomalySubscriptions", + "ce:ListTagsForResource" ] }, "update": { @@ -168,8 +169,15 @@ "SubscriptionName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "typeName": "AWS::CE::AnomalySubscription", - "writeOnlyProperties": [ - "/properties/ResourceTags" - ] + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ce:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/ResourceTags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::CE::AnomalySubscription" } diff --git a/src/schema/aws-ce-costcategory.json b/src/schema/aws-ce-costcategory.json index c6e4e411..29987426 100644 --- a/src/schema/aws-ce-costcategory.json +++ b/src/schema/aws-ce-costcategory.json @@ -4,6 +4,30 @@ "/properties/Name" ], "definitions": { + "ResourceTag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name for the tag.", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:).*$", + "type": "string" + }, + "Value": { + "description": "The value for the tag.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, "ZonedDateTime": { "description": "ISO 8601 date time with offset format", "maxLength": 25, @@ -12,11 +36,12 @@ "type": "string" } }, - "description": "Cost Category enables you to map your cost and usage into meaningful categories. You can use Cost Category to organize your costs using a rule-based engine.", + "description": "Resource Type definition for AWS::CE::CostCategory. Cost Category enables you to map your cost and usage into meaningful categories. You can use Cost Category to organize your costs using a rule-based engine.", "handlers": { "create": { "permissions": [ - "ce:CreateCostCategoryDefinition" + "ce:CreateCostCategoryDefinition", + "ce:TagResource" ] }, "delete": { @@ -31,12 +56,15 @@ }, "read": { "permissions": [ - "ce:DescribeCostCategoryDefinition" + "ce:DescribeCostCategoryDefinition", + "ce:ListTagsForResource" ] }, "update": { "permissions": [ - "ce:UpdateCostCategoryDefinition" + "ce:UpdateCostCategoryDefinition", + "ce:TagResource", + "ce:UntagResource" ] } }, @@ -76,6 +104,16 @@ "SplitChargeRules": { "description": "Json array format of CostCategorySplitChargeRule in Billing and Cost Management API", "type": "string" + }, + "Tags": { + "description": "Tags to assign to the cost category.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ResourceTag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" } }, "readOnlyProperties": [ @@ -88,5 +126,17 @@ "Rules" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cost-explorer.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ce:TagResource", + "ce:UntagResource", + "ce:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::CE::CostCategory" } diff --git a/src/schema/aws-chatbot-customaction.json b/src/schema/aws-chatbot-customaction.json new file mode 100644 index 00000000..6b9288f5 --- /dev/null +++ b/src/schema/aws-chatbot-customaction.json @@ -0,0 +1,209 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ActionName" + ], + "definitions": { + "CustomActionAttachment": { + "additionalProperties": false, + "properties": { + "ButtonText": { + "maxLength": 50, + "minLength": 1, + "pattern": "^[\\S\\s]+$", + "type": "string" + }, + "Criteria": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CustomActionAttachmentCriteria" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + }, + "NotificationType": { + "maxLength": 100, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-]+$", + "type": "string" + }, + "Variables": { + "$ref": "#/definitions/CustomActionAttachmentVariables" + } + }, + "type": "object" + }, + "CustomActionAttachmentCriteria": { + "additionalProperties": false, + "properties": { + "Operator": { + "$ref": "#/definitions/CustomActionAttachmentCriteriaOperator" + }, + "Value": { + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "VariableName": { + "type": "string" + } + }, + "required": [ + "Operator", + "VariableName" + ], + "type": "object" + }, + "CustomActionAttachmentCriteriaOperator": { + "enum": [ + "HAS_VALUE", + "EQUALS" + ], + "type": "string" + }, + "CustomActionAttachmentVariables": { + "additionalProperties": false, + "maxProperties": 5, + "minProperties": 1, + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + }, + "CustomActionDefinition": { + "additionalProperties": false, + "properties": { + "CommandText": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "CommandText" + ], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Definition of AWS::Chatbot::CustomAction Resource Type", + "handlers": { + "create": { + "permissions": [ + "chatbot:CreateCustomAction", + "chatbot:GetCustomAction", + "chatbot:TagResource", + "chatbot:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "chatbot:DeleteCustomAction" + ] + }, + "list": { + "permissions": [ + "chatbot:ListCustomActions" + ] + }, + "read": { + "permissions": [ + "chatbot:GetCustomAction", + "chatbot:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "chatbot:UpdateCustomAction", + "chatbot:GetCustomAction", + "chatbot:TagResource", + "chatbot:UntagResource", + "chatbot:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/CustomActionArn" + ], + "properties": { + "ActionName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]{1,64}$", + "type": "string" + }, + "AliasName": { + "maxLength": 30, + "minLength": 1, + "pattern": "^[A-Za-z0-9-_]+$", + "type": "string" + }, + "Attachments": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CustomActionAttachment" + }, + "type": "array" + }, + "CustomActionArn": { + "maxLength": 1011, + "minLength": 1, + "pattern": "^arn:(aws[a-zA-Z-]*)?:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$", + "type": "string" + }, + "Definition": { + "$ref": "#/definitions/CustomActionDefinition" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/CustomActionArn" + ], + "required": [ + "ActionName", + "Definition" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "chatbot:TagResource", + "chatbot:ListTagsForResource", + "chatbot:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Chatbot::CustomAction" +} diff --git a/src/schema/aws-chatbot-microsoftteamschannelconfiguration.json b/src/schema/aws-chatbot-microsoftteamschannelconfiguration.json index bca77082..eeb1de08 100644 --- a/src/schema/aws-chatbot-microsoftteamschannelconfiguration.json +++ b/src/schema/aws-chatbot-microsoftteamschannelconfiguration.json @@ -29,6 +29,8 @@ "permissions": [ "chatbot:CreateMicrosoftTeamsChannelConfiguration", "chatbot:TagResource", + "chatbot:AssociateToConfiguration", + "chatbot:ListAssociations", "iam:PassRole", "iam:CreateServiceLinkedRole" ] @@ -36,17 +38,21 @@ "delete": { "permissions": [ "chatbot:GetMicrosoftTeamsChannelConfiguration", - "chatbot:DeleteMicrosoftTeamsChannelConfiguration" + "chatbot:DeleteMicrosoftTeamsChannelConfiguration", + "chatbot:DisassociateFromConfiguration", + "chatbot:ListAssociations" ] }, "list": { "permissions": [ - "chatbot:ListMicrosoftTeamsChannelConfigurations" + "chatbot:ListMicrosoftTeamsChannelConfigurations", + "chatbot:ListAssociations" ] }, "read": { "permissions": [ - "chatbot:GetMicrosoftTeamsChannelConfiguration" + "chatbot:GetMicrosoftTeamsChannelConfiguration", + "chatbot:ListAssociations" ] }, "update": { @@ -55,6 +61,9 @@ "chatbot:TagResource", "chatbot:UntagResource", "chatbot:ListTagsForResource", + "chatbot:AssociateToConfiguration", + "chatbot:DisassociateFromConfiguration", + "chatbot:ListAssociations", "iam:PassRole" ] } @@ -75,6 +84,15 @@ "pattern": "^[A-Za-z0-9-_]+$", "type": "string" }, + "CustomizationResourceArns": { + "description": "ARNs of Custom Actions to associate with notifications in the provided chat channel.", + "insertionOrder": false, + "items": { + "pattern": "^arn:aws:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$", + "type": "string" + }, + "type": "array" + }, "GuardrailPolicies": { "description": "The list of IAM policy ARNs that are applied as channel guardrails. The AWS managed 'AdministratorAccess' policy is applied as a default if this is not set.", "insertionOrder": false, @@ -127,6 +145,13 @@ "pattern": "^([a-zA-Z0-9-_=+/.,])*%3[aA]([a-zA-Z0-9-_=+/.,])*%40([a-zA-Z0-9-_=+/.,])*$", "type": "string" }, + "TeamsChannelName": { + "description": "The name of the Microsoft Teams channel", + "maxLength": 256, + "minLength": 1, + "pattern": "^(.*)$", + "type": "string" + }, "TeamsTenantId": { "description": "The id of the Microsoft Teams tenant", "maxLength": 36, @@ -153,6 +178,11 @@ "sourceUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-chatbot-microsoftteamschannelconfiguration.html", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "chatbot:TagResource", + "chatbot:ListTagsForResource", + "chatbot:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-chatbot-slackchannelconfiguration.json b/src/schema/aws-chatbot-slackchannelconfiguration.json index 7c6b9fb2..55b6d1fb 100644 --- a/src/schema/aws-chatbot-slackchannelconfiguration.json +++ b/src/schema/aws-chatbot-slackchannelconfiguration.json @@ -28,23 +28,29 @@ "permissions": [ "chatbot:CreateSlackChannelConfiguration", "chatbot:TagResource", + "chatbot:AssociateToConfiguration", + "chatbot:ListAssociations", "iam:PassRole", "iam:CreateServiceLinkedRole" ] }, "delete": { "permissions": [ - "chatbot:DeleteSlackChannelConfiguration" + "chatbot:DeleteSlackChannelConfiguration", + "chatbot:DisassociateFromConfiguration", + "chatbot:ListAssociations" ] }, "list": { "permissions": [ - "chatbot:DescribeSlackChannelConfigurations" + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:ListAssociations" ] }, "read": { "permissions": [ - "chatbot:DescribeSlackChannelConfigurations" + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:ListAssociations" ] }, "update": { @@ -53,6 +59,9 @@ "chatbot:TagResource", "chatbot:UntagResource", "chatbot:ListTagsForResource", + "chatbot:AssociateToConfiguration", + "chatbot:DisassociateFromConfiguration", + "chatbot:ListAssociations", "iam:PassRole" ] } @@ -73,6 +82,15 @@ "pattern": "^[A-Za-z0-9-_]+$", "type": "string" }, + "CustomizationResourceArns": { + "description": "ARNs of Custom Actions to associate with notifications in the provided chat channel.", + "insertionOrder": false, + "items": { + "pattern": "^arn:aws:chatbot:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:custom-action/[a-zA-Z0-9_-]{1,64}$", + "type": "string" + }, + "type": "array" + }, "GuardrailPolicies": { "description": "The list of IAM policy ARNs that are applied as channel guardrails. The AWS managed 'AdministratorAccess' policy is applied as a default if this is not set.", "insertionOrder": false, @@ -143,6 +161,11 @@ "sourceUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-chatbot-slackchannelconfiguration.html", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "chatbot:TagResource", + "chatbot:ListTagsForResource", + "chatbot:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cleanrooms-analysistemplate.json b/src/schema/aws-cleanrooms-analysistemplate.json index c65b94cc..78e2f476 100644 --- a/src/schema/aws-cleanrooms-analysistemplate.json +++ b/src/schema/aws-cleanrooms-analysistemplate.json @@ -4,12 +4,9 @@ "/properties/Name", "/properties/MembershipIdentifier", "/properties/Source", - "/properties/Source/Text", "/properties/Format", "/properties/AnalysisParameters", - "/properties/AnalysisParameters/Name", - "/properties/AnalysisParameters/Type", - "/properties/AnalysisParameters/DefaultValue" + "/properties/Schema" ], "definitions": { "AnalysisParameter": { @@ -42,7 +39,20 @@ "TIMESTAMPTZ", "TIME", "TIMETZ", - "VARBYTE" + "VARBYTE", + "BINARY", + "BYTE", + "CHARACTER", + "DOUBLE", + "FLOAT", + "INT", + "LONG", + "NUMERIC", + "SHORT", + "STRING", + "TIMESTAMP_LTZ", + "TIMESTAMP_NTZ", + "TINYINT" ], "type": "string" } @@ -66,19 +76,121 @@ "type": "object" }, "AnalysisSource": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Text": { + "maxLength": 90000, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Text" + ], + "title": "Text", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Artifacts": { + "$ref": "#/definitions/AnalysisTemplateArtifacts" + } + }, + "required": [ + "Artifacts" + ], + "title": "Artifacts", + "type": "object" + } + ] + }, + "AnalysisSourceMetadata": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Artifacts": { + "$ref": "#/definitions/AnalysisTemplateArtifactMetadata" + } + }, + "required": [ + "Artifacts" + ], + "title": "Artifacts", + "type": "object" + } + ] + }, + "AnalysisTemplateArtifact": { "additionalProperties": false, "properties": { - "Text": { - "maxLength": 15000, - "minLength": 0, + "Location": { + "$ref": "#/definitions/S3Location" + } + }, + "required": [ + "Location" + ], + "type": "object" + }, + "AnalysisTemplateArtifactMetadata": { + "additionalProperties": false, + "properties": { + "AdditionalArtifactHashes": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Hash" + }, + "type": "array" + }, + "EntryPointHash": { + "$ref": "#/definitions/Hash" + } + }, + "required": [ + "EntryPointHash" + ], + "type": "object" + }, + "AnalysisTemplateArtifacts": { + "additionalProperties": false, + "properties": { + "AdditionalArtifacts": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AnalysisTemplateArtifact" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + }, + "EntryPoint": { + "$ref": "#/definitions/AnalysisTemplateArtifact" + }, + "RoleArn": { + "maxLength": 512, + "minLength": 32, "type": "string" } }, "required": [ - "Text" + "EntryPoint", + "RoleArn" ], "type": "object" }, + "Hash": { + "additionalProperties": false, + "properties": { + "Sha256": { + "type": "string" + } + }, + "type": "object" + }, "ReferencedTables": { "insertionOrder": false, "items": { @@ -87,6 +199,24 @@ "minItems": 0, "type": "array" }, + "S3Location": { + "additionalProperties": false, + "properties": { + "Bucket": { + "maxLength": 63, + "minLength": 3, + "type": "string" + }, + "Key": { + "type": "string" + } + }, + "required": [ + "Bucket", + "Key" + ], + "type": "object" + }, "TableName": { "maxLength": 128, "pattern": "^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$", @@ -121,7 +251,8 @@ "cleanrooms:ListTagsForResource", "cleanrooms:TagResource", "cleanrooms:GetAnalysisTemplate", - "cleanrooms:ListAnalysisTemplates" + "cleanrooms:ListAnalysisTemplates", + "iam:PassRole" ] }, "delete": { @@ -206,7 +337,8 @@ }, "Format": { "enum": [ - "SQL" + "SQL", + "PYSPARK_1_0" ], "type": "string" }, @@ -231,6 +363,9 @@ "Source": { "$ref": "#/definitions/AnalysisSource" }, + "SourceMetadata": { + "$ref": "#/definitions/AnalysisSourceMetadata" + }, "Tags": { "description": "An arbitrary set of tags (key-value pairs) for this cleanrooms analysis template.", "insertionOrder": false, @@ -244,7 +379,6 @@ "/properties/CollaborationArn", "/properties/CollaborationIdentifier", "/properties/AnalysisTemplateIdentifier", - "/properties/Schema", "/properties/Arn", "/properties/MembershipArn" ], @@ -258,6 +392,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cleanrooms", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cleanrooms-collaboration.json b/src/schema/aws-cleanrooms-collaboration.json index 35086743..b3deea3d 100644 --- a/src/schema/aws-cleanrooms-collaboration.json +++ b/src/schema/aws-cleanrooms-collaboration.json @@ -3,12 +3,29 @@ "createOnlyProperties": [ "/properties/CreatorDisplayName", "/properties/CreatorMemberAbilities", + "/properties/CreatorMLMemberAbilities", "/properties/DataEncryptionMetadata", + "/properties/JobLogStatus", "/properties/QueryLogStatus", "/properties/Members", - "/properties/CreatorPaymentConfiguration" + "/properties/CreatorPaymentConfiguration", + "/properties/AnalyticsEngine" ], "definitions": { + "AnalyticsEngine": { + "enum": [ + "CLEAN_ROOMS_SQL", + "SPARK" + ], + "type": "string" + }, + "CollaborationJobLogStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "CollaborationQueryLogStatus": { "enum": [ "ENABLED", @@ -16,6 +33,21 @@ ], "type": "string" }, + "CustomMLMemberAbilities": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CustomMLMemberAbility" + }, + "type": "array", + "uniqueItems": true + }, + "CustomMLMemberAbility": { + "enum": [ + "CAN_RECEIVE_MODEL_OUTPUT", + "CAN_RECEIVE_INFERENCE_OUTPUT" + ], + "type": "string" + }, "DataEncryptionMetadata": { "additionalProperties": false, "properties": { @@ -40,6 +72,42 @@ ], "type": "object" }, + "JobComputePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, + "MLMemberAbilities": { + "additionalProperties": false, + "properties": { + "CustomMLMemberAbilities": { + "$ref": "#/definitions/CustomMLMemberAbilities" + } + }, + "required": [ + "CustomMLMemberAbilities" + ], + "type": "object" + }, + "MLPaymentConfig": { + "additionalProperties": false, + "properties": { + "ModelInference": { + "$ref": "#/definitions/ModelInferencePaymentConfig" + }, + "ModelTraining": { + "$ref": "#/definitions/ModelTrainingPaymentConfig" + } + }, + "type": "object" + }, "MemberAbilities": { "insertionOrder": false, "items": { @@ -51,6 +119,7 @@ "MemberAbility": { "enum": [ "CAN_QUERY", + "CAN_RUN_JOB", "CAN_RECEIVE_RESULTS" ], "type": "string" @@ -67,6 +136,9 @@ "DisplayName": { "$ref": "#/definitions/Name" }, + "MLMemberAbilities": { + "$ref": "#/definitions/MLMemberAbilities" + }, "MemberAbilities": { "$ref": "#/definitions/MemberAbilities" }, @@ -90,6 +162,30 @@ ], "type": "string" }, + "ModelInferencePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, + "ModelTrainingPaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, "Name": { "maxLength": 100, "minLength": 1, @@ -99,6 +195,12 @@ "PaymentConfiguration": { "additionalProperties": false, "properties": { + "JobCompute": { + "$ref": "#/definitions/JobComputePaymentConfig" + }, + "MachineLearning": { + "$ref": "#/definitions/MLPaymentConfig" + }, "QueryCompute": { "$ref": "#/definitions/QueryComputePaymentConfig" } @@ -192,6 +294,9 @@ "/properties/CollaborationIdentifier" ], "properties": { + "AnalyticsEngine": { + "$ref": "#/definitions/AnalyticsEngine" + }, "Arn": { "maxLength": 100, "type": "string" @@ -205,6 +310,9 @@ "CreatorDisplayName": { "$ref": "#/definitions/Name" }, + "CreatorMLMemberAbilities": { + "$ref": "#/definitions/MLMemberAbilities" + }, "CreatorMemberAbilities": { "$ref": "#/definitions/MemberAbilities" }, @@ -220,6 +328,9 @@ "pattern": "^(?!\\s*$)[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDBFF-\\uDC00\\uDFFF\\t\\r\\n]*$", "type": "string" }, + "JobLogStatus": { + "$ref": "#/definitions/CollaborationJobLogStatus" + }, "Members": { "insertionOrder": false, "items": { @@ -262,6 +373,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cleanrooms-configuredtable.json b/src/schema/aws-cleanrooms-configuredtable.json index e28b4960..ef61f01d 100644 --- a/src/schema/aws-cleanrooms-configuredtable.json +++ b/src/schema/aws-cleanrooms-configuredtable.json @@ -2,10 +2,17 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/AllowedColumns", - "/properties/AnalysisMethod", "/properties/TableReference" ], "definitions": { + "AdditionalAnalyses": { + "enum": [ + "ALLOWED", + "REQUIRED", + "NOT_ALLOWED" + ], + "type": "string" + }, "AggregateColumn": { "additionalProperties": false, "properties": { @@ -76,7 +83,7 @@ "AllowedAnalysis": { "maxLength": 200, "minLength": 0, - "pattern": "(ANY_QUERY|arn:[\\w]{3}:cleanrooms:[\\w]{2}-[\\w]{4,9}-[\\d]:[\\d]{12}:membership/[\\d\\w-]+/analysistemplate/[\\d\\w-]+)", + "pattern": "(ANY_QUERY|ANY_JOB|arn:[\\w]{3}:cleanrooms:[\\w]{2}-[\\w]{4,9}-[\\d]:[\\d]{12}:membership/[\\d\\w-]+/analysistemplate/[\\d\\w-]+)", "type": "string" }, "AllowedAnalysisProvider": { @@ -95,7 +102,9 @@ }, "AnalysisMethod": { "enum": [ - "DIRECT_QUERY" + "DIRECT_QUERY", + "DIRECT_JOB", + "MULTIPLE" ], "type": "string" }, @@ -118,6 +127,9 @@ "AnalysisRuleAggregation": { "additionalProperties": false, "properties": { + "AdditionalAnalyses": { + "$ref": "#/definitions/AdditionalAnalyses" + }, "AggregateColumns": { "insertionOrder": false, "items": { @@ -185,6 +197,9 @@ "AnalysisRuleCustom": { "additionalProperties": false, "properties": { + "AdditionalAnalyses": { + "$ref": "#/definitions/AdditionalAnalyses" + }, "AllowedAnalyses": { "$ref": "#/definitions/AllowedAnalyses" }, @@ -193,6 +208,9 @@ }, "DifferentialPrivacy": { "$ref": "#/definitions/DifferentialPrivacy" + }, + "DisallowedOutputColumns": { + "$ref": "#/definitions/DisallowedOutputColumns" } }, "required": [ @@ -203,6 +221,9 @@ "AnalysisRuleList": { "additionalProperties": false, "properties": { + "AdditionalAnalyses": { + "$ref": "#/definitions/AdditionalAnalyses" + }, "AllowedJoinOperators": { "insertionOrder": false, "items": { @@ -233,6 +254,35 @@ ], "type": "object" }, + "AthenaTableReference": { + "additionalProperties": false, + "properties": { + "DatabaseName": { + "maxLength": 128, + "type": "string" + }, + "OutputLocation": { + "maxLength": 1024, + "minLength": 8, + "type": "string" + }, + "TableName": { + "maxLength": 128, + "type": "string" + }, + "WorkGroup": { + "maxLength": 128, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "DatabaseName", + "TableName", + "WorkGroup" + ], + "type": "object" + }, "ConfiguredTableAnalysisRulePolicy": { "additionalProperties": false, "properties": { @@ -326,6 +376,14 @@ ], "type": "object" }, + "DisallowedOutputColumns": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AnalysisRuleColumnName" + }, + "minItems": 0, + "type": "array" + }, "GlueTableReference": { "additionalProperties": false, "properties": { @@ -388,19 +446,145 @@ ], "type": "string" }, - "TableReference": { + "SelectedAnalysisMethod": { + "enum": [ + "DIRECT_QUERY", + "DIRECT_JOB" + ], + "type": "string" + }, + "SelectedAnalysisMethods": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SelectedAnalysisMethod" + }, + "type": "array" + }, + "SnowflakeTableReference": { "additionalProperties": false, "properties": { - "Glue": { - "$ref": "#/definitions/GlueTableReference" + "AccountIdentifier": { + "maxLength": 256, + "minLength": 3, + "type": "string" + }, + "DatabaseName": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "SchemaName": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "SecretArn": { + "maxLength": 256, + "type": "string" + }, + "TableName": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "TableSchema": { + "$ref": "#/definitions/SnowflakeTableSchema" + } + }, + "required": [ + "AccountIdentifier", + "DatabaseName", + "SchemaName", + "SecretArn", + "TableName", + "TableSchema" + ], + "type": "object" + }, + "SnowflakeTableSchema": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "V1": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SnowflakeTableSchemaV1" + }, + "maxItems": 250, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "V1" + ], + "title": "V1", + "type": "object" + } + ] + }, + "SnowflakeTableSchemaV1": { + "additionalProperties": false, + "properties": { + "ColumnName": { + "maxLength": 128, + "type": "string" + }, + "ColumnType": { + "maxLength": 255, + "type": "string" } }, "required": [ - "Glue" + "ColumnName", + "ColumnType" ], - "title": "Glue", "type": "object" }, + "TableReference": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Glue": { + "$ref": "#/definitions/GlueTableReference" + } + }, + "required": [ + "Glue" + ], + "title": "Glue", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Snowflake": { + "$ref": "#/definitions/SnowflakeTableReference" + } + }, + "required": [ + "Snowflake" + ], + "title": "Snowflake", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Athena": { + "$ref": "#/definitions/AthenaTableReference" + } + }, + "required": [ + "Athena" + ], + "title": "Athena", + "type": "object" + } + ] + }, "Tag": { "additionalProperties": false, "properties": { @@ -442,7 +626,8 @@ "glue:GetSchemaVersion", "cleanrooms:ListTagsForResource", "cleanrooms:TagResource", - "cleanrooms:ListConfiguredTables" + "cleanrooms:ListConfiguredTables", + "athena:GetTableMetadata" ] }, "delete": { @@ -546,6 +731,9 @@ "pattern": "^(?!\\s*$)[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDBFF-\\uDC00\\uDFFF\\t]*$", "type": "string" }, + "SelectedAnalysisMethods": { + "$ref": "#/definitions/SelectedAnalysisMethods" + }, "TableReference": { "$ref": "#/definitions/TableReference" }, @@ -571,6 +759,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cleanrooms-configuredtableassociation.json b/src/schema/aws-cleanrooms-configuredtableassociation.json index b85fb0e8..979e3b87 100644 --- a/src/schema/aws-cleanrooms-configuredtableassociation.json +++ b/src/schema/aws-cleanrooms-configuredtableassociation.json @@ -6,6 +6,149 @@ "/properties/MembershipIdentifier" ], "definitions": { + "AllowedAdditionalAnalyses": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AllowedAdditionalAnalysis" + }, + "maxItems": 25, + "minItems": 0, + "type": "array" + }, + "AllowedAdditionalAnalysis": { + "maxLength": 256, + "type": "string" + }, + "AllowedResultReceiver": { + "maxLength": 12, + "minLength": 12, + "pattern": "\\d+", + "type": "string" + }, + "AllowedResultReceivers": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AllowedResultReceiver" + }, + "minItems": 0, + "type": "array" + }, + "ConfiguredTableAssociationAnalysisRule": { + "additionalProperties": false, + "properties": { + "Policy": { + "$ref": "#/definitions/ConfiguredTableAssociationAnalysisRulePolicy" + }, + "Type": { + "$ref": "#/definitions/ConfiguredTableAssociationAnalysisRuleType" + } + }, + "required": [ + "Type", + "Policy" + ], + "type": "object" + }, + "ConfiguredTableAssociationAnalysisRuleAggregation": { + "additionalProperties": false, + "properties": { + "AllowedAdditionalAnalyses": { + "$ref": "#/definitions/AllowedAdditionalAnalyses" + }, + "AllowedResultReceivers": { + "$ref": "#/definitions/AllowedResultReceivers" + } + }, + "type": "object" + }, + "ConfiguredTableAssociationAnalysisRuleCustom": { + "additionalProperties": false, + "properties": { + "AllowedAdditionalAnalyses": { + "$ref": "#/definitions/AllowedAdditionalAnalyses" + }, + "AllowedResultReceivers": { + "$ref": "#/definitions/AllowedResultReceivers" + } + }, + "type": "object" + }, + "ConfiguredTableAssociationAnalysisRuleList": { + "additionalProperties": false, + "properties": { + "AllowedAdditionalAnalyses": { + "$ref": "#/definitions/AllowedAdditionalAnalyses" + }, + "AllowedResultReceivers": { + "$ref": "#/definitions/AllowedResultReceivers" + } + }, + "type": "object" + }, + "ConfiguredTableAssociationAnalysisRulePolicy": { + "additionalProperties": false, + "properties": { + "V1": { + "$ref": "#/definitions/ConfiguredTableAssociationAnalysisRulePolicyV1" + } + }, + "required": [ + "V1" + ], + "title": "V1", + "type": "object" + }, + "ConfiguredTableAssociationAnalysisRulePolicyV1": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "List": { + "$ref": "#/definitions/ConfiguredTableAssociationAnalysisRuleList" + } + }, + "required": [ + "List" + ], + "title": "List", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Aggregation": { + "$ref": "#/definitions/ConfiguredTableAssociationAnalysisRuleAggregation" + } + }, + "required": [ + "Aggregation" + ], + "title": "Aggregation", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Custom": { + "$ref": "#/definitions/ConfiguredTableAssociationAnalysisRuleCustom" + } + }, + "required": [ + "Custom" + ], + "title": "Custom", + "type": "object" + } + ] + }, + "ConfiguredTableAssociationAnalysisRuleType": { + "enum": [ + "AGGREGATION", + "LIST", + "CUSTOM" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -36,7 +179,11 @@ "cleanrooms:ListTagsForResource", "cleanrooms:TagResource", "cleanrooms:GetConfiguredTableAssociation", - "cleanrooms:ListConfiguredTableAssociations" + "cleanrooms:ListConfiguredTableAssociations", + "cleanrooms:DeleteConfiguredTableAssociation", + "cleanrooms:DeleteConfiguredTableAssociationAnalysisRule", + "cleanrooms:CreateConfiguredTableAssociationAnalysisRule", + "cleanrooms:GetConfiguredTableAssociationAnalysisRule" ] }, "delete": { @@ -45,7 +192,9 @@ "cleanrooms:GetConfiguredTableAssociation", "cleanrooms:ListConfiguredTableAssociations", "cleanrooms:ListTagsForResource", - "cleanrooms:UntagResource" + "cleanrooms:UntagResource", + "cleanrooms:DeleteConfiguredTableAssociationAnalysisRule", + "cleanrooms:GetConfiguredTableAssociationAnalysisRule" ] }, "list": { @@ -66,7 +215,8 @@ "read": { "permissions": [ "cleanrooms:GetConfiguredTableAssociation", - "cleanrooms:ListTagsForResource" + "cleanrooms:ListTagsForResource", + "cleanrooms:GetConfiguredTableAssociationAnalysisRule" ] }, "update": { @@ -76,7 +226,11 @@ "iam:PassRole", "cleanrooms:ListTagsForResource", "cleanrooms:TagResource", - "cleanrooms:UntagResource" + "cleanrooms:UntagResource", + "cleanrooms:DeleteConfiguredTableAssociationAnalysisRule", + "cleanrooms:CreateConfiguredTableAssociationAnalysisRule", + "cleanrooms:GetConfiguredTableAssociationAnalysisRule", + "cleanrooms:UpdateConfiguredTableAssociationAnalysisRule" ] } }, @@ -86,9 +240,18 @@ ], "properties": { "Arn": { - "maxLength": 100, + "maxLength": 256, "type": "string" }, + "ConfiguredTableAssociationAnalysisRules": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ConfiguredTableAssociationAnalysisRule" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + }, "ConfiguredTableAssociationIdentifier": { "maxLength": 36, "minLength": 36, @@ -135,6 +298,7 @@ "/properties/ConfiguredTableAssociationIdentifier", "/properties/Arn" ], + "replacementStrategy": "delete_then_create", "required": [ "ConfiguredTableIdentifier", "Name", @@ -144,6 +308,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cleanrooms", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cleanrooms-idmappingtable.json b/src/schema/aws-cleanrooms-idmappingtable.json new file mode 100644 index 00000000..23c57e09 --- /dev/null +++ b/src/schema/aws-cleanrooms-idmappingtable.json @@ -0,0 +1,241 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/MembershipIdentifier", + "/properties/Name", + "/properties/InputReferenceConfig" + ], + "definitions": { + "IdMappingTableInputReferenceConfig": { + "additionalProperties": false, + "properties": { + "InputReferenceArn": { + "maxLength": 2048, + "minLength": 20, + "type": "string" + }, + "ManageResourcePolicies": { + "type": "boolean" + } + }, + "required": [ + "InputReferenceArn", + "ManageResourcePolicies" + ], + "type": "object" + }, + "IdMappingTableInputReferenceProperties": { + "additionalProperties": false, + "properties": { + "IdMappingTableInputSource": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/IdMappingTableInputSource" + }, + "maxItems": 2, + "minItems": 2, + "type": "array" + } + }, + "required": [ + "IdMappingTableInputSource" + ], + "type": "object" + }, + "IdMappingTableInputSource": { + "additionalProperties": false, + "properties": { + "IdNamespaceAssociationId": { + "type": "string" + }, + "Type": { + "enum": [ + "SOURCE", + "TARGET" + ], + "type": "string" + } + }, + "required": [ + "IdNamespaceAssociationId", + "Type" + ], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "UUID": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", + "type": "string" + } + }, + "description": "Represents an association between an ID mapping workflow and a collaboration", + "handlers": { + "create": { + "permissions": [ + "cleanrooms:CreateIdMappingTable", + "cleanrooms:GetIdMappingTable", + "cleanrooms:ListIdMappingTables", + "cleanrooms:ListTagsForResource", + "cleanrooms:TagResource", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration", + "entityresolution:GetIdMappingWorkflow", + "entityresolution:AddPolicyStatement" + ] + }, + "delete": { + "permissions": [ + "cleanrooms:DeleteIdMappingTable", + "cleanrooms:GetIdMappingTable", + "cleanrooms:ListIdMappingTables", + "cleanrooms:GetMembership", + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "entityresolution:GetIdMappingWorkflow", + "entityresolution:AddPolicyStatement", + "entityresolution:DeletePolicyStatement" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "MembershipIdentifier": { + "$ref": "resource-schema.json#/properties/MembershipIdentifier" + } + }, + "required": [ + "MembershipIdentifier" + ] + }, + "permissions": [ + "cleanrooms:ListIdMappingTables", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration" + ] + }, + "read": { + "permissions": [ + "cleanrooms:GetIdMappingTable", + "cleanrooms:ListTagsForResource", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration" + ] + }, + "update": { + "permissions": [ + "cleanrooms:UpdateIdMappingTable", + "cleanrooms:GetIdMappingTable", + "cleanrooms:GetMembership", + "cleanrooms:ListTagsForResource", + "cleanrooms:TagResource", + "cleanrooms:UntagResource", + "entityresolution:GetIdMappingWorkflow", + "entityresolution:AddPolicyStatement" + ] + } + }, + "primaryIdentifier": [ + "/properties/IdMappingTableIdentifier", + "/properties/MembershipIdentifier" + ], + "properties": { + "Arn": { + "maxLength": 200, + "type": "string" + }, + "CollaborationArn": { + "maxLength": 100, + "type": "string" + }, + "CollaborationIdentifier": { + "$ref": "#/definitions/UUID" + }, + "Description": { + "maxLength": 255, + "pattern": "^[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDBFF-\\uDC00\\uDFFF\\t\\r\\n]*$", + "type": "string" + }, + "IdMappingTableIdentifier": { + "$ref": "#/definitions/UUID" + }, + "InputReferenceConfig": { + "$ref": "#/definitions/IdMappingTableInputReferenceConfig" + }, + "InputReferenceProperties": { + "$ref": "#/definitions/IdMappingTableInputReferenceProperties" + }, + "KmsKeyArn": { + "maxLength": 2048, + "minLength": 4, + "type": "string" + }, + "MembershipArn": { + "maxLength": 100, + "type": "string" + }, + "MembershipIdentifier": { + "$ref": "#/definitions/UUID" + }, + "Name": { + "maxLength": 128, + "pattern": "^[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?$", + "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/IdMappingTableIdentifier", + "/properties/Arn", + "/properties/MembershipArn", + "/properties/CollaborationIdentifier", + "/properties/CollaborationArn", + "/properties/InputReferenceProperties" + ], + "required": [ + "MembershipIdentifier", + "Name", + "InputReferenceConfig" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cleanrooms", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CleanRooms::IdMappingTable" +} diff --git a/src/schema/aws-cleanrooms-idnamespaceassociation.json b/src/schema/aws-cleanrooms-idnamespaceassociation.json new file mode 100644 index 00000000..4978a11b --- /dev/null +++ b/src/schema/aws-cleanrooms-idnamespaceassociation.json @@ -0,0 +1,238 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/MembershipIdentifier", + "/properties/InputReferenceConfig" + ], + "definitions": { + "Document": { + "type": "object" + }, + "IdMappingConfig": { + "additionalProperties": false, + "properties": { + "AllowUseAsDimensionColumn": { + "type": "boolean" + } + }, + "required": [ + "AllowUseAsDimensionColumn" + ], + "type": "object" + }, + "IdNamespaceAssociationInputReferenceConfig": { + "additionalProperties": false, + "properties": { + "InputReferenceArn": { + "maxLength": 256, + "type": "string" + }, + "ManageResourcePolicies": { + "type": "boolean" + } + }, + "required": [ + "InputReferenceArn", + "ManageResourcePolicies" + ], + "type": "object" + }, + "IdNamespaceAssociationInputReferenceProperties": { + "additionalProperties": false, + "properties": { + "IdMappingWorkflowsSupported": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Document" + }, + "type": "array" + }, + "IdNamespaceType": { + "enum": [ + "SOURCE", + "TARGET" + ], + "type": "string" + } + }, + "required": [], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "UUID": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", + "type": "string" + } + }, + "description": "Represents an association between an ID namespace and a collaboration", + "handlers": { + "create": { + "permissions": [ + "cleanrooms:CreateIdNamespaceAssociation", + "cleanrooms:GetIdNamespaceAssociation", + "cleanrooms:ListIdNamespaceAssociations", + "cleanrooms:ListTagsForResource", + "cleanrooms:TagResource", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration", + "entityresolution:GetIdNamespace", + "entityresolution:AddPolicyStatement" + ] + }, + "delete": { + "permissions": [ + "cleanrooms:DeleteIdNamespaceAssociation", + "cleanrooms:GetIdNamespaceAssociation", + "cleanrooms:ListIdNamespaceAssociations", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration", + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "entityresolution:GetIdNamespace", + "entityresolution:DeletePolicyStatement" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "MembershipIdentifier": { + "$ref": "resource-schema.json#/properties/MembershipIdentifier" + } + }, + "required": [ + "MembershipIdentifier" + ] + }, + "permissions": [ + "cleanrooms:ListIdNamespaceAssociations", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration" + ] + }, + "read": { + "permissions": [ + "cleanrooms:GetIdNamespaceAssociation", + "cleanrooms:ListTagsForResource", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration", + "entityresolution:GetIdNamespace" + ] + }, + "update": { + "permissions": [ + "cleanrooms:UpdateIdNamespaceAssociation", + "cleanrooms:GetIdNamespaceAssociation", + "cleanrooms:GetMembership", + "cleanrooms:GetCollaboration", + "cleanrooms:ListTagsForResource", + "cleanrooms:TagResource", + "cleanrooms:UntagResource", + "entityresolution:GetIdNamespace", + "entityresolution:AddPolicyStatement" + ] + } + }, + "primaryIdentifier": [ + "/properties/IdNamespaceAssociationIdentifier", + "/properties/MembershipIdentifier" + ], + "properties": { + "Arn": { + "maxLength": 256, + "type": "string" + }, + "CollaborationArn": { + "maxLength": 100, + "type": "string" + }, + "CollaborationIdentifier": { + "$ref": "#/definitions/UUID" + }, + "Description": { + "maxLength": 255, + "pattern": "^[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDBFF-\\uDC00\\uDFFF\\t\\r\\n]*$", + "type": "string" + }, + "IdMappingConfig": { + "$ref": "#/definitions/IdMappingConfig" + }, + "IdNamespaceAssociationIdentifier": { + "$ref": "#/definitions/UUID" + }, + "InputReferenceConfig": { + "$ref": "#/definitions/IdNamespaceAssociationInputReferenceConfig" + }, + "InputReferenceProperties": { + "$ref": "#/definitions/IdNamespaceAssociationInputReferenceProperties" + }, + "MembershipArn": { + "maxLength": 100, + "type": "string" + }, + "MembershipIdentifier": { + "$ref": "#/definitions/UUID" + }, + "Name": { + "maxLength": 100, + "minLength": 1, + "pattern": "^(?!\\s*$)[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDBFF-\\uDC00\\uDFFF\\t]*$", + "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/IdNamespaceAssociationIdentifier", + "/properties/Arn", + "/properties/MembershipArn", + "/properties/CollaborationIdentifier", + "/properties/CollaborationArn", + "/properties/InputReferenceProperties" + ], + "required": [ + "MembershipIdentifier", + "InputReferenceConfig", + "Name" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cleanrooms", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CleanRooms::IdNamespaceAssociation" +} diff --git a/src/schema/aws-cleanrooms-membership.json b/src/schema/aws-cleanrooms-membership.json index 3ab13dc4..a03a855f 100644 --- a/src/schema/aws-cleanrooms-membership.json +++ b/src/schema/aws-cleanrooms-membership.json @@ -4,9 +4,70 @@ "/properties/CollaborationIdentifier" ], "definitions": { + "MembershipJobComputePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, + "MembershipJobLogStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "MembershipMLPaymentConfig": { + "additionalProperties": false, + "properties": { + "ModelInference": { + "$ref": "#/definitions/MembershipModelInferencePaymentConfig" + }, + "ModelTraining": { + "$ref": "#/definitions/MembershipModelTrainingPaymentConfig" + } + }, + "type": "object" + }, + "MembershipModelInferencePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, + "MembershipModelTrainingPaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, "MembershipPaymentConfiguration": { "additionalProperties": false, "properties": { + "JobCompute": { + "$ref": "#/definitions/MembershipJobComputePaymentConfig" + }, + "MachineLearning": { + "$ref": "#/definitions/MembershipMLPaymentConfig" + }, "QueryCompute": { "$ref": "#/definitions/MembershipQueryComputePaymentConfig" } @@ -16,6 +77,36 @@ ], "type": "object" }, + "MembershipProtectedJobOutputConfiguration": { + "additionalProperties": false, + "properties": { + "S3": { + "$ref": "#/definitions/ProtectedJobS3OutputConfigurationInput" + } + }, + "required": [ + "S3" + ], + "type": "object" + }, + "MembershipProtectedJobResultConfiguration": { + "additionalProperties": false, + "properties": { + "OutputConfiguration": { + "$ref": "#/definitions/MembershipProtectedJobOutputConfiguration" + }, + "RoleArn": { + "maxLength": 512, + "minLength": 32, + "type": "string" + } + }, + "required": [ + "OutputConfiguration", + "RoleArn" + ], + "type": "object" + }, "MembershipProtectedQueryOutputConfiguration": { "additionalProperties": false, "properties": { @@ -72,6 +163,23 @@ ], "type": "string" }, + "ProtectedJobS3OutputConfigurationInput": { + "additionalProperties": false, + "properties": { + "Bucket": { + "maxLength": 63, + "minLength": 3, + "type": "string" + }, + "KeyPrefix": { + "type": "string" + } + }, + "required": [ + "Bucket" + ], + "type": "object" + }, "ProtectedQueryS3OutputConfiguration": { "additionalProperties": false, "properties": { @@ -85,6 +193,9 @@ }, "ResultFormat": { "$ref": "#/definitions/ResultFormat" + }, + "SingleFileOutput": { + "type": "boolean" } }, "required": [ @@ -213,9 +324,15 @@ "pattern": "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", "type": "string" }, + "DefaultJobResultConfiguration": { + "$ref": "#/definitions/MembershipProtectedJobResultConfiguration" + }, "DefaultResultConfiguration": { "$ref": "#/definitions/MembershipProtectedQueryResultConfiguration" }, + "JobLogStatus": { + "$ref": "#/definitions/MembershipJobLogStatus" + }, "MembershipIdentifier": { "maxLength": 36, "minLength": 36, @@ -250,6 +367,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cleanrooms-privacybudgettemplate.json b/src/schema/aws-cleanrooms-privacybudgettemplate.json index 68fd4b32..5d92dfea 100644 --- a/src/schema/aws-cleanrooms-privacybudgettemplate.json +++ b/src/schema/aws-cleanrooms-privacybudgettemplate.json @@ -172,6 +172,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cleanrooms", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cloudformation-customresource.json b/src/schema/aws-cloudformation-customresource.json index ac0fb701..89d37014 100644 --- a/src/schema/aws-cloudformation-customresource.json +++ b/src/schema/aws-cloudformation-customresource.json @@ -11,6 +11,9 @@ "Id": { "type": "string" }, + "ServiceTimeout": { + "type": "integer" + }, "ServiceToken": { "type": "string" } diff --git a/src/schema/aws-cloudformation-guardhook.json b/src/schema/aws-cloudformation-guardhook.json new file mode 100644 index 00000000..9f350865 --- /dev/null +++ b/src/schema/aws-cloudformation-guardhook.json @@ -0,0 +1,372 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ExecutionRole", + "/properties/Alias" + ], + "definitions": { + "Action": { + "description": "Target actions are the type of operation hooks will be executed at.", + "enum": [ + "CREATE", + "UPDATE", + "DELETE" + ], + "type": "string" + }, + "HookTarget": { + "additionalProperties": false, + "description": "Hook targets are the destination where hooks will be invoked against.", + "properties": { + "Action": { + "$ref": "#/definitions/Action" + }, + "InvocationPoint": { + "$ref": "#/definitions/InvocationPoint" + }, + "TargetName": { + "$ref": "#/definitions/TargetName" + } + }, + "required": [ + "TargetName", + "Action", + "InvocationPoint" + ], + "type": "object" + }, + "InvocationPoint": { + "description": "Invocation points are the point in provisioning workflow where hooks will be executed.", + "enum": [ + "PRE_PROVISION" + ], + "type": "string" + }, + "Role": { + "description": "IAM Role ARN", + "maxLength": 256, + "pattern": "arn:.+:iam::[0-9]{12}:role/.+", + "type": "string" + }, + "S3Location": { + "additionalProperties": false, + "description": "S3 Source Location for the Guard files.", + "properties": { + "Uri": { + "description": "S3 uri of Guard files.", + "type": "string" + }, + "VersionId": { + "description": "S3 object version", + "type": "string" + } + }, + "required": [ + "Uri" + ], + "type": "object" + }, + "StackName": { + "description": "CloudFormation Stack name", + "maxLength": 128, + "pattern": "^[a-zA-Z*?][-a-zA-Z0-9*?]*$", + "type": "string" + }, + "StackRole": { + "anyOf": [ + { + "pattern": "arn:.+:iam::[0-9]{12}:role/.+" + }, + { + "pattern": "^(arn:.+:iam::((?!\\*|\\?)[0-9]{12}|(?=.*\\*)[0-9*?]{1,12}|[0-9?]{12}):role/.+|\\*)$" + } + ], + "description": "IAM Stack Role ARN filter", + "maxLength": 256, + "type": "string" + }, + "TargetName": { + "description": "Type name of hook target. Hook targets are the destination where hooks will be invoked against.", + "maxLength": 256, + "minLength": 1, + "pattern": "^(?!.*\\*\\?).*$", + "type": "string" + }, + "TargetOperation": { + "description": "Which operations should this Hook run against? Resource changes, stacks or change sets.", + "enum": [ + "RESOURCE", + "STACK", + "CHANGE_SET", + "CLOUD_CONTROL" + ], + "type": "string" + } + }, + "description": "This is a CloudFormation resource for activating the first-party AWS::Hooks::GuardHook.", + "handlers": { + "create": { + "permissions": [ + "cloudformation:ActivateType", + "cloudformation:DescribeType", + "cloudformation:ListTypes", + "cloudformation:SetTypeConfiguration", + "cloudformation:BatchDescribeTypeConfigurations", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "cloudformation:BatchDescribeTypeConfigurations", + "cloudformation:DescribeType", + "cloudformation:DeactivateType", + "cloudformation:SetTypeConfiguration" + ] + }, + "list": { + "permissions": [ + "cloudformation:ListTypes", + "cloudformation:DescribeType", + "cloudformation:BatchDescribeTypeConfigurations" + ] + }, + "read": { + "permissions": [ + "cloudformation:DescribeType", + "cloudformation:BatchDescribeTypeConfigurations" + ] + }, + "update": { + "permissions": [ + "cloudformation:BatchDescribeTypeConfigurations", + "cloudformation:DescribeType", + "cloudformation:SetTypeConfiguration", + "iam:PassRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/HookArn" + ], + "properties": { + "Alias": { + "description": "The typename alias for the hook.", + "pattern": "^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$", + "type": "string" + }, + "ExecutionRole": { + "$ref": "#/definitions/Role", + "description": "The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3." + }, + "FailureMode": { + "default": "WARN", + "description": "Attribute to specify CloudFormation behavior on hook failure.", + "enum": [ + "FAIL", + "WARN" + ], + "type": "string" + }, + "HookArn": { + "description": "The Amazon Resource Name (ARN) of the activated hook", + "pattern": "^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$", + "type": "string" + }, + "HookStatus": { + "default": "DISABLED", + "description": "Attribute to specify which stacks this hook applies to or should get invoked for", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "LogBucket": { + "description": "S3 Bucket where the guard validate report will be uploaded to", + "type": "string" + }, + "Options": { + "additionalProperties": false, + "properties": { + "InputParams": { + "$ref": "#/definitions/S3Location" + } + }, + "required": [] + }, + "RuleLocation": { + "$ref": "#/definitions/S3Location" + }, + "StackFilters": { + "additionalProperties": false, + "description": "Filters to allow hooks to target specific stack attributes", + "properties": { + "FilteringCriteria": { + "default": "ALL", + "description": "Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match", + "enum": [ + "ALL", + "ANY" + ], + "type": "string" + }, + "StackNames": { + "additionalProperties": false, + "description": "List of stack names as filters", + "minProperties": 1, + "properties": { + "Exclude": { + "description": "List of stack names that the hook is going to be excluded from", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackName" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "Include": { + "description": "List of stack names that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackName" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "StackRoles": { + "additionalProperties": false, + "description": "List of stack roles that are performing the stack operations.", + "minProperties": 1, + "properties": { + "Exclude": { + "description": "List of stack roles that the hook is going to be excluded from", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackRole" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "Include": { + "description": "List of stack roles that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackRole" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + "required": [ + "FilteringCriteria" + ], + "type": "object" + }, + "TargetFilters": { + "description": "Attribute to specify which targets should invoke the hook", + "oneOf": [ + { + "additionalProperties": false, + "minProperties": 1, + "properties": { + "Actions": { + "description": "List of actions that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Action" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "InvocationPoints": { + "description": "List of invocation points that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/InvocationPoint" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "TargetNames": { + "description": "List of type names that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/TargetName" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Targets": { + "description": "List of hook targets", + "items": { + "$ref": "#/definitions/HookTarget" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "Targets" + ], + "type": "object" + } + ], + "type": "object" + }, + "TargetOperations": { + "description": "Which operations should this Hook run against? Resource changes, stacks or change sets.", + "items": { + "$ref": "#/definitions/TargetOperation" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/HookArn" + ], + "required": [ + "RuleLocation", + "HookStatus", + "TargetOperations", + "FailureMode", + "Alias", + "ExecutionRole" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::CloudFormation::GuardHook" +} diff --git a/src/schema/aws-cloudformation-lambdahook.json b/src/schema/aws-cloudformation-lambdahook.json new file mode 100644 index 00000000..cde28dd0 --- /dev/null +++ b/src/schema/aws-cloudformation-lambdahook.json @@ -0,0 +1,343 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Alias" + ], + "definitions": { + "Action": { + "description": "Target actions are the type of operation hooks will be executed at.", + "enum": [ + "CREATE", + "UPDATE", + "DELETE" + ], + "type": "string" + }, + "HookTarget": { + "additionalProperties": false, + "description": "Hook targets are the destination where hooks will be invoked against.", + "properties": { + "Action": { + "$ref": "#/definitions/Action" + }, + "InvocationPoint": { + "$ref": "#/definitions/InvocationPoint" + }, + "TargetName": { + "$ref": "#/definitions/TargetName" + } + }, + "required": [ + "TargetName", + "Action", + "InvocationPoint" + ], + "type": "object" + }, + "InvocationPoint": { + "description": "Invocation points are the point in provisioning workflow where hooks will be executed.", + "enum": [ + "PRE_PROVISION" + ], + "type": "string" + }, + "Role": { + "description": "IAM Role ARN", + "maxLength": 256, + "pattern": "arn:.+:iam::[0-9]{12}:role/.+", + "type": "string" + }, + "StackName": { + "description": "CloudFormation Stack name", + "maxLength": 128, + "pattern": "^[a-zA-Z*?][-a-zA-Z0-9*?]*$", + "type": "string" + }, + "StackRole": { + "anyOf": [ + { + "pattern": "arn:.+:iam::[0-9]{12}:role/.+" + }, + { + "pattern": "^(arn:.+:iam::((?!\\*|\\?)[0-9]{12}|(?=.*\\*)[0-9*?]{1,12}|[0-9?]{12}):role/.+|\\*)$" + } + ], + "description": "IAM Stack Role ARN filter", + "maxLength": 256, + "type": "string" + }, + "TargetName": { + "description": "Type name of hook target. Hook targets are the destination where hooks will be invoked against.", + "maxLength": 256, + "minLength": 1, + "pattern": "^(?!.*\\*\\?).*$", + "type": "string" + }, + "TargetOperation": { + "description": "Which operations should this Hook run against? Resource changes, stacks or change sets.", + "enum": [ + "RESOURCE", + "STACK", + "CHANGE_SET", + "CLOUD_CONTROL" + ], + "type": "string" + } + }, + "description": "This is a CloudFormation resource for the first-party AWS::Hooks::LambdaHook.", + "handlers": { + "create": { + "permissions": [ + "cloudformation:ListTypes", + "cloudformation:ActivateType", + "cloudformation:BatchDescribeTypeConfigurations", + "cloudformation:DescribeType", + "cloudformation:SetTypeConfiguration", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "cloudformation:BatchDescribeTypeConfigurations", + "cloudformation:DeactivateType", + "cloudformation:DescribeType", + "cloudformation:SetTypeConfiguration" + ] + }, + "list": { + "permissions": [ + "cloudformation:ListTypes", + "cloudformation:BatchDescribeTypeConfigurations", + "cloudformation:DescribeType" + ] + }, + "read": { + "permissions": [ + "cloudformation:BatchDescribeTypeConfigurations", + "cloudformation:DescribeType" + ] + }, + "update": { + "permissions": [ + "cloudformation:BatchDescribeTypeConfigurations", + "cloudformation:DescribeType", + "cloudformation:SetTypeConfiguration", + "iam:PassRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/HookArn" + ], + "properties": { + "Alias": { + "description": "The typename alias for the hook.", + "pattern": "^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$", + "type": "string" + }, + "ExecutionRole": { + "$ref": "#/definitions/Role", + "description": "The execution role ARN assumed by Hooks to invoke Lambda." + }, + "FailureMode": { + "description": "Attribute to specify CloudFormation behavior on hook failure.", + "enum": [ + "FAIL", + "WARN" + ], + "type": "string" + }, + "HookArn": { + "description": "The Amazon Resource Name (ARN) of the activated hook", + "pattern": "^arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/.+$", + "type": "string" + }, + "HookStatus": { + "default": "ENABLED", + "description": "Attribute to specify which stacks this hook applies to or should get invoked for", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "LambdaFunction": { + "description": "Amazon Resource Name (ARN), Partial ARN, name, version, or alias of the Lambda function to invoke with this hook.", + "maxLength": 170, + "minLength": 1, + "pattern": "(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?", + "type": "string" + }, + "StackFilters": { + "additionalProperties": false, + "description": "Filters to allow hooks to target specific stack attributes", + "properties": { + "FilteringCriteria": { + "default": "ALL", + "description": "Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match", + "enum": [ + "ALL", + "ANY" + ], + "type": "string" + }, + "StackNames": { + "additionalProperties": false, + "description": "List of stack names as filters", + "minProperties": 1, + "properties": { + "Exclude": { + "description": "List of stack names that the hook is going to be excluded from", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackName" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "Include": { + "description": "List of stack names that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackName" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "StackRoles": { + "additionalProperties": false, + "description": "List of stack roles that are performing the stack operations.", + "minProperties": 1, + "properties": { + "Exclude": { + "description": "List of stack roles that the hook is going to be excluded from", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackRole" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "Include": { + "description": "List of stack roles that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StackRole" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + "required": [ + "FilteringCriteria" + ], + "type": "object" + }, + "TargetFilters": { + "description": "Attribute to specify which targets should invoke the hook", + "oneOf": [ + { + "additionalProperties": false, + "minProperties": 1, + "properties": { + "Actions": { + "description": "List of actions that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Action" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "InvocationPoints": { + "description": "List of invocation points that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/InvocationPoint" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "TargetNames": { + "description": "List of type names that the hook is going to target", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/TargetName" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Targets": { + "description": "List of hook targets", + "items": { + "$ref": "#/definitions/HookTarget" + }, + "maxItems": 50, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "Targets" + ], + "type": "object" + } + ], + "type": "object" + }, + "TargetOperations": { + "description": "Which operations should this Hook run against? Resource changes, stacks or change sets.", + "items": { + "$ref": "#/definitions/TargetOperation" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/HookArn" + ], + "required": [ + "LambdaFunction", + "FailureMode", + "Alias", + "ExecutionRole", + "TargetOperations", + "HookStatus" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::CloudFormation::LambdaHook" +} diff --git a/src/schema/aws-cloudformation-publictypeversion.json b/src/schema/aws-cloudformation-publictypeversion.json index cf685640..f4180162 100644 --- a/src/schema/aws-cloudformation-publictypeversion.json +++ b/src/schema/aws-cloudformation-publictypeversion.json @@ -17,7 +17,8 @@ "cloudformation:DescribePublisher", "s3:GetObject", "s3:PutObject" - ] + ], + "timeoutInMinutes": 2160 }, "delete": { "permissions": [] @@ -73,10 +74,10 @@ "type": "string" }, "PublisherId": { - "description": "The publisher id assigned by CloudFormation for publishing in this region.", + "description": "The reserved publisher id for this type, or the publisher id assigned by CloudFormation for publishing in this region.", "maxLength": 40, "minLength": 1, - "pattern": "[0-9a-zA-Z]{40}", + "pattern": "[0-9a-zA-Z-]{1,40}", "type": "string" }, "Type": { diff --git a/src/schema/aws-cloudformation-publisher.json b/src/schema/aws-cloudformation-publisher.json index 153c7485..6ab7722e 100644 --- a/src/schema/aws-cloudformation-publisher.json +++ b/src/schema/aws-cloudformation-publisher.json @@ -51,10 +51,10 @@ "type": "string" }, "PublisherId": { - "description": "The publisher id assigned by CloudFormation for publishing in this region.", + "description": "The reserved publisher id for this type, or the publisher id assigned by CloudFormation for publishing in this region.", "maxLength": 40, "minLength": 1, - "pattern": "[0-9a-zA-Z]{40}", + "pattern": "[0-9a-zA-Z-]{1,40}", "type": "string" }, "PublisherProfile": { @@ -82,8 +82,5 @@ "AcceptTermsAndConditions" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudformation", - "typeName": "AWS::CloudFormation::Publisher", - "writeOnlyProperties": [ - "/properties/ConnectionArn" - ] + "typeName": "AWS::CloudFormation::Publisher" } diff --git a/src/schema/aws-cloudformation-stack.json b/src/schema/aws-cloudformation-stack.json index 7d18c37f..fdddf339 100644 --- a/src/schema/aws-cloudformation-stack.json +++ b/src/schema/aws-cloudformation-stack.json @@ -203,7 +203,10 @@ "uniqueItems": false }, "TemplateBody": { - "type": "object" + "type": [ + "object", + "string" + ] }, "TemplateURL": { "maxLength": 1024, diff --git a/src/schema/aws-cloudformation-stackset.json b/src/schema/aws-cloudformation-stackset.json index d135ab67..4f0bbf3f 100644 --- a/src/schema/aws-cloudformation-stackset.json +++ b/src/schema/aws-cloudformation-stackset.json @@ -420,6 +420,17 @@ "templateUri": "/cloudformation/home?region=${awsRegion}#/stacksets/${StackSetId}" }, "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudformation.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "cloudformation:TagResource", + "cloudformation:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::CloudFormation::StackSet", "writeOnlyProperties": [ "/properties/TemplateURL", diff --git a/src/schema/aws-cloudformation-typeactivation.json b/src/schema/aws-cloudformation-typeactivation.json index 094e6f4d..1c5b4c70 100644 --- a/src/schema/aws-cloudformation-typeactivation.json +++ b/src/schema/aws-cloudformation-typeactivation.json @@ -105,10 +105,10 @@ "type": "string" }, "PublisherId": { - "description": "The publisher id assigned by CloudFormation for publishing in this region.", + "description": "The reserved publisher id for this type, or the publisher id assigned by CloudFormation for publishing in this region.", "maxLength": 40, "minLength": 1, - "pattern": "[0-9a-zA-Z]{40}", + "pattern": "[0-9a-zA-Z-]{1,40}", "type": "string" }, "Type": { diff --git a/src/schema/aws-cloudfront-anycastiplist.json b/src/schema/aws-cloudfront-anycastiplist.json new file mode 100644 index 00000000..79e89598 --- /dev/null +++ b/src/schema/aws-cloudfront-anycastiplist.json @@ -0,0 +1,178 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/IpCount", + "/properties/Name", + "/properties/Tags" + ], + "definitions": { + "AnycastIpList": { + "additionalProperties": false, + "description": "An Anycast static IP list. For more information, see [Request Anycast static IPs to use for allowlisting](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/request-static-ips.html) in the *Amazon CloudFront Developer Guide*.", + "properties": { + "AnycastIps": { + "description": "The static IP addresses that are allocated to the Anycast static IP list.", + "items": { + "type": "string" + }, + "type": "array" + }, + "Arn": { + "description": "The Amazon Resource Name (ARN) of the Anycast static IP list.", + "type": "string" + }, + "Id": { + "description": "The ID of the Anycast static IP list.", + "type": "string" + }, + "IpCount": { + "description": "The number of IP addresses in the Anycast static IP list.", + "type": "integer" + }, + "LastModifiedTime": { + "description": "The last time the Anycast static IP list was modified.", + "format": "date-time", + "type": "string" + }, + "Name": { + "description": "The name of the Anycast static IP list.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-_]{1,64}$", + "type": "string" + }, + "Status": { + "description": "The status of the Anycast static IP list. Valid values: ``Deployed``, ``Deploying``, or ``Failed``.", + "type": "string" + } + }, + "required": [ + "AnycastIps", + "Arn", + "Id", + "IpCount", + "LastModifiedTime", + "Name", + "Status" + ], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A complex type that contains ``Tag`` key and ``Tag`` value.", + "properties": { + "Key": { + "description": "A string that contains ``Tag`` key.\n The string length should be between 1 and 128 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.", + "maxLength": 128, + "minLength": 1, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + }, + "Value": { + "description": "A string that contains an optional ``Tag`` value.\n The string length should be between 0 and 256 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.", + "maxLength": 256, + "minLength": 0, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + }, + "Tags": { + "additionalProperties": false, + "description": "A complex type that contains zero or more ``Tag`` elements.", + "properties": { + "Items": { + "description": "A complex type that contains ``Tag`` elements.", + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "description": "An Anycast static IP list. For more information, see [Request Anycast static IPs to use for allowlisting](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/request-static-ips.html) in the *Amazon CloudFront Developer Guide*.", + "handlers": { + "create": { + "permissions": [ + "cloudfront:CreateAnycastIpList", + "cloudfront:TagResource" + ] + }, + "delete": { + "permissions": [ + "cloudfront:DeleteAnycastIpList", + "cloudfront:GetAnycastIpList" + ] + }, + "list": { + "permissions": [ + "cloudfront:ListAnycastIpLists" + ] + }, + "read": { + "permissions": [ + "cloudfront:GetAnycastIpList", + "cloudfront:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "AnycastIpList": { + "$ref": "#/definitions/AnycastIpList", + "description": "" + }, + "ETag": { + "description": "", + "type": "string" + }, + "Id": { + "description": "", + "type": "string" + }, + "IpCount": { + "description": "The number of IP addresses in the Anycast static IP list.", + "type": "integer" + }, + "Name": { + "description": "The name of the Anycast static IP list.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-_]{1,64}$", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/Tags", + "description": "A complex type that contains zero or more ``Tag`` elements." + } + }, + "readOnlyProperties": [ + "/properties/AnycastIpList", + "/properties/ETag", + "/properties/Id" + ], + "required": [ + "IpCount", + "Name" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "cloudfront:TagResource", + "cloudfront:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::CloudFront::AnycastIpList" +} diff --git a/src/schema/aws-cloudfront-cachepolicy.json b/src/schema/aws-cloudfront-cachepolicy.json index d0ff128b..12e6df70 100644 --- a/src/schema/aws-cloudfront-cachepolicy.json +++ b/src/schema/aws-cloudfront-cachepolicy.json @@ -3,30 +3,37 @@ "definitions": { "CachePolicyConfig": { "additionalProperties": false, + "description": "A cache policy configuration.\n This configuration determines the following:\n + The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.\n + The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.\n \n The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use ``OriginRequestPolicy``.", "properties": { "Comment": { + "description": "A comment to describe the cache policy. The comment cannot be longer than 128 characters.", "type": "string" }, "DefaultTTL": { + "description": "The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. CloudFront uses this value as the object's time to live (TTL) only when the origin does *not* send ``Cache-Control`` or ``Expires`` headers with the object. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.\n The default value for this field is 86400 seconds (one day). If the value of ``MinTTL`` is more than 86400 seconds, then the default value for this field is the same as the value of ``MinTTL``.", "minimum": 0, "multipleOf": 1.0, "type": "number" }, "MaxTTL": { + "description": "The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. CloudFront uses this value only when the origin sends ``Cache-Control`` or ``Expires`` headers with the object. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.\n The default value for this field is 31536000 seconds (one year). If the value of ``MinTTL`` or ``DefaultTTL`` is more than 31536000 seconds, then the default value for this field is the same as the value of ``DefaultTTL``.", "minimum": 0, "multipleOf": 1.0, "type": "number" }, "MinTTL": { + "description": "The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.", "minimum": 0, "multipleOf": 1.0, "type": "number" }, "Name": { + "description": "A unique name to identify the cache policy.", "type": "string" }, "ParametersInCacheKeyAndForwardedToOrigin": { - "$ref": "#/definitions/ParametersInCacheKeyAndForwardedToOrigin" + "$ref": "#/definitions/ParametersInCacheKeyAndForwardedToOrigin", + "description": "The HTTP headers, cookies, and URL query strings to include in the cache key. The values included in the cache key are also included in requests that CloudFront sends to the origin." } }, "required": [ @@ -40,12 +47,15 @@ }, "CookiesConfig": { "additionalProperties": false, + "description": "An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin.", "properties": { "CookieBehavior": { + "description": "Determines whether any cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n + ``none`` \u2013 No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.\n + ``whitelist`` \u2013 Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in the cache key and in requests that CloudFront sends to the origin.\n + ``allExcept`` \u2013 All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* for those that are listed in the ``CookieNames`` type, which are not included.\n + ``all`` \u2013 All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.", "pattern": "^(none|whitelist|allExcept|all)$", "type": "string" }, "Cookies": { + "description": "Contains a list of cookie names.", "items": { "type": "string" }, @@ -60,12 +70,15 @@ }, "HeadersConfig": { "additionalProperties": false, + "description": "An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin.", "properties": { "HeaderBehavior": { + "description": "Determines whether any HTTP headers are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n + ``none`` \u2013 No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.\n + ``whitelist`` \u2013 Only the HTTP headers that are listed in the ``Headers`` type are included in the cache key and in requests that CloudFront sends to the origin.", "pattern": "^(none|whitelist)$", "type": "string" }, "Headers": { + "description": "Contains a list of HTTP header names.", "items": { "type": "string" }, @@ -80,21 +93,27 @@ }, "ParametersInCacheKeyAndForwardedToOrigin": { "additionalProperties": false, + "description": "This object determines the values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.\n The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find an object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use ``OriginRequestPolicy``.", "properties": { "CookiesConfig": { - "$ref": "#/definitions/CookiesConfig" + "$ref": "#/definitions/CookiesConfig", + "description": "An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin." }, "EnableAcceptEncodingBrotli": { + "description": "A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.\n This field is related to the ``EnableAcceptEncodingGzip`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:\n + Normalizes the value of the viewer's ``Accept-Encoding`` header\n + Includes the normalized header in the cache key\n + Includes the normalized header in the request to the origin, if a request is necessary\n \n For more information, see [Compression support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-policy-compressed-objects) in the *Amazon CloudFront Developer Guide*.\n If you set this value to ``true``, and this cache behavior also has an origin request policy attached, do not include the ``Accept-Encoding`` header in the origin request policy. CloudFront always includes the ``Accept-Encoding`` header in origin requests when the value of this field is ``true``, so including this header in an origin request policy has no effect.\n If both of these fields are ``false``, then CloudFront treats the ``Accept-Encoding`` header the same as any other HTTP header in the viewer request. By default, it's not included in the cache key and it's not included in origin requests. In this case, you can manually add ``Accept-Encoding`` to the headers whitelist like any other HTTP header.", "type": "boolean" }, "EnableAcceptEncodingGzip": { + "description": "A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.\n This field is related to the ``EnableAcceptEncodingBrotli`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:\n + Normalizes the value of the viewer's ``Accept-Encoding`` header\n + Includes the normalized header in the cache key\n + Includes the normalized header in the request to the origin, if a request is necessary\n \n For more information, see [Compression support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-policy-compressed-objects) in the *Amazon CloudFront Developer Guide*.\n If you set this value to ``true``, and this cache behavior also has an origin request policy attached, do not include the ``Accept-Encoding`` header in the origin request policy. CloudFront always includes the ``Accept-Encoding`` header in origin requests when the value of this field is ``true``, so including this header in an origin request policy has no effect.\n If both of these fields are ``false``, then CloudFront treats the ``Accept-Encoding`` header the same as any other HTTP header in the viewer request. By default, it's not included in the cache key and it's not included in origin requests. In this case, you can manually add ``Accept-Encoding`` to the headers whitelist like any other HTTP header.", "type": "boolean" }, "HeadersConfig": { - "$ref": "#/definitions/HeadersConfig" + "$ref": "#/definitions/HeadersConfig", + "description": "An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin." }, "QueryStringsConfig": { - "$ref": "#/definitions/QueryStringsConfig" + "$ref": "#/definitions/QueryStringsConfig", + "description": "An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin." } }, "required": [ @@ -107,12 +126,15 @@ }, "QueryStringsConfig": { "additionalProperties": false, + "description": "An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin.", "properties": { "QueryStringBehavior": { + "description": "Determines whether any URL query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n + ``none`` \u2013 No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.\n + ``whitelist`` \u2013 Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in the cache key and in requests that CloudFront sends to the origin.\n + ``allExcept`` \u2013 All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* those that are listed in the ``QueryStringNames`` type, which are not included.\n + ``all`` \u2013 All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.", "pattern": "^(none|whitelist|allExcept|all)$", "type": "string" }, "QueryStrings": { + "description": "Contains a list of query string names.", "items": { "type": "string" }, @@ -126,7 +148,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::CachePolicy", + "description": "A cache policy.\n When it's attached to a cache behavior, the cache policy determines the following:\n + The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.\n + The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.\n \n The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use ``OriginRequestPolicy``.", "handlers": { "create": { "permissions": [ @@ -161,12 +183,15 @@ ], "properties": { "CachePolicyConfig": { - "$ref": "#/definitions/CachePolicyConfig" + "$ref": "#/definitions/CachePolicyConfig", + "description": "The cache policy configuration." }, "Id": { + "description": "", "type": "string" }, "LastModifiedTime": { + "description": "", "type": "string" } }, diff --git a/src/schema/aws-cloudfront-cloudfrontoriginaccessidentity.json b/src/schema/aws-cloudfront-cloudfrontoriginaccessidentity.json index a7b30519..72c58ac9 100644 --- a/src/schema/aws-cloudfront-cloudfrontoriginaccessidentity.json +++ b/src/schema/aws-cloudfront-cloudfrontoriginaccessidentity.json @@ -3,8 +3,10 @@ "definitions": { "CloudFrontOriginAccessIdentityConfig": { "additionalProperties": false, + "description": "Origin access identity configuration. Send a ``GET`` request to the ``/CloudFront API version/CloudFront/identity ID/config`` resource.", "properties": { "Comment": { + "description": "A comment to describe the origin access identity. The comment cannot be longer than 128 characters.", "type": "string" } }, @@ -14,7 +16,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::CloudFrontOriginAccessIdentity", + "description": "The request to create a new origin access identity (OAI). An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. For more information, see [Restricting Access to Amazon S3 Content by Using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide*.", "handlers": { "create": { "permissions": [ @@ -49,12 +51,15 @@ ], "properties": { "CloudFrontOriginAccessIdentityConfig": { - "$ref": "#/definitions/CloudFrontOriginAccessIdentityConfig" + "$ref": "#/definitions/CloudFrontOriginAccessIdentityConfig", + "description": "The current configuration information for the identity." }, "Id": { + "description": "", "type": "string" }, "S3CanonicalUserId": { + "description": "", "type": "string" } }, diff --git a/src/schema/aws-cloudfront-connectiongroup.json b/src/schema/aws-cloudfront-connectiongroup.json new file mode 100644 index 00000000..cdccf8c7 --- /dev/null +++ b/src/schema/aws-cloudfront-connectiongroup.json @@ -0,0 +1,138 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::CloudFront::ConnectionGroup", + "handlers": { + "create": { + "permissions": [ + "cloudfront:CreateConnectionGroup", + "cloudfront:GetConnectionGroup", + "cloudfront:TagResource" + ] + }, + "delete": { + "permissions": [ + "cloudfront:DeleteConnectionGroup", + "cloudfront:GetConnectionGroup", + "cloudfront:UpdateConnectionGroup" + ] + }, + "list": { + "permissions": [ + "cloudfront:ListConnectionGroups", + "cloudfront:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "cloudfront:GetConnectionGroup", + "cloudfront:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "cloudfront:GetConnectionGroup", + "cloudfront:UpdateConnectionGroup", + "cloudfront:ListTagsForResource", + "cloudfront:TagResource", + "cloudfront:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "AnycastIpListId": { + "type": "string" + }, + "Arn": { + "type": "string" + }, + "CreatedTime": { + "format": "date-time", + "type": "string" + }, + "ETag": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Id": { + "type": "string" + }, + "Ipv6Enabled": { + "type": "boolean" + }, + "IsDefault": { + "type": "boolean" + }, + "LastModifiedTime": { + "format": "date-time", + "type": "string" + }, + "Name": { + "type": "string" + }, + "RoutingEndpoint": { + "type": "string" + }, + "Status": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Arn", + "/properties/CreatedTime", + "/properties/LastModifiedTime", + "/properties/RoutingEndpoint", + "/properties/Status", + "/properties/IsDefault", + "/properties/ETag" + ], + "required": [ + "Name" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "cloudfront:TagResource", + "cloudfront:ListTagsForResource", + "cloudfront:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CloudFront::ConnectionGroup" +} diff --git a/src/schema/aws-cloudfront-continuousdeploymentpolicy.json b/src/schema/aws-cloudfront-continuousdeploymentpolicy.json index 1b082aae..87911e8b 100644 --- a/src/schema/aws-cloudfront-continuousdeploymentpolicy.json +++ b/src/schema/aws-cloudfront-continuousdeploymentpolicy.json @@ -3,12 +3,15 @@ "definitions": { "ContinuousDeploymentPolicyConfig": { "additionalProperties": false, + "description": "Contains the configuration for a continuous deployment policy.", "properties": { "Enabled": { + "description": "A Boolean that indicates whether this continuous deployment policy is enabled (in effect). When this value is ``true``, this policy is enabled and in effect. When this value is ``false``, this policy is not enabled and has no effect.", "type": "boolean" }, "SingleHeaderPolicyConfig": { "additionalProperties": false, + "description": "This configuration determines which HTTP requests are sent to the staging distribution. If the HTTP request contains a header and value that matches what you specify here, the request is sent to the staging distribution. Otherwise the request is sent to the primary distribution.", "properties": { "Header": { "maxLength": 256, @@ -29,6 +32,7 @@ }, "SingleWeightPolicyConfig": { "additionalProperties": false, + "description": "This configuration determines the percentage of HTTP requests that are sent to the staging distribution.", "properties": { "SessionStickinessConfig": { "$ref": "#/definitions/SessionStickinessConfig" @@ -46,6 +50,7 @@ "type": "object" }, "StagingDistributionDnsNames": { + "description": "The CloudFront domain name of the staging distribution. For example: ``d111111abcdef8.cloudfront.net``.", "insertionOrder": true, "items": { "type": "string" @@ -55,9 +60,11 @@ "uniqueItems": true }, "TrafficConfig": { - "$ref": "#/definitions/TrafficConfig" + "$ref": "#/definitions/TrafficConfig", + "description": "Contains the parameters for routing production traffic from your primary to staging distributions." }, "Type": { + "description": "The type of traffic configuration.", "enum": [ "SingleWeight", "SingleHeader" @@ -73,14 +80,17 @@ }, "SessionStickinessConfig": { "additionalProperties": false, + "description": "Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values.", "properties": { "IdleTTL": { + "description": "The amount of time after which you want sessions to cease if no requests are received. Allowed values are 300\u20133600 seconds (5\u201360 minutes).", "maximum": 3600, "minimum": 300, "multipleOf": 1, "type": "integer" }, "MaximumTTL": { + "description": "The maximum amount of time to consider requests from the viewer as being part of the same session. Allowed values are 300\u20133600 seconds (5\u201360 minutes).", "maximum": 3600, "minimum": 300, "multipleOf": 1, @@ -95,13 +105,16 @@ }, "SingleHeaderConfig": { "additionalProperties": false, + "description": "Determines which HTTP requests are sent to the staging distribution.", "properties": { "Header": { + "description": "The request header name that you want CloudFront to send to your staging distribution. The header must contain the prefix ``aws-cf-cd-``.", "maxLength": 256, "minLength": 1, "type": "string" }, "Value": { + "description": "The request header value.", "maxLength": 1783, "minLength": 1, "type": "string" @@ -115,11 +128,14 @@ }, "SingleWeightConfig": { "additionalProperties": false, + "description": "This configuration determines the percentage of HTTP requests that are sent to the staging distribution.", "properties": { "SessionStickinessConfig": { - "$ref": "#/definitions/SessionStickinessConfig" + "$ref": "#/definitions/SessionStickinessConfig", + "description": "Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values." }, "Weight": { + "description": "The percentage of traffic to send to a staging distribution, expressed as a decimal number between 0 and 0.15. For example, a value of 0.10 means 10% of traffic is sent to the staging distribution.", "maximum": 1, "minimum": 0, "multipleOf": 0.01, @@ -133,14 +149,18 @@ }, "TrafficConfig": { "additionalProperties": false, + "description": "The traffic configuration of your continuous deployment.", "properties": { "SingleHeaderConfig": { - "$ref": "#/definitions/SingleHeaderConfig" + "$ref": "#/definitions/SingleHeaderConfig", + "description": "Determines which HTTP requests are sent to the staging distribution." }, "SingleWeightConfig": { - "$ref": "#/definitions/SingleWeightConfig" + "$ref": "#/definitions/SingleWeightConfig", + "description": "Contains the percentage of traffic to send to the staging distribution." }, "Type": { + "description": "The type of traffic configuration.", "enum": [ "SingleWeight", "SingleHeader" @@ -159,7 +179,7 @@ "/definitions/ContinuousDeploymentPolicyConfig/properties/SingleHeaderPolicyConfig", "/definitions/ContinuousDeploymentPolicyConfig/properties/SingleWeightPolicyConfig" ], - "description": "Resource Type definition for AWS::CloudFront::ContinuousDeploymentPolicy", + "description": "Creates a continuous deployment policy that routes a subset of production traffic from a primary distribution to a staging distribution.\n After you create and update a staging distribution, you can use a continuous deployment policy to incrementally move traffic to the staging distribution. This enables you to test changes to a distribution's configuration before moving all of your production traffic to the new configuration.\n For more information, see [Using CloudFront continuous deployment to safely test CDN configuration changes](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/continuous-deployment.html) in the *Amazon CloudFront Developer Guide*.", "handlers": { "create": { "permissions": [ @@ -194,12 +214,15 @@ ], "properties": { "ContinuousDeploymentPolicyConfig": { - "$ref": "#/definitions/ContinuousDeploymentPolicyConfig" + "$ref": "#/definitions/ContinuousDeploymentPolicyConfig", + "description": "Contains the configuration for a continuous deployment policy." }, "Id": { + "description": "", "type": "string" }, "LastModifiedTime": { + "description": "", "type": "string" } }, diff --git a/src/schema/aws-cloudfront-distribution.json b/src/schema/aws-cloudfront-distribution.json index 294ac155..fe2dc415 100644 --- a/src/schema/aws-cloudfront-distribution.json +++ b/src/schema/aws-cloudfront-distribution.json @@ -3,7 +3,7 @@ "definitions": { "CacheBehavior": { "additionalProperties": false, - "description": "A complex type that describes how CloudFront processes requests.\n You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used.\n For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see [Quotas](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) in the *Amazon CloudFront Developer Guide*.\n If you don't want to specify any cache behaviors, include only an empty ``CacheBehaviors`` element. Don't include an empty ``CacheBehavior`` element because this is invalid.\n To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty ``CacheBehaviors`` element.\n To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution.\n For more information about cache behaviors, see [Cache Behavior Settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior) in the *Amazon CloudFront Developer Guide*.", + "description": "A complex type that describes how CloudFront processes requests.\n You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used.\n For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see [Quotas](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) in the *Amazon CloudFront Developer Guide*.\n If you don't want to specify any cache behaviors, include only an empty ``CacheBehaviors`` element. Don't specify an empty individual ``CacheBehavior`` element, because this is invalid. For more information, see [CacheBehaviors](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CacheBehaviors.html). \n To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty ``CacheBehaviors`` element.\n To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution.\n For more information about cache behaviors, see [Cache Behavior Settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior) in the *Amazon CloudFront Developer Guide*.", "properties": { "AllowedMethods": { "default": [ @@ -60,6 +60,10 @@ "type": "array", "uniqueItems": false }, + "GrpcConfig": { + "$ref": "#/definitions/GrpcConfig", + "description": "The gRPC configuration for your cache behavior." + }, "LambdaFunctionAssociations": { "description": "A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.", "items": { @@ -131,6 +135,13 @@ ], "type": "object" }, + "ConnectionMode": { + "enum": [ + "direct", + "tenant-only" + ], + "type": "string" + }, "Cookies": { "additionalProperties": false, "description": "This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.\n If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*.\n If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*.\n A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see [How CloudFront Forwards, Caches, and Logs Cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html) in the *Amazon CloudFront Developer Guide*.", @@ -196,7 +207,7 @@ }, "OriginKeepaliveTimeout": { "default": 5, - "description": "Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.\n For more information, see [Origin Keep-alive Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*.", + "description": "Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.\n For more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*.", "type": "integer" }, "OriginProtocolPolicy": { @@ -205,7 +216,7 @@ }, "OriginReadTimeout": { "default": 30, - "description": "Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.\n For more information, see [Origin Response Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*.", + "description": "Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.\n For more information, see [Response timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*.", "type": "integer" }, "OriginSSLProtocols": { @@ -279,13 +290,17 @@ "description": "This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. For more information, see [Working with policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/working-with-policies.html) in the *Amazon CloudFront Developer Guide*.\n If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.\n If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront Developer Guide*.\n A ``DefaultCacheBehavior`` must include either a ``CachePolicyId`` or ``ForwardedValues``. We recommend that you use a ``CachePolicyId``.\n A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers." }, "FunctionAssociations": { - "description": "A list of CloudFront functions that are associated with this cache behavior. CloudFront functions must be published to the ``LIVE`` stage to associate them with a cache behavior.", + "description": "A list of CloudFront functions that are associated with this cache behavior. Your functions must be published to the ``LIVE`` stage to associate them with a cache behavior.", "items": { "$ref": "#/definitions/FunctionAssociation" }, "type": "array", "uniqueItems": false }, + "GrpcConfig": { + "$ref": "#/definitions/GrpcConfig", + "description": "The gRPC configuration for your cache behavior." + }, "LambdaFunctionAssociations": { "description": "A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.", "items": { @@ -367,8 +382,12 @@ "type": "array", "uniqueItems": false }, + "AnycastIpListId": { + "description": "ID of the Anycast static IP list that is associated with the distribution.", + "type": "string" + }, "CNAMEs": { - "description": "", + "description": "An alias for the CF distribution's domain name.\n This property is legacy. We recommend that you use [Aliases](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-aliases) instead.", "items": { "type": "string" }, @@ -388,6 +407,10 @@ "description": "A comment to describe the distribution. The comment cannot be longer than 128 characters.", "type": "string" }, + "ConnectionMode": { + "$ref": "#/definitions/ConnectionMode", + "description": "" + }, "ContinuousDeploymentPolicyId": { "description": "The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.", "type": "string" @@ -402,7 +425,7 @@ }, "CustomOrigin": { "$ref": "#/definitions/LegacyCustomOrigin", - "description": "" + "description": "The user-defined HTTP server that serves as the origin for content that CF distributes.\n This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead." }, "DefaultCacheBehavior": { "$ref": "#/definitions/DefaultCacheBehavior", @@ -410,7 +433,7 @@ }, "DefaultRootObject": { "default": "", - "description": "The object that you want CloudFront to request from your origin (for example, ``index.html``) when a viewer requests the root URL for your distribution (``https://www.example.com``) instead of an object in your distribution (``https://www.example.com/product-description.html``). Specifying a default root object avoids exposing the contents of your distribution.\n Specify only the object name, for example, ``index.html``. Don't add a ``/`` before the object name.\n If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element.\n To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element.\n To replace the default root object, update the distribution configuration and specify the new object.\n For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*.", + "description": "When a viewer requests the root URL for your distribution, the default root object is the object that you want CloudFront to request from your origin. For example, if your root URL is ``https://www.example.com``, you can specify CloudFront to return the ``index.html`` file as the default root object. You can specify a default root object so that viewers see a specific file or object, instead of another object in your distribution (for example, ``https://www.example.com/product-description.html``). A default root object avoids exposing the contents of your distribution.\n You can specify the object name or a path to the object name (for example, ``index.html`` or ``exampleFolderName/index.html``). Your string can't begin with a forward slash (``/``). Only specify the object name or the path to the object.\n If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element.\n To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element.\n To replace the default root object, update the distribution configuration and specify the new object.\n For more information about the default root object, see [Specify a default root object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*.", "type": "string" }, "Enabled": { @@ -419,7 +442,7 @@ }, "HttpVersion": { "default": "http1.1", - "description": "(Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``.\n For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI).\n For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html).", + "description": "(Optional) Specify the HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``.\n For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI).\n For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html).", "type": "string" }, "IPV6Enabled": { @@ -432,10 +455,10 @@ }, "OriginGroups": { "$ref": "#/definitions/OriginGroups", - "description": "A complex type that contains information about origin groups for this distribution." + "description": "A complex type that contains information about origin groups for this distribution.\n Specify a value for either the ``Origins`` or ``OriginGroups`` property." }, "Origins": { - "description": "A complex type that contains information about origins for this distribution.", + "description": "A complex type that contains information about origins for this distribution.\n Specify a value for either the ``Origins`` or ``OriginGroups`` property.", "insertionOrder": false, "items": { "$ref": "#/definitions/Origin" @@ -459,12 +482,25 @@ }, "S3Origin": { "$ref": "#/definitions/LegacyS3Origin", - "description": "" + "description": "The origin as an S3 bucket.\n This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead." }, "Staging": { "description": "A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.", "type": "boolean" }, + "TenantConfig": { + "additionalProperties": false, + "description": "", + "properties": { + "ParameterDefinitions": { + "items": { + "$ref": "#/definitions/ParameterDefinition" + }, + "type": "array" + } + }, + "type": "object" + }, "ViewerCertificate": { "$ref": "#/definitions/ViewerCertificate", "default": { @@ -474,7 +510,7 @@ }, "WebACLId": { "default": "", - "description": "A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``473e64fd-f30b-4765-81a0-62ad96dd167a``.\n WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).", + "description": "A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``.\n WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).", "type": "string" } }, @@ -558,6 +594,20 @@ ], "type": "object" }, + "GrpcConfig": { + "additionalProperties": false, + "description": "Amazon CloudFront supports gRPC, an open-source remote procedure call (RPC) framework built on HTTP/2. gRPC offers bi-directional streaming and binary protocol that buffers payloads, making it suitable for applications that require low latency communications.\n To enable your distribution to handle gRPC requests, you must include HTTP/2 as one of the supported ``HTTP`` versions and allow ``HTTP`` methods, including ``POST``.\n For more information, see [Using gRPC with CloudFront distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-using-grpc.html) in the *Amazon CloudFront Developer Guide*.", + "properties": { + "Enabled": { + "description": "Enables your CloudFront distribution to receive gRPC requests and to proxy them directly to your origins.", + "type": "boolean" + } + }, + "required": [ + "Enabled" + ], + "type": "object" + }, "LambdaFunctionAssociation": { "additionalProperties": false, "description": "A complex type that contains a Lambda@Edge function association.", @@ -579,28 +629,28 @@ }, "LegacyCustomOrigin": { "additionalProperties": false, - "description": "", + "description": "A custom origin. A custom origin is any origin that is *not* an S3 bucket, with one exception. An S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin.\n This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead.", "properties": { "DNSName": { - "description": "", + "description": "The domain name assigned to your CF distribution.", "type": "string" }, "HTTPPort": { "default": 80, - "description": "", + "description": "The HTTP port that CF uses to connect to the origin. Specify the HTTP port that the origin listens on.", "type": "integer" }, "HTTPSPort": { "default": 443, - "description": "", + "description": "The HTTPS port that CF uses to connect to the origin. Specify the HTTPS port that the origin listens on.", "type": "integer" }, "OriginProtocolPolicy": { - "description": "", + "description": "Specifies the protocol (HTTP or HTTPS) that CF uses to connect to the origin.", "type": "string" }, "OriginSSLProtocols": { - "description": "", + "description": "The minimum SSL/TLS protocol version that CF uses when communicating with your origin server over HTTPs.\n For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Developer Guide*.", "items": { "type": "string" }, @@ -617,15 +667,15 @@ }, "LegacyS3Origin": { "additionalProperties": false, - "description": "", + "description": "The origin as an S3 bucket. \n This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead.", "properties": { "DNSName": { - "description": "", + "description": "The domain name assigned to your CF distribution.", "type": "string" }, "OriginAccessIdentity": { "default": "", - "description": "", + "description": "The CF origin access identity to associate with the distribution. Use an origin access identity to configure the distribution so that end users can only access objects in an S3 through CF.\n This property is legacy. We recommend that you use [OriginAccessControl](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html) instead.", "type": "string" } }, @@ -636,10 +686,10 @@ }, "Logging": { "additionalProperties": false, - "description": "A complex type that controls whether access logs are written for the distribution.", + "description": "A complex type that specifies whether access logs are written for the distribution.\n If you already enabled standard logging (legacy) and you want to enable standard logging (v2) to send your access logs to Amazon S3, we recommend that you specify a *different* Amazon S3 bucket or use a *separate path* in the same bucket (for example, use a log prefix or partitioning). This helps you keep track of which log files are associated with which logging subscription and prevents log files from overwriting each other. For more information, see [Standard logging (access logs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*.", "properties": { "Bucket": { - "description": "The Amazon S3 bucket to store the access logs in, for example, ``myawslogbucket.s3.amazonaws.com``.", + "description": "The Amazon S3 bucket to store the access logs in, for example, ``amzn-s3-demo-bucket.s3.amazonaws.com``.", "type": "string" }, "IncludeCookies": { @@ -653,14 +703,11 @@ "type": "string" } }, - "required": [ - "Bucket" - ], "type": "object" }, "Origin": { "additionalProperties": false, - "description": "An origin.\n An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:\n + Use ``S3OriginConfig`` to specify an Amazon S3 bucket that is not configured with static website hosting.\n + Use ``CustomOriginConfig`` to specify all other kinds of origins, including:\n + An Amazon S3 bucket that is configured with static website hosting\n + An Elastic Load Balancing load balancer\n + An EMPlong endpoint\n + An EMSlong container\n + Any other HTTP server, running on an Amazon EC2 instance or any other kind of host\n \n \n For the current maximum number of origins that you can specify per distribution, see [General Quotas on Web Distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions) in the *Amazon CloudFront Developer Guide* (quotas were formerly referred to as limits).", + "description": "An origin.\n An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:\n + Use ``S3OriginConfig`` to specify an Amazon S3 bucket that is not configured with static website hosting.\n + Use ``VpcOriginConfig`` to specify a VPC origin.\n + Use ``CustomOriginConfig`` to specify all other kinds of origins, including:\n + An Amazon S3 bucket that is configured with static website hosting\n + An Elastic Load Balancing load balancer\n + An EMPlong endpoint\n + An EMSlong container\n + Any other HTTP server, running on an Amazon EC2 instance or any other kind of host\n \n \n For the current maximum number of origins that you can specify per distribution, see [General Quotas on Web Distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions) in the *Amazon CloudFront Developer Guide* (quotas were formerly referred to as limits).", "properties": { "ConnectionAttempts": { "description": "The number of times that CloudFront attempts to connect to the origin. The minimum number is 1, the maximum is 3, and the default (if you don't specify otherwise) is 3.\n For a custom origin (including an Amazon S3 bucket that's configured with static website hosting), this value also specifies the number of times that CloudFront attempts to get a response from the origin, in the case of an [Origin Response Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout).\n For more information, see [Origin Connection Attempts](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#origin-connection-attempts) in the *Amazon CloudFront Developer Guide*.", @@ -706,6 +753,10 @@ "S3OriginConfig": { "$ref": "#/definitions/S3OriginConfig", "description": "Use this type to specify an origin that is an Amazon S3 bucket that is not configured with static website hosting. To specify any other type of origin, including an Amazon S3 bucket that is configured with static website hosting, use the ``CustomOriginConfig`` type instead." + }, + "VpcOriginConfig": { + "$ref": "#/definitions/VpcOriginConfig", + "description": "The VPC origin configuration." } }, "required": [ @@ -735,7 +786,7 @@ }, "OriginGroup": { "additionalProperties": false, - "description": "An origin group includes two origins (a primary origin and a second origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the second origin under the failover conditions that you've chosen.", + "description": "An origin group includes two origins (a primary origin and a secondary origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the secondary origin under the failover conditions that you've chosen.\n Optionally, you can choose selection criteria for your origin group to specify how your origins are selected when your distribution routes viewer requests.", "properties": { "FailoverCriteria": { "$ref": "#/definitions/OriginGroupFailoverCriteria", @@ -748,6 +799,10 @@ "Members": { "$ref": "#/definitions/OriginGroupMembers", "description": "A complex type that contains information about the origins in an origin group." + }, + "SelectionCriteria": { + "$ref": "#/definitions/OriginGroupSelectionCriteria", + "description": "The selection criteria for the origin group. For more information, see [Create an origin group](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html#concept_origin_groups.creating) in the *Amazon CloudFront Developer Guide*." } }, "required": [ @@ -808,6 +863,13 @@ ], "type": "object" }, + "OriginGroupSelectionCriteria": { + "enum": [ + "default", + "media-quality-based" + ], + "type": "string" + }, "OriginGroups": { "additionalProperties": false, "description": "A complex data type for the origin groups specified for a distribution.", @@ -845,6 +907,44 @@ }, "type": "object" }, + "ParameterDefinition": { + "additionalProperties": false, + "description": "", + "properties": { + "Definition": { + "additionalProperties": false, + "properties": { + "StringSchema": { + "additionalProperties": false, + "properties": { + "Comment": { + "type": "string" + }, + "DefaultValue": { + "type": "string" + }, + "Required": { + "type": "boolean" + } + }, + "required": [ + "Required" + ], + "type": "object" + } + }, + "type": "object" + }, + "Name": { + "type": "string" + } + }, + "required": [ + "Name", + "Definition" + ], + "type": "object" + }, "Restrictions": { "additionalProperties": false, "description": "A complex type that identifies ways in which you want to restrict distribution of your content.", @@ -865,7 +965,7 @@ "properties": { "OriginAccessIdentity": { "default": "", - "description": "The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can *only* access objects in an Amazon S3 bucket through CloudFront. The format of the value is:\n origin-access-identity/cloudfront/*ID-of-origin-access-identity* \n where ``ID-of-origin-access-identity`` is the value that CloudFront returned in the ``ID`` element when you created the origin access identity.\n If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty ``OriginAccessIdentity`` element.\n To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty ``OriginAccessIdentity`` element.\n To replace the origin access identity, update the distribution configuration and specify the new origin access identity.\n For more information about the origin access identity, see [Serving Private Content through CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*.", + "description": "If you're using origin access control (OAC) instead of origin access identity, specify an empty ``OriginAccessIdentity`` element. For more information, see [Restricting access to an](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide*.\n The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can *only* access objects in an Amazon S3 bucket through CloudFront. The format of the value is:\n ``origin-access-identity/cloudfront/ID-of-origin-access-identity`` \n The ``ID-of-origin-access-identity`` is the value that CloudFront returned in the ``ID`` element when you created the origin access identity.\n If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty ``OriginAccessIdentity`` element.\n To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty ``OriginAccessIdentity`` element.\n To replace the origin access identity, update the distribution configuration and specify the new origin access identity.\n For more information about the origin access identity, see [Serving Private Content through CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*.", "type": "string" } }, @@ -939,6 +1039,30 @@ } }, "type": "object" + }, + "VpcOriginConfig": { + "additionalProperties": false, + "description": "An Amazon CloudFront VPC origin configuration.", + "properties": { + "OriginKeepaliveTimeout": { + "default": 5, + "description": "Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.\n For more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*.", + "type": "integer" + }, + "OriginReadTimeout": { + "default": 30, + "description": "Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.\n For more information, see [Response timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*.", + "type": "integer" + }, + "VpcOriginId": { + "description": "The VPC origin ID.", + "type": "string" + } + }, + "required": [ + "VpcOriginId" + ], + "type": "object" } }, "deprecatedProperties": [ @@ -949,8 +1073,10 @@ "handlers": { "create": { "permissions": [ + "cloudfront:CreateConnectionGroup", "cloudfront:CreateDistribution", "cloudfront:CreateDistributionWithTags", + "cloudfront:GetConnectionGroup", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:TagResource" @@ -965,6 +1091,7 @@ }, "list": { "permissions": [ + "cloudfront:ListTagsForResource", "cloudfront:ListDistributions" ] }, @@ -976,6 +1103,8 @@ }, "update": { "permissions": [ + "cloudfront:CreateConnectionGroup", + "cloudfront:GetConnectionGroup", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:UpdateDistribution", @@ -1020,9 +1149,15 @@ ], "tagging": { "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "permissions": [ + "cloudfront:TagResource", + "cloudfront:ListTagsForResource", + "cloudfront:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::CloudFront::Distribution" } diff --git a/src/schema/aws-cloudfront-distributiontenant.json b/src/schema/aws-cloudfront-distributiontenant.json new file mode 100644 index 00000000..697431fd --- /dev/null +++ b/src/schema/aws-cloudfront-distributiontenant.json @@ -0,0 +1,296 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/ManagedCertificateRequest" + ], + "definitions": { + "Certificate": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + } + }, + "type": "object" + }, + "Customizations": { + "additionalProperties": false, + "properties": { + "Certificate": { + "$ref": "#/definitions/Certificate" + }, + "GeoRestrictions": { + "$ref": "#/definitions/GeoRestrictionCustomization" + }, + "WebAcl": { + "$ref": "#/definitions/WebAclCustomization" + } + }, + "type": "object" + }, + "DomainResult": { + "additionalProperties": false, + "properties": { + "Domain": { + "type": "string" + }, + "Reason": { + "enum": [ + "pending-validation", + "validation-failed", + "pending-activation", + "customer-activated" + ], + "type": "string" + }, + "Status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + } + }, + "type": "object" + }, + "GeoRestrictionCustomization": { + "additionalProperties": false, + "properties": { + "Locations": { + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, + "RestrictionType": { + "enum": [ + "blacklist", + "whitelist", + "none" + ], + "type": "string" + } + }, + "type": "object" + }, + "ManagedCertificateRequest": { + "additionalProperties": false, + "properties": { + "CertificateTransparencyLoggingPreference": { + "enum": [ + "enabled", + "disabled" + ], + "type": "string" + }, + "PrimaryDomainName": { + "type": "string" + }, + "ValidationTokenHost": { + "enum": [ + "cloudfront", + "self-hosted" + ], + "type": "string" + } + }, + "type": "object" + }, + "Parameter": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + }, + "WebAclCustomization": { + "additionalProperties": false, + "properties": { + "Action": { + "enum": [ + "override", + "disable" + ], + "type": "string" + }, + "Arn": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Resource Type definition for AWS::CloudFront::DistributionTenant", + "handlers": { + "create": { + "permissions": [ + "acm:DeleteCertificate", + "acm:DescribeCertificate", + "acm:RequestCertificate", + "cloudfront:CreateDistributionTenant", + "cloudfront:GetDistributionTenant", + "cloudfront:GetManagedCertificateDetails", + "cloudfront:TagResource", + "cloudfront:VerifyDnsConfiguration" + ] + }, + "delete": { + "permissions": [ + "acm:DeleteCertificate", + "cloudfront:DeleteDistributionTenant", + "cloudfront:UpdateDistributionTenant", + "cloudfront:GetDistributionTenant" + ] + }, + "list": { + "permissions": [ + "cloudfront:ListDistributionTenants", + "cloudfront:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "cloudfront:GetDistributionTenant", + "cloudfront:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "acm:DeleteCertificate", + "acm:DescribeCertificate", + "acm:RequestCertificate", + "cloudfront:GetDistributionTenant", + "cloudfront:GetManagedCertificateDetails", + "cloudfront:UpdateDistributionTenant", + "cloudfront:ListTagsForResource", + "cloudfront:TagResource", + "cloudfront:UntagResource", + "cloudfront:VerifyDnsConfiguration" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "Arn": { + "type": "string" + }, + "ConnectionGroupId": { + "type": "string" + }, + "CreatedTime": { + "format": "date-time", + "type": "string" + }, + "Customizations": { + "$ref": "#/definitions/Customizations" + }, + "DistributionId": { + "type": "string" + }, + "DomainResults": { + "items": { + "$ref": "#/definitions/DomainResult" + }, + "type": "array", + "uniqueItems": false + }, + "Domains": { + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, + "ETag": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Id": { + "type": "string" + }, + "LastModifiedTime": { + "format": "date-time", + "type": "string" + }, + "ManagedCertificateRequest": { + "$ref": "#/definitions/ManagedCertificateRequest" + }, + "Name": { + "type": "string" + }, + "Parameters": { + "items": { + "$ref": "#/definitions/Parameter" + }, + "type": "array", + "uniqueItems": false + }, + "Status": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Arn", + "/properties/DomainResults", + "/properties/ETag", + "/properties/Status", + "/properties/CreatedTime", + "/properties/LastModifiedTime" + ], + "required": [ + "DistributionId", + "Name", + "Domains" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "cloudfront:TagResource", + "cloudfront:ListTagsForResource", + "cloudfront:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CloudFront::DistributionTenant", + "writeOnlyProperties": [ + "/properties/ManagedCertificateRequest" + ] +} diff --git a/src/schema/aws-cloudfront-function.json b/src/schema/aws-cloudfront-function.json index 8f7565a9..c8d1677e 100644 --- a/src/schema/aws-cloudfront-function.json +++ b/src/schema/aws-cloudfront-function.json @@ -3,11 +3,14 @@ "definitions": { "FunctionConfig": { "additionalProperties": false, + "description": "Contains configuration information about a CloudFront function.", "properties": { "Comment": { + "description": "A comment to describe the function.", "type": "string" }, "KeyValueStoreAssociations": { + "description": "The configuration for the key value store associations.", "items": { "$ref": "#/definitions/KeyValueStoreAssociation" }, @@ -15,6 +18,7 @@ "uniqueItems": true }, "Runtime": { + "description": "The function's runtime environment version.", "type": "string" } }, @@ -26,8 +30,10 @@ }, "FunctionMetadata": { "additionalProperties": false, + "description": "Contains metadata about a CloudFront function.", "properties": { "FunctionARN": { + "description": "The Amazon Resource Name (ARN) of the function. The ARN uniquely identifies the function.", "type": "string" } }, @@ -35,8 +41,10 @@ }, "KeyValueStoreAssociation": { "additionalProperties": false, + "description": "The key value store association.", "properties": { "KeyValueStoreARN": { + "description": "The Amazon Resource Name (ARN) of the key value store association.", "type": "string" } }, @@ -46,7 +54,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::Function", + "description": "Creates a CF function.\n To create a function, you provide the function code and some configuration information about the function. The response contains an Amazon Resource Name (ARN) that uniquely identifies the function, and the function\u2019s stage.\n By default, when you create a function, it\u2019s in the ``DEVELOPMENT`` stage. In this stage, you can [test the function](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/test-function.html) in the CF console (or with ``TestFunction`` in the CF API).\n When you\u2019re ready to use your function with a CF distribution, publish the function to the ``LIVE`` stage. You can do this in the CF console, with ``PublishFunction`` in the CF API, or by updating the ``AWS::CloudFront::Function`` resource with the ``AutoPublish`` property set to ``true``. When the function is published to the ``LIVE`` stage, you can attach it to a distribution\u2019s cache behavior, using the function\u2019s ARN.\n To automatically publish the function to the ``LIVE`` stage when it\u2019s created, set the ``AutoPublish`` property to ``true``.", "handlers": { "create": { "permissions": [ @@ -85,24 +93,31 @@ ], "properties": { "AutoPublish": { + "description": "A flag that determines whether to automatically publish the function to the ``LIVE`` stage when it\u2019s created. To automatically publish to the ``LIVE`` stage, set this property to ``true``.", "type": "boolean" }, "FunctionARN": { + "description": "", "type": "string" }, "FunctionCode": { + "description": "The function code. For more information about writing a CloudFront function, see [Writing function code for CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) in the *Amazon CloudFront Developer Guide*.", "type": "string" }, "FunctionConfig": { - "$ref": "#/definitions/FunctionConfig" + "$ref": "#/definitions/FunctionConfig", + "description": "Contains configuration information about a CloudFront function." }, "FunctionMetadata": { - "$ref": "#/definitions/FunctionMetadata" + "$ref": "#/definitions/FunctionMetadata", + "description": "Contains metadata about a CloudFront function." }, "Name": { + "description": "A name to identify the function.", "type": "string" }, "Stage": { + "description": "", "type": "string" } }, diff --git a/src/schema/aws-cloudfront-keygroup.json b/src/schema/aws-cloudfront-keygroup.json index 6a5b1ba6..e29980ac 100644 --- a/src/schema/aws-cloudfront-keygroup.json +++ b/src/schema/aws-cloudfront-keygroup.json @@ -3,11 +3,14 @@ "definitions": { "KeyGroupConfig": { "additionalProperties": false, + "description": "A key group configuration.\n A key group contains a list of public keys that you can use with [CloudFront signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html).", "properties": { "Comment": { + "description": "A comment to describe the key group. The comment cannot be longer than 128 characters.", "type": "string" }, "Items": { + "description": "A list of the identifiers of the public keys in the key group.", "items": { "type": "string" }, @@ -15,6 +18,7 @@ "uniqueItems": false }, "Name": { + "description": "A name to identify the key group.", "type": "string" } }, @@ -25,7 +29,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::KeyGroup", + "description": "A key group.\n A key group contains a list of public keys that you can use with [CloudFront signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html).", "handlers": { "create": { "permissions": [ @@ -60,12 +64,15 @@ ], "properties": { "Id": { + "description": "", "type": "string" }, "KeyGroupConfig": { - "$ref": "#/definitions/KeyGroupConfig" + "$ref": "#/definitions/KeyGroupConfig", + "description": "The key group configuration." }, "LastModifiedTime": { + "description": "", "type": "string" } }, diff --git a/src/schema/aws-cloudfront-keyvaluestore.json b/src/schema/aws-cloudfront-keyvaluestore.json index 30d10b86..3ebc83bd 100644 --- a/src/schema/aws-cloudfront-keyvaluestore.json +++ b/src/schema/aws-cloudfront-keyvaluestore.json @@ -6,11 +6,14 @@ "definitions": { "ImportSource": { "additionalProperties": false, + "description": "The import source for the key value store.", "properties": { "SourceArn": { + "description": "The Amazon Resource Name (ARN) of the import source for the key value store.", "type": "string" }, "SourceType": { + "description": "The source type of the import source for the key value store.", "type": "string" } }, @@ -21,7 +24,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::KeyValueStore", + "description": "The key value store. Use this to separate data from function code, allowing you to update data without having to publish a new version of a function. The key value store holds keys and their corresponding values.", "handlers": { "create": { "permissions": [ @@ -60,21 +63,27 @@ ], "properties": { "Arn": { + "description": "", "type": "string" }, "Comment": { + "description": "A comment for the key value store.", "type": "string" }, "Id": { + "description": "", "type": "string" }, "ImportSource": { - "$ref": "#/definitions/ImportSource" + "$ref": "#/definitions/ImportSource", + "description": "The import source for the key value store." }, "Name": { + "description": "The name of the key value store.", "type": "string" }, "Status": { + "description": "", "type": "string" } }, diff --git a/src/schema/aws-cloudfront-monitoringsubscription.json b/src/schema/aws-cloudfront-monitoringsubscription.json index b1acd3f2..4cece80b 100644 --- a/src/schema/aws-cloudfront-monitoringsubscription.json +++ b/src/schema/aws-cloudfront-monitoringsubscription.json @@ -6,17 +6,21 @@ "definitions": { "MonitoringSubscription": { "additionalProperties": false, + "description": "A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.", "properties": { "RealtimeMetricsSubscriptionConfig": { - "$ref": "#/definitions/RealtimeMetricsSubscriptionConfig" + "$ref": "#/definitions/RealtimeMetricsSubscriptionConfig", + "description": "A subscription configuration for additional CloudWatch metrics." } }, "type": "object" }, "RealtimeMetricsSubscriptionConfig": { "additionalProperties": false, + "description": "A subscription configuration for additional CloudWatch metrics.", "properties": { "RealtimeMetricsSubscriptionStatus": { + "description": "A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution.", "enum": [ "Enabled", "Disabled" @@ -30,7 +34,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::MonitoringSubscription", + "description": "A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.", "handlers": { "create": { "permissions": [ @@ -53,10 +57,12 @@ ], "properties": { "DistributionId": { + "description": "The ID of the distribution that you are enabling metrics for.", "type": "string" }, "MonitoringSubscription": { - "$ref": "#/definitions/MonitoringSubscription" + "$ref": "#/definitions/MonitoringSubscription", + "description": "A subscription configuration for additional CloudWatch metrics." } }, "required": [ diff --git a/src/schema/aws-cloudfront-originaccesscontrol.json b/src/schema/aws-cloudfront-originaccesscontrol.json index 3589c26a..e531e1c8 100644 --- a/src/schema/aws-cloudfront-originaccesscontrol.json +++ b/src/schema/aws-cloudfront-originaccesscontrol.json @@ -3,22 +3,28 @@ "definitions": { "OriginAccessControlConfig": { "additionalProperties": false, + "description": "Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.\n This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront.\n For more information about using a CloudFront origin access control, see [Restricting access to an origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide*.", "properties": { "Description": { + "description": "A description of the origin access control.", "type": "string" }, "Name": { + "description": "A name to identify the origin access control. You can specify up to 64 characters.", "type": "string" }, "OriginAccessControlOriginType": { + "description": "The type of origin that this origin access control is for.", "pattern": "^(s3|mediastore|lambda|mediapackagev2)$", "type": "string" }, "SigningBehavior": { + "description": "Specifies which requests CloudFront signs (adds authentication information to). Specify ``always`` for the most common use case. For more information, see [origin access control advanced settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) in the *Amazon CloudFront Developer Guide*.\n This field can have one of the following values:\n + ``always`` \u2013 CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists.\n + ``never`` \u2013 CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.\n + ``no-override`` \u2013 If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. *WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.*", "pattern": "^(never|no-override|always)$", "type": "string" }, "SigningProtocol": { + "description": "The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is ``sigv4``.", "pattern": "^(sigv4)$", "type": "string" } @@ -32,7 +38,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::OriginAccessControl", + "description": "Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.\n This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront.\n For more information about using a CloudFront origin access control, see [Restricting access to an origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide*.", "handlers": { "create": { "permissions": [ @@ -67,10 +73,12 @@ ], "properties": { "Id": { + "description": "", "type": "string" }, "OriginAccessControlConfig": { - "$ref": "#/definitions/OriginAccessControlConfig" + "$ref": "#/definitions/OriginAccessControlConfig", + "description": "The origin access control." } }, "readOnlyProperties": [ diff --git a/src/schema/aws-cloudfront-originrequestpolicy.json b/src/schema/aws-cloudfront-originrequestpolicy.json index 23d6b564..d01d0f48 100644 --- a/src/schema/aws-cloudfront-originrequestpolicy.json +++ b/src/schema/aws-cloudfront-originrequestpolicy.json @@ -3,12 +3,15 @@ "definitions": { "CookiesConfig": { "additionalProperties": false, + "description": "An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin.", "properties": { "CookieBehavior": { + "description": "Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:\n + ``none`` \u2013 No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in a ``CachePolicy`` *are* included in origin requests.\n + ``whitelist`` \u2013 Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in requests that CloudFront sends to the origin.\n + ``all`` \u2013 All cookies in viewer requests are included in requests that CloudFront sends to the origin.\n + ``allExcept`` \u2013 All cookies in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``CookieNames`` type, which are not included.", "pattern": "^(none|whitelist|all|allExcept)$", "type": "string" }, "Cookies": { + "description": "Contains a list of cookie names.", "items": { "type": "string" }, @@ -23,12 +26,15 @@ }, "HeadersConfig": { "additionalProperties": false, + "description": "An object that determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin.", "properties": { "HeaderBehavior": { + "description": "Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. Valid values are:\n + ``none`` \u2013 No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in a ``CachePolicy`` *are* included in origin requests.\n + ``whitelist`` \u2013 Only the HTTP headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin.\n + ``allViewer`` \u2013 All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.\n + ``allViewerAndWhitelistCloudFront`` \u2013 All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront.\n + ``allExcept`` \u2013 All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``Headers`` type, which are not included.", "pattern": "^(none|whitelist|allViewer|allViewerAndWhitelistCloudFront|allExcept)$", "type": "string" }, "Headers": { + "description": "Contains a list of HTTP header names.", "items": { "type": "string" }, @@ -43,21 +49,27 @@ }, "OriginRequestPolicyConfig": { "additionalProperties": false, + "description": "An origin request policy configuration.\n This configuration determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following:\n + The request body and the URL path (without the domain name) from the viewer request.\n + The headers that CloudFront automatically includes in every origin request, including ``Host``, ``User-Agent``, and ``X-Amz-Cf-Id``.\n + All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront.\n \n CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use ``CachePolicy``.", "properties": { "Comment": { + "description": "A comment to describe the origin request policy. The comment cannot be longer than 128 characters.", "type": "string" }, "CookiesConfig": { - "$ref": "#/definitions/CookiesConfig" + "$ref": "#/definitions/CookiesConfig", + "description": "The cookies from viewer requests to include in origin requests." }, "HeadersConfig": { - "$ref": "#/definitions/HeadersConfig" + "$ref": "#/definitions/HeadersConfig", + "description": "The HTTP headers to include in origin requests. These can include headers from viewer requests and additional headers added by CloudFront." }, "Name": { + "description": "A unique name to identify the origin request policy.", "type": "string" }, "QueryStringsConfig": { - "$ref": "#/definitions/QueryStringsConfig" + "$ref": "#/definitions/QueryStringsConfig", + "description": "The URL query strings from viewer requests to include in origin requests." } }, "required": [ @@ -70,12 +82,15 @@ }, "QueryStringsConfig": { "additionalProperties": false, + "description": "An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin.", "properties": { "QueryStringBehavior": { + "description": "Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:\n + ``none`` \u2013 No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in a ``CachePolicy`` *are* included in origin requests.\n + ``whitelist`` \u2013 Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in requests that CloudFront sends to the origin.\n + ``all`` \u2013 All query strings in viewer requests are included in requests that CloudFront sends to the origin.\n + ``allExcept`` \u2013 All query strings in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``QueryStringNames`` type, which are not included.", "pattern": "^(none|whitelist|all|allExcept)$", "type": "string" }, "QueryStrings": { + "description": "Contains a list of query string names.", "items": { "type": "string" }, @@ -89,7 +104,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::OriginRequestPolicy", + "description": "An origin request policy.\n When it's attached to a cache behavior, the origin request policy determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following:\n + The request body and the URL path (without the domain name) from the viewer request.\n + The headers that CloudFront automatically includes in every origin request, including ``Host``, ``User-Agent``, and ``X-Amz-Cf-Id``.\n + All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront.\n \n CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use ``CachePolicy``.", "handlers": { "create": { "permissions": [ @@ -124,13 +139,16 @@ ], "properties": { "Id": { + "description": "", "type": "string" }, "LastModifiedTime": { + "description": "", "type": "string" }, "OriginRequestPolicyConfig": { - "$ref": "#/definitions/OriginRequestPolicyConfig" + "$ref": "#/definitions/OriginRequestPolicyConfig", + "description": "The origin request policy configuration." } }, "readOnlyProperties": [ diff --git a/src/schema/aws-cloudfront-publickey.json b/src/schema/aws-cloudfront-publickey.json index b2e52673..9b99e3e7 100644 --- a/src/schema/aws-cloudfront-publickey.json +++ b/src/schema/aws-cloudfront-publickey.json @@ -3,17 +3,22 @@ "definitions": { "PublicKeyConfig": { "additionalProperties": false, + "description": "Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html).", "properties": { "CallerReference": { + "description": "A string included in the request to help make sure that the request can't be replayed.", "type": "string" }, "Comment": { + "description": "A comment to describe the public key. The comment cannot be longer than 128 characters.", "type": "string" }, "EncodedKey": { + "description": "The public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html).", "type": "string" }, "Name": { + "description": "A name to help identify the public key.", "type": "string" } }, @@ -25,7 +30,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::PublicKey", + "description": "A public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html).", "handlers": { "create": { "permissions": [ @@ -60,13 +65,16 @@ ], "properties": { "CreatedTime": { + "description": "", "type": "string" }, "Id": { + "description": "", "type": "string" }, "PublicKeyConfig": { - "$ref": "#/definitions/PublicKeyConfig" + "$ref": "#/definitions/PublicKeyConfig", + "description": "Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html), or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html)." } }, "readOnlyProperties": [ diff --git a/src/schema/aws-cloudfront-realtimelogconfig.json b/src/schema/aws-cloudfront-realtimelogconfig.json index c31243f1..8d3de306 100644 --- a/src/schema/aws-cloudfront-realtimelogconfig.json +++ b/src/schema/aws-cloudfront-realtimelogconfig.json @@ -6,11 +6,14 @@ "definitions": { "EndPoint": { "additionalProperties": false, + "description": "Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.", "properties": { "KinesisStreamConfig": { - "$ref": "#/definitions/KinesisStreamConfig" + "$ref": "#/definitions/KinesisStreamConfig", + "description": "Contains information about the Amazon Kinesis data stream where you are sending real-time log data." }, "StreamType": { + "description": "The type of data stream where you are sending real-time log data. The only valid value is ``Kinesis``.", "type": "string" } }, @@ -22,11 +25,14 @@ }, "KinesisStreamConfig": { "additionalProperties": false, + "description": "Contains information about the Amazon Kinesis data stream where you are sending real-time log data.", "properties": { "RoleArn": { + "description": "The Amazon Resource Name (ARN) of an IAMlong (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream.\n For more information the IAM role, see [Real-time log configuration IAM role](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-iam-role) in the *Amazon CloudFront Developer Guide*.", "type": "string" }, "StreamArn": { + "description": "The Amazon Resource Name (ARN) of the Kinesis data stream where you are sending real-time log data.", "type": "string" } }, @@ -37,7 +43,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::RealtimeLogConfig", + "description": "A real-time log configuration.", "handlers": { "create": { "permissions": [ @@ -74,9 +80,11 @@ ], "properties": { "Arn": { + "description": "", "type": "string" }, "EndPoints": { + "description": "Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.", "items": { "$ref": "#/definitions/EndPoint" }, @@ -85,6 +93,7 @@ "uniqueItems": false }, "Fields": { + "description": "A list of fields that are included in each real-time log record. In an API response, the fields are provided in the same order in which they are sent to the Amazon Kinesis data stream.\n For more information about fields, see [Real-time log configuration fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) in the *Amazon CloudFront Developer Guide*.", "items": { "type": "string" }, @@ -93,9 +102,11 @@ "uniqueItems": false }, "Name": { + "description": "The unique name of this real-time log configuration.", "type": "string" }, "SamplingRate": { + "description": "The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. The sampling rate is an integer between 1 and 100, inclusive.", "maximum": 100, "minimum": 1, "multipleOf": 1.0, diff --git a/src/schema/aws-cloudfront-responseheaderspolicy.json b/src/schema/aws-cloudfront-responseheaderspolicy.json index bb45f473..3d60fd37 100644 --- a/src/schema/aws-cloudfront-responseheaderspolicy.json +++ b/src/schema/aws-cloudfront-responseheaderspolicy.json @@ -3,8 +3,10 @@ "definitions": { "AccessControlAllowHeaders": { "additionalProperties": false, + "description": "A list of HTTP header names that CloudFront includes as values for the ``Access-Control-Allow-Headers`` HTTP response header.\n For more information about the ``Access-Control-Allow-Headers`` HTTP response header, see [Access-Control-Allow-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs.", "properties": { "Items": { + "description": "The list of HTTP header names. You can specify ``*`` to allow all headers.", "insertionOrder": false, "items": { "type": "string" @@ -19,8 +21,10 @@ }, "AccessControlAllowMethods": { "additionalProperties": false, + "description": "A list of HTTP methods that CloudFront includes as values for the ``Access-Control-Allow-Methods`` HTTP response header.\n For more information about the ``Access-Control-Allow-Methods`` HTTP response header, see [Access-Control-Allow-Methods](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs.", "properties": { "Items": { + "description": "The list of HTTP methods. Valid values are:\n + ``GET`` \n + ``DELETE`` \n + ``HEAD`` \n + ``OPTIONS`` \n + ``PATCH`` \n + ``POST`` \n + ``PUT`` \n + ``ALL`` \n \n ``ALL`` is a special value that includes all of the listed HTTP methods.", "insertionOrder": false, "items": { "type": "string" @@ -35,8 +39,10 @@ }, "AccessControlAllowOrigins": { "additionalProperties": false, + "description": "A list of origins (domain names) that CloudFront can use as the value for the ``Access-Control-Allow-Origin`` HTTP response header.\n For more information about the ``Access-Control-Allow-Origin`` HTTP response header, see [Access-Control-Allow-Origin](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs.", "properties": { "Items": { + "description": "The list of origins (domain names). You can specify ``*`` to allow all origins.", "insertionOrder": false, "items": { "type": "string" @@ -51,8 +57,10 @@ }, "AccessControlExposeHeaders": { "additionalProperties": false, + "description": "A list of HTTP headers that CloudFront includes as values for the ``Access-Control-Expose-Headers`` HTTP response header.\n For more information about the ``Access-Control-Expose-Headers`` HTTP response header, see [Access-Control-Expose-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs.", "properties": { "Items": { + "description": "The list of HTTP headers. You can specify ``*`` to expose all headers.", "insertionOrder": false, "items": { "type": "string" @@ -67,11 +75,14 @@ }, "ContentSecurityPolicy": { "additionalProperties": false, + "description": "The policy directives and their values that CloudFront includes as values for the ``Content-Security-Policy`` HTTP response header.\n For more information about the ``Content-Security-Policy`` HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs.", "properties": { "ContentSecurityPolicy": { + "description": "The policy directives and their values that CloudFront includes as values for the ``Content-Security-Policy`` HTTP response header.\n For more information about the ``Content-Security-Policy`` HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs.", "type": "string" }, "Override": { + "description": "A Boolean that determines whether CloudFront overrides the ``Content-Security-Policy`` HTTP response header received from the origin with the one specified in this response headers policy.", "type": "boolean" } }, @@ -83,8 +94,10 @@ }, "ContentTypeOptions": { "additionalProperties": false, + "description": "Determines whether CloudFront includes the ``X-Content-Type-Options`` HTTP response header with its value set to ``nosniff``.\n For more information about the ``X-Content-Type-Options`` HTTP response header, see [X-Content-Type-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs.", "properties": { "Override": { + "description": "A Boolean that determines whether CloudFront overrides the ``X-Content-Type-Options`` HTTP response header received from the origin with the one specified in this response headers policy.", "type": "boolean" } }, @@ -95,26 +108,34 @@ }, "CorsConfig": { "additionalProperties": false, + "description": "A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.\n For more information about CORS, see [Cross-Origin Resource Sharing (CORS)](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in the MDN Web Docs.", "properties": { "AccessControlAllowCredentials": { + "description": "A Boolean that CloudFront uses as the value for the ``Access-Control-Allow-Credentials`` HTTP response header.\n For more information about the ``Access-Control-Allow-Credentials`` HTTP response header, see [Access-Control-Allow-Credentials](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) in the MDN Web Docs.", "type": "boolean" }, "AccessControlAllowHeaders": { - "$ref": "#/definitions/AccessControlAllowHeaders" + "$ref": "#/definitions/AccessControlAllowHeaders", + "description": "A list of HTTP header names that CloudFront includes as values for the ``Access-Control-Allow-Headers`` HTTP response header.\n For more information about the ``Access-Control-Allow-Headers`` HTTP response header, see [Access-Control-Allow-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs." }, "AccessControlAllowMethods": { - "$ref": "#/definitions/AccessControlAllowMethods" + "$ref": "#/definitions/AccessControlAllowMethods", + "description": "A list of HTTP methods that CloudFront includes as values for the ``Access-Control-Allow-Methods`` HTTP response header.\n For more information about the ``Access-Control-Allow-Methods`` HTTP response header, see [Access-Control-Allow-Methods](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs." }, "AccessControlAllowOrigins": { - "$ref": "#/definitions/AccessControlAllowOrigins" + "$ref": "#/definitions/AccessControlAllowOrigins", + "description": "A list of origins (domain names) that CloudFront can use as the value for the ``Access-Control-Allow-Origin`` HTTP response header.\n For more information about the ``Access-Control-Allow-Origin`` HTTP response header, see [Access-Control-Allow-Origin](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs." }, "AccessControlExposeHeaders": { - "$ref": "#/definitions/AccessControlExposeHeaders" + "$ref": "#/definitions/AccessControlExposeHeaders", + "description": "A list of HTTP headers that CloudFront includes as values for the ``Access-Control-Expose-Headers`` HTTP response header.\n For more information about the ``Access-Control-Expose-Headers`` HTTP response header, see [Access-Control-Expose-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs." }, "AccessControlMaxAgeSec": { + "description": "A number that CloudFront uses as the value for the ``Access-Control-Max-Age`` HTTP response header.\n For more information about the ``Access-Control-Max-Age`` HTTP response header, see [Access-Control-Max-Age](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) in the MDN Web Docs.", "type": "integer" }, "OriginOverride": { + "description": "A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.", "type": "boolean" } }, @@ -129,14 +150,18 @@ }, "CustomHeader": { "additionalProperties": false, + "description": "An HTTP response header name and its value. CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.", "properties": { "Header": { + "description": "The HTTP response header name.", "type": "string" }, "Override": { + "description": "A Boolean that determines whether CloudFront overrides a response header with the same name received from the origin with the header specified here.", "type": "boolean" }, "Value": { + "description": "The value for the HTTP response header.", "type": "string" } }, @@ -149,8 +174,10 @@ }, "CustomHeadersConfig": { "additionalProperties": false, + "description": "A list of HTTP response header names and their values. CloudFront includes these headers in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.", "properties": { "Items": { + "description": "The list of HTTP response headers and their values.", "insertionOrder": false, "items": { "$ref": "#/definitions/CustomHeader" @@ -166,12 +193,15 @@ }, "FrameOptions": { "additionalProperties": false, + "description": "Determines whether CloudFront includes the ``X-Frame-Options`` HTTP response header and the header's value.\n For more information about the ``X-Frame-Options`` HTTP response header, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs.", "properties": { "FrameOption": { + "description": "The value of the ``X-Frame-Options`` HTTP response header. Valid values are ``DENY`` and ``SAMEORIGIN``.\n For more information about these values, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs.", "pattern": "^(DENY|SAMEORIGIN)$", "type": "string" }, "Override": { + "description": "A Boolean that determines whether CloudFront overrides the ``X-Frame-Options`` HTTP response header received from the origin with the one specified in this response headers policy.", "type": "boolean" } }, @@ -183,11 +213,14 @@ }, "ReferrerPolicy": { "additionalProperties": false, + "description": "Determines whether CloudFront includes the ``Referrer-Policy`` HTTP response header and the header's value.\n For more information about the ``Referrer-Policy`` HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs.", "properties": { "Override": { + "description": "A Boolean that determines whether CloudFront overrides the ``Referrer-Policy`` HTTP response header received from the origin with the one specified in this response headers policy.", "type": "boolean" }, "ReferrerPolicy": { + "description": "Determines whether CloudFront includes the ``Referrer-Policy`` HTTP response header and the header's value.\n For more information about the ``Referrer-Policy`` HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs.", "pattern": "^(no-referrer|no-referrer-when-downgrade|origin|origin-when-cross-origin|same-origin|strict-origin|strict-origin-when-cross-origin|unsafe-url)$", "type": "string" } @@ -200,8 +233,10 @@ }, "RemoveHeader": { "additionalProperties": false, + "description": "The name of an HTTP header that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.", "properties": { "Header": { + "description": "The HTTP header name.", "type": "string" } }, @@ -212,8 +247,10 @@ }, "RemoveHeadersConfig": { "additionalProperties": false, + "description": "A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.", "properties": { "Items": { + "description": "The list of HTTP header names.", "insertionOrder": false, "items": { "$ref": "#/definitions/RemoveHeader" @@ -229,27 +266,35 @@ }, "ResponseHeadersPolicyConfig": { "additionalProperties": false, + "description": "A response headers policy configuration.\n A response headers policy configuration contains metadata about the response headers policy, and configurations for sets of HTTP response headers.", "properties": { "Comment": { + "description": "A comment to describe the response headers policy.\n The comment cannot be longer than 128 characters.", "type": "string" }, "CorsConfig": { - "$ref": "#/definitions/CorsConfig" + "$ref": "#/definitions/CorsConfig", + "description": "A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS)." }, "CustomHeadersConfig": { - "$ref": "#/definitions/CustomHeadersConfig" + "$ref": "#/definitions/CustomHeadersConfig", + "description": "A configuration for a set of custom HTTP response headers." }, "Name": { + "description": "A name to identify the response headers policy.\n The name must be unique for response headers policies in this AWS-account.", "type": "string" }, "RemoveHeadersConfig": { - "$ref": "#/definitions/RemoveHeadersConfig" + "$ref": "#/definitions/RemoveHeadersConfig", + "description": "A configuration for a set of HTTP headers to remove from the HTTP response." }, "SecurityHeadersConfig": { - "$ref": "#/definitions/SecurityHeadersConfig" + "$ref": "#/definitions/SecurityHeadersConfig", + "description": "A configuration for a set of security-related HTTP response headers." }, "ServerTimingHeadersConfig": { - "$ref": "#/definitions/ServerTimingHeadersConfig" + "$ref": "#/definitions/ServerTimingHeadersConfig", + "description": "A configuration for enabling the ``Server-Timing`` header in HTTP responses sent from CloudFront." } }, "required": [ @@ -259,24 +304,31 @@ }, "SecurityHeadersConfig": { "additionalProperties": false, + "description": "A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.", "properties": { "ContentSecurityPolicy": { - "$ref": "#/definitions/ContentSecurityPolicy" + "$ref": "#/definitions/ContentSecurityPolicy", + "description": "The policy directives and their values that CloudFront includes as values for the ``Content-Security-Policy`` HTTP response header.\n For more information about the ``Content-Security-Policy`` HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs." }, "ContentTypeOptions": { - "$ref": "#/definitions/ContentTypeOptions" + "$ref": "#/definitions/ContentTypeOptions", + "description": "Determines whether CloudFront includes the ``X-Content-Type-Options`` HTTP response header with its value set to ``nosniff``.\n For more information about the ``X-Content-Type-Options`` HTTP response header, see [X-Content-Type-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs." }, "FrameOptions": { - "$ref": "#/definitions/FrameOptions" + "$ref": "#/definitions/FrameOptions", + "description": "Determines whether CloudFront includes the ``X-Frame-Options`` HTTP response header and the header's value.\n For more information about the ``X-Frame-Options`` HTTP response header, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs." }, "ReferrerPolicy": { - "$ref": "#/definitions/ReferrerPolicy" + "$ref": "#/definitions/ReferrerPolicy", + "description": "Determines whether CloudFront includes the ``Referrer-Policy`` HTTP response header and the header's value.\n For more information about the ``Referrer-Policy`` HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs." }, "StrictTransportSecurity": { - "$ref": "#/definitions/StrictTransportSecurity" + "$ref": "#/definitions/StrictTransportSecurity", + "description": "Determines whether CloudFront includes the ``Strict-Transport-Security`` HTTP response header and the header's value.\n For more information about the ``Strict-Transport-Security`` HTTP response header, see [Security headers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html#understanding-response-headers-policies-security) in the *Amazon CloudFront Developer Guide* and [Strict-Transport-Security](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs." }, "XSSProtection": { - "$ref": "#/definitions/XSSProtection" + "$ref": "#/definitions/XSSProtection", + "description": "Determines whether CloudFront includes the ``X-XSS-Protection`` HTTP response header and the header's value.\n For more information about the ``X-XSS-Protection`` HTTP response header, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs." } }, "required": [], @@ -284,11 +336,14 @@ }, "ServerTimingHeadersConfig": { "additionalProperties": false, + "description": "A configuration for enabling the ``Server-Timing`` header in HTTP responses sent from CloudFront.", "properties": { "Enabled": { + "description": "A Boolean that determines whether CloudFront adds the ``Server-Timing`` header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy.", "type": "boolean" }, "SamplingRate": { + "description": "A number 0\u2013100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the ``Server-Timing`` header to. When you set the sampling rate to 100, CloudFront adds the ``Server-Timing`` header to the HTTP response for every request that matches the cache behavior that this response headers policy is attached to. When you set it to 50, CloudFront adds the header to 50% of the responses for requests that match the cache behavior. You can set the sampling rate to any number 0\u2013100 with up to four decimal places.", "maximum": 100, "minimum": 0, "multipleOf": 0.0001, @@ -302,17 +357,22 @@ }, "StrictTransportSecurity": { "additionalProperties": false, + "description": "Determines whether CloudFront includes the ``Strict-Transport-Security`` HTTP response header and the header's value.\n For more information about the ``Strict-Transport-Security`` HTTP response header, see [Strict-Transport-Security](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs.", "properties": { "AccessControlMaxAgeSec": { + "description": "A number that CloudFront uses as the value for the ``max-age`` directive in the ``Strict-Transport-Security`` HTTP response header.", "type": "integer" }, "IncludeSubdomains": { + "description": "A Boolean that determines whether CloudFront includes the ``includeSubDomains`` directive in the ``Strict-Transport-Security`` HTTP response header.", "type": "boolean" }, "Override": { + "description": "A Boolean that determines whether CloudFront overrides the ``Strict-Transport-Security`` HTTP response header received from the origin with the one specified in this response headers policy.", "type": "boolean" }, "Preload": { + "description": "A Boolean that determines whether CloudFront includes the ``preload`` directive in the ``Strict-Transport-Security`` HTTP response header.", "type": "boolean" } }, @@ -324,17 +384,22 @@ }, "XSSProtection": { "additionalProperties": false, + "description": "Determines whether CloudFront includes the ``X-XSS-Protection`` HTTP response header and the header's value.\n For more information about the ``X-XSS-Protection`` HTTP response header, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.", "properties": { "ModeBlock": { + "description": "A Boolean that determines whether CloudFront includes the ``mode=block`` directive in the ``X-XSS-Protection`` header.\n For more information about this directive, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.", "type": "boolean" }, "Override": { + "description": "A Boolean that determines whether CloudFront overrides the ``X-XSS-Protection`` HTTP response header received from the origin with the one specified in this response headers policy.", "type": "boolean" }, "Protection": { + "description": "A Boolean that determines the value of the ``X-XSS-Protection`` HTTP response header. When this setting is ``true``, the value of the ``X-XSS-Protection`` header is ``1``. When this setting is ``false``, the value of the ``X-XSS-Protection`` header is ``0``.\n For more information about these settings, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.", "type": "boolean" }, "ReportUri": { + "description": "A reporting URI, which CloudFront uses as the value of the ``report`` directive in the ``X-XSS-Protection`` header.\n You cannot specify a ``ReportUri`` when ``ModeBlock`` is ``true``.\n For more information about using a reporting URL, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.", "type": "string" } }, @@ -345,7 +410,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::CloudFront::ResponseHeadersPolicy", + "description": "A response headers policy.\n A response headers policy contains information about a set of HTTP response headers.\n After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it's attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy.\n For more information, see [Adding or removing HTTP headers in CloudFront responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html) in the *Amazon CloudFront Developer Guide*.", "handlers": { "create": { "permissions": [ @@ -380,13 +445,16 @@ ], "properties": { "Id": { + "description": "", "type": "string" }, "LastModifiedTime": { + "description": "", "type": "string" }, "ResponseHeadersPolicyConfig": { - "$ref": "#/definitions/ResponseHeadersPolicyConfig" + "$ref": "#/definitions/ResponseHeadersPolicyConfig", + "description": "A response headers policy configuration." } }, "readOnlyProperties": [ diff --git a/src/schema/aws-cloudfront-vpcorigin.json b/src/schema/aws-cloudfront-vpcorigin.json new file mode 100644 index 00000000..1bfb7824 --- /dev/null +++ b/src/schema/aws-cloudfront-vpcorigin.json @@ -0,0 +1,181 @@ +{ + "additionalProperties": false, + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A complex type that contains ``Tag`` key and ``Tag`` value.", + "properties": { + "Key": { + "description": "A string that contains ``Tag`` key.\n The string length should be between 1 and 128 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.", + "type": "string" + }, + "Value": { + "description": "A string that contains an optional ``Tag`` value.\n The string length should be between 0 and 256 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.", + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + }, + "VpcOriginEndpointConfig": { + "additionalProperties": false, + "description": "An Amazon CloudFront VPC origin endpoint configuration.", + "properties": { + "Arn": { + "description": "The ARN of the CloudFront VPC origin endpoint configuration.", + "type": "string" + }, + "HTTPPort": { + "default": 80, + "description": "The HTTP port for the CloudFront VPC origin endpoint configuration. The default value is ``80``.", + "type": "integer" + }, + "HTTPSPort": { + "default": 443, + "description": "The HTTPS port of the CloudFront VPC origin endpoint configuration. The default value is ``443``.", + "type": "integer" + }, + "Name": { + "description": "The name of the CloudFront VPC origin endpoint configuration.", + "type": "string" + }, + "OriginProtocolPolicy": { + "default": "match-viewer", + "description": "The origin protocol policy for the CloudFront VPC origin endpoint configuration.", + "type": "string" + }, + "OriginSSLProtocols": { + "default": [ + "TLSv1", + "SSLv3" + ], + "description": "", + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + } + }, + "required": [ + "Name", + "Arn" + ], + "type": "object" + } + }, + "description": "An Amazon CloudFront VPC origin.", + "handlers": { + "create": { + "permissions": [ + "cloudfront:CreateVpcOrigin", + "cloudfront:GetVpcOrigin", + "cloudfront:TagResource", + "ec2:DescribeInstances", + "elasticloadbalancing:DescribeLoadBalancers", + "ec2:DescribeInternetGateways", + "iam:CreateServiceLinkedRole", + "sts:AssumeRole" + ] + }, + "delete": { + "permissions": [ + "cloudfront:DeleteVpcOrigin", + "cloudfront:GetVpcOrigin", + "elasticloadbalancing:DescribeLoadBalancers", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "iam:CreateServiceLinkedRole", + "sts:AssumeRole" + ] + }, + "list": { + "permissions": [ + "cloudfront:ListVpcOrigins" + ] + }, + "read": { + "permissions": [ + "cloudfront:GetVpcOrigin", + "cloudfront:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "cloudfront:UpdateVpcOrigin", + "cloudfront:GetVpcOrigin", + "cloudfront:TagResource", + "ec2:DescribeInstances", + "cloudfront:UntagResource", + "cloudfront:ListTagsForResource", + "elasticloadbalancing:DescribeLoadBalancers", + "ec2:DescribeInternetGateways", + "iam:CreateServiceLinkedRole", + "sts:AssumeRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "Arn": { + "description": "", + "type": "string" + }, + "CreatedTime": { + "description": "", + "type": "string" + }, + "Id": { + "description": "", + "type": "string" + }, + "LastModifiedTime": { + "description": "", + "type": "string" + }, + "Status": { + "description": "", + "type": "string" + }, + "Tags": { + "description": "A complex type that contains zero or more ``Tag`` elements.", + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + }, + "VpcOriginEndpointConfig": { + "$ref": "#/definitions/VpcOriginEndpointConfig", + "description": "The VPC origin endpoint configuration." + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Arn", + "/properties/Status", + "/properties/CreatedTime", + "/properties/LastModifiedTime" + ], + "required": [ + "VpcOriginEndpointConfig" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "cloudfront:TagResource", + "cloudfront:UntagResource", + "cloudfront:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CloudFront::VpcOrigin" +} diff --git a/src/schema/aws-cloudtrail-channel.json b/src/schema/aws-cloudtrail-channel.json index c503485c..53dbf50b 100644 --- a/src/schema/aws-cloudtrail-channel.json +++ b/src/schema/aws-cloudtrail-channel.json @@ -97,7 +97,8 @@ "read": { "permissions": [ "CloudTrail:GetChannel", - "CloudTrail:ListChannels" + "CloudTrail:ListChannels", + "CloudTrail:ListTags" ] }, "update": { @@ -153,13 +154,15 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudtrail.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "CloudTrail:AddTags", + "CloudTrail:RemoveTags", + "CloudTrail:ListTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::CloudTrail::Channel", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::CloudTrail::Channel" } diff --git a/src/schema/aws-cloudtrail-dashboard.json b/src/schema/aws-cloudtrail-dashboard.json new file mode 100644 index 00000000..c7cb99a3 --- /dev/null +++ b/src/schema/aws-cloudtrail-dashboard.json @@ -0,0 +1,247 @@ +{ + "additionalProperties": false, + "definitions": { + "QueryParameter": { + "description": "The value of the QueryParameter. Possible values: $StartTime$, $EndTime$, $Period$.", + "maxLength": 1024, + "minLength": 1, + "pattern": ".*", + "type": "string" + }, + "RefreshSchedule": { + "additionalProperties": false, + "description": "Configures the automatic refresh schedule for the dashboard. Includes the frequency unit (DAYS or HOURS) and value, as well as the status (ENABLED or DISABLED) of the refresh schedule.", + "properties": { + "Frequency": { + "additionalProperties": false, + "properties": { + "Unit": { + "description": "The frequency unit. Supported values are HOURS and DAYS.", + "enum": [ + "HOURS", + "DAYS" + ], + "type": "string" + }, + "Value": { + "description": "The frequency value.", + "type": "integer" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "Status": { + "description": "The status of the schedule. Supported values are ENABLED and DISABLED.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "TimeOfDay": { + "description": "StartTime of the automatic schedule refresh.", + "pattern": "^[0-9]{2}:[0-9]{2}", + "type": "string" + } + }, + "required": [], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "An arbitrary set of tags (key-value pairs) for this dashboard.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + }, + "Timestamp": { + "type": "string" + }, + "Widget": { + "additionalProperties": false, + "description": "The dashboard widget", + "properties": { + "QueryParameters": { + "description": "The placeholder keys in the QueryStatement. For example: $StartTime$, $EndTime$, $Period$.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/QueryParameter" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": false + }, + "QueryStatement": { + "description": "The SQL query statement on one or more event data stores.", + "maxLength": 10000, + "minLength": 1, + "pattern": "(?s).*", + "type": "string" + }, + "ViewProperties": { + "additionalProperties": false, + "description": "The view properties of the widget.", + "patternProperties": { + "^[a-zA-Z0-9._-]{3,128}$": { + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9._\\- ]+$", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "QueryStatement" + ], + "type": "object" + } + }, + "description": "The Amazon CloudTrail dashboard resource allows customers to manage managed dashboards and create custom dashboards. You can manually refresh custom and managed dashboards. For custom dashboards, you can also set up an automatic refresh schedule and modify dashboard widgets.", + "handlers": { + "create": { + "permissions": [ + "CloudTrail:CreateDashboard", + "CloudTrail:AddTags", + "CloudTrail:StartQuery", + "CloudTrail:StartDashboardRefresh" + ] + }, + "delete": { + "permissions": [ + "CloudTrail:DeleteDashboard", + "CloudTrail:UpdateDashboard" + ] + }, + "list": { + "permissions": [ + "CloudTrail:ListDashboards", + "CloudTrail:GetDashboard", + "CloudTrail:ListTags" + ] + }, + "read": { + "permissions": [ + "CloudTrail:GetDashboard", + "CloudTrail:ListDashboards", + "CloudTrail:ListTags" + ] + }, + "update": { + "permissions": [ + "CloudTrail:UpdateDashboard", + "CloudTrail:AddTags", + "CloudTrail:RemoveTags", + "CloudTrail:StartQuery", + "CloudTrail:StartDashboardRefresh" + ] + } + }, + "primaryIdentifier": [ + "/properties/DashboardArn" + ], + "properties": { + "CreatedTimestamp": { + "$ref": "#/definitions/Timestamp", + "description": "The timestamp of the dashboard creation." + }, + "DashboardArn": { + "description": "The ARN of the dashboard.", + "pattern": "^[a-zA-Z0-9._/\\-:]+$", + "type": "string" + }, + "Name": { + "description": "The name of the dashboard.", + "pattern": "^[a-zA-Z0-9_\\-]+$", + "type": "string" + }, + "RefreshSchedule": { + "$ref": "#/definitions/RefreshSchedule", + "description": "Configures the automatic refresh schedule for the dashboard. Includes the frequency unit (DAYS or HOURS) and value, as well as the status (ENABLED or DISABLED) of the refresh schedule." + }, + "Status": { + "description": "The status of the dashboard. Values are CREATING, CREATED, UPDATING, UPDATED and DELETING.", + "enum": [ + "CREATING", + "CREATED", + "UPDATING", + "UPDATED", + "DELETING" + ], + "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + }, + "TerminationProtectionEnabled": { + "description": "Indicates whether the dashboard is protected from termination.", + "type": "boolean" + }, + "Type": { + "description": "The type of the dashboard. Values are CUSTOM and MANAGED.", + "enum": [ + "MANAGED", + "CUSTOM" + ], + "type": "string" + }, + "UpdatedTimestamp": { + "$ref": "#/definitions/Timestamp", + "description": "The timestamp showing when the dashboard was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp." + }, + "Widgets": { + "description": "List of widgets on the dashboard", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Widget" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/DashboardArn", + "/properties/CreatedTimestamp", + "/properties/UpdatedTimestamp", + "/properties/Status", + "/properties/Type" + ], + "required": [], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudtrail.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "CloudTrail:AddTags", + "CloudTrail:RemoveTags", + "CloudTrail:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CloudTrail::Dashboard" +} diff --git a/src/schema/aws-cloudtrail-eventdatastore.json b/src/schema/aws-cloudtrail-eventdatastore.json index 2639138a..eee37ab1 100644 --- a/src/schema/aws-cloudtrail-eventdatastore.json +++ b/src/schema/aws-cloudtrail-eventdatastore.json @@ -334,5 +334,17 @@ ], "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudtrail.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "CloudTrail:AddTags", + "CloudTrail:RemoveTags", + "CloudTrail:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::CloudTrail::EventDataStore" } diff --git a/src/schema/aws-cloudtrail-trail.json b/src/schema/aws-cloudtrail-trail.json index ff2de185..aa86eec7 100644 --- a/src/schema/aws-cloudtrail-trail.json +++ b/src/schema/aws-cloudtrail-trail.json @@ -390,7 +390,13 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudtrail.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "CloudTrail:AddTags", + "CloudTrail:RemoveTags", + "CloudTrail:ListTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-cloudwatch-alarm.json b/src/schema/aws-cloudwatch-alarm.json index e9d4fb47..69603df0 100644 --- a/src/schema/aws-cloudwatch-alarm.json +++ b/src/schema/aws-cloudwatch-alarm.json @@ -115,10 +115,10 @@ }, "Tag": { "additionalProperties": false, - "description": "", + "description": "One of the key-value pairs associated with the alarm. Tags can help you organize and categorize your resources.", "properties": { "Key": { - "description": "A unique identifier for the tag. The combination of tag keys and values can help you organize and categorize your resources.", + "description": "A string that you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.", "maxLength": 128, "minLength": 1, "type": "string" @@ -263,7 +263,7 @@ "uniqueItems": false }, "Period": { - "description": "The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60.\n For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter.\n *Minimum:* 10", + "description": "The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60.\n For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter.\n *Minimum:* 10", "type": "integer" }, "Statistic": { @@ -271,7 +271,7 @@ "type": "string" }, "Tags": { - "description": "", + "description": "A list of key-value pairs to associate with the alarm. You can associate as many as 50 tags with an alarm. To be able to associate tags with the alarm when you create the alarm, you must have the ``cloudwatch:TagResource`` permission.\n Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.", "items": { "$ref": "#/definitions/Tag" }, @@ -306,6 +306,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudwatch.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cloudwatch:TagResource", + "cloudwatch:UntagResource", + "cloudwatch:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cloudwatch-compositealarm.json b/src/schema/aws-cloudwatch-compositealarm.json index ab800220..cd11c946 100644 --- a/src/schema/aws-cloudwatch-compositealarm.json +++ b/src/schema/aws-cloudwatch-compositealarm.json @@ -169,6 +169,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudwatch.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "cloudwatch:TagResource", + "cloudwatch:UntagResource", + "cloudwatch:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cloudwatch-metricstream.json b/src/schema/aws-cloudwatch-metricstream.json index abf6a199..73f0a363 100644 --- a/src/schema/aws-cloudwatch-metricstream.json +++ b/src/schema/aws-cloudwatch-metricstream.json @@ -149,7 +149,8 @@ }, "read": { "permissions": [ - "cloudwatch:GetMetricStream" + "cloudwatch:GetMetricStream", + "cloudwatch:ListTagsForResource" ] }, "update": { @@ -274,9 +275,17 @@ "/properties/State" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudwatch.git", - "taggable": true, - "typeName": "AWS::CloudWatch::MetricStream", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "cloudwatch:TagResource", + "cloudwatch:UntagResource", + "cloudwatch:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CloudWatch::MetricStream" } diff --git a/src/schema/aws-codeartifact-domain.json b/src/schema/aws-codeartifact-domain.json index 32702ad1..9c2ed8c0 100644 --- a/src/schema/aws-codeartifact-domain.json +++ b/src/schema/aws-codeartifact-domain.json @@ -37,7 +37,8 @@ "codeartifact:DescribeDomain", "codeartifact:PutDomainPermissionsPolicy", "codeartifact:GetDomainPermissionsPolicy", - "codeartifact:TagResource" + "codeartifact:TagResource", + "codeartifact:ListTagsForResource" ] }, "delete": { @@ -60,11 +61,13 @@ }, "update": { "permissions": [ + "codeartifact:DescribeDomain", "codeartifact:PutDomainPermissionsPolicy", "codeartifact:DeleteDomainPermissionsPolicy", "codeartifact:GetDomainPermissionsPolicy", "codeartifact:TagResource", - "codeartifact:UntagResource" + "codeartifact:UntagResource", + "codeartifact:ListTagsForResource" ] } }, @@ -127,6 +130,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codeartifact", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "codeartifact:ListTagsForResource", + "codeartifact:UntagResource", + "codeartifact:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-codeartifact-repository.json b/src/schema/aws-codeartifact-repository.json index bdf2103c..d3c615c5 100644 --- a/src/schema/aws-codeartifact-repository.json +++ b/src/schema/aws-codeartifact-repository.json @@ -37,9 +37,11 @@ "codeartifact:CreateRepository", "codeartifact:DescribeRepository", "codeartifact:PutRepositoryPermissionsPolicy", + "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:AssociateExternalConnection", "codeartifact:AssociateWithDownstreamRepository", - "codeartifact:TagResource" + "codeartifact:TagResource", + "codeartifact:ListTagsForResource" ] }, "delete": { @@ -63,6 +65,7 @@ "update": { "permissions": [ "codeartifact:PutRepositoryPermissionsPolicy", + "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:DeleteRepositoryPermissionsPolicy", "codeartifact:AssociateExternalConnection", "codeartifact:DisassociateExternalConnection", @@ -70,7 +73,8 @@ "codeartifact:DescribeRepository", "codeartifact:AssociateWithDownstreamRepository", "codeartifact:TagResource", - "codeartifact:UntagResource" + "codeartifact:UntagResource", + "codeartifact:ListTagsForResource" ] } }, @@ -155,6 +159,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codeartifact", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "codeartifact:ListTagsForResource", + "codeartifact:UntagResource", + "codeartifact:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-codebuild-fleet.json b/src/schema/aws-codebuild-fleet.json index 11427cf0..a3f29f0b 100644 --- a/src/schema/aws-codebuild-fleet.json +++ b/src/schema/aws-codebuild-fleet.json @@ -1,6 +1,97 @@ { "additionalProperties": false, "definitions": { + "ComputeConfiguration": { + "additionalProperties": false, + "properties": { + "disk": { + "type": "integer" + }, + "machineType": { + "enum": [ + "GENERAL", + "NVME" + ], + "type": "string" + }, + "memory": { + "type": "integer" + }, + "vCpu": { + "type": "integer" + } + }, + "type": "object" + }, + "FleetProxyRule": { + "additionalProperties": false, + "properties": { + "Effect": { + "enum": [ + "ALLOW", + "DENY" + ], + "type": "string" + }, + "Entities": { + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "Type": { + "enum": [ + "DOMAIN", + "IP" + ], + "type": "string" + } + }, + "type": "object" + }, + "ProxyConfiguration": { + "additionalProperties": false, + "properties": { + "DefaultBehavior": { + "enum": [ + "ALLOW_ALL", + "DENY_ALL" + ], + "type": "string" + }, + "OrderedProxyRules": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/FleetProxyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "ScalingConfigurationInput": { + "additionalProperties": false, + "properties": { + "MaxCapacity": { + "minimum": 1, + "type": "integer" + }, + "ScalingType": { + "enum": [ + "TARGET_TRACKING_SCALING" + ], + "type": "string" + }, + "TargetTrackingScalingConfigs": { + "items": { + "$ref": "#/definitions/TargetTrackingScalingConfiguration" + }, + "type": "array" + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -25,6 +116,21 @@ ], "type": "object" }, + "TargetTrackingScalingConfiguration": { + "additionalProperties": false, + "properties": { + "MetricType": { + "enum": [ + "FLEET_UTILIZATION_RATE" + ], + "type": "string" + }, + "TargetValue": { + "type": "number" + } + }, + "type": "object" + }, "VpcConfig": { "additionalProperties": false, "properties": { @@ -94,12 +200,17 @@ "minimum": 1, "type": "integer" }, + "ComputeConfiguration": { + "$ref": "#/definitions/ComputeConfiguration" + }, "ComputeType": { "enum": [ "BUILD_GENERAL1_SMALL", "BUILD_GENERAL1_MEDIUM", "BUILD_GENERAL1_LARGE", - "BUILD_GENERAL1_2XLARGE" + "BUILD_GENERAL1_XLARGE", + "BUILD_GENERAL1_2XLARGE", + "ATTRIBUTE_BASED_COMPUTE" ], "type": "string" }, @@ -109,10 +220,17 @@ "WINDOWS_SERVER_2022_CONTAINER", "LINUX_CONTAINER", "LINUX_GPU_CONTAINER", - "ARM_CONTAINER" + "ARM_CONTAINER", + "MAC_ARM", + "LINUX_EC2", + "ARM_EC2", + "WINDOWS_EC2" ], "type": "string" }, + "FleetProxyConfiguration": { + "$ref": "#/definitions/ProxyConfiguration" + }, "FleetServiceRole": { "pattern": "^(?:arn:)[a-zA-Z+-=,._:/@]+$", "type": "string" @@ -120,6 +238,10 @@ "FleetVpcConfig": { "$ref": "#/definitions/VpcConfig" }, + "ImageId": { + "pattern": "^((aws/codebuild/[A-Za-z-]+:[0-9]+(-[0-9._]+)?)|ami-[a-z0-9]{1,1020})$", + "type": "string" + }, "Name": { "maxLength": 128, "minLength": 2, @@ -132,6 +254,9 @@ ], "type": "string" }, + "ScalingConfiguration": { + "$ref": "#/definitions/ScalingConfigurationInput" + }, "Tags": { "insertionOrder": false, "items": { diff --git a/src/schema/aws-codebuild-project.json b/src/schema/aws-codebuild-project.json index 177e07fc..853e396f 100644 --- a/src/schema/aws-codebuild-project.json +++ b/src/schema/aws-codebuild-project.json @@ -199,6 +199,9 @@ "ProjectCache": { "additionalProperties": false, "properties": { + "CacheNamespace": { + "type": "string" + }, "Location": { "type": "string" }, @@ -328,8 +331,14 @@ "ScopeConfiguration": { "additionalProperties": false, "properties": { + "Domain": { + "type": "string" + }, "Name": { "type": "string" + }, + "Scope": { + "type": "string" } }, "required": [ @@ -442,6 +451,9 @@ "Artifacts": { "$ref": "#/definitions/Artifacts" }, + "AutoRetryLimit": { + "type": "integer" + }, "BadgeEnabled": { "type": "boolean" }, diff --git a/src/schema/aws-codeconnections-connection.json b/src/schema/aws-codeconnections-connection.json index f4db7afd..ff12695e 100644 --- a/src/schema/aws-codeconnections-connection.json +++ b/src/schema/aws-codeconnections-connection.json @@ -122,6 +122,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codeconnections.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "codeconnections:TagResource", + "codeconnections:ListTagsForResource", + "codeconnections:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-codedeploy-application.json b/src/schema/aws-codedeploy-application.json index 98b74200..b9d9a501 100644 --- a/src/schema/aws-codedeploy-application.json +++ b/src/schema/aws-codedeploy-application.json @@ -79,6 +79,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "codedeploy:TagResource", + "codedeploy:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-codeguruprofiler-profilinggroup.json b/src/schema/aws-codeguruprofiler-profilinggroup.json index c570b0f6..4e5f2cad 100644 --- a/src/schema/aws-codeguruprofiler-profilinggroup.json +++ b/src/schema/aws-codeguruprofiler-profilinggroup.json @@ -81,18 +81,23 @@ "list": { "permissions": [ "codeguru-profiler:ListProfilingGroups", - "codeguru-profiler:ListTagsForResource" + "codeguru-profiler:ListTagsForResource", + "codeguru-profiler:GetNotificationConfiguration", + "codeguru-profiler:GetPolicy" ] }, "read": { "permissions": [ "codeguru-profiler:DescribeProfilingGroup", - "codeguru-profiler:ListTagsForResource" + "codeguru-profiler:ListTagsForResource", + "codeguru-profiler:GetNotificationConfiguration", + "codeguru-profiler:GetPolicy" ] }, "update": { "permissions": [ "sns:Publish", + "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:AddNotificationChannels", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:RemoveNotificationChannel", @@ -172,5 +177,17 @@ "ProfilingGroupName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codeguru-profiler", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "codeguru-profiler:TagResource", + "codeguru-profiler:ListTagsForResource", + "codeguru-profiler:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::CodeGuruProfiler::ProfilingGroup" } diff --git a/src/schema/aws-codepipeline-pipeline.json b/src/schema/aws-codepipeline-pipeline.json index 43daccb7..c1e9d744 100644 --- a/src/schema/aws-codepipeline-pipeline.json +++ b/src/schema/aws-codepipeline-pipeline.json @@ -11,6 +11,14 @@ "ActionTypeId": { "$ref": "#/definitions/ActionTypeId" }, + "Commands": { + "description": "The shell commands to run with your compute action in CodePipeline.", + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, "Configuration": { "description": "The action's configuration. These are key-value pairs that specify input values for an action.", "type": "object" @@ -37,6 +45,14 @@ "type": "array", "uniqueItems": true }, + "OutputVariables": { + "description": "The list of variables that are to be exported from the compute action.", + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, "Region": { "description": "The action declaration's AWS Region, such as us-east-1.", "type": "string" @@ -73,7 +89,8 @@ "Test", "Deploy", "Invoke", - "Approval" + "Approval", + "Compute" ], "type": "string" }, @@ -141,6 +158,20 @@ ], "type": "object" }, + "BeforeEntryConditions": { + "additionalProperties": false, + "description": "The configuration that specifies the rules to run before stage starts.", + "properties": { + "Conditions": { + "items": { + "$ref": "#/definitions/Condition" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "BlockerDeclaration": { "additionalProperties": false, "description": "Reserved for future use.", @@ -163,6 +194,24 @@ ], "type": "object" }, + "Condition": { + "additionalProperties": false, + "description": "Represents information about condition.", + "properties": { + "Result": { + "description": "The specified result for when the failure conditions are met, such as rolling back the stage", + "type": "string" + }, + "Rules": { + "items": { + "$ref": "#/definitions/RuleDeclaration" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "EncryptionKey": { "additionalProperties": false, "description": "Represents information about the key used to encrypt data in the artifact store, such as an AWS Key Management Service (AWS KMS) key", @@ -186,12 +235,35 @@ "additionalProperties": false, "description": "The configuration that specifies the result, such as rollback, to occur upon stage failure", "properties": { + "Conditions": { + "items": { + "$ref": "#/definitions/Condition" + }, + "type": "array", + "uniqueItems": true + }, "Result": { "description": "The specified result for when the failure conditions are met, such as rolling back the stage", "enum": [ - "ROLLBACK" + "ROLLBACK", + "RETRY" ], "type": "string" + }, + "RetryConfiguration": { + "additionalProperties": false, + "description": "The configuration that specifies the retry configuration for a stage", + "properties": { + "RetryMode": { + "description": "The specified retry mode type for the given stage. FAILED_ACTIONS will retry only the failed actions. ALL_ACTIONS will retry both failed and successful", + "enum": [ + "ALL_ACTIONS", + "FAILED_ACTIONS" + ], + "type": "string" + } + }, + "type": "object" } }, "type": "object" @@ -350,6 +422,14 @@ "additionalProperties": false, "description": "Represents information about the output of an action.", "properties": { + "Files": { + "description": "The files that you want to associate with the output artifact that will be exported from the compute action.", + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, "Name": { "description": "The name of the output of an artifact, such as \"My App\".", "type": "string" @@ -380,6 +460,71 @@ ], "type": "object" }, + "RuleDeclaration": { + "additionalProperties": false, + "description": "Represents information about condition.", + "properties": { + "Commands": { + "description": "The shell commands to run with your compute action in CodePipeline.", + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, + "Configuration": { + "description": "The rule's configuration. These are key-value pairs that specify input values for a rule.", + "type": "object" + }, + "InputArtifacts": { + "items": { + "$ref": "#/definitions/InputArtifact" + }, + "type": "array", + "uniqueItems": true + }, + "Name": { + "description": "The rule declaration's name.", + "type": "string" + }, + "Region": { + "description": "The rule declaration's AWS Region, such as us-east-1.", + "type": "string" + }, + "RoleArn": { + "description": "The ARN of the IAM service role that performs the declared rule. This is assumed through the roleArn for the pipeline.", + "pattern": "arn:aws(-[\\w]+)*:iam::[0-9]{12}:role/.*", + "type": "string" + }, + "RuleTypeId": { + "$ref": "#/definitions/RuleTypeId" + } + }, + "type": "object" + }, + "RuleTypeId": { + "additionalProperties": false, + "description": "Represents information about a rule type.", + "properties": { + "Category": { + "description": "A category for the provider type for the rule.", + "type": "string" + }, + "Owner": { + "description": "The creator of the rule being called. Only AWS is supported.", + "type": "string" + }, + "Provider": { + "description": "The provider of the service being called by the rule.", + "type": "string" + }, + "Version": { + "description": "A string that describes the rule version.", + "type": "string" + } + }, + "type": "object" + }, "StageDeclaration": { "additionalProperties": false, "description": "Represents information about a stage and its definition.", @@ -391,6 +536,11 @@ "type": "array", "uniqueItems": true }, + "BeforeEntry": { + "$ref": "#/definitions/BeforeEntryConditions", + "description": "The method to use before stage runs.", + "type": "object" + }, "Blockers": { "items": { "$ref": "#/definitions/BlockerDeclaration" @@ -406,6 +556,11 @@ "$ref": "#/definitions/FailureConditions", "description": "The method to use when a stage has not completed successfully", "type": "object" + }, + "OnSuccess": { + "$ref": "#/definitions/SuccessConditions", + "description": "The method to use when a stage has completed successfully", + "type": "object" } }, "required": [ @@ -433,6 +588,20 @@ ], "type": "object" }, + "SuccessConditions": { + "additionalProperties": false, + "description": "The configuration that specifies the result, such as rollback, to occur upon stage failure", + "properties": { + "Conditions": { + "items": { + "$ref": "#/definitions/Condition" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A tag is a key-value pair that is used to manage the resource.", @@ -625,6 +794,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codepipeline", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "codepipeline:TagResource", + "codepipeline:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-codestarconnections-connection.json b/src/schema/aws-codestarconnections-connection.json index 841e2989..144dee2b 100644 --- a/src/schema/aws-codestarconnections-connection.json +++ b/src/schema/aws-codestarconnections-connection.json @@ -122,6 +122,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codestarconnections.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "codestar-connections:TagResource", + "codestar-connections:ListTagsForResource", + "codestar-connections:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-codestarconnections-repositorylink.json b/src/schema/aws-codestarconnections-repositorylink.json index 81aa58c4..e460040d 100644 --- a/src/schema/aws-codestarconnections-repositorylink.json +++ b/src/schema/aws-codestarconnections-repositorylink.json @@ -145,6 +145,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-codestarconnections.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "codestar-connections:UntagResource", + "codestar-connections:ListTagsForResource", + "codestar-connections:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-cognito-identitypool.json b/src/schema/aws-cognito-identitypool.json index 9d866bdb..8996726e 100644 --- a/src/schema/aws-cognito-identitypool.json +++ b/src/schema/aws-cognito-identitypool.json @@ -51,6 +51,29 @@ } }, "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" } }, "description": "Resource Type definition for AWS::Cognito::IdentityPool", @@ -60,6 +83,7 @@ "cognito-identity:CreateIdentityPool", "cognito-sync:SetIdentityPoolConfiguration", "cognito-sync:SetCognitoEvents", + "cognito-identity:TagResource", "iam:PassRole" ] }, @@ -84,6 +108,8 @@ "cognito-identity:DescribeIdentityPool", "cognito-sync:SetIdentityPoolConfiguration", "cognito-sync:SetCognitoEvents", + "cognito-identity:TagResource", + "cognito-identity:UntagResource", "iam:PassRole" ] } @@ -121,6 +147,15 @@ "IdentityPoolName": { "type": "string" }, + "IdentityPoolTags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + }, "Name": { "type": "string" }, @@ -157,9 +192,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "permissions": [ + "cognito-identity:TagResource", + "cognito-identity:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/IdentityPoolTags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::Cognito::IdentityPool", "writeOnlyProperties": [ diff --git a/src/schema/aws-cognito-logdeliveryconfiguration.json b/src/schema/aws-cognito-logdeliveryconfiguration.json index 7825c7a6..9de9d50b 100644 --- a/src/schema/aws-cognito-logdeliveryconfiguration.json +++ b/src/schema/aws-cognito-logdeliveryconfiguration.json @@ -13,6 +13,15 @@ }, "type": "object" }, + "FirehoseConfiguration": { + "additionalProperties": false, + "properties": { + "StreamArn": { + "type": "string" + } + }, + "type": "object" + }, "LogConfiguration": { "additionalProperties": false, "properties": { @@ -22,8 +31,14 @@ "EventSource": { "type": "string" }, + "FirehoseConfiguration": { + "$ref": "#/definitions/FirehoseConfiguration" + }, "LogLevel": { "type": "string" + }, + "S3Configuration": { + "$ref": "#/definitions/S3Configuration" } }, "type": "object" @@ -33,6 +48,15 @@ "$ref": "#/definitions/LogConfiguration" }, "type": "array" + }, + "S3Configuration": { + "additionalProperties": false, + "properties": { + "BucketArn": { + "type": "string" + } + }, + "type": "object" } }, "description": "Resource Type definition for AWS::Cognito::LogDeliveryConfiguration", @@ -48,7 +72,14 @@ "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" + "logs:DescribeLogGroups", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket", + "s3:PutObject", + "s3:GetBucketAcl", + "firehose:TagDeliveryStream", + "iam:CreateServiceLinkedRole" ], "timeoutInMinutes": 2 }, @@ -63,7 +94,14 @@ "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" + "logs:DescribeLogGroups", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket", + "s3:PutObject", + "s3:GetBucketAcl", + "firehose:TagDeliveryStream", + "iam:CreateServiceLinkedRole" ], "timeoutInMinutes": 2 }, @@ -83,7 +121,14 @@ "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" + "logs:DescribeLogGroups", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket", + "s3:PutObject", + "s3:GetBucketAcl", + "firehose:TagDeliveryStream", + "iam:CreateServiceLinkedRole" ], "timeoutInMinutes": 2 } diff --git a/src/schema/aws-cognito-managedloginbranding.json b/src/schema/aws-cognito-managedloginbranding.json new file mode 100644 index 00000000..4bdb4a2e --- /dev/null +++ b/src/schema/aws-cognito-managedloginbranding.json @@ -0,0 +1,165 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/UserPoolId", + "/properties/ClientId" + ], + "definitions": { + "AssetList": { + "items": { + "$ref": "#/definitions/AssetType" + }, + "type": "array" + }, + "AssetType": { + "additionalProperties": false, + "properties": { + "Bytes": { + "$ref": "#/definitions/BytesType" + }, + "Category": { + "$ref": "#/definitions/CategoryType" + }, + "ColorMode": { + "$ref": "#/definitions/ColorModeType" + }, + "Extension": { + "$ref": "#/definitions/ExtensionType" + }, + "ResourceId": { + "$ref": "#/definitions/ResourceIdType" + } + }, + "required": [ + "Category", + "ColorMode", + "Extension" + ], + "type": "object" + }, + "BytesType": { + "maxLength": 1000000, + "type": "string" + }, + "CategoryType": { + "enum": [ + "FAVICON_ICO", + "FAVICON_SVG", + "EMAIL_GRAPHIC", + "SMS_GRAPHIC", + "AUTH_APP_GRAPHIC", + "PASSWORD_GRAPHIC", + "PASSKEY_GRAPHIC", + "PAGE_HEADER_LOGO", + "PAGE_HEADER_BACKGROUND", + "PAGE_FOOTER_LOGO", + "PAGE_FOOTER_BACKGROUND", + "PAGE_BACKGROUND", + "FORM_BACKGROUND", + "FORM_LOGO", + "IDP_BUTTON_ICON" + ], + "type": "string" + }, + "ColorModeType": { + "enum": [ + "LIGHT", + "DARK", + "DYNAMIC" + ], + "type": "string" + }, + "ExtensionType": { + "enum": [ + "ICO", + "JPEG", + "PNG", + "SVG", + "WEBP" + ], + "type": "string" + }, + "ManagedLoginBrandingIdType": { + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$", + "type": "string" + }, + "ResourceIdType": { + "maxLength": 40, + "minLength": 1, + "pattern": "^[\\w\\- ]+$", + "type": "string" + } + }, + "description": "Resource Type definition for AWS::Cognito::ManagedLoginBranding", + "handlers": { + "create": { + "permissions": [ + "cognito-idp:CreateManagedLoginBranding" + ], + "timeoutInMinutes": 2 + }, + "delete": { + "permissions": [ + "cognito-idp:DeleteManagedLoginBranding" + ], + "timeoutInMinutes": 2 + }, + "read": { + "permissions": [ + "cognito-idp:DescribeManagedLoginBranding" + ], + "timeoutInMinutes": 2 + }, + "update": { + "permissions": [ + "cognito-idp:UpdateManagedLoginBranding" + ], + "timeoutInMinutes": 2 + } + }, + "primaryIdentifier": [ + "/properties/UserPoolId", + "/properties/ManagedLoginBrandingId" + ], + "properties": { + "Assets": { + "$ref": "#/definitions/AssetList" + }, + "ClientId": { + "type": "string" + }, + "ManagedLoginBrandingId": { + "$ref": "#/definitions/ManagedLoginBrandingIdType" + }, + "ReturnMergedResources": { + "type": "boolean" + }, + "Settings": { + "type": "object" + }, + "UseCognitoProvidedValues": { + "type": "boolean" + }, + "UserPoolId": { + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/ManagedLoginBrandingId" + ], + "required": [ + "UserPoolId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Cognito::ManagedLoginBranding", + "writeOnlyProperties": [ + "/properties/ClientId", + "/properties/ReturnMergedResources" + ] +} diff --git a/src/schema/aws-cognito-userpool.json b/src/schema/aws-cognito-userpool.json index 0fb56c2e..aa83c975 100644 --- a/src/schema/aws-cognito-userpool.json +++ b/src/schema/aws-cognito-userpool.json @@ -28,6 +28,15 @@ }, "type": "object" }, + "AdvancedSecurityAdditionalFlows": { + "additionalProperties": false, + "properties": { + "CustomAuthMode": { + "type": "string" + } + }, + "type": "object" + }, "CustomEmailSender": { "additionalProperties": false, "properties": { @@ -166,6 +175,9 @@ "MinimumLength": { "type": "integer" }, + "PasswordHistorySize": { + "type": "integer" + }, "RequireLowercase": { "type": "boolean" }, @@ -189,6 +201,9 @@ "properties": { "PasswordPolicy": { "$ref": "#/definitions/PasswordPolicy" + }, + "SignInPolicy": { + "$ref": "#/definitions/SignInPolicy" } }, "type": "object" @@ -244,6 +259,18 @@ }, "type": "object" }, + "SignInPolicy": { + "additionalProperties": false, + "properties": { + "AllowedFirstAuthFactors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "SmsConfiguration": { "additionalProperties": false, "properties": { @@ -289,6 +316,9 @@ "UserPoolAddOns": { "additionalProperties": false, "properties": { + "AdvancedSecurityAdditionalFlows": { + "$ref": "#/definitions/AdvancedSecurityAdditionalFlows" + }, "AdvancedSecurityMode": { "type": "string" } @@ -329,7 +359,7 @@ "type": "object" } }, - "description": "Resource Type definition for AWS::Cognito::UserPool", + "description": "Definition of AWS::Cognito::UserPool Resource Type", "handlers": { "create": { "permissions": [ @@ -338,7 +368,8 @@ "cognito-idp:SetUserPoolMfaConfig", "cognito-idp:DescribeUserPool", "kms:CreateGrant", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "cognito-idp:TagResource" ], "timeoutInMinutes": 2 }, @@ -355,7 +386,8 @@ }, "read": { "permissions": [ - "cognito-idp:DescribeUserPool" + "cognito-idp:DescribeUserPool", + "cognito-idp:GetUserPoolMfaConfig" ] }, "update": { @@ -367,6 +399,7 @@ "cognito-idp:SetUserPoolMfaConfig", "cognito-idp:AddCustomAttributes", "cognito-idp:DescribeUserPool", + "cognito-idp:GetUserPoolMfaConfig", "iam:PassRole" ], "timeoutInMinutes": 2 @@ -403,6 +436,16 @@ "DeviceConfiguration": { "$ref": "#/definitions/DeviceConfiguration" }, + "EmailAuthenticationMessage": { + "maxLength": 20000, + "minLength": 6, + "type": "string" + }, + "EmailAuthenticationSubject": { + "maxLength": 140, + "minLength": 1, + "type": "string" + }, "EmailConfiguration": { "$ref": "#/definitions/EmailConfiguration" }, @@ -479,6 +522,14 @@ }, "type": "object" }, + "UserPoolTier": { + "enum": [ + "LITE", + "ESSENTIALS", + "PLUS" + ], + "type": "string" + }, "UsernameAttributes": { "items": { "type": "string" @@ -490,6 +541,16 @@ }, "VerificationMessageTemplate": { "$ref": "#/definitions/VerificationMessageTemplate" + }, + "WebAuthnRelyingPartyID": { + "maxLength": 63, + "minLength": 1, + "type": "string" + }, + "WebAuthnUserVerification": { + "maxLength": 9, + "minLength": 1, + "type": "string" } }, "propertyTransform": { @@ -504,6 +565,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "cognito-idp:ListTagsForResource", + "cognito-idp:UntagResource", + "cognito-idp:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/UserPoolTags", "tagUpdatable": true, diff --git a/src/schema/aws-cognito-userpooldomain.json b/src/schema/aws-cognito-userpooldomain.json index ea5e9f60..f4c387cf 100644 --- a/src/schema/aws-cognito-userpooldomain.json +++ b/src/schema/aws-cognito-userpooldomain.json @@ -16,8 +16,39 @@ } }, "description": "Resource Type definition for AWS::Cognito::UserPoolDomain", + "handlers": { + "create": { + "permissions": [ + "cognito-idp:CreateUserPoolDomain", + "cognito-idp:DescribeUserPoolDomain", + "cloudfront:updateDistribution" + ], + "timeoutInMinutes": 20 + }, + "delete": { + "permissions": [ + "cognito-idp:DeleteUserPoolDomain", + "cognito-idp:DescribeUserPoolDomain" + ], + "timeoutInMinutes": 25 + }, + "read": { + "permissions": [ + "cognito-idp:DescribeUserPoolDomain" + ] + }, + "update": { + "permissions": [ + "cognito-idp:UpdateUserPoolDomain", + "cognito-idp:DescribeUserPoolDomain", + "cloudfront:updateDistribution" + ], + "timeoutInMinutes": 20 + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/UserPoolId", + "/properties/Domain" ], "properties": { "CloudFrontDistribution": { @@ -29,20 +60,29 @@ "Domain": { "type": "string" }, - "Id": { - "type": "string" + "ManagedLoginVersion": { + "type": "integer" }, "UserPoolId": { "type": "string" } }, "readOnlyProperties": [ - "/properties/Id", "/properties/CloudFrontDistribution" ], "required": [ "UserPoolId", "Domain" ], - "typeName": "AWS::Cognito::UserPoolDomain" + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Cognito::UserPoolDomain", + "writeOnlyProperties": [ + "/properties/ManagedLoginVersion" + ] } diff --git a/src/schema/aws-cognito-userpoolidentityprovider.json b/src/schema/aws-cognito-userpoolidentityprovider.json index 66e2a430..39f1d24b 100644 --- a/src/schema/aws-cognito-userpoolidentityprovider.json +++ b/src/schema/aws-cognito-userpoolidentityprovider.json @@ -6,24 +6,76 @@ "/properties/ProviderType" ], "description": "Resource Type definition for AWS::Cognito::UserPoolIdentityProvider", + "handlers": { + "create": { + "permissions": [ + "cognito-idp:CreateIdentityProvider", + "cognito-idp:DescribeIdentityProvider" + ], + "timeoutInMinutes": 2 + }, + "delete": { + "permissions": [ + "cognito-idp:DeleteIdentityProvider", + "cognito-idp:DescribeIdentityProvider" + ], + "timeoutInMinutes": 2 + }, + "list": { + "handlerSchema": { + "properties": { + "UserPoolId": { + "$ref": "resource-schema.json#/properties/UserPoolId" + } + }, + "required": [ + "UserPoolId" + ] + }, + "permissions": [ + "cognito-idp:ListIdentityProviders" + ] + }, + "read": { + "permissions": [ + "cognito-idp:DescribeIdentityProvider" + ] + }, + "update": { + "permissions": [ + "cognito-idp:UpdateIdentityProvider", + "cognito-idp:DescribeIdentityProvider" + ], + "timeoutInMinutes": 2 + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/UserPoolId", + "/properties/ProviderName" ], "properties": { "AttributeMapping": { + "additionalProperties": false, + "patternProperties": { + "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$": { + "type": "string" + } + }, "type": "object" }, - "Id": { - "type": "string" - }, "IdpIdentifiers": { "items": { "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "ProviderDetails": { + "additionalProperties": false, + "patternProperties": { + "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$": { + "type": "string" + } + }, "type": "object" }, "ProviderName": { @@ -36,13 +88,18 @@ "type": "string" } }, - "readOnlyProperties": [ - "/properties/Id" - ], "required": [ - "ProviderName", "UserPoolId", - "ProviderType" + "ProviderName", + "ProviderType", + "ProviderDetails" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::Cognito::UserPoolIdentityProvider" } diff --git a/src/schema/aws-cognito-userpoolresourceserver.json b/src/schema/aws-cognito-userpoolresourceserver.json index f464ac31..ad3f26b6 100644 --- a/src/schema/aws-cognito-userpoolresourceserver.json +++ b/src/schema/aws-cognito-userpoolresourceserver.json @@ -26,8 +26,7 @@ "handlers": { "create": { "permissions": [ - "cognito-idp:CreateResourceServer", - "iam:PassRole" + "cognito-idp:CreateResourceServer" ], "timeoutInMinutes": 2 }, @@ -59,8 +58,7 @@ }, "update": { "permissions": [ - "cognito-idp:UpdateResourceServer", - "iam:PassRole" + "cognito-idp:UpdateResourceServer" ], "timeoutInMinutes": 2 } diff --git a/src/schema/aws-comprehend-documentclassifier.json b/src/schema/aws-comprehend-documentclassifier.json index 50d8884d..66042698 100644 --- a/src/schema/aws-comprehend-documentclassifier.json +++ b/src/schema/aws-comprehend-documentclassifier.json @@ -356,6 +356,10 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "comprehend:TagResource", + "comprehend:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-comprehend-flywheel.json b/src/schema/aws-comprehend-flywheel.json index c373bc64..483da504 100644 --- a/src/schema/aws-comprehend-flywheel.json +++ b/src/schema/aws-comprehend-flywheel.json @@ -276,6 +276,10 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "comprehend:TagResource", + "comprehend:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-config-aggregationauthorization.json b/src/schema/aws-config-aggregationauthorization.json index 4676b7a7..3f472113 100644 --- a/src/schema/aws-config-aggregationauthorization.json +++ b/src/schema/aws-config-aggregationauthorization.json @@ -105,6 +105,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-config.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "config:TagResource", + "config:UntagResource", + "config:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-config-configrule.json b/src/schema/aws-config-configrule.json index 67a555d9..66c0d01b 100644 --- a/src/schema/aws-config-configrule.json +++ b/src/schema/aws-config-configrule.json @@ -116,7 +116,7 @@ "type": "object" } }, - "description": "You must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html).\n Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *Developer Guide*.\n There are two types of rules: *Managed Rules* and *Custom Rules*. You can use the ``ConfigRule`` resource to create both CC Managed Rules and CC Custom Rules.\n CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see [List of Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). If you are adding an CC managed rule, you must specify the rule's identifier for the ``SourceIdentifier`` key.\n CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions ([Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function)) and with CFNGUARDshort ([Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard)), a policy-as-code language. CC custom rules created with LAMlong are called *Custom Lambda Rules* and CC custom rules created with CFNGUARDshort are called *Custom Policy Rules*.\n If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the ``ConfigRule`` resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the ``SourceIdentifier`` key. This key is part of the ``Source`` object, which is part of the ``ConfigRule`` object. \n For any new CC rule that you add, specify the ``ConfigRuleName`` in the ``ConfigRule`` object. Do not specify the ``ConfigRuleArn`` or the ``ConfigRuleId``. These values are generated by CC for new rules.\n If you are updating a rule that you added previously, you can specify the rule by ``ConfigRuleName``, ``ConfigRuleId``, or ``ConfigRuleArn`` in the ``ConfigRule`` data type that you use in this request.\n For more information about developing and using CC rules, see [Evaluating Resources with Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *Developer Guide*.", + "description": "You must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html).\n Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *Developer Guide*.\n There are two types of rules: *Managed Rules* and *Custom Rules*. You can use the ``ConfigRule`` resource to create both CC Managed Rules and CC Custom Rules.\n CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see [List of Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). If you are adding an CC managed rule, you must specify the rule's identifier for the ``SourceIdentifier`` key.\n CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions ([Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function)) and with CFNGUARDshort ([Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard)), a policy-as-code language. CC custom rules created with LAMlong are called *Custom Lambda Rules* and CC custom rules created with CFNGUARDshort are called *Custom Policy Rules*.\n If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the ``ConfigRule`` resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the ``SourceIdentifier`` key. This key is part of the ``Source`` object, which is part of the ``ConfigRule`` object. \n For any new CC rule that you add, specify the ``ConfigRuleName`` in the ``ConfigRule`` object. Do not specify the ``ConfigRuleArn`` or the ``ConfigRuleId``. These values are generated by CC for new rules.\n If you are updating a rule that you added previously, you can specify the rule by ``ConfigRuleName``, ``ConfigRuleId``, or ``ConfigRuleArn`` in the ``ConfigRule`` data type that you use in this request.\n For more information about developing and using CC rules, see [Evaluating Resources with Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *Developer Guide*.", "handlers": { "create": { "permissions": [ diff --git a/src/schema/aws-config-configurationaggregator.json b/src/schema/aws-config-configurationaggregator.json index 7924a576..f7318345 100644 --- a/src/schema/aws-config-configurationaggregator.json +++ b/src/schema/aws-config-configurationaggregator.json @@ -159,6 +159,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-config.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "config:TagResource", + "config:UntagResource", + "config:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-config-storedquery.json b/src/schema/aws-config-storedquery.json index 3efb8666..2496d56c 100644 --- a/src/schema/aws-config-storedquery.json +++ b/src/schema/aws-config-storedquery.json @@ -118,6 +118,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-config.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "config:TagResource", + "config:UntagResource", + "config:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-agentstatus.json b/src/schema/aws-connect-agentstatus.json new file mode 100644 index 00000000..29846c79 --- /dev/null +++ b/src/schema/aws-connect-agentstatus.json @@ -0,0 +1,160 @@ +{ + "additionalProperties": false, + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)[a-zA-Z+-=._:/]+$", + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::Connect::AgentStatus", + "handlers": { + "create": { + "permissions": [ + "connect:CreateAgentStatus", + "connect:TagResource", + "connect:ListAgentStatuses" + ] + }, + "delete": { + "permissions": [] + }, + "list": { + "handlerSchema": { + "properties": { + "InstanceArn": { + "$ref": "resource-schema.json#/properties/InstanceArn" + } + }, + "required": [ + "InstanceArn" + ] + }, + "permissions": [ + "connect:ListAgentStatuses" + ] + }, + "read": { + "permissions": [ + "connect:DescribeAgentStatus" + ] + }, + "update": { + "permissions": [ + "connect:UpdateAgentStatus", + "connect:UntagResource", + "connect:TagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/AgentStatusArn" + ], + "properties": { + "AgentStatusArn": { + "description": "The Amazon Resource Name (ARN) of the agent status.", + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-state/[-a-zA-Z0-9]*$", + "type": "string" + }, + "Description": { + "description": "The description of the status.", + "maxLength": 250, + "minLength": 1, + "type": "string" + }, + "DisplayOrder": { + "description": "The display order of the status.", + "maximum": 50, + "minimum": 1, + "type": "integer" + }, + "InstanceArn": { + "description": "The identifier of the Amazon Connect instance.", + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$", + "type": "string" + }, + "LastModifiedRegion": { + "description": "Last modified region.", + "pattern": "[a-z]{2}(-[a-z]+){1,2}(-[0-9])?", + "type": "string" + }, + "LastModifiedTime": { + "description": "Last modified time.", + "type": "number" + }, + "Name": { + "description": "The name of the status.", + "maxLength": 127, + "minLength": 1, + "type": "string" + }, + "ResetOrderNumber": { + "description": "A number indicating the reset order of the agent status.", + "type": "boolean" + }, + "State": { + "description": "The state of the status.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + }, + "Type": { + "description": "The type of agent status.", + "enum": [ + "ROUTABLE", + "CUSTOM", + "OFFLINE" + ], + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/AgentStatusArn", + "/properties/LastModifiedRegion", + "/properties/LastModifiedTime" + ], + "required": [ + "InstanceArn", + "Name", + "State" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", + "tagging": { + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Connect::AgentStatus" +} diff --git a/src/schema/aws-connect-contactflow.json b/src/schema/aws-connect-contactflow.json index c8d54331..82e0a127 100644 --- a/src/schema/aws-connect-contactflow.json +++ b/src/schema/aws-connect-contactflow.json @@ -135,7 +135,8 @@ "AGENT_WHISPER", "OUTBOUND_WHISPER", "AGENT_TRANSFER", - "QUEUE_TRANSFER" + "QUEUE_TRANSFER", + "CAMPAIGN" ], "type": "string" } @@ -152,6 +153,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-contactflowmodule.json b/src/schema/aws-connect-contactflowmodule.json index 4389d1a6..01968c45 100644 --- a/src/schema/aws-connect-contactflowmodule.json +++ b/src/schema/aws-connect-contactflowmodule.json @@ -138,6 +138,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-contactflowversion.json b/src/schema/aws-connect-contactflowversion.json new file mode 100644 index 00000000..97969597 --- /dev/null +++ b/src/schema/aws-connect-contactflowversion.json @@ -0,0 +1,98 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ContactFlowId", + "/properties/Description" + ], + "definitions": {}, + "description": "Resource Type Definition for ContactFlowVersion", + "handlers": { + "create": { + "permissions": [ + "connect:CreateContactFlowVersion", + "connect:DescribeContactFlow" + ] + }, + "delete": { + "permissions": [ + "connect:DeleteContactFlowVersion" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ContactFlowId": { + "$ref": "resource-schema.json#/properties/ContactFlowId" + } + }, + "required": [ + "ContactFlowId" + ] + }, + "permissions": [ + "connect:ListContactFlowVersions" + ] + }, + "read": { + "permissions": [ + "connect:DescribeContactFlow" + ] + }, + "update": { + "permissions": [ + "connect:DescribeContactFlow" + ] + } + }, + "primaryIdentifier": [ + "/properties/ContactFlowVersionARN" + ], + "properties": { + "ContactFlowId": { + "description": "The ARN of the contact flow this version is tied to.", + "maxLength": 500, + "minLength": 1, + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]+:[0-9]{12}:instance/[-a-zA-Z0-9]+/contact-flow/[-a-zA-Z0-9]+$", + "type": "string" + }, + "ContactFlowVersionARN": { + "description": "The identifier of the contact flow version (ARN).", + "maxLength": 500, + "minLength": 1, + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]+:[0-9]{12}:instance/[-a-zA-Z0-9]+/contact-flow/[-a-zA-Z0-9]+:[0-9]+$", + "type": "string" + }, + "Description": { + "description": "The description of the version.", + "maxLength": 500, + "type": "string" + }, + "FlowContentSha256": { + "description": "Indicates the checksum value of the latest published flow content", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]{64}$", + "type": "string" + }, + "Version": { + "description": "The version number of this revision", + "type": "integer" + } + }, + "readOnlyProperties": [ + "/properties/ContactFlowVersionARN", + "/properties/Version", + "/properties/FlowContentSha256" + ], + "required": [ + "ContactFlowId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Connect::ContactFlowVersion" +} diff --git a/src/schema/aws-connect-emailaddress.json b/src/schema/aws-connect-emailaddress.json new file mode 100644 index 00000000..b9fe0082 --- /dev/null +++ b/src/schema/aws-connect-emailaddress.json @@ -0,0 +1,149 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/EmailAddress" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::Connect::EmailAddress", + "handlers": { + "create": { + "permissions": [ + "connect:CreateEmailAddress", + "connect:TagResource", + "connect:ListIntegrationAssociations", + "ses:GetEmailIdentity", + "ses:DescribeReceiptRule", + "ses:UpdateReceiptRule", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "connect:DeleteEmailAddress", + "connect:UntagResource", + "iam:PassRole", + "ses:DescribeReceiptRule", + "ses:UpdateReceiptRule" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "InstanceArn": { + "$ref": "resource-schema.json#/properties/InstanceArn" + } + }, + "required": [ + "InstanceArn" + ] + }, + "permissions": [ + "connect:DescribeEmailAddress", + "connect:SearchEmailAddresses" + ] + }, + "read": { + "permissions": [ + "connect:DescribeEmailAddress" + ] + }, + "update": { + "permissions": [ + "connect:UpdateEmailAddressMetadata", + "connect:TagResource", + "connect:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/EmailAddressArn" + ], + "properties": { + "Description": { + "description": "A description for the email address.", + "maxLength": 250, + "minLength": 1, + "pattern": "(^[\\S].*[\\S]$)|(^[\\S]$)", + "type": "string" + }, + "DisplayName": { + "description": "The display name for the email address.", + "maxLength": 256, + "minLength": 0, + "pattern": "(^[\\S].*[\\S]$)|(^[\\S]$)", + "type": "string" + }, + "EmailAddress": { + "description": "Email address to be created for this instance", + "maxLength": 255, + "minLength": 1, + "pattern": "([^\\s@]+@[^\\s@]+\\.[^\\s@]+)", + "type": "string" + }, + "EmailAddressArn": { + "description": "The identifier of the email address.", + "pattern": "^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/email-address/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "InstanceArn": { + "description": "The identifier of the Amazon Connect instance.", + "maxLength": 250, + "minLength": 1, + "pattern": "^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "Tags": { + "description": "One or more tags.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/EmailAddressArn" + ], + "required": [ + "InstanceArn", + "EmailAddress" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Connect::EmailAddress" +} diff --git a/src/schema/aws-connect-evaluationform.json b/src/schema/aws-connect-evaluationform.json index fe48e803..748ebb74 100644 --- a/src/schema/aws-connect-evaluationform.json +++ b/src/schema/aws-connect-evaluationform.json @@ -536,6 +536,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ], "tagOnCreate": false, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-hoursofoperation.json b/src/schema/aws-connect-hoursofoperation.json index 8781c9d8..96a4e7f6 100644 --- a/src/schema/aws-connect-hoursofoperation.json +++ b/src/schema/aws-connect-hoursofoperation.json @@ -1,6 +1,16 @@ { "additionalProperties": false, "definitions": { + "EffectiveFrom": { + "description": "The date from which the hours of operation override would be effective.", + "pattern": "^\\d{4}-\\d{2}-\\d{2}$", + "type": "string" + }, + "EffectiveTill": { + "description": "The date till which the hours of operation override would be effective.", + "pattern": "^\\d{4}-\\d{2}-\\d{2}$", + "type": "string" + }, "HoursOfOperationConfig": { "additionalProperties": false, "description": "Contains information about the hours of operation.", @@ -34,6 +44,75 @@ ], "type": "object" }, + "HoursOfOperationOverride": { + "additionalProperties": false, + "description": "Overrides attached to the hours of operation.", + "properties": { + "EffectiveFrom": { + "$ref": "#/definitions/EffectiveFrom" + }, + "EffectiveTill": { + "$ref": "#/definitions/EffectiveTill" + }, + "HoursOfOperationOverrideId": { + "$ref": "#/definitions/HoursOfOperationOverrideId" + }, + "OverrideConfig": { + "$ref": "#/definitions/OverrideConfig" + }, + "OverrideDescription": { + "$ref": "#/definitions/OverrideDescription" + }, + "OverrideName": { + "$ref": "#/definitions/OverrideName" + } + }, + "required": [ + "OverrideName", + "EffectiveFrom", + "EffectiveTill", + "OverrideConfig" + ], + "type": "object" + }, + "HoursOfOperationOverrideConfig": { + "additionalProperties": false, + "description": "Contains information about the hours of operation override.", + "properties": { + "Day": { + "description": "The day that the hours of operation override applies to.", + "enum": [ + "SUNDAY", + "MONDAY", + "TUESDAY", + "WEDNESDAY", + "THURSDAY", + "FRIDAY", + "SATURDAY" + ], + "type": "string" + }, + "EndTime": { + "$ref": "#/definitions/OverrideTimeSlice", + "description": "The new end time that your contact center closes for the overriden days." + }, + "StartTime": { + "$ref": "#/definitions/OverrideTimeSlice", + "description": "The new start time that your contact center opens for the overriden days." + } + }, + "required": [ + "Day", + "StartTime", + "EndTime" + ], + "type": "object" + }, + "HoursOfOperationOverrideId": { + "description": "The Resource Identifier for the hours of operation override.", + "pattern": "^[-a-zA-Z0-9]*$", + "type": "string" + }, "HoursOfOperationTimeSlice": { "additionalProperties": false, "description": "The start time or end time for an hours of operation.", @@ -57,6 +136,51 @@ ], "type": "object" }, + "OverrideConfig": { + "description": "Configuration information for the hours of operation override: day, start time, and end time.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/HoursOfOperationOverrideConfig" + }, + "maxItems": 100, + "type": "array", + "uniqueItems": true + }, + "OverrideDescription": { + "description": "The description of the hours of operation override.", + "maxLength": 250, + "minLength": 1, + "type": "string" + }, + "OverrideName": { + "description": "The name of the hours of operation override.", + "maxLength": 127, + "minLength": 1, + "type": "string" + }, + "OverrideTimeSlice": { + "additionalProperties": false, + "description": "The start time or end time for an an hours of operation override.", + "properties": { + "Hours": { + "description": "The hours.", + "maximum": 23, + "minimum": 0, + "type": "integer" + }, + "Minutes": { + "description": "The minutes.", + "maximum": 59, + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "Hours", + "Minutes" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -86,7 +210,8 @@ "create": { "permissions": [ "connect:CreateHoursOfOperation", - "connect:TagResource" + "connect:TagResource", + "connect:CreateHoursOfOperationOverride" ] }, "delete": { @@ -112,12 +237,17 @@ }, "read": { "permissions": [ - "connect:DescribeHoursOfOperation" + "connect:DescribeHoursOfOperation", + "connect:ListHoursOfOperationOverrides" ] }, "update": { "permissions": [ "connect:UpdateHoursOfOperation", + "connect:CreateHoursOfOperationOverride", + "connect:UpdateHoursOfOperationOverride", + "connect:DeleteHoursOfOperationOverride", + "connect:ListHoursOfOperationOverrides", "connect:TagResource", "connect:UntagResource" ] @@ -148,6 +278,15 @@ "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/operating-hours/[-a-zA-Z0-9]*$", "type": "string" }, + "HoursOfOperationOverrides": { + "description": "One or more hours of operation overrides assigned to an hour of operation.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/HoursOfOperationOverride" + }, + "maxItems": 50, + "type": "array" + }, "InstanceArn": { "description": "The identifier of the Amazon Connect instance.", "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$", @@ -186,6 +325,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-instance.json b/src/schema/aws-connect-instance.json index 747460fd..ba79c047 100644 --- a/src/schema/aws-connect-instance.json +++ b/src/schema/aws-connect-instance.json @@ -226,6 +226,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-phonenumber.json b/src/schema/aws-connect-phonenumber.json index 494e8a2c..ccd2864d 100644 --- a/src/schema/aws-connect-phonenumber.json +++ b/src/schema/aws-connect-phonenumber.json @@ -40,7 +40,9 @@ "connect:DescribePhoneNumber", "connect:TagResource", "connect:ImportPhoneNumber", - "sms-voice:DescribePhoneNumbers" + "sms-voice:DescribePhoneNumbers", + "social-messaging:GetLinkedWhatsAppBusinessAccountPhoneNumber", + "social-messaging:TagResource" ] }, "delete": { @@ -144,6 +146,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:UntagResource", + "connect:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-prompt.json b/src/schema/aws-connect-prompt.json index fc434073..48f44622 100644 --- a/src/schema/aws-connect-prompt.json +++ b/src/schema/aws-connect-prompt.json @@ -122,6 +122,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-queue.json b/src/schema/aws-connect-queue.json index e230fa67..fdbc0fc8 100644 --- a/src/schema/aws-connect-queue.json +++ b/src/schema/aws-connect-queue.json @@ -35,6 +35,21 @@ "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:phone-number/[-a-zA-Z0-9]*$", "type": "string" }, + "OutboundEmailAddressId": { + "description": "The email address connect resource ID.", + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/email-address/[-a-zA-Z0-9]*$", + "type": "string" + }, + "OutboundEmailConfig": { + "additionalProperties": false, + "description": "The outbound email address ID.", + "properties": { + "OutboundEmailAddressId": { + "$ref": "#/definitions/OutboundEmailAddressId" + } + }, + "type": "object" + }, "OutboundFlowArn": { "description": "The outbound whisper flow to be used during an outbound call.", "maxLength": 500, @@ -113,6 +128,7 @@ "connect:UpdateQueueMaxContacts", "connect:UpdateQueueName", "connect:UpdateQueueOutboundCallerConfig", + "connect:UpdateQueueOutboundEmailConfig", "connect:UpdateQueueStatus", "connect:AssociateQueueQuickConnects", "connect:DisassociateQueueQuickConnects", @@ -156,6 +172,10 @@ "$ref": "#/definitions/OutboundCallerConfig", "description": "The outbound caller ID name, number, and outbound whisper flow." }, + "OutboundEmailConfig": { + "$ref": "#/definitions/OutboundEmailConfig", + "description": "The outbound email address ID." + }, "QueueArn": { "description": "The Amazon Resource Name (ARN) for the queue.", "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/queue/[-a-zA-Z0-9]*$", @@ -167,7 +187,6 @@ "items": { "$ref": "#/definitions/QuickConnectArn" }, - "maxItems": 50, "minItems": 1, "type": "array" }, @@ -210,6 +229,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-quickconnect.json b/src/schema/aws-connect-quickconnect.json index 0c02df7e..d5dc0a0e 100644 --- a/src/schema/aws-connect-quickconnect.json +++ b/src/schema/aws-connect-quickconnect.json @@ -228,6 +228,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-routingprofile.json b/src/schema/aws-connect-routingprofile.json index 92f79829..22602923 100644 --- a/src/schema/aws-connect-routingprofile.json +++ b/src/schema/aws-connect-routingprofile.json @@ -14,7 +14,8 @@ "enum": [ "VOICE", "CHAT", - "TASK" + "TASK", + "EMAIL" ], "type": "string" }, diff --git a/src/schema/aws-connect-rule.json b/src/schema/aws-connect-rule.json index c9975b70..bbab13ce 100644 --- a/src/schema/aws-connect-rule.json +++ b/src/schema/aws-connect-rule.json @@ -7,31 +7,39 @@ "definitions": { "Actions": { "additionalProperties": false, - "description": "The list of actions that will be executed when a rule is triggered.", + "description": "A list of actions to be run when the rule is triggered.", "properties": { "AssignContactCategoryActions": { - "$ref": "#/definitions/AssignContactCategoryActions" + "$ref": "#/definitions/AssignContactCategoryActions", + "description": "Information about the contact category action. The syntax can be empty, for example, ``{}``." }, "CreateCaseActions": { - "$ref": "#/definitions/CreateCaseActions" + "$ref": "#/definitions/CreateCaseActions", + "description": "" }, "EndAssociatedTasksActions": { - "$ref": "#/definitions/EndAssociatedTasksActions" + "$ref": "#/definitions/EndAssociatedTasksActions", + "description": "" }, "EventBridgeActions": { - "$ref": "#/definitions/EventBridgeActions" + "$ref": "#/definitions/EventBridgeActions", + "description": "Information about the EV action." }, "SendNotificationActions": { - "$ref": "#/definitions/SendNotificationActions" + "$ref": "#/definitions/SendNotificationActions", + "description": "Information about the send notification action." }, "SubmitAutoEvaluationActions": { - "$ref": "#/definitions/SubmitAutoEvaluationActions" + "$ref": "#/definitions/SubmitAutoEvaluationActions", + "description": "" }, "TaskActions": { - "$ref": "#/definitions/TaskActions" + "$ref": "#/definitions/TaskActions", + "description": "Information about the task action. This field is required if ``TriggerEventSource`` is one of the following values: ``OnZendeskTicketCreate`` | ``OnZendeskTicketStatusUpdate`` | ``OnSalesforceCaseCreate``" }, "UpdateCaseActions": { - "$ref": "#/definitions/UpdateCaseActions" + "$ref": "#/definitions/UpdateCaseActions", + "description": "" } }, "type": "object" @@ -53,13 +61,14 @@ }, "CreateCaseAction": { "additionalProperties": false, - "description": "The definition for create case action.", + "description": "", "properties": { "Fields": { - "$ref": "#/definitions/Fields" + "$ref": "#/definitions/Fields", + "description": "" }, "TemplateId": { - "description": "The Id of template.", + "description": "", "maxLength": 500, "minLength": 1, "type": "string" @@ -99,10 +108,10 @@ }, "EventBridgeAction": { "additionalProperties": false, - "description": "The definition for event bridge action.", + "description": "The EV action definition.", "properties": { "Name": { - "description": "The name of the event bridge action.", + "description": "The name.", "pattern": "^[a-zA-Z0-9._-]{1,100}$", "type": "string" } @@ -125,16 +134,17 @@ }, "Field": { "additionalProperties": false, - "description": "The field of the case.", + "description": "", "properties": { "Id": { - "description": "The Id of the field", + "description": "", "maxLength": 500, "minLength": 1, "type": "string" }, "Value": { - "$ref": "#/definitions/FieldValue" + "$ref": "#/definitions/FieldValue", + "description": "" } }, "required": [ @@ -145,18 +155,22 @@ }, "FieldValue": { "additionalProperties": false, - "description": "The value of the field.", + "description": "Object for case field values.", "properties": { "BooleanValue": { + "description": "", "type": "boolean" }, "DoubleValue": { + "description": "", "type": "number" }, "EmptyValue": { + "description": "", "type": "object" }, "StringValue": { + "description": "", "type": "string" } }, @@ -178,7 +192,7 @@ "description": "The type of notification recipient.", "properties": { "UserArns": { - "description": "The list of recipients by user arns.", + "description": "The Amazon Resource Name (ARN) of the user account.", "insertionOrder": false, "items": { "$ref": "#/definitions/UserArn" @@ -190,7 +204,7 @@ }, "UserTags": { "additionalProperties": false, - "description": "The collection of recipients who are identified by user tags", + "description": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }. CON users with the specified tags will be notified.", "patternProperties": { "^(?=.{1,128}$).+$": { "type": "string" @@ -202,9 +216,10 @@ }, "Reference": { "additionalProperties": false, - "description": "A contact reference.", + "description": "Information about the reference when the ``referenceType`` is ``URL``. Otherwise, null. (Supports variable injection in the ``Value`` field.)", "properties": { "Type": { + "description": "The type of the reference. ``DATE`` must be of type Epoch timestamp. \n *Allowed values*: ``URL`` | ``ATTACHMENT`` | ``NUMBER`` | ``STRING`` | ``DATE`` | ``EMAIL``", "enum": [ "URL", "ATTACHMENT", @@ -216,6 +231,7 @@ "type": "string" }, "Value": { + "description": "A valid value for the reference. For example, for a URL reference, a formatted URL that is displayed to an agent in the Contact Control Panel (CCP).", "pattern": "^(/|https:)", "type": "string" } @@ -228,10 +244,10 @@ }, "RuleTriggerEventSource": { "additionalProperties": false, - "description": "The event source that will trigger the rule.", + "description": "The name of the event source.", "properties": { "EventSourceName": { - "description": "The name of event source.", + "description": "The name of the event source.", "enum": [ "OnContactEvaluationSubmit", "OnPostCallAnalysisAvailable", @@ -248,7 +264,7 @@ "type": "string" }, "IntegrationAssociationArn": { - "description": "The Amazon Resource Name (ARN) for the AppIntegration association.", + "description": "The Amazon Resource Name (ARN) of the integration association. ``IntegrationAssociationArn`` is required if ``TriggerEventSource`` is one of the following values: ``OnZendeskTicketCreate`` | ``OnZendeskTicketStatusUpdate`` | ``OnSalesforceCaseCreate``", "pattern": "^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/integration-association/[-a-zA-Z0-9]*$", "type": "string" } @@ -260,33 +276,34 @@ }, "SendNotificationAction": { "additionalProperties": false, - "description": "The definition for sending notification action.", + "description": "Information about the send notification action.", "properties": { "Content": { - "description": "The content of notification.", + "description": "Notification content. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*.", "maxLength": 1024, "minLength": 1, "type": "string" }, "ContentType": { - "description": "The type of content.", + "description": "Content type format.\n *Allowed value*: ``PLAIN_TEXT``", "enum": [ "PLAIN_TEXT" ], "type": "string" }, "DeliveryMethod": { - "description": "The means of delivery.", + "description": "Notification delivery method.\n *Allowed value*: ``EMAIL``", "enum": [ "EMAIL" ], "type": "string" }, "Recipient": { - "$ref": "#/definitions/NotificationRecipientType" + "$ref": "#/definitions/NotificationRecipientType", + "description": "Notification recipient." }, "Subject": { - "description": "The subject of notification.", + "description": "The subject of the email if the delivery method is ``EMAIL``. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*.", "maxLength": 200, "minLength": 1, "type": "string" @@ -313,10 +330,10 @@ }, "SubmitAutoEvaluationAction": { "additionalProperties": false, - "description": "The definition of submit auto evaluation action.", + "description": "", "properties": { "EvaluationFormArn": { - "description": "The Amazon Resource Name (ARN) of the evaluation form.", + "description": "", "pattern": "^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/evaluation-form/[-a-zA-Z0-9]*$", "type": "string" } @@ -342,14 +359,14 @@ "description": "A key-value pair to associate with a resource.", "properties": { "Key": { - "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -", "maxLength": 128, "minLength": 1, "pattern": "^(?!aws:)[a-zA-Z+-=._:/]+$", "type": "string" }, "Value": { - "description": "The value for the tag. You can specify a value that's 1 to 256 characters in length.", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -", "maxLength": 256, "type": "string" } @@ -362,28 +379,28 @@ }, "TaskAction": { "additionalProperties": false, - "description": "The definition of task action.", + "description": "Information about the task action. This field is required if ``TriggerEventSource`` is one of the following values: ``OnZendeskTicketCreate`` | ``OnZendeskTicketStatusUpdate`` | ``OnSalesforceCaseCreate``", "properties": { "ContactFlowArn": { - "description": "The Amazon Resource Name (ARN) of the contact flow.", + "description": "The Amazon Resource Name (ARN) of the flow.", "pattern": "^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$", "type": "string" }, "Description": { - "description": "The description which appears in the agent's Contact Control Panel (CCP).", + "description": "The description. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*.", "maxLength": 4096, "minLength": 0, "type": "string" }, "Name": { - "description": "The name which appears in the agent's Contact Control Panel (CCP).", + "description": "The name. Supports variable injection. For more information, see [JSONPath reference](https://docs.aws.amazon.com/connect/latest/adminguide/contact-lens-variable-injection.html) in the *Administrators Guide*.", "maxLength": 512, "minLength": 1, "type": "string" }, "References": { "additionalProperties": false, - "description": "A formatted URL that is shown to an agent in the Contact Control Panel (CCP).", + "description": "Information about the reference when the ``referenceType`` is ``URL``. Otherwise, null. ``URL`` is the only accepted type. (Supports variable injection in the ``Value`` field.)", "patternProperties": { "^(?=.{1,4096}$).+$": { "$ref": "#/definitions/Reference" @@ -410,10 +427,11 @@ }, "UpdateCaseAction": { "additionalProperties": false, - "description": "The definition for update case action.", + "description": "", "properties": { "Fields": { - "$ref": "#/definitions/Fields" + "$ref": "#/definitions/Fields", + "description": "" } }, "required": [ @@ -438,7 +456,7 @@ "type": "string" } }, - "description": "Resource Type definition for AWS:Connect::Rule", + "description": "Creates a rule for the specified CON instance.", "handlers": { "create": { "permissions": [ @@ -476,10 +494,10 @@ "properties": { "Actions": { "$ref": "#/definitions/Actions", - "description": "The list of actions that will be executed when a rule is triggered." + "description": "A list of actions to be run when the rule is triggered." }, "Function": { - "description": "The conditions of a rule.", + "description": "The conditions of the rule.", "type": "string" }, "InstanceArn": { @@ -493,7 +511,7 @@ "type": "string" }, "PublishStatus": { - "description": "The publish status of a rule, either draft or published.", + "description": "The publish status of the rule.\n *Allowed values*: ``DRAFT`` | ``PUBLISHED``", "enum": [ "DRAFT", "PUBLISHED" @@ -501,12 +519,12 @@ "type": "string" }, "RuleArn": { - "description": "The Amazon Resource Name (ARN) of the rule.", + "description": "", "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/rule/[-a-zA-Z0-9]*$", "type": "string" }, "Tags": { - "description": "One or more tags.", + "description": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -517,7 +535,7 @@ }, "TriggerEventSource": { "$ref": "#/definitions/RuleTriggerEventSource", - "description": "The event source that triggers the rule." + "description": "The event source to trigger the rule." } }, "readOnlyProperties": [ diff --git a/src/schema/aws-connect-securityprofile.json b/src/schema/aws-connect-securityprofile.json index a924e039..aa241703 100644 --- a/src/schema/aws-connect-securityprofile.json +++ b/src/schema/aws-connect-securityprofile.json @@ -235,6 +235,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-tasktemplate.json b/src/schema/aws-connect-tasktemplate.json index 37012df2..2e3f23bc 100644 --- a/src/schema/aws-connect-tasktemplate.json +++ b/src/schema/aws-connect-tasktemplate.json @@ -91,7 +91,9 @@ "DATE_TIME", "BOOLEAN", "SINGLE_SELECT", - "EMAIL" + "EMAIL", + "EXPIRY_DURATION", + "SELF_ASSIGN" ], "type": "string" }, @@ -305,6 +307,11 @@ "minLength": 1, "type": "string" }, + "SelfAssignContactFlowArn": { + "description": "The identifier of the contact flow.", + "pattern": "^$|arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/contact-flow/[-a-zA-Z0-9]*$", + "type": "string" + }, "Status": { "$ref": "#/definitions/Status" }, @@ -328,6 +335,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:ListTagsForResource", + "connect:UntagResource", + "connect:TagResource" + ], "tagOnCreate": false, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-trafficdistributiongroup.json b/src/schema/aws-connect-trafficdistributiongroup.json index 17b15a3c..63a8f78f 100644 --- a/src/schema/aws-connect-trafficdistributiongroup.json +++ b/src/schema/aws-connect-trafficdistributiongroup.json @@ -131,6 +131,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-user.json b/src/schema/aws-connect-user.json index aaf78b78..51e95834 100644 --- a/src/schema/aws-connect-user.json +++ b/src/schema/aws-connect-user.json @@ -298,6 +298,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-userhierarchygroup.json b/src/schema/aws-connect-userhierarchygroup.json index f3c0d0ce..fe2e16cd 100644 --- a/src/schema/aws-connect-userhierarchygroup.json +++ b/src/schema/aws-connect-userhierarchygroup.json @@ -28,7 +28,7 @@ "type": "object" }, "UserHierarchyGroupArn": { - "description": "The Amazon Resource Name (ARN) for the user hierarchy group.", + "description": "The Amazon Resource Name (ARN) for the User hierarchy group.", "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-group/[-a-zA-Z0-9]*$", "type": "string" } @@ -119,6 +119,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-userhierarchystructure.json b/src/schema/aws-connect-userhierarchystructure.json new file mode 100644 index 00000000..fb29b5cf --- /dev/null +++ b/src/schema/aws-connect-userhierarchystructure.json @@ -0,0 +1,190 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/InstanceArn" + ], + "definitions": { + "HierarchyLevelArn": { + "description": "The Amazon Resource Name (ARN) of the hierarchy level.", + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-group-level/[-0-9]*$", + "type": "string" + }, + "HierarchyLevelId": { + "description": "The identifier of the hierarchy level.", + "type": "string" + }, + "LevelFive": { + "additionalProperties": false, + "description": "Information about level five.", + "properties": { + "HierarchyLevelArn": { + "$ref": "#/definitions/HierarchyLevelArn" + }, + "HierarchyLevelId": { + "$ref": "#/definitions/HierarchyLevelId" + }, + "Name": { + "$ref": "#/definitions/Name" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "LevelFour": { + "additionalProperties": false, + "description": "Information about level four.", + "properties": { + "HierarchyLevelArn": { + "$ref": "#/definitions/HierarchyLevelArn" + }, + "HierarchyLevelId": { + "$ref": "#/definitions/HierarchyLevelId" + }, + "Name": { + "$ref": "#/definitions/Name" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "LevelOne": { + "additionalProperties": false, + "description": "Information about level one.", + "properties": { + "HierarchyLevelArn": { + "$ref": "#/definitions/HierarchyLevelArn" + }, + "HierarchyLevelId": { + "$ref": "#/definitions/HierarchyLevelId" + }, + "Name": { + "$ref": "#/definitions/Name" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "LevelThree": { + "additionalProperties": false, + "description": "Information about level three.", + "properties": { + "HierarchyLevelArn": { + "$ref": "#/definitions/HierarchyLevelArn" + }, + "HierarchyLevelId": { + "$ref": "#/definitions/HierarchyLevelId" + }, + "Name": { + "$ref": "#/definitions/Name" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "LevelTwo": { + "additionalProperties": false, + "description": "Information about level two.", + "properties": { + "HierarchyLevelArn": { + "$ref": "#/definitions/HierarchyLevelArn" + }, + "HierarchyLevelId": { + "$ref": "#/definitions/HierarchyLevelId" + }, + "Name": { + "$ref": "#/definitions/Name" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Name": { + "description": "The name of the hierarchy level.", + "type": "string" + } + }, + "description": "Resource Type definition for AWS::Connect::UserHierarchyStructure", + "handlers": { + "create": { + "permissions": [ + "connect:UpdateUserHierarchyStructure" + ] + }, + "delete": { + "permissions": [ + "connect:UpdateUserHierarchyStructure" + ] + }, + "read": { + "permissions": [ + "connect:DescribeUserHierarchyStructure" + ] + }, + "update": { + "permissions": [ + "connect:UpdateUserHierarchyStructure" + ] + } + }, + "primaryIdentifier": [ + "/properties/UserHierarchyStructureArn" + ], + "properties": { + "InstanceArn": { + "description": "The identifier of the Amazon Connect instance.", + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$", + "type": "string" + }, + "UserHierarchyStructure": { + "additionalProperties": false, + "description": "Information about the hierarchy structure.", + "properties": { + "LevelFive": { + "$ref": "#/definitions/LevelFive" + }, + "LevelFour": { + "$ref": "#/definitions/LevelFour" + }, + "LevelOne": { + "$ref": "#/definitions/LevelOne" + }, + "LevelThree": { + "$ref": "#/definitions/LevelThree" + }, + "LevelTwo": { + "$ref": "#/definitions/LevelTwo" + } + }, + "type": "object" + }, + "UserHierarchyStructureArn": { + "description": "The identifier of the User Hierarchy Structure.", + "pattern": "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/user-hierarchy-structure", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/UserHierarchyStructureArn" + ], + "required": [ + "InstanceArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Connect::UserHierarchyStructure" +} diff --git a/src/schema/aws-connect-view.json b/src/schema/aws-connect-view.json index dc979730..94ad970c 100644 --- a/src/schema/aws-connect-view.json +++ b/src/schema/aws-connect-view.json @@ -153,6 +153,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "connect:TagResource", + "connect:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-connect-viewversion.json b/src/schema/aws-connect-viewversion.json index d7d6ff96..109b0a51 100644 --- a/src/schema/aws-connect-viewversion.json +++ b/src/schema/aws-connect-viewversion.json @@ -2,7 +2,6 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/ViewArn", - "/properties/VersionDescription", "/properties/ViewContentSha256" ], "description": "Resource Type definition for AWS::Connect::ViewVersion", diff --git a/src/schema/aws-connectcampaignsv2-campaign.json b/src/schema/aws-connectcampaignsv2-campaign.json new file mode 100644 index 00000000..03290da3 --- /dev/null +++ b/src/schema/aws-connectcampaignsv2-campaign.json @@ -0,0 +1,802 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ConnectInstanceId" + ], + "definitions": { + "AgentlessConfig": { + "additionalProperties": false, + "description": "Agentless config", + "required": [], + "type": "object" + }, + "AnswerMachineDetectionConfig": { + "additionalProperties": false, + "description": "The configuration used for answering machine detection during outbound calls", + "properties": { + "AwaitAnswerMachinePrompt": { + "description": "Enables detection of prompts (e.g., beep after after a voicemail greeting)", + "type": "boolean" + }, + "EnableAnswerMachineDetection": { + "description": "Flag to decided whether outbound calls should have answering machine detection enabled or not", + "type": "boolean" + } + }, + "required": [ + "EnableAnswerMachineDetection" + ], + "type": "object" + }, + "Arn": { + "description": "Arn", + "maxLength": 500, + "minLength": 20, + "pattern": "^arn:.*$", + "type": "string" + }, + "BandwidthAllocation": { + "description": "The bandwidth allocation of a queue resource.", + "maximum": 1, + "minimum": 0, + "type": "number" + }, + "CampaignName": { + "description": "Campaign name", + "maxLength": 127, + "minLength": 1, + "type": "string" + }, + "Capacity": { + "description": "Allocates outbound capacity for the specific channel of this campaign between multiple active campaigns", + "maximum": 1, + "minimum": 0.01, + "type": "number" + }, + "ChannelSubtypeConfig": { + "additionalProperties": false, + "anyOf": [ + { + "required": [ + "Telephony" + ] + }, + { + "required": [ + "Sms" + ] + }, + { + "required": [ + "Email" + ] + } + ], + "description": "The possible types of channel subtype config parameters", + "properties": { + "Email": { + "$ref": "#/definitions/EmailChannelSubtypeConfig" + }, + "Sms": { + "$ref": "#/definitions/SmsChannelSubtypeConfig" + }, + "Telephony": { + "$ref": "#/definitions/TelephonyChannelSubtypeConfig" + } + }, + "type": "object" + }, + "CommunicationLimit": { + "additionalProperties": false, + "description": "Communication Limit", + "properties": { + "Frequency": { + "minimum": 1, + "type": "integer" + }, + "MaxCountPerRecipient": { + "minimum": 1, + "type": "integer" + }, + "Unit": { + "$ref": "#/definitions/CommunicationLimitTimeUnit" + } + }, + "required": [ + "MaxCountPerRecipient", + "Frequency", + "Unit" + ], + "type": "object" + }, + "CommunicationLimitList": { + "description": "List of communication limit", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CommunicationLimit" + }, + "type": "array" + }, + "CommunicationLimitTimeUnit": { + "description": "The communication limit time unit", + "enum": [ + "DAY" + ], + "type": "string" + }, + "CommunicationLimits": { + "additionalProperties": false, + "description": "Communication limits", + "properties": { + "CommunicationLimitList": { + "$ref": "#/definitions/CommunicationLimitList" + } + }, + "type": "object" + }, + "CommunicationLimitsConfig": { + "additionalProperties": false, + "description": "Communication limits config", + "properties": { + "AllChannelsSubtypes": { + "$ref": "#/definitions/CommunicationLimits" + } + }, + "type": "object" + }, + "CommunicationTimeConfig": { + "additionalProperties": false, + "description": "Campaign communication time config", + "properties": { + "Email": { + "$ref": "#/definitions/TimeWindow" + }, + "LocalTimeZoneConfig": { + "$ref": "#/definitions/LocalTimeZoneConfig" + }, + "Sms": { + "$ref": "#/definitions/TimeWindow" + }, + "Telephony": { + "$ref": "#/definitions/TimeWindow" + } + }, + "required": [ + "LocalTimeZoneConfig" + ], + "type": "object" + }, + "ContactFlowId": { + "description": "The identifier of the contact flow for the outbound call", + "maxLength": 500, + "type": "string" + }, + "DailyHour": { + "additionalProperties": false, + "description": "Daily Hour", + "properties": { + "Key": { + "$ref": "#/definitions/DayOfWeek" + }, + "Value": { + "$ref": "#/definitions/TimeRangeList" + } + }, + "type": "object" + }, + "DailyHours": { + "description": "Daily Hours map", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/DailyHour" + }, + "type": "array", + "uniqueItems": true + }, + "DayOfWeek": { + "description": "Day of week", + "enum": [ + "MONDAY", + "TUESDAY", + "WEDNESDAY", + "THURSDAY", + "FRIDAY", + "SATURDAY", + "SUNDAY" + ], + "type": "string" + }, + "EmailAddress": { + "description": "Email address used for Email messages", + "maxLength": 255, + "minLength": 1, + "pattern": "^[\\w-\\.\\+]+@([\\w-]+\\.)+[\\w-]{2,4}$", + "type": "string" + }, + "EmailChannelSubtypeConfig": { + "additionalProperties": false, + "description": "Email Channel Subtype config", + "properties": { + "Capacity": { + "$ref": "#/definitions/Capacity" + }, + "DefaultOutboundConfig": { + "$ref": "#/definitions/EmailOutboundConfig" + }, + "OutboundMode": { + "$ref": "#/definitions/EmailOutboundMode" + } + }, + "required": [ + "OutboundMode", + "DefaultOutboundConfig" + ], + "type": "object" + }, + "EmailOutboundConfig": { + "additionalProperties": false, + "description": "Default SMS outbound config", + "properties": { + "ConnectSourceEmailAddress": { + "$ref": "#/definitions/EmailAddress" + }, + "SourceEmailAddressDisplayName": { + "$ref": "#/definitions/SourceEmailAddressDisplayName" + }, + "WisdomTemplateArn": { + "$ref": "#/definitions/Arn" + } + }, + "required": [ + "ConnectSourceEmailAddress", + "WisdomTemplateArn" + ], + "type": "object" + }, + "EmailOutboundMode": { + "additionalProperties": false, + "description": "Email Outbound Mode", + "properties": { + "AgentlessConfig": { + "$ref": "#/definitions/AgentlessConfig" + } + }, + "type": "object" + }, + "EventTrigger": { + "additionalProperties": false, + "description": "The event trigger of the campaign", + "properties": { + "CustomerProfilesDomainArn": { + "$ref": "#/definitions/Arn" + } + }, + "type": "object" + }, + "InstanceId": { + "description": "Amazon Connect Instance Id", + "maxLength": 256, + "minLength": 0, + "pattern": "^[a-zA-Z0-9_\\-.]*$", + "type": "string" + }, + "Iso8601Date": { + "description": "Date in ISO 8601 format, e.g. 2024-01-01", + "pattern": "^\\d{4}-\\d{2}-\\d{2}$", + "type": "string" + }, + "Iso8601Duration": { + "description": "Time duration in ISO 8601 format", + "maxLength": 50, + "minLength": 0, + "pattern": "^[a-zA-Z0-9.]*$", + "type": "string" + }, + "Iso8601Time": { + "description": "Time in ISO 8601 format, e.g. T23:11", + "pattern": "^T\\d{2}:\\d{2}$", + "type": "string" + }, + "LocalTimeZoneConfig": { + "additionalProperties": false, + "description": "Local time zone config", + "properties": { + "DefaultTimeZone": { + "$ref": "#/definitions/TimeZone" + }, + "LocalTimeZoneDetection": { + "$ref": "#/definitions/LocalTimeZoneDetection" + } + }, + "type": "object" + }, + "LocalTimeZoneDetection": { + "description": "Local TimeZone Detection method list", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/LocalTimeZoneDetectionType" + }, + "type": "array" + }, + "LocalTimeZoneDetectionType": { + "description": "Local TimeZone Detection method", + "enum": [ + "ZIP_CODE", + "AREA_CODE" + ], + "type": "string" + }, + "OpenHours": { + "additionalProperties": false, + "description": "Open Hours config", + "properties": { + "DailyHours": { + "$ref": "#/definitions/DailyHours" + } + }, + "required": [ + "DailyHours" + ], + "type": "object" + }, + "PredictiveConfig": { + "additionalProperties": false, + "description": "Predictive config", + "properties": { + "BandwidthAllocation": { + "$ref": "#/definitions/BandwidthAllocation" + } + }, + "required": [ + "BandwidthAllocation" + ], + "type": "object" + }, + "ProgressiveConfig": { + "additionalProperties": false, + "description": "Progressive config", + "properties": { + "BandwidthAllocation": { + "$ref": "#/definitions/BandwidthAllocation" + } + }, + "required": [ + "BandwidthAllocation" + ], + "type": "object" + }, + "QueueId": { + "description": "The queue for the call", + "maxLength": 500, + "type": "string" + }, + "RestrictedPeriod": { + "additionalProperties": false, + "description": "Restricted period", + "properties": { + "EndDate": { + "$ref": "#/definitions/Iso8601Date" + }, + "Name": { + "description": "The name of a restricted period", + "maxLength": 127, + "type": "string" + }, + "StartDate": { + "$ref": "#/definitions/Iso8601Date" + } + }, + "required": [ + "StartDate", + "EndDate" + ], + "type": "object" + }, + "RestrictedPeriodList": { + "description": "List of restricted period", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/RestrictedPeriod" + }, + "type": "array" + }, + "RestrictedPeriods": { + "additionalProperties": false, + "description": "Restricted period config", + "oneOf": [ + { + "required": [ + "RestrictedPeriodList" + ] + } + ], + "properties": { + "RestrictedPeriodList": { + "$ref": "#/definitions/RestrictedPeriodList" + } + }, + "type": "object" + }, + "Schedule": { + "additionalProperties": false, + "description": "Campaign schedule", + "properties": { + "EndTime": { + "$ref": "#/definitions/TimeStamp" + }, + "RefreshFrequency": { + "$ref": "#/definitions/Iso8601Duration" + }, + "StartTime": { + "$ref": "#/definitions/TimeStamp" + } + }, + "required": [ + "StartTime", + "EndTime" + ], + "type": "object" + }, + "SmsChannelSubtypeConfig": { + "additionalProperties": false, + "description": "SMS Channel Subtype config", + "properties": { + "Capacity": { + "$ref": "#/definitions/Capacity" + }, + "DefaultOutboundConfig": { + "$ref": "#/definitions/SmsOutboundConfig" + }, + "OutboundMode": { + "$ref": "#/definitions/SmsOutboundMode" + } + }, + "required": [ + "OutboundMode", + "DefaultOutboundConfig" + ], + "type": "object" + }, + "SmsOutboundConfig": { + "additionalProperties": false, + "description": "Default SMS outbound config", + "properties": { + "ConnectSourcePhoneNumberArn": { + "$ref": "#/definitions/Arn" + }, + "WisdomTemplateArn": { + "$ref": "#/definitions/Arn" + } + }, + "required": [ + "ConnectSourcePhoneNumberArn", + "WisdomTemplateArn" + ], + "type": "object" + }, + "SmsOutboundMode": { + "additionalProperties": false, + "description": "SMS Outbound Mode", + "properties": { + "AgentlessConfig": { + "$ref": "#/definitions/AgentlessConfig" + } + }, + "type": "object" + }, + "Source": { + "additionalProperties": false, + "description": "The possible source of the campaign", + "oneOf": [ + { + "required": [ + "CustomerProfilesSegmentArn" + ] + }, + { + "required": [ + "EventTrigger" + ] + } + ], + "properties": { + "CustomerProfilesSegmentArn": { + "$ref": "#/definitions/Arn" + }, + "EventTrigger": { + "$ref": "#/definitions/EventTrigger" + } + }, + "type": "object" + }, + "SourceEmailAddressDisplayName": { + "description": "The name of the source email address display name", + "maxLength": 127, + "minLength": 1, + "type": "string" + }, + "SourcePhoneNumber": { + "description": "The phone number associated with the Amazon Connect instance, in E.164 format. If you do not specify a source phone number, you must specify a queue.", + "maxLength": 100, + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "description": "The key name of the tag.", + "type": "string" + }, + "Value": { + "description": "The value for the tag.", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "TelephonyChannelSubtypeConfig": { + "additionalProperties": false, + "description": "Telephony Channel Subtype config", + "properties": { + "Capacity": { + "$ref": "#/definitions/Capacity" + }, + "ConnectQueueId": { + "$ref": "#/definitions/QueueId" + }, + "DefaultOutboundConfig": { + "$ref": "#/definitions/TelephonyOutboundConfig" + }, + "OutboundMode": { + "$ref": "#/definitions/TelephonyOutboundMode" + } + }, + "required": [ + "OutboundMode", + "DefaultOutboundConfig" + ], + "type": "object" + }, + "TelephonyOutboundConfig": { + "additionalProperties": false, + "description": "Default Telephone Outbound config", + "properties": { + "AnswerMachineDetectionConfig": { + "$ref": "#/definitions/AnswerMachineDetectionConfig" + }, + "ConnectContactFlowId": { + "$ref": "#/definitions/ContactFlowId" + }, + "ConnectSourcePhoneNumber": { + "$ref": "#/definitions/SourcePhoneNumber" + } + }, + "required": [ + "ConnectContactFlowId" + ], + "type": "object" + }, + "TelephonyOutboundMode": { + "additionalProperties": false, + "description": "Telephony Outbound Mode", + "oneOf": [ + { + "required": [ + "ProgressiveConfig" + ] + }, + { + "required": [ + "PredictiveConfig" + ] + }, + { + "required": [ + "AgentlessConfig" + ] + } + ], + "properties": { + "AgentlessConfig": { + "$ref": "#/definitions/AgentlessConfig" + }, + "PredictiveConfig": { + "$ref": "#/definitions/PredictiveConfig" + }, + "ProgressiveConfig": { + "$ref": "#/definitions/ProgressiveConfig" + } + }, + "type": "object" + }, + "TimeRange": { + "additionalProperties": false, + "description": "Time range in 24 hour format", + "properties": { + "EndTime": { + "$ref": "#/definitions/Iso8601Time" + }, + "StartTime": { + "$ref": "#/definitions/Iso8601Time" + } + }, + "required": [ + "StartTime", + "EndTime" + ], + "type": "object" + }, + "TimeRangeList": { + "description": "List of time range", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/TimeRange" + }, + "type": "array" + }, + "TimeStamp": { + "description": "Timestamp with no UTC offset or timezone", + "maxLength": 100, + "type": "string" + }, + "TimeWindow": { + "additionalProperties": false, + "description": "Time window config", + "properties": { + "OpenHours": { + "$ref": "#/definitions/OpenHours" + }, + "RestrictedPeriods": { + "$ref": "#/definitions/RestrictedPeriods" + } + }, + "required": [ + "OpenHours" + ], + "type": "object" + }, + "TimeZone": { + "description": "Time Zone Id in the IANA format", + "type": "string" + } + }, + "description": "Definition of AWS::ConnectCampaignsV2::Campaign Resource Type", + "handlers": { + "create": { + "permissions": [ + "connect-campaigns:CreateCampaign", + "connect-campaigns:DescribeCampaign", + "connect-campaigns:TagResource", + "connect:DescribeContactFlow", + "connect:DescribeEmailAddress", + "connect:DescribeInstance", + "connect:DescribePhoneNumber", + "connect:DescribeQueue", + "profile:GetSegmentDefinition", + "wisdom:GetMessageTemplate" + ] + }, + "delete": { + "permissions": [ + "connect-campaigns:DeleteCampaign", + "connect-campaigns:DeleteCampaignChannelSubtypeConfig", + "connect-campaigns:DeleteCampaignCommunicationLimits", + "connect-campaigns:DeleteCampaignCommunicationTime" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ConnectInstanceId": { + "$ref": "resource-schema.json#/properties/ConnectInstanceId" + } + }, + "required": [ + "ConnectInstanceId" + ] + }, + "permissions": [ + "connect-campaigns:ListCampaigns" + ] + }, + "read": { + "permissions": [ + "connect-campaigns:DescribeCampaign" + ] + }, + "update": { + "permissions": [ + "connect-campaigns:DeleteCampaignChannelSubtypeConfig", + "connect-campaigns:DeleteCampaignCommunicationLimits", + "connect-campaigns:DeleteCampaignCommunicationTime", + "connect-campaigns:UpdateCampaignChannelSubtypeConfig", + "connect-campaigns:UpdateCampaignCommunicationLimits", + "connect-campaigns:UpdateCampaignCommunicationTime", + "connect-campaigns:UpdateCampaignName", + "connect-campaigns:UpdateCampaignFlowAssociation", + "connect-campaigns:UpdateCampaignSchedule", + "connect-campaigns:UpdateCampaignSource", + "connect-campaigns:TagResource", + "connect-campaigns:UntagResource", + "connect-campaigns:DescribeCampaign", + "connect:DescribeContactFlow", + "connect:DescribeEmailAddress", + "connect:DescribePhoneNumber", + "connect:DescribeQueue", + "profile:GetSegmentDefinition", + "wisdom:GetMessageTemplate" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "description": "Amazon Connect Campaign Arn", + "maxLength": 256, + "minLength": 0, + "pattern": "^arn:aws[-a-z0-9]*:connect-campaigns:[-a-z0-9]*:[0-9]{12}:campaign/[-a-zA-Z0-9]*$", + "type": "string" + }, + "ChannelSubtypeConfig": { + "$ref": "#/definitions/ChannelSubtypeConfig" + }, + "CommunicationLimitsOverride": { + "$ref": "#/definitions/CommunicationLimitsConfig" + }, + "CommunicationTimeConfig": { + "$ref": "#/definitions/CommunicationTimeConfig" + }, + "ConnectCampaignFlowArn": { + "$ref": "#/definitions/Arn" + }, + "ConnectInstanceId": { + "$ref": "#/definitions/InstanceId" + }, + "Name": { + "$ref": "#/definitions/CampaignName" + }, + "Schedule": { + "$ref": "#/definitions/Schedule" + }, + "Source": { + "$ref": "#/definitions/Source" + }, + "Tags": { + "description": "One or more tags.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/Arn" + ], + "required": [ + "Name", + "ConnectInstanceId", + "ChannelSubtypeConfig" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect-campaigns", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "connect-campaigns:UntagResource", + "connect-campaigns:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::ConnectCampaignsV2::Campaign" +} diff --git a/src/schema/aws-controltower-enabledbaseline.json b/src/schema/aws-controltower-enabledbaseline.json index 3b195d93..598d2ca6 100644 --- a/src/schema/aws-controltower-enabledbaseline.json +++ b/src/schema/aws-controltower-enabledbaseline.json @@ -78,6 +78,7 @@ "permissions": [ "controltower:EnableBaseline", "controltower:TagResource", + "controltower:UntagResource", "controltower:GetBaselineOperation", "controltower:GetEnabledBaseline", "controltower:ListTagsForResource", @@ -172,7 +173,7 @@ "servicecatalog:ListPrincipalsForPortfolio", "servicecatalog:DeleteProvisioningArtifact", "controltower:TagResource", - "controltower:ListTagsForResource", + "controltower:UntagResource", "controltower:GetEnabledBaseline" ] } @@ -228,6 +229,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "controltower:TagResource", + "controltower:UntagResource", + "controltower:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-controltower-enabledcontrol.json b/src/schema/aws-controltower-enabledcontrol.json index 7035dad8..7a9e7246 100644 --- a/src/schema/aws-controltower-enabledcontrol.json +++ b/src/schema/aws-controltower-enabledcontrol.json @@ -94,7 +94,8 @@ "organizations:DetachPolicy", "organizations:ListPoliciesForTarget", "organizations:ListTargetsForPolicy", - "organizations:DescribePolicy" + "organizations:DescribePolicy", + "controltower:ListTagsForResource" ], "timeoutInMinutes": 720 }, @@ -111,7 +112,8 @@ "organizations:DetachPolicy", "organizations:ListPoliciesForTarget", "organizations:ListTargetsForPolicy", - "organizations:DescribePolicy" + "organizations:DescribePolicy", + "controltower:ListTagsForResource" ], "timeoutInMinutes": 720 }, @@ -151,7 +153,8 @@ "organizations:DetachPolicy", "organizations:ListPoliciesForTarget", "organizations:ListTargetsForPolicy", - "organizations:DescribePolicy" + "organizations:DescribePolicy", + "controltower:ListTagsForResource" ], "timeoutInMinutes": 720 } @@ -202,6 +205,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-controltower", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "controltower:UntagResource", + "controltower:TagResource", + "controltower:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-controltower-landingzone.json b/src/schema/aws-controltower-landingzone.json index 89e3d1c4..fc95c77f 100644 --- a/src/schema/aws-controltower-landingzone.json +++ b/src/schema/aws-controltower-landingzone.json @@ -67,6 +67,8 @@ "sso:GetPeregrineStatus", "sso:ListDirectoryAssociations", "sso:StartPeregrine", + "iam:CreateServiceLinkedRole", + "cloudformation:EnableOrganizationsAccess", "sso:RegisterRegion" ] }, @@ -91,8 +93,10 @@ "organizations:ListRoots", "sso:GetPeregrineStatus", "sso:ListDirectoryAssociations", + "iam:CreateServiceLinkedRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", + "cloudformation:EnableOrganizationsAccess", "iam:DeleteRole" ] }, @@ -138,6 +142,8 @@ "organizations:EnableAWSServiceAccess", "organizations:ListRoots", "sso:GetPeregrineStatus", + "iam:CreateServiceLinkedRole", + "cloudformation:EnableOrganizationsAccess", "sso:ListDirectoryAssociations", "sso:StartPeregrine", "sso:RegisterRegion" @@ -196,6 +202,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "controltower:UntagResource", + "controltower:TagResource", + "controltower:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-customerprofiles-calculatedattributedefinition.json b/src/schema/aws-customerprofiles-calculatedattributedefinition.json index daf1184e..e8acc5a6 100644 --- a/src/schema/aws-customerprofiles-calculatedattributedefinition.json +++ b/src/schema/aws-customerprofiles-calculatedattributedefinition.json @@ -313,6 +313,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "profile:TagResource", + "profile:UntagResource", + "profile:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-customerprofiles-domain.json b/src/schema/aws-customerprofiles-domain.json index 496aec15..426d4cf1 100644 --- a/src/schema/aws-customerprofiles-domain.json +++ b/src/schema/aws-customerprofiles-domain.json @@ -357,16 +357,6 @@ ] }, "list": { - "handlerSchema": { - "properties": { - "DomainName": { - "$ref": "resource-schema.json#/properties/DomainName" - } - }, - "required": [ - "DomainName" - ] - }, "permissions": [ "profile:ListDomains" ] @@ -454,6 +444,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "profile:TagResource", + "profile:UntagResource", + "profile:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-customerprofiles-eventstream.json b/src/schema/aws-customerprofiles-eventstream.json index 1fc1a1be..6b2df22f 100644 --- a/src/schema/aws-customerprofiles-eventstream.json +++ b/src/schema/aws-customerprofiles-eventstream.json @@ -174,6 +174,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "profile:TagResource", + "profile:UntagResource", + "profile:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-customerprofiles-eventtrigger.json b/src/schema/aws-customerprofiles-eventtrigger.json new file mode 100644 index 00000000..0d0afa9e --- /dev/null +++ b/src/schema/aws-customerprofiles-eventtrigger.json @@ -0,0 +1,372 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DomainName", + "/properties/EventTriggerName" + ], + "definitions": { + "Description": { + "description": "The description of the event trigger.", + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, + "DomainName": { + "description": "The unique name of the domain.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + }, + "EventExpiration": { + "description": "Specifies that an event will only trigger the destination if it is processed within a certain latency period.", + "format": "int64", + "type": "integer" + }, + "EventTriggerCondition": { + "additionalProperties": false, + "description": "Specifies the circumstances under which the event should trigger the destination.", + "properties": { + "EventTriggerDimensions": { + "$ref": "#/definitions/EventTriggerDimensions" + }, + "LogicalOperator": { + "$ref": "#/definitions/EventTriggerLogicalOperator" + } + }, + "required": [ + "EventTriggerDimensions", + "LogicalOperator" + ], + "type": "object" + }, + "EventTriggerConditions": { + "description": "A list of conditions that determine when an event should trigger the destination.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EventTriggerCondition" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + }, + "EventTriggerDimension": { + "additionalProperties": false, + "description": "A specific event dimension to be assessed.", + "properties": { + "ObjectAttributes": { + "$ref": "#/definitions/ObjectAttributes" + } + }, + "required": [ + "ObjectAttributes" + ], + "type": "object" + }, + "EventTriggerDimensions": { + "description": "A list of dimensions to be evaluated for the event.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EventTriggerDimension" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + }, + "EventTriggerLimits": { + "additionalProperties": false, + "description": "Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.", + "properties": { + "EventExpiration": { + "$ref": "#/definitions/EventExpiration" + }, + "Periods": { + "$ref": "#/definitions/Periods" + } + }, + "type": "object" + }, + "EventTriggerLogicalOperator": { + "description": "The operator used to combine multiple dimensions.", + "enum": [ + "ANY", + "ALL", + "NONE" + ], + "type": "string" + }, + "EventTriggerName": { + "description": "The unique name of the event trigger.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + }, + "ObjectAttribute": { + "additionalProperties": false, + "description": "The criteria that a specific object attribute must meet to trigger the destination.", + "properties": { + "ComparisonOperator": { + "description": "The operator used to compare an attribute against a list of values.", + "enum": [ + "INCLUSIVE", + "EXCLUSIVE", + "CONTAINS", + "BEGINS_WITH", + "ENDS_WITH", + "GREATER_THAN", + "LESS_THAN", + "GREATER_THAN_OR_EQUAL", + "LESS_THAN_OR_EQUAL", + "EQUAL", + "BEFORE", + "AFTER", + "ON", + "BETWEEN", + "NOT_BETWEEN" + ], + "type": "string" + }, + "FieldName": { + "description": "A field defined within an object type.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_.-]+$", + "type": "string" + }, + "Source": { + "description": "An attribute contained within a source object.", + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, + "Values": { + "description": "A list of attribute values used for comparison.", + "insertionOrder": false, + "items": { + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "ComparisonOperator", + "Values" + ], + "type": "object" + }, + "ObjectAttributes": { + "description": "A list of object attributes to be evaluated.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ObjectAttribute" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + }, + "ObjectTypeName": { + "description": "The unique name of the object type.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z_][a-zA-Z_0-9-]*$", + "type": "string" + }, + "Period": { + "additionalProperties": false, + "description": "Defines a limit and the time period during which it is enforced.", + "properties": { + "MaxInvocationsPerProfile": { + "description": "The maximum allowed number of destination invocations per profile.", + "maximum": 1000, + "minimum": 1, + "type": "integer" + }, + "Unit": { + "description": "The unit of time.", + "enum": [ + "HOURS", + "DAYS", + "WEEKS", + "MONTHS" + ], + "type": "string" + }, + "Unlimited": { + "description": "If set to true, there is no limit on the number of destination invocations per profile. The default is false.", + "type": "boolean" + }, + "Value": { + "description": "The amount of time of the specified unit.", + "maximum": 24, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "Periods": { + "description": "A list of time periods during which the limits apply.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Period" + }, + "maxItems": 4, + "minItems": 1, + "type": "array" + }, + "SegmentFilter": { + "description": "The destination is triggered only for profiles that meet the criteria of a segment definition.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "description": "An event trigger resource of Amazon Connect Customer Profiles", + "handlers": { + "create": { + "permissions": [ + "profile:CreateEventTrigger", + "profile:TagResource" + ] + }, + "delete": { + "permissions": [ + "profile:DeleteEventTrigger" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "DomainName": { + "$ref": "resource-schema.json#/properties/DomainName" + } + }, + "required": [ + "DomainName" + ] + }, + "permissions": [ + "profile:ListEventTriggers" + ] + }, + "read": { + "permissions": [ + "profile:GetEventTrigger" + ] + }, + "update": { + "permissions": [ + "profile:GetEventTrigger", + "profile:UpdateEventTrigger", + "profile:UntagResource", + "profile:TagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/DomainName", + "/properties/EventTriggerName" + ], + "properties": { + "CreatedAt": { + "description": "The timestamp of when the event trigger was created.", + "type": "string" + }, + "Description": { + "$ref": "#/definitions/Description" + }, + "DomainName": { + "$ref": "#/definitions/DomainName" + }, + "EventTriggerConditions": { + "$ref": "#/definitions/EventTriggerConditions" + }, + "EventTriggerLimits": { + "$ref": "#/definitions/EventTriggerLimits" + }, + "EventTriggerName": { + "$ref": "#/definitions/EventTriggerName" + }, + "LastUpdatedAt": { + "description": "The timestamp of when the event trigger was most recently updated.", + "type": "string" + }, + "ObjectTypeName": { + "$ref": "#/definitions/ObjectTypeName" + }, + "SegmentFilter": { + "$ref": "#/definitions/SegmentFilter" + }, + "Tags": { + "$ref": "#/definitions/Tags" + } + }, + "readOnlyProperties": [ + "/properties/CreatedAt", + "/properties/LastUpdatedAt" + ], + "required": [ + "DomainName", + "EventTriggerName", + "ObjectTypeName", + "EventTriggerConditions" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "profile:TagResource", + "profile:UntagResource", + "profile:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CustomerProfiles::EventTrigger" +} diff --git a/src/schema/aws-customerprofiles-integration.json b/src/schema/aws-customerprofiles-integration.json index 8010b08e..e7c19ef2 100644 --- a/src/schema/aws-customerprofiles-integration.json +++ b/src/schema/aws-customerprofiles-integration.json @@ -569,6 +569,8 @@ "appflow:CreateFlow", "app-integrations:CreateEventIntegrationAssociation", "app-integrations:GetEventIntegration", + "connect:DescribeInstance", + "ds:DescribeDirectories", "events:ListTargetsByRule", "events:PutRule", "events:PutTargets", @@ -623,7 +625,9 @@ "events:PutTargets", "events:PutEvents", "profile:UntagResource", - "profile:TagResource" + "profile:TagResource", + "connect:DescribeInstance", + "ds:DescribeDirectories" ] } }, @@ -643,6 +647,19 @@ "pattern": "^[a-zA-Z0-9_-]+$", "type": "string" }, + "EventTriggerNames": { + "description": "A list of unique names for active event triggers associated with the integration.", + "insertionOrder": false, + "items": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + }, "FlowDefinition": { "$ref": "#/definitions/FlowDefinition" }, @@ -690,6 +707,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "profile:TagResource", + "profile:UntagResource", + "profile:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-customerprofiles-objecttype.json b/src/schema/aws-customerprofiles-objecttype.json index 0776d788..3288679f 100644 --- a/src/schema/aws-customerprofiles-objecttype.json +++ b/src/schema/aws-customerprofiles-objecttype.json @@ -131,7 +131,9 @@ "permissions": [ "profile:GetProfileObjectType", "profile:PutProfileObjectType", - "profile:TagResource" + "profile:TagResource", + "kms:GenerateDataKey", + "kms:Decrypt" ] }, "delete": { @@ -151,12 +153,16 @@ ] }, "permissions": [ - "profile:ListProfileObjectTypes" + "profile:ListProfileObjectTypes", + "kms:GenerateDataKey", + "kms:Decrypt" ] }, "read": { "permissions": [ - "profile:GetProfileObjectType" + "profile:GetProfileObjectType", + "kms:GenerateDataKey", + "kms:Decrypt" ] }, "update": { @@ -164,7 +170,9 @@ "profile:GetProfileObjectType", "profile:PutProfileObjectType", "profile:UntagResource", - "profile:TagResource" + "profile:TagResource", + "kms:GenerateDataKey", + "kms:Decrypt" ] } }, @@ -268,6 +276,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "profile:TagResource", + "profile:UntagResource", + "profile:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-customerprofiles-segmentdefinition.json b/src/schema/aws-customerprofiles-segmentdefinition.json new file mode 100644 index 00000000..d46936d1 --- /dev/null +++ b/src/schema/aws-customerprofiles-segmentdefinition.json @@ -0,0 +1,572 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DomainName", + "/properties/SegmentDefinitionName", + "/properties/DisplayName", + "/properties/SegmentGroups" + ], + "definitions": { + "AddressDimension": { + "additionalProperties": false, + "description": "The address based criteria for the segment.", + "properties": { + "City": { + "$ref": "#/definitions/ProfileDimension" + }, + "Country": { + "$ref": "#/definitions/ProfileDimension" + }, + "County": { + "$ref": "#/definitions/ProfileDimension" + }, + "PostalCode": { + "$ref": "#/definitions/ProfileDimension" + }, + "Province": { + "$ref": "#/definitions/ProfileDimension" + }, + "State": { + "$ref": "#/definitions/ProfileDimension" + } + }, + "type": "object" + }, + "AttributeDimension": { + "additionalProperties": false, + "description": "Specifies attribute based criteria for a segment.", + "properties": { + "DimensionType": { + "$ref": "#/definitions/AttributeDimensionType" + }, + "Values": { + "insertionOrder": false, + "items": { + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "maxItems": 50, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "AttributeDimensionType": { + "description": "The type of segment dimension to use.", + "enum": [ + "INCLUSIVE", + "EXCLUSIVE", + "CONTAINS", + "BEGINS_WITH", + "ENDS_WITH", + "BEFORE", + "AFTER", + "BETWEEN", + "NOT_BETWEEN", + "ON", + "GREATER_THAN", + "LESS_THAN", + "GREATER_THAN_OR_EQUAL", + "LESS_THAN_OR_EQUAL", + "EQUAL" + ], + "type": "string" + }, + "CalculatedAttributeDimension": { + "additionalProperties": false, + "description": "Specifies calculated attribute based criteria for a segment.", + "properties": { + "ConditionOverrides": { + "$ref": "#/definitions/ConditionOverrides" + }, + "DimensionType": { + "$ref": "#/definitions/AttributeDimensionType" + }, + "Values": { + "insertionOrder": false, + "items": { + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "maxItems": 50, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "CalculatedCustomAttributes": { + "additionalProperties": false, + "description": "One or more calculated attributes to use as criteria for the segment.", + "patternProperties": { + "^[a-zA-Z_][a-zA-Z_0-9-]*$": { + "$ref": "#/definitions/CalculatedAttributeDimension" + } + }, + "type": "object" + }, + "ConditionOverrides": { + "additionalProperties": false, + "description": "Overrides the condition block within the original calculated attribute definition.", + "properties": { + "Range": { + "$ref": "#/definitions/RangeOverride" + } + }, + "type": "object" + }, + "CustomAttributes": { + "additionalProperties": false, + "description": "One or more custom attributes to use as criteria for the segment.", + "patternProperties": { + "^[a-zA-Z_][a-zA-Z_0-9-]*$": { + "$ref": "#/definitions/AttributeDimension" + } + }, + "type": "object" + }, + "DateDimension": { + "additionalProperties": false, + "description": "Specifies date based criteria for a segment.", + "properties": { + "DimensionType": { + "$ref": "#/definitions/DateDimensionType" + }, + "Values": { + "insertionOrder": false, + "items": { + "type": "string" + }, + "maxItems": 50, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "DateDimensionType": { + "description": "The type of segment dimension to use for a date dimension.", + "enum": [ + "BEFORE", + "AFTER", + "BETWEEN", + "NOT_BETWEEN", + "ON" + ], + "type": "string" + }, + "Dimension": { + "description": "The criteria that define the dimensions for the segment.", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "ProfileAttributes": { + "$ref": "#/definitions/ProfileAttributes" + } + }, + "required": [ + "ProfileAttributes" + ], + "title": "ProfileAttributes", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "CalculatedAttributes": { + "$ref": "#/definitions/CalculatedCustomAttributes" + } + }, + "title": "CalculatedAttributes", + "type": "object" + } + ] + }, + "ExtraLengthValueProfileDimension": { + "additionalProperties": false, + "description": "Specifies criteria for a segment using extended-length string values.", + "properties": { + "DimensionType": { + "$ref": "#/definitions/StringDimensionType" + }, + "Values": { + "insertionOrder": false, + "items": { + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, + "maxItems": 50, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "Group": { + "additionalProperties": false, + "description": "An array that defines the set of segment criteria to evaluate when handling segment groups for the segment.", + "properties": { + "Dimensions": { + "items": { + "$ref": "#/definitions/Dimension" + }, + "type": "array" + }, + "SourceSegments": { + "items": { + "$ref": "#/definitions/SourceSegment" + }, + "type": "array" + }, + "SourceType": { + "$ref": "#/definitions/IncludeOptions" + }, + "Type": { + "$ref": "#/definitions/IncludeOptions" + } + }, + "type": "object" + }, + "IncludeOptions": { + "description": "Specifies the operator on how to handle multiple groups within the same segment.", + "enum": [ + "ALL", + "ANY", + "NONE" + ], + "type": "string" + }, + "ProfileAttributes": { + "additionalProperties": false, + "description": "Specifies the dimension settings within profile attributes for a segment.", + "properties": { + "AccountNumber": { + "$ref": "#/definitions/ProfileDimension" + }, + "AdditionalInformation": { + "$ref": "#/definitions/ExtraLengthValueProfileDimension" + }, + "Address": { + "$ref": "#/definitions/AddressDimension" + }, + "Attributes": { + "$ref": "#/definitions/CustomAttributes" + }, + "BillingAddress": { + "$ref": "#/definitions/AddressDimension" + }, + "BirthDate": { + "$ref": "#/definitions/DateDimension" + }, + "BusinessEmailAddress": { + "$ref": "#/definitions/ProfileDimension" + }, + "BusinessName": { + "$ref": "#/definitions/ProfileDimension" + }, + "BusinessPhoneNumber": { + "$ref": "#/definitions/ProfileDimension" + }, + "EmailAddress": { + "$ref": "#/definitions/ProfileDimension" + }, + "FirstName": { + "$ref": "#/definitions/ProfileDimension" + }, + "GenderString": { + "$ref": "#/definitions/ProfileDimension" + }, + "HomePhoneNumber": { + "$ref": "#/definitions/ProfileDimension" + }, + "LastName": { + "$ref": "#/definitions/ProfileDimension" + }, + "MailingAddress": { + "$ref": "#/definitions/AddressDimension" + }, + "MiddleName": { + "$ref": "#/definitions/ProfileDimension" + }, + "MobilePhoneNumber": { + "$ref": "#/definitions/ProfileDimension" + }, + "PartyTypeString": { + "$ref": "#/definitions/ProfileDimension" + }, + "PersonalEmailAddress": { + "$ref": "#/definitions/ProfileDimension" + }, + "PhoneNumber": { + "$ref": "#/definitions/ProfileDimension" + }, + "ShippingAddress": { + "$ref": "#/definitions/AddressDimension" + } + }, + "type": "object" + }, + "ProfileDimension": { + "additionalProperties": false, + "description": "Specifies profile based criteria for a segment.", + "properties": { + "DimensionType": { + "$ref": "#/definitions/StringDimensionType" + }, + "Values": { + "insertionOrder": false, + "items": { + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "maxItems": 50, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "RangeOverride": { + "additionalProperties": false, + "description": "Defines the range to be applied to the calculated attribute definition.", + "properties": { + "End": { + "description": "The ending point for this overridden range.", + "maximum": 366, + "minimum": 0, + "type": "integer" + }, + "Start": { + "description": "The starting point for this overridden range.", + "maximum": 366, + "minimum": 1, + "type": "integer" + }, + "Unit": { + "description": "The unit to be applied to the range.", + "enum": [ + "DAYS" + ], + "type": "string" + } + }, + "required": [ + "Start", + "Unit" + ], + "type": "object" + }, + "SegmentGroup": { + "additionalProperties": false, + "properties": { + "Groups": { + "items": { + "$ref": "#/definitions/Group" + }, + "type": "array" + }, + "Include": { + "$ref": "#/definitions/IncludeOptions" + } + }, + "type": "object" + }, + "SourceSegment": { + "additionalProperties": false, + "description": "The base segment to build the segment on.", + "properties": { + "SegmentDefinitionName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + } + }, + "type": "object" + }, + "StringDimensionType": { + "description": "The type of segment dimension to use for a string dimension.", + "enum": [ + "INCLUSIVE", + "EXCLUSIVE", + "CONTAINS", + "BEGINS_WITH", + "ENDS_WITH" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)[a-zA-Z+-=._:/]+$", + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "A segment definition resource of Amazon Connect Customer Profiles", + "handlers": { + "create": { + "permissions": [ + "profile:CreateSegmentDefinition", + "profile:TagResource" + ] + }, + "delete": { + "permissions": [ + "profile:DeleteSegmentDefinition" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "DomainName": { + "$ref": "resource-schema.json#/properties/DomainName" + } + }, + "required": [ + "DomainName" + ] + }, + "permissions": [ + "profile:ListSegmentDefinitions" + ] + }, + "read": { + "permissions": [ + "profile:GetSegmentDefinition" + ] + }, + "update": { + "permissions": [ + "profile:GetSegmentDefinition", + "profile:UntagResource", + "profile:TagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/DomainName", + "/properties/SegmentDefinitionName" + ], + "properties": { + "CreatedAt": { + "description": "The time of this segment definition got created.", + "format": "date-time", + "type": "string" + }, + "Description": { + "description": "The description of the segment definition.", + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, + "DisplayName": { + "description": "The display name of the segment definition.", + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "DomainName": { + "description": "The unique name of the domain.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + }, + "SegmentDefinitionArn": { + "description": "The Amazon Resource Name (ARN) of the segment definition.", + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "SegmentDefinitionName": { + "description": "The unique name of the segment definition.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + }, + "SegmentGroups": { + "$ref": "#/definitions/SegmentGroup", + "description": "An array that defines the set of segment criteria to evaluate when handling segment groups for the segment." + }, + "Tags": { + "description": "The tags used to organize, track, or control access for this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/CreatedAt", + "/properties/SegmentDefinitionArn" + ], + "required": [ + "DomainName", + "DisplayName", + "SegmentDefinitionName", + "SegmentGroups" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "profile:TagResource", + "profile:UntagResource", + "profile:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::CustomerProfiles::SegmentDefinition" +} diff --git a/src/schema/aws-databrew-dataset.json b/src/schema/aws-databrew-dataset.json index 3244a945..f139290b 100644 --- a/src/schema/aws-databrew-dataset.json +++ b/src/schema/aws-databrew-dataset.json @@ -1,10 +1,15 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Name", - "/properties/Tags" + "/properties/Name" ], "definitions": { + "BucketOwner": { + "description": "Bucket owner", + "maxLength": 12, + "minLength": 12, + "type": "string" + }, "CsvOptions": { "additionalProperties": false, "description": "Csv options", @@ -345,6 +350,9 @@ "Bucket": { "type": "string" }, + "BucketOwner": { + "$ref": "#/definitions/BucketOwner" + }, "Key": { "type": "string" } @@ -381,6 +389,7 @@ "create": { "permissions": [ "databrew:CreateDataset", + "databrew:DescribeDataset", "databrew:TagResource", "databrew:UntagResource", "glue:GetConnection", @@ -403,13 +412,14 @@ "read": { "permissions": [ "databrew:DescribeDataset", - "databrew:ListTagsForResource", "iam:ListRoles" ] }, "update": { "permissions": [ "databrew:UpdateDataset", + "databrew:TagResource", + "databrew:UntagResource", "glue:GetConnection", "glue:GetTable" ] @@ -448,6 +458,15 @@ "$ref": "#/definitions/PathOptions", "description": "PathOptions" }, + "Source": { + "description": "Source type of the dataset", + "enum": [ + "S3", + "DATA-CATALOG", + "DATABASE" + ], + "type": "string" + }, "Tags": { "insertionOrder": false, "items": { @@ -462,6 +481,17 @@ "Input" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::DataBrew::Dataset" } diff --git a/src/schema/aws-databrew-job.json b/src/schema/aws-databrew-job.json index 293cbac4..a9863c09 100644 --- a/src/schema/aws-databrew-job.json +++ b/src/schema/aws-databrew-job.json @@ -2,8 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Name", - "/properties/Type", - "/properties/Tags" + "/properties/Type" ], "definitions": { "AllowedStatistics": { @@ -468,6 +467,7 @@ "permissions": [ "databrew:CreateProfileJob", "databrew:CreateRecipeJob", + "databrew:DescribeJob", "databrew:TagResource", "databrew:UntagResource", "iam:PassRole" @@ -488,7 +488,6 @@ "read": { "permissions": [ "databrew:DescribeJob", - "databrew:ListTagsForResource", "iam:ListRoles" ] }, @@ -496,6 +495,8 @@ "permissions": [ "databrew:UpdateProfileJob", "databrew:UpdateRecipeJob", + "databrew:TagResource", + "databrew:UntagResource", "iam:PassRole" ] } @@ -627,6 +628,17 @@ "Type" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::DataBrew::Job" } diff --git a/src/schema/aws-databrew-project.json b/src/schema/aws-databrew-project.json index 35082ce6..548fe77f 100644 --- a/src/schema/aws-databrew-project.json +++ b/src/schema/aws-databrew-project.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Name", - "/properties/Tags" + "/properties/Name" ], "definitions": { "Sample": { @@ -55,6 +54,7 @@ "create": { "permissions": [ "databrew:CreateProject", + "databrew:DescribeProject", "databrew:TagResource", "databrew:UntagResource", "iam:PassRole" @@ -75,13 +75,14 @@ "read": { "permissions": [ "databrew:DescribeProject", - "databrew:ListTagsForResource", "iam:ListRoles" ] }, "update": { "permissions": [ "databrew:UpdateProject", + "databrew:TagResource", + "databrew:UntagResource", "iam:PassRole" ] } @@ -132,6 +133,17 @@ "RoleArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::DataBrew::Project" } diff --git a/src/schema/aws-databrew-recipe.json b/src/schema/aws-databrew-recipe.json index 1bd76233..8a75b865 100644 --- a/src/schema/aws-databrew-recipe.json +++ b/src/schema/aws-databrew-recipe.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Name", - "/properties/Tags" + "/properties/Name" ], "definitions": { "Action": { @@ -516,6 +515,7 @@ "create": { "permissions": [ "databrew:CreateRecipe", + "databrew:DescribeRecipe", "databrew:TagResource", "databrew:UntagResource", "iam:PassRole" @@ -529,7 +529,6 @@ "list": { "permissions": [ "databrew:ListRecipes", - "databrew:ListTagsForResource", "iam:ListRoles" ] }, @@ -542,7 +541,9 @@ }, "update": { "permissions": [ - "databrew:UpdateRecipe" + "databrew:UpdateRecipe", + "databrew:TagResource", + "databrew:UntagResource" ] } }, @@ -584,6 +585,17 @@ "Steps" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::DataBrew::Recipe" } diff --git a/src/schema/aws-databrew-ruleset.json b/src/schema/aws-databrew-ruleset.json index 70b5392b..41556df5 100644 --- a/src/schema/aws-databrew-ruleset.json +++ b/src/schema/aws-databrew-ruleset.json @@ -170,6 +170,7 @@ "create": { "permissions": [ "databrew:CreateRuleset", + "databrew:DescribeRuleset", "databrew:TagResource", "databrew:UntagResource", "iam:PassRole" @@ -190,13 +191,14 @@ "read": { "permissions": [ "databrew:DescribeRuleset", - "databrew:ListTagsForResource", "iam:ListRoles" ] }, "update": { "permissions": [ - "databrew:UpdateRuleset" + "databrew:UpdateRuleset", + "databrew:TagResource", + "databrew:UntagResource" ] } }, @@ -245,6 +247,17 @@ "Rules" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::DataBrew::Ruleset" } diff --git a/src/schema/aws-databrew-schedule.json b/src/schema/aws-databrew-schedule.json index 088ceeed..e8b464cf 100644 --- a/src/schema/aws-databrew-schedule.json +++ b/src/schema/aws-databrew-schedule.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Name", - "/properties/Tags" + "/properties/Name" ], "definitions": { "JobName": { @@ -38,6 +37,7 @@ "create": { "permissions": [ "databrew:CreateSchedule", + "databrew:DescribeSchedule", "databrew:TagResource", "databrew:UntagResource", "iam:PassRole" @@ -58,13 +58,14 @@ "read": { "permissions": [ "databrew:DescribeSchedule", - "databrew:ListTagsForResource", "iam:ListRoles" ] }, "update": { "permissions": [ - "databrew:UpdateSchedule" + "databrew:UpdateSchedule", + "databrew:TagResource", + "databrew:UntagResource" ] } }, @@ -106,6 +107,17 @@ "CronExpression" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-databrew.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "databrew:TagResource", + "databrew:UntagResource", + "databrew:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::DataBrew::Schedule" } diff --git a/src/schema/aws-datapipeline-pipeline.json b/src/schema/aws-datapipeline-pipeline.json index 6bff9566..c5a9af94 100644 --- a/src/schema/aws-datapipeline-pipeline.json +++ b/src/schema/aws-datapipeline-pipeline.json @@ -246,6 +246,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datapipeline", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "datapipeline:AddTags", + "datapipeline:RemoveTags" + ], "tagOnCreate": true, "tagProperty": "/properties/PipelineTags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-agent.json b/src/schema/aws-datasync-agent.json index 1b410a52..df31a8a2 100644 --- a/src/schema/aws-datasync-agent.json +++ b/src/schema/aws-datasync-agent.json @@ -149,6 +149,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationazureblob.json b/src/schema/aws-datasync-locationazureblob.json index d8914d8b..4a3abc07 100644 --- a/src/schema/aws-datasync-locationazureblob.json +++ b/src/schema/aws-datasync-locationazureblob.json @@ -174,6 +174,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationefs.json b/src/schema/aws-datasync-locationefs.json index f99c009e..fc596623 100644 --- a/src/schema/aws-datasync-locationefs.json +++ b/src/schema/aws-datasync-locationefs.json @@ -2,11 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Ec2Config", - "/properties/EfsFilesystemArn", - "/properties/Subdirectory", - "/properties/FileSystemAccessRoleArn", - "/properties/InTransitEncryption", - "/properties/AccessPointArn" + "/properties/EfsFilesystemArn" ], "definitions": { "Ec2Config": { @@ -98,10 +94,13 @@ }, "update": { "permissions": [ + "datasync:UpdateLocationEfs", "datasync:DescribeLocationEfs", "datasync:ListTagsForResource", "datasync:TagResource", - "datasync:UntagResource" + "datasync:UntagResource", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeAccessPoints" ] } }, @@ -177,6 +176,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationfsxlustre.json b/src/schema/aws-datasync-locationfsxlustre.json index 245323fb..3b43c181 100644 --- a/src/schema/aws-datasync-locationfsxlustre.json +++ b/src/schema/aws-datasync-locationfsxlustre.json @@ -2,8 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/FsxFilesystemArn", - "/properties/SecurityGroupArns", - "/properties/Subdirectory" + "/properties/SecurityGroupArns" ], "definitions": { "Tag": { @@ -66,8 +65,11 @@ "permissions": [ "datasync:DescribeLocationFsxLustre", "datasync:ListTagsForResource", + "datasync:UpdateLocationFsxLustre", "datasync:TagResource", - "datasync:UntagResource" + "datasync:UntagResource", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces" ] } }, @@ -133,6 +135,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationfsxontap.json b/src/schema/aws-datasync-locationfsxontap.json index 3a491a29..d2213af4 100644 --- a/src/schema/aws-datasync-locationfsxontap.json +++ b/src/schema/aws-datasync-locationfsxontap.json @@ -2,9 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/StorageVirtualMachineArn", - "/properties/SecurityGroupArns", - "/properties/Protocol", - "/properties/Subdirectory" + "/properties/SecurityGroupArns" ], "definitions": { "NFS": { @@ -158,10 +156,14 @@ }, "update": { "permissions": [ + "datasync:UpdateLocationFsxOntap", "datasync:DescribeLocationFsxOntap", "datasync:ListTagsForResource", "datasync:TagResource", - "datasync:UntagResource" + "datasync:UntagResource", + "fsx:DescribeFileSystems", + "fsx:DescribeStorageVirtualMachines", + "ec2:DescribeNetworkInterfaces" ] } }, @@ -238,6 +240,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationfsxopenzfs.json b/src/schema/aws-datasync-locationfsxopenzfs.json index 4618f5db..476f554a 100644 --- a/src/schema/aws-datasync-locationfsxopenzfs.json +++ b/src/schema/aws-datasync-locationfsxopenzfs.json @@ -2,9 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/FsxFilesystemArn", - "/properties/SecurityGroupArns", - "/properties/Protocol", - "/properties/Subdirectory" + "/properties/SecurityGroupArns" ], "definitions": { "MountOptions": { @@ -106,9 +104,12 @@ "update": { "permissions": [ "datasync:DescribeLocationFsxOpenZfs", + "datasync:UpdateLocationFsxOpenZfs", "datasync:ListTagsForResource", "datasync:TagResource", - "datasync:UntagResource" + "datasync:UntagResource", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces" ] } }, @@ -178,6 +179,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationfsxwindows.json b/src/schema/aws-datasync-locationfsxwindows.json index 3775adc6..cf02dde4 100644 --- a/src/schema/aws-datasync-locationfsxwindows.json +++ b/src/schema/aws-datasync-locationfsxwindows.json @@ -1,12 +1,8 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Domain", "/properties/FsxFilesystemArn", - "/properties/Password", - "/properties/SecurityGroupArns", - "/properties/Subdirectory", - "/properties/User" + "/properties/SecurityGroupArns" ], "definitions": { "Tag": { @@ -68,9 +64,12 @@ "update": { "permissions": [ "datasync:DescribeLocationFsxWindows", + "datasync:UpdateLocationFsxWindows", "datasync:ListTagsForResource", "datasync:TagResource", - "datasync:UntagResource" + "datasync:UntagResource", + "fsx:DescribeFileSystems", + "ec2:DescribeNetworkInterfaces" ] } }, @@ -152,6 +151,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationhdfs.json b/src/schema/aws-datasync-locationhdfs.json index e388c094..e358ef35 100644 --- a/src/schema/aws-datasync-locationhdfs.json +++ b/src/schema/aws-datasync-locationhdfs.json @@ -236,6 +236,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationnfs.json b/src/schema/aws-datasync-locationnfs.json index 4199dbce..7c05e747 100644 --- a/src/schema/aws-datasync-locationnfs.json +++ b/src/schema/aws-datasync-locationnfs.json @@ -1,8 +1,5 @@ { "additionalProperties": false, - "createOnlyProperties": [ - "/properties/ServerHostname" - ], "definitions": { "MountOptions": { "additionalProperties": false, @@ -163,6 +160,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationobjectstorage.json b/src/schema/aws-datasync-locationobjectstorage.json index 07c03ef6..ea5b1e68 100644 --- a/src/schema/aws-datasync-locationobjectstorage.json +++ b/src/schema/aws-datasync-locationobjectstorage.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/BucketName", - "/properties/ServerHostname" + "/properties/BucketName" ], "definitions": { "Tag": { @@ -168,6 +167,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locations3.json b/src/schema/aws-datasync-locations3.json index 3f7c2dda..3ee3a8aa 100644 --- a/src/schema/aws-datasync-locations3.json +++ b/src/schema/aws-datasync-locations3.json @@ -1,9 +1,6 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/S3Config", - "/properties/S3StorageClass", - "/properties/Subdirectory", "/properties/S3BucketArn" ], "definitions": { @@ -84,7 +81,8 @@ "datasync:DescribeLocationS3", "datasync:ListTagsForResource", "datasync:TagResource", - "datasync:UntagResource" + "datasync:UntagResource", + "datasync:UpdateLocationS3" ] } }, @@ -154,6 +152,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-locationsmb.json b/src/schema/aws-datasync-locationsmb.json index bf09fdeb..a4c2b5e6 100644 --- a/src/schema/aws-datasync-locationsmb.json +++ b/src/schema/aws-datasync-locationsmb.json @@ -1,8 +1,5 @@ { "additionalProperties": false, - "createOnlyProperties": [ - "/properties/ServerHostname" - ], "definitions": { "MountOptions": { "additionalProperties": false, @@ -100,12 +97,50 @@ "minItems": 1, "type": "array" }, + "AuthenticationType": { + "description": "The authentication mode used to determine identity of user.", + "enum": [ + "NTLM", + "KERBEROS" + ], + "type": "string" + }, + "DnsIpAddresses": { + "default": null, + "description": "Specifies the IPv4 addresses for the DNS servers that your SMB file server belongs to. This parameter applies only if AuthenticationType is set to KERBEROS. If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right SMB file server.", + "insertionOrder": true, + "items": { + "maxLength": 15, + "minLength": 7, + "pattern": "\\A(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}\\z", + "type": "string" + }, + "maxItems": 2, + "type": "array" + }, "Domain": { "description": "The name of the Windows domain that the SMB server belongs to.", "maxLength": 253, "pattern": "^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$", "type": "string" }, + "KerberosKeytab": { + "description": "The Base64 string representation of the Keytab file. Specifies your Kerberos key table (keytab) file, which includes mappings between your service principal name (SPN) and encryption keys. To avoid task execution errors, make sure that the SPN in the keytab file matches exactly what you specify for KerberosPrincipal and in your krb5.conf file.", + "maxLength": 87384, + "type": "string" + }, + "KerberosKrb5Conf": { + "description": "The string representation of the Krb5Conf file, or the presigned URL to access the Krb5.conf file within an S3 bucket. Specifies a Kerberos configuration file (krb5.conf) that defines your Kerberos realm configuration. To avoid task execution errors, make sure that the service principal name (SPN) in the krb5.conf file matches exactly what you specify for KerberosPrincipal and in your keytab file.", + "maxLength": 174764, + "type": "string" + }, + "KerberosPrincipal": { + "description": "Specifies a service principal name (SPN), which is an identity in your Kerberos realm that has permission to access the files, folders, and file metadata in your SMB file server. SPNs are case sensitive and must include a prepended cifs/. For example, an SPN might look like cifs/kerberosuser@EXAMPLE.COM. Your task execution will fail if the SPN that you provide for this parameter doesn't match exactly what's in your keytab or krb5.conf files.", + "maxLength": 256, + "minLength": 1, + "pattern": "^.+$", + "type": "string" + }, "LocationArn": { "description": "The Amazon Resource Name (ARN) of the SMB location that is created.", "maxLength": 128, @@ -164,12 +199,16 @@ "/properties/LocationUri" ], "required": [ - "User", "AgentArns" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -179,6 +218,8 @@ "writeOnlyProperties": [ "/properties/Password", "/properties/Subdirectory", - "/properties/ServerHostname" + "/properties/ServerHostname", + "/properties/KerberosKeytab", + "/properties/KerberosKrb5Conf" ] } diff --git a/src/schema/aws-datasync-storagesystem.json b/src/schema/aws-datasync-storagesystem.json index 7af305d6..d31a2d83 100644 --- a/src/schema/aws-datasync-storagesystem.json +++ b/src/schema/aws-datasync-storagesystem.json @@ -202,6 +202,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datasync-task.json b/src/schema/aws-datasync-task.json index 8cc3bba3..b9a99f66 100644 --- a/src/schema/aws-datasync-task.json +++ b/src/schema/aws-datasync-task.json @@ -2,7 +2,8 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/DestinationLocationArn", - "/properties/SourceLocationArn" + "/properties/SourceLocationArn", + "/properties/TaskMode" ], "definitions": { "DestinationNetworkInterfaceArns": { @@ -580,6 +581,14 @@ "pattern": "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]*:[0-9]{12}:task/task-[0-9a-f]{17}$", "type": "string" }, + "TaskMode": { + "description": "Specifies the task mode for the task.", + "enum": [ + "BASIC", + "ENHANCED" + ], + "type": "string" + }, "TaskReportConfig": { "$ref": "#/definitions/TaskReportConfig" } @@ -597,6 +606,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "datasync:TagResource", + "datasync:UntagResource", + "datasync:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datazone-connection.json b/src/schema/aws-datazone-connection.json new file mode 100644 index 00000000..3e564141 --- /dev/null +++ b/src/schema/aws-datazone-connection.json @@ -0,0 +1,888 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DomainIdentifier", + "/properties/EnvironmentIdentifier", + "/properties/Name" + ], + "definitions": { + "AthenaPropertiesInput": { + "additionalProperties": false, + "description": "Athena Properties Input", + "properties": { + "WorkgroupName": { + "maxLength": 128, + "pattern": "^[a-zA-Z0-9._-]+$", + "type": "string" + } + }, + "required": [ + "WorkgroupName" + ], + "type": "object" + }, + "AuthenticationConfigurationInput": { + "additionalProperties": false, + "description": "Authentication Configuration Input", + "properties": { + "AuthenticationType": { + "$ref": "#/definitions/AuthenticationType" + }, + "BasicAuthenticationCredentials": { + "$ref": "#/definitions/BasicAuthenticationCredentials" + }, + "CustomAuthenticationCredentials": { + "$ref": "#/definitions/CredentialMap" + }, + "KmsKeyArn": { + "pattern": "^$|arn:aws[a-z0-9-]*:kms:.*$", + "type": "string" + }, + "OAuth2Properties": { + "$ref": "#/definitions/OAuth2Properties" + }, + "SecretArn": { + "pattern": "^arn:aws(-(cn|us-gov|iso(-[bef])?))?:secretsmanager:.*$", + "type": "string" + } + }, + "type": "object" + }, + "AuthenticationType": { + "description": "Authentication Type", + "enum": [ + "BASIC", + "OAUTH2", + "CUSTOM" + ], + "type": "string" + }, + "AuthorizationCodeProperties": { + "additionalProperties": false, + "description": "Authorization Code Properties", + "properties": { + "AuthorizationCode": { + "maxLength": 4096, + "minLength": 1, + "type": "string" + }, + "RedirectUri": { + "maxLength": 512, + "type": "string" + } + }, + "type": "object" + }, + "AwsLocation": { + "additionalProperties": false, + "description": "AWS Location of project", + "properties": { + "AccessRole": { + "maxLength": 2048, + "pattern": "^arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)/[\\w+=,.@-]*$", + "type": "string" + }, + "AwsAccountId": { + "pattern": "^\\d{12}$", + "type": "string" + }, + "AwsRegion": { + "pattern": "^[a-z]{2}-[a-z]{4,10}-\\d$", + "type": "string" + }, + "IamConnectionId": { + "maxLength": 128, + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + } + }, + "type": "object" + }, + "BasicAuthenticationCredentials": { + "additionalProperties": false, + "description": "Basic Authentication Credentials", + "properties": { + "Password": { + "maxLength": 512, + "pattern": "^.*$", + "type": "string" + }, + "UserName": { + "maxLength": 512, + "pattern": "^\\S+$", + "type": "string" + } + }, + "type": "object" + }, + "ComputeEnvironments": { + "description": "Compute Environments", + "type": "string" + }, + "ConnectionProperties": { + "additionalProperties": false, + "description": "Connection Properties", + "patternProperties": { + ".+": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "ConnectionPropertiesInput": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "AthenaProperties": { + "$ref": "#/definitions/AthenaPropertiesInput" + } + }, + "required": [ + "AthenaProperties" + ], + "title": "AthenaProperties", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "GlueProperties": { + "$ref": "#/definitions/GluePropertiesInput" + } + }, + "required": [ + "GlueProperties" + ], + "title": "GlueProperties", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "HyperPodProperties": { + "$ref": "#/definitions/HyperPodPropertiesInput" + } + }, + "required": [ + "HyperPodProperties" + ], + "title": "HyperPodProperties", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "IamProperties": { + "$ref": "#/definitions/IamPropertiesInput" + } + }, + "required": [ + "IamProperties" + ], + "title": "IamProperties", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "RedshiftProperties": { + "$ref": "#/definitions/RedshiftPropertiesInput" + } + }, + "required": [ + "RedshiftProperties" + ], + "title": "RedshiftProperties", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "SparkEmrProperties": { + "$ref": "#/definitions/SparkEmrPropertiesInput" + } + }, + "required": [ + "SparkEmrProperties" + ], + "title": "SparkEmrProperties", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "SparkGlueProperties": { + "$ref": "#/definitions/SparkGluePropertiesInput" + } + }, + "required": [ + "SparkGlueProperties" + ], + "title": "SparkGlueProperties", + "type": "object" + } + ] + }, + "ConnectionStatus": { + "description": "Connection Status", + "enum": [ + "CREATING", + "CREATE_FAILED", + "DELETING", + "DELETE_FAILED", + "READY", + "UPDATING", + "UPDATE_FAILED", + "DELETED" + ], + "type": "string" + }, + "ConnectionType": { + "description": "Connection Type", + "type": "string" + }, + "CredentialMap": { + "additionalProperties": false, + "description": "Credential Map", + "patternProperties": { + ".+": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "GlueConnectionInput": { + "additionalProperties": false, + "description": "Glue Connection Input", + "properties": { + "AthenaProperties": { + "$ref": "#/definitions/PropertyMap" + }, + "AuthenticationConfiguration": { + "$ref": "#/definitions/AuthenticationConfigurationInput" + }, + "ConnectionProperties": { + "$ref": "#/definitions/ConnectionProperties" + }, + "ConnectionType": { + "$ref": "#/definitions/GlueConnectionType" + }, + "Description": { + "maxLength": 2048, + "pattern": "^[\\u0020-\\uD7FF\\uE000-\\uFFFF\\r\\n\\t]*$", + "type": "string" + }, + "MatchCriteria": { + "maxLength": 10, + "minLength": 0, + "type": "string" + }, + "Name": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[\\u0020-\\uD7FF\\uE000-\\uFFFF\\t]*$", + "type": "string" + }, + "PhysicalConnectionRequirements": { + "$ref": "#/definitions/PhysicalConnectionRequirements" + }, + "PythonProperties": { + "$ref": "#/definitions/PropertyMap" + }, + "SparkProperties": { + "$ref": "#/definitions/PropertyMap" + }, + "ValidateCredentials": { + "type": "boolean" + }, + "ValidateForComputeEnvironments": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ComputeEnvironments" + }, + "maxItems": 50, + "minItems": 1, + "type": "array" + } + }, + "type": "object" + }, + "GlueConnectionType": { + "description": "Glue Connection Type", + "type": "string" + }, + "GlueOAuth2Credentials": { + "additionalProperties": false, + "description": "Glue OAuth2 Credentials", + "properties": { + "AccessToken": { + "maxLength": 4096, + "pattern": "^[\\x20-\\x7E]*$", + "type": "string" + }, + "JwtToken": { + "maxLength": 8000, + "pattern": "^([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_\\-\\+\\/=]*)$", + "type": "string" + }, + "RefreshToken": { + "maxLength": 4096, + "pattern": "^[\\x20-\\x7E]*$", + "type": "string" + }, + "UserManagedClientApplicationClientSecret": { + "maxLength": 512, + "pattern": "^[\\x20-\\x7E]*$", + "type": "string" + } + }, + "type": "object" + }, + "GluePropertiesInput": { + "additionalProperties": false, + "description": "Glue Properties Input", + "properties": { + "GlueConnectionInput": { + "$ref": "#/definitions/GlueConnectionInput" + } + }, + "type": "object" + }, + "HyperPodPropertiesInput": { + "additionalProperties": false, + "description": "HyperPod Properties Input", + "properties": { + "ClusterName": { + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", + "type": "string" + } + }, + "required": [ + "ClusterName" + ], + "type": "object" + }, + "IamPropertiesInput": { + "additionalProperties": false, + "description": "IAM Properties Input", + "properties": { + "GlueLineageSyncEnabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "LineageSyncSchedule": { + "additionalProperties": false, + "description": "Lineage Sync Schedule", + "properties": { + "Schedule": { + "pattern": "^cron\\((\\b[0-5]?[0-9]\\b) (\\b2[0-3]\\b|\\b[0-1]?[0-9]\\b) ([-?*,/\\dLW]){1,83} ([-*,/\\d]|[a-zA-Z]{3}){1,23} ([-?#*,/\\dL]|[a-zA-Z]{3}){1,13} ([^\\)]+)\\)$", + "type": "string" + } + }, + "type": "object" + }, + "OAuth2ClientApplication": { + "additionalProperties": false, + "description": "OAuth2 Client Application", + "properties": { + "AWSManagedClientApplicationReference": { + "maxLength": 2048, + "pattern": "^\\S+$", + "type": "string" + }, + "UserManagedClientApplicationClientId": { + "maxLength": 2048, + "pattern": "^\\S+$", + "type": "string" + } + }, + "type": "object" + }, + "OAuth2GrantType": { + "description": "OAuth2 Grant Type", + "enum": [ + "AUTHORIZATION_CODE", + "CLIENT_CREDENTIALS", + "JWT_BEARER" + ], + "type": "string" + }, + "OAuth2Properties": { + "additionalProperties": false, + "description": "OAuth2 Properties", + "properties": { + "AuthorizationCodeProperties": { + "$ref": "#/definitions/AuthorizationCodeProperties" + }, + "OAuth2ClientApplication": { + "$ref": "#/definitions/OAuth2ClientApplication" + }, + "OAuth2Credentials": { + "$ref": "#/definitions/GlueOAuth2Credentials" + }, + "OAuth2GrantType": { + "$ref": "#/definitions/OAuth2GrantType" + }, + "TokenUrl": { + "maxLength": 256, + "pattern": "^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]$", + "type": "string" + }, + "TokenUrlParametersMap": { + "$ref": "#/definitions/TokenUrlParametersMap" + } + }, + "type": "object" + }, + "PhysicalConnectionRequirements": { + "additionalProperties": false, + "description": "Physical Connection Requirements", + "properties": { + "AvailabilityZone": { + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "SecurityGroupIdList": { + "insertionOrder": false, + "items": { + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "maxItems": 50, + "minItems": 0, + "type": "array" + }, + "SubnetId": { + "maxLength": 32, + "pattern": "^subnet-[a-z0-9]+$", + "type": "string" + }, + "SubnetIdList": { + "insertionOrder": false, + "items": { + "maxLength": 32, + "pattern": "^subnet-[a-z0-9]+$", + "type": "string" + }, + "maxItems": 50, + "minItems": 1, + "type": "array" + } + }, + "type": "object" + }, + "PropertyMap": { + "additionalProperties": false, + "description": "Property Map", + "patternProperties": { + "^[\\u0020-\\uD7FF\\uE000-\\uFFFF\\t]*$": { + "maxLength": 2048, + "minLength": 1, + "pattern": "^[\\u0020-\\uD7FF\\uE000-\\uFFFF\\t]*$", + "type": "string" + } + }, + "type": "object" + }, + "RedshiftCredentials": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "SecretArn": { + "maxLength": 2048, + "pattern": "^arn:aws[^:]*:secretsmanager:[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]:\\d{12}:secret:.*$", + "type": "string" + } + }, + "required": [ + "SecretArn" + ], + "title": "SecretArn", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "UsernamePassword": { + "$ref": "#/definitions/UsernamePassword" + } + }, + "required": [ + "UsernamePassword" + ], + "title": "UsernamePassword", + "type": "object" + } + ] + }, + "RedshiftLineageSyncConfigurationInput": { + "additionalProperties": false, + "description": "Redshift Lineage Sync Configuration Input", + "properties": { + "Enabled": { + "type": "boolean" + }, + "Schedule": { + "$ref": "#/definitions/LineageSyncSchedule" + } + }, + "type": "object" + }, + "RedshiftPropertiesInput": { + "additionalProperties": false, + "description": "Redshift Properties Input", + "properties": { + "Credentials": { + "$ref": "#/definitions/RedshiftCredentials" + }, + "DatabaseName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-z0-9]+$", + "type": "string" + }, + "Host": { + "maxLength": 256, + "pattern": "^[\\S]*$", + "type": "string" + }, + "LineageSync": { + "$ref": "#/definitions/RedshiftLineageSyncConfigurationInput" + }, + "Port": { + "maximum": 65535, + "minimum": 0, + "type": "number" + }, + "Storage": { + "$ref": "#/definitions/RedshiftStorageProperties" + } + }, + "type": "object" + }, + "RedshiftStorageProperties": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "ClusterName": { + "maxLength": 63, + "minLength": 0, + "pattern": "^[a-z0-9-]+$", + "type": "string" + } + }, + "required": [ + "ClusterName" + ], + "title": "ClusterName", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "WorkgroupName": { + "maxLength": 64, + "minLength": 3, + "pattern": "^[a-z0-9-]+$", + "type": "string" + } + }, + "required": [ + "WorkgroupName" + ], + "title": "WorkgroupName", + "type": "object" + } + ] + }, + "SparkEmrPropertiesInput": { + "additionalProperties": false, + "description": "Spark EMR Properties Input.", + "properties": { + "ComputeArn": { + "maxLength": 2048, + "pattern": "^arn:aws(-(cn|us-gov|iso(-[bef])?))?:(elasticmapreduce|emr-serverless):.*", + "type": "string" + }, + "InstanceProfileArn": { + "maxLength": 2048, + "pattern": "^arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)/[\\w+=,.@-]*$", + "type": "string" + }, + "JavaVirtualEnv": { + "maxLength": 256, + "pattern": "^[\\S]*$", + "type": "string" + }, + "LogUri": { + "maxLength": 2048, + "pattern": "^s3://.+$", + "type": "string" + }, + "PythonVirtualEnv": { + "maxLength": 256, + "pattern": "^[\\S]*$", + "type": "string" + }, + "RuntimeRole": { + "maxLength": 2048, + "pattern": "^arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)/[\\w+=,.@-]*$", + "type": "string" + }, + "TrustedCertificatesS3Uri": { + "maxLength": 2048, + "pattern": "^s3://.+$", + "type": "string" + } + }, + "type": "object" + }, + "SparkGlueArgs": { + "additionalProperties": false, + "description": "Spark Glue Args.", + "properties": { + "Connection": { + "maxLength": 128, + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + } + }, + "type": "object" + }, + "SparkGluePropertiesInput": { + "additionalProperties": false, + "description": "Spark Glue Properties Input.", + "properties": { + "AdditionalArgs": { + "$ref": "#/definitions/SparkGlueArgs" + }, + "GlueConnectionName": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[\\S]*$", + "type": "string" + }, + "GlueVersion": { + "maxLength": 256, + "pattern": "^\\w+\\.\\w+$", + "type": "string" + }, + "IdleTimeout": { + "maximum": 3000, + "minimum": 1, + "type": "number" + }, + "JavaVirtualEnv": { + "maxLength": 256, + "pattern": "^[\\S]*$", + "type": "string" + }, + "NumberOfWorkers": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "PythonVirtualEnv": { + "maxLength": 256, + "pattern": "^[\\S]*$", + "type": "string" + }, + "WorkerType": { + "maxLength": 256, + "pattern": "^[G|Z].*$", + "type": "string" + } + }, + "type": "object" + }, + "TokenUrlParametersMap": { + "additionalProperties": false, + "description": "The token URL parameters.", + "patternProperties": { + ".+": { + "maxLength": 512, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "UsernamePassword": { + "additionalProperties": false, + "description": "The username and password to be used for authentication.", + "properties": { + "Password": { + "maxLength": 64, + "pattern": "^[\\S]*$", + "type": "string" + }, + "Username": { + "maxLength": 127, + "minLength": 1, + "pattern": "^[\\S]*$", + "type": "string" + } + }, + "required": [ + "Password", + "Username" + ], + "type": "object" + } + }, + "description": "Connections enables users to connect their DataZone resources (domains, projects, and environments) to external resources/services (data, compute, etc)", + "handlers": { + "create": { + "permissions": [ + "datazone:CreateConnection", + "datazone:GetConnection", + "datazone:DeleteConnection" + ] + }, + "delete": { + "permissions": [ + "datazone:DeleteConnection", + "datazone:GetConnection" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "DomainIdentifier": { + "$ref": "resource-schema.json#/properties/DomainIdentifier" + }, + "ProjectIdentifier": { + "$ref": "resource-schema.json#/properties/ProjectId" + } + }, + "required": [ + "DomainIdentifier" + ] + }, + "permissions": [ + "datazone:ListConnections" + ] + }, + "read": { + "permissions": [ + "datazone:GetConnection" + ] + }, + "update": { + "permissions": [ + "datazone:UpdateConnection", + "datazone:GetConnection", + "datazone:DeleteConnection" + ] + } + }, + "primaryIdentifier": [ + "/properties/DomainId", + "/properties/ConnectionId" + ], + "properties": { + "AwsLocation": { + "$ref": "#/definitions/AwsLocation" + }, + "ConnectionId": { + "description": "The ID of the connection.", + "maxLength": 128, + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "Description": { + "description": "The description of the connection.", + "maxLength": 128, + "pattern": "^[\\S\\s]*$", + "type": "string" + }, + "DomainId": { + "description": "The ID of the domain in which the connection is created.", + "pattern": "^dzd[_][a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "DomainIdentifier": { + "description": "The identifier of the domain in which the connection is created.", + "pattern": "^dzd[_][a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "DomainUnitId": { + "description": "The ID of the domain unit in which the connection is created.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-z0-9_\\-]+$", + "type": "string" + }, + "EnvironmentId": { + "description": "The ID of the environment in which the connection is created.", + "pattern": "^[a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "EnvironmentIdentifier": { + "description": "The identifier of the environment in which the connection is created.", + "type": "string" + }, + "EnvironmentUserRole": { + "description": "The role of the user in the environment.", + "type": "string" + }, + "Name": { + "description": "The name of the connection.", + "maxLength": 64, + "pattern": "^[\\w][\\w\\.\\-\\_]*$", + "type": "string" + }, + "ProjectId": { + "description": "The ID of the project in which the connection is created.", + "pattern": "^[a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "Props": { + "$ref": "#/definitions/ConnectionPropertiesInput" + }, + "Type": { + "$ref": "#/definitions/ConnectionType" + } + }, + "readOnlyProperties": [ + "/properties/ConnectionId", + "/properties/DomainId", + "/properties/DomainUnitId", + "/properties/EnvironmentId", + "/properties/EnvironmentUserRole", + "/properties/ProjectId", + "/properties/Type" + ], + "required": [ + "DomainIdentifier", + "EnvironmentIdentifier", + "Name" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datazone", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::DataZone::Connection", + "writeOnlyProperties": [ + "/properties/AwsLocation", + "/properties/DomainIdentifier", + "/properties/EnvironmentIdentifier", + "/properties/Props" + ] +} diff --git a/src/schema/aws-datazone-datasource.json b/src/schema/aws-datazone-datasource.json index 993337aa..71b1fa7e 100644 --- a/src/schema/aws-datazone-datasource.json +++ b/src/schema/aws-datazone-datasource.json @@ -1,6 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ + "/properties/ConnectionIdentifier", "/properties/EnvironmentIdentifier", "/properties/DomainIdentifier", "/properties/ProjectIdentifier", @@ -19,7 +20,7 @@ "type": "string" }, "DataSourceConfigurationInput": { - "description": "Specifies the configuration of the data source. It can be set to either glueRunConfiguration or redshiftRunConfiguration.", + "description": "Specifies the configuration of the data source. It can be set to either glueRunConfiguration or redshiftRunConfiguration or sageMakerRunConfiguration.", "oneOf": [ { "additionalProperties": false, @@ -40,6 +41,16 @@ }, "title": "RedshiftRunConfiguration", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "SageMakerRunConfiguration": { + "$ref": "#/definitions/SageMakerRunConfigurationInput" + } + }, + "title": "SageMakerRunConfiguration", + "type": "object" } ] }, @@ -136,6 +147,12 @@ "description": "Specifies whether to automatically import data quality metrics as part of the data source run.", "type": "boolean" }, + "CatalogName": { + "description": "The catalog name in the AWS Glue run configuration.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, "DataAccessRole": { "$ref": "#/definitions/DataAccessRole", "description": "The data access role included in the configuration details of the AWS Glue data source." @@ -219,8 +236,6 @@ } }, "required": [ - "RedshiftCredentialConfiguration", - "RedshiftStorage", "RelationalFilterConfigurations" ], "type": "object" @@ -319,6 +334,20 @@ }, "type": "array" }, + "SageMakerRunConfigurationInput": { + "additionalProperties": false, + "description": "The configuration details of the Amazon SageMaker data source.", + "properties": { + "TrackingAssets": { + "$ref": "#/definitions/TrackingAssets", + "description": "The tracking assets of the Amazon SageMaker run." + } + }, + "required": [ + "TrackingAssets" + ], + "type": "object" + }, "ScheduleConfiguration": { "additionalProperties": false, "description": "The schedule of the data source runs.", @@ -340,6 +369,23 @@ "Timezone": { "type": "string" }, + "TrackingAssets": { + "additionalProperties": false, + "description": "The tracking assets of the Amazon SageMaker run.", + "maxProperties": 1, + "patternProperties": { + "^.{1,64}$": { + "items": { + "pattern": "^arn:aws[^:]*:sagemaker:[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]:\\d{12}:[\\w+=,.@-]{1,128}/[\\w+=,.@-]{1,256}$", + "type": "string" + }, + "maxItems": 500, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, "TypeRevision": { "description": "The revision of the metadata form type.", "maxLength": 64, @@ -413,6 +459,14 @@ "$ref": "#/definitions/DataSourceConfigurationInput", "description": "Configuration of the data source. It can be set to either glueRunConfiguration or redshiftRunConfiguration." }, + "ConnectionId": { + "description": "The unique identifier of a connection used to fetch relevant parameters from connection during Datasource run", + "type": "string" + }, + "ConnectionIdentifier": { + "description": "The unique identifier of a connection used to fetch relevant parameters from connection during Datasource run", + "type": "string" + }, "CreatedAt": { "description": "The timestamp of when the data source was created.", "format": "date-time", @@ -439,7 +493,6 @@ }, "EnvironmentId": { "description": "The unique identifier of the Amazon DataZone environment to which the data source publishes assets.", - "pattern": "^[a-zA-Z0-9_-]{1,36}$", "type": "string" }, "EnvironmentIdentifier": { @@ -507,6 +560,7 @@ } }, "readOnlyProperties": [ + "/properties/ConnectionId", "/properties/CreatedAt", "/properties/DomainId", "/properties/EnvironmentId", @@ -522,7 +576,6 @@ "Name", "DomainIdentifier", "ProjectIdentifier", - "EnvironmentIdentifier", "Type" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datazone", @@ -535,6 +588,7 @@ "typeName": "AWS::DataZone::DataSource", "writeOnlyProperties": [ "/properties/AssetFormsInput", + "/properties/ConnectionIdentifier", "/properties/EnvironmentIdentifier", "/properties/DomainIdentifier", "/properties/Configuration", diff --git a/src/schema/aws-datazone-domain.json b/src/schema/aws-datazone-domain.json index c48a3f35..2d1649f7 100644 --- a/src/schema/aws-datazone-domain.json +++ b/src/schema/aws-datazone-domain.json @@ -6,7 +6,8 @@ ], "additionalProperties": false, "createOnlyProperties": [ - "/properties/KmsKeyIdentifier" + "/properties/KmsKeyIdentifier", + "/properties/DomainVersion" ], "definitions": { "AuthType": { @@ -29,10 +30,20 @@ ], "type": "string" }, + "IdcInstanceArn": { + "description": "The ARN of the AWS Identity Center instance.", + "maxLength": 1224, + "minLength": 10, + "pattern": "arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}", + "type": "string" + }, "SingleSignOn": { "additionalProperties": false, "description": "The single-sign on configuration of the Amazon DataZone domain.", "properties": { + "IdcInstanceArn": { + "$ref": "#/definitions/IdcInstanceArn" + }, "Type": { "$ref": "#/definitions/AuthType" }, @@ -84,13 +95,28 @@ "datazone:TagResource", "sso:CreateManagedApplicationInstance", "sso:DeleteManagedApplicationInstance", - "sso:PutApplicationAssignmentConfiguration" + "sso:PutApplicationAssignmentConfiguration", + "sso:ListInstances", + "sso:PutApplicationAccessScope", + "sso:PutApplicationGrant", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationAccessScope", + "sso:CreateApplication", + "sso:DeleteApplication", + "sso:CreateApplicationAssignment", + "sso:DeleteApplicationAssignment", + "iam:PassRole" ] }, "delete": { "permissions": [ "datazone:DeleteDomain", - "datazone:GetDomain" + "datazone:GetDomain", + "sso:DeleteManagedApplicationInstance", + "sso:PutApplicationAssignmentConfiguration", + "sso:DeleteApplication", + "sso:DeleteApplicationAssignment", + "sso:ListInstances" ] }, "list": { @@ -111,7 +137,10 @@ "datazone:UntagResource", "sso:CreateManagedApplicationInstance", "sso:DeleteManagedApplicationInstance", - "sso:PutApplicationAssignmentConfiguration" + "sso:PutApplicationAssignmentConfiguration", + "sso:ListInstances", + "sso:PutApplicationAccessScope", + "iam:PassRole" ] } }, @@ -138,6 +167,14 @@ "pattern": "^arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)/[\\w+=,.@-]*$", "type": "string" }, + "DomainVersion": { + "description": "The version of the domain.", + "enum": [ + "V1", + "V2" + ], + "type": "string" + }, "Id": { "description": "The id of the Amazon DataZone domain.", "pattern": "^dzd[-_][a-zA-Z0-9_-]{1,36}$", @@ -167,6 +204,18 @@ "description": "The URL of the data portal for this Amazon DataZone domain.", "type": "string" }, + "RootDomainUnitId": { + "description": "The ID of the root domain in Amazon Datazone.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-z0-9_\\-]+$", + "type": "string" + }, + "ServiceRole": { + "description": "The service role of the domain that is created.", + "pattern": "^arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)/[\\w+=,.@-]*$", + "type": "string" + }, "SingleSignOn": { "$ref": "#/definitions/SingleSignOn", "description": "The single-sign on configuration of the Amazon DataZone domain." @@ -186,6 +235,7 @@ } }, "readOnlyProperties": [ + "/properties/RootDomainUnitId", "/properties/Arn", "/properties/CreatedAt", "/properties/Id", @@ -200,6 +250,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "datazone:TagResource", + "datazone:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-datazone-environment.json b/src/schema/aws-datazone-environment.json index 43100b34..e52839ae 100644 --- a/src/schema/aws-datazone-environment.json +++ b/src/schema/aws-datazone-environment.json @@ -9,7 +9,9 @@ "/properties/DomainIdentifier", "/properties/EnvironmentProfileIdentifier", "/properties/ProjectIdentifier", - "/properties/UserParameters" + "/properties/UserParameters", + "/properties/EnvironmentAccountIdentifier", + "/properties/EnvironmentAccountRegion" ], "definitions": { "EnvironmentParameter": { @@ -53,7 +55,9 @@ "permissions": [ "datazone:CreateEnvironment", "datazone:GetEnvironment", - "datazone:DeleteEnvironment" + "datazone:DeleteEnvironment", + "datazone:AssociateEnvironmentRole", + "iam:PassRole" ] }, "delete": { @@ -90,7 +94,10 @@ "permissions": [ "datazone:UpdateEnvironment", "datazone:GetEnvironment", - "datazone:DeleteEnvironment" + "datazone:DeleteEnvironment", + "datazone:AssociateEnvironmentRole", + "datazone:DisassociateEnvironmentRole", + "iam:PassRole" ] } }, @@ -133,6 +140,16 @@ "pattern": "^dzd[-_][a-zA-Z0-9_-]{1,36}$", "type": "string" }, + "EnvironmentAccountIdentifier": { + "description": "The AWS account in which the Amazon DataZone environment is created.", + "pattern": "^\\d{12}$", + "type": "string" + }, + "EnvironmentAccountRegion": { + "description": "The AWS region in which the Amazon DataZone environment is created.", + "pattern": "^[a-z]{2}-[a-z]{4,10}-\\d$", + "type": "string" + }, "EnvironmentBlueprintId": { "description": "The ID of the blueprint with which the Amazon DataZone environment was created.", "pattern": "^[a-zA-Z0-9_-]{1,36}$", @@ -140,12 +157,16 @@ }, "EnvironmentProfileId": { "description": "The ID of the environment profile with which the Amazon DataZone environment was created.", - "pattern": "^[a-zA-Z0-9_-]{1,36}$", + "pattern": "^[a-zA-Z0-9_-]{0,36}$", "type": "string" }, "EnvironmentProfileIdentifier": { "description": "The ID of the environment profile with which the Amazon DataZone environment would be created.", - "pattern": "^[a-zA-Z0-9_-]{1,36}$", + "pattern": "^[a-zA-Z0-9_-]{0,36}$", + "type": "string" + }, + "EnvironmentRoleArn": { + "description": "Environment role arn for custom aws environment permissions", "type": "string" }, "GlossaryTerms": { @@ -218,7 +239,6 @@ "/properties/UpdatedAt" ], "required": [ - "EnvironmentProfileIdentifier", "Name", "ProjectIdentifier", "DomainIdentifier" @@ -231,6 +251,9 @@ "writeOnlyProperties": [ "/properties/EnvironmentProfileIdentifier", "/properties/ProjectIdentifier", - "/properties/DomainIdentifier" + "/properties/DomainIdentifier", + "/properties/EnvironmentAccountIdentifier", + "/properties/EnvironmentAccountRegion", + "/properties/EnvironmentRoleArn" ] } diff --git a/src/schema/aws-datazone-environmentactions.json b/src/schema/aws-datazone-environmentactions.json new file mode 100644 index 00000000..979a076e --- /dev/null +++ b/src/schema/aws-datazone-environmentactions.json @@ -0,0 +1,156 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/EnvironmentIdentifier" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DomainIdentifier", + "/properties/EnvironmentIdentifier" + ], + "definitions": { + "AwsConsoleLinkParameters": { + "additionalProperties": false, + "description": "The parameters of the console link specified as part of the environment action", + "properties": { + "Uri": { + "$ref": "#/definitions/EnvironmentActionURI" + } + }, + "type": "object" + }, + "EnvironmentActionURI": { + "description": "The URI of the console link specified as part of the environment action.", + "maxLength": 2048, + "minLength": 1, + "type": "string" + } + }, + "description": "Definition of AWS::DataZone::EnvironmentActions Resource Type", + "handlers": { + "create": { + "permissions": [ + "datazone:CreateEnvironmentAction", + "datazone:GetEnvironmentAction", + "datazone:DeleteEnvironmentAction" + ] + }, + "delete": { + "permissions": [ + "datazone:DeleteEnvironmentAction", + "datazone:GetEnvironmentAction" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "DomainIdentifier": { + "$ref": "resource-schema.json#/properties/DomainIdentifier" + }, + "EnvironmentIdentifier": { + "$ref": "resource-schema.json#/properties/EnvironmentIdentifier" + } + }, + "required": [ + "DomainIdentifier", + "EnvironmentIdentifier" + ] + }, + "permissions": [ + "datazone:ListEnvironmentActions" + ] + }, + "read": { + "permissions": [ + "datazone:GetEnvironmentAction" + ] + }, + "update": { + "permissions": [ + "datazone:UpdateEnvironmentAction", + "datazone:GetEnvironmentAction", + "datazone:DeleteEnvironmentAction" + ] + } + }, + "primaryIdentifier": [ + "/properties/DomainId", + "/properties/EnvironmentId", + "/properties/Id" + ], + "properties": { + "Description": { + "description": "The description of the Amazon DataZone environment action.", + "maxLength": 2048, + "type": "string" + }, + "DomainId": { + "description": "The identifier of the Amazon DataZone domain in which the environment is created.", + "pattern": "^dzd[-_][a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "DomainIdentifier": { + "description": "The identifier of the Amazon DataZone domain in which the environment would be created.", + "pattern": "^dzd[-_][a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "EnvironmentId": { + "description": "The identifier of the Amazon DataZone environment in which the action is taking place", + "maxLength": 36, + "minLength": 1, + "pattern": "[a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "EnvironmentIdentifier": { + "description": "The identifier of the Amazon DataZone environment in which the action is taking place", + "maxLength": 36, + "minLength": 1, + "pattern": "[a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "Id": { + "description": "The ID of the Amazon DataZone environment action.", + "maxLength": 36, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "Identifier": { + "description": "The ID of the Amazon DataZone environment action.", + "maxLength": 36, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]{1,36}$", + "type": "string" + }, + "Name": { + "description": "The name of the environment action.", + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\w -]+$", + "type": "string" + }, + "Parameters": { + "$ref": "#/definitions/AwsConsoleLinkParameters", + "description": "The parameters of the environment action." + } + }, + "readOnlyProperties": [ + "/properties/DomainId", + "/properties/EnvironmentId", + "/properties/Id" + ], + "required": [ + "Name" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datazone", + "tagging": { + "taggable": false + }, + "typeName": "AWS::DataZone::EnvironmentActions", + "writeOnlyProperties": [ + "/properties/EnvironmentIdentifier", + "/properties/DomainIdentifier", + "/properties/Identifier" + ] +} diff --git a/src/schema/aws-datazone-projectmembership.json b/src/schema/aws-datazone-projectmembership.json index 5470f07d..76dbd34f 100644 --- a/src/schema/aws-datazone-projectmembership.json +++ b/src/schema/aws-datazone-projectmembership.json @@ -46,7 +46,10 @@ "UserDesignation": { "enum": [ "PROJECT_OWNER", - "PROJECT_CONTRIBUTOR" + "PROJECT_CONTRIBUTOR", + "PROJECT_CATALOG_VIEWER", + "PROJECT_CATALOG_CONSUMER", + "PROJECT_CATALOG_STEWARD" ], "type": "string" } diff --git a/src/schema/aws-datazone-subscriptiontarget.json b/src/schema/aws-datazone-subscriptiontarget.json index 098db8bb..a23edd58 100644 --- a/src/schema/aws-datazone-subscriptiontarget.json +++ b/src/schema/aws-datazone-subscriptiontarget.json @@ -192,7 +192,6 @@ "AuthorizedPrincipals", "DomainIdentifier", "EnvironmentIdentifier", - "ManageAccessRole", "Name", "SubscriptionTargetConfig", "Type" diff --git a/src/schema/aws-deadline-fleet.json b/src/schema/aws-deadline-fleet.json index 931c88cf..98fe7c9d 100644 --- a/src/schema/aws-deadline-fleet.json +++ b/src/schema/aws-deadline-fleet.json @@ -4,6 +4,25 @@ "/properties/FarmId" ], "definitions": { + "AcceleratorCapabilities": { + "additionalProperties": false, + "properties": { + "Count": { + "$ref": "#/definitions/AcceleratorCountRange" + }, + "Selections": { + "items": { + "$ref": "#/definitions/AcceleratorSelection" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Selections" + ], + "type": "object" + }, "AcceleratorCountRange": { "additionalProperties": false, "properties": { @@ -23,6 +42,29 @@ ], "type": "object" }, + "AcceleratorSelection": { + "additionalProperties": false, + "properties": { + "Name": { + "enum": [ + "t4", + "a10g", + "l4", + "l40s" + ], + "type": "string" + }, + "Runtime": { + "maxLength": 100, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, "AcceleratorTotalMemoryMiBRange": { "additionalProperties": false, "properties": { @@ -320,6 +362,9 @@ "ServiceManagedEc2InstanceCapabilities": { "additionalProperties": false, "properties": { + "AcceleratorCapabilities": { + "$ref": "#/definitions/AcceleratorCapabilities" + }, "AllowedInstanceTypes": { "items": { "pattern": "^[a-zA-Z0-9]+\\.[a-zA-Z0-9]+$", @@ -392,7 +437,8 @@ }, "ServiceManagedFleetOperatingSystemFamily": { "enum": [ - "LINUX" + "LINUX", + "WINDOWS" ], "type": "string" }, @@ -571,6 +617,7 @@ "required": [ "Configuration", "DisplayName", + "FarmId", "MaxWorkerCount", "RoleArn" ], diff --git a/src/schema/aws-deadline-limit.json b/src/schema/aws-deadline-limit.json new file mode 100644 index 00000000..2c18d5e6 --- /dev/null +++ b/src/schema/aws-deadline-limit.json @@ -0,0 +1,114 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AmountRequirementName", + "/properties/FarmId" + ], + "description": "Definition of AWS::Deadline::Limit Resource Type", + "handlers": { + "create": { + "permissions": [ + "deadline:CreateLimit", + "deadline:GetLimit", + "kms:Encrypt", + "identitystore:ListGroupMembershipsForMember" + ] + }, + "delete": { + "permissions": [ + "deadline:DeleteLimit", + "deadline:GetLimit", + "kms:Decrypt", + "identitystore:ListGroupMembershipsForMember" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "FarmId": { + "$ref": "resource-schema.json#/properties/FarmId" + } + }, + "required": [ + "FarmId" + ] + }, + "permissions": [ + "deadline:ListLimits", + "identitystore:ListGroupMembershipsForMember" + ] + }, + "read": { + "permissions": [ + "deadline:GetLimit", + "kms:Decrypt", + "identitystore:ListGroupMembershipsForMember" + ] + }, + "update": { + "permissions": [ + "deadline:UpdateLimit", + "deadline:GetLimit", + "kms:Encrypt", + "identitystore:ListGroupMembershipsForMember" + ] + } + }, + "primaryIdentifier": [ + "/properties/FarmId", + "/properties/LimitId" + ], + "properties": { + "AmountRequirementName": { + "maxLength": 1024, + "type": "string" + }, + "CurrentCount": { + "maximum": 2147483647, + "minimum": 0, + "type": "integer" + }, + "Description": { + "default": "", + "maxLength": 100, + "minLength": 0, + "type": "string" + }, + "DisplayName": { + "maxLength": 100, + "minLength": 1, + "type": "string" + }, + "FarmId": { + "pattern": "^farm-[0-9a-f]{32}$", + "type": "string" + }, + "LimitId": { + "pattern": "^limit-[0-9a-f]{32}$", + "type": "string" + }, + "MaxCount": { + "maximum": 2147483647, + "minimum": -1, + "type": "integer" + } + }, + "readOnlyProperties": [ + "/properties/CurrentCount", + "/properties/LimitId" + ], + "required": [ + "AmountRequirementName", + "DisplayName", + "MaxCount", + "FarmId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-deadline", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Deadline::Limit" +} diff --git a/src/schema/aws-deadline-queue.json b/src/schema/aws-deadline-queue.json index 09eed07b..12779cca 100644 --- a/src/schema/aws-deadline-queue.json +++ b/src/schema/aws-deadline-queue.json @@ -265,7 +265,8 @@ "/properties/Arn" ], "required": [ - "DisplayName" + "DisplayName", + "FarmId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-deadline", "tagging": { diff --git a/src/schema/aws-deadline-queuelimitassociation.json b/src/schema/aws-deadline-queuelimitassociation.json new file mode 100644 index 00000000..7edec7fb --- /dev/null +++ b/src/schema/aws-deadline-queuelimitassociation.json @@ -0,0 +1,80 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/FarmId", + "/properties/LimitId", + "/properties/QueueId" + ], + "description": "Definition of AWS::Deadline::QueueLimitAssociation Resource Type", + "handlers": { + "create": { + "permissions": [ + "deadline:CreateQueueLimitAssociation", + "deadline:GetQueueLimitAssociation", + "identitystore:ListGroupMembershipsForMember" + ] + }, + "delete": { + "permissions": [ + "deadline:DeleteQueueLimitAssociation", + "deadline:GetQueueLimitAssociation", + "deadline:UpdateQueueLimitAssociation", + "identitystore:ListGroupMembershipsForMember" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "FarmId": { + "$ref": "resource-schema.json#/properties/FarmId" + } + }, + "required": [ + "FarmId" + ] + }, + "permissions": [ + "deadline:ListQueueLimitAssociations", + "identitystore:ListGroupMembershipsForMember" + ] + }, + "read": { + "permissions": [ + "deadline:GetQueueLimitAssociation", + "identitystore:ListGroupMembershipsForMember" + ] + } + }, + "primaryIdentifier": [ + "/properties/FarmId", + "/properties/LimitId", + "/properties/QueueId" + ], + "properties": { + "FarmId": { + "pattern": "^farm-[0-9a-f]{32}$", + "type": "string" + }, + "LimitId": { + "pattern": "^limit-[0-9a-f]{32}$", + "type": "string" + }, + "QueueId": { + "pattern": "^queue-[0-9a-f]{32}$", + "type": "string" + } + }, + "required": [ + "FarmId", + "LimitId", + "QueueId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-deadline", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Deadline::QueueLimitAssociation" +} diff --git a/src/schema/aws-deadline-storageprofile.json b/src/schema/aws-deadline-storageprofile.json index cb178510..98ee4c28 100644 --- a/src/schema/aws-deadline-storageprofile.json +++ b/src/schema/aws-deadline-storageprofile.json @@ -126,6 +126,7 @@ ], "required": [ "DisplayName", + "FarmId", "OsFamily" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-deadline", diff --git a/src/schema/aws-detective-graph.json b/src/schema/aws-detective-graph.json index 2d2dadc2..e5ca6022 100644 --- a/src/schema/aws-detective-graph.json +++ b/src/schema/aws-detective-graph.json @@ -26,13 +26,16 @@ "create": { "permissions": [ "detective:CreateGraph", + "detective:ListGraphs", + "detective:TagResource", "detective:UpdateOrganizationConfiguration", "organizations:DescribeOrganization" ] }, "delete": { "permissions": [ - "detective:DeleteGraph" + "detective:DeleteGraph", + "detective:ListGraphs" ] }, "list": { @@ -53,6 +56,7 @@ }, "update": { "permissions": [ + "detective:ListGraphs", "detective:UntagResource", "detective:TagResource", "detective:ListTagsForResource", @@ -85,5 +89,17 @@ "/properties/Arn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-detective.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "detective:UntagResource", + "detective:TagResource", + "detective:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Detective::Graph" } diff --git a/src/schema/aws-detective-memberinvitation.json b/src/schema/aws-detective-memberinvitation.json index 48f4f1e8..00c8d94e 100644 --- a/src/schema/aws-detective-memberinvitation.json +++ b/src/schema/aws-detective-memberinvitation.json @@ -70,6 +70,9 @@ "MemberEmailAddress" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-detective.git", + "tagging": { + "taggable": false + }, "typeName": "AWS::Detective::MemberInvitation", "writeOnlyProperties": [ "/properties/Message", diff --git a/src/schema/aws-devopsguru-notificationchannel.json b/src/schema/aws-devopsguru-notificationchannel.json index cc5af51c..cd2da759 100644 --- a/src/schema/aws-devopsguru-notificationchannel.json +++ b/src/schema/aws-devopsguru-notificationchannel.json @@ -134,5 +134,8 @@ "Config" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-devops-guru", + "tagging": { + "taggable": false + }, "typeName": "AWS::DevOpsGuru::NotificationChannel" } diff --git a/src/schema/aws-dms-datamigration.json b/src/schema/aws-dms-datamigration.json new file mode 100644 index 00000000..4c3816e6 --- /dev/null +++ b/src/schema/aws-dms-datamigration.json @@ -0,0 +1,216 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/DataMigrationName" + ] + ], + "additionalProperties": false, + "definitions": { + "DataMigrationSettings": { + "additionalProperties": false, + "properties": { + "CloudwatchLogsEnabled": { + "description": "The property specifies whether to enable the Cloudwatch log.", + "type": "boolean" + }, + "NumberOfJobs": { + "description": "The number of parallel jobs that trigger parallel threads to unload the tables from the source, and then load them to the target.", + "maximum": 50, + "minimum": 1, + "type": "integer" + }, + "SelectionRules": { + "description": "The property specifies the rules of selecting objects for data migration.", + "type": "string" + } + }, + "type": "object" + }, + "SourceDataSettings": { + "additionalProperties": false, + "properties": { + "CDCStartPosition": { + "description": "The property is a point in the database engine's log that defines a time where you can begin CDC.", + "maxLength": 40, + "type": "string" + }, + "CDCStartTime": { + "description": "The property indicates the start time for a change data capture (CDC) operation. The value is server time in UTC format.", + "maxLength": 40, + "type": "string" + }, + "CDCStopTime": { + "description": "The property indicates the stop time for a change data capture (CDC) operation. The value is server time in UTC format.", + "maxLength": 40, + "type": "string" + }, + "SlotName": { + "description": "The property sets the name of a previously created logical replication slot for a change data capture (CDC) load of the source instance.", + "maxLength": 255, + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Resource schema for AWS::DMS::DataMigration.", + "handlers": { + "create": { + "permissions": [ + "dms:CreateDataMigration", + "dms:DescribeDataMigrations", + "dms:AddTagsToResource", + "dms:ListTagsForResource", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "dms:DeleteDataMigration", + "dms:RemoveTagsFromResource" + ] + }, + "list": { + "permissions": [ + "dms:DescribeDataMigrations", + "dms:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "dms:DescribeDataMigrations", + "dms:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "dms:ModifyDataMigration", + "dms:AddTagsToResource", + "dms:RemoveTagsFromResource", + "dms:ListTagsForResource", + "iam:PassRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/DataMigrationArn" + ], + "properties": { + "DataMigrationArn": { + "description": "The property describes an ARN of the data migration.", + "maxLength": 300, + "minLength": 1, + "type": "string" + }, + "DataMigrationCreateTime": { + "description": "The property describes the create time of the data migration.", + "maxLength": 40, + "minLength": 1, + "type": "string" + }, + "DataMigrationIdentifier": { + "description": "The property describes an ARN of the data migration.", + "maxLength": 300, + "minLength": 1, + "type": "string" + }, + "DataMigrationName": { + "description": "The property describes a name to identify the data migration.", + "maxLength": 300, + "minLength": 1, + "type": "string" + }, + "DataMigrationSettings": { + "$ref": "#/definitions/DataMigrationSettings", + "description": "The property describes the settings for the data migration." + }, + "DataMigrationType": { + "description": "The property describes the type of migration.", + "enum": [ + "full-load", + "cdc", + "full-load-and-cdc" + ], + "type": "string" + }, + "MigrationProjectIdentifier": { + "description": "The property describes an identifier for the migration project. It is used for describing/deleting/modifying can be name/arn", + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "ServiceAccessRoleArn": { + "description": "The property describes Amazon Resource Name (ARN) of the service access role.", + "maxLength": 300, + "minLength": 1, + "type": "string" + }, + "SourceDataSettings": { + "description": "The property describes the settings for the data migration.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SourceDataSettings" + }, + "type": "array", + "uniqueItems": true + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/DataMigrationArn", + "/properties/DataMigrationCreateTime" + ], + "required": [ + "DataMigrationType", + "MigrationProjectIdentifier", + "ServiceAccessRoleArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "dms:AddTagsToResource", + "dms:RemoveTagsFromResource", + "dms:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::DMS::DataMigration", + "writeOnlyProperties": [ + "/properties/DataMigrationIdentifier" + ] +} diff --git a/src/schema/aws-dms-dataprovider.json b/src/schema/aws-dms-dataprovider.json index 1d9028f3..82fa12a3 100644 --- a/src/schema/aws-dms-dataprovider.json +++ b/src/schema/aws-dms-dataprovider.json @@ -6,6 +6,13 @@ ], "additionalProperties": false, "definitions": { + "Db2SslModeValue": { + "enum": [ + "none", + "verify-ca" + ], + "type": "string" + }, "DmsSslModeValue": { "enum": [ "none", @@ -15,6 +22,29 @@ ], "type": "string" }, + "MongoDbAuthMechanism": { + "enum": [ + "default", + "mongodb_cr", + "scram_sha_1" + ], + "type": "string" + }, + "MongoDbAuthType": { + "enum": [ + "no", + "password" + ], + "type": "string" + }, + "MongoDbSslModeValue": { + "enum": [ + "none", + "require", + "verify-full" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -47,7 +77,9 @@ "dms:ListDataProviders", "dms:DescribeDataProviders", "dms:AddTagsToResource", - "dms:ListTagsForResource" + "dms:ListTagsForResource", + "iam:GetRole", + "iam:PassRole" ] }, "delete": { @@ -74,7 +106,7 @@ "dms:UpdateDataProvider", "dms:ModifyDataProvider", "dms:AddTagsToResource", - "dms:RemoveTagsToResource", + "dms:RemoveTagsFromResource", "dms:ListTagsForResource" ] } @@ -116,12 +148,18 @@ "Engine": { "description": "The property describes a data engine for the data provider.", "enum": [ - "postgres", + "aurora", + "aurora_postgresql", "mysql", "oracle", + "postgres", "sqlserver", - "aurora", - "aurora_postgresql" + "redshift", + "mariadb", + "mongodb", + "docdb", + "db2", + "db2_zos" ], "type": "string" }, @@ -152,10 +190,147 @@ "required": [ "MicrosoftSqlServerSettings" ] + }, + { + "required": [ + "RedshiftSettings" + ] + }, + { + "required": [ + "DocDbSettings" + ] + }, + { + "required": [ + "MariaDbSettings" + ] + }, + { + "required": [ + "MongoDbSettings" + ] + }, + { + "required": [ + "IbmDb2LuwSettings" + ] + }, + { + "required": [ + "IbmDb2zOsSettings" + ] } ], "description": "The property identifies the exact type of settings for the data provider.", "properties": { + "DocDbSettings": { + "additionalProperties": false, + "description": "DocDbSettings property identifier.", + "properties": { + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "integer" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "$ref": "#/definitions/MongoDbSslModeValue" + } + }, + "required": [ + "ServerName", + "Port", + "DatabaseName" + ], + "type": "object" + }, + "IbmDb2LuwSettings": { + "additionalProperties": false, + "description": "IbmDb2LuwSettings property identifier.", + "properties": { + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "integer" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "$ref": "#/definitions/Db2SslModeValue" + } + }, + "required": [ + "ServerName", + "Port", + "SslMode", + "DatabaseName" + ], + "type": "object" + }, + "IbmDb2zOsSettings": { + "additionalProperties": false, + "description": "IbmDb2zOsSettings property identifier.", + "properties": { + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "integer" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "$ref": "#/definitions/Db2SslModeValue" + } + }, + "required": [ + "ServerName", + "Port", + "SslMode", + "DatabaseName" + ], + "type": "object" + }, + "MariaDbSettings": { + "additionalProperties": false, + "description": "MariaDbSettings property identifier.", + "properties": { + "CertificateArn": { + "type": "string" + }, + "Port": { + "type": "integer" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "$ref": "#/definitions/DmsSslModeValue" + } + }, + "required": [ + "ServerName", + "Port", + "SslMode" + ], + "type": "object" + }, "MicrosoftSqlServerSettings": { "additionalProperties": false, "description": "MicrosoftSqlServerSettings property identifier.", @@ -173,8 +348,7 @@ "type": "string" }, "SslMode": { - "$ref": "#/definitions/DmsSslModeValue", - "type": "object" + "$ref": "#/definitions/DmsSslModeValue" } }, "required": [ @@ -185,6 +359,41 @@ ], "type": "object" }, + "MongoDbSettings": { + "additionalProperties": false, + "description": "MongoDbSettings property identifier.", + "properties": { + "AuthMechanism": { + "$ref": "#/definitions/MongoDbAuthMechanism" + }, + "AuthSource": { + "type": "string" + }, + "AuthType": { + "$ref": "#/definitions/MongoDbAuthType" + }, + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "integer" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "$ref": "#/definitions/MongoDbSslModeValue" + } + }, + "required": [ + "ServerName", + "Port" + ], + "type": "object" + }, "MySqlSettings": { "additionalProperties": false, "description": "MySqlSettings property identifier.", @@ -199,8 +408,7 @@ "type": "string" }, "SslMode": { - "$ref": "#/definitions/DmsSslModeValue", - "type": "object" + "$ref": "#/definitions/DmsSslModeValue" } }, "required": [ @@ -242,8 +450,7 @@ "type": "string" }, "SslMode": { - "$ref": "#/definitions/DmsSslModeValue", - "type": "object" + "$ref": "#/definitions/DmsSslModeValue" } }, "required": [ @@ -271,8 +478,7 @@ "type": "string" }, "SslMode": { - "$ref": "#/definitions/DmsSslModeValue", - "type": "object" + "$ref": "#/definitions/DmsSslModeValue" } }, "required": [ @@ -282,6 +488,27 @@ "DatabaseName" ], "type": "object" + }, + "RedshiftSettings": { + "additionalProperties": false, + "description": "RedshiftSettings property identifier.", + "properties": { + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "integer" + }, + "ServerName": { + "type": "string" + } + }, + "required": [ + "ServerName", + "Port", + "DatabaseName" + ], + "type": "object" } }, "type": "object" @@ -305,6 +532,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-dms.git", "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "dms:AddTagsToResource", + "dms:RemoveTagsFromResource", + "dms:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::DMS::DataProvider", diff --git a/src/schema/aws-dms-instanceprofile.json b/src/schema/aws-dms-instanceprofile.json index 37f99064..353675de 100644 --- a/src/schema/aws-dms-instanceprofile.json +++ b/src/schema/aws-dms-instanceprofile.json @@ -65,7 +65,7 @@ "dms:UpdateInstanceProfile", "dms:ModifyInstanceProfile", "dms:AddTagsToResource", - "dms:RemoveTagsToResource", + "dms:RemoveTagsFromResource", "dms:ListTagsForResource" ] } @@ -120,7 +120,6 @@ "description": "The property describes a network type for the instance profile.", "enum": [ "IPV4", - "IPV6", "DUAL" ], "type": "string" @@ -161,6 +160,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-csf.git", "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "dms:AddTagsToResource", + "dms:RemoveTagsFromResource", + "dms:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::DMS::InstanceProfile", diff --git a/src/schema/aws-dms-migrationproject.json b/src/schema/aws-dms-migrationproject.json index dad2311a..ee090bbd 100644 --- a/src/schema/aws-dms-migrationproject.json +++ b/src/schema/aws-dms-migrationproject.json @@ -91,7 +91,7 @@ "dms:UpdateMigrationProject", "dms:ModifyMigrationProject", "dms:AddTagsToResource", - "dms:RemoveTagsToResource", + "dms:RemoveTagsFromResource", "dms:ListTagsForResource", "iam:PassRole" ] @@ -199,6 +199,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-csf.git", "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "dms:AddTagsToResource", + "dms:RemoveTagsFromResource", + "dms:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::DMS::MigrationProject", diff --git a/src/schema/aws-dms-replicationinstance.json b/src/schema/aws-dms-replicationinstance.json index 6dc590ea..8bddcdd3 100644 --- a/src/schema/aws-dms-replicationinstance.json +++ b/src/schema/aws-dms-replicationinstance.json @@ -3,6 +3,7 @@ "createOnlyProperties": [ "/properties/KmsKeyId", "/properties/ResourceIdentifier", + "/properties/DnsNameServers", "/properties/ReplicationSubnetGroupIdentifier", "/properties/PubliclyAccessible" ], @@ -41,6 +42,9 @@ "AvailabilityZone": { "type": "string" }, + "DnsNameServers": { + "type": "string" + }, "EngineVersion": { "type": "string" }, @@ -53,6 +57,9 @@ "MultiAZ": { "type": "boolean" }, + "NetworkType": { + "type": "string" + }, "PreferredMaintenanceWindow": { "type": "string" }, diff --git a/src/schema/aws-docdb-dbcluster.json b/src/schema/aws-docdb-dbcluster.json index c6ed943b..7edd770e 100644 --- a/src/schema/aws-docdb-dbcluster.json +++ b/src/schema/aws-docdb-dbcluster.json @@ -1,8 +1,8 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/KmsKeyId", "/properties/SnapshotIdentifier", + "/properties/KmsKeyId", "/properties/MasterUsername", "/properties/SourceDBClusterIdentifier", "/properties/DBClusterIdentifier", @@ -11,6 +11,22 @@ "/properties/StorageEncrypted" ], "definitions": { + "ServerlessV2ScalingConfiguration": { + "additionalProperties": false, + "properties": { + "MaxCapacity": { + "type": "number" + }, + "MinCapacity": { + "type": "number" + } + }, + "required": [ + "MinCapacity", + "MaxCapacity" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -80,9 +96,15 @@ "KmsKeyId": { "type": "string" }, + "ManageMasterUserPassword": { + "type": "boolean" + }, "MasterUserPassword": { "type": "string" }, + "MasterUserSecretKmsKeyId": { + "type": "string" + }, "MasterUsername": { "type": "string" }, @@ -104,6 +126,12 @@ "RestoreType": { "type": "string" }, + "RotateMasterUserPassword": { + "type": "boolean" + }, + "ServerlessV2ScalingConfiguration": { + "$ref": "#/definitions/ServerlessV2ScalingConfiguration" + }, "SnapshotIdentifier": { "type": "string" }, diff --git a/src/schema/aws-docdbelastic-cluster.json b/src/schema/aws-docdbelastic-cluster.json index fbd07932..8daf22f4 100644 --- a/src/schema/aws-docdbelastic-cluster.json +++ b/src/schema/aws-docdbelastic-cluster.json @@ -198,6 +198,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-docdbelastic/", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "docdb-elastic:TagResource", + "docdb-elastic:UntagResource", + "docdb-elastic:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-dsql-cluster.json b/src/schema/aws-dsql-cluster.json new file mode 100644 index 00000000..7c3f51be --- /dev/null +++ b/src/schema/aws-dsql-cluster.json @@ -0,0 +1,124 @@ +{ + "additionalProperties": false, + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A map of key and value pairs to use to tag your cluster.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 1 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ] + } + }, + "description": "Resource Type definition for AWS::DSQL::Cluster", + "handlers": { + "create": { + "permissions": [ + "dsql:CreateCluster", + "dsql:GetCluster", + "dsql:TagResource", + "dsql:ListTagsForResource", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "dsql:DeleteCluster", + "dsql:GetCluster", + "dsql:ListTagsForResource" + ] + }, + "list": { + "permissions": [ + "dsql:ListClusters", + "dsql:ListTagsForResource", + "tag:GetTagKeys", + "tag:GetTagValues" + ] + }, + "read": { + "permissions": [ + "dsql:GetCluster", + "dsql:ListTagsForResource", + "tag:GetTagKeys", + "tag:GetTagValues" + ] + }, + "update": { + "permissions": [ + "dsql:UpdateCluster", + "dsql:GetCluster", + "dsql:UntagResource", + "dsql:TagResource", + "dsql:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Identifier" + ], + "properties": { + "CreationTime": { + "description": "The time of when the cluster was created in ISO-8601 format.", + "type": "string" + }, + "DeletionProtectionEnabled": { + "description": "Whether deletion protection is enabled in this cluster.", + "type": "boolean" + }, + "Identifier": { + "description": "The ID of the created cluster.", + "type": "string" + }, + "ResourceArn": { + "description": "The Amazon Resource Name (ARN) for the cluster.", + "type": "string" + }, + "Status": { + "description": "The status of the cluster.", + "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + } + }, + "readOnlyProperties": [ + "/properties/ResourceArn", + "/properties/Identifier", + "/properties/CreationTime", + "/properties/Status" + ], + "required": [], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "dsql:UntagResource", + "dsql:TagResource", + "dsql:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::DSQL::Cluster" +} diff --git a/src/schema/aws-dynamodb-globaltable.json b/src/schema/aws-dynamodb-globaltable.json index 688f560e..4588d16b 100644 --- a/src/schema/aws-dynamodb-globaltable.json +++ b/src/schema/aws-dynamodb-globaltable.json @@ -90,6 +90,9 @@ "Projection": { "$ref": "#/definitions/Projection" }, + "WarmThroughput": { + "$ref": "#/definitions/WarmThroughput" + }, "WriteOnDemandThroughputSettings": { "$ref": "#/definitions/WriteOnDemandThroughputSettings" }, @@ -174,9 +177,19 @@ }, "PointInTimeRecoverySpecification": { "additionalProperties": false, + "dependencies": { + "RecoveryPeriodInDays": [ + "PointInTimeRecoveryEnabled" + ] + }, "properties": { "PointInTimeRecoveryEnabled": { "type": "boolean" + }, + "RecoveryPeriodInDays": { + "maximum": 35, + "minimum": 1, + "type": "integer" } }, "type": "object" @@ -441,6 +454,32 @@ ], "type": "object" }, + "WarmThroughput": { + "additionalProperties": false, + "anyOf": [ + { + "required": [ + "ReadUnitsPerSecond" + ] + }, + { + "required": [ + "WriteUnitsPerSecond" + ] + } + ], + "properties": { + "ReadUnitsPerSecond": { + "minimum": 1, + "type": "integer" + }, + "WriteUnitsPerSecond": { + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, "WriteOnDemandThroughputSettings": { "additionalProperties": false, "properties": { @@ -652,6 +691,9 @@ "TimeToLiveSpecification": { "$ref": "#/definitions/TimeToLiveSpecification" }, + "WarmThroughput": { + "$ref": "#/definitions/WarmThroughput" + }, "WriteOnDemandThroughputSettings": { "$ref": "#/definitions/WriteOnDemandThroughputSettings" }, diff --git a/src/schema/aws-dynamodb-table.json b/src/schema/aws-dynamodb-table.json index 2005cd32..029cf0d5 100644 --- a/src/schema/aws-dynamodb-table.json +++ b/src/schema/aws-dynamodb-table.json @@ -1,5 +1,8 @@ { "additionalProperties": false, + "conditionalCreateOnlyProperties": [ + "/properties/KeySchema" + ], "createOnlyProperties": [ "/properties/TableName", "/properties/ImportSourceSpecification" @@ -14,7 +17,7 @@ "type": "string" }, "AttributeType": { - "description": "The data type for the attribute, where:\n + ``S`` - the attribute is of type String\n + ``N`` - the attribute is of type Number\n + ``B`` - the attribute is of type Binary", + "description": "The data type for the attribute, where:\n + ``S`` - the attribute is of type String\n + ``N`` - the attribute is of type Number\n + ``B`` - the attribute is of type Binary", "type": "string" } }, @@ -100,7 +103,7 @@ "type": "string" }, "KeySchema": { - "description": "The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types:\n + ``HASH`` - partition key\n + ``RANGE`` - sort key\n \n The partition key of an item is also known as its *hash attribute*. The term \"hash attribute\" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values.\n The sort key of an item is also known as its *range attribute*. The term \"range attribute\" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value.", + "description": "The complete key schema for a global secondary index, which consists of one or more pairs of attribute names and key types:\n + ``HASH`` - partition key\n + ``RANGE`` - sort key\n \n The partition key of an item is also known as its *hash attribute*. The term \"hash attribute\" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values.\n The sort key of an item is also known as its *range attribute*. The term \"range attribute\" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value.", "items": { "$ref": "#/definitions/KeySchema" }, @@ -118,6 +121,10 @@ "ProvisionedThroughput": { "$ref": "#/definitions/ProvisionedThroughput", "description": "Represents the provisioned throughput settings for the specified global secondary index.\n For current minimum and maximum provisioned throughput values, see [Service, Account, and Table Quotas](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the *Amazon DynamoDB Developer Guide*." + }, + "WarmThroughput": { + "$ref": "#/definitions/WarmThroughput", + "description": "Represents the warm throughput value (in read units per second and write units per second) for the specified secondary index. If you use this parameter, you must specify ``ReadUnitsPerSecond``, ``WriteUnitsPerSecond``, or both." } }, "required": [ @@ -174,7 +181,7 @@ "type": "string" }, "KeyType": { - "description": "The role that this key attribute will assume:\n + ``HASH`` - partition key\n + ``RANGE`` - sort key\n \n The partition key of an item is also known as its *hash attribute*. The term \"hash attribute\" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values.\n The sort key of an item is also known as its *range attribute*. The term \"range attribute\" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value.", + "description": "The role that this key attribute will assume:\n + ``HASH`` - partition key\n + ``RANGE`` - sort key\n \n The partition key of an item is also known as its *hash attribute*. The term \"hash attribute\" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values.\n The sort key of an item is also known as its *range attribute*. The term \"range attribute\" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value.", "type": "string" } }, @@ -219,7 +226,7 @@ "type": "string" }, "KeySchema": { - "description": "The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types:\n + ``HASH`` - partition key\n + ``RANGE`` - sort key\n \n The partition key of an item is also known as its *hash attribute*. The term \"hash attribute\" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values.\n The sort key of an item is also known as its *range attribute*. The term \"range attribute\" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value.", + "description": "The complete key schema for the local secondary index, consisting of one or more pairs of attribute names and key types:\n + ``HASH`` - partition key\n + ``RANGE`` - sort key\n \n The partition key of an item is also known as its *hash attribute*. The term \"hash attribute\" derives from DynamoDB's usage of an internal hash function to evenly distribute data items across partitions, based on their partition key values.\n The sort key of an item is also known as its *range attribute*. The term \"range attribute\" derives from the way DynamoDB stores items with the same partition key physically close together, in sorted order by the sort key value.", "items": { "$ref": "#/definitions/KeySchema" }, @@ -257,11 +264,22 @@ }, "PointInTimeRecoverySpecification": { "additionalProperties": false, + "dependencies": { + "RecoveryPeriodInDays": [ + "PointInTimeRecoveryEnabled" + ] + }, "description": "The settings used to enable point in time recovery.", "properties": { "PointInTimeRecoveryEnabled": { "description": "Indicates whether point in time recovery is enabled (true) or disabled (false) on the table.", "type": "boolean" + }, + "RecoveryPeriodInDays": { + "description": "The number of preceding days for which continuous backups are taken and maintained. Your table data is only recoverable to any point-in-time from within the configured recovery period. This parameter is optional. If no value is provided, the value will default to 35.", + "maximum": 35, + "minimum": 1, + "type": "integer" } }, "type": "object" @@ -271,7 +289,7 @@ "description": "Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected.", "properties": { "NonKeyAttributes": { - "description": "Represents the non-key attribute names which will be projected into the index.\n For local secondary indexes, the total count of ``NonKeyAttributes`` summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.", + "description": "Represents the non-key attribute names which will be projected into the index.\n For global and local secondary indexes, the total count of ``NonKeyAttributes`` summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. This limit only applies when you specify the ProjectionType of ``INCLUDE``. You still can specify the ProjectionType of ``ALL`` to project all attributes from the source table, even if the table has more than 100 attributes.", "items": { "type": "string" }, @@ -279,7 +297,7 @@ "uniqueItems": false }, "ProjectionType": { - "description": "The set of attributes that are projected into the index:\n + ``KEYS_ONLY`` - Only the index and primary keys are projected into the index.\n + ``INCLUDE`` - In addition to the attributes described in ``KEYS_ONLY``, the secondary index will include other non-key attributes that you specify.\n + ``ALL`` - All of the table attributes are projected into the index.\n \n When using the DynamoDB console, ``ALL`` is selected by default.", + "description": "The set of attributes that are projected into the index:\n + ``KEYS_ONLY`` - Only the index and primary keys are projected into the index.\n + ``INCLUDE`` - In addition to the attributes described in ``KEYS_ONLY``, the secondary index will include other non-key attributes that you specify.\n + ``ALL`` - All of the table attributes are projected into the index.\n \n When using the DynamoDB console, ``ALL`` is selected by default.", "type": "string" } }, @@ -377,7 +395,7 @@ "type": "boolean" }, "SSEType": { - "description": "Server-side encryption type. The only supported value is:\n + ``KMS`` - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply).", + "description": "Server-side encryption type. The only supported value is:\n + ``KMS`` - Server-side encryption that uses KMSlong. The key is stored in your account and is managed by KMS (KMS charges apply).", "type": "string" } }, @@ -395,7 +413,7 @@ "description": "Creates or updates a resource-based policy document that contains the permissions for DDB resources, such as a table's streams. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.\n In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html)." }, "StreamViewType": { - "description": "When an item in the table is modified, ``StreamViewType`` determines what information is written to the stream for this table. Valid values for ``StreamViewType`` are:\n + ``KEYS_ONLY`` - Only the key attributes of the modified item are written to the stream.\n + ``NEW_IMAGE`` - The entire item, as it appears after it was modified, is written to the stream.\n + ``OLD_IMAGE`` - The entire item, as it appeared before it was modified, is written to the stream.\n + ``NEW_AND_OLD_IMAGES`` - Both the new and the old item images of the item are written to the stream.", + "description": "When an item in the table is modified, ``StreamViewType`` determines what information is written to the stream for this table. Valid values for ``StreamViewType`` are:\n + ``KEYS_ONLY`` - Only the key attributes of the modified item are written to the stream.\n + ``NEW_IMAGE`` - The entire item, as it appears after it was modified, is written to the stream.\n + ``OLD_IMAGE`` - The entire item, as it appeared before it was modified, is written to the stream.\n + ``NEW_AND_OLD_IMAGES`` - Both the new and the old item images of the item are written to the stream.", "type": "string" } }, @@ -406,7 +424,7 @@ }, "Tag": { "additionalProperties": false, - "description": "Describes a tag. A tag is a key-value pair. You can add up to 50 tags to a single DynamoDB table. \n AWS-assigned tag names and values are automatically assigned the ``aws:`` prefix, which the user cannot assign. AWS-assigned tag names do not count towards the tag limit of 50. User-assigned tag names have the prefix ``user:`` in the Cost Allocation Report. You cannot backdate the application of a tag.\n For an overview on tagging DynamoDB resources, see [Tagging for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) in the *Amazon DynamoDB Developer Guide*.", + "description": "Describes a tag. A tag is a key-value pair. You can add up to 50 tags to a single DynamoDB table. \n AWS-assigned tag names and values are automatically assigned the ``aws:`` prefix, which the user cannot assign. AWS-assigned tag names do not count towards the tag limit of 50. User-assigned tag names have the prefix ``user:`` in the Cost Allocation Report. You cannot backdate the application of a tag.\n For an overview on tagging DynamoDB resources, see [Tagging for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) in the *Amazon DynamoDB Developer Guide*.", "properties": { "Key": { "description": "The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value.", @@ -440,9 +458,38 @@ "Enabled" ], "type": "object" + }, + "WarmThroughput": { + "additionalProperties": false, + "anyOf": [ + { + "required": [ + "ReadUnitsPerSecond" + ] + }, + { + "required": [ + "WriteUnitsPerSecond" + ] + } + ], + "description": "Provides visibility into the number of read and write operations your table or secondary index can instantaneously support. The settings can be modified using the ``UpdateTable`` operation to meet the throughput requirements of an upcoming peak event.", + "properties": { + "ReadUnitsPerSecond": { + "description": "Represents the number of read operations your base table can instantaneously support.", + "minimum": 1, + "type": "integer" + }, + "WriteUnitsPerSecond": { + "description": "Represents the number of write operations your base table can instantaneously support.", + "minimum": 1, + "type": "integer" + } + }, + "type": "object" } }, - "description": "The ``AWS::DynamoDB::Table`` resource creates a DDB table. For more information, see [CreateTable](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html) in the *API Reference*.\n You should be aware of the following behaviors when working with DDB tables:\n + CFNlong typically creates DDB tables in parallel. However, if your template includes multiple DDB tables with indexes, you must declare dependencies so that the tables are created sequentially. DDBlong limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DDB returns an error and the stack operation fails. For an example, see [DynamoDB Table with a DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table--examples--DynamoDB_Table_with_a_DependsOn_Attribute).\n \n Our guidance is to use the latest schema documented here for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes.", + "description": "The ``AWS::DynamoDB::Table`` resource creates a DDB table. For more information, see [CreateTable](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html) in the *API Reference*.\n You should be aware of the following behaviors when working with DDB tables:\n + CFNlong typically creates DDB tables in parallel. However, if your template includes multiple DDB tables with indexes, you must declare dependencies so that the tables are created sequentially. DDBlong limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DDB returns an error and the stack operation fails. For an example, see [DynamoDB Table with a DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table--examples--DynamoDB_Table_with_a_DependsOn_Attribute).\n \n Our guidance is to use the latest schema documented for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes.", "handlers": { "create": { "permissions": [ @@ -555,7 +602,7 @@ "uniqueItems": true }, "BillingMode": { - "description": "Specify how you are charged for read and write throughput and how you manage capacity.\n Valid values include:\n + ``PROVISIONED`` - We recommend using ``PROVISIONED`` for predictable workloads. ``PROVISIONED`` sets the billing mode to [Provisioned Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.ProvisionedThroughput.Manual).\n + ``PAY_PER_REQUEST`` - We recommend using ``PAY_PER_REQUEST`` for unpredictable workloads. ``PAY_PER_REQUEST`` sets the billing mode to [On-Demand Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand).\n \n If not specified, the default is ``PROVISIONED``.", + "description": "Specify how you are charged for read and write throughput and how you manage capacity.\n Valid values include:\n + ``PAY_PER_REQUEST`` - We recommend using ``PAY_PER_REQUEST`` for most DynamoDB workloads. ``PAY_PER_REQUEST`` sets the billing mode to [On-demand capacity mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/on-demand-capacity-mode.html). \n + ``PROVISIONED`` - We recommend using ``PROVISIONED`` for steady workloads with predictable growth where capacity requirements can be reliably forecasted. ``PROVISIONED`` sets the billing mode to [Provisioned capacity mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/provisioned-capacity-mode.html).\n \n If not specified, the default is ``PROVISIONED``.", "type": "string" }, "ContributorInsightsSpecification": { @@ -576,7 +623,7 @@ }, "ImportSourceSpecification": { "$ref": "#/definitions/ImportSourceSpecification", - "description": "Specifies the properties of data being imported from the S3 bucket source to the table.\n If you specify the ``ImportSourceSpecification`` property, and also specify either the ``StreamSpecification``, the ``TableClass`` property, or the ``DeletionProtectionEnabled`` property, the IAM entity creating/updating stack must have ``UpdateTable`` permission." + "description": "Specifies the properties of data being imported from the S3 bucket source to the\" table.\n If you specify the ``ImportSourceSpecification`` property, and also specify either the ``StreamSpecification``, the ``TableClass`` property, the ``DeletionProtectionEnabled`` property, or the ``WarmThroughput`` property, the IAM entity creating/updating stack must have ``UpdateTable`` permission." }, "KeySchema": { "description": "Specifies the attributes that make up the primary key for the table. The attributes in the ``KeySchema`` property must also be defined in the ``AttributeDefinitions`` property.", @@ -652,10 +699,14 @@ "TimeToLiveSpecification": { "$ref": "#/definitions/TimeToLiveSpecification", "description": "Specifies the Time to Live (TTL) settings for the table.\n For detailed information about the limits in DynamoDB, see [Limits in Amazon DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the Amazon DynamoDB Developer Guide." + }, + "WarmThroughput": { + "$ref": "#/definitions/WarmThroughput", + "description": "Represents the warm throughput (in read units per second and write units per second) for creating a table." } }, "propertyTransform": { - "/properties/SSESpecification/KMSMasterKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,3}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,4}[-]{1}[1-4]{1}:[0-9]{12}[:]{1}key\\/\", SSESpecification.KMSMasterKeyId]) $OR $join([\"arn:(aws)[-]{0,1}[a-z]{0,3}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,4}[-]{1}[1-4]{1}:[0-9]{12}[:]{1}key\\/\", KMSMasterKeyId])" + "/properties/SSESpecification/KMSMasterKeyId": "$join([\"arn:aws(-[a-z]{1,4}){0,2}:kms:[a-z]{2,4}(-[a-z]{1,4})?-[a-z]{1,10}-[0-9]:[0-9]{12}:key\\/\", SSESpecification.KMSMasterKeyId]) $OR $join([\"arn:aws(-[a-z]{1,4}){0,2}:kms:[a-z]{2,4}(-[a-z]{1,4})?-[a-z]{1,10}-[0-9]:[0-9]{12}:key\\/\", KMSMasterKeyId])" }, "readOnlyProperties": [ "/properties/Arn", @@ -666,6 +717,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "dynamodb:TagResource", + "dynamodb:UntagResource", + "dynamodb:ListTagsOfResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-capacityreservation.json b/src/schema/aws-ec2-capacityreservation.json index 9015cf94..cd05f3c4 100644 --- a/src/schema/aws-ec2-capacityreservation.json +++ b/src/schema/aws-ec2-capacityreservation.json @@ -2,7 +2,6 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Tenancy", - "/properties/InstanceMatchCriteria", "/properties/InstancePlatform", "/properties/InstanceType", "/properties/AvailabilityZone", @@ -10,9 +9,22 @@ "/properties/OutPostArn", "/properties/EphemeralStorage", "/properties/EbsOptimized", - "/properties/PlacementGroupArn" + "/properties/PlacementGroupArn", + "/properties/AvailabilityZoneId" ], "definitions": { + "CapacityAllocation": { + "additionalProperties": false, + "properties": { + "AllocationType": { + "type": "string" + }, + "Count": { + "type": "integer" + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -81,6 +93,7 @@ "ec2:CreateCapacityReservation", "ec2:DescribeCapacityReservations", "ec2:CancelCapacityReservation", + "ec2:AssociateCapacityReservationBillingOwner", "ec2:CreateTags", "ec2:DeleteTags" ] @@ -93,9 +106,44 @@ "AvailabilityZone": { "type": "string" }, + "AvailabilityZoneId": { + "type": "string" + }, "AvailableInstanceCount": { "type": "integer" }, + "CapacityAllocationSet": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CapacityAllocation" + }, + "type": "array", + "uniqueItems": false + }, + "CapacityReservationArn": { + "type": "string" + }, + "CapacityReservationFleetId": { + "type": "string" + }, + "CommitmentInfo": { + "additionalProperties": false, + "properties": { + "CommitmentEndDate": { + "type": "string" + }, + "CommittedInstanceCount": { + "type": "integer" + } + }, + "type": "object" + }, + "CreateDate": { + "type": "string" + }, + "DeliveryPreference": { + "type": "string" + }, "EbsOptimized": { "type": "boolean" }, @@ -126,9 +174,21 @@ "OutPostArn": { "type": "string" }, + "OwnerId": { + "type": "string" + }, "PlacementGroupArn": { "type": "string" }, + "ReservationType": { + "type": "string" + }, + "StartDate": { + "type": "string" + }, + "State": { + "type": "string" + }, "TagSpecifications": { "insertionOrder": false, "items": { @@ -142,18 +202,44 @@ }, "TotalInstanceCount": { "type": "integer" + }, + "UnusedReservationBillingOwnerId": { + "type": "string" } }, "readOnlyProperties": [ "/properties/Id", "/properties/AvailableInstanceCount", - "/properties/TotalInstanceCount" + "/properties/TotalInstanceCount", + "/properties/StartDate", + "/properties/CapacityReservationArn", + "/properties/CreateDate", + "/properties/State", + "/properties/OwnerId", + "/properties/ReservationType", + "/properties/CapacityAllocationSet", + "/properties/CommitmentInfo", + "/properties/DeliveryPreference", + "/properties/CapacityReservationFleetId" ], "required": [ "InstanceCount", - "AvailabilityZone", "InstancePlatform", "InstanceType" ], - "typeName": "AWS::EC2::CapacityReservation" + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/TagSpecifications", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::EC2::CapacityReservation", + "writeOnlyProperties": [ + "/properties/UnusedReservationBillingOwnerId" + ] } diff --git a/src/schema/aws-ec2-carriergateway.json b/src/schema/aws-ec2-carriergateway.json index 7395b3c0..42fae048 100644 --- a/src/schema/aws-ec2-carriergateway.json +++ b/src/schema/aws-ec2-carriergateway.json @@ -31,7 +31,7 @@ "uniqueItems": true } }, - "description": "An example resource schema demonstrating some basic constructs and validation rules.", + "description": "Resource Type definition for Carrier Gateway which describes the Carrier Gateway resource", "handlers": { "create": { "permissions": [ @@ -43,7 +43,8 @@ "delete": { "permissions": [ "ec2:DeleteCarrierGateway", - "ec2:DescribeCarrierGateways" + "ec2:DescribeCarrierGateways", + "ec2:DeleteTags" ] }, "list": { @@ -53,14 +54,16 @@ }, "read": { "permissions": [ - "ec2:DescribeCarrierGateways" + "ec2:DescribeCarrierGateways", + "ec2:DescribeTags" ] }, "update": { "permissions": [ "ec2:DescribeCarrierGateways", "ec2:CreateTags", - "ec2:DeleteTags" + "ec2:DeleteTags", + "ec2:DescribeTags" ] } }, @@ -98,5 +101,17 @@ "VpcId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::CarrierGateway" } diff --git a/src/schema/aws-ec2-clientvpnendpoint.json b/src/schema/aws-ec2-clientvpnendpoint.json index ea8178c7..2a5d11c8 100644 --- a/src/schema/aws-ec2-clientvpnendpoint.json +++ b/src/schema/aws-ec2-clientvpnendpoint.json @@ -179,6 +179,9 @@ "Description": { "type": "string" }, + "DisconnectOnSessionTimeout": { + "type": "boolean" + }, "DnsServers": { "items": { "type": "string" diff --git a/src/schema/aws-ec2-customergateway.json b/src/schema/aws-ec2-customergateway.json index e700ec3b..98f3f792 100644 --- a/src/schema/aws-ec2-customergateway.json +++ b/src/schema/aws-ec2-customergateway.json @@ -11,7 +11,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -41,8 +41,7 @@ "delete": { "permissions": [ "ec2:DeleteCustomerGateway", - "ec2:DescribeCustomerGateways", - "ec2:DeleteTags" + "ec2:DescribeCustomerGateways" ] }, "list": { @@ -81,7 +80,7 @@ }, "CertificateArn": { "description": "The Amazon Resource Name (ARN) for the customer gateway certificate.", - "pattern": "^arn:(aws[a-zA-Z-]*)?:acm:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:certificate\\/[a-zA-Z0-9-_]+$", + "pattern": "^arn:(aws[a-zA-Z-]*)?:acm:[a-z]{2}((-gov)|(-iso([a-z]{1})?))?-[a-z]+-\\d{1}:\\d{12}:certificate\\/[a-zA-Z0-9-_]+$", "type": "string" }, "CustomerGatewayId": { @@ -119,6 +118,10 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-dhcpoptions.json b/src/schema/aws-ec2-dhcpoptions.json index 04c7d643..098d1877 100644 --- a/src/schema/aws-ec2-dhcpoptions.json +++ b/src/schema/aws-ec2-dhcpoptions.json @@ -123,6 +123,10 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-ec2fleet.json b/src/schema/aws-ec2-ec2fleet.json index dd28c601..3f5641ba 100644 --- a/src/schema/aws-ec2-ec2fleet.json +++ b/src/schema/aws-ec2-ec2fleet.json @@ -48,6 +48,33 @@ }, "type": "object" }, + "BaselinePerformanceFactorsRequest": { + "additionalProperties": false, + "properties": { + "Cpu": { + "$ref": "#/definitions/CpuPerformanceFactorRequest" + } + }, + "type": "object" + }, + "BlockDeviceMapping": { + "additionalProperties": false, + "properties": { + "DeviceName": { + "type": "string" + }, + "Ebs": { + "$ref": "#/definitions/EbsBlockDevice" + }, + "NoDevice": { + "type": "string" + }, + "VirtualName": { + "type": "string" + } + }, + "type": "object" + }, "CapacityRebalance": { "additionalProperties": false, "properties": { @@ -76,6 +103,55 @@ }, "type": "object" }, + "CpuPerformanceFactorRequest": { + "additionalProperties": false, + "properties": { + "References": { + "items": { + "$ref": "#/definitions/PerformanceFactorReferenceRequest" + }, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" + }, + "EbsBlockDevice": { + "additionalProperties": false, + "properties": { + "DeleteOnTermination": { + "type": "boolean" + }, + "Encrypted": { + "type": "boolean" + }, + "Iops": { + "type": "integer" + }, + "KmsKeyId": { + "type": "string" + }, + "SnapshotId": { + "type": "string" + }, + "VolumeSize": { + "type": "integer" + }, + "VolumeType": { + "enum": [ + "gp2", + "gp3", + "io1", + "io2", + "sc1", + "st1", + "standard" + ], + "type": "string" + } + }, + "type": "object" + }, "FleetLaunchTemplateConfigRequest": { "additionalProperties": false, "properties": { @@ -220,6 +296,9 @@ "BaselineEbsBandwidthMbps": { "$ref": "#/definitions/BaselineEbsBandwidthMbpsRequest" }, + "BaselinePerformanceFactors": { + "$ref": "#/definitions/BaselinePerformanceFactorsRequest" + }, "BurstablePerformance": { "enum": [ "included", @@ -233,7 +312,8 @@ "enum": [ "intel", "amd", - "amazon-web-services" + "amazon-web-services", + "apple" ], "type": "string" }, @@ -394,6 +474,15 @@ }, "type": "object" }, + "PerformanceFactorReferenceRequest": { + "additionalProperties": false, + "properties": { + "InstanceFamily": { + "type": "string" + } + }, + "type": "object" + }, "Placement": { "additionalProperties": false, "properties": { diff --git a/src/schema/aws-ec2-eip.json b/src/schema/aws-ec2-eip.json index 370edc56..eda39179 100644 --- a/src/schema/aws-ec2-eip.json +++ b/src/schema/aws-ec2-eip.json @@ -4,7 +4,9 @@ "createOnlyProperties": [ "/properties/Domain", "/properties/NetworkBorderGroup", - "/properties/TransferAddress" + "/properties/TransferAddress", + "/properties/IpamPoolId", + "/properties/Address" ], "definitions": { "Tag": { @@ -70,6 +72,10 @@ "/properties/AllocationId" ], "properties": { + "Address": { + "description": "", + "type": "string" + }, "AllocationId": { "description": "", "type": "string" @@ -82,6 +88,10 @@ "description": "The ID of the instance.\n Updates to the ``InstanceId`` property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource.", "type": "string" }, + "IpamPoolId": { + "description": "", + "type": "string" + }, "NetworkBorderGroup": { "description": "A unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups.\n Use [DescribeAvailabilityZones](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) to view the network border groups.", "type": "string" @@ -118,6 +128,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -125,6 +140,8 @@ }, "typeName": "AWS::EC2::EIP", "writeOnlyProperties": [ - "/properties/TransferAddress" + "/properties/TransferAddress", + "/properties/IpamPoolId", + "/properties/Address" ] } diff --git a/src/schema/aws-ec2-enclavecertificateiamroleassociation.json b/src/schema/aws-ec2-enclavecertificateiamroleassociation.json index 80dba004..7c40a518 100644 --- a/src/schema/aws-ec2-enclavecertificateiamroleassociation.json +++ b/src/schema/aws-ec2-enclavecertificateiamroleassociation.json @@ -8,12 +8,14 @@ "handlers": { "create": { "permissions": [ - "ec2:AssociateEnclaveCertificateIamRole" + "ec2:AssociateEnclaveCertificateIamRole", + "ec2:GetAssociatedEnclaveCertificateIamRoles" ] }, "delete": { "permissions": [ - "ec2:DisassociateEnclaveCertificateIamRole" + "ec2:DisassociateEnclaveCertificateIamRole", + "ec2:GetAssociatedEnclaveCertificateIamRoles" ] }, "list": { diff --git a/src/schema/aws-ec2-flowlog.json b/src/schema/aws-ec2-flowlog.json index b4ee147f..d4d10b8c 100644 --- a/src/schema/aws-ec2-flowlog.json +++ b/src/schema/aws-ec2-flowlog.json @@ -177,6 +177,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-flowlog.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-instance.json b/src/schema/aws-ec2-instance.json index bb325f00..350b0a5a 100644 --- a/src/schema/aws-ec2-instance.json +++ b/src/schema/aws-ec2-instance.json @@ -148,6 +148,31 @@ ], "type": "object" }, + "EnaSrdSpecification": { + "additionalProperties": false, + "description": "Specifies the ENA Express settings for the network interface that's attached to the instance.", + "properties": { + "EnaSrdEnabled": { + "description": "Specifies whether ENA Express is enabled for the network interface when you launch an instance.", + "type": "boolean" + }, + "EnaSrdUdpSpecification": { + "$ref": "#/definitions/EnaSrdUdpSpecification" + } + }, + "type": "object" + }, + "EnaSrdUdpSpecification": { + "additionalProperties": false, + "description": "Contains ENA Express settings for UDP network traffic for the network interface that's attached to the instance.", + "properties": { + "EnaSrdUdpEnabled": { + "description": "Indicates whether UDP traffic uses ENA Express for your instance.", + "type": "boolean" + } + }, + "type": "object" + }, "InstanceIpv6Address": { "additionalProperties": false, "properties": { @@ -229,6 +254,9 @@ "description": "The position of the network interface in the attachment order. A primary network interface has a device index of 0.", "type": "string" }, + "EnaSrdSpecification": { + "$ref": "#/definitions/EnaSrdSpecification" + }, "GroupSet": { "description": "The IDs of the security groups for the network interface.", "insertionOrder": false, @@ -800,6 +828,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-instanceconnectendpoint.json b/src/schema/aws-ec2-instanceconnectendpoint.json index 95a195e1..7bf4b168 100644 --- a/src/schema/aws-ec2-instanceconnectendpoint.json +++ b/src/schema/aws-ec2-instanceconnectendpoint.json @@ -112,6 +112,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-internetgateway.json b/src/schema/aws-ec2-internetgateway.json index 1c7b793e..dae5d787 100644 --- a/src/schema/aws-ec2-internetgateway.json +++ b/src/schema/aws-ec2-internetgateway.json @@ -3,7 +3,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -81,6 +81,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-ipam.json b/src/schema/aws-ec2-ipam.json index 794644af..a434ec63 100644 --- a/src/schema/aws-ec2-ipam.json +++ b/src/schema/aws-ec2-ipam.json @@ -15,6 +15,21 @@ ], "type": "object" }, + "IpamOrganizationalUnitExclusion": { + "additionalProperties": false, + "description": "If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.", + "properties": { + "OrganizationsEntityPath": { + "description": "An AWS Organizations entity path. Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "OrganizationsEntityPath" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -46,7 +61,9 @@ "ec2:CreateIpam", "iam:CreateServiceLinkedRole", "ec2:CreateTags", - "ec2:DescribeIpams" + "ec2:DescribeIpams", + "ec2:DescribeIpamResourceDiscoveries", + "ec2:ModifyIpamResourceDiscovery" ] }, "delete": { @@ -63,7 +80,8 @@ }, "read": { "permissions": [ - "ec2:DescribeIpams" + "ec2:DescribeIpams", + "ec2:DescribeIpamResourceDiscoveries" ] }, "update": { @@ -71,7 +89,9 @@ "ec2:ModifyIpam", "ec2:CreateTags", "ec2:DeleteTags", - "ec2:DescribeIpams" + "ec2:DescribeIpams", + "ec2:DescribeIpamResourceDiscoveries", + "ec2:ModifyIpamResourceDiscovery" ] } }, @@ -91,9 +111,22 @@ "description": "The Id of the default resource discovery, created with this IPAM.", "type": "string" }, + "DefaultResourceDiscoveryOrganizationalUnitExclusions": { + "description": "A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/IpamOrganizationalUnitExclusion" + }, + "type": "array", + "uniqueItems": true + }, "Description": { "type": "string" }, + "EnablePrivateGua": { + "description": "Enable provisioning of GUA space in private pools.", + "type": "boolean" + }, "IpamId": { "description": "Id of the IPAM.", "type": "string" @@ -156,6 +189,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ipam.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-ipampool.json b/src/schema/aws-ec2-ipampool.json index 0d30fb11..1527c4cb 100644 --- a/src/schema/aws-ec2-ipampool.json +++ b/src/schema/aws-ec2-ipampool.json @@ -273,6 +273,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ipam.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-ipamresourcediscovery.json b/src/schema/aws-ec2-ipamresourcediscovery.json index fa97a5f3..4d26e49f 100644 --- a/src/schema/aws-ec2-ipamresourcediscovery.json +++ b/src/schema/aws-ec2-ipamresourcediscovery.json @@ -15,6 +15,21 @@ ], "type": "object" }, + "IpamResourceDiscoveryOrganizationalUnitExclusion": { + "additionalProperties": false, + "description": "If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.", + "properties": { + "OrganizationsEntityPath": { + "description": "An AWS Organizations entity path. Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "OrganizationsEntityPath" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -45,7 +60,9 @@ "permissions": [ "ec2:CreateIpamResourceDiscovery", "ec2:DescribeIpamResourceDiscoveries", - "ec2:CreateTags" + "ec2:ModifyIpamResourceDiscovery", + "ec2:CreateTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -106,6 +123,15 @@ "type": "array", "uniqueItems": true }, + "OrganizationalUnitExclusions": { + "description": "A set of organizational unit (OU) exclusions for this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/IpamResourceDiscoveryOrganizationalUnitExclusion" + }, + "type": "array", + "uniqueItems": true + }, "OwnerId": { "description": "Owner Account ID of the Resource Discovery", "type": "string" @@ -137,6 +163,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ipam.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-ipamresourcediscoveryassociation.json b/src/schema/aws-ec2-ipamresourcediscoveryassociation.json index 6dc15682..ffb04ec3 100644 --- a/src/schema/aws-ec2-ipamresourcediscoveryassociation.json +++ b/src/schema/aws-ec2-ipamresourcediscoveryassociation.json @@ -134,6 +134,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ipam.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-ipamscope.json b/src/schema/aws-ec2-ipamscope.json index 743a6baa..bd3e363b 100644 --- a/src/schema/aws-ec2-ipamscope.json +++ b/src/schema/aws-ec2-ipamscope.json @@ -126,6 +126,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ipam.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-keypair.json b/src/schema/aws-ec2-keypair.json index 69ffd254..5d11d257 100644 --- a/src/schema/aws-ec2-keypair.json +++ b/src/schema/aws-ec2-keypair.json @@ -15,7 +15,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -113,6 +113,9 @@ "uniqueItems": true } }, + "propertyTransform": { + "/properties/PublicKeyMaterial": "$join([PublicKeyMaterial, \"\n\"])" + }, "readOnlyProperties": [ "/properties/KeyPairId", "/properties/KeyFingerprint" @@ -126,6 +129,7 @@ "permissions": [ "ec2:CreateTags" ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, "taggable": true diff --git a/src/schema/aws-ec2-launchtemplate.json b/src/schema/aws-ec2-launchtemplate.json index d71415d4..c46334da 100644 --- a/src/schema/aws-ec2-launchtemplate.json +++ b/src/schema/aws-ec2-launchtemplate.json @@ -49,6 +49,17 @@ }, "type": "object" }, + "BaselinePerformanceFactors": { + "additionalProperties": false, + "description": "The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application.\n Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying ``c6i`` would use the CPU performance of the ``c6i`` family as the baseline reference.", + "properties": { + "Cpu": { + "$ref": "#/definitions/Cpu", + "description": "The CPU performance to consider, using an instance family as the baseline reference." + } + }, + "type": "object" + }, "BlockDeviceMapping": { "additionalProperties": false, "description": "Specifies a block device mapping for a launch template. You must specify ``DeviceName`` plus exactly one of the following properties: ``Ebs``, ``NoDevice``, or ``VirtualName``.\n ``BlockDeviceMapping`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", @@ -77,7 +88,7 @@ "description": "Specifies an instance's Capacity Reservation targeting option. You can specify only one option at a time.\n ``CapacityReservationSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", "properties": { "CapacityReservationPreference": { - "description": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n + ``open`` - The instance can run in any ``open`` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).\n + ``none`` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", + "description": "Indicates the instance's Capacity Reservation preferences. Possible preferences include:\n + ``capacity-reservations-only`` - The instance will only run in a Capacity Reservation or Capacity Reservation group. If capacity isn't available, the instance will fail to launch.\n + ``open`` - The instance can run in any ``open`` Capacity Reservation that has matching attributes (instance type, platform, Availability Zone, tenancy).\n + ``none`` - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.", "type": "string" }, "CapacityReservationTarget": { @@ -121,12 +132,23 @@ }, "type": "object" }, + "Cpu": { + "additionalProperties": false, + "description": "Specifies the CPU performance to consider when using an instance family as the baseline reference.", + "properties": { + "References": { + "$ref": "#/definitions/References", + "description": "The instance family to use as the baseline reference for CPU performance. All instance types that match your specified attributes are compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture differences." + } + }, + "type": "object" + }, "CpuOptions": { "additionalProperties": false, "description": "Specifies the CPU options for an instance. For more information, see [Optimize CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *User Guide*.\n ``CpuOptions`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", "properties": { "AmdSevSnp": { - "description": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see [AMD SEV-SNP](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html).", + "description": "Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see [AMD SEV-SNP for Amazon EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html).", "enum": [ "enabled", "disabled" @@ -168,11 +190,11 @@ "type": "boolean" }, "Iops": { - "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is supported for ``io1``, ``io2``, and ``gp3`` volumes only.", + "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is supported for ``io1``, ``io2``, and ``gp3`` volumes only.", "type": "integer" }, "KmsKeyId": { - "description": "The ARN of the symmetric KMSlong (KMS) CMK used for encryption.", + "description": "Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption.", "type": "string" }, "SnapshotId": { @@ -196,7 +218,7 @@ }, "ElasticGpuSpecification": { "additionalProperties": false, - "description": "Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.\n Specifies a specification for an Elastic GPU for an Amazon EC2 launch template.\n ``ElasticGpuSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", + "description": "Amazon Elastic Graphics reached end of life on January 8, 2024.\n Specifies a specification for an Elastic GPU for an Amazon EC2 launch template.\n ``ElasticGpuSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", "properties": { "Type": { "description": "The type of Elastic Graphics accelerator.", @@ -285,7 +307,7 @@ }, "InstanceRequirements": { "additionalProperties": false, - "description": "The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.\n You must specify ``VCpuCount`` and ``MemoryMiB``. All other attributes are optional. Any unspecified optional attribute is set to its default.\n When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.\n To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:\n + ``AllowedInstanceTypes`` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.\n + ``ExcludedInstanceTypes`` - The instance types to exclude from the list, even if they match your specified attributes.\n \n If you specify ``InstanceRequirements``, you can't specify ``InstanceType``.\n Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``.\n For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*.", + "description": "The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.\n You must specify ``VCpuCount`` and ``MemoryMiB``. All other attributes are optional. Any unspecified optional attribute is set to its default.\n When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.\n To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:\n + ``AllowedInstanceTypes`` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.\n + ``ExcludedInstanceTypes`` - The instance types to exclude from the list, even if they match your specified attributes.\n \n If you specify ``InstanceRequirements``, you can't specify ``InstanceType``.\n Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``.\n For more information, see [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*.", "properties": { "AcceleratorCount": { "$ref": "#/definitions/AcceleratorCount", @@ -312,7 +334,7 @@ "description": "The minimum and maximum amount of total accelerator memory, in MiB.\n Default: No minimum or maximum limits" }, "AcceleratorTypes": { - "description": "The accelerator types that must be on the instance type.\n + For instance types with GPU accelerators, specify ``gpu``.\n + For instance types with FPGA accelerators, specify ``fpga``.\n + For instance types with inference accelerators, specify ``inference``.\n \n Default: Any accelerator type", + "description": "The accelerator types that must be on the instance type.\n + For instance types with FPGA accelerators, specify ``fpga``.\n + For instance types with GPU accelerators, specify ``gpu``.\n \n Default: Any accelerator type", "items": { "type": "string" }, @@ -335,12 +357,16 @@ "$ref": "#/definitions/BaselineEbsBandwidthMbps", "description": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide*.\n Default: No minimum or maximum limits" }, + "BaselinePerformanceFactors": { + "$ref": "#/definitions/BaselinePerformanceFactors", + "description": "The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. Currently, this parameter only supports CPU performance as a baseline performance factor. For more information, see [Performance protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html#ec2fleet-abis-performance-protection) in the *Amazon EC2 User Guide*." + }, "BurstablePerformance": { "description": "Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html).\n + To include burstable performance instance types, specify ``included``.\n + To require only burstable performance instance types, specify ``required``.\n + To exclude burstable performance instance types, specify ``excluded``.\n \n Default: ``excluded``", "type": "string" }, "CpuManufacturers": { - "description": "The CPU manufacturers to include.\n + For instance types with Intel CPUs, specify ``intel``.\n + For instance types with AMD CPUs, specify ``amd``.\n + For instance types with AWS CPUs, specify ``amazon-web-services``.\n \n Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template.\n Default: Any manufacturer", + "description": "The CPU manufacturers to include.\n + For instance types with Intel CPUs, specify ``intel``.\n + For instance types with AMD CPUs, specify ``amd``.\n + For instance types with AWS CPUs, specify ``amazon-web-services``.\n + For instance types with Apple CPUs, specify ``apple``.\n \n Don't confuse the CPU manufacturer with the CPU architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template.\n Default: Any manufacturer", "items": { "type": "string" }, @@ -470,18 +496,18 @@ }, "CpuOptions": { "$ref": "#/definitions/CpuOptions", - "description": "The CPU options for the instance. For more information, see [Optimize CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *Amazon EC2 User Guide*." + "description": "The CPU options for the instance. For more information, see [CPU options for Amazon EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) in the *Amazon EC2 User Guide*." }, "CreditSpecification": { "$ref": "#/definitions/CreditSpecification", "description": "The credit option for CPU usage of the instance. Valid only for T instances." }, "DisableApiStop": { - "description": "Indicates whether to enable the instance for stop protection. For more information, see [Enable stop protection for your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html) in the *Amazon EC2 User Guide*.", + "description": "Indicates whether to enable the instance for stop protection. For more information, see [Enable stop protection for your EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html) in the *Amazon EC2 User Guide*.", "type": "boolean" }, "DisableApiTermination": { - "description": "If you set this parameter to ``true``, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use [ModifyInstanceAttribute](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). Alternatively, if you set ``InstanceInitiatedShutdownBehavior`` to ``terminate``, you can terminate the instance by running the shutdown command from the instance.", + "description": "Indicates whether termination protection is enabled for the instance. The default is ``false``, which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.", "type": "boolean" }, "EbsOptimized": { @@ -489,7 +515,7 @@ "type": "boolean" }, "ElasticGpuSpecifications": { - "description": "Deprecated.\n Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.", + "description": "Deprecated.\n Amazon Elastic Graphics reached end of life on January 8, 2024.", "items": { "$ref": "#/definitions/ElasticGpuSpecification" }, @@ -497,7 +523,7 @@ "uniqueItems": false }, "ElasticInferenceAccelerators": { - "description": "An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.\n You cannot specify accelerators from different generations in the same request.\n Starting April 15, 2023, AWS will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.", + "description": "Amazon Elastic Inference is no longer available.\n An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.\n You cannot specify accelerators from different generations in the same request.", "items": { "$ref": "#/definitions/LaunchTemplateElasticInferenceAccelerator" }, @@ -517,7 +543,7 @@ "description": "The name or Amazon Resource Name (ARN) of an IAM instance profile." }, "ImageId": { - "description": "The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch.\n Valid formats:\n + ``ami-17characters00000`` \n + ``resolve:ssm:parameter-name`` \n + ``resolve:ssm:parameter-name:version-number`` \n + ``resolve:ssm:parameter-name:label`` \n \n For more information, see [Use a Systems Manager parameter to find an AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) in the *Amazon Elastic Compute Cloud User Guide*.", + "description": "The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch.\n Valid formats:\n + ``ami-0ac394d6a3example`` \n + ``resolve:ssm:parameter-name`` \n + ``resolve:ssm:parameter-name:version-number`` \n + ``resolve:ssm:parameter-name:label`` \n \n For more information, see [Use a Systems Manager parameter to find an AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) in the *Amazon Elastic Compute Cloud User Guide*.", "type": "string" }, "InstanceInitiatedShutdownBehavior": { @@ -530,7 +556,7 @@ }, "InstanceRequirements": { "$ref": "#/definitions/InstanceRequirements", - "description": "The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.\n You must specify ``VCpuCount`` and ``MemoryMiB``. All other attributes are optional. Any unspecified optional attribute is set to its default.\n When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.\n To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:\n + ``AllowedInstanceTypes`` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.\n + ``ExcludedInstanceTypes`` - The instance types to exclude from the list, even if they match your specified attributes.\n \n If you specify ``InstanceRequirements``, you can't specify ``InstanceType``.\n Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``.\n For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*." + "description": "The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.\n You must specify ``VCpuCount`` and ``MemoryMiB``. All other attributes are optional. Any unspecified optional attribute is set to its default.\n When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.\n To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:\n + ``AllowedInstanceTypes`` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.\n + ``ExcludedInstanceTypes`` - The instance types to exclude from the list, even if they match your specified attributes.\n \n If you specify ``InstanceRequirements``, you can't specify ``InstanceType``.\n Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify ``InstanceRequirements``.\n For more information, see [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide*." }, "InstanceType": { "description": "The instance type. For more information, see [Amazon EC2 instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) in the *Amazon EC2 User Guide*.\n If you specify ``InstanceType``, you can't specify ``InstanceRequirements``.", @@ -558,7 +584,7 @@ }, "MetadataOptions": { "$ref": "#/definitions/MetadataOptions", - "description": "The metadata options for the instance. For more information, see [Instance metadata and user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the *Amazon EC2 User Guide*." + "description": "The metadata options for the instance. For more information, see [Configure the Instance Metadata Service options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html) in the *Amazon EC2 User Guide*." }, "Monitoring": { "$ref": "#/definitions/Monitoring", @@ -572,6 +598,10 @@ "type": "array", "uniqueItems": false }, + "NetworkPerformanceOptions": { + "$ref": "#/definitions/NetworkPerformanceOptions", + "description": "The settings for the network performance options for the instance. For more information, see [EC2 instance bandwidth weighting configuration](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-bandwidth-weighting.html)." + }, "Placement": { "$ref": "#/definitions/Placement", "description": "The placement for the instance." @@ -601,7 +631,7 @@ "uniqueItems": false }, "TagSpecifications": { - "description": "The tags to apply to the resources that are created during instance launch.\n To tag a resource after it has been created, see [CreateTags](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html).\n To tag the launch template itself, use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications).", + "description": "The tags to apply to resources that are created during instance launch.\n To tag the launch template itself, use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications).", "items": { "$ref": "#/definitions/TagSpecification" }, @@ -609,7 +639,7 @@ "uniqueItems": false }, "UserData": { - "description": "The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see [Run commands on your Amazon EC2 instance at launch](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) in the *Amazon EC2 User Guide*.\n If you are creating the launch template for use with BATCH, the user data must be provided in the [MIME multi-part archive format](https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive). For more information, see [Amazon EC2 user data in launch templates](https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html) in the *User Guide*.", + "description": "The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see [Run commands when you launch an EC2 instance with user data input](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) in the *Amazon EC2 User Guide*.\n If you are creating the launch template for use with BATCH, the user data must be provided in the [MIME multi-part archive format](https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive). For more information, see [Amazon EC2 user data in launch templates](https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html#lt-user-data) in the *User Guide*.", "type": "string" } }, @@ -617,7 +647,7 @@ }, "LaunchTemplateElasticInferenceAccelerator": { "additionalProperties": false, - "description": "Specifies an elastic inference accelerator.\n ``LaunchTemplateElasticInferenceAccelerator`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", + "description": "Amazon Elastic Inference is no longer available.\n Specifies an elastic inference accelerator.\n ``LaunchTemplateElasticInferenceAccelerator`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", "properties": { "Count": { "description": "The number of elastic inference accelerators to attach to the instance. \n Default: 1", @@ -632,7 +662,7 @@ }, "LaunchTemplateTagSpecification": { "additionalProperties": false, - "description": "Specifies the tags to apply to the launch template during creation.\n ``LaunchTemplateTagSpecification`` is a property of [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html).", + "description": "Specifies the tags to apply to the launch template during creation.\n To specify the tags for the resources that are created during instance launch, use [AWS::EC2::LaunchTemplate TagSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-tagspecification.html).\n ``LaunchTemplateTagSpecification`` is a property of [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html).", "properties": { "ResourceType": { "description": "The type of resource. To tag a launch template, ``ResourceType`` must be ``launch-template``.", @@ -722,7 +752,7 @@ "type": "string" }, "InstanceMetadataTags": { - "description": "Set to ``enabled`` to allow access to instance tags from the instance metadata. Set to ``disabled`` to turn off access to instance tags from the instance metadata. For more information, see [Work with instance tags using the instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS).\n Default: ``disabled``", + "description": "Set to ``enabled`` to allow access to instance tags from the instance metadata. Set to ``disabled`` to turn off access to instance tags from the instance metadata. For more information, see [View tags for your EC2 instances using instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-tags-in-IMDS.html).\n Default: ``disabled``", "type": "string" } }, @@ -779,7 +809,7 @@ "type": "string" }, "DeviceIndex": { - "description": "The device index for the network interface attachment. Each network interface requires a device index. If you create a launch template that includes secondary network interfaces but not a primary network interface, then you must add a primary network interface as a launch parameter when you launch an instance from the template.", + "description": "The device index for the network interface attachment. The primary network interface has a device index of 0. If the network interface is of type ``interface``, you must specify a device index.\n If you create a launch template that includes secondary network interfaces but no primary network interface, and you specify it using the ``LaunchTemplate`` property of ``AWS::EC2::Instance``, then you must include a primary network interface using the ``NetworkInterfaces`` property of ``AWS::EC2::Instance``.", "type": "integer" }, "EnaSrdSpecification": { @@ -795,7 +825,7 @@ "uniqueItems": false }, "InterfaceType": { - "description": "The type of network interface. To create an Elastic Fabric Adapter (EFA), specify ``efa``. For more information, see [Elastic Fabric Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) in the *Amazon EC2 User Guide*.\n If you are not creating an EFA, specify ``interface`` or omit this parameter.\n Valid values: ``interface`` | ``efa``", + "description": "The type of network interface. To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa``. For more information, see [Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) in the *Amazon EC2 User Guide*.\n If you are not creating an EFA, specify ``interface`` or omit this parameter.\n If you specify ``efa-only``, do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses.\n Valid values: ``interface`` | ``efa`` | ``efa-only``", "type": "string" }, "Ipv4PrefixCount": { @@ -884,6 +914,17 @@ }, "type": "object" }, + "NetworkPerformanceOptions": { + "additionalProperties": false, + "description": "Contains settings for the network performance options for the instance.", + "properties": { + "BandwidthWeighting": { + "description": "Specify the bandwidth weighting option to boost the associated type of baseline bandwidth, as follows:\n + default This option uses the standard bandwidth configuration for your instance type. + vpc-1 This option boosts your networking baseline bandwidth and reduces your EBS baseline bandwidth. + ebs-1 This option boosts your EBS baseline bandwidth and reduces your networking baseline bandwidth.", + "type": "string" + } + }, + "type": "object" + }, "Placement": { "additionalProperties": false, "description": "Specifies the placement of an instance.\n ``Placement`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", @@ -961,6 +1002,26 @@ }, "type": "object" }, + "Reference": { + "additionalProperties": false, + "description": "Specifies an instance family to use as the baseline reference for CPU performance.", + "properties": { + "InstanceFamily": { + "description": "The instance family to use as a baseline reference.\n Ensure that you specify the correct value for the instance family. The instance family is everything before the period (``.``) in the instance type name. For example, in the instance type ``c6i.large``, the instance family is ``c6i``, not ``c6``. For more information, see [Amazon EC2 instance type naming conventions](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html) in *Amazon EC2 Instance Types*.\n The following instance families are *not supported* for performance protection:\n + ``c1`` \n + ``g3`` | ``g3s`` \n + ``hpc7g`` \n + ``m1`` | ``m2`` \n + ``mac1`` | ``mac2`` | ``mac2-m1ultra`` | ``mac2-m2`` | ``mac2-m2pro`` \n + ``p3dn`` | ``p4d`` | ``p5`` \n + ``t1`` \n + ``u-12tb1`` | ``u-18tb1`` | ``u-24tb1`` | ``u-3tb1`` | ``u-6tb1`` | ``u-9tb1`` | ``u7i-12tb`` | ``u7in-16tb`` | ``u7in-24tb`` | ``u7in-32tb`` \n \n If you enable performance protection by specifying a supported instance family, the returned instance types will exclude the above unsupported instance families.", + "type": "string" + } + }, + "type": "object" + }, + "References": { + "description": "A list of references to be used as baseline for the CPU performance. Currently, you can only specify a single reference across different instance type variations such as CPU manufacturers, architectures etc.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Reference" + }, + "type": "array", + "uniqueItems": true + }, "SpotOptions": { "additionalProperties": false, "description": "Specifies options for Spot Instances.\n ``SpotOptions`` is a property of [AWS::EC2::LaunchTemplate InstanceMarketOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata-instancemarketoptions.html).", @@ -974,7 +1035,7 @@ "type": "string" }, "MaxPrice": { - "description": "The maximum hourly price you're willing to pay for the Spot Instances. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.\n If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.", + "description": "The maximum hourly price you're willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. If you do specify this parameter, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an ``InvalidParameterValue`` error message when the launch template is used to launch an instance.\n If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.", "type": "string" }, "SpotInstanceType": { @@ -990,7 +1051,7 @@ }, "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -1009,7 +1070,7 @@ }, "TagSpecification": { "additionalProperties": false, - "description": "Specifies the tags to apply to a resource when the resource is created for the launch template.\n ``TagSpecification`` is a property type of [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications). [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", + "description": "Specifies the tags to apply to resources that are created during instance launch.\n ``TagSpecification`` is a property type of [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications). [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).", "properties": { "ResourceType": { "description": "The type of resource to tag. You can specify tags for the following resource types only: ``instance`` | ``volume`` | ``network-interface`` | ``spot-instances-request``. If the instance does not include the resource type that you specify, the instance launch fails. For example, not all instance types include a volume.\n To tag a resource after it has been created, see [CreateTags](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html).", @@ -1113,7 +1174,7 @@ "type": "string" }, "TagSpecifications": { - "description": "The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template``.\n To specify the tags for the resources that are created when an instance is launched, you must use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications).", + "description": "The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template``.\n To specify the tags for resources that are created during instance launch, use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications).", "items": { "$ref": "#/definitions/LaunchTemplateTagSpecification" }, diff --git a/src/schema/aws-ec2-localgatewayroute.json b/src/schema/aws-ec2-localgatewayroute.json index f2b2268f..b7b0b494 100644 --- a/src/schema/aws-ec2-localgatewayroute.json +++ b/src/schema/aws-ec2-localgatewayroute.json @@ -4,7 +4,7 @@ "/properties/DestinationCidrBlock", "/properties/LocalGatewayRouteTableId" ], - "description": "Describes a route for a local gateway route table.", + "description": "Resource Type definition for Local Gateway Route which describes a route for a local gateway route table.", "handlers": { "create": { "permissions": [ diff --git a/src/schema/aws-ec2-localgatewayroutetable.json b/src/schema/aws-ec2-localgatewayroutetable.json index d760f39f..97b63972 100644 --- a/src/schema/aws-ec2-localgatewayroutetable.json +++ b/src/schema/aws-ec2-localgatewayroutetable.json @@ -32,7 +32,7 @@ "uniqueItems": true } }, - "description": "Describes a route table for a local gateway.", + "description": "Resource Type definition for Local Gateway Route Table which describes a route table for a local gateway.", "handlers": { "create": { "permissions": [ @@ -55,14 +55,16 @@ }, "read": { "permissions": [ - "ec2:DescribeLocalGatewayRouteTables" + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeTags" ] }, "update": { "permissions": [ "ec2:DescribeLocalGatewayRouteTables", "ec2:CreateTags", - "ec2:DeleteTags" + "ec2:DeleteTags", + "ec2:DescribeTags" ] } }, @@ -116,8 +118,14 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-lgw.git", "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags", + "ec2:DescribeTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-ec2-localgatewayroutetablevirtualinterfacegroupassociation.json b/src/schema/aws-ec2-localgatewayroutetablevirtualinterfacegroupassociation.json index 7b2fb856..4691b9a7 100644 --- a/src/schema/aws-ec2-localgatewayroutetablevirtualinterfacegroupassociation.json +++ b/src/schema/aws-ec2-localgatewayroutetablevirtualinterfacegroupassociation.json @@ -32,7 +32,7 @@ "uniqueItems": true } }, - "description": "Describes a local gateway route table virtual interface group association for a local gateway.", + "description": "Resource Type definition for Local Gateway Route Table Virtual Interface Group Association which describes a local gateway route table virtual interface group association for a local gateway.", "handlers": { "create": { "permissions": [ @@ -55,14 +55,16 @@ }, "read": { "permissions": [ - "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations" + "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:DescribeTags" ] }, "update": { "permissions": [ "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:CreateTags", - "ec2:DeleteTags" + "ec2:DeleteTags", + "ec2:DescribeTags" ] } }, @@ -117,8 +119,14 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-lgw.git", "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags", + "ec2:DescribeTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-ec2-localgatewayroutetablevpcassociation.json b/src/schema/aws-ec2-localgatewayroutetablevpcassociation.json index 45c3634f..48df7ee0 100644 --- a/src/schema/aws-ec2-localgatewayroutetablevpcassociation.json +++ b/src/schema/aws-ec2-localgatewayroutetablevpcassociation.json @@ -32,7 +32,7 @@ "uniqueItems": true } }, - "description": "Describes an association between a local gateway route table and a VPC.", + "description": "Resource Type definition for Local Gateway Route Table VPC Association which describes an association between a local gateway route table and a VPC.", "handlers": { "create": { "permissions": [ @@ -55,14 +55,16 @@ }, "read": { "permissions": [ - "ec2:DescribeLocalGatewayRouteTableVpcAssociations" + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeTags" ] }, "update": { "permissions": [ "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:CreateTags", - "ec2:DeleteTags" + "ec2:DeleteTags", + "ec2:DescribeTags" ] } }, @@ -106,8 +108,14 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-lgw.git", "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags", + "ec2:DescribeTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-ec2-natgateway.json b/src/schema/aws-ec2-natgateway.json index e0a43b7d..8c219d7c 100644 --- a/src/schema/aws-ec2-natgateway.json +++ b/src/schema/aws-ec2-natgateway.json @@ -9,7 +9,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -89,7 +89,7 @@ "type": "string" }, "SecondaryAllocationIds": { - "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*.", + "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html) in the *Amazon VPC User Guide*.", "insertionOrder": true, "items": { "type": "string" @@ -133,7 +133,12 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-ec2-networkacl.json b/src/schema/aws-ec2-networkacl.json index 2dd3ced6..4bd86908 100644 --- a/src/schema/aws-ec2-networkacl.json +++ b/src/schema/aws-ec2-networkacl.json @@ -6,7 +6,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -24,7 +24,7 @@ "type": "object" } }, - "description": "Specifies a network ACL for your VPC.", + "description": "Specifies a network ACL for your VPC.\n To add a network ACL entry, see [AWS::EC2::NetworkAclEntry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html).", "handlers": { "create": { "permissions": [ @@ -90,6 +90,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-networkaclentry.json b/src/schema/aws-ec2-networkaclentry.json index e7818cbf..1a86aa55 100644 --- a/src/schema/aws-ec2-networkaclentry.json +++ b/src/schema/aws-ec2-networkaclentry.json @@ -106,6 +106,11 @@ "Protocol" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2.git", - "taggable": false, + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::EC2::NetworkAclEntry" } diff --git a/src/schema/aws-ec2-networkinsightsaccessscope.json b/src/schema/aws-ec2-networkinsightsaccessscope.json index 276fcc62..0f6fdbe1 100644 --- a/src/schema/aws-ec2-networkinsightsaccessscope.json +++ b/src/schema/aws-ec2-networkinsightsaccessscope.json @@ -228,6 +228,17 @@ "/properties/UpdatedDate" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-ni.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::NetworkInsightsAccessScope", "writeOnlyProperties": [ "/properties/MatchPaths", diff --git a/src/schema/aws-ec2-networkinsightsaccessscopeanalysis.json b/src/schema/aws-ec2-networkinsightsaccessscopeanalysis.json index 9cdab788..ec8dc1d8 100644 --- a/src/schema/aws-ec2-networkinsightsaccessscopeanalysis.json +++ b/src/schema/aws-ec2-networkinsightsaccessscopeanalysis.json @@ -127,5 +127,16 @@ "NetworkInsightsAccessScopeId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-ni.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::NetworkInsightsAccessScopeAnalysis" } diff --git a/src/schema/aws-ec2-networkinsightsanalysis.json b/src/schema/aws-ec2-networkinsightsanalysis.json index 1d2c6725..9d50d7e9 100644 --- a/src/schema/aws-ec2-networkinsightsanalysis.json +++ b/src/schema/aws-ec2-networkinsightsanalysis.json @@ -702,5 +702,16 @@ "NetworkInsightsPathId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-ni.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::NetworkInsightsAnalysis" } diff --git a/src/schema/aws-ec2-networkinsightspath.json b/src/schema/aws-ec2-networkinsightspath.json index e8d24ed5..2d53d6b7 100644 --- a/src/schema/aws-ec2-networkinsightspath.json +++ b/src/schema/aws-ec2-networkinsightspath.json @@ -177,5 +177,16 @@ "Source" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-ni.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::NetworkInsightsPath" } diff --git a/src/schema/aws-ec2-networkinterface.json b/src/schema/aws-ec2-networkinterface.json index 10523722..1880efff 100644 --- a/src/schema/aws-ec2-networkinterface.json +++ b/src/schema/aws-ec2-networkinterface.json @@ -103,7 +103,8 @@ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:CreateTags", - "ec2:ModifyNetworkInterfaceAttribute" + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifyPublicIpDnsNameOptions" ] }, "delete": { @@ -131,7 +132,8 @@ "ec2:DeleteTags", "ec2:CreateTags", "ec2:UnassignPrivateIpAddresses", - "ec2:AssignPrivateIpAddresses" + "ec2:AssignPrivateIpAddresses", + "ec2:ModifyPublicIpDnsNameOptions" ] } }, @@ -273,6 +275,16 @@ "SubnetId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2/networkinterface", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::NetworkInterface" } diff --git a/src/schema/aws-ec2-placementgroup.json b/src/schema/aws-ec2-placementgroup.json index fd8042da..be9698b3 100644 --- a/src/schema/aws-ec2-placementgroup.json +++ b/src/schema/aws-ec2-placementgroup.json @@ -93,6 +93,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": false, "taggable": true }, diff --git a/src/schema/aws-ec2-prefixlist.json b/src/schema/aws-ec2-prefixlist.json index bbc67fd2..d2151f9c 100644 --- a/src/schema/aws-ec2-prefixlist.json +++ b/src/schema/aws-ec2-prefixlist.json @@ -143,7 +143,12 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "EC2:DeleteTags", + "EC2:CreateTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/mapping/aws/resource/appconfig/aws-appconfig-extensionassociation.json b/src/schema/aws-ec2-routeserver.json similarity index 57% rename from src/mapping/aws/resource/appconfig/aws-appconfig-extensionassociation.json rename to src/schema/aws-ec2-routeserver.json index 6833dfe8..83cd7bbb 100644 --- a/src/mapping/aws/resource/appconfig/aws-appconfig-extensionassociation.json +++ b/src/schema/aws-ec2-routeserver.json @@ -1,12 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/ExtensionIdentifier", - "/properties/ResourceIdentifier", - "/properties/ExtensionVersionNumber", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/AmazonSideAsn" ], "definitions": { "Tag": { @@ -33,35 +28,44 @@ "type": "object" } }, - "description": "An example resource schema demonstrating some basic constructs and validation rules.", + "description": "VPC Route Server", "handlers": { "create": { "permissions": [ - "appconfig:CreateExtensionAssociation", - "appconfig:TagResource" + "ec2:CreateRouteServer", + "ec2:CreateTags", + "ec2:DescribeRouteServers", + "sns:CreateTopic" ] }, "delete": { "permissions": [ - "appconfig:DeleteExtensionAssociation", - "appconfig:UntagResource" + "ec2:DescribeTags", + "ec2:DescribeRouteServers", + "ec2:DeleteRouteServer", + "ec2:DeleteTags", + "sns:DeleteTopic" ] }, "list": { "permissions": [ - "appconfig:ListExtensionAssociations" + "ec2:DescribeTags", + "ec2:DescribeRouteServers" ] }, "read": { "permissions": [ - "appconfig:GetExtensionAssociation" + "ec2:DescribeRouteServers", + "ec2:DescribeTags" ] }, "update": { "permissions": [ - "appconfig:UpdateExtensionAssociation", - "appconfig:TagResource", - "appconfig:UntagResource" + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeRouteServers", + "ec2:DescribeTags", + "ec2:ModifyRouteServer" ] } }, @@ -69,35 +73,39 @@ "/properties/Id" ], "properties": { + "AmazonSideAsn": { + "description": "The Amazon-side ASN of the Route Server.", + "format": "int64", + "maximum": 4294967294, + "minimum": 1, + "type": "integer" + }, "Arn": { + "description": "The Amazon Resource Name (ARN) of the Route Server.", "type": "string" }, - "ExtensionArn": { + "Id": { + "description": "The ID of the Route Server.", "type": "string" }, - "ExtensionIdentifier": { + "PersistRoutes": { + "description": "Whether to enable persistent routes", + "enum": [ + "enable", + "disable" + ], "type": "string" }, - "ExtensionVersionNumber": { + "PersistRoutesDuration": { + "description": "The duration of persistent routes in minutes", + "format": "int64", + "maximum": 5, + "minimum": 0, "type": "integer" }, - "Id": { - "type": "string" - }, - "Parameters": { - "additionalProperties": false, - "patternProperties": { - "^.+$": { - "type": "string" - } - }, - "type": "object" - }, - "ResourceArn": { - "type": "string" - }, - "ResourceIdentifier": { - "type": "string" + "SnsNotificationsEnabled": { + "description": "Whether to enable SNS notifications", + "type": "boolean" }, "Tags": { "description": "An array of key-value pairs to apply to this resource.", @@ -110,25 +118,27 @@ } }, "readOnlyProperties": [ - "/properties/Id", "/properties/Arn", - "/properties/ResourceArn", - "/properties/ExtensionArn" + "/properties/Id" + ], + "required": [ + "AmazonSideAsn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::AppConfig::ExtensionAssociation", + "typeName": "AWS::EC2::RouteServer", "writeOnlyProperties": [ - "/properties/ExtensionIdentifier", - "/properties/ResourceIdentifier", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/PersistRoutesDuration" ] } diff --git a/src/schema/aws-ec2-routeserverassociation.json b/src/schema/aws-ec2-routeserverassociation.json new file mode 100644 index 00000000..b14bf6c6 --- /dev/null +++ b/src/schema/aws-ec2-routeserverassociation.json @@ -0,0 +1,60 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/RouteServerId", + "/properties/VpcId" + ], + "definitions": {}, + "description": "VPC Route Server Association", + "handlers": { + "create": { + "permissions": [ + "ec2:AssociateRouteServer", + "ec2:GetRouteServerAssociations" + ] + }, + "delete": { + "permissions": [ + "ec2:GetRouteServerAssociations", + "ec2:DisassociateRouteServer" + ] + }, + "list": { + "permissions": [ + "ec2:DescribeRouteServers", + "ec2:GetRouteServerAssociations" + ] + }, + "read": { + "permissions": [ + "ec2:GetRouteServerAssociations" + ] + } + }, + "primaryIdentifier": [ + "/properties/RouteServerId", + "/properties/VpcId" + ], + "properties": { + "RouteServerId": { + "description": "Route Server ID", + "type": "string" + }, + "VpcId": { + "description": "VPC ID", + "type": "string" + } + }, + "required": [ + "RouteServerId", + "VpcId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::EC2::RouteServerAssociation" +} diff --git a/src/schema/aws-ec2-routeserverendpoint.json b/src/schema/aws-ec2-routeserverendpoint.json new file mode 100644 index 00000000..edad254c --- /dev/null +++ b/src/schema/aws-ec2-routeserverendpoint.json @@ -0,0 +1,147 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/RouteServerId", + "/properties/SubnetId" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "VPC Route Server Endpoint", + "handlers": { + "create": { + "permissions": [ + "ec2:CreateRouteServerEndpoint", + "ec2:CreateTags", + "ec2:DescribeRouteServerEndpoints", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:AuthorizeSecurityGroupIngress" + ] + }, + "delete": { + "permissions": [ + "ec2:DescribeTags", + "ec2:DescribeRouteServerEndpoints", + "ec2:DeleteRouteServerEndpoint", + "ec2:DeleteTags", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:RevokeSecurityGroupIngress" + ] + }, + "list": { + "permissions": [ + "ec2:DescribeTags", + "ec2:DescribeRouteServerEndpoints" + ] + }, + "read": { + "permissions": [ + "ec2:DescribeRouteServerEndpoints", + "ec2:DescribeTags" + ] + }, + "update": { + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeRouteServerEndpoints", + "ec2:DescribeTags", + "ec2:ModifyRouteServerEndpoint" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "Arn": { + "description": "The Amazon Resource Name (ARN) of the Route Server Endpoint.", + "type": "string" + }, + "EniAddress": { + "description": "Elastic Network Interface IP address owned by the Route Server Endpoint", + "type": "string" + }, + "EniId": { + "description": "Elastic Network Interface ID owned by the Route Server Endpoint", + "type": "string" + }, + "Id": { + "description": "The ID of the Route Server Endpoint.", + "type": "string" + }, + "RouteServerId": { + "description": "Route Server ID", + "type": "string" + }, + "SubnetId": { + "description": "Subnet ID", + "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + }, + "VpcId": { + "description": "VPC ID", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Id", + "/properties/EniId", + "/properties/EniAddress", + "/properties/VpcId" + ], + "required": [ + "RouteServerId", + "SubnetId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::EC2::RouteServerEndpoint" +} diff --git a/src/schema/aws-ec2-routeserverpeer.json b/src/schema/aws-ec2-routeserverpeer.json new file mode 100644 index 00000000..59b22868 --- /dev/null +++ b/src/schema/aws-ec2-routeserverpeer.json @@ -0,0 +1,177 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/RouteServerEndpointId", + "/properties/PeerAddress", + "/properties/BgpOptions" + ], + "definitions": { + "BgpOptions": { + "additionalProperties": false, + "description": "BGP Options", + "properties": { + "PeerAsn": { + "description": "BGP ASN of the Route Server Peer", + "format": "int64", + "maximum": 4294967294, + "minimum": 1, + "type": "integer" + }, + "PeerLivenessDetection": { + "description": "BGP Liveness Detection", + "enum": [ + "bfd", + "bgp-keepalive" + ], + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "VPC Route Server Peer", + "handlers": { + "create": { + "permissions": [ + "ec2:CreateRouteServerPeer", + "ec2:CreateTags", + "ec2:DescribeRouteServerPeers", + "ec2:AuthorizeSecurityGroupIngress" + ] + }, + "delete": { + "permissions": [ + "ec2:DescribeTags", + "ec2:DescribeRouteServerPeers", + "ec2:DeleteRouteServerPeer", + "ec2:DeleteTags", + "ec2:RevokeSecurityGroupIngress" + ] + }, + "list": { + "permissions": [ + "ec2:DescribeTags", + "ec2:DescribeRouteServerPeers" + ] + }, + "read": { + "permissions": [ + "ec2:DescribeRouteServerPeers", + "ec2:DescribeTags" + ] + }, + "update": { + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeRouteServerPeers", + "ec2:DescribeTags", + "ec2:ModifyRouteServerPeer" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "Arn": { + "description": "The Amazon Resource Name (ARN) of the Route Server Peer.", + "type": "string" + }, + "BgpOptions": { + "$ref": "#/definitions/BgpOptions" + }, + "EndpointEniAddress": { + "description": "Elastic Network Interface IP address owned by the Route Server Endpoint", + "type": "string" + }, + "EndpointEniId": { + "description": "Elastic Network Interface ID owned by the Route Server Endpoint", + "type": "string" + }, + "Id": { + "description": "The ID of the Route Server Peer.", + "type": "string" + }, + "PeerAddress": { + "description": "IP address of the Route Server Peer", + "type": "string" + }, + "RouteServerEndpointId": { + "description": "Route Server Endpoint ID", + "type": "string" + }, + "RouteServerId": { + "description": "Route Server ID", + "type": "string" + }, + "SubnetId": { + "description": "Subnet ID", + "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + }, + "VpcId": { + "description": "VPC ID", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Id", + "/properties/RouteServerId", + "/properties/EndpointEniId", + "/properties/EndpointEniAddress", + "/properties/SubnetId", + "/properties/VpcId" + ], + "required": [ + "RouteServerEndpointId", + "PeerAddress", + "BgpOptions" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::EC2::RouteServerPeer" +} diff --git a/src/schema/aws-ec2-routeserverpropagation.json b/src/schema/aws-ec2-routeserverpropagation.json new file mode 100644 index 00000000..4224e02f --- /dev/null +++ b/src/schema/aws-ec2-routeserverpropagation.json @@ -0,0 +1,60 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/RouteServerId", + "/properties/RouteTableId" + ], + "definitions": {}, + "description": "VPC Route Server Propagation", + "handlers": { + "create": { + "permissions": [ + "ec2:EnableRouteServerPropagation", + "ec2:GetRouteServerPropagations" + ] + }, + "delete": { + "permissions": [ + "ec2:GetRouteServerPropagations", + "ec2:DisableRouteServerPropagation" + ] + }, + "list": { + "permissions": [ + "ec2:DescribeRouteServers", + "ec2:GetRouteServerPropagations" + ] + }, + "read": { + "permissions": [ + "ec2:GetRouteServerPropagations" + ] + } + }, + "primaryIdentifier": [ + "/properties/RouteServerId", + "/properties/RouteTableId" + ], + "properties": { + "RouteServerId": { + "description": "Route Server ID", + "type": "string" + }, + "RouteTableId": { + "description": "Route Table ID", + "type": "string" + } + }, + "required": [ + "RouteServerId", + "RouteTableId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::EC2::RouteServerPropagation" +} diff --git a/src/schema/aws-ec2-routetable.json b/src/schema/aws-ec2-routetable.json index 7a3a01f5..4e49e7c1 100644 --- a/src/schema/aws-ec2-routetable.json +++ b/src/schema/aws-ec2-routetable.json @@ -6,7 +6,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -88,6 +88,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-securitygroup.json b/src/schema/aws-ec2-securitygroup.json index 727a4e60..a4f39c2b 100644 --- a/src/schema/aws-ec2-securitygroup.json +++ b/src/schema/aws-ec2-securitygroup.json @@ -113,6 +113,7 @@ }, "delete": { "permissions": [ + "ec2:DescribeSecurityGroups", "ec2:DeleteSecurityGroup", "ec2:DescribeInstances" ] @@ -208,6 +209,10 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-securitygroupvpcassociation.json b/src/schema/aws-ec2-securitygroupvpcassociation.json new file mode 100644 index 00000000..e3c2829a --- /dev/null +++ b/src/schema/aws-ec2-securitygroupvpcassociation.json @@ -0,0 +1,85 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/GroupId", + "/properties/VpcId" + ], + "definitions": { + "SecurityGroupVpcAssociationState": { + "additionalProperties": false, + "enum": [ + "associating", + "associated", + "association-failed", + "disassociating", + "disassociated", + "disassociation-failed" + ], + "type": "string" + } + }, + "description": "Resource type definition for the AWS::EC2::SecurityGroupVpcAssociation resource", + "handlers": { + "create": { + "permissions": [ + "ec2:AssociateSecurityGroupVpc", + "ec2:DescribeSecurityGroupVpcAssociations" + ] + }, + "delete": { + "permissions": [ + "ec2:DisassociateSecurityGroupVpc", + "ec2:DescribeSecurityGroupVpcAssociations" + ] + }, + "list": { + "permissions": [ + "ec2:DescribeSecurityGroupVpcAssociations" + ] + }, + "read": { + "permissions": [ + "ec2:DescribeSecurityGroupVpcAssociations" + ] + } + }, + "primaryIdentifier": [ + "/properties/GroupId", + "/properties/VpcId" + ], + "properties": { + "GroupId": { + "description": "The group ID of the specified security group.", + "type": "string" + }, + "State": { + "$ref": "#/definitions/SecurityGroupVpcAssociationState", + "description": "The state of the security group vpc association." + }, + "StateReason": { + "description": "The reason for the state of the security group vpc association.", + "type": "string" + }, + "VpcId": { + "description": "The ID of the VPC in the security group vpc association.", + "type": "string" + }, + "VpcOwnerId": { + "description": "The owner of the VPC in the security group vpc association.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/VpcOwnerId", + "/properties/State", + "/properties/StateReason" + ], + "required": [ + "GroupId", + "VpcId" + ], + "tagging": { + "taggable": false + }, + "typeName": "AWS::EC2::SecurityGroupVpcAssociation" +} diff --git a/src/schema/aws-ec2-spotfleet.json b/src/schema/aws-ec2-spotfleet.json index 00d88ffa..f4dd478a 100644 --- a/src/schema/aws-ec2-spotfleet.json +++ b/src/schema/aws-ec2-spotfleet.json @@ -58,6 +58,15 @@ }, "type": "object" }, + "BaselinePerformanceFactorsRequest": { + "additionalProperties": false, + "properties": { + "Cpu": { + "$ref": "#/definitions/CpuPerformanceFactorRequest" + } + }, + "type": "object" + }, "BlockDeviceMapping": { "additionalProperties": false, "properties": { @@ -107,6 +116,19 @@ ], "type": "object" }, + "CpuPerformanceFactorRequest": { + "additionalProperties": false, + "properties": { + "References": { + "items": { + "$ref": "#/definitions/PerformanceFactorReferenceRequest" + }, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" + }, "EbsBlockDevice": { "additionalProperties": false, "properties": { @@ -322,6 +344,9 @@ "BaselineEbsBandwidthMbps": { "$ref": "#/definitions/BaselineEbsBandwidthMbpsRequest" }, + "BaselinePerformanceFactors": { + "$ref": "#/definitions/BaselinePerformanceFactorsRequest" + }, "BurstablePerformance": { "enum": [ "included", @@ -335,7 +360,8 @@ "enum": [ "intel", "amd", - "amazon-web-services" + "amazon-web-services", + "apple" ], "type": "string" }, @@ -518,6 +544,15 @@ }, "type": "object" }, + "PerformanceFactorReferenceRequest": { + "additionalProperties": false, + "properties": { + "InstanceFamily": { + "type": "string" + } + }, + "type": "object" + }, "PrivateIpAddressSpecification": { "additionalProperties": false, "properties": { diff --git a/src/schema/aws-ec2-subnet.json b/src/schema/aws-ec2-subnet.json index 0091443f..42a2f274 100644 --- a/src/schema/aws-ec2-subnet.json +++ b/src/schema/aws-ec2-subnet.json @@ -18,7 +18,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -96,7 +96,7 @@ "type": "string" }, "EnableDns64": { - "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see [DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) in the *User Guide*.", + "description": "Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.\n You must first configure a NAT gateway in a public subnet (separate from the subnet containing the IPv6-only workloads). For example, the subnet containing the NAT gateway should have a ``0.0.0.0/0`` route pointing to the internet gateway. For more information, see [Configure DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-nat64-dns64.html#nat-gateway-nat64-dns64-walkthrough) in the *User Guide*.", "type": "boolean" }, "EnableLniAtDeviceIndex": { @@ -116,7 +116,7 @@ "type": "string" }, "Ipv6CidrBlocks": { - "description": "The IPv6 network ranges for the subnet, in CIDR notation.", + "description": "", "items": { "type": "string" }, @@ -182,13 +182,18 @@ }, "readOnlyProperties": [ "/properties/NetworkAclAssociationId", - "/properties/SubnetId" + "/properties/SubnetId", + "/properties/Ipv6CidrBlocks" ], "required": [ "VpcId" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-subnetcidrblock.json b/src/schema/aws-ec2-subnetcidrblock.json index 3a0342fc..401ac1d5 100644 --- a/src/schema/aws-ec2-subnetcidrblock.json +++ b/src/schema/aws-ec2-subnetcidrblock.json @@ -40,6 +40,14 @@ "description": "Information about the IPv6 association.", "type": "string" }, + "IpSource": { + "description": "The IP Source of an IPv6 Subnet CIDR Block.", + "type": "string" + }, + "Ipv6AddressAttribute": { + "description": "The value denoting whether an IPv6 Subnet CIDR Block is public or private.", + "type": "string" + }, "Ipv6CidrBlock": { "description": "The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length", "maxLength": 42, @@ -64,7 +72,9 @@ "/properties/Ipv6CidrBlock": "$join([$match($replace(Ipv6CidrBlock, /(^|:)(0{1,4})([0-9a-fA-F]{1,4})/, \"$1$3\"), /^([0-9a-fA-F]{1,4}:){4}/).match, \":/64\"])" }, "readOnlyProperties": [ - "/properties/Id" + "/properties/Id", + "/properties/Ipv6AddressAttribute", + "/properties/IpSource" ], "required": [ "SubnetId" diff --git a/src/schema/aws-ec2-transitgateway.json b/src/schema/aws-ec2-transitgateway.json index 42d54080..841d1763 100644 --- a/src/schema/aws-ec2-transitgateway.json +++ b/src/schema/aws-ec2-transitgateway.json @@ -29,47 +29,27 @@ "ec2:CreateTransitGateway", "ec2:CreateTags", "ec2:DescribeTransitGateways", - "ec2:DescribeTags", - "ec2:DeleteTransitGateway", - "ec2:DeleteTags", - "ec2:ModifyTransitGateway", - "ec2:ModifyTransitGatewayOptions" + "ec2:DescribeTags" ] }, "delete": { "permissions": [ - "ec2:CreateTransitGateway", - "ec2:CreateTags", "ec2:DescribeTransitGateways", "ec2:DescribeTags", "ec2:DeleteTransitGateway", - "ec2:DeleteTags", - "ec2:ModifyTransitGateway", - "ec2:ModifyTransitGatewayOptions" + "ec2:DeleteTags" ] }, "list": { "permissions": [ - "ec2:CreateTransitGateway", - "ec2:CreateTags", "ec2:DescribeTransitGateways", - "ec2:DescribeTags", - "ec2:DeleteTransitGateway", - "ec2:DeleteTags", - "ec2:ModifyTransitGateway", - "ec2:ModifyTransitGatewayOptions" + "ec2:DescribeTags" ] }, "read": { "permissions": [ - "ec2:CreateTransitGateway", - "ec2:CreateTags", "ec2:DescribeTransitGateways", - "ec2:DescribeTags", - "ec2:DeleteTransitGateway", - "ec2:DeleteTags", - "ec2:ModifyTransitGateway", - "ec2:ModifyTransitGatewayOptions" + "ec2:DescribeTags" ] }, "update": { @@ -120,6 +100,9 @@ "PropagationDefaultRouteTableId": { "type": "string" }, + "SecurityGroupReferencingSupport": { + "type": "string" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -146,6 +129,14 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgateway", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::EC2::TransitGateway" diff --git a/src/schema/aws-ec2-transitgatewayattachment.json b/src/schema/aws-ec2-transitgatewayattachment.json index 742018a1..994129bb 100644 --- a/src/schema/aws-ec2-transitgatewayattachment.json +++ b/src/schema/aws-ec2-transitgatewayattachment.json @@ -26,58 +26,34 @@ "handlers": { "create": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:CreateTransitGatewayVpcAttachment", - "ec2:DeleteTransitGatewayVpcAttachment", "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:DescribeTags", - "ec2:DescribeTransitGatewayAttachments", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "delete": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:CreateTransitGatewayVpcAttachment", "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:CreateTags", "ec2:DeleteTags", - "ec2:DescribeTags", - "ec2:DescribeTransitGatewayAttachments", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "list": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTags", - "ec2:CreateTransitGatewayVpcAttachment", - "ec2:CreateTags", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:DeleteTags", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "read": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:CreateTransitGatewayVpcAttachment", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:DescribeTags", - "ec2:DescribeTransitGatewayAttachments", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "update": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTags", "ec2:CreateTransitGatewayVpcAttachment", @@ -121,6 +97,10 @@ "SubnetIds": { "insertionOrder": false, "items": { + "relationshipRef": { + "propertyPath": "/properties/SubnetId", + "typeName": "AWS::EC2::Subnet" + }, "type": "string" }, "type": "array", @@ -152,6 +132,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgateway", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-transitgatewayconnect.json b/src/schema/aws-ec2-transitgatewayconnect.json index 2743213b..87ea898e 100644 --- a/src/schema/aws-ec2-transitgatewayconnect.json +++ b/src/schema/aws-ec2-transitgatewayconnect.json @@ -36,31 +36,36 @@ "permissions": [ "ec2:CreateTransitGatewayConnect", "ec2:DescribeTransitGatewayConnects", - "ec2:CreateTags" + "ec2:CreateTags", + "ec2:DescribeTags" ] }, "delete": { "permissions": [ "ec2:DeleteTransitGatewayConnect", "ec2:DescribeTransitGatewayConnects", - "ec2:DeleteTags" + "ec2:DeleteTags", + "ec2:DescribeTags" ] }, "list": { "permissions": [ - "ec2:DescribeTransitGatewayConnects" + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTags" ] }, "read": { "permissions": [ - "ec2:DescribeTransitGatewayConnects" + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTags" ] }, "update": { "permissions": [ "ec2:DescribeTransitGatewayConnects", "ec2:DeleteTags", - "ec2:CreateTags" + "ec2:CreateTags", + "ec2:DescribeTags" ] } }, @@ -111,5 +116,16 @@ "Options" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-myservice", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::TransitGatewayConnect" } diff --git a/src/schema/aws-ec2-transitgatewaymulticastdomain.json b/src/schema/aws-ec2-transitgatewaymulticastdomain.json index 03420f06..e863ce42 100644 --- a/src/schema/aws-ec2-transitgatewaymulticastdomain.json +++ b/src/schema/aws-ec2-transitgatewaymulticastdomain.json @@ -25,31 +25,36 @@ "permissions": [ "ec2:DescribeTransitGatewayMulticastDomains", "ec2:CreateTransitGatewayMulticastDomain", - "ec2:CreateTags" + "ec2:CreateTags", + "ec2:DescribeTags" ] }, "delete": { "permissions": [ "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DeleteTransitGatewayMulticastDomain", - "ec2:DeleteTags" + "ec2:DeleteTags", + "ec2:DescribeTags" ] }, "list": { "permissions": [ - "ec2:DescribeTransitGatewayMulticastDomains" + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTags" ] }, "read": { "permissions": [ - "ec2:DescribeTransitGatewayMulticastDomains" + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTags" ] }, "update": { "permissions": [ "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DeleteTags", - "ec2:CreateTags" + "ec2:CreateTags", + "ec2:DescribeTags" ] } }, @@ -115,5 +120,16 @@ "TransitGatewayId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgateway/aws-ec2-transitgatewaymulticastdomain", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::TransitGatewayMulticastDomain" } diff --git a/src/schema/aws-ec2-transitgatewaymulticastdomainassociation.json b/src/schema/aws-ec2-transitgatewaymulticastdomainassociation.json index 7809b181..cdecddc8 100644 --- a/src/schema/aws-ec2-transitgatewaymulticastdomainassociation.json +++ b/src/schema/aws-ec2-transitgatewaymulticastdomainassociation.json @@ -72,5 +72,11 @@ "SubnetId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-myservice", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::EC2::TransitGatewayMulticastDomainAssociation" } diff --git a/src/schema/aws-ec2-transitgatewaymulticastgroupmember.json b/src/schema/aws-ec2-transitgatewaymulticastgroupmember.json index 76fd921c..3d4c8331 100644 --- a/src/schema/aws-ec2-transitgatewaymulticastgroupmember.json +++ b/src/schema/aws-ec2-transitgatewaymulticastgroupmember.json @@ -20,6 +20,16 @@ ] }, "list": { + "handlerSchema": { + "properties": { + "TransitGatewayMulticastDomainId": { + "$ref": "resource-schema.json#/properties/TransitGatewayMulticastDomainId" + } + }, + "required": [ + "TransitGatewayMulticastDomainId" + ] + }, "permissions": [ "ec2:SearchTransitGatewayMulticastGroups" ] @@ -64,10 +74,6 @@ "description": "The type of resource, for example a VPC attachment.", "type": "string" }, - "SourceType": { - "description": "The source type.", - "type": "string" - }, "SubnetId": { "description": "The ID of the subnet.", "type": "string" @@ -88,7 +94,6 @@ "/properties/GroupSource", "/properties/GroupMember", "/properties/MemberType", - "/properties/SourceType", "/properties/TransitGatewayAttachmentId" ], "required": [ @@ -97,5 +102,11 @@ "TransitGatewayMulticastDomainId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgatewaymulticastdomain/aws-ec2-transitgatewaymulticastgroupsource", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::EC2::TransitGatewayMulticastGroupMember" } diff --git a/src/schema/aws-ec2-transitgatewaymulticastgroupsource.json b/src/schema/aws-ec2-transitgatewaymulticastgroupsource.json index 736b632c..a4cbe8af 100644 --- a/src/schema/aws-ec2-transitgatewaymulticastgroupsource.json +++ b/src/schema/aws-ec2-transitgatewaymulticastgroupsource.json @@ -20,6 +20,16 @@ ] }, "list": { + "handlerSchema": { + "properties": { + "TransitGatewayMulticastDomainId": { + "$ref": "resource-schema.json#/properties/TransitGatewayMulticastDomainId" + } + }, + "required": [ + "TransitGatewayMulticastDomainId" + ] + }, "permissions": [ "ec2:SearchTransitGatewayMulticastGroups" ] @@ -48,10 +58,6 @@ "description": "Indicates that the resource is a transit gateway multicast group member.", "type": "boolean" }, - "MemberType": { - "description": "The member type (for example, static).", - "type": "string" - }, "NetworkInterfaceId": { "description": "The ID of the transit gateway attachment.", "type": "string" @@ -87,7 +93,6 @@ "/properties/ResourceType", "/properties/GroupSource", "/properties/GroupMember", - "/properties/MemberType", "/properties/SourceType", "/properties/TransitGatewayAttachmentId" ], @@ -97,5 +102,11 @@ "GroupIpAddress" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgatewaymulticastdomain/aws-ec2-transitgatewaymulticastgroupsource", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::EC2::TransitGatewayMulticastGroupSource" } diff --git a/src/schema/aws-ec2-transitgatewaypeeringattachment.json b/src/schema/aws-ec2-transitgatewaypeeringattachment.json index de251264..16a9b06a 100644 --- a/src/schema/aws-ec2-transitgatewaypeeringattachment.json +++ b/src/schema/aws-ec2-transitgatewaypeeringattachment.json @@ -41,28 +41,37 @@ "create": { "permissions": [ "ec2:CreateTransitGatewayPeeringAttachment", - "ec2:DescribeTransitGatewayPeeringAttachments" + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:CreateTags", + "ec2:DescribeTags" ] }, "delete": { "permissions": [ "ec2:DeleteTransitGatewayPeeringAttachment", - "ec2:DescribeTransitGatewayPeeringAttachments" + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DeleteTags", + "ec2:DescribeTags" ] }, "list": { "permissions": [ - "ec2:DescribeTransitGatewayPeeringAttachments" + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTags" ] }, "read": { "permissions": [ - "ec2:DescribeTransitGatewayPeeringAttachments" + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTags" ] }, "update": { "permissions": [ - "ec2:DescribeTransitGatewayPeeringAttachments" + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeTags" ] } }, @@ -124,5 +133,16 @@ "PeerRegion" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-myservice", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EC2::TransitGatewayPeeringAttachment" } diff --git a/src/schema/aws-ec2-transitgatewayroutetable.json b/src/schema/aws-ec2-transitgatewayroutetable.json index 6abe4958..e59fad6a 100644 --- a/src/schema/aws-ec2-transitgatewayroutetable.json +++ b/src/schema/aws-ec2-transitgatewayroutetable.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/TransitGatewayId", - "/properties/Tags" + "/properties/TransitGatewayId" ], "definitions": { "Tag": { @@ -50,6 +49,13 @@ "permissions": [ "ec2:DescribeTransitGatewayRouteTables" ] + }, + "update": { + "permissions": [ + "ec2:DescribeTransitGatewayRouteTables", + "ec2:CreateTags", + "ec2:DeleteTags" + ] } }, "primaryIdentifier": [ @@ -83,8 +89,13 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgateway.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, - "tagUpdatable": false, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::EC2::TransitGatewayRouteTable" diff --git a/src/schema/aws-ec2-transitgatewayvpcattachment.json b/src/schema/aws-ec2-transitgatewayvpcattachment.json index cc214dd5..24e1bc3f 100644 --- a/src/schema/aws-ec2-transitgatewayvpcattachment.json +++ b/src/schema/aws-ec2-transitgatewayvpcattachment.json @@ -27,58 +27,34 @@ "handlers": { "create": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:CreateTransitGatewayVpcAttachment", - "ec2:DeleteTransitGatewayVpcAttachment", "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:DescribeTags", - "ec2:DescribeTransitGatewayAttachments", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "delete": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:CreateTransitGatewayVpcAttachment", "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:CreateTags", "ec2:DeleteTags", - "ec2:DescribeTags", - "ec2:DescribeTransitGatewayAttachments", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "list": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTags", - "ec2:CreateTransitGatewayVpcAttachment", - "ec2:CreateTags", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:DeleteTags", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "read": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:CreateTransitGatewayVpcAttachment", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:DescribeTags", - "ec2:DescribeTransitGatewayAttachments", - "ec2:ModifyTransitGatewayVpcAttachment" + "ec2:DescribeTags" ] }, "update": { "permissions": [ - "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTags", "ec2:CreateTransitGatewayVpcAttachment", @@ -119,6 +95,10 @@ "Ipv6Support": { "description": "Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable", "type": "string" + }, + "SecurityGroupReferencingSupport": { + "description": "Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid values: enable | disable", + "type": "string" } }, "type": "object" @@ -165,6 +145,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transitgateway", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-verifiedaccessendpoint.json b/src/schema/aws-ec2-verifiedaccessendpoint.json index 175b241c..57435380 100644 --- a/src/schema/aws-ec2-verifiedaccessendpoint.json +++ b/src/schema/aws-ec2-verifiedaccessendpoint.json @@ -8,9 +8,49 @@ "/properties/EndpointType", "/properties/SecurityGroupIds", "/properties/NetworkInterfaceOptions/NetworkInterfaceId", - "/properties/LoadBalancerOptions/LoadBalancerArn" + "/properties/LoadBalancerOptions/LoadBalancerArn", + "/properties/RdsOptions/Protocol", + "/properties/RdsOptions/RdsDbInstanceArn", + "/properties/RdsOptions/RdsDbClusterArn", + "/properties/RdsOptions/RdsDbProxyArn", + "/properties/CidrOptions/Cidr", + "/properties/CidrOptions/Protocol", + "/properties/CidrOptions/SubnetIds" ], "definitions": { + "CidrOptions": { + "additionalProperties": false, + "description": "The options for cidr type endpoint.", + "properties": { + "Cidr": { + "description": "The IP address range, in CIDR notation.", + "type": "string" + }, + "PortRanges": { + "description": "The list of port range.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PortRange" + }, + "type": "array", + "uniqueItems": true + }, + "Protocol": { + "description": "The IP protocol.", + "type": "string" + }, + "SubnetIds": { + "description": "The IDs of the subnets.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SubnetId" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "LoadBalancerOptions": { "additionalProperties": false, "description": "The load balancer details if creating the AWS Verified Access endpoint as load-balancertype.", @@ -25,6 +65,15 @@ "minimum": 1, "type": "integer" }, + "PortRanges": { + "description": "The list of port range.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PortRange" + }, + "type": "array", + "uniqueItems": true + }, "Protocol": { "description": "The IP protocol.", "type": "string" @@ -49,6 +98,51 @@ "description": "The ID of the network interface.", "type": "string" }, + "Port": { + "description": "The IP port number.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "PortRanges": { + "description": "The list of port ranges.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PortRange" + }, + "type": "array", + "uniqueItems": true + }, + "Protocol": { + "description": "The IP protocol.", + "type": "string" + } + }, + "type": "object" + }, + "PortRange": { + "additionalProperties": false, + "description": "The IP port range.", + "properties": { + "FromPort": { + "description": "The first port in the range.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "ToPort": { + "description": "The last port in the range.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, + "RdsOptions": { + "additionalProperties": false, + "description": "The options for rds type endpoint.", + "properties": { "Port": { "description": "The IP port number.", "maximum": 65535, @@ -58,6 +152,31 @@ "Protocol": { "description": "The IP protocol.", "type": "string" + }, + "RdsDbClusterArn": { + "description": "The ARN of the RDS DB cluster.", + "type": "string" + }, + "RdsDbInstanceArn": { + "description": "The ARN of the RDS DB instance.", + "type": "string" + }, + "RdsDbProxyArn": { + "description": "The ARN of the RDS DB proxy.", + "type": "string" + }, + "RdsEndpoint": { + "description": "The RDS endpoint.", + "type": "string" + }, + "SubnetIds": { + "description": "The IDs of the subnets.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SubnetId" + }, + "type": "array", + "uniqueItems": true } }, "type": "object" @@ -115,110 +234,59 @@ "permissions": [ "ec2:CreateVerifiedAccessEndpoint", "ec2:DescribeVerifiedAccessEndpoints", - "ec2:CreateTags", - "ec2:DescribeTags", - "iam:CreateServiceLinkedRole", - "iam:ListRoles", - "acm:GetCertificateWithPK", - "acm:DescribeCertificate", - "acm:CreateCertificateRelation", - "sso:GetManagedApplicationInstance", - "sso:GetPeregrineStatus", - "sso:GetSharedSsoConfiguration", - "sso:CreateManagedApplicationInstance", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAccountAttributes", + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DescribeVpcs", + "ec2:GetVerifiedAccessEndpointPolicy", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeListenerCertificates", - "acm:DeleteCertificateRelation", - "ec2:DeleteTags", - "ec2:DeleteVerifiedAccessEndpoint", - "ec2:GetVerifiedAccessEndpointPolicy", - "ec2:ModifyVerifiedAccessEndpoint", - "ec2:ModifyVerifiedAccessEndpointPolicy", + "iam:CreateServiceLinkedRole", + "acm:DescribeCertificate", + "sso:PutApplicationAccessScope", + "sso:GetSharedSsoConfiguration", + "sso:CreateManagedApplicationInstance", "sso:DeleteManagedApplicationInstance", "kms:DescribeKey", + "kms:GenerateDataKey", "kms:RetireGrant", "kms:CreateGrant", - "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "rds:DescribeDbInstances", + "rds:DescribeDbProxies", + "rds:DescribeDbClusters", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeVpcEndpointServiceConfigurations" ], - "timeoutInMinutes": 60 + "timeoutInMinutes": 600 }, "delete": { "permissions": [ "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeTags", "ec2:DeleteVerifiedAccessEndpoint", + "ec2:GetVerifiedAccessEndpointPolicy", + "ec2:DescribeTags", "ec2:DeleteTags", "sso:DeleteManagedApplicationInstance", - "acm:DeleteCertificateRelation", - "acm:DescribeCertificate", - "acm:CreateCertificateRelation", - "acm:GetCertificateWithPK", - "ec2:CreateTags", - "ec2:CreateVerifiedAccessEndpoint", - "ec2:DescribeAccountAttributes", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetVerifiedAccessEndpointPolicy", - "ec2:ModifyVerifiedAccessEndpoint", - "ec2:ModifyVerifiedAccessEndpointPolicy", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "iam:CreateServiceLinkedRole", - "iam:ListRoles", - "sso:CreateManagedApplicationInstance", - "sso:GetManagedApplicationInstance", - "sso:GetPeregrineStatus", - "sso:GetSharedSsoConfiguration", "kms:DescribeKey", "kms:RetireGrant", - "kms:CreateGrant", - "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "kms:GenerateDataKey" ], "timeoutInMinutes": 60 }, "list": { "permissions": [ "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeTags", - "acm:CreateCertificateRelation", - "acm:DeleteCertificateRelation", - "acm:DescribeCertificate", - "acm:GetCertificateWithPK", - "ec2:CreateTags", - "ec2:CreateVerifiedAccessEndpoint", - "ec2:DeleteTags", - "ec2:DeleteVerifiedAccessEndpoint", - "ec2:DescribeAccountAttributes", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", "ec2:GetVerifiedAccessEndpointPolicy", - "ec2:ModifyVerifiedAccessEndpoint", - "ec2:ModifyVerifiedAccessEndpointPolicy", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "iam:CreateServiceLinkedRole", - "iam:ListRoles", - "sso:CreateManagedApplicationInstance", - "sso:DeleteManagedApplicationInstance", - "sso:GetManagedApplicationInstance", - "sso:GetPeregrineStatus", - "sso:GetSharedSsoConfiguration", + "ec2:DescribeTags", "kms:DescribeKey", - "kms:RetireGrant", - "kms:CreateGrant", - "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "kms:GenerateDataKey" ] }, "read": { @@ -226,35 +294,9 @@ "ec2:DescribeVerifiedAccessEndpoints", "ec2:GetVerifiedAccessEndpointPolicy", "ec2:DescribeTags", - "acm:CreateCertificateRelation", - "acm:DeleteCertificateRelation", - "acm:DescribeCertificate", - "acm:GetCertificateWithPK", - "ec2:CreateTags", - "ec2:CreateVerifiedAccessEndpoint", - "ec2:DeleteTags", - "ec2:DeleteVerifiedAccessEndpoint", - "ec2:DescribeAccountAttributes", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:ModifyVerifiedAccessEndpoint", - "ec2:ModifyVerifiedAccessEndpointPolicy", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "iam:CreateServiceLinkedRole", - "iam:ListRoles", - "sso:CreateManagedApplicationInstance", - "sso:DeleteManagedApplicationInstance", - "sso:GetManagedApplicationInstance", - "sso:GetPeregrineStatus", - "sso:GetSharedSsoConfiguration", "kms:DescribeKey", - "kms:RetireGrant", - "kms:CreateGrant", - "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "kms:GenerateDataKey" ] }, "update": { @@ -263,34 +305,24 @@ "ec2:ModifyVerifiedAccessEndpointPolicy", "ec2:DescribeVerifiedAccessEndpoints", "ec2:GetVerifiedAccessEndpointPolicy", - "ec2:DescribeTags", - "ec2:DeleteTags", - "ec2:CreateTags", - "acm:GetCertificateWithPK", - "acm:DescribeCertificate", - "acm:CreateCertificateRelation", - "acm:DeleteCertificateRelation", - "sso:GetManagedApplicationInstance", - "sso:GetPeregrineStatus", - "sso:GetSharedSsoConfiguration", - "sso:CreateManagedApplicationInstance", - "sso:DeleteManagedApplicationInstance", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", - "ec2:DescribeAccountAttributes", + "ec2:DescribeVpcs", + "ec2:DescribeTags", + "ec2:DeleteTags", + "ec2:CreateTags", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeListenerCertificates", - "ec2:CreateVerifiedAccessEndpoint", - "ec2:DeleteVerifiedAccessEndpoint", - "iam:CreateServiceLinkedRole", - "iam:ListRoles", "kms:DescribeKey", + "kms:GenerateDataKey", "kms:RetireGrant", "kms:CreateGrant", - "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "rds:DescribeDbInstances", + "rds:DescribeDbProxies", + "rds:DescribeDbClusters" ], "timeoutInMinutes": 60 } @@ -307,6 +339,10 @@ "description": "The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.", "type": "string" }, + "CidrOptions": { + "$ref": "#/definitions/CidrOptions", + "description": "The options for cidr type endpoint." + }, "CreationTime": { "description": "The creation time.", "type": "string" @@ -355,6 +391,10 @@ "description": "The status of the Verified Access policy.", "type": "boolean" }, + "RdsOptions": { + "$ref": "#/definitions/RdsOptions", + "description": "The options for rds type endpoint." + }, "SecurityGroupIds": { "description": "The IDs of the security groups for the endpoint.", "insertionOrder": false, @@ -404,16 +444,18 @@ "/properties/VerifiedAccessInstanceId" ], "required": [ - "ApplicationDomain", "AttachmentType", - "DomainCertificateArn", "EndpointType", - "VerifiedAccessGroupId", - "EndpointDomainPrefix" + "VerifiedAccessGroupId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-verified-access.aws-ec2-verifiedaccessendpoint", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-verifiedaccessgroup.json b/src/schema/aws-ec2-verifiedaccessgroup.json index 2fddb872..69145a2a 100644 --- a/src/schema/aws-ec2-verifiedaccessgroup.json +++ b/src/schema/aws-ec2-verifiedaccessgroup.json @@ -176,6 +176,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-verified-access.aws-ec2-verifiedaccessgroup", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-verifiedaccessinstance.json b/src/schema/aws-ec2-verifiedaccessinstance.json index 560e963f..764ddef4 100644 --- a/src/schema/aws-ec2-verifiedaccessinstance.json +++ b/src/schema/aws-ec2-verifiedaccessinstance.json @@ -1,6 +1,10 @@ { "additionalProperties": false, "definitions": { + "Nameserver": { + "description": "The value of the name server", + "type": "string" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -224,6 +228,18 @@ "/properties/VerifiedAccessInstanceId" ], "properties": { + "CidrEndpointsCustomSubDomain": { + "description": "Introduce CidrEndpointsCustomSubDomain property to represent the domain (say, ava.my-company.com)", + "type": "string" + }, + "CidrEndpointsCustomSubDomainNameServers": { + "description": "Property to represent the name servers assoicated with the domain that AVA manages (say, ['ns1.amazonaws.com', 'ns2.amazonaws.com', 'ns3.amazonaws.com', 'ns4.amazonaws.com']).", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Nameserver" + }, + "type": "array" + }, "CreationTime": { "description": "Time this Verified Access Instance was created.", "type": "string" @@ -279,11 +295,17 @@ "readOnlyProperties": [ "/properties/VerifiedAccessInstanceId", "/properties/CreationTime", - "/properties/LastUpdatedTime" + "/properties/LastUpdatedTime", + "/properties/CidrEndpointsCustomSubDomainNameServers" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-verified-access.aws-ec2-verifiedaccessinstance", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-verifiedaccesstrustprovider.json b/src/schema/aws-ec2-verifiedaccesstrustprovider.json index 89ebab3f..f20acffc 100644 --- a/src/schema/aws-ec2-verifiedaccesstrustprovider.json +++ b/src/schema/aws-ec2-verifiedaccesstrustprovider.json @@ -23,6 +23,45 @@ }, "type": "object" }, + "NativeApplicationOidcOptions": { + "additionalProperties": false, + "description": "The OpenID Connect details for an oidc -type, user-identity based trust provider for L4.", + "properties": { + "AuthorizationEndpoint": { + "description": "The OIDC authorization endpoint.", + "type": "string" + }, + "ClientId": { + "description": "The client identifier.", + "type": "string" + }, + "ClientSecret": { + "description": "The client secret.", + "type": "string" + }, + "Issuer": { + "description": "The OIDC issuer.", + "type": "string" + }, + "PublicSigningKeyEndpoint": { + "description": "The public signing key for endpoint", + "type": "string" + }, + "Scope": { + "description": "OpenID Connect (OIDC) scopes are used by an application during authentication to authorize access to details of a user. Each scope returns a specific set of user attributes.", + "type": "string" + }, + "TokenEndpoint": { + "description": "The OIDC token endpoint.", + "type": "string" + }, + "UserInfoEndpoint": { + "description": "The OIDC user info endpoint.", + "type": "string" + } + }, + "type": "object" + }, "OidcOptions": { "additionalProperties": false, "description": "The OpenID Connect details for an oidc -type, user-identity based trust provider.", @@ -171,6 +210,9 @@ "description": "The last updated time.", "type": "string" }, + "NativeApplicationOidcOptions": { + "$ref": "#/definitions/NativeApplicationOidcOptions" + }, "OidcOptions": { "$ref": "#/definitions/OidcOptions" }, @@ -227,10 +269,18 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-verified-access.aws-ec2-verifiedaccesstrustprovider", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DescribeTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::EC2::VerifiedAccessTrustProvider" + "typeName": "AWS::EC2::VerifiedAccessTrustProvider", + "writeOnlyProperties": [ + "/properties/NativeApplicationOidcOptions/ClientSecret" + ] } diff --git a/src/schema/aws-ec2-volume.json b/src/schema/aws-ec2-volume.json index c7df7b1c..fa50fc5d 100644 --- a/src/schema/aws-ec2-volume.json +++ b/src/schema/aws-ec2-volume.json @@ -3,7 +3,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -21,7 +21,7 @@ "type": "object" } }, - "description": "Specifies an Amazon Elastic Block Store (Amazon EBS) volume.\n When you use CFNlong to update an Amazon EBS volume that modifies ``Iops``, ``Size``, or ``VolumeType``, there is a cooldown period before another operation can occur. This can cause your stack to report being in ``UPDATE_IN_PROGRESS`` or ``UPDATE_ROLLBACK_IN_PROGRESS`` for long periods of time.\n Amazon EBS does not support sizing down an Amazon EBS volume. CFNlong does not attempt to modify an Amazon EBS volume to a smaller size on rollback.\n Some common scenarios when you might encounter a cooldown period for Amazon EBS include:\n + You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.\n + You successfully update an Amazon EBS volume and the update succeeds but another change in your ``update-stack`` call fails. The rollback will be subject to a cooldown period.\n \n For more information on the coo", + "description": "Specifies an Amazon Elastic Block Store (Amazon EBS) volume.\n When you use CFNlong to update an Amazon EBS volume that modifies ``Iops``, ``Size``, or ``VolumeType``, there is a cooldown period before another operation can occur. This can cause your stack to report being in ``UPDATE_IN_PROGRESS`` or ``UPDATE_ROLLBACK_IN_PROGRESS`` for long periods of time.\n Amazon EBS does not support sizing down an Amazon EBS volume. CFNlong does not attempt to modify an Amazon EBS volume to a smaller size on rollback.\n Some common scenarios when you might encounter a cooldown period for Amazon EBS include:\n + You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.\n + You successfully update an Amazon EBS volume and the update succeeds but another change in your ``update-stack`` call fails. The rollback will be subject to a cooldown period.\n \n For more information, see [Requirements for EBS volume modifications](https://docs.aws.amazon.com/ebs/latest/userguide/modify-volume-requirements.html).\n *DeletionPolicy attribute* \n To control how CFNlong handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).\n If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot.", "handlers": { "create": { "permissions": [ @@ -32,7 +32,8 @@ "ec2:CreateTags", "kms:GenerateDataKeyWithoutPlaintext", "kms:CreateGrant" - ] + ], + "timeoutInMinutes": 725 }, "delete": { "permissions": [ @@ -83,11 +84,11 @@ "type": "string" }, "Encrypted": { - "description": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*.\n Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).", + "description": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#encryption-by-default) in the *Amazon EBS User Guide*.\n Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances).", "type": "boolean" }, "Iops": { - "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes.", + "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes.", "type": "integer" }, "KmsKeyId": { @@ -95,7 +96,7 @@ "type": "string" }, "MultiAttachEnabled": { - "description": "Indicates whether Amazon EBS Multi-Attach is enabled.\n CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume.", + "description": "Indicates whether Amazon EBS Multi-Attach is enabled.\n CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume.", "type": "boolean" }, "OutpostArn": { @@ -128,7 +129,7 @@ "type": "string" }, "VolumeType": { - "description": "The volume type. This parameter can be one of the following values:\n + General Purpose SSD: ``gp2`` | ``gp3`` \n + Provisioned IOPS SSD: ``io1`` | ``io2`` \n + Throughput Optimized HDD: ``st1`` \n + Cold HDD: ``sc1`` \n + Magnetic: ``standard`` \n \n For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*.\n Default: ``gp2``", + "description": "The volume type. This parameter can be one of the following values:\n + General Purpose SSD: ``gp2`` | ``gp3`` \n + Provisioned IOPS SSD: ``io1`` | ``io2`` \n + Throughput Optimized HDD: ``st1`` \n + Cold HDD: ``sc1`` \n + Magnetic: ``standard`` \n \n For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html).\n Default: ``gp2``", "type": "string" } }, @@ -141,6 +142,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-vpc.json b/src/schema/aws-ec2-vpc.json index 3eb8580a..2a38bc65 100644 --- a/src/schema/aws-ec2-vpc.json +++ b/src/schema/aws-ec2-vpc.json @@ -11,7 +11,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -29,7 +29,7 @@ "type": "object" } }, - "description": "Specifies a virtual private cloud (VPC).\n You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).\n For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide*.", + "description": "Specifies a virtual private cloud (VPC).\n To add an IPv6 CIDR block to the VPC, see [AWS::EC2::VPCCidrBlock](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpccidrblock.html).\n For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide*.", "handlers": { "create": { "permissions": [ @@ -103,7 +103,7 @@ "type": "boolean" }, "InstanceTenancy": { - "description": "The allowed tenancy of instances launched into the VPC.\n + ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.\n + ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch.\n \n Updating ``InstanceTenancy`` requires no replacement only if you are updating its value from ``dedicated`` to ``default``. Updating ``InstanceTenancy`` from ``default`` to ``dedicated`` requires replacement.", + "description": "The allowed tenancy of instances launched into the VPC.\n + ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.\n + ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch.\n \n Updating ``InstanceTenancy`` requires no replacement only if you are updating its value from ``dedicated`` to ``default``. Updating ``InstanceTenancy`` from ``default`` to ``dedicated`` requires replacement.", "type": "string" }, "Ipv4IpamPoolId": { @@ -146,6 +146,10 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:DeleteTags", + "ec2:CreateTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-vpcblockpublicaccessexclusion.json b/src/schema/aws-ec2-vpcblockpublicaccessexclusion.json new file mode 100644 index 00000000..89750d42 --- /dev/null +++ b/src/schema/aws-ec2-vpcblockpublicaccessexclusion.json @@ -0,0 +1,131 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/VpcId", + "/properties/SubnetId" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::EC2::VPCBlockPublicAccessExclusion.", + "handlers": { + "create": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessExclusions", + "ec2:CreateVpcBlockPublicAccessExclusion", + "ec2:CreateTags" + ] + }, + "delete": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessExclusions", + "ec2:DeleteVpcBlockPublicAccessExclusion" + ] + }, + "list": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessExclusions" + ] + }, + "read": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessExclusions" + ] + }, + "update": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessExclusions", + "ec2:ModifyVpcBlockPublicAccessExclusion", + "ec2:CreateTags", + "ec2:DeleteTags" + ] + } + }, + "oneOf": [ + { + "required": [ + "VpcId" + ] + }, + { + "required": [ + "SubnetId" + ] + } + ], + "primaryIdentifier": [ + "/properties/ExclusionId" + ], + "properties": { + "ExclusionId": { + "description": "The ID of the exclusion", + "type": "string" + }, + "InternetGatewayExclusionMode": { + "description": "The desired Block Public Access Exclusion Mode for a specific VPC/Subnet.", + "enum": [ + "allow-bidirectional", + "allow-egress" + ], + "type": "string" + }, + "SubnetId": { + "description": "The ID of the subnet. Required only if you don't specify VpcId", + "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + }, + "VpcId": { + "description": "The ID of the vpc. Required only if you don't specify SubnetId.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/ExclusionId" + ], + "required": [ + "InternetGatewayExclusionMode" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-vpcblockpublicaccessexclusion.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::EC2::VPCBlockPublicAccessExclusion" +} diff --git a/src/schema/aws-ec2-vpcblockpublicaccessoptions.json b/src/schema/aws-ec2-vpcblockpublicaccessoptions.json new file mode 100644 index 00000000..5a47370f --- /dev/null +++ b/src/schema/aws-ec2-vpcblockpublicaccessoptions.json @@ -0,0 +1,60 @@ +{ + "additionalProperties": false, + "description": "Resource Type definition for AWS::EC2::VPCBlockPublicAccessOptions", + "handlers": { + "create": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessOptions", + "ec2:ModifyVpcBlockPublicAccessOptions" + ] + }, + "delete": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessOptions", + "ec2:ModifyVpcBlockPublicAccessOptions" + ] + }, + "read": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessOptions" + ] + }, + "update": { + "permissions": [ + "ec2:DescribeVpcBlockPublicAccessOptions", + "ec2:ModifyVpcBlockPublicAccessOptions" + ] + } + }, + "primaryIdentifier": [ + "/properties/AccountId" + ], + "properties": { + "AccountId": { + "description": "The identifier for the specified AWS account.", + "type": "string" + }, + "InternetGatewayBlockMode": { + "description": "The desired Block Public Access mode for Internet Gateways in your account. We do not allow to create in a off mode as this is the default value", + "enum": [ + "block-bidirectional", + "block-ingress" + ], + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/AccountId" + ], + "required": [ + "InternetGatewayBlockMode" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2-vpcblockpublicaccessoptions.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::EC2::VPCBlockPublicAccessOptions" +} diff --git a/src/schema/aws-ec2-vpccidrblock.json b/src/schema/aws-ec2-vpccidrblock.json index ccf5c1a6..08e0c50d 100644 --- a/src/schema/aws-ec2-vpccidrblock.json +++ b/src/schema/aws-ec2-vpccidrblock.json @@ -9,7 +9,8 @@ "/properties/Ipv4IpamPoolId", "/properties/Ipv4NetmaskLength", "/properties/Ipv6IpamPoolId", - "/properties/Ipv6NetmaskLength" + "/properties/Ipv6NetmaskLength", + "/properties/Ipv6CidrBlockNetworkBorderGroup" ], "description": "Resource Type definition for AWS::EC2::VPCCidrBlock", "handlers": { @@ -65,6 +66,10 @@ "description": "The Id of the VPC associated CIDR Block.", "type": "string" }, + "IpSource": { + "description": "The IP Source of an IPv6 VPC CIDR Block.", + "type": "string" + }, "Ipv4IpamPoolId": { "description": "The ID of the IPv4 IPAM pool to Associate a CIDR from to a VPC.", "type": "string" @@ -73,10 +78,18 @@ "description": "The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool.", "type": "integer" }, + "Ipv6AddressAttribute": { + "description": "The value denoting whether an IPv6 VPC CIDR Block is public or private.", + "type": "string" + }, "Ipv6CidrBlock": { "description": "An IPv6 CIDR block from the IPv6 address pool.", "type": "string" }, + "Ipv6CidrBlockNetworkBorderGroup": { + "description": "The name of the location from which we advertise the IPV6 CIDR block.", + "type": "string" + }, "Ipv6IpamPoolId": { "description": "The ID of the IPv6 IPAM pool to Associate a CIDR from to a VPC.", "type": "string" @@ -95,7 +108,9 @@ } }, "readOnlyProperties": [ - "/properties/Id" + "/properties/Id", + "/properties/Ipv6AddressAttribute", + "/properties/IpSource" ], "required": [ "VpcId" diff --git a/src/schema/aws-ec2-vpcendpoint.json b/src/schema/aws-ec2-vpcendpoint.json index 21088748..079570c3 100644 --- a/src/schema/aws-ec2-vpcendpoint.json +++ b/src/schema/aws-ec2-vpcendpoint.json @@ -3,38 +3,115 @@ "createOnlyProperties": [ "/properties/ServiceName", "/properties/VpcEndpointType", - "/properties/VpcId" + "/properties/VpcId", + "/properties/ServiceNetworkArn", + "/properties/ResourceConfigurationArn", + "/properties/ServiceRegion" ], - "description": "Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the [User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/).\n An endpoint of type ``Interface`` establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces.\n An endpoint of type ``gateway`` serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [W", + "definitions": { + "DnsOptionsSpecification": { + "additionalProperties": false, + "description": "Describes the DNS options for an endpoint.", + "properties": { + "DnsRecordIpType": { + "description": "The DNS records created for the endpoint.", + "enum": [ + "ipv4", + "ipv6", + "dualstack", + "service-defined", + "not-specified" + ], + "type": "string" + }, + "PrivateDnsOnlyForInboundResolverEndpoint": { + "description": "Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint.", + "enum": [ + "OnlyInboundResolver", + "AllResolvers", + "NotSpecified" + ], + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "Describes a tag.", + "properties": { + "Key": { + "description": "The key of the tag.\n Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.", + "type": "string" + }, + "Value": { + "description": "The value of the tag.\n Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.", + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + } + }, + "description": "Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the [User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/).\n An endpoint of type ``Interface`` establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces.\n An endpoint of type ``gateway`` serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) \n An endpoint of type ``GatewayLoadBalancer`` provides private connectivity between your VPC and virtual appliances from a service provider.", "handlers": { "create": { "permissions": [ "ec2:CreateVpcEndpoint", - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:CreateServiceNetworkVpcEndpointAssociation", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", + "ec2:CreateTags", + "ec2:DeleteTags", + "vpce:AllowMultiRegion" ], "timeoutInMinutes": 210 }, "delete": { "permissions": [ "ec2:DeleteVpcEndpoints", - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", + "ec2:CreateTags", + "ec2:DeleteTags", + "vpce:AllowMultiRegion" ], "timeoutInMinutes": 210 }, "list": { "permissions": [ - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation" ] }, "read": { "permissions": [ - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation" ] }, "update": { "permissions": [ "ec2:ModifyVpcEndpoint", - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "vpc-lattice:CreateServiceNetworkVpcEndpointAssociation", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", + "ec2:CreateTags", + "ec2:DeleteTags", + "vpce:AllowMultiRegion" ], "timeoutInMinutes": 210 } @@ -56,10 +133,24 @@ "type": "array", "uniqueItems": false }, + "DnsOptions": { + "$ref": "#/definitions/DnsOptionsSpecification", + "description": "Describes the DNS options for an endpoint." + }, "Id": { "description": "", "type": "string" }, + "IpAddressType": { + "description": "The supported IP address types.", + "enum": [ + "ipv4", + "ipv6", + "dualstack", + "not-specified" + ], + "type": "string" + }, "NetworkInterfaceIds": { "description": "", "insertionOrder": false, @@ -70,7 +161,7 @@ "uniqueItems": false }, "PolicyDocument": { - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.", + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``", "type": [ "string", "object" @@ -80,10 +171,18 @@ "description": "Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.\n To use a private hosted zone, you must set the following VPC attributes to ``true``: ``enableDnsHostnames`` and ``enableDnsSupport``.\n This property is supported only for interface endpoints.\n Default: ``false``", "type": "boolean" }, + "ResourceConfigurationArn": { + "description": "The Amazon Resource Name (ARN) of the resource configuration.", + "type": "string" + }, "RouteTableIds": { "description": "The IDs of the route tables. Routing is supported only for gateway endpoints.", "insertionOrder": false, "items": { + "relationshipRef": { + "propertyPath": "/properties/RouteTableId", + "typeName": "AWS::EC2::RouteTable" + }, "type": "string" }, "type": "array", @@ -93,6 +192,26 @@ "description": "The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints.", "insertionOrder": false, "items": { + "anyOf": [ + { + "relationshipRef": { + "propertyPath": "/properties/GroupId", + "typeName": "AWS::EC2::SecurityGroup" + } + }, + { + "relationshipRef": { + "propertyPath": "/properties/Id", + "typeName": "AWS::EC2::SecurityGroup" + } + }, + { + "relationshipRef": { + "propertyPath": "/properties/DefaultSecurityGroup", + "typeName": "AWS::EC2::VPC" + } + } + ], "type": "string" }, "type": "array", @@ -102,21 +221,44 @@ "description": "The name of the endpoint service.", "type": "string" }, + "ServiceNetworkArn": { + "description": "The Amazon Resource Name (ARN) of the service network.", + "type": "string" + }, + "ServiceRegion": { + "description": "", + "type": "string" + }, "SubnetIds": { "description": "The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.", "insertionOrder": false, "items": { + "relationshipRef": { + "propertyPath": "/properties/SubnetId", + "typeName": "AWS::EC2::Subnet" + }, "type": "string" }, "type": "array", "uniqueItems": true }, + "Tags": { + "description": "The tags to associate with the endpoint.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + }, "VpcEndpointType": { "description": "The type of endpoint.\n Default: Gateway", "enum": [ "Interface", "Gateway", - "GatewayLoadBalancer" + "GatewayLoadBalancer", + "ServiceNetwork", + "Resource" ], "type": "string" }, @@ -132,14 +274,19 @@ "/properties/Id" ], "required": [ - "VpcId", - "ServiceName" + "VpcId" ], "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeVpcEndpoints" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::EC2::VPCEndpoint" } diff --git a/src/schema/aws-ec2-vpcendpointservice.json b/src/schema/aws-ec2-vpcendpointservice.json index 2ec96d5c..22029501 100644 --- a/src/schema/aws-ec2-vpcendpointservice.json +++ b/src/schema/aws-ec2-vpcendpointservice.json @@ -1,16 +1,42 @@ { "additionalProperties": false, + "definitions": { + "IpAddressType": { + "enum": [ + "ipv4", + "ipv6" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + } + }, "description": "Resource Type definition for AWS::EC2::VPCEndpointService", "handlers": { "create": { "permissions": [ "ec2:CreateVpcEndpointServiceConfiguration", - "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePayerResponsibility", "cloudwatch:ListManagedInsightRules", "cloudwatch:DeleteInsightRules", "cloudwatch:PutManagedInsightRules", - "ec2:DescribeVpcEndpointServiceConfigurations" + "ec2:DescribeVpcEndpointServiceConfigurations", + "vpce:AllowMultiRegion", + "ec2:CreateTags" ] }, "delete": { @@ -18,7 +44,9 @@ "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServiceConfigurations", "cloudwatch:ListManagedInsightRules", - "cloudwatch:DeleteInsightRules" + "cloudwatch:DeleteInsightRules", + "ec2:DeleteTags", + "vpce:AllowMultiRegion" ] }, "list": { @@ -36,12 +64,14 @@ "update": { "permissions": [ "ec2:ModifyVpcEndpointServiceConfiguration", - "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:ModifyVpcEndpointServicePayerResponsibility", "cloudwatch:ListManagedInsightRules", "cloudwatch:DeleteInsightRules", - "cloudwatch:PutManagedInsightRules" + "cloudwatch:PutManagedInsightRules", + "ec2:CreateTags", + "ec2:DeleteTags", + "vpce:AllowMultiRegion" ] } }, @@ -64,6 +94,10 @@ }, "NetworkLoadBalancerArns": { "items": { + "relationshipRef": { + "propertyPath": "/properties/LoadBalancerArn", + "typeName": "AWS::ElasticLoadBalancingV2::LoadBalancer" + }, "type": "string" }, "type": "array", @@ -74,6 +108,33 @@ }, "ServiceId": { "type": "string" + }, + "SupportedIpAddressTypes": { + "description": "Specify which Ip Address types are supported for VPC endpoint service.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/IpAddressType" + }, + "type": "array", + "uniqueItems": false + }, + "SupportedRegions": { + "description": "The Regions from which service consumers can access the service.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, + "Tags": { + "description": "The tags to add to the VPC endpoint service.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false } }, "readOnlyProperties": [ @@ -81,9 +142,14 @@ ], "tagging": { "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::EC2::VPCEndpointService", "writeOnlyProperties": [ diff --git a/src/schema/aws-ec2-vpcpeeringconnection.json b/src/schema/aws-ec2-vpcpeeringconnection.json index e6256dcb..97307a87 100644 --- a/src/schema/aws-ec2-vpcpeeringconnection.json +++ b/src/schema/aws-ec2-vpcpeeringconnection.json @@ -109,6 +109,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-ec2-vpcpeering.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-vpnconnection.json b/src/schema/aws-ec2-vpnconnection.json index da27fe86..e29ded2e 100644 --- a/src/schema/aws-ec2-vpnconnection.json +++ b/src/schema/aws-ec2-vpnconnection.json @@ -6,17 +6,185 @@ "/properties/CustomerGatewayId", "/properties/VpnGatewayId", "/properties/TransitGatewayId", - "/properties/VpnTunnelOptionsSpecifications", - "/properties/StaticRoutesOnly" + "/properties/EnableAcceleration", + "/properties/LocalIpv4NetworkCidr", + "/properties/LocalIpv6NetworkCidr", + "/properties/OutsideIpAddressType", + "/properties/RemoteIpv4NetworkCidr", + "/properties/RemoteIpv6NetworkCidr", + "/properties/StaticRoutesOnly", + "/properties/TransportTransitGatewayAttachmentId", + "/properties/TunnelInsideIpVersion", + "/properties/VpnTunnelOptionsSpecifications" ], "definitions": { + "CloudwatchLogOptionsSpecification": { + "additionalProperties": false, + "description": "Options for sending VPN tunnel logs to CloudWatch.", + "properties": { + "LogEnabled": { + "description": "Enable or disable VPN tunnel logging feature. Default value is ``False``.\n Valid values: ``True`` | ``False``", + "type": "boolean" + }, + "LogGroupArn": { + "description": "The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.", + "type": "string" + }, + "LogOutputFormat": { + "description": "Set log format. Default format is ``json``.\n Valid values: ``json`` | ``text``", + "enum": [ + "json", + "text" + ], + "type": "string" + } + }, + "type": "object" + }, + "IKEVersionsRequestListValue": { + "additionalProperties": false, + "description": "The IKE version that is permitted for the VPN tunnel.", + "properties": { + "Value": { + "description": "The IKE version.", + "enum": [ + "ikev1", + "ikev2" + ], + "type": "string" + } + }, + "type": "object" + }, + "Phase1DHGroupNumbersRequestListValue": { + "additionalProperties": false, + "description": "Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE negotiations.", + "properties": { + "Value": { + "description": "The Diffie-Hellmann group number.", + "enum": [ + 2, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24 + ], + "type": "integer" + } + }, + "type": "object" + }, + "Phase1EncryptionAlgorithmsRequestListValue": { + "additionalProperties": false, + "description": "Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations.", + "properties": { + "Value": { + "description": "The value for the encryption algorithm.", + "enum": [ + "AES128", + "AES256", + "AES128-GCM-16", + "AES256-GCM-16" + ], + "type": "string" + } + }, + "type": "object" + }, + "Phase1IntegrityAlgorithmsRequestListValue": { + "additionalProperties": false, + "description": "Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations.", + "properties": { + "Value": { + "description": "The value for the integrity algorithm.", + "enum": [ + "SHA1", + "SHA2-256", + "SHA2-384", + "SHA2-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "Phase2DHGroupNumbersRequestListValue": { + "additionalProperties": false, + "description": "Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE negotiations.", + "properties": { + "Value": { + "description": "The Diffie-Hellmann group number.", + "enum": [ + 2, + 5, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24 + ], + "type": "integer" + } + }, + "type": "object" + }, + "Phase2EncryptionAlgorithmsRequestListValue": { + "additionalProperties": false, + "description": "Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations.", + "properties": { + "Value": { + "description": "The encryption algorithm.", + "enum": [ + "AES128", + "AES256", + "AES128-GCM-16", + "AES256-GCM-16" + ], + "type": "string" + } + }, + "type": "object" + }, + "Phase2IntegrityAlgorithmsRequestListValue": { + "additionalProperties": false, + "description": "Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations.", + "properties": { + "Value": { + "description": "The integrity algorithm.", + "enum": [ + "SHA1", + "SHA2-256", + "SHA2-384", + "SHA2-512" + ], + "type": "string" + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { + "description": "The tag key.", "type": "string" }, "Value": { + "description": "The tag value.", "type": "string" } }, @@ -26,20 +194,160 @@ ], "type": "object" }, + "VpnTunnelLogOptionsSpecification": { + "additionalProperties": false, + "description": "Options for logging VPN tunnel activity.", + "properties": { + "CloudwatchLogOptions": { + "$ref": "#/definitions/CloudwatchLogOptionsSpecification", + "description": "Options for sending VPN tunnel logs to CloudWatch." + } + }, + "type": "object" + }, "VpnTunnelOptionsSpecification": { "additionalProperties": false, + "description": "The tunnel options for a single VPN tunnel.", "properties": { + "DPDTimeoutAction": { + "description": "The action to take after DPD timeout occurs. Specify ``restart`` to restart the IKE initiation. Specify ``clear`` to end the IKE session.\n Valid Values: ``clear`` | ``none`` | ``restart`` \n Default: ``clear``", + "enum": [ + "clear", + "none", + "restart" + ], + "type": "string" + }, + "DPDTimeoutSeconds": { + "description": "The number of seconds after which a DPD timeout occurs.\n Constraints: A value greater than or equal to 30.\n Default: ``30``", + "minimum": 30, + "type": "integer" + }, + "EnableTunnelLifecycleControl": { + "description": "Turn on or off tunnel endpoint lifecycle control feature.", + "type": "boolean" + }, + "IKEVersions": { + "description": "The IKE versions that are permitted for the VPN tunnel.\n Valid values: ``ikev1`` | ``ikev2``", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/IKEVersionsRequestListValue" + }, + "type": "array", + "uniqueItems": false + }, + "LogOptions": { + "$ref": "#/definitions/VpnTunnelLogOptionsSpecification", + "description": "Options for logging VPN tunnel activity." + }, + "Phase1DHGroupNumbers": { + "description": "One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.\n Valid values: ``2`` | ``14`` | ``15`` | ``16`` | ``17`` | ``18`` | ``19`` | ``20`` | ``21`` | ``22`` | ``23`` | ``24``", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Phase1DHGroupNumbersRequestListValue" + }, + "type": "array", + "uniqueItems": false + }, + "Phase1EncryptionAlgorithms": { + "description": "One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.\n Valid values: ``AES128`` | ``AES256`` | ``AES128-GCM-16`` | ``AES256-GCM-16``", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Phase1EncryptionAlgorithmsRequestListValue" + }, + "type": "array", + "uniqueItems": false + }, + "Phase1IntegrityAlgorithms": { + "description": "One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.\n Valid values: ``SHA1`` | ``SHA2-256`` | ``SHA2-384`` | ``SHA2-512``", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Phase1IntegrityAlgorithmsRequestListValue" + }, + "type": "array", + "uniqueItems": false + }, + "Phase1LifetimeSeconds": { + "description": "The lifetime for phase 1 of the IKE negotiation, in seconds.\n Constraints: A value between 900 and 28,800.\n Default: ``28800``", + "maximum": 28800, + "minimum": 900, + "type": "integer" + }, + "Phase2DHGroupNumbers": { + "description": "One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.\n Valid values: ``2`` | ``5`` | ``14`` | ``15`` | ``16`` | ``17`` | ``18`` | ``19`` | ``20`` | ``21`` | ``22`` | ``23`` | ``24``", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Phase2DHGroupNumbersRequestListValue" + }, + "type": "array", + "uniqueItems": false + }, + "Phase2EncryptionAlgorithms": { + "description": "One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.\n Valid values: ``AES128`` | ``AES256`` | ``AES128-GCM-16`` | ``AES256-GCM-16``", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Phase2EncryptionAlgorithmsRequestListValue" + }, + "type": "array", + "uniqueItems": false + }, + "Phase2IntegrityAlgorithms": { + "description": "One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.\n Valid values: ``SHA1`` | ``SHA2-256`` | ``SHA2-384`` | ``SHA2-512``", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Phase2IntegrityAlgorithmsRequestListValue" + }, + "type": "array", + "uniqueItems": false + }, + "Phase2LifetimeSeconds": { + "description": "The lifetime for phase 2 of the IKE negotiation, in seconds.\n Constraints: A value between 900 and 3,600. The value must be less than the value for ``Phase1LifetimeSeconds``.\n Default: ``3600``", + "maximum": 3600, + "minimum": 900, + "type": "integer" + }, "PreSharedKey": { + "description": "The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.\n Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).", + "type": "string" + }, + "RekeyFuzzPercentage": { + "description": "The percentage of the rekey window (determined by ``RekeyMarginTimeSeconds``) during which the rekey time is randomly selected.\n Constraints: A value between 0 and 100.\n Default: ``100``", + "maximum": 100, + "minimum": 0, + "type": "integer" + }, + "RekeyMarginTimeSeconds": { + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for ``RekeyFuzzPercentage``.\n Constraints: A value between 60 and half of ``Phase2LifetimeSeconds``.\n Default: ``270``", + "minimum": 60, + "type": "integer" + }, + "ReplayWindowSize": { + "description": "The number of packets in an IKE replay window.\n Constraints: A value between 64 and 2048.\n Default: ``1024``", + "maximum": 2048, + "minimum": 64, + "type": "integer" + }, + "StartupAction": { + "description": "The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify ``start`` for AWS to initiate the IKE negotiation.\n Valid Values: ``add`` | ``start`` \n Default: ``add``", + "enum": [ + "add", + "start" + ], "type": "string" }, "TunnelInsideCidr": { + "description": "The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. \n Constraints: A size /30 CIDR block from the ``169.254.0.0/16`` range. The following CIDR blocks are reserved and cannot be used:\n + ``169.254.0.0/30`` \n + ``169.254.1.0/30`` \n + ``169.254.2.0/30`` \n + ``169.254.3.0/30`` \n + ``169.254.4.0/30`` \n + ``169.254.5.0/30`` \n + ``169.254.169.252/30``", + "type": "string" + }, + "TunnelInsideIpv6Cidr": { + "description": "The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.\n Constraints: A size /126 CIDR block from the local ``fd00::/8`` range.", "type": "string" } }, "type": "object" } }, - "description": "Resource Type definition for AWS::EC2::VPNConnection", + "description": "Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway.\n To specify a VPN connection between a transit gateway and customer gateway, use the ``TransitGatewayId`` and ``CustomerGatewayId`` properties.\n To specify a VPN connection between a virtual private gateway and customer gateway, use the ``VpnGatewayId`` and ``CustomerGatewayId`` properties.\n For more information, see [](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the *User Guide*.", "handlers": { "create": { "permissions": [ @@ -51,8 +359,7 @@ "delete": { "permissions": [ "ec2:DescribeVpnConnections", - "ec2:DeleteVpnConnection", - "ec2:DeleteTags" + "ec2:DeleteVpnConnection" ] }, "list": { @@ -81,8 +388,32 @@ "description": "The ID of the customer gateway at your end of the VPN connection.", "type": "string" }, + "EnableAcceleration": { + "description": "Indicate whether to enable acceleration for the VPN connection.\n Default: ``false``", + "type": "boolean" + }, + "LocalIpv4NetworkCidr": { + "description": "The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``0.0.0.0/0``", + "type": "string" + }, + "LocalIpv6NetworkCidr": { + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``::/0``", + "type": "string" + }, + "OutsideIpAddressType": { + "description": "The type of IPv4 address assigned to the outside interface of the customer gateway device.\n Valid values: ``PrivateIpv4`` | ``PublicIpv4`` \n Default: ``PublicIpv4``", + "type": "string" + }, + "RemoteIpv4NetworkCidr": { + "description": "The IPv4 CIDR on the AWS side of the VPN connection.\n Default: ``0.0.0.0/0``", + "type": "string" + }, + "RemoteIpv6NetworkCidr": { + "description": "The IPv6 CIDR on the AWS side of the VPN connection.\n Default: ``::/0``", + "type": "string" + }, "StaticRoutesOnly": { - "description": "Indicates whether the VPN connection uses static routes only.", + "description": "Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.\n If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true``.", "type": "boolean" }, "Tags": { @@ -95,7 +426,15 @@ "uniqueItems": false }, "TransitGatewayId": { - "description": "The ID of the transit gateway associated with the VPN connection.", + "description": "The ID of the transit gateway associated with the VPN connection.\n You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both.", + "type": "string" + }, + "TransportTransitGatewayAttachmentId": { + "description": "The transit gateway attachment ID to use for the VPN tunnel.\n Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4``.", + "type": "string" + }, + "TunnelInsideIpVersion": { + "description": "Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.\n Default: ``ipv4``", "type": "string" }, "Type": { @@ -103,11 +442,11 @@ "type": "string" }, "VpnConnectionId": { - "description": "The provider-assigned unique ID for this managed resource", + "description": "", "type": "string" }, "VpnGatewayId": { - "description": "The ID of the virtual private gateway at the AWS side of the VPN connection.", + "description": "The ID of the virtual private gateway at the AWS side of the VPN connection.\n You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both.", "type": "string" }, "VpnTunnelOptionsSpecifications": { @@ -123,12 +462,17 @@ "readOnlyProperties": [ "/properties/VpnConnectionId" ], + "replacementStrategy": "delete_then_create", "required": [ "Type", "CustomerGatewayId" ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-vpnconnectionroute.json b/src/schema/aws-ec2-vpnconnectionroute.json index 08f3437c..8444ad6f 100644 --- a/src/schema/aws-ec2-vpnconnectionroute.json +++ b/src/schema/aws-ec2-vpnconnectionroute.json @@ -4,7 +4,7 @@ "/properties/DestinationCidrBlock", "/properties/VpnConnectionId" ], - "description": "Resource Type definition for AWS::EC2::VPNConnectionRoute", + "description": "Specifies a static route for a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.\n For more information, see [](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) in the *User Guide*.", "handlers": { "create": { "permissions": [ diff --git a/src/schema/aws-ec2-vpngateway.json b/src/schema/aws-ec2-vpngateway.json index 170206f8..8409e022 100644 --- a/src/schema/aws-ec2-vpngateway.json +++ b/src/schema/aws-ec2-vpngateway.json @@ -7,7 +7,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Specifies a tag. For more information, see [Add tags to a resource](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#cloudformation-add-tag-specifications).", + "description": "Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "properties": { "Key": { "description": "The tag key.", @@ -37,8 +37,7 @@ "delete": { "permissions": [ "ec2:DeleteVpnGateway", - "ec2:DescribeVpnGateways", - "ec2:DeleteTags" + "ec2:DescribeVpnGateways" ] }, "list": { @@ -95,6 +94,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ec2-vpngatewayroutepropagation.json b/src/schema/aws-ec2-vpngatewayroutepropagation.json index 1eff2078..8fbd81e1 100644 --- a/src/schema/aws-ec2-vpngatewayroutepropagation.json +++ b/src/schema/aws-ec2-vpngatewayroutepropagation.json @@ -1,6 +1,26 @@ { "additionalProperties": false, "description": "Resource Type definition for AWS::EC2::VPNGatewayRoutePropagation", + "handlers": { + "create": { + "permissions": [ + "ec2:EnableVgwRoutePropagation", + "ec2:DescribeRouteTables" + ] + }, + "delete": { + "permissions": [ + "ec2:DisableVgwRoutePropagation", + "ec2:DescribeRouteTables" + ] + }, + "update": { + "permissions": [ + "ec2:EnableVgwRoutePropagation", + "ec2:DescribeRouteTables" + ] + } + }, "primaryIdentifier": [ "/properties/Id" ], @@ -9,6 +29,8 @@ "type": "string" }, "RouteTableIds": { + "description": "The ID of the route table. The routing table must be associated with the same VPC that the virtual private gateway is attached to", + "insertionOrder": false, "items": { "type": "string" }, @@ -16,6 +38,7 @@ "uniqueItems": false }, "VpnGatewayId": { + "description": "The ID of the virtual private gateway that is attached to a VPC. The virtual private gateway must be attached to the same VPC that the routing tables are associated with", "type": "string" } }, @@ -26,5 +49,12 @@ "RouteTableIds", "VpnGatewayId" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::EC2::VPNGatewayRoutePropagation" } diff --git a/src/schema/aws-ecr-publicrepository.json b/src/schema/aws-ecr-publicrepository.json index ef8f4411..4783df6c 100644 --- a/src/schema/aws-ecr-publicrepository.json +++ b/src/schema/aws-ecr-publicrepository.json @@ -55,16 +55,16 @@ }, "Tag": { "additionalProperties": false, - "description": "A key-value pair to associate with a resource.", + "description": "The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.", "properties": { "Key": { - "description": "The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "description": "One part of a key-value pair that make up a tag. A ``key`` is a general label that acts like a category for more specific tag values.", "maxLength": 127, "minLength": 1, "type": "string" }, "Value": { - "description": "The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "description": "A ``value`` acts as a descriptor within a tag category (key).", "maxLength": 255, "minLength": 1, "type": "string" @@ -82,7 +82,7 @@ "type": "string" } }, - "description": "The AWS::ECR::PublicRepository resource specifies an Amazon Elastic Container Public Registry (Amazon Public ECR) repository, where users can push and pull Docker images. For more information, see https://docs.aws.amazon.com/AmazonECR", + "description": "The ``AWS::ECR::PublicRepository`` resource specifies an Amazon Elastic Container Registry Public (Amazon ECR Public) repository, where users can push and pull Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts. For more information, see [Amazon ECR public repositories](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repositories.html) in the *Amazon ECR Public User Guide*.", "handlers": { "create": { "permissions": [ @@ -112,6 +112,7 @@ }, "update": { "permissions": [ + "ecr-public:DescribeRepositories", "ecr-public:SetRepositoryPolicy", "ecr-public:DeleteRepositoryPolicy", "ecr-public:PutRepositoryCatalogData", @@ -125,11 +126,12 @@ ], "properties": { "Arn": { + "description": "", "type": "string" }, "RepositoryCatalogData": { "additionalProperties": false, - "description": "The CatalogData property type specifies Catalog data for ECR Public Repository. For information about Catalog Data, see ", + "description": "The details about the repository that are publicly visible in the Amazon ECR Public Gallery. For more information, see [Amazon ECR Public repository catalog data](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-catalog-data.html) in the *Amazon ECR Public User Guide*.", "properties": { "AboutText": { "$ref": "#/definitions/AboutText" @@ -150,14 +152,14 @@ "type": "object" }, "RepositoryName": { - "description": "The name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html.", + "description": "The name to use for the public repository. The repository name may be specified on its own (such as ``nginx-web-app``) or it can be prepended with a namespace to group the repository into a category (such as ``project-a/nginx-web-app``). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).\n If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", "maxLength": 256, "minLength": 2, "pattern": "^(?=.{2,256}$)((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)$", "type": "string" }, "RepositoryPolicyText": { - "description": "The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html in the Amazon Elastic Container Registry User Guide. ", + "description": "The JSON repository policy text to apply to the public repository. For more information, see [Amazon ECR Public repository policies](https://docs.aws.amazon.com/AmazonECR/latest/public/public-repository-policies.html) in the *Amazon ECR Public User Guide*.", "type": [ "object", "string" @@ -178,5 +180,17 @@ "/properties/Arn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ecr-public:ListTagsForResource", + "ecr-public:TagResource", + "ecr-public:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::ECR::PublicRepository" } diff --git a/src/schema/aws-ecr-pullthroughcacherule.json b/src/schema/aws-ecr-pullthroughcacherule.json index 06730e22..c78c060b 100644 --- a/src/schema/aws-ecr-pullthroughcacherule.json +++ b/src/schema/aws-ecr-pullthroughcacherule.json @@ -4,7 +4,9 @@ "/properties/EcrRepositoryPrefix", "/properties/UpstreamRegistryUrl", "/properties/CredentialArn", - "/properties/UpstreamRegistry" + "/properties/UpstreamRegistry", + "/properties/CustomRoleArn", + "/properties/UpstreamRepositoryPrefix" ], "definitions": { "CredentialArn": { @@ -14,21 +16,30 @@ "pattern": "^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\\-pullthroughcache\\/[a-zA-Z0-9\\/_+=.@-]+$", "type": "string" }, + "CustomRoleArn": { + "description": "The ARN of the IAM role to be assumed by Amazon ECR to authenticate to ECR upstream registry. This role must be in the same account as the registry that you are configuring.", + "maxLength": 2048, + "type": "string" + }, "EcrRepositoryPrefix": { "description": "The ECRRepositoryPrefix is a custom alias for upstream registry url.", "maxLength": 30, "minLength": 2, - "pattern": "(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*", + "pattern": "^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$", "type": "string" }, "PullThroughCacheRule": { "additionalProperties": false, + "description": "", "maxItems": 50, "minItems": 0, "properties": { "CredentialArn": { "$ref": "#/definitions/CredentialArn" }, + "CustomRoleArn": { + "$ref": "#/definitions/CustomRoleArn" + }, "EcrRepositoryPrefix": { "$ref": "#/definitions/EcrRepositoryPrefix" }, @@ -40,6 +51,9 @@ }, "UpstreamRegistryUrl": { "$ref": "#/definitions/UpstreamRegistryUrl" + }, + "UpstreamRepositoryPrefix": { + "$ref": "#/definitions/UpstreamRepositoryPrefix" } }, "required": [ @@ -60,9 +74,16 @@ "UpstreamRegistryUrl": { "description": "The upstreamRegistryUrl is the endpoint of upstream registry url of the public repository to be cached", "type": "string" + }, + "UpstreamRepositoryPrefix": { + "description": "The repository name prefix of upstream registry to match with the upstream repository name. When this field isn't specified, Amazon ECR will use the `ROOT`.", + "maxLength": 30, + "minLength": 2, + "pattern": "^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$", + "type": "string" } }, - "description": "The AWS::ECR::PullThroughCacheRule resource configures the upstream registry configuration details for an Amazon Elastic Container Registry (Amazon Private ECR) pull-through cache.", + "description": "The ``AWS::ECR::PullThroughCacheRule`` resource creates or updates a pull through cache rule. A pull through cache rule provides a way to cache images from an upstream registry in your Amazon ECR private registry.", "handlers": { "create": { "permissions": [ @@ -70,7 +91,8 @@ "ecr:CreatePullThroughCacheRule", "ecr:DeletePullThroughCacheRule", "iam:CreateServiceLinkedRole", - "secretsmanager:GetSecretValue" + "secretsmanager:GetSecretValue", + "iam:PassRole" ] }, "delete": { @@ -95,7 +117,8 @@ "ecr:CreatePullThroughCacheRule", "ecr:DeletePullThroughCacheRule", "iam:CreateServiceLinkedRole", - "secretsmanager:GetSecretValue" + "secretsmanager:GetSecretValue", + "iam:PassRole" ] } }, @@ -104,26 +127,28 @@ ], "properties": { "CredentialArn": { - "description": "The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.", - "maxLength": 612, - "minLength": 50, - "pattern": "^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\\-pullthroughcache\\/[a-zA-Z0-9\\/_+=.@-]+$", - "type": "string" + "$ref": "#/definitions/CredentialArn", + "description": "The ARN of the Secrets Manager secret associated with the pull through cache rule." + }, + "CustomRoleArn": { + "$ref": "#/definitions/CustomRoleArn", + "description": "The ARN of the IAM role associated with the pull through cache rule." }, "EcrRepositoryPrefix": { - "description": "The ECRRepositoryPrefix is a custom alias for upstream registry url.", - "maxLength": 30, - "minLength": 2, - "pattern": "(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*", - "type": "string" + "$ref": "#/definitions/EcrRepositoryPrefix", + "description": "The Amazon ECR repository prefix associated with the pull through cache rule." }, "UpstreamRegistry": { - "description": "The name of the upstream registry.", - "type": "string" + "$ref": "#/definitions/UpstreamRegistry", + "description": "The name of the upstream source registry associated with the pull through cache rule." }, "UpstreamRegistryUrl": { - "description": "The upstreamRegistryUrl is the endpoint of upstream registry url of the public repository to be cached", - "type": "string" + "$ref": "#/definitions/UpstreamRegistryUrl", + "description": "The upstream registry URL associated with the pull through cache rule." + }, + "UpstreamRepositoryPrefix": { + "$ref": "#/definitions/UpstreamRepositoryPrefix", + "description": "The upstream repository prefix associated with the pull through cache rule." } }, "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr.git", @@ -133,6 +158,7 @@ "typeName": "AWS::ECR::PullThroughCacheRule", "writeOnlyProperties": [ "/properties/CredentialArn", - "/properties/UpstreamRegistry" + "/properties/UpstreamRegistry", + "/properties/CustomRoleArn" ] } diff --git a/src/schema/aws-ecr-registryscanningconfiguration.json b/src/schema/aws-ecr-registryscanningconfiguration.json new file mode 100644 index 00000000..36442aa8 --- /dev/null +++ b/src/schema/aws-ecr-registryscanningconfiguration.json @@ -0,0 +1,154 @@ +{ + "additionalProperties": false, + "definitions": { + "Filter": { + "description": "The filter to use when scanning.", + "pattern": "^[a-z0-9*](?:[._\\-/a-z0-9*]?[a-z0-9*]+)*$", + "type": "string" + }, + "FilterType": { + "description": "The type associated with the filter.", + "enum": [ + "WILDCARD" + ], + "type": "string" + }, + "RegistryId": { + "description": "The registry id.", + "pattern": "^[0-9]{12}$", + "type": "string" + }, + "RepositoryFilter": { + "additionalProperties": false, + "description": "The details of a scanning repository filter.", + "properties": { + "Filter": { + "$ref": "#/definitions/Filter" + }, + "FilterType": { + "$ref": "#/definitions/FilterType" + } + }, + "required": [ + "Filter", + "FilterType" + ], + "type": "object" + }, + "ScanFrequency": { + "description": "The frequency that scans are performed.", + "enum": [ + "SCAN_ON_PUSH", + "CONTINUOUS_SCAN" + ], + "type": "string" + }, + "ScanType": { + "description": "The type of scanning configured for the registry.", + "enum": [ + "BASIC", + "ENHANCED" + ], + "type": "string" + }, + "ScanningRule": { + "additionalProperties": false, + "description": "A rule representing the details of a scanning configuration.", + "properties": { + "RepositoryFilters": { + "description": "The repository filters associated with the scanning configuration for a private registry.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/RepositoryFilter" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + }, + "ScanFrequency": { + "$ref": "#/definitions/ScanFrequency" + } + }, + "required": [ + "ScanFrequency", + "RepositoryFilters" + ], + "type": "object" + }, + "ScanningRules": { + "description": "The scanning rules associated with the registry. A registry scanning configuration may contain a maximum of 2 rules.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ScanningRule" + }, + "maxItems": 2, + "minItems": 0, + "type": "array" + } + }, + "description": "The AWS::ECR::RegistryScanningConfiguration controls the scanning configuration for an Amazon Elastic Container Registry (Amazon Private ECR). For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html", + "handlers": { + "create": { + "permissions": [ + "ecr:PutRegistryScanningConfiguration", + "ecr:GetRegistryScanningConfiguration", + "inspector2:Enable", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "ecr:PutRegistryScanningConfiguration", + "ecr:GetRegistryScanningConfiguration", + "inspector2:ListAccountPermissions", + "inspector2:Disable" + ] + }, + "list": { + "permissions": [ + "ecr:GetRegistryScanningConfiguration" + ] + }, + "read": { + "permissions": [ + "ecr:GetRegistryScanningConfiguration" + ] + }, + "update": { + "permissions": [ + "ecr:PutRegistryScanningConfiguration", + "ecr:GetRegistryScanningConfiguration", + "inspector2:Enable", + "inspector2:Disable", + "inspector2:ListAccountPermissions", + "iam:CreateServiceLinkedRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/RegistryId" + ], + "properties": { + "RegistryId": { + "$ref": "#/definitions/RegistryId" + }, + "Rules": { + "$ref": "#/definitions/ScanningRules" + }, + "ScanType": { + "$ref": "#/definitions/ScanType" + } + }, + "readOnlyProperties": [ + "/properties/RegistryId" + ], + "required": [ + "Rules", + "ScanType" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr.git", + "tagging": { + "taggable": false + }, + "typeName": "AWS::ECR::RegistryScanningConfiguration" +} diff --git a/src/schema/aws-ecr-replicationconfiguration.json b/src/schema/aws-ecr-replicationconfiguration.json index 2d205a75..db6a2b8c 100644 --- a/src/schema/aws-ecr-replicationconfiguration.json +++ b/src/schema/aws-ecr-replicationconfiguration.json @@ -25,10 +25,10 @@ }, "ReplicationConfiguration": { "additionalProperties": false, - "description": "An object representing the replication configuration for a registry.", + "description": "The replication configuration for a registry.", "properties": { "Rules": { - "description": "An array of objects representing the replication rules for a replication configuration. A replication configuration may contain a maximum of 10 rules.", + "description": "An array of objects representing the replication destinations and repository filters for a replication configuration.", "items": { "$ref": "#/definitions/ReplicationRule" }, @@ -44,13 +44,15 @@ }, "ReplicationDestination": { "additionalProperties": false, - "description": "An array of objects representing the details of a replication destination.", + "description": "An array of objects representing the destination for a replication rule.", "properties": { "Region": { - "$ref": "#/definitions/Region" + "$ref": "#/definitions/Region", + "description": "The Region to replicate to." }, "RegistryId": { - "$ref": "#/definitions/RegistryId" + "$ref": "#/definitions/RegistryId", + "description": "The AWS account ID of the Amazon ECR private registry to replicate to. When configuring cross-Region replication within your own registry, specify your own account ID." } }, "required": [ @@ -61,10 +63,10 @@ }, "ReplicationRule": { "additionalProperties": false, - "description": "An array of objects representing the details of a replication destination.", + "description": "An array of objects representing the replication destinations and repository filters for a replication configuration.", "properties": { "Destinations": { - "description": "An array of objects representing the details of a replication destination.", + "description": "An array of objects representing the destination for a replication rule.", "items": { "$ref": "#/definitions/ReplicationDestination" }, @@ -73,7 +75,7 @@ "type": "array" }, "RepositoryFilters": { - "description": "An array of objects representing the details of a repository filter.", + "description": "An array of objects representing the filters for a replication rule. Specifying a repository filter for a replication rule provides a method for controlling which repositories in a private registry are replicated.", "items": { "$ref": "#/definitions/RepositoryFilter" }, @@ -89,13 +91,15 @@ }, "RepositoryFilter": { "additionalProperties": false, - "description": "An array of objects representing the details of a repository filter.", + "description": "The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated.", "properties": { "Filter": { - "$ref": "#/definitions/Filter" + "$ref": "#/definitions/Filter", + "description": "The repository filter details. When the ``PREFIX_MATCH`` filter type is specified, this value is required and should be the repository name prefix to configure replication for." }, "FilterType": { - "$ref": "#/definitions/FilterType" + "$ref": "#/definitions/FilterType", + "description": "The repository filter type. The only supported value is ``PREFIX_MATCH``, which is a repository name prefix specified with the ``filter`` parameter." } }, "required": [ @@ -105,7 +109,7 @@ "type": "object" } }, - "description": "The AWS::ECR::ReplicationConfiguration resource configures the replication destinations for an Amazon Elastic Container Registry (Amazon Private ECR). For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication.html", + "description": "The ``AWS::ECR::ReplicationConfiguration`` resource creates or updates the replication configuration for a private registry. The first time a replication configuration is applied to a private registry, a service-linked IAM role is created in your account for the replication process. For more information, see [Using Service-Linked Roles for Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/using-service-linked-roles.html) in the *Amazon Elastic Container Registry User Guide*.\n When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a private registry permissions policy. For more information, see ``AWS::ECR::RegistryPolicy``.", "handlers": { "create": { "permissions": [ @@ -144,11 +148,12 @@ ], "properties": { "RegistryId": { - "description": "The RegistryId associated with the aws account.", + "description": "", "type": "string" }, "ReplicationConfiguration": { - "$ref": "#/definitions/ReplicationConfiguration" + "$ref": "#/definitions/ReplicationConfiguration", + "description": "The replication configuration for a registry." } }, "readOnlyProperties": [ diff --git a/src/schema/aws-ecr-repository.json b/src/schema/aws-ecr-repository.json index 59ab5f63..538aec3c 100644 --- a/src/schema/aws-ecr-repository.json +++ b/src/schema/aws-ecr-repository.json @@ -13,11 +13,11 @@ }, "EncryptionConfiguration": { "additionalProperties": false, - "description": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.\n By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.\n For more control over the encryption of the contents of your repository, you can use server-side encryption with KMSlong key stored in KMSlong (KMS) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide*.", + "description": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.\n By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.\n For more control over the encryption of the contents of your repository, you can use server-side encryption with KMSlong key stored in KMSlong (KMS) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide*.", "properties": { "EncryptionType": { "$ref": "#/definitions/EncryptionType", - "description": "The encryption type to use.\n If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with KMSlong key stored in KMS. When you use KMS to encrypt your data, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see [Protecting data using server-side encryption with an key stored in (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide*.\n If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see [Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide*." + "description": "The encryption type to use.\n If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with KMSlong key stored in KMS. When you use KMS to encrypt your data, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.\n If you use the ``KMS_DSSE`` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the ``KMS`` encryption type, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created. \n If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.\n For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide*." }, "KmsKey": { "$ref": "#/definitions/KmsKey", @@ -33,7 +33,8 @@ "description": "The encryption type to use.", "enum": [ "AES256", - "KMS" + "KMS", + "KMS_DSSE" ], "type": "string" }, @@ -49,7 +50,7 @@ "type": "object" }, "KmsKey": { - "description": "If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.", + "description": "If you use the KMS or KMS_DSSE encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.", "maxLength": 2048, "minLength": 1, "type": "string" @@ -147,7 +148,6 @@ "ecr:DescribeRepositories", "ecr:PutLifecyclePolicy", "ecr:SetRepositoryPolicy", - "ecr:ListTagsForResource", "ecr:TagResource", "ecr:UntagResource", "ecr:DeleteLifecyclePolicy", @@ -228,6 +228,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecr.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ecr:TagResource", + "ecr:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ecr-repositorycreationtemplate.json b/src/schema/aws-ecr-repositorycreationtemplate.json index 128486a1..d686f7e6 100644 --- a/src/schema/aws-ecr-repositorycreationtemplate.json +++ b/src/schema/aws-ecr-repositorycreationtemplate.json @@ -14,13 +14,15 @@ }, "EncryptionConfiguration": { "additionalProperties": false, - "description": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.\n\nFor more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html", + "description": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.\n By default, when no encryption configuration is set or the ``AES256`` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.\n For more control over the encryption of the contents of your repository, you can use server-side encryption with KMSlong key stored in KMSlong (KMS) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide*.", "properties": { "EncryptionType": { - "$ref": "#/definitions/EncryptionType" + "$ref": "#/definitions/EncryptionType", + "description": "The encryption type to use.\n If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with KMSlong key stored in KMS. When you use KMS to encrypt your data, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.\n If you use the ``KMS_DSSE`` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the ``KMS`` encryption type, you can either use the default AWS managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created. \n If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.\n For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide*." }, "KmsKey": { - "$ref": "#/definitions/KmsKey" + "$ref": "#/definitions/KmsKey", + "description": "If you use the ``KMS`` encryption type, specify the KMS key to use for encryption. The alias, key ID, or full ARN of the KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed KMS key for Amazon ECR will be used." } }, "required": [ @@ -32,28 +34,29 @@ "description": "The encryption type to use.", "enum": [ "AES256", - "KMS" + "KMS", + "KMS_DSSE" ], "type": "string" }, "KmsKey": { - "description": "If you use the KMS encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.", + "description": "If you use the KMS or KMS_DSSE encryption type, specify the CMK to use for encryption. The alias, key ID, or full ARN of the CMK can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed CMK for Amazon ECR will be used.", "maxLength": 2048, "minLength": 1, "type": "string" }, "Tag": { "additionalProperties": false, - "description": "An array of key-value pairs to apply to this resource.", + "description": "The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.", "properties": { "Key": { - "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "description": "One part of a key-value pair that make up a tag. A ``key`` is a general label that acts like a category for more specific tag values.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { - "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "description": "A ``value`` acts as a descriptor within a tag category (key).", "maxLength": 256, "minLength": 0, "type": "string" @@ -66,7 +69,7 @@ "type": "object" } }, - "description": "AWS::ECR::RepositoryCreationTemplate is used to create repository with configuration from a pre-defined template.", + "description": "The details of the repository creation template associated with the request.", "handlers": { "create": { "permissions": [ @@ -110,7 +113,7 @@ ], "properties": { "AppliedFor": { - "description": "A list of enumerable Strings representing the repository creation scenarios that the template will apply towards.", + "description": "A list of enumerable Strings representing the repository creation scenarios that this template will apply towards. The two supported scenarios are PULL_THROUGH_CACHE and REPLICATION", "insertionOrder": false, "items": { "$ref": "#/definitions/AppliedForItem" @@ -119,26 +122,27 @@ "uniqueItems": true }, "CreatedAt": { - "description": "Create timestamp of the template.", + "description": "", "type": "string" }, "CustomRoleArn": { - "description": "The ARN of the role to be assumed by ECR. This role must be in the same account as the registry that you are configuring.", + "description": "The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the service-linked role for the repository creation template.", "maxLength": 2048, "pattern": "^arn:aws[-a-z0-9]*:iam::[0-9]{12}:role/[A-Za-z0-9+=,-.@_]*$", "type": "string" }, "Description": { - "description": "The description of the template.", + "description": "The description associated with the repository creation template.", "maxLength": 256, "minLength": 0, "type": "string" }, "EncryptionConfiguration": { - "$ref": "#/definitions/EncryptionConfiguration" + "$ref": "#/definitions/EncryptionConfiguration", + "description": "The encryption configuration associated with the repository creation template." }, "ImageTagMutability": { - "description": "The image tag mutability setting for the repository.", + "description": "The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.", "enum": [ "MUTABLE", "IMMUTABLE" @@ -146,24 +150,24 @@ "type": "string" }, "LifecyclePolicy": { - "description": "The JSON lifecycle policy text to apply to the repository. For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html", + "description": "The lifecycle policy to use for repositories created using the template.", "maxLength": 30720, "minLength": 100, "type": "string" }, "Prefix": { - "description": "The prefix use to match the repository name and apply the template.", + "description": "The repository namespace prefix associated with the repository creation template.", "maxLength": 256, "minLength": 1, "pattern": "^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$", "type": "string" }, "RepositoryPolicy": { - "description": "The JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html", + "description": "he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.", "type": "string" }, "ResourceTags": { - "description": "An array of key-value pairs to apply to this resource.", + "description": "The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -173,7 +177,7 @@ "uniqueItems": true }, "UpdatedAt": { - "description": "Update timestamp of the template.", + "description": "", "type": "string" } }, diff --git a/src/schema/aws-ecs-capacityprovider.json b/src/schema/aws-ecs-capacityprovider.json index 3287798b..09159892 100644 --- a/src/schema/aws-ecs-capacityprovider.json +++ b/src/schema/aws-ecs-capacityprovider.json @@ -131,10 +131,16 @@ "propertyTransform": { "/properties/AutoScalingGroupProvider/AutoScalingGroupArn": "$split(AutoScalingGroupProvider.AutoScalingGroupArn, \"autoScalingGroupName/\")[-1] $OR $split(AutoScalingGroupArn, \"autoScalingGroupName/\")[-1]" }, - "required": [ - "AutoScalingGroupProvider" - ], "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ecs:TagResource", + "ecs:UntagResource", + "ecs:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::ECS::CapacityProvider" diff --git a/src/schema/aws-ecs-cluster.json b/src/schema/aws-ecs-cluster.json index 3a1b7bee..d1babeb7 100644 --- a/src/schema/aws-ecs-cluster.json +++ b/src/schema/aws-ecs-cluster.json @@ -29,7 +29,7 @@ }, "ClusterConfiguration": { "additionalProperties": false, - "description": "The execute command configuration for the cluster.", + "description": "The execute command and managed storage configuration for the cluster.", "properties": { "ExecuteCommandConfiguration": { "$ref": "#/definitions/ExecuteCommandConfiguration", @@ -37,21 +37,21 @@ }, "ManagedStorageConfiguration": { "$ref": "#/definitions/ManagedStorageConfiguration", - "description": "" + "description": "The details of the managed storage configuration." } }, "type": "object" }, "ClusterSettings": { "additionalProperties": false, - "description": "The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.", + "description": "The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights with enhanced observability or CloudWatch Container Insights for a cluster.\n Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up. \n For more information, see [Monitor Amazon ECS containers using Container Insights with enhanced observability](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) in the *Amazon Elastic Container Service Developer Guide*.", "properties": { "Name": { "description": "The name of the cluster setting. The value is ``containerInsights`` .", "type": "string" }, "Value": { - "description": "The value to set for the cluster setting. The supported values are ``enabled`` and ``disabled``. \n If you set ``name`` to ``containerInsights`` and ``value`` to ``enabled``, CloudWatch Container Insights will be on for the cluster, otherwise it will be off unless the ``containerInsights`` account setting is turned on. If a cluster value is specified, it will override the ``containerInsights`` value set with [PutAccountSetting](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html) or [PutAccountSettingDefault](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html).", + "description": "The value to set for the cluster setting. The supported values are ``enhanced``, ``enabled``, and ``disabled``. \n To use Container Insights with enhanced observability, set the ``containerInsights`` account setting to ``enhanced``.\n To use Container Insights, set the ``containerInsights`` account setting to ``enabled``.\n If a cluster value is specified, it will override the ``containerInsights`` value set with [PutAccountSetting](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html) or [PutAccountSettingDefault](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html).", "type": "string" } }, @@ -113,12 +113,14 @@ }, "ManagedStorageConfiguration": { "additionalProperties": false, - "description": "", + "description": "The managed storage configuration for the cluster.", "properties": { "FargateEphemeralStorageKmsKeyId": { + "description": "Specify the KMSlong key ID for the Fargate ephemeral storage.\n The key must be a single Region key.", "type": "string" }, "KmsKeyId": { + "description": "Specify a KMSlong key ID to encrypt the managed storage.\n The key must be a single Region key.", "type": "string" } }, @@ -129,7 +131,7 @@ "description": "Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the ``enabled`` parameter to ``true`` in the ``ServiceConnectConfiguration``. You can set the namespace of each service individually in the ``ServiceConnectConfiguration`` to override this default parameter.\n Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*.", "properties": { "Namespace": { - "description": "The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than (>), less than (<), or slash (/).\n If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region.\n If you enter a new name, a CMAPlong namespace will be created. Amazon ECS creates a CMAP namespace with the \"API calls\" method of instance discovery only. This instance discovery method is the \"HTTP\" namespace type in the CLIlong. Other types of instance discovery aren't used by Service Connect.\n If you update the cluster with an empty string ``\"\"`` for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in CMAP and must be deleted separately.\n For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*.", + "description": "The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include greater than (>), less than (<), double quotation marks (\"), or slash (/).\n If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region.\n If you enter a new name, a CMAPlong namespace will be created. Amazon ECS creates a CMAP namespace with the \"API calls\" method of instance discovery only. This instance discovery method is the \"HTTP\" namespace type in the CLIlong. Other types of instance discovery aren't used by Service Connect.\n If you update the cluster with an empty string ``\"\"`` for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in CMAP and must be deleted separately.\n For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*.", "type": "string" } }, @@ -216,7 +218,7 @@ "type": "string" }, "ClusterSettings": { - "description": "The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster.", + "description": "The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights with enhanced observability or CloudWatch Container Insights for a cluster.\n Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up. \n For more information, see [Monitor Amazon ECS containers using Container Insights with enhanced observability](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) in the *Amazon Elastic Container Service Developer Guide*.", "items": { "$ref": "#/definitions/ClusterSettings" }, @@ -224,7 +226,7 @@ }, "Configuration": { "$ref": "#/definitions/ClusterConfiguration", - "description": "The execute command configuration for the cluster." + "description": "The execute command and managed storage configuration for the cluster." }, "DefaultCapacityProviderStrategy": { "description": "The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.", @@ -245,10 +247,22 @@ "type": "array" } }, + "propertyTransform": { + "/properties/Configuration/ManagedStorageConfiguration/FargateEphemeralStorageKmsKeyId": "$join([\"arn:aws[-a-z]*:kms:[a-z0-9-]+:[0-9]{12}:key/\", FargateEphemeralStorageKmsKeyId])" + }, "readOnlyProperties": [ "/properties/Arn" ], "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ecs:TagResource", + "ecs:UntagResource", + "ecs:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::ECS::Cluster", diff --git a/src/schema/aws-ecs-clustercapacityproviderassociations.json b/src/schema/aws-ecs-clustercapacityproviderassociations.json index 30c774af..9a060b06 100644 --- a/src/schema/aws-ecs-clustercapacityproviderassociations.json +++ b/src/schema/aws-ecs-clustercapacityproviderassociations.json @@ -71,7 +71,8 @@ "create": { "permissions": [ "ecs:DescribeClusters", - "ecs:PutClusterCapacityProviders" + "ecs:PutClusterCapacityProviders", + "ecs:DescribeCapacityProviders" ] }, "delete": { diff --git a/src/schema/aws-ecs-service.json b/src/schema/aws-ecs-service.json index 66b5ee0d..d1924e4d 100644 --- a/src/schema/aws-ecs-service.json +++ b/src/schema/aws-ecs-service.json @@ -11,10 +11,10 @@ "definitions": { "AwsVpcConfiguration": { "additionalProperties": false, - "description": "An object representing the networking details for a task or service. For example ``awsvpcConfiguration={subnets=[\"subnet-12344321\"],securityGroups=[\"sg-12344321\"]}``", + "description": "An object representing the networking details for a task or service. For example ``awsVpcConfiguration={subnets=[\"subnet-12344321\"],securityGroups=[\"sg-12344321\"]}``.", "properties": { "AssignPublicIp": { - "description": "Whether the task's elastic network interface receives a public IP address. The default value is ``DISABLED``.", + "description": "Whether the task's elastic network interface receives a public IP address. \n Consider the following when you set this value:\n + When you use ``create-service`` or ``update-service``, the default is ``DISABLED``. \n + When the service ``deploymentController`` is ``ECS``, the value must be ``DISABLED``.", "enum": [ "DISABLED", "ENABLED" @@ -22,14 +22,14 @@ "type": "string" }, "SecurityGroups": { - "description": "The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per ``AwsVpcConfiguration``.\n All specified security groups must be from the same VPC.", + "description": "The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified.\n All specified security groups must be from the same VPC.", "items": { "type": "string" }, "type": "array" }, "Subnets": { - "description": "The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per ``AwsVpcConfiguration``.\n All specified subnets must be from the same VPC.", + "description": "The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified.\n All specified subnets must be from the same VPC.", "items": { "type": "string" }, @@ -105,7 +105,7 @@ }, "DeploymentConfiguration": { "additionalProperties": false, - "description": "The ``DeploymentConfiguration`` property specifies optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.", + "description": "Optional deployment parameters that control how many tasks run during a deployment and the ordering of stopping and starting tasks.", "properties": { "Alarms": { "$ref": "#/definitions/DeploymentAlarms", @@ -116,11 +116,11 @@ "description": "The deployment circuit breaker can only be used for services using the rolling update (``ECS``) deployment type.\n The *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*" }, "MaximumPercent": { - "description": "If a service is using the rolling update (``ECS``) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%.\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and tasks that use the EC2 launch type, the *maximum percent* value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.", + "description": "If a service is using the rolling update (``ECS``) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%.\n The Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html).\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state.\n You can't specify a custom ``maximumPercent`` value for a service that uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type.\n If the service uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types, and the tasks in the service use the Fargate launch type, the maximum percent value is not used. The value is still returned when describing your service.", "type": "integer" }, "MinimumHealthyPercent": { - "description": "If a service is using the rolling update (``ECS``) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. \n For services that *do not* use a load balancer, the following should be noted:\n + A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n + If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total.\n + If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. \n \n For services that *do* use a load balancer, the following should be noted:\n + If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n + If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n \n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", + "description": "If a service is using the rolling update (``ECS``) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. \n If any tasks are unhealthy and if ``maximumPercent`` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one \u2014 using the ``minimumHealthyPercent`` as a constraint \u2014 to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) . \n For services that *do not* use a load balancer, the following should be noted:\n + A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n + If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total.\n + If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. \n \n For services that *do* use a load balancer, the following should be noted:\n + If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n + If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n \n The default value for a replica service for ``minimumHealthyPercent`` is 100%. The default ``minimumHealthyPercent`` value for a service using the ``DAEMON`` service schedule is 0% for the CLI, the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n The minimum number of healthy tasks during a deployment is the ``desiredCount`` multiplied by the ``minimumHealthyPercent``/100, rounded up to the nearest integer value.\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state.\n You can't specify a custom ``minimumHealthyPercent`` value for a service that uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type.\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", "type": "integer" } }, @@ -128,7 +128,7 @@ }, "DeploymentController": { "additionalProperties": false, - "description": "The deployment controller to use for the service. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "The deployment controller to use for the service.", "properties": { "Type": { "description": "The deployment controller type to use. There are three deployment controller types available:\n + ECS The rolling update (ECS) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the DeploymentConfiguration. + CODE_DEPLOY The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by , which allows you to verify a new deployment of a service before sending production traffic to it. + EXTERNAL The external (EXTERNAL) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service.", @@ -143,6 +143,7 @@ "type": "object" }, "EBSTagSpecification": { + "additionalProperties": false, "description": "The tag specifications of an Amazon EBS volume.", "properties": { "PropagateTags": { @@ -195,15 +196,15 @@ }, "LogConfiguration": { "additionalProperties": false, - "description": "The log configuration for the container. This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/).\n By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.\n Understand the following when specifying a log configuration for your containers.\n + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``.\n + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.\n + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.", + "description": "The log configuration for the container. This parameter maps to ``LogConfig`` in the docker container create command and the ``--log-driver`` option to docker run.\n By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition.\n Understand the following when specifying a log configuration for your containers.\n + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``,``syslog``, ``splunk``, and ``awsfirelens``.\n + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.\n + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.", "properties": { "LogDriver": { - "description": "The log driver to use for the container.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``.\n For more information about using the ``awslogs`` log driver, see [Using the awslogs log driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*.\n For more information about using the ``awsfirelens`` log driver, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*.\n If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.", + "description": "The log driver to use for the container.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``syslog``, ``splunk``, and ``awsfirelens``.\n For more information about using the ``awslogs`` log driver, see [Send Amazon ECS logs to CloudWatch](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*.\n For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html).\n If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.", "type": "string" }, "Options": { "additionalProperties": false, - "description": "The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", + "description": "The configuration options to send to the log driver.\n The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:\n + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. \n To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.\n When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.\n When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``.\n When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. For more information, see [Under the hood: FireLens for Amazon ECS Tasks](https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/).\n When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options.\n This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", "patternProperties": { ".{1,}": { "type": "string" @@ -224,7 +225,7 @@ }, "NetworkConfiguration": { "additionalProperties": false, - "description": "The ``NetworkConfiguration`` property specifies an object representing the network configuration for a task or service.", + "description": "The network configuration for a task or service.", "properties": { "AwsvpcConfiguration": { "$ref": "#/definitions/AwsVpcConfiguration", @@ -235,7 +236,7 @@ }, "PlacementConstraint": { "additionalProperties": false, - "description": "The ``PlacementConstraint`` property specifies an object representing a constraint on task placement in the task definition. For more information, see [Task Placement Constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "An object representing a constraint on task placement. For more information, see [Task placement constraints](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) in the *Amazon Elastic Container Service Developer Guide*.\n If you're using the Fargate launch type, task placement constraints aren't supported.", "properties": { "Expression": { "description": "A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is ``distinctInstance``. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the *Amazon Elastic Container Service Developer Guide*.", @@ -257,10 +258,10 @@ }, "PlacementStrategy": { "additionalProperties": false, - "description": "The ``PlacementStrategy`` property specifies the task placement strategy for a task or service. For more information, see [Task Placement Strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "The task placement strategy for a task or service. For more information, see [Task placement strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html) in the *Amazon Elastic Container Service Developer Guide*.", "properties": { "Field": { - "description": "The field to apply the placement strategy against. For the ``spread`` placement strategy, valid values are ``instanceId`` (or ``host``, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as ``attribute:ecs.availability-zone``. For the ``binpack`` placement strategy, valid values are ``CPU`` and ``MEMORY``. For the ``random`` placement strategy, this field is not used.", + "description": "The field to apply the placement strategy against. For the ``spread`` placement strategy, valid values are ``instanceId`` (or ``host``, which has the same effect), or any platform or custom attribute that's applied to a container instance, such as ``attribute:ecs.availability-zone``. For the ``binpack`` placement strategy, valid values are ``cpu`` and ``memory``. For the ``random`` placement strategy, this field is not used.", "type": "string" }, "Type": { @@ -325,7 +326,7 @@ }, "LogConfiguration": { "$ref": "#/definitions/LogConfiguration", - "description": "The log configuration for the container. This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/).\n By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.\n Understand the following when specifying a log configuration for your containers.\n + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``.\n + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.\n + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to." + "description": "The log configuration for the container. This parameter maps to ``LogConfig`` in the docker container create command and the ``--log-driver`` option to docker run.\n By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition.\n Understand the following when specifying a log configuration for your containers.\n + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``,``syslog``, ``splunk``, and ``awsfirelens``.\n + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.\n + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to." }, "Namespace": { "description": "The namespace name or full Amazon Resource Name (ARN) of the CMAPlong namespace for use with Service Connect. The namespace must be in the same AWS Region as the Amazon ECS service and cluster. The type of namespace doesn't affect Service Connect. For more information about CMAPlong, see [Working with Services](https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) in the *Developer Guide*.", @@ -383,7 +384,7 @@ }, "ServiceConnectTlsCertificateAuthority": { "additionalProperties": false, - "description": "An object that represents the AWS Private Certificate Authority certificate.", + "description": "The certificate root authority that secures your service.", "properties": { "AwsPcaAuthorityArn": { "description": "The ARN of the AWS Private Certificate Authority certificate.", @@ -394,7 +395,7 @@ }, "ServiceConnectTlsConfiguration": { "additionalProperties": false, - "description": "An object that represents the configuration for Service Connect TLS.", + "description": "The key that encrypts and decrypts your resources for Service Connect TLS.", "properties": { "IssuerCertificateAuthority": { "$ref": "#/definitions/ServiceConnectTlsCertificateAuthority", @@ -415,14 +416,15 @@ "type": "object" }, "ServiceManagedEBSVolumeConfiguration": { - "description": "The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service.\n Many of these parameters map 1:1 with the Amazon EBS ``CreateVolume`` API request parameters.", + "additionalProperties": false, + "description": "The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. For information about the supported launch types and operating systems, see [Supported operating systems and launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-volumes.html#ebs-volumes-configuration) in the*Amazon Elastic Container Service Developer Guide*.\n Many of these parameters map 1:1 with the Amazon EBS ``CreateVolume`` API request parameters.", "properties": { "Encrypted": { "description": "Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*.", "type": "boolean" }, "FilesystemType": { - "description": "The Linux filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.\n The available filesystem types are\u2028 ``ext3``, ``ext4``, and ``xfs``. If no value is specified, the ``xfs`` filesystem type is used by default.", + "description": "The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.\n The available Linux filesystem types are\u2028 ``ext3``, ``ext4``, and ``xfs``. If no value is specified, the ``xfs`` filesystem type is used by default.\n The available Windows filesystem types are ``NTFS``.", "type": "string" }, "Iops": { @@ -468,7 +470,7 @@ }, "ServiceRegistry": { "additionalProperties": false, - "description": "The ``ServiceRegistry`` property specifies details of the service registry. For more information, see [Service Discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "The details for the service registry.\n Each service may be associated with one service registry. Multiple service registries for each service are not supported.\n When you add, update, or remove the service registries configuration, Amazon ECS starts a new deployment. New tasks are registered and deregistered to the updated service registry configuration.", "properties": { "ContainerName": { "description": "The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the ``bridge`` or ``host`` network mode, you must specify a ``containerName`` and ``containerPort`` combination from the task definition. If the task definition that your service task specifies uses the ``awsvpc`` network mode and a type SRV DNS record is used, you must specify either a ``containerName`` and ``containerPort`` combination or a ``port`` value. However, you can't specify both.", @@ -490,6 +492,7 @@ "type": "object" }, "ServiceVolumeConfiguration": { + "additionalProperties": false, "description": "The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume.", "properties": { "ManagedEBSVolume": { @@ -508,7 +511,7 @@ }, "Tag": { "additionalProperties": false, - "description": "The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value. You define them.\n The following basic restrictions apply to tags:\n + Maximum number of tags per resource - 50\n + For each resource, each tag key must be unique, and each tag key can have only one value.\n + Maximum key length - 128 Unicode characters in UTF-8\n + Maximum value length - 256 Unicode characters in UTF-8\n + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n + Tag keys and values are case-sensitive.\n + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.", + "description": "The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value. You define them.\n The following basic restrictions apply to tags:\n + Maximum number of tags per resource - 50\n + For each resource, each tag key must be unique, and each tag key can have only one value.\n + Maximum key length - 128 Unicode characters in UTF-8\n + Maximum value length - 256 Unicode characters in UTF-8\n + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n + Tag keys and values are case-sensitive.\n + Do not use ``aws:``, ``AWS:``, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.\n \n In order to tag a service that has the following ARN format, you need to migrate the service to the long ARN. You must use the API, CLI or console to migrate the service ARN. For more information, see [Migrate an short service ARN to a long ARN](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-arn-migration.html) in the *Developer Guide*.\n ``arn:aws:ecs:region:aws_account_id:service/service-name`` \n After the migration is complete, the following are true:\n + The service ARN is: ``arn:aws:ecs:region:aws_account_id:service/cluster-name/service-name`` \n + You can use CFN to tag the service as you would a service with a long ARN format.\n + When the ``PhysicalResourceId`` in the CFN stack represents a service, the value does not change and will be the short service ARN.", "properties": { "Key": { "description": "One part of a key-value pair that make up a tag. A ``key`` is a general label that acts like a category for more specific tag values.", @@ -535,9 +538,33 @@ } }, "type": "object" + }, + "VpcLatticeConfiguration": { + "additionalProperties": false, + "description": "The VPC Lattice configuration for your service that holds the information for the target group(s) Amazon ECS tasks will be registered to.", + "properties": { + "PortName": { + "description": "The name of the port mapping to register in the VPC Lattice target group. This is the name of the ``portMapping`` you defined in your task definition.", + "type": "string" + }, + "RoleArn": { + "description": "The ARN of the IAM role to associate with this VPC Lattice configuration. This is the Amazon ECS\u2028 infrastructure IAM role that is used to manage your VPC Lattice infrastructure.", + "type": "string" + }, + "TargetGroupArn": { + "description": "The full Amazon Resource Name (ARN) of the target group or groups associated with the VPC Lattice configuration that the Amazon ECS tasks will be registered to.", + "type": "string" + } + }, + "required": [ + "RoleArn", + "TargetGroupArn", + "PortName" + ], + "type": "object" } }, - "description": "The ``AWS::ECS::Service`` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.\n The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect ``ServiceConnectService`` is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceConnectService`` must have a name that is unique in the namespace.\n Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.", + "description": "The ``AWS::ECS::Service`` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.\n The stack update fails if you change any properties that require replacement and at least one ECS Service Connect ``ServiceConnectConfiguration`` property is configured. This is because AWS CloudFormation creates the replacement service first, but each ``ServiceConnectService`` must have a name that is unique in the namespace.\n Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.", "handlers": { "create": { "permissions": [ @@ -583,8 +610,17 @@ "/properties/Cluster" ], "properties": { + "AvailabilityZoneRebalancing": { + "default": "DISABLED", + "description": "Indicates whether to use Availability Zone rebalancing for the service.\n For more information, see [Balancing an Amazon ECS service across Availability Zones](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html) in the *Amazon Elastic Container Service Developer Guide*.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "CapacityProviderStrategy": { - "description": "The capacity provider strategy to use for the service.\n If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used.\n A capacity provider strategy may contain a maximum of 6 capacity providers.", + "description": "The capacity provider strategy to use for the service.\n If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used.\n A capacity provider strategy can contain a maximum of 20 capacity providers.\n To remove this property from your service resource, specify an empty ``CapacityProviderStrategyItem`` array.", "items": { "$ref": "#/definitions/CapacityProviderStrategyItem" }, @@ -615,7 +651,7 @@ "type": "boolean" }, "HealthCheckGracePeriodSeconds": { - "description": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of ``0`` is used.\n If you do not use an Elastic Load Balancing, we recommend that you use the ``startPeriod`` in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html).\n If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.", + "description": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of ``0`` is used. If you don't use any of the health checks, then ``healthCheckGracePeriodSeconds`` is unused.\n If your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.", "type": "integer" }, "LaunchType": { @@ -628,7 +664,7 @@ "type": "string" }, "LoadBalancers": { - "description": "A list of load balancer objects to associate with the service. If you specify the ``Role`` property, ``LoadBalancers`` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "A list of load balancer objects to associate with the service. If you specify the ``Role`` property, ``LoadBalancers`` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*.\n To remove this property from your service resource, specify an empty ``LoadBalancer`` array.", "items": { "$ref": "#/definitions/LoadBalancer" }, @@ -643,14 +679,14 @@ "description": "The network configuration for the service. This parameter is required for task definitions that use the ``awsvpc`` network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*." }, "PlacementConstraints": { - "description": "An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.", + "description": "An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.\n To remove this property from your service resource, specify an empty ``PlacementConstraint`` array.", "items": { "$ref": "#/definitions/PlacementConstraint" }, "type": "array" }, "PlacementStrategies": { - "description": "The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service.", + "description": "The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service.\n To remove this property from your service resource, specify an empty ``PlacementStrategy`` array.", "items": { "$ref": "#/definitions/PlacementStrategy" }, @@ -662,7 +698,7 @@ "type": "string" }, "PropagateTags": { - "description": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.\n The default is ``NONE``.", + "description": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.\n You must set this to a value other than ``NONE`` when you use Cost Explorer. For more information, see [Amazon ECS usage reports](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/usage-reports.html) in the *Amazon Elastic Container Service Developer Guide*.\n The default is ``NONE``.", "enum": [ "SERVICE", "TASK_DEFINITION" @@ -694,7 +730,7 @@ "type": "string" }, "ServiceRegistries": { - "description": "The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html).\n Each service may be associated with one service registry. Multiple service registries for each service isn't supported.", + "description": "The details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html).\n Each service may be associated with one service registry. Multiple service registries for each service isn't supported.\n To remove this property from your service resource, specify an empty ``ServiceRegistry`` array.", "items": { "$ref": "#/definitions/ServiceRegistry" }, @@ -712,19 +748,35 @@ "type": "string" }, "VolumeConfigurations": { - "description": "The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume.", + "description": "The configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume.\n To remove this property from your service resource, specify an empty ``ServiceVolumeConfiguration`` array.", "items": { "$ref": "#/definitions/ServiceVolumeConfiguration" }, "type": "array" + }, + "VpcLatticeConfigurations": { + "description": "The VPC Lattice configuration for the service being created.", + "items": { + "$ref": "#/definitions/VpcLatticeConfiguration" + }, + "type": "array" } }, + "propertyTransform": { + "/properties/Role": "Role $OR $join([\"arn:(aws)[-]{0,1}[a-z]{0,3}[-]{0,1}[a-z]{0,3}:iam::[0-9]{12}[:]role/{1}\", Role])", + "/properties/TaskDefinition": "TaskDefinition $OR $join([\"arn:(aws)[-]{0,1}[a-z]{0,3}[-]{0,1}[a-z]{0,3}:ecs:[a-z0-9-]+:[0-9]{12}:task-definition/\", $contains(TaskDefinition,\":\")?TaskDefinition:$join([TaskDefinition, \":[0-9]+\"])])" + }, "readOnlyProperties": [ "/properties/ServiceArn", "/properties/Name" ], "tagging": { - "cloudFormationSystemTags": true, + "cloudFormationSystemTags": false, + "permissions": [ + "ecs:TagResource", + "ecs:UntagResource", + "ecs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ecs-taskdefinition.json b/src/schema/aws-ecs-taskdefinition.json index 83e8d94e..2db0ee3c 100644 --- a/src/schema/aws-ecs-taskdefinition.json +++ b/src/schema/aws-ecs-taskdefinition.json @@ -4,6 +4,7 @@ "/properties/Family", "/properties/ContainerDefinitions", "/properties/Cpu", + "/properties/EnableFaultInjection", "/properties/ExecutionRoleArn", "/properties/InferenceAccelerators", "/properties/Memory", @@ -43,7 +44,7 @@ "description": "The ``ContainerDefinition`` property specifies a container definition. Container definitions are used in task definitions to describe the different containers that are launched as part of a task.", "properties": { "Command": { - "description": "The command that's passed to the container. This parameter maps to ``Cmd`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``COMMAND`` parameter to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For more information, see [https://docs.docker.com/engine/reference/builder/#cmd](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#cmd). If there are multiple arguments, each argument is a separated string in the array.", + "description": "The command that's passed to the container. This parameter maps to ``Cmd`` in the docker container create command and the ``COMMAND`` parameter to docker run. If there are multiple arguments, each argument is a separated string in the array.", "insertionOrder": true, "items": { "type": "string" @@ -51,7 +52,7 @@ "type": "array" }, "Cpu": { - "description": "The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cpu-shares`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value.\n You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024.\n Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.\n On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see [CPU share constraint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#cpu-share-constraint) in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:\n + *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.\n + *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2.\n + *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.\n \n On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0``, which Windows interprets as 1% of one CPU.", + "description": "The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the docker container create commandand the ``--cpu-shares`` option to docker run.\n This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value.\n You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024.\n Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.\n On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:\n + *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.\n + *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2.\n + *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.\n \n On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0``, which Windows interprets as 1% of one CPU.", "type": "integer" }, "CredentialSpecs": { @@ -71,11 +72,11 @@ "type": "array" }, "DisableNetworking": { - "description": "When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/).\n This parameter is not supported for Windows containers.", + "description": "When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the docker container create command.\n This parameter is not supported for Windows containers.", "type": "boolean" }, "DnsSearchDomains": { - "description": "A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--dns-search`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n This parameter is not supported for Windows containers.", + "description": "A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the docker container create command and the ``--dns-search`` option to docker run.\n This parameter is not supported for Windows containers.", "insertionOrder": false, "items": { "type": "string" @@ -83,7 +84,7 @@ "type": "array" }, "DnsServers": { - "description": "A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--dns`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n This parameter is not supported for Windows containers.", + "description": "A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the docker container create command and the ``--dns`` option to docker run.\n This parameter is not supported for Windows containers.", "insertionOrder": false, "items": { "type": "string" @@ -92,7 +93,7 @@ }, "DockerLabels": { "additionalProperties": false, - "description": "A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--label`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", + "description": "A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the docker container create command and the ``--label`` option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", "patternProperties": { ".{1,}": { "type": "string" @@ -101,7 +102,7 @@ "type": "object" }, "DockerSecurityOptions": { - "description": "A list of strings to provide custom configuration for multiple security systems. For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This field isn't valid for containers in tasks using the Fargate launch type.\n For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.\n For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide*.\n This parameter maps to ``SecurityOpt`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--security-opt`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n For more information about valid values, see [Docker Run Security Configuration](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). \n Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"", + "description": "A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.\n For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.\n For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide*.\n This parameter maps to ``SecurityOpt`` in the docker container create command and the ``--security-opt`` option to docker run.\n The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"", "insertionOrder": false, "items": { "type": "string" @@ -109,7 +110,7 @@ "type": "array" }, "EntryPoint": { - "description": "Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead.\n The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--entrypoint`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For more information, see [https://docs.docker.com/engine/reference/builder/#entrypoint](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/builder/#entrypoint).", + "description": "Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead.\n The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in the docker container create command and the ``--entrypoint`` option to docker run.", "insertionOrder": true, "items": { "type": "string" @@ -117,7 +118,7 @@ "type": "array" }, "Environment": { - "description": "The environment variables to pass to a container. This parameter maps to ``Env`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--env`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.", + "description": "The environment variables to pass to a container. This parameter maps to ``Env`` in the docker container create command and the ``--env`` option to docker run.\n We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.", "insertionOrder": false, "items": { "$ref": "#/definitions/KeyValuePair" @@ -126,7 +127,7 @@ "uniqueItems": true }, "EnvironmentFiles": { - "description": "A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored. For more information about the environment variable file syntax, see [Declare default environment variables in file](https://docs.aws.amazon.com/https://docs.docker.com/compose/env-file/).\n If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying Environment Variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "A list of files containing the environment variables to pass to a container. This parameter maps to the ``--env-file`` option to docker run.\n You can specify up to ten environment files. The file must have a ``.env`` file extension. Each line in an environment file contains an environment variable in ``VARIABLE=VALUE`` format. Lines beginning with ``#`` are treated as comments and are ignored.\n If there are environment variables specified using the ``environment`` parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see [Specifying Environment Variables](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html) in the *Amazon Elastic Container Service Developer Guide*.", "insertionOrder": true, "items": { "$ref": "#/definitions/EnvironmentFile" @@ -138,7 +139,7 @@ "type": "boolean" }, "ExtraHosts": { - "description": "A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--add-host`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode.", + "description": "A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the docker container create command and the ``--add-host`` option to docker run.\n This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode.", "insertionOrder": false, "items": { "$ref": "#/definitions/HostEntry" @@ -151,22 +152,22 @@ }, "HealthCheck": { "$ref": "#/definitions/HealthCheck", - "description": "The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``HEALTHCHECK`` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration)." + "description": "The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the docker container create command and the ``HEALTHCHECK`` parameter of docker run." }, "Hostname": { - "description": "The hostname to use for your container. This parameter maps to ``Hostname`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--hostname`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode.", + "description": "The hostname to use for your container. This parameter maps to ``Hostname`` in the docker container create command and the ``--hostname`` option to docker run.\n The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode.", "type": "string" }, "Image": { - "description": "The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``IMAGE`` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n + When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.\n + Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr..amazonaws.com/:latest`` or ``012345678910.dkr.ecr..amazonaws.com/@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``. \n + Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``).\n + Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent``).\n + Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu``).", + "description": "The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the docker container create command and the ``IMAGE`` parameter of docker run.\n + When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.\n + Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr..amazonaws.com/:latest`` or ``012345678910.dkr.ecr..amazonaws.com/@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``. \n + Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``).\n + Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent``).\n + Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu``).", "type": "string" }, "Interactive": { - "description": "When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--interactive`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).", + "description": "When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the docker container create command and the ``--interactive`` option to docker run.", "type": "boolean" }, "Links": { - "description": "The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. For more information about linking Docker containers, go to [Legacy container links](https://docs.aws.amazon.com/https://docs.docker.com/network/links/) in the Docker documentation. This parameter maps to ``Links`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--link`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n This parameter is not supported for Windows containers.\n Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.", + "description": "The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to ``Links`` in the docker container create command and the ``--link`` option to docker run.\n This parameter is not supported for Windows containers.\n Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.", "insertionOrder": false, "items": { "type": "string" @@ -180,18 +181,18 @@ }, "LogConfiguration": { "$ref": "#/definitions/LogConfiguration", - "description": "The log configuration specification for the container.\n This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/). By default, containers use the same logging driver that the Docker daemon uses. However, the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.\n Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.\n This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` \n The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*." + "description": "The log configuration specification for the container.\n This parameter maps to ``LogConfig`` in the docker Create a container command and the ``--log-driver`` option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However, the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.\n Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the [LogConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html) data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.\n This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` \n The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Developer Guide*." }, "Memory": { "description": "The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task ``memory`` value, if one is specified. This parameter maps to ``Memory`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--memory`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n If using the Fargate launch type, this parameter is optional.\n If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level ``memory`` and ``memoryReservation`` value, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used.\n The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container, so you should not specify fewer than 6 MiB of memory for your containers.\n The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.", "type": "integer" }, "MemoryReservation": { - "description": "The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--memory-reservation`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n If a task-level memory value is not specified, you must specify a non-zero integer for one or both of ``memory`` or ``memoryReservation`` in a container definition. If you specify both, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used.\n For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a ``memoryReservation`` of 128 MiB, and a ``memory`` hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.\n The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers. \n The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.", + "description": "The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the docker container create command and the ``--memory-reservation`` option to docker run.\n If a task-level memory value is not specified, you must specify a non-zero integer for one or both of ``memory`` or ``memoryReservation`` in a container definition. If you specify both, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used.\n For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a ``memoryReservation`` of 128 MiB, and a ``memory`` hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.\n The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers. \n The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.", "type": "integer" }, "MountPoints": { - "description": "The mount points for data volumes in your container.\n This parameter maps to ``Volumes`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--volume`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives.", + "description": "The mount points for data volumes in your container.\n This parameter maps to ``Volumes`` in the docker container create command and the ``--volume`` option to docker run.\n Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives.", "insertionOrder": true, "items": { "$ref": "#/definitions/MountPoint" @@ -200,7 +201,7 @@ "uniqueItems": true }, "Name": { - "description": "The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--name`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).", + "description": "The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in the docker container create command and the ``--name`` option to docker run.", "type": "string" }, "PortMappings": { @@ -213,15 +214,15 @@ "uniqueItems": true }, "Privileged": { - "description": "When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--privileged`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n This parameter is not supported for Windows containers or tasks run on FARGATElong.", + "description": "When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the docker container create command and the ``--privileged`` option to docker run\n This parameter is not supported for Windows containers or tasks run on FARGATElong.", "type": "boolean" }, "PseudoTerminal": { - "description": "When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--tty`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).", + "description": "When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in the docker container create command and the ``--tty`` option to docker run.", "type": "boolean" }, "ReadonlyRootFilesystem": { - "description": "When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--read-only`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n This parameter is not supported for Windows containers.", + "description": "When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the docker container create command and the ``--read-only`` option to docker run.\n This parameter is not supported for Windows containers.", "type": "boolean" }, "RepositoryCredentials": { @@ -236,6 +237,10 @@ }, "type": "array" }, + "RestartPolicy": { + "$ref": "#/definitions/RestartPolicy", + "description": "The restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. For more information, see [Restart individual containers in Amazon ECS tasks with container restart policies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html) in the *Amazon Elastic Container Service Developer Guide*." + }, "Secrets": { "description": "The secrets to pass to the container. For more information, see [Specifying Sensitive Data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*.", "insertionOrder": false, @@ -245,15 +250,15 @@ "type": "array" }, "StartTimeout": { - "description": "Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a ``COMPLETE``, ``SUCCESS``, or ``HEALTHY`` status. If a ``startTimeout`` value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a ``STOPPED`` state.\n When the ``ECS_CONTAINER_START_TIMEOUT`` container agent configuration variable is used, it's enforced independently from this start timeout value.\n For tasks using the Fargate launch type, the task or service requires the following platforms:\n + Linux platform version ``1.3.0`` or later.\n + Windows platform version ``1.0.0`` or later.\n \n For tasks using the EC2 launch type, your container instances require at least version ``1.26.0`` of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version ``1.26.0-1`` of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*.\n The valid values are 2-120 seconds.", + "description": "Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a ``COMPLETE``, ``SUCCESS``, or ``HEALTHY`` status. If a ``startTimeout`` value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a ``STOPPED`` state.\n When the ``ECS_CONTAINER_START_TIMEOUT`` container agent configuration variable is used, it's enforced independently from this start timeout value.\n For tasks using the Fargate launch type, the task or service requires the following platforms:\n + Linux platform version ``1.3.0`` or later.\n + Windows platform version ``1.0.0`` or later.\n \n For tasks using the EC2 launch type, your container instances require at least version ``1.26.0`` of the container agent to use a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version ``1.26.0-1`` of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*.\n The valid values for Fargate are 2-120 seconds.", "type": "integer" }, "StopTimeout": { - "description": "Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.\n For tasks using the Fargate launch type, the task or service requires the following platforms:\n + Linux platform version ``1.3.0`` or later.\n + Windows platform version ``1.0.0`` or later.\n \n The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.\n For tasks that use the EC2 launch type, if the ``stopTimeout`` parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ``ECS_CONTAINER_STOP_TIMEOUT`` is used. If neither the ``stopTimeout`` parameter or the ``ECS_CONTAINER_STOP_TIMEOUT`` agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*.\n The valid values are 2-120 seconds.", + "description": "Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.\n For tasks using the Fargate launch type, the task or service requires the following platforms:\n + Linux platform version ``1.3.0`` or later.\n + Windows platform version ``1.0.0`` or later.\n \n For tasks that use the Fargate launch type, the max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.\n For tasks that use the EC2 launch type, if the ``stopTimeout`` parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ``ECS_CONTAINER_STOP_TIMEOUT`` is used. If neither the ``stopTimeout`` parameter or the ``ECS_CONTAINER_STOP_TIMEOUT`` agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) in the *Amazon Elastic Container Service Developer Guide*. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ``ecs-init`` package. If your container instances are launched from version ``20190301`` or later, then they contain the required versions of the container agent and ``ecs-init``. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*.\n The valid values for Fargate are 2-120 seconds.", "type": "integer" }, "SystemControls": { - "description": "A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--sysctl`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections.", + "description": "A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the docker container create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections.", "insertionOrder": false, "items": { "$ref": "#/definitions/SystemControl" @@ -269,11 +274,20 @@ "type": "array" }, "User": { - "description": "The user to use inside the container. This parameter maps to ``User`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--user`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.\n You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer.\n + ``user`` \n + ``user:group`` \n + ``uid`` \n + ``uid:gid`` \n + ``user:gid`` \n + ``uid:group`` \n \n This parameter is not supported for Windows containers.", + "description": "The user to use inside the container. This parameter maps to ``User`` in the docker container create command and the ``--user`` option to docker run.\n When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.\n You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer.\n + ``user`` \n + ``user:group`` \n + ``uid`` \n + ``uid:gid`` \n + ``user:gid`` \n + ``uid:group`` \n \n This parameter is not supported for Windows containers.", + "type": "string" + }, + "VersionConsistency": { + "default": "enabled", + "description": "Specifies whether Amazon ECS will resolve the container image tag provided in the container definition to an image digest. By default, the value is ``enabled``. If you set the value for a container as ``disabled``, Amazon ECS will not resolve the provided container image tag to a digest and will use the original image URI specified in the container definition for deployment. For more information about container image resolution, see [Container image resolution](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html#deployment-container-image-stability) in the *Amazon ECS Developer Guide*.", + "enum": [ + "enabled", + "disabled" + ], "type": "string" }, "VolumesFrom": { - "description": "Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--volumes-from`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).", + "description": "Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in the docker container create command and the ``--volumes-from`` option to docker run.", "insertionOrder": false, "items": { "$ref": "#/definitions/VolumeFrom" @@ -282,7 +296,7 @@ "uniqueItems": true }, "WorkingDirectory": { - "description": "The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--workdir`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).", + "description": "The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the docker container create command and the ``--workdir`` option to docker run.", "type": "string" } }, @@ -340,12 +354,12 @@ "type": "boolean" }, "Driver": { - "description": "The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. For more information, see [Docker plugin discovery](https://docs.aws.amazon.com/https://docs.docker.com/engine/extend/plugin_api/#plugin-discovery). This parameter maps to ``Driver`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxdriver`` option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/).", + "description": "The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to ``Driver`` in the docker container create command and the ``xxdriver`` option to docker volume create.", "type": "string" }, "DriverOpts": { "additionalProperties": false, - "description": "A map of Docker driver-specific options passed through. This parameter maps to ``DriverOpts`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxopt`` option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/).", + "description": "A map of Docker driver-specific options passed through. This parameter maps to ``DriverOpts`` in the docker create-volume command and the ``xxopt`` option to docker volume create.", "patternProperties": { ".{1,}": { "type": "string" @@ -355,7 +369,7 @@ }, "Labels": { "additionalProperties": false, - "description": "Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the [Create a volume](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``xxlabel`` option to [docker volume create](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/volume_create/).", + "description": "Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the docker container create command and the ``xxlabel`` option to docker volume create.", "patternProperties": { ".{1,}": { "type": "string" @@ -424,7 +438,7 @@ "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on FARGATElong. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon ECS Developer Guide;*.\n For tasks using the Fargate launch type, the task requires the following platforms:\n + Linux platform version ``1.4.0`` or later.\n + Windows platform version ``1.0.0`` or later.", "properties": { "SizeInGiB": { - "description": "The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is ``20`` GiB and the maximum supported value is ``200`` GiB.", + "description": "The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is ``21`` GiB and the maximum supported value is ``200`` GiB.", "type": "integer" } }, @@ -432,14 +446,14 @@ }, "FSxAuthorizationConfig": { "additionalProperties": false, - "description": "", + "description": "The authorization configuration details for Amazon FSx for Windows File Server file system. See [FSxWindowsFileServerVolumeConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FSxWindowsFileServerVolumeConfiguration.html) in the *Amazon ECS API Reference*.\n For more information and the input format, see [Amazon FSx for Windows File Server Volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html) in the *Amazon Elastic Container Service Developer Guide*.", "properties": { "CredentialsParameter": { - "description": "", + "description": "The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an ASMlong secret or SSM Parameter Store parameter. The ARN refers to the stored credentials.", "type": "string" }, "Domain": { - "description": "", + "description": "A fully qualified domain name hosted by an [](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.", "type": "string" } }, @@ -495,10 +509,10 @@ }, "HealthCheck": { "additionalProperties": false, - "description": "The ``HealthCheck`` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the ``HEALTHCHECK`` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/).\n The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.\n If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.\n The following are notes about container health check support:\n + Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html).\n + Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).\n + Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.", + "description": "The ``HealthCheck`` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the ``HEALTHCHECK`` parameter of docker run.\n The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.\n If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.\n The following are notes about container health check support:\n + Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html).\n + Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).\n + Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.", "properties": { "Command": { - "description": "A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. \n When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets.\n ``[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]`` \n You don't include the double quotes and brackets when you use the AWS Management Console.\n ``CMD-SHELL, curl -f http://localhost/ || exit 1`` \n An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/).", + "description": "A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. \n When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets.\n ``[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]`` \n You don't include the double quotes and brackets when you use the AWS Management Console.\n ``CMD-SHELL, curl -f http://localhost/ || exit 1`` \n An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command.", "insertionOrder": true, "items": { "type": "string" @@ -506,19 +520,19 @@ "type": "array" }, "Interval": { - "description": "The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.", + "description": "The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a ``command``.", "type": "integer" }, "Retries": { - "description": "The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3.", + "description": "The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a ``command``.", "type": "integer" }, "StartPeriod": { - "description": "The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off.\n If a health check succeeds within the ``startPeriod``, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.", + "description": "The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. This value applies only when you specify a ``command``. \n If a health check succeeds within the ``startPeriod``, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.", "type": "integer" }, "Timeout": { - "description": "The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5.", + "description": "The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a ``command``.", "type": "integer" } }, @@ -567,10 +581,10 @@ }, "KernelCapabilities": { "additionalProperties": false, - "description": "The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more information about the default capabilities and the non-default available capabilities, see [Runtime privilege and Linux capabilities](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) in the *Docker run reference*. For more detailed information about these Linux capabilities, see the [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page.", + "description": "The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page.\n The following describes how Docker processes the Linux capabilities specified in the ``add`` and ``drop`` request parameters. For information about the latest behavior, see [Docker Compose: order of cap_drop and cap_add](https://docs.aws.amazon.com/https://forums.docker.com/t/docker-compose-order-of-cap-drop-and-cap-add/97136/1) in the Docker Community Forum.\n + When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the ``add`` request parameter, and the ``drop`` request parameter are ignored.\n + When the ``add`` request parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in the ``drop`` request parameter.\n + When the ``drop`` request parameter is set to ALL, the container capabilities are the capabilities specified in the ``add`` request parameter.\n + When the ``add`` request parameter and the ``drop`` request parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities.\n + The default is to first drop the capabilities specified in the ``drop`` request parameter, and then add the capabilities specified in the ``add`` request parameter.", "properties": { "Add": { - "description": "The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cap-add`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability.\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``", + "description": "The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the docker container create command and the ``--cap-add`` option to docker run.\n Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability.\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``", "insertionOrder": false, "items": { "type": "string" @@ -578,7 +592,7 @@ "type": "array" }, "Drop": { - "description": "The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--cap-drop`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``", + "description": "The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the docker container create command and the ``--cap-drop`` option to docker run.\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``", "insertionOrder": false, "items": { "type": "string" @@ -612,7 +626,7 @@ "description": "The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker.\n For tasks that use the Fargate launch type, ``capabilities`` is supported for all platform versions but the ``add`` parameter is only supported if using platform version 1.4.0 or later." }, "Devices": { - "description": "Any host devices to expose to the container. This parameter maps to ``Devices`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--device`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported.", + "description": "Any host devices to expose to the container. This parameter maps to ``Devices`` in the docker container create command and the ``--device`` option to docker run.\n If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported.", "insertionOrder": false, "items": { "$ref": "#/definitions/Device" @@ -620,23 +634,23 @@ "type": "array" }, "InitProcessEnabled": { - "description": "Run an ``init`` process inside the container that forwards signals and reaps processes. This parameter maps to the ``--init`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", + "description": "Run an ``init`` process inside the container that forwards signals and reaps processes. This parameter maps to the ``--init`` option to docker run. This parameter requires version 1.25 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", "type": "boolean" }, "MaxSwap": { - "description": "The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the ``--memory-swap`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) where the value would be the sum of the container memory plus the ``maxSwap`` value.\n If a ``maxSwap`` value of ``0`` is specified, the container will not use swap. Accepted values are ``0`` or any positive integer. If the ``maxSwap`` parameter is omitted, the container will use the swap configuration for the container instance it is running on. A ``maxSwap`` value must be set for the ``swappiness`` parameter to be used.\n If you're using tasks that use the Fargate launch type, the ``maxSwap`` parameter isn't supported.\n If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported.", + "description": "The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the ``--memory-swap`` option to docker run where the value would be the sum of the container memory plus the ``maxSwap`` value.\n If a ``maxSwap`` value of ``0`` is specified, the container will not use swap. Accepted values are ``0`` or any positive integer. If the ``maxSwap`` parameter is omitted, the container will use the swap configuration for the container instance it is running on. A ``maxSwap`` value must be set for the ``swappiness`` parameter to be used.\n If you're using tasks that use the Fargate launch type, the ``maxSwap`` parameter isn't supported.\n If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported.", "type": "integer" }, "SharedMemorySize": { - "description": "The value for the size (in MiB) of the ``/dev/shm`` volume. This parameter maps to the ``--shm-size`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n If you are using tasks that use the Fargate launch type, the ``sharedMemorySize`` parameter is not supported.", + "description": "The value for the size (in MiB) of the ``/dev/shm`` volume. This parameter maps to the ``--shm-size`` option to docker run.\n If you are using tasks that use the Fargate launch type, the ``sharedMemorySize`` parameter is not supported.", "type": "integer" }, "Swappiness": { - "description": "This allows you to tune a container's memory swappiness behavior. A ``swappiness`` value of ``0`` will cause swapping to not happen unless absolutely necessary. A ``swappiness`` value of ``100`` will cause pages to be swapped very aggressively. Accepted values are whole numbers between ``0`` and ``100``. If the ``swappiness`` parameter is not specified, a default value of ``60`` is used. If a value is not specified for ``maxSwap`` then this parameter is ignored. This parameter maps to the ``--memory-swappiness`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n If you're using tasks that use the Fargate launch type, the ``swappiness`` parameter isn't supported.\n If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported.", + "description": "This allows you to tune a container's memory swappiness behavior. A ``swappiness`` value of ``0`` will cause swapping to not happen unless absolutely necessary. A ``swappiness`` value of ``100`` will cause pages to be swapped very aggressively. Accepted values are whole numbers between ``0`` and ``100``. If the ``swappiness`` parameter is not specified, a default value of ``60`` is used. If a value is not specified for ``maxSwap`` then this parameter is ignored. This parameter maps to the ``--memory-swappiness`` option to docker run.\n If you're using tasks that use the Fargate launch type, the ``swappiness`` parameter isn't supported.\n If you're using tasks on Amazon Linux 2023 the ``swappiness`` parameter isn't supported.", "type": "integer" }, "Tmpfs": { - "description": "The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the ``--tmpfs`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration).\n If you're using tasks that use the Fargate launch type, the ``tmpfs`` parameter isn't supported.", + "description": "The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the ``--tmpfs`` option to docker run.\n If you're using tasks that use the Fargate launch type, the ``tmpfs`` parameter isn't supported.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tmpfs" @@ -651,12 +665,12 @@ "description": "The ``LogConfiguration`` property specifies log configuration options to send to a custom log driver for the container.", "properties": { "LogDriver": { - "description": "The log driver to use for the container.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``.\n For more information about using the ``awslogs`` log driver, see [Using the awslogs log driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*.\n For more information about using the ``awsfirelens`` log driver, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*.\n If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.", + "description": "The log driver to use for the container.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``syslog``, ``splunk``, and ``awsfirelens``.\n For more information about using the ``awslogs`` log driver, see [Send Amazon ECS logs to CloudWatch](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*.\n For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html).\n If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.", "type": "string" }, "Options": { "additionalProperties": false, - "description": "The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", + "description": "The configuration options to send to the log driver.\n The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:\n + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. \n To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.\n When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.\n When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``.\n When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. For more information, see [Under the hood: FireLens for Amazon ECS Tasks](https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/).\n When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options.\n This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", "patternProperties": { ".{1,}": { "type": "string" @@ -723,7 +737,7 @@ "type": "integer" }, "Name": { - "description": "The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the ``serviceConnectConfiguration`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.\n For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "The name that's used for the port mapping. This parameter is the name that you use in the ``serviceConnectConfiguration`` and the ``vpcLatticeConfigurations`` of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.", "type": "string" }, "Protocol": { @@ -790,6 +804,29 @@ ], "type": "object" }, + "RestartPolicy": { + "additionalProperties": false, + "description": "You can enable a restart policy for each container defined in your task definition, to overcome transient failures faster and maintain task availability. When you enable a restart policy for a container, Amazon ECS can restart the container if it exits, without needing to replace the task. For more information, see [Restart individual containers in Amazon ECS tasks with container restart policies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html) in the *Amazon Elastic Container Service Developer Guide*.", + "properties": { + "Enabled": { + "description": "Specifies whether a restart policy is enabled for the container.", + "type": "boolean" + }, + "IgnoredExitCodes": { + "description": "A list of exit codes that Amazon ECS will ignore and not attempt a restart on. You can specify a maximum of 50 container exit codes. By default, Amazon ECS does not ignore any exit codes.", + "insertionOrder": false, + "items": { + "type": "integer" + }, + "type": "array" + }, + "RestartAttemptPeriod": { + "description": "A period of time (in seconds) that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. By default, a container must run for 300 seconds before it can be restarted.", + "type": "integer" + } + }, + "type": "object" + }, "RuntimePlatform": { "additionalProperties": false, "description": "Information about the platform for the Amazon ECS service or task.\n For more information about ``RuntimePlatform``, see [RuntimePlatform](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) in the *Amazon Elastic Container Service Developer Guide*.", @@ -826,7 +863,7 @@ }, "SystemControl": { "additionalProperties": false, - "description": "A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--sysctl`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration). For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections.\n We don't recommend that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network mode. Doing this has the following disadvantages:\n + For tasks that use the ``awsvpc`` network mode including Fargate, if you set ``systemControls`` for any container, it applies to all containers in the task. If you set different ``systemControls`` for multiple containers in a single task, the container that's started last determines which ``systemControls`` take effect.\n + For tasks that use the ``host`` network mode, the network namespace ``systemControls`` aren't supported.\n \n If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode).\n + For tasks that use the ``host`` IPC mode, IPC namespace ``systemControls`` aren't supported.\n + For tasks that use the ``task`` IPC mode, IPC namespace ``systemControls`` values apply to all containers within a task.\n \n This parameter is not supported for Windows containers.\n This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.", + "description": "A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in the docker container create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections.\n We don't recommend that you specify network-related ``systemControls`` parameters for multiple containers in a single task that also uses either the ``awsvpc`` or ``host`` network mode. Doing this has the following disadvantages:\n + For tasks that use the ``awsvpc`` network mode including Fargate, if you set ``systemControls`` for any container, it applies to all containers in the task. If you set different ``systemControls`` for multiple containers in a single task, the container that's started last determines which ``systemControls`` take effect.\n + For tasks that use the ``host`` network mode, the network namespace ``systemControls`` aren't supported.\n \n If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode).\n + For tasks that use the ``host`` IPC mode, IPC namespace ``systemControls`` aren't supported.\n + For tasks that use the ``task`` IPC mode, IPC namespace ``systemControls`` values apply to all containers within a task.\n \n This parameter is not supported for Windows containers.\n This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.", "properties": { "Namespace": { "description": "The namespaced kernel parameter to set a ``value`` for.", @@ -903,7 +940,7 @@ "description": "The ``ulimit`` settings to pass to the container.\n Amazon ECS tasks hosted on FARGATElong use the default resource limit values set by the operating system with the exception of the ``nofile`` resource limit parameter which FARGATElong overrides. The ``nofile`` resource limit sets a restriction on the number of open files that a container can use. The default ``nofile`` soft limit is ``65535`` and the default hard limit is ``65535``.\n You can specify the ``ulimit`` settings for a container in a task definition.", "properties": { "HardLimit": { - "description": "The hard limit for the ``ulimit`` type.", + "description": "The hard limit for the ``ulimit`` type. The value can be specified in bytes, seconds, or as a count, depending on the ``type`` of the ``ulimit``.", "type": "integer" }, "Name": { @@ -911,7 +948,7 @@ "type": "string" }, "SoftLimit": { - "description": "The soft limit for the ``ulimit`` type.", + "description": "The soft limit for the ``ulimit`` type. The value can be specified in bytes, seconds, or as a count, depending on the ``type`` of the ``ulimit``.", "type": "integer" } }, @@ -969,7 +1006,7 @@ "type": "object" } }, - "description": "Registers a new task definition from the supplied ``family`` and ``containerDefinitions``. Optionally, you can add data volumes to your containers with the ``volumes`` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*.\n You can specify a role for your task with the ``taskRoleArn`` parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.\n You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. The available network modes correspond to those described in [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#/network-settings) in the Docker run reference. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.\n In the following example or examples, the Authorization header contents (``AUTHPARAMS``) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*.\n You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself.", + "description": "Registers a new task definition from the supplied ``family`` and ``containerDefinitions``. Optionally, you can add data volumes to your containers with the ``volumes`` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*.\n You can specify a role for your task with the ``taskRoleArn`` parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.\n You can specify a Docker networking mode for the containers in your task definition with the ``networkMode`` parameter. If you specify the ``awsvpc`` network mode, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.\n In the following example or examples, the Authorization header contents (``AUTHPARAMS``) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*.\n You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself.", "handlers": { "create": { "permissions": [ @@ -1024,9 +1061,13 @@ "uniqueItems": true }, "Cpu": { - "description": "The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter.\n The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.\n + 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)\n + 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)\n + 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)\n + 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)\n + 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)\n + 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments\n This option requires Linux platform ``1.4.0`` or later.\n + 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments\n This option requires Linux platform ``1.4.0`` or later.", + "description": "The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter.\n If you're using the EC2 launch type or the external launch type, this field is optional. Supported values are between ``128`` CPU units (``0.125`` vCPUs) and ``196608`` CPU units (``192`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.\n + 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)\n + 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)\n + 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)\n + 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)\n + 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)\n + 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments\n This option requires Linux platform ``1.4.0`` or later.\n + 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments\n This option requires Linux platform ``1.4.0`` or later.", "type": "string" }, + "EnableFaultInjection": { + "description": "Enables fault injection and allows for fault injection requests to be accepted from the task's containers. The default value is ``false``.", + "type": "boolean" + }, "EphemeralStorage": { "$ref": "#/definitions/EphemeralStorage", "description": "The ephemeral storage settings to use for tasks run with the task definition." @@ -1049,7 +1090,7 @@ "uniqueItems": true }, "IpcMode": { - "description": "The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference*.\n If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/).\n If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported.\n + For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task.\n \n This parameter is not supported for Windows containers or tasks run on FARGATElong.", + "description": "The IPC resource namespace to use for the containers in the task. The valid values are ``host``, ``task``, or ``none``. If ``host`` is specified, then all containers within the tasks that specified the ``host`` IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If ``task`` is specified, all containers within the specified task share the same IPC resources. If ``none`` is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance.\n If the ``host`` IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose.\n If you are setting namespaced kernel parameters using ``systemControls`` for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that use the ``host`` IPC mode, IPC namespace related ``systemControls`` are not supported.\n + For tasks that use the ``task`` IPC mode, IPC namespace related ``systemControls`` will apply to all containers within a task.\n \n This parameter is not supported for Windows containers or tasks run on FARGATElong.", "type": "string" }, "Memory": { @@ -1057,11 +1098,11 @@ "type": "string" }, "NetworkMode": { - "description": "The Docker networking mode to use for the containers in the task. The valid values are ``none``, ``bridge``, ``awsvpc``, and ``host``. If no network mode is specified, the default is ``bridge``.\n For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ```` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode.\n With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. \n When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.\n If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.\n If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.\n For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference*.", + "description": "The Docker networking mode to use for the containers in the task. The valid values are ``none``, ``bridge``, ``awsvpc``, and ``host``. If no network mode is specified, the default is ``bridge``.\n For Amazon ECS tasks on Fargate, the ``awsvpc`` network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, ```` or ``awsvpc`` can be used. If the network mode is set to ``none``, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The ``host`` and ``awsvpc`` network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the ``bridge`` mode.\n With the ``host`` and ``awsvpc`` network modes, exposed container ports are mapped directly to the corresponding host port (for the ``host`` network mode) or the attached elastic network interface port (for the ``awsvpc`` network mode), so you cannot take advantage of dynamic host port mappings. \n When using the ``host`` network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.\n If the network mode is ``awsvpc``, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.\n If the network mode is ``host``, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.", "type": "string" }, "PidMode": { - "description": "The process namespace to use for the containers in the task. The valid values are ``host`` or ``task``. On Fargate for Linux containers, the only valid value is ``task``. For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task.\n If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.\n If ``task`` is specified, all containers within the specified task share the same process namespace.\n If no value is specified, the default is a private namespace for each container. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference*.\n If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/).\n This parameter is not supported for Windows containers.\n This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.", + "description": "The process namespace to use for the containers in the task. The valid values are ``host`` or ``task``. On Fargate for Linux containers, the only valid value is ``task``. For example, monitoring sidecars might need ``pidMode`` to access information about other containers running in the same task.\n If ``host`` is specified, all containers within the tasks that specified the ``host`` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.\n If ``task`` is specified, all containers within the specified task share the same process namespace.\n If no value is specified, the default is a private namespace for each container.\n If the ``host`` PID mode is used, there's a heightened risk of undesired process namespace exposure.\n This parameter is not supported for Windows containers.\n This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version ``1.4.0`` or later (Linux). This isn't supported for Windows containers on Fargate.", "type": "string" }, "PlacementConstraints": { @@ -1103,7 +1144,7 @@ "type": "string" }, "TaskRoleArn": { - "description": "The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For informationabout the required IAM roles for Amazon ECS, see [IAM roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html) in the *Amazon Elastic Container Service Developer Guide*.", + "description": "The short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.\n IAM roles for tasks on Windows require that the ``-EnableTaskIAMRole`` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*.\n String validation is done on the ECS side. If an invalid string value is given for ``TaskRoleArn``, it may cause the Cloudformation job to hang.", "type": "string" }, "Volumes": { @@ -1125,6 +1166,11 @@ "sourceUrl": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ecs:TagResource", + "ecs:UntagResource", + "ecs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ecs-taskset.json b/src/schema/aws-ecs-taskset.json index e0aee5d4..154b816a 100644 --- a/src/schema/aws-ecs-taskset.json +++ b/src/schema/aws-ecs-taskset.json @@ -9,7 +9,8 @@ "/properties/PlatformVersion", "/properties/Service", "/properties/ServiceRegistries", - "/properties/TaskDefinition" + "/properties/TaskDefinition", + "/properties/CapacityProviderStrategy" ], "definitions": { "AwsVpcConfiguration": { @@ -46,6 +47,21 @@ ], "type": "object" }, + "CapacityProviderStrategyItem": { + "additionalProperties": false, + "properties": { + "Base": { + "type": "integer" + }, + "CapacityProvider": { + "type": "string" + }, + "Weight": { + "type": "integer" + } + }, + "type": "object" + }, "LoadBalancer": { "additionalProperties": false, "description": "A load balancer object representing the load balancer to use with the task set. The supported load balancer types are either an Application Load Balancer or a Network Load Balancer. ", @@ -164,6 +180,12 @@ "/properties/Id" ], "properties": { + "CapacityProviderStrategy": { + "items": { + "$ref": "#/definitions/CapacityProviderStrategyItem" + }, + "type": "array" + }, "Cluster": { "description": "The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in.", "type": "string" @@ -234,7 +256,13 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ecs.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ecs:TagResource", + "ecs:UntagResource", + "ecs:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-efs-accesspoint.json b/src/schema/aws-efs-accesspoint.json index 6fafea29..0ee0cebd 100644 --- a/src/schema/aws-efs-accesspoint.json +++ b/src/schema/aws-efs-accesspoint.json @@ -185,7 +185,12 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "elasticfilesystem:TagResource", + "elasticfilesystem:ListTagsForResource", + "elasticfilesystem:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/AccessPointTags", "tagUpdatable": true, diff --git a/src/schema/aws-efs-filesystem.json b/src/schema/aws-efs-filesystem.json index 2f45f58a..bd71e735 100644 --- a/src/schema/aws-efs-filesystem.json +++ b/src/schema/aws-efs-filesystem.json @@ -52,7 +52,7 @@ "description": "Describes the protection on the file system.", "properties": { "ReplicationOverwriteProtection": { - "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` \u2013 The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` \u2013 The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` \u2013 The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.", + "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` \u2013 The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` \u2013 The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` \u2013 The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.", "enum": [ "DISABLED", "ENABLED" @@ -108,6 +108,7 @@ }, "FileSystemId": { "description": "The ID of the destination Amazon EFS file system.", + "pattern": "^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$", "type": "string" }, "KmsKeyId": { @@ -117,6 +118,18 @@ "Region": { "description": "The AWS-Region in which the destination file system is located.\n For One Zone file systems, the replication configuration must specify the AWS-Region in which the destination file system is located.", "type": "string" + }, + "RoleArn": { + "description": "The Amazon Resource Name (ARN) of the current source file system in the replication configuration.", + "type": "string" + }, + "Status": { + "description": "Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*.", + "type": "string" + }, + "StatusMessage": { + "description": "Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*.", + "type": "string" } }, "type": "object" @@ -137,7 +150,9 @@ "elasticfilesystem:UpdateFileSystemProtection", "kms:DescribeKey", "kms:GenerateDataKeyWithoutPlaintext", - "kms:CreateGrant" + "kms:CreateGrant", + "iam:PassRole", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -187,7 +202,9 @@ "elasticfilesystem:UpdateFileSystemProtection", "kms:DescribeKey", "kms:GenerateDataKeyWithoutPlaintext", - "kms:CreateGrant" + "kms:CreateGrant", + "iam:PassRole", + "iam:CreateServiceLinkedRole" ] } }, @@ -266,15 +283,24 @@ }, "propertyTransform": { "/properties/FileSystemProtection/ReplicationOverwriteProtection": "$uppercase(FileSystemProtection.ReplicationOverwriteProtection)='DISABLED' ? 'REPLICATING' : $uppercase(FileSystemProtection.ReplicationOverwriteProtection)", - "/properties/KmsKeyId": "\"arn:aws[-a-z]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-zA-Z0-9-]+\"" + "/properties/KmsKeyId": "\"arn:aws[-a-z]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-zA-Z0-9-]+\"", + "/properties/ReplicationConfiguration/Destinations/*/FileSystemId": "$split(FileSystemId, \"/\")[-1]" }, "readOnlyProperties": [ "/properties/Arn", - "/properties/FileSystemId" + "/properties/FileSystemId", + "/properties/ReplicationConfiguration/Destinations/*/Status", + "/properties/ReplicationConfiguration/Destinations/*/StatusMessage" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "elasticfilesystem:TagResource", + "elasticfilesystem:ListTagsForResource", + "elasticfilesystem:UntagResource", + "elasticfilesystem:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/FileSystemTags", "tagUpdatable": true, diff --git a/src/schema/aws-efs-mounttarget.json b/src/schema/aws-efs-mounttarget.json index b2666876..da4ba6f2 100644 --- a/src/schema/aws-efs-mounttarget.json +++ b/src/schema/aws-efs-mounttarget.json @@ -66,7 +66,7 @@ "type": "string" }, "SecurityGroups": { - "description": "Up to five VPC security group IDs, of the form ``sg-xxxxxxxx``. These must be for the same VPC as subnet specified.", + "description": "VPC security group IDs, of the form ``sg-xxxxxxxx``. These must be for the same VPC as the subnet specified. The maximum number of security groups depends on account quota. For more information, see [Amazon VPC Quotas](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) in the *Amazon VPC User Guide* (see the *Security Groups* table).", "insertionOrder": false, "items": { "type": "string" diff --git a/src/schema/aws-eks-accessentry.json b/src/schema/aws-eks-accessentry.json index d755e89e..ffb3ebda 100644 --- a/src/schema/aws-eks-accessentry.json +++ b/src/schema/aws-eks-accessentry.json @@ -192,6 +192,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-eks.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "eks:TagResource", + "eks:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-eks-addon.json b/src/schema/aws-eks-addon.json index 571fa015..983f6c63 100644 --- a/src/schema/aws-eks-addon.json +++ b/src/schema/aws-eks-addon.json @@ -95,11 +95,11 @@ "eks:UpdateAddon", "eks:DescribeAddon", "eks:DescribeUpdate", - "eks:ListTagsForResource", "eks:TagResource", "eks:UntagResource", "eks:CreatePodIdentityAssociation", - "eks:DeletePodIdentityAssociation" + "eks:DeletePodIdentityAssociation", + "eks:UpdatePodIdentityAssociation" ] } }, @@ -180,6 +180,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-eks.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "eks:TagResource", + "eks:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-eks-cluster.json b/src/schema/aws-eks-cluster.json index 98c6bd06..35d27738 100644 --- a/src/schema/aws-eks-cluster.json +++ b/src/schema/aws-eks-cluster.json @@ -3,7 +3,8 @@ "createOnlyProperties": [ "/properties/OutpostConfig", "/properties/EncryptionConfig", - "/properties/KubernetesNetworkConfig", + "/properties/KubernetesNetworkConfig/IpFamily", + "/properties/KubernetesNetworkConfig/ServiceIpv4Cidr", "/properties/AccessConfig/BootstrapClusterCreatorAdminPermissions", "/properties/Name", "/properties/RoleArn", @@ -30,6 +31,17 @@ }, "type": "object" }, + "BlockStorage": { + "additionalProperties": false, + "description": "Todo: add description", + "properties": { + "Enabled": { + "description": "Todo: add description", + "type": "boolean" + } + }, + "type": "object" + }, "ClusterLogging": { "additionalProperties": false, "description": "The cluster control plane logging configuration for your cluster. ", @@ -40,6 +52,29 @@ }, "type": "object" }, + "ComputeConfig": { + "additionalProperties": false, + "description": "Todo: add description", + "properties": { + "Enabled": { + "description": "Todo: add description", + "type": "boolean" + }, + "NodePools": { + "description": "Todo: add description", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "NodeRoleArn": { + "description": "Todo: add description", + "type": "string" + } + }, + "type": "object" + }, "ControlPlanePlacement": { "additionalProperties": false, "description": "Specify the placement group of the control plane machines for your cluster.", @@ -51,6 +86,17 @@ }, "type": "object" }, + "ElasticLoadBalancing": { + "additionalProperties": false, + "description": "Todo: add description", + "properties": { + "Enabled": { + "description": "Todo: add description", + "type": "boolean" + } + }, + "type": "object" + }, "EnabledTypes": { "description": "Enable control plane logs for your cluster, all log types will be disabled if the array is empty", "insertionOrder": false, @@ -82,6 +128,10 @@ "additionalProperties": false, "description": "The Kubernetes network configuration for the cluster.", "properties": { + "ElasticLoadBalancing": { + "$ref": "#/definitions/ElasticLoadBalancing", + "description": "Todo: add description" + }, "IpFamily": { "description": "Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on", "enum": [ @@ -168,6 +218,24 @@ }, "type": "object" }, + "RemoteNetworkConfig": { + "additionalProperties": false, + "description": "Configuration fields for specifying on-premises node and pod CIDRs that are external to the VPC passed during cluster creation.", + "properties": { + "RemoteNodeNetworks": { + "$ref": "#/definitions/RemoteNodeNetworks", + "description": "Network configuration of nodes run on-premises with EKS Hybrid Nodes." + }, + "RemotePodNetworks": { + "$ref": "#/definitions/RemotePodNetworks", + "description": "Network configuration of pods run on-premises with EKS Hybrid Nodes." + } + }, + "required": [ + "RemoteNodeNetworks" + ], + "type": "object" + }, "RemoteNodeNetwork": { "additionalProperties": false, "description": "Network configuration of nodes run on-premises with EKS Hybrid Nodes.", @@ -267,6 +335,17 @@ ], "type": "object" }, + "StorageConfig": { + "additionalProperties": false, + "description": "Todo: add description", + "properties": { + "BlockStorage": { + "$ref": "#/definitions/BlockStorage", + "description": "Todo: add description" + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -304,6 +383,17 @@ } }, "type": "object" + }, + "ZonalShiftConfig": { + "additionalProperties": false, + "description": "The current zonal shift configuration to use for the cluster.", + "properties": { + "Enabled": { + "description": "Set this value to true to enable zonal shift for the cluster.", + "type": "boolean" + } + }, + "type": "object" } }, "description": "An object representing an Amazon EKS cluster.", @@ -313,6 +403,7 @@ "eks:CreateCluster", "eks:DescribeCluster", "eks:TagResource", + "eks:CreateAccessEntry", "iam:PassRole", "iam:GetRole", "iam:ListAttachedRolePolicies", @@ -370,7 +461,7 @@ "type": "string" }, "BootstrapSelfManagedAddons": { - "description": "Set this value to false to avoid creating the default networking addons when the cluster is created.", + "description": "Set this value to false to avoid creating the default networking add-ons when the cluster is created.", "type": "boolean" }, "CertificateAuthorityData": { @@ -381,6 +472,9 @@ "description": "The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.", "type": "string" }, + "ComputeConfig": { + "$ref": "#/definitions/ComputeConfig" + }, "EncryptionConfig": { "insertionOrder": false, "items": { @@ -397,6 +491,11 @@ "description": "The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.", "type": "string" }, + "Force": { + "default": false, + "description": "Force cluster version update", + "type": "boolean" + }, "Id": { "description": "The unique ID given to your cluster.", "type": "string" @@ -421,6 +520,9 @@ "OutpostConfig": { "$ref": "#/definitions/OutpostConfig" }, + "RemoteNetworkConfig": { + "$ref": "#/definitions/RemoteNetworkConfig" + }, "ResourcesVpcConfig": { "$ref": "#/definitions/ResourcesVpcConfig" }, @@ -428,6 +530,9 @@ "description": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.", "type": "string" }, + "StorageConfig": { + "$ref": "#/definitions/StorageConfig" + }, "Tags": { "description": "An array of key-value pairs to apply to this resource.", "insertionOrder": false, @@ -444,6 +549,9 @@ "description": "The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.", "pattern": "1\\.\\d\\d", "type": "string" + }, + "ZonalShiftConfig": { + "$ref": "#/definitions/ZonalShiftConfig" } }, "readOnlyProperties": [ @@ -463,6 +571,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-eks.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "eks:TagResource", + "eks:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -471,6 +583,7 @@ "typeName": "AWS::EKS::Cluster", "writeOnlyProperties": [ "/properties/AccessConfig/BootstrapClusterCreatorAdminPermissions", - "/properties/BootstrapSelfManagedAddons" + "/properties/BootstrapSelfManagedAddons", + "/properties/Force" ] } diff --git a/src/schema/aws-eks-fargateprofile.json b/src/schema/aws-eks-fargateprofile.json index ee734599..56681694 100644 --- a/src/schema/aws-eks-fargateprofile.json +++ b/src/schema/aws-eks-fargateprofile.json @@ -115,7 +115,6 @@ "update": { "permissions": [ "eks:DescribeFargateProfile", - "eks:ListTagsForResource", "eks:TagResource", "eks:UntagResource" ] @@ -177,6 +176,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-eks.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "eks:TagResource", + "eks:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-eks-identityproviderconfig.json b/src/schema/aws-eks-identityproviderconfig.json index ad6a8fa5..1b41d880 100644 --- a/src/schema/aws-eks-identityproviderconfig.json +++ b/src/schema/aws-eks-identityproviderconfig.json @@ -190,6 +190,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-eks.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "eks:TagResource", + "eks:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-eks-nodegroup.json b/src/schema/aws-eks-nodegroup.json index f3525354..1d42120d 100644 --- a/src/schema/aws-eks-nodegroup.json +++ b/src/schema/aws-eks-nodegroup.json @@ -31,6 +31,17 @@ }, "type": "object" }, + "NodeRepairConfig": { + "additionalProperties": false, + "description": "The node auto repair configuration for node group.", + "properties": { + "Enabled": { + "description": "Set this value to true to enable node auto repair for the node group.", + "type": "boolean" + } + }, + "type": "object" + }, "RemoteAccess": { "additionalProperties": false, "description": "An object representing a remote access configuration specification for AWS EKS Nodegroup.", @@ -104,6 +115,10 @@ "maximum": 100, "minimum": 1, "type": "number" + }, + "UpdateStrategy": { + "description": "The configuration for the behavior to follow during an node group version update of this managed node group. You choose between two possible strategies for replacing nodes during an UpdateNodegroupVersion action.", + "type": "string" } }, "type": "object" @@ -228,6 +243,10 @@ "$ref": "#/definitions/LaunchTemplateSpecification", "description": "An object representing a node group's launch template specification." }, + "NodeRepairConfig": { + "$ref": "#/definitions/NodeRepairConfig", + "description": "The node auto repair configuration for node group." + }, "NodeRole": { "description": "The Amazon Resource Name (ARN) of the IAM role to associate with your node group.", "type": "string" diff --git a/src/schema/aws-eks-podidentityassociation.json b/src/schema/aws-eks-podidentityassociation.json index ca799a83..befa8b3b 100644 --- a/src/schema/aws-eks-podidentityassociation.json +++ b/src/schema/aws-eks-podidentityassociation.json @@ -132,6 +132,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-eks.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "eks:TagResource", + "eks:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-elasticache-globalreplicationgroup.json b/src/schema/aws-elasticache-globalreplicationgroup.json index d20c033e..19c51999 100644 --- a/src/schema/aws-elasticache-globalreplicationgroup.json +++ b/src/schema/aws-elasticache-globalreplicationgroup.json @@ -117,6 +117,10 @@ "description": "Cache parameter group name to use for the new engine version. This parameter cannot be modified independently.", "type": "string" }, + "Engine": { + "description": "The engine of the Global Datastore.", + "type": "string" + }, "EngineVersion": { "description": "The engine version of the Global Datastore.", "type": "string" diff --git a/src/schema/aws-elasticache-parametergroup.json b/src/schema/aws-elasticache-parametergroup.json index f1f8f7a8..1e1f42c2 100644 --- a/src/schema/aws-elasticache-parametergroup.json +++ b/src/schema/aws-elasticache-parametergroup.json @@ -28,7 +28,9 @@ "ElastiCache:CreateCacheParameterGroup", "ElastiCache:DescribeCacheParameterGroups", "ElastiCache:AddTagsToResource", - "ElastiCache:ModifyCacheParameterGroup" + "ElastiCache:ModifyCacheParameterGroup", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" ] }, "delete": { diff --git a/src/schema/aws-elasticache-replicationgroup.json b/src/schema/aws-elasticache-replicationgroup.json index a652ba80..98e97323 100644 --- a/src/schema/aws-elasticache-replicationgroup.json +++ b/src/schema/aws-elasticache-replicationgroup.json @@ -4,6 +4,7 @@ "/properties/KmsKeyId", "/properties/Port", "/properties/SnapshotArns", + "/properties/SnapshotName", "/properties/CacheSubnetGroupName", "/properties/NetworkType", "/properties/DataTieringEnabled", @@ -11,9 +12,7 @@ "/properties/ReplicationGroupId", "/properties/GlobalReplicationGroupId", "/properties/ReplicasPerNodeGroup", - "/properties/PreferredCacheClusterAZs", - "/properties/SnapshotName", - "/properties/Engine" + "/properties/PreferredCacheClusterAZs" ], "definitions": { "CloudWatchLogsDestinationDetails": { diff --git a/src/schema/aws-elasticache-serverlesscache.json b/src/schema/aws-elasticache-serverlesscache.json index 91ca6b16..de8974cc 100644 --- a/src/schema/aws-elasticache-serverlesscache.json +++ b/src/schema/aws-elasticache-serverlesscache.json @@ -2,8 +2,6 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/ServerlessCacheName", - "/properties/Engine", - "/properties/MajorEngineVersion", "/properties/KmsKeyId", "/properties/SnapshotArnsToRestore", "/properties/SubnetIds" @@ -264,6 +262,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-elasticache", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "elasticache:AddTagsToResource", + "elasticache:RemoveTagsFromResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-elasticache-user.json b/src/schema/aws-elasticache-user.json index b3a6596c..2d2d6b0e 100644 --- a/src/schema/aws-elasticache-user.json +++ b/src/schema/aws-elasticache-user.json @@ -2,8 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/UserId", - "/properties/UserName", - "/properties/Engine" + "/properties/UserName" ], "definitions": { "Tag": { @@ -110,9 +109,10 @@ "type": "object" }, "Engine": { - "description": "Must be redis.", + "description": "The target cache engine for the user.", "enum": [ - "redis" + "redis", + "valkey" ], "type": "string" }, diff --git a/src/schema/aws-elasticache-usergroup.json b/src/schema/aws-elasticache-usergroup.json index 44a590a9..94c8fe8f 100644 --- a/src/schema/aws-elasticache-usergroup.json +++ b/src/schema/aws-elasticache-usergroup.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/UserGroupId", - "/properties/Engine" + "/properties/UserGroupId" ], "definitions": { "Tag": { @@ -79,9 +78,10 @@ "type": "string" }, "Engine": { - "description": "Must be redis.", + "description": "The target cache engine for the user group.", "enum": [ - "redis" + "redis", + "valkey" ], "type": "string" }, diff --git a/src/schema/aws-elasticbeanstalk-environment.json b/src/schema/aws-elasticbeanstalk-environment.json index 45088028..bb259c8a 100644 --- a/src/schema/aws-elasticbeanstalk-environment.json +++ b/src/schema/aws-elasticbeanstalk-environment.json @@ -109,11 +109,15 @@ "permissions": [ "elasticbeanstalk:DescribeEnvironments", "elasticbeanstalk:UpdateEnvironment", - "elasticbeanstalk:UpdateTagsForResource", "elasticbeanstalk:AssociateEnvironmentOperationsRole", "elasticbeanstalk:DisassociateEnvironmentOperationsRole", "elasticbeanstalk:AddTags", "elasticbeanstalk:ListTagsForResource", + "elasticbeanstalk:RemoveTags", + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket", + "s3:PutBucketPolicy", "iam:PassRole" ], "timeoutInMinutes": 300 @@ -193,6 +197,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "elasticbeanstalk:AddTags", + "elasticbeanstalk:RemoveTags", + "elasticbeanstalk:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-elasticloadbalancingv2-listener.json b/src/schema/aws-elasticloadbalancingv2-listener.json index 8eda9bfc..aed55460 100644 --- a/src/schema/aws-elasticloadbalancingv2-listener.json +++ b/src/schema/aws-elasticloadbalancingv2-listener.json @@ -123,6 +123,18 @@ }, "AuthenticateOidcConfig": { "additionalProperties": false, + "anyOf": [ + { + "required": [ + "ClientSecret" + ] + }, + { + "required": [ + "UseExistingClientSecret" + ] + } + ], "description": "Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.", "properties": { "AuthenticationRequestExtraParams": { @@ -254,10 +266,29 @@ }, "type": "object" }, + "ListenerAttribute": { + "additionalProperties": false, + "description": "Information about a listener attribute.", + "properties": { + "Key": { + "description": "The name of the attribute.\n The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.\n + ``tcp.idle_timeout.seconds`` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.\n \n The following attributes are only supported by Application Load Balancers.\n + ``routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Serial-Number* HTTP request header.\n + ``routing.http.request.x_amzn_mtls_clientcert_issuer.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Issuer* HTTP request header.\n + ``routing.http.request.x_amzn_mtls_clientcert_subject.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Subject* HTTP request header.\n + ``routing.http.request.x_amzn_mtls_clientcert_validity.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Validity* HTTP request header.\n + ``routing.http.request.x_amzn_mtls_clientcert_leaf.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Leaf* HTTP request header.\n + ``routing.http.request.x_amzn_mtls_clientcert.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert* HTTP request header.\n + ``routing.http.request.x_amzn_tls_version.header_name`` - Enables you to modify the header name of the *X-Amzn-Tls-Version* HTTP request header.\n + ``routing.http.request.x_amzn_tls_cipher_suite.header_name`` - Enables you to modify the header name of the *X-Amzn-Tls-Cipher-Suite* HTTP request header.\n + ``routing.http.response.server.enabled`` - Enables you to allow or remove the HTTP response server header.\n + ``routing.http.response.strict_transport_security.header_value`` - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.\n + ``routing.http.response.access_control_allow_origin.header_value`` - Specifies which origins are allowed to access the server.\n + ``routing.http.response.access_control_allow_methods.header_value`` - Returns which HTTP methods are allowed when accessing the server from a different origin.\n + ``routing.http.response.access_control_allow_headers.header_value`` - Specifies which headers can be used during the request.\n + ``routing.http.response.access_control_allow_credentials.header_value`` - Indicates whether the browser should include credentials such as cookies or authentication when making requests.\n + ``routing.http.response.access_control_expose_headers.header_value`` - Returns which headers the browser can expose to the requesting client.\n + ``routing.http.response.access_control_max_age.header_value`` - Specifies how long the results of a preflight request can be cached, in seconds.\n + ``routing.http.response.content_security_policy.header_value`` - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.\n + ``routing.http.response.x_content_type_options.header_value`` - Indicates whether the MIME types advertised in the *Content-Type* headers should be followed and not be changed.\n + ``routing.http.response.x_frame_options.header_value`` - Indicates whether the browser is allowed to render a page in a *frame*, *iframe*, *embed* or *object*.", + "type": "string" + }, + "Value": { + "description": "The value of the attribute.", + "type": "string" + } + }, + "type": "object" + }, "MutualAuthentication": { "additionalProperties": false, - "description": "Specifies the configuration information for mutual authentication.", + "description": "The mutual authentication configuration information.", "properties": { + "AdvertiseTrustStoreCaNames": { + "description": "Indicates whether trust store CA certificate names are advertised.", + "type": "string" + }, "IgnoreClientCertificateExpiry": { "description": "Indicates whether expired client certificates are ignored.", "type": "boolean" @@ -290,7 +321,7 @@ "type": "string" }, "Protocol": { - "description": "The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.", + "description": "The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.", "type": "string" }, "Query": { @@ -348,7 +379,8 @@ "permissions": [ "elasticloadbalancing:CreateListener", "elasticloadbalancing:DescribeListeners", - "cognito-idp:DescribeUserPoolClient" + "cognito-idp:DescribeUserPoolClient", + "elasticloadbalancing:ModifyListenerAttributes" ] }, "delete": { @@ -390,14 +422,16 @@ }, "read": { "permissions": [ - "elasticloadbalancing:DescribeListeners" + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerAttributes" ] }, "update": { "permissions": [ "elasticloadbalancing:ModifyListener", "elasticloadbalancing:DescribeListeners", - "cognito-idp:DescribeUserPoolClient" + "cognito-idp:DescribeUserPoolClient", + "elasticloadbalancing:ModifyListenerAttributes" ] } }, @@ -432,6 +466,16 @@ "description": "", "type": "string" }, + "ListenerAttributes": { + "arrayType": "AttributeList", + "description": "The listener attributes.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ListenerAttribute" + }, + "type": "array", + "uniqueItems": true + }, "LoadBalancerArn": { "description": "The Amazon Resource Name (ARN) of the load balancer.", "type": "string" @@ -441,11 +485,11 @@ "description": "The mutual authentication configuration information." }, "Port": { - "description": "The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.", + "description": "The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer.", "type": "integer" }, "Protocol": { - "description": "The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can\u2019t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.", + "description": "The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can\u2019t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.", "type": "string" }, "SslPolicy": { diff --git a/src/schema/aws-elasticloadbalancingv2-listenerrule.json b/src/schema/aws-elasticloadbalancingv2-listenerrule.json index 3b58e956..c0c054af 100644 --- a/src/schema/aws-elasticloadbalancingv2-listenerrule.json +++ b/src/schema/aws-elasticloadbalancingv2-listenerrule.json @@ -98,6 +98,18 @@ }, "AuthenticateOidcConfig": { "additionalProperties": false, + "anyOf": [ + { + "required": [ + "ClientSecret" + ] + }, + { + "required": [ + "UseExistingClientSecret" + ] + } + ], "description": "Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.", "properties": { "AuthenticationRequestExtraParams": { @@ -322,7 +334,7 @@ "type": "string" }, "Protocol": { - "description": "The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.", + "description": "The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.", "type": "string" }, "Query": { diff --git a/src/schema/aws-elasticloadbalancingv2-loadbalancer.json b/src/schema/aws-elasticloadbalancingv2-loadbalancer.json index 67fb84be..e2bdf6e8 100644 --- a/src/schema/aws-elasticloadbalancingv2-loadbalancer.json +++ b/src/schema/aws-elasticloadbalancingv2-loadbalancer.json @@ -11,7 +11,7 @@ "description": "Specifies an attribute for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer.", "properties": { "Key": { - "description": "The name of the attribute.\n The following attributes are supported by all load balancers:\n + ``deletion_protection.enabled`` - Indicates whether deletion protection is enabled. The value is ``true`` or ``false``. The default is ``false``.\n + ``load_balancing.cross_zone.enabled`` - Indicates whether cross-zone load balancing is enabled. The possible values are ``true`` and ``false``. The default for Network Load Balancers and Gateway Load Balancers is ``false``. The default for Application Load Balancers is ``true``, and cannot be changed.\n \n The following attributes are supported by both Application Load Balancers and Network Load Balancers:\n + ``access_logs.s3.enabled`` - Indicates whether access logs are enabled. The value is ``true`` or ``false``. The default is ``false``.\n + ``access_logs.s3.bucket`` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n + ``access_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the access logs.\n + ``ipv6.deny_all_igw_traffic`` - Blocks internet gateway (IGW) access to the load balancer. It is set to ``false`` for internet-facing load balancers and ``true`` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n \n The following attributes are supported by only Application Load Balancers:\n + ``idle_timeout.timeout_seconds`` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n + ``client_keep_alive.seconds`` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n + ``connection_logs.s3.enabled`` - Indicates whether connection logs are enabled. The value is ``true`` or ``false``. The default is ``false``.\n + ``connection_logs.s3.bucket`` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n + ``connection_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the connection logs.\n + ``routing.http.desync_mitigation_mode`` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are ``monitor``, ``defensive``, and ``strictest``. The default is ``defensive``.\n + ``routing.http.drop_invalid_header_fields.enabled`` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (``true``) or routed to targets (``false``). The default is ``false``.\n + ``routing.http.preserve_host_header.enabled`` - Indicates whether the Application Load Balancer should preserve the ``Host`` header in the HTTP request and send it to the target without any change. The possible values are ``true`` and ``false``. The default is ``false``.\n + ``routing.http.x_amzn_tls_version_and_cipher_suite.enabled`` - Indicates whether the two headers (``x-amzn-tls-version`` and ``x-amzn-tls-cipher-suite``), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The ``x-amzn-tls-version`` header has information about the TLS protocol version negotiated with the client, and the ``x-amzn-tls-cipher-suite`` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are ``true`` and ``false``. The default is ``false``.\n + ``routing.http.xff_client_port.enabled`` - Indicates whether the ``X-Forwarded-For`` header should preserve the source port that the client used to connect to the load balancer. The possible values are ``true`` and ``false``. The default is ``false``.\n + ``routing.http.xff_header_processing.mode`` - Enables you to modify, preserve, or remove the ``X-Forwarded-For`` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are ``append``, ``preserve``, and ``remove``. The default is ``append``.\n + If the value is ``append``, the Application Load Balancer adds the client IP address (of the last hop) to the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets.\n + If the value is ``preserve`` the Application Load Balancer preserves the ``X-Forwarded-For`` header in the HTTP request, and sends it to targets without any change.\n + If the value is ``remove``, the Application Load Balancer removes the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets.\n \n + ``routing.http2.enabled`` - Indicates whether HTTP/2 is enabled. The possible values are ``true`` and ``false``. The default is ``true``. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n + ``waf.fail_open.enabled`` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are ``true`` and ``false``. The default is ``false``.\n \n The following attributes are supported by only Network Load Balancers:\n + ``dns_record.client_routing_policy`` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are ``availability_zone_affinity`` with 100 percent zonal affinity, ``partial_availability_zone_affinity`` with 85 percent zonal affinity, and ``any_availability_zone`` with 0 percent zonal affinity.", + "description": "The name of the attribute.\n The following attributes are supported by all load balancers:\n + ``deletion_protection.enabled`` - Indicates whether deletion protection is enabled. The value is ``true`` or ``false``. The default is ``false``.\n + ``load_balancing.cross_zone.enabled`` - Indicates whether cross-zone load balancing is enabled. The possible values are ``true`` and ``false``. The default for Network Load Balancers and Gateway Load Balancers is ``false``. The default for Application Load Balancers is ``true``, and can't be changed.\n \n The following attributes are supported by both Application Load Balancers and Network Load Balancers:\n + ``access_logs.s3.enabled`` - Indicates whether access logs are enabled. The value is ``true`` or ``false``. The default is ``false``.\n + ``access_logs.s3.bucket`` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n + ``access_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the access logs.\n + ``ipv6.deny_all_igw_traffic`` - Blocks internet gateway (IGW) access to the load balancer. It is set to ``false`` for internet-facing load balancers and ``true`` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.\n + ``zonal_shift.config.enabled`` - Indicates whether zonal shift is enabled. The possible values are ``true`` and ``false``. The default is ``false``.\n \n The following attributes are supported by only Application Load Balancers:\n + ``idle_timeout.timeout_seconds`` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.\n + ``client_keep_alive.seconds`` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n + ``connection_logs.s3.enabled`` - Indicates whether connection logs are enabled. The value is ``true`` or ``false``. The default is ``false``.\n + ``connection_logs.s3.bucket`` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.\n + ``connection_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the connection logs.\n + ``routing.http.desync_mitigation_mode`` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are ``monitor``, ``defensive``, and ``strictest``. The default is ``defensive``.\n + ``routing.http.drop_invalid_header_fields.enabled`` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (``true``) or routed to targets (``false``). The default is ``false``.\n + ``routing.http.preserve_host_header.enabled`` - Indicates whether the Application Load Balancer should preserve the ``Host`` header in the HTTP request and send it to the target without any change. The possible values are ``true`` and ``false``. The default is ``false``.\n + ``routing.http.x_amzn_tls_version_and_cipher_suite.enabled`` - Indicates whether the two headers (``x-amzn-tls-version`` and ``x-amzn-tls-cipher-suite``), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The ``x-amzn-tls-version`` header has information about the TLS protocol version negotiated with the client, and the ``x-amzn-tls-cipher-suite`` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are ``true`` and ``false``. The default is ``false``.\n + ``routing.http.xff_client_port.enabled`` - Indicates whether the ``X-Forwarded-For`` header should preserve the source port that the client used to connect to the load balancer. The possible values are ``true`` and ``false``. The default is ``false``.\n + ``routing.http.xff_header_processing.mode`` - Enables you to modify, preserve, or remove the ``X-Forwarded-For`` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are ``append``, ``preserve``, and ``remove``. The default is ``append``.\n + If the value is ``append``, the Application Load Balancer adds the client IP address (of the last hop) to the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets.\n + If the value is ``preserve`` the Application Load Balancer preserves the ``X-Forwarded-For`` header in the HTTP request, and sends it to targets without any change.\n + If the value is ``remove``, the Application Load Balancer removes the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets.\n \n + ``routing.http2.enabled`` - Indicates whether HTTP/2 is enabled. The possible values are ``true`` and ``false``. The default is ``true``. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.\n + ``waf.fail_open.enabled`` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are ``true`` and ``false``. The default is ``false``.\n \n The following attributes are supported by only Network Load Balancers:\n + ``dns_record.client_routing_policy`` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are ``availability_zone_affinity`` with 100 percent zonal affinity, ``partial_availability_zone_affinity`` with 85 percent zonal affinity, and ``any_availability_zone`` with 0 percent zonal affinity.", "type": "string" }, "Value": { @@ -21,6 +21,20 @@ }, "type": "object" }, + "MinimumLoadBalancerCapacity": { + "additionalProperties": false, + "description": "The minimum capacity for a load balancer.", + "properties": { + "CapacityUnits": { + "description": "The number of capacity units.", + "type": "integer" + } + }, + "required": [ + "CapacityUnits" + ], + "type": "object" + }, "SubnetMapping": { "additionalProperties": false, "description": "Specifies a subnet for a load balancer.", @@ -37,6 +51,10 @@ "description": "[Network Load Balancers] The private IPv4 address for an internal load balancer.", "type": "string" }, + "SourceNatIpv6Prefix": { + "description": "[Network Load Balancers with UDP listeners] The IPv6 prefix to use for source NAT. Specify an IPv6 prefix (/80 netmask) from the subnet CIDR block or ``auto_assigned`` to use an IPv6 prefix selected at random from the subnet CIDR block.", + "type": "string" + }, "SubnetId": { "description": "The ID of the subnet.", "type": "string" @@ -74,7 +92,8 @@ "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:AddTags" + "elasticloadbalancing:AddTags", + "ec2:DescribeIpamPools" ], "timeoutInMinutes": 30 }, @@ -93,14 +112,17 @@ "permissions": [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeCapacityReservation", "elasticloadbalancing:DescribeTags" ] }, "update": { "permissions": [ "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:ModifyCapacityReservation", "elasticloadbalancing:SetSubnets", "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:ModifyIpPools", "elasticloadbalancing:SetSecurityGroups", "elasticloadbalancing:AddTags", "elasticloadbalancing:RemoveTags" @@ -119,12 +141,20 @@ "description": "", "type": "string" }, + "EnablePrefixForIpv6SourceNat": { + "description": "[Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be ``dualstack``. The default value is ``off``.", + "type": "string" + }, "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic": { - "description": "Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through privatelink.", + "description": "Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through privatelink. The default is ``on``.", "type": "string" }, "IpAddressType": { - "description": "Note: Internal load balancers must use the ``ipv4`` IP address type.\n [Application Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses), ``dualstack`` (for IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (for IPv6 only public addresses, with private IPv4 and IPv6 addresses).\n [Network Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses). You can\u2019t specify ``dualstack`` for a load balancer with a UDP or TCP_UDP listener.\n [Gateway Load Balancers] The IP address type. The possible values are ``ipv4`` (for only IPv4 addresses) and ``dualstack`` (for IPv4 and IPv6 addresses).", + "description": "The IP address type. Internal load balancers must use ``ipv4``.\n [Application Load Balancers] The possible values are ``ipv4`` (IPv4 addresses), ``dualstack`` (IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (public IPv6 addresses and private IPv4 and IPv6 addresses).\n Application Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors.\n [Network Load Balancers and Gateway Load Balancers] The possible values are ``ipv4`` (IPv4 addresses) and ``dualstack`` (IPv4 and IPv6 addresses).", + "type": "string" + }, + "Ipv4IpamPoolId": { + "description": "", "type": "string" }, "LoadBalancerArn": { @@ -149,12 +179,17 @@ "description": "", "type": "string" }, + "MinimumLoadBalancerCapacity": { + "$ref": "#/definitions/MinimumLoadBalancerCapacity", + "description": "The minimum capacity for a load balancer.", + "type": "object" + }, "Name": { "description": "The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with \"internal-\".\n If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.", "type": "string" }, "Scheme": { - "description": "The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet.\n The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.\n The default is an Internet-facing load balancer.\n You cannot specify a scheme for a Gateway Load Balancer.", + "description": "The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet.\n The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.\n The default is an Internet-facing load balancer.\n You can't specify a scheme for a Gateway Load Balancer.", "type": "string" }, "SecurityGroups": { @@ -167,7 +202,7 @@ "uniqueItems": true }, "SubnetMappings": { - "description": "The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both.\n [Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets.\n [Application Load Balancers on Outposts] You must specify one Outpost subnet.\n [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.\n [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet.\n [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You cannot specify Elastic IP addresses for your subnets.", + "description": "The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both.\n [Application Load Balancers] You must specify subnets from at least two Availability Zones. You can't specify Elastic IP addresses for your subnets.\n [Application Load Balancers on Outposts] You must specify one Outpost subnet.\n [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.\n [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet.\n [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You can't specify Elastic IP addresses for your subnets.", "insertionOrder": false, "items": { "$ref": "#/definitions/SubnetMapping" @@ -176,7 +211,7 @@ "uniqueItems": true }, "Subnets": { - "description": "The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. To specify an Elastic IP address, specify subnet mappings instead of subnets.\n [Application Load Balancers] You must specify subnets from at least two Availability Zones.\n [Application Load Balancers on Outposts] You must specify one Outpost subnet.\n [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.\n [Network Load Balancers] You can specify subnets from one or more Availability Zones.\n [Gateway Load Balancers] You can specify subnets from one or more Availability Zones.", + "description": "The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. To specify an Elastic IP address, specify subnet mappings instead of subnets.\n [Application Load Balancers] You must specify subnets from at least two Availability Zones.\n [Application Load Balancers on Outposts] You must specify one Outpost subnet.\n [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.\n [Network Load Balancers and Gateway Load Balancers] You can specify subnets from one or more Availability Zones.", "insertionOrder": false, "items": { "type": "string" @@ -208,6 +243,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-elasticloadbalancingv2", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:RemoveTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-elasticloadbalancingv2-targetgroup.json b/src/schema/aws-elasticloadbalancingv2-targetgroup.json index 26184fe6..3c8d80ed 100644 --- a/src/schema/aws-elasticloadbalancingv2-targetgroup.json +++ b/src/schema/aws-elasticloadbalancingv2-targetgroup.json @@ -248,6 +248,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:RemoveTags" + ], "tagOnCreate": false, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-elasticloadbalancingv2-truststore.json b/src/schema/aws-elasticloadbalancingv2-truststore.json index c047f1fd..b9f5d0b6 100644 --- a/src/schema/aws-elasticloadbalancingv2-truststore.json +++ b/src/schema/aws-elasticloadbalancingv2-truststore.json @@ -132,6 +132,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-elasticloadbalancingv2", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:RemoveTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-emr-cluster.json b/src/schema/aws-emr-cluster.json index 46037f37..0a04b0e9 100644 --- a/src/schema/aws-emr-cluster.json +++ b/src/schema/aws-emr-cluster.json @@ -265,6 +265,9 @@ "Name": { "type": "string" }, + "ResizeSpecifications": { + "$ref": "#/definitions/InstanceFleetResizingSpecifications" + }, "TargetOnDemandCapacity": { "type": "integer" }, @@ -286,6 +289,18 @@ }, "type": "object" }, + "InstanceFleetResizingSpecifications": { + "additionalProperties": false, + "properties": { + "OnDemandResizeSpecification": { + "$ref": "#/definitions/OnDemandResizingSpecification" + }, + "SpotResizeSpecification": { + "$ref": "#/definitions/SpotResizingSpecification" + } + }, + "type": "object" + }, "InstanceGroupConfig": { "additionalProperties": false, "properties": { @@ -352,6 +367,9 @@ "InstanceType": { "type": "string" }, + "Priority": { + "type": "number" + }, "WeightedCapacity": { "type": "integer" } @@ -506,11 +524,29 @@ ], "type": "object" }, + "OnDemandCapacityReservationOptions": { + "additionalProperties": false, + "properties": { + "CapacityReservationPreference": { + "type": "string" + }, + "CapacityReservationResourceGroupArn": { + "type": "string" + }, + "UsageStrategy": { + "type": "string" + } + }, + "type": "object" + }, "OnDemandProvisioningSpecification": { "additionalProperties": false, "properties": { "AllocationStrategy": { "type": "string" + }, + "CapacityReservationOptions": { + "$ref": "#/definitions/OnDemandCapacityReservationOptions" } }, "required": [ @@ -518,6 +554,21 @@ ], "type": "object" }, + "OnDemandResizingSpecification": { + "additionalProperties": false, + "properties": { + "AllocationStrategy": { + "type": "string" + }, + "CapacityReservationOptions": { + "$ref": "#/definitions/OnDemandCapacityReservationOptions" + }, + "TimeoutDurationMinutes": { + "type": "integer" + } + }, + "type": "object" + }, "PlacementGroupConfig": { "additionalProperties": false, "properties": { @@ -670,6 +721,18 @@ ], "type": "object" }, + "SpotResizingSpecification": { + "additionalProperties": false, + "properties": { + "AllocationStrategy": { + "type": "string" + }, + "TimeoutDurationMinutes": { + "type": "integer" + } + }, + "type": "object" + }, "StepConfig": { "additionalProperties": false, "properties": { diff --git a/src/schema/aws-emr-instancefleetconfig.json b/src/schema/aws-emr-instancefleetconfig.json index 66a2b100..ae9b74e0 100644 --- a/src/schema/aws-emr-instancefleetconfig.json +++ b/src/schema/aws-emr-instancefleetconfig.json @@ -2,7 +2,6 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Name", - "/properties/InstanceTypeConfigs", "/properties/LaunchSpecifications", "/properties/ClusterId", "/properties/InstanceFleetType" @@ -75,6 +74,18 @@ }, "type": "object" }, + "InstanceFleetResizingSpecifications": { + "additionalProperties": false, + "properties": { + "OnDemandResizeSpecification": { + "$ref": "#/definitions/OnDemandResizingSpecification" + }, + "SpotResizeSpecification": { + "$ref": "#/definitions/SpotResizingSpecification" + } + }, + "type": "object" + }, "InstanceTypeConfig": { "additionalProperties": false, "properties": { @@ -100,6 +111,9 @@ "InstanceType": { "type": "string" }, + "Priority": { + "type": "number" + }, "WeightedCapacity": { "type": "integer" } @@ -109,11 +123,29 @@ ], "type": "object" }, + "OnDemandCapacityReservationOptions": { + "additionalProperties": false, + "properties": { + "CapacityReservationPreference": { + "type": "string" + }, + "CapacityReservationResourceGroupArn": { + "type": "string" + }, + "UsageStrategy": { + "type": "string" + } + }, + "type": "object" + }, "OnDemandProvisioningSpecification": { "additionalProperties": false, "properties": { "AllocationStrategy": { "type": "string" + }, + "CapacityReservationOptions": { + "$ref": "#/definitions/OnDemandCapacityReservationOptions" } }, "required": [ @@ -121,6 +153,21 @@ ], "type": "object" }, + "OnDemandResizingSpecification": { + "additionalProperties": false, + "properties": { + "AllocationStrategy": { + "type": "string" + }, + "CapacityReservationOptions": { + "$ref": "#/definitions/OnDemandCapacityReservationOptions" + }, + "TimeoutDurationMinutes": { + "type": "integer" + } + }, + "type": "object" + }, "SpotProvisioningSpecification": { "additionalProperties": false, "properties": { @@ -143,6 +190,18 @@ ], "type": "object" }, + "SpotResizingSpecification": { + "additionalProperties": false, + "properties": { + "AllocationStrategy": { + "type": "string" + }, + "TimeoutDurationMinutes": { + "type": "integer" + } + }, + "type": "object" + }, "VolumeSpecification": { "additionalProperties": false, "properties": { @@ -193,6 +252,9 @@ "Name": { "type": "string" }, + "ResizeSpecifications": { + "$ref": "#/definitions/InstanceFleetResizingSpecifications" + }, "TargetOnDemandCapacity": { "type": "integer" }, diff --git a/src/schema/aws-emr-step.json b/src/schema/aws-emr-step.json index 6d316e70..b5298080 100644 --- a/src/schema/aws-emr-step.json +++ b/src/schema/aws-emr-step.json @@ -58,6 +58,9 @@ }, "delete": { "permissions": [] + }, + "read": { + "permissions": [] } }, "primaryIdentifier": [ diff --git a/src/schema/aws-emr-studio.json b/src/schema/aws-emr-studio.json index 2a0f8b3d..5cdffa1b 100644 --- a/src/schema/aws-emr-studio.json +++ b/src/schema/aws-emr-studio.json @@ -14,7 +14,7 @@ ], "definitions": { "Arn": { - "pattern": "^arn:aws(-(cn|us-gov))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$", + "pattern": "^arn:aws(-(cn|us-gov|iso-f|iso-e))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$", "type": "string" }, "SubnetId": { @@ -232,5 +232,16 @@ "WorkspaceSecurityGroupId", "DefaultS3Location" ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "elasticmapreduce:AddTags", + "elasticmapreduce:RemoveTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EMR::Studio" } diff --git a/src/schema/aws-emr-studiosessionmapping.json b/src/schema/aws-emr-studiosessionmapping.json index c9a52abd..01e1c421 100644 --- a/src/schema/aws-emr-studiosessionmapping.json +++ b/src/schema/aws-emr-studiosessionmapping.json @@ -7,7 +7,7 @@ ], "definitions": { "IamPolicyArn": { - "pattern": "^arn:aws(-(cn|us-gov))?:iam::([0-9]{12})?:policy\\/[^.]+$", + "pattern": "^arn:aws(-(cn|us-gov|iso-f|iso-e))?:iam::([0-9]{12})?:policy\\/[^.]+$", "type": "string" } }, @@ -25,7 +25,24 @@ "sso:ListDirectoryAssociations", "sso:GetProfile", "sso:ListProfiles", - "sso:AssociateProfile" + "sso:AssociateProfile", + "sso:CreateApplication", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant", + "sso:PutApplicationAccessScope", + "sso:PutApplicationAssignmentConfiguration", + "sso:DescribeApplication", + "sso:DeleteApplication", + "sso:DeleteApplicationAuthenticationMethod", + "sso:DeleteApplicationAccessScope", + "sso:DeleteApplicationGrant", + "sso:ListInstances", + "sso-directory:CreateUser", + "sso-directory:CreateGroup", + "sso:CreateApplicationAssignment", + "sso:DescribeInstance", + "sso:DeleteApplicationAssignment", + "sso:ListApplicationAssignments" ] }, "delete": { @@ -110,5 +127,11 @@ "SessionPolicyArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::EMR::StudioSessionMapping" } diff --git a/src/schema/aws-emr-walworkspace.json b/src/schema/aws-emr-walworkspace.json index c7875f3c..982f2f06 100644 --- a/src/schema/aws-emr-walworkspace.json +++ b/src/schema/aws-emr-walworkspace.json @@ -84,6 +84,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-emrwal", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "emrwal:TagResource", + "emrwal:UntagResource", + "emrwal:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-emrcontainers-virtualcluster.json b/src/schema/aws-emrcontainers-virtualcluster.json index 279398f6..5a4c6b97 100644 --- a/src/schema/aws-emrcontainers-virtualcluster.json +++ b/src/schema/aws-emrcontainers-virtualcluster.json @@ -88,7 +88,8 @@ }, "delete": { "permissions": [ - "emr-containers:DeleteVirtualCluster" + "emr-containers:DeleteVirtualCluster", + "emr-containers:DescribeVirtualCluster" ] }, "list": { @@ -134,6 +135,13 @@ "pattern": "[\\.\\-_/#A-Za-z0-9]+", "type": "string" }, + "SecurityConfigurationId": { + "description": "The ID of the security configuration.", + "maxLength": 64, + "minLength": 1, + "pattern": "[0-9a-z]+", + "type": "string" + }, "Tags": { "description": "An array of key-value pairs to apply to this virtual cluster.", "insertionOrder": false, @@ -153,5 +161,16 @@ "ContainerProvider" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "emr-containers:TagResource", + "emr-containers:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::EMRContainers::VirtualCluster" } diff --git a/src/schema/aws-emrserverless-application.json b/src/schema/aws-emrserverless-application.json index b0193a4e..17798338 100644 --- a/src/schema/aws-emrserverless-application.json +++ b/src/schema/aws-emrserverless-application.json @@ -11,7 +11,9 @@ "/properties/NetworkConfiguration", "/properties/ImageConfiguration", "/properties/MonitoringConfiguration", - "/properties/RuntimeConfiguration" + "/properties/RuntimeConfiguration", + "/properties/InteractiveConfiguration", + "/properties/SchedulerConfiguration" ], "createOnlyProperties": [ "/properties/Name", @@ -220,6 +222,22 @@ "type": "array", "uniqueItems": true }, + "InteractiveConfiguration": { + "additionalProperties": false, + "properties": { + "LivyEndpointEnabled": { + "default": false, + "description": "Enables an Apache Livy endpoint that you can connect to and run interactive jobs", + "type": "boolean" + }, + "StudioEnabled": { + "default": false, + "description": "Enabled you to connect an Application to Amazon EMR Studio to run interactive workloads in a notebook", + "type": "boolean" + } + }, + "type": "object" + }, "LogGroupName": { "maxLength": 512, "minLength": 1, @@ -320,6 +338,10 @@ "$ref": "#/definitions/ManagedPersistenceMonitoringConfiguration", "description": "Managed log persistence configurations for a JobRun." }, + "PrometheusMonitoringConfiguration": { + "$ref": "#/definitions/PrometheusMonitoringConfiguration", + "description": "Prometheus monitoring configurations for a JobRun." + }, "S3MonitoringConfiguration": { "$ref": "#/definitions/S3MonitoringConfiguration", "description": "S3 monitoring configurations for a JobRun." @@ -356,6 +378,21 @@ "required": [], "type": "object" }, + "PrometheusMonitoringConfiguration": { + "additionalProperties": false, + "properties": { + "RemoteWriteUrl": { + "$ref": "#/definitions/RemoteWriteUrl", + "description": "The remote write URL in the Amazon Managed Service for Prometheus workspace to send metrics to." + } + } + }, + "RemoteWriteUrl": { + "maxLength": 10280, + "minLength": 1, + "pattern": "^https://aps-workspaces.([a-z]{2}-[a-z-]{1,20}-[1-9]).amazonaws(.[0-9A-Za-z]{2,4})+/workspaces/[-_.0-9A-Za-z]{1,100}/api/v1/remote_write$", + "type": "string" + }, "S3MonitoringConfiguration": { "additionalProperties": false, "properties": { @@ -368,6 +405,21 @@ } } }, + "SchedulerConfiguration": { + "additionalProperties": false, + "description": "The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above.", + "properties": { + "MaxConcurrentRuns": { + "description": "The maximum concurrent job runs on this application. If scheduler configuration is enabled on your application, the default value is 15. The valid range is 1 to 1000.", + "type": "integer" + }, + "QueueTimeoutMinutes": { + "description": "The maximum duration in minutes for the job in QUEUED state. If scheduler configuration is enabled on your application, the default value is 360 minutes (6 hours). The valid range is from 15 to 720.", + "type": "integer" + } + }, + "type": "object" + }, "SecurityGroupId": { "description": "Identifier of a security group", "maxLength": 32, @@ -601,6 +653,9 @@ "$ref": "#/definitions/InitialCapacityConfigMap", "description": "Initial capacity initialized when an Application is started." }, + "InteractiveConfiguration": { + "$ref": "#/definitions/InteractiveConfiguration" + }, "MaximumCapacity": { "$ref": "#/definitions/MaximumAllowedResources", "description": "Maximum allowed cumulative resources for an Application. No new resources will be created once the limit is hit." @@ -629,6 +684,10 @@ "RuntimeConfiguration": { "$ref": "#/definitions/ConfigurationList" }, + "SchedulerConfiguration": { + "$ref": "#/definitions/SchedulerConfiguration", + "description": "The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above." + }, "Tags": { "description": "Tag map with key and value", "insertionOrder": false, @@ -658,6 +717,12 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "emr-serverless:TagResource", + "emr-serverless:UntagResource", + "kms:TagResource", + "kms:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-entityresolution-idmappingworkflow.json b/src/schema/aws-entityresolution-idmappingworkflow.json index 2a7b360f..96115017 100644 --- a/src/schema/aws-entityresolution-idmappingworkflow.json +++ b/src/schema/aws-entityresolution-idmappingworkflow.json @@ -347,6 +347,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-entity-resolution.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "entityresolution:TagResource", + "entityresolution:UntagResource", + "entityresolution:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-entityresolution-idnamespace.json b/src/schema/aws-entityresolution-idnamespace.json index 7c371123..58a0e0a8 100644 --- a/src/schema/aws-entityresolution-idnamespace.json +++ b/src/schema/aws-entityresolution-idnamespace.json @@ -297,6 +297,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-entity-resolution.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "entityresolution:TagResource", + "entityresolution:UntagResource", + "entityresolution:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-entityresolution-matchingworkflow.json b/src/schema/aws-entityresolution-matchingworkflow.json index 40d8c6e0..23436cd5 100644 --- a/src/schema/aws-entityresolution-matchingworkflow.json +++ b/src/schema/aws-entityresolution-matchingworkflow.json @@ -25,6 +25,21 @@ "pattern": "^[a-zA-Z_0-9-]*$", "type": "string" }, + "IncrementalRunConfig": { + "additionalProperties": false, + "properties": { + "IncrementalRunType": { + "enum": [ + "IMMEDIATE" + ], + "type": "string" + } + }, + "required": [ + "IncrementalRunType" + ], + "type": "object" + }, "InputSource": { "additionalProperties": false, "properties": { @@ -263,14 +278,23 @@ "entityresolution:TagResource", "kms:CreateGrant", "kms:DescribeKey", - "iam:PassRole" + "iam:PassRole", + "events:PutRule", + "events:DeleteRule", + "events:PutTargets", + "events:ListTargetsByRule" ] }, "delete": { "permissions": [ "entityresolution:DeleteMatchingWorkflow", "entityresolution:GetMatchingWorkflow", - "entityresolution:UntagResource" + "entityresolution:UntagResource", + "events:PutRule", + "events:DeleteRule", + "events:PutTargets", + "events:RemoveTargets", + "events:ListTargetsByRule" ] }, "list": { @@ -293,7 +317,12 @@ "entityresolution:UntagResource", "iam:PassRole", "kms:CreateGrant", - "kms:DescribeKey" + "kms:DescribeKey", + "events:PutRule", + "events:DeleteRule", + "events:PutTargets", + "events:RemoveTargets", + "events:ListTargetsByRule" ] } }, @@ -308,6 +337,9 @@ "$ref": "#/definitions/Description", "description": "The description of the MatchingWorkflow" }, + "IncrementalRunConfig": { + "$ref": "#/definitions/IncrementalRunConfig" + }, "InputSourceConfig": { "insertionOrder": false, "items": { @@ -369,6 +401,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-entity-resolution.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "entityresolution:TagResource", + "entityresolution:UntagResource", + "entityresolution:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-entityresolution-schemamapping.json b/src/schema/aws-entityresolution-schemamapping.json index df76c128..0f89ef26 100644 --- a/src/schema/aws-entityresolution-schemamapping.json +++ b/src/schema/aws-entityresolution-schemamapping.json @@ -37,7 +37,7 @@ "items": { "$ref": "#/definitions/SchemaInputAttribute" }, - "maxItems": 25, + "maxItems": 35, "minItems": 2, "type": "array" }, @@ -216,6 +216,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-entity-resolution.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "entityresolution:TagResource", + "entityresolution:UntagResource", + "entityresolution:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-events-apidestination.json b/src/schema/aws-events-apidestination.json index 36e3c5a1..ca9925b1 100644 --- a/src/schema/aws-events-apidestination.json +++ b/src/schema/aws-events-apidestination.json @@ -40,10 +40,17 @@ "properties": { "Arn": { "description": "The arn of the api destination.", + "pattern": "^arn:aws([a-z]|\\-)*:events:([a-z]|\\d|\\-)*:([0-9]{12})?:api-destination/[\\.\\-_A-Za-z0-9]+/[\\-A-Za-z0-9]+$", + "type": "string" + }, + "ArnForPolicy": { + "description": "The arn of the api destination to be used in IAM policies.", + "pattern": "^arn:aws([a-z]|\\-)*:events:([a-z]|\\d|\\-)*:([0-9]{12})?:api-destination/[\\.\\-_A-Za-z0-9]+$", "type": "string" }, "ConnectionArn": { "description": "The arn of the connection.", + "pattern": "^arn:aws([a-z]|\\-)*:events:([a-z]|\\d|\\-)*:([0-9]{12})?:connection/[\\.\\-_A-Za-z0-9]+/[\\-A-Za-z0-9]+$", "type": "string" }, "Description": { @@ -64,6 +71,7 @@ }, "InvocationEndpoint": { "description": "Url endpoint to invoke.", + "pattern": "^((%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@\\x26=+$,A-Za-z0-9])+)([).!';/?:,])?$", "type": "string" }, "InvocationRateLimitPerSecond": { @@ -74,11 +82,13 @@ "description": "Name of the apiDestination.", "maxLength": 64, "minLength": 1, + "pattern": "[\\.\\-_A-Za-z0-9]+", "type": "string" } }, "readOnlyProperties": [ - "/properties/Arn" + "/properties/Arn", + "/properties/ArnForPolicy" ], "required": [ "ConnectionArn", @@ -86,6 +96,9 @@ "HttpMethod" ], "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, "taggable": false }, "typeName": "AWS::Events::ApiDestination" diff --git a/src/schema/aws-events-archive.json b/src/schema/aws-events-archive.json index 317e461f..76b65b66 100644 --- a/src/schema/aws-events-archive.json +++ b/src/schema/aws-events-archive.json @@ -9,7 +9,10 @@ "create": { "permissions": [ "events:DescribeArchive", - "events:CreateArchive" + "events:CreateArchive", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" ] }, "delete": { @@ -25,13 +28,19 @@ }, "read": { "permissions": [ - "events:DescribeArchive" + "events:DescribeArchive", + "kms:Decrypt" ] }, "update": { "permissions": [ "events:DescribeArchive", - "events:UpdateArchive" + "events:UpdateArchive", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" ] } }, @@ -42,9 +51,11 @@ "ArchiveName": { "maxLength": 48, "minLength": 1, + "pattern": "[\\.\\-_A-Za-z0-9]+", "type": "string" }, "Arn": { + "pattern": "^arn:aws([a-z]|\\-)*:events:([a-z]|\\d|\\-)*:([0-9]{12})?:.+\\/.+$", "type": "string" }, "Description": { @@ -53,6 +64,11 @@ "EventPattern": { "type": "object" }, + "KmsKeyIdentifier": { + "maxLength": 2048, + "minLength": 0, + "type": "string" + }, "RetentionDays": { "type": "integer" }, @@ -66,5 +82,11 @@ "required": [ "SourceArn" ], + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::Events::Archive" } diff --git a/src/schema/aws-events-connection.json b/src/schema/aws-events-connection.json index 1a8f61bd..901b188f 100644 --- a/src/schema/aws-events-connection.json +++ b/src/schema/aws-events-connection.json @@ -8,9 +8,11 @@ "additionalProperties": false, "properties": { "ApiKeyName": { + "pattern": "^[ \\t]*[^\\x00-\\x1F\\x7F]+([ \\t]+[^\\x00-\\x1F\\x7F]+)*[ \\t]*$", "type": "string" }, "ApiKeyValue": { + "pattern": "^[ \\t]*[^\\x00-\\x1F\\x7F]+([ \\t]+[^\\x00-\\x1F\\x7F]+)*[ \\t]*$", "type": "string" } }, @@ -48,6 +50,9 @@ "BasicAuthParameters": { "$ref": "#/definitions/BasicAuthParameters" }, + "ConnectivityParameters": { + "$ref": "#/definitions/ConnectivityParameters" + }, "InvocationHttpParameters": { "$ref": "#/definitions/ConnectionHttpParameters" }, @@ -61,9 +66,11 @@ "additionalProperties": false, "properties": { "Password": { + "pattern": "^[ \\t]*[^\\x00-\\x1F\\x7F]+([ \\t]+[^\\x00-\\x1F\\x7F]+)*[ \\t]*$", "type": "string" }, "Username": { + "pattern": "^[ \\t]*[^\\x00-\\x1F\\x7F]+([ \\t]+[^\\x00-\\x1F\\x7F]+)*[ \\t]*$", "type": "string" } }, @@ -77,9 +84,11 @@ "additionalProperties": false, "properties": { "ClientID": { + "pattern": "^[ \\t]*[^\\x00-\\x1F\\x7F]+([ \\t]+[^\\x00-\\x1F\\x7F]+)*[ \\t]*$", "type": "string" }, "ClientSecret": { + "pattern": "^[ \\t]*[^\\x00-\\x1F\\x7F]+([ \\t]+[^\\x00-\\x1F\\x7F]+)*[ \\t]*$", "type": "string" } }, @@ -113,12 +122,25 @@ }, "type": "object" }, + "ConnectivityParameters": { + "additionalProperties": false, + "properties": { + "ResourceParameters": { + "$ref": "#/definitions/ResourceParameters" + } + }, + "required": [ + "ResourceParameters" + ], + "type": "object" + }, "OAuthParameters": { "additionalProperties": false, "properties": { "AuthorizationEndpoint": { "maxLength": 2048, "minLength": 1, + "pattern": "^((%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@\\x26=+$,A-Za-z0-9])+)([).!';/?:,])?$", "type": "string" }, "ClientParameters": { @@ -162,6 +184,26 @@ "Value" ], "type": "object" + }, + "ResourceParameters": { + "additionalProperties": false, + "properties": { + "ResourceAssociationArn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-z]{17}$", + "type": "string" + }, + "ResourceConfigurationArn": { + "maxLength": 2048, + "pattern": "^arn:[a-z0-9f\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$", + "type": "string" + } + }, + "required": [ + "ResourceConfigurationArn" + ], + "type": "object" } }, "description": "Resource Type definition for AWS::Events::Connection.", @@ -173,7 +215,9 @@ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "kms:DescribeKey", + "kms:GenerateDataKey" ] }, "delete": { @@ -189,7 +233,8 @@ }, "read": { "permissions": [ - "events:DescribeConnection" + "events:DescribeConnection", + "kms:Decrypt" ] }, "update": { @@ -199,7 +244,11 @@ "secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:GetSecretValue", - "secretsmanager:PutSecretValue" + "secretsmanager:PutSecretValue", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey" ] } }, @@ -209,6 +258,12 @@ "properties": { "Arn": { "description": "The arn of the connection resource.", + "pattern": "^arn:aws([a-z]|\\-)*:events:([a-z]|\\d|\\-)*:([0-9]{12})?:connection\\/[\\.\\-_A-Za-z0-9]+\\/[\\-A-Za-z0-9]+$", + "type": "string" + }, + "ArnForPolicy": { + "description": "The arn of the connection resource to be used in IAM policies.", + "pattern": "^arn:aws([a-z]|\\-)*:events:([a-z]|\\d|\\-)*:([0-9]{12})?:connection\\/[\\.\\-_A-Za-z0-9]+$", "type": "string" }, "AuthParameters": { @@ -227,26 +282,58 @@ "maxLength": 512, "type": "string" }, + "InvocationConnectivityParameters": { + "additionalProperties": false, + "description": "The private resource the HTTP request will be sent to.", + "properties": { + "ResourceParameters": { + "$ref": "#/definitions/ResourceParameters" + } + }, + "required": [ + "ResourceParameters" + ], + "type": "object" + }, + "KmsKeyIdentifier": { + "maxLength": 2048, + "pattern": "^[a-zA-Z0-9_\\-/:]*$", + "type": "string" + }, "Name": { "description": "Name of the connection.", "maxLength": 64, "minLength": 1, + "pattern": "[\\.\\-_A-Za-z0-9]+", "type": "string" }, "SecretArn": { "description": "The arn of the secrets manager secret created in the customer account.", + "pattern": "^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]|\\d|\\-)*:([0-9]{12})?:secret:([a-z]|\\d|\\-)*(!)*[\\/_+=\\.@\\-A-Za-z0-9]+$", "type": "string" } }, "readOnlyProperties": [ "/properties/Arn", - "/properties/SecretArn" + "/properties/ArnForPolicy", + "/properties/SecretArn", + "/properties/AuthParameters/ConnectivityParameters/ResourceParameters/ResourceAssociationArn", + "/properties/InvocationConnectivityParameters/ResourceParameters/ResourceAssociationArn" ], "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, "taggable": false }, "typeName": "AWS::Events::Connection", "writeOnlyProperties": [ - "/properties/AuthParameters" + "/properties/AuthParameters/BasicAuthParameters/Password", + "/properties/AuthParameters/ApiKeyAuthParameters/ApiKeyValue", + "/properties/AuthParameters/OAuthParameters/ClientParameters/ClientSecret", + "/properties/AuthParameters/OAuthParameters/OAuthHttpParameters/HeaderParameters", + "/properties/AuthParameters/OAuthParameters/OAuthHttpParameters/QueryStringParameters", + "/properties/AuthParameters/OAuthParameters/OAuthHttpParameters/BodyParameters", + "/properties/AuthParameters/InvocationHttpParameters" ] } diff --git a/src/schema/aws-events-eventbus.json b/src/schema/aws-events-eventbus.json index eb7a3d00..cc4d9dd5 100644 --- a/src/schema/aws-events-eventbus.json +++ b/src/schema/aws-events-eventbus.json @@ -129,6 +129,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-events", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "events:UntagResource", + "events:TagResource", + "events:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-eventschemas-discoverer.json b/src/schema/aws-eventschemas-discoverer.json index a788d9d7..5ac8f46c 100644 --- a/src/schema/aws-eventschemas-discoverer.json +++ b/src/schema/aws-eventschemas-discoverer.json @@ -114,6 +114,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "schemas:TagResource", + "schemas:UntagResource", + "schemas:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-eventschemas-registry.json b/src/schema/aws-eventschemas-registry.json index 5b340f27..2fc5dafe 100644 --- a/src/schema/aws-eventschemas-registry.json +++ b/src/schema/aws-eventschemas-registry.json @@ -86,6 +86,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "schemas:TagResource", + "schemas:UntagResource", + "schemas:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-eventschemas-schema.json b/src/schema/aws-eventschemas-schema.json index dbe0930b..7530e2e3 100644 --- a/src/schema/aws-eventschemas-schema.json +++ b/src/schema/aws-eventschemas-schema.json @@ -132,6 +132,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-eventschemas", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "schemas:TagResource", + "schemas:UntagResource", + "schemas:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-fis-experimenttemplate.json b/src/schema/aws-fis-experimenttemplate.json index 6d9e9457..3e756178 100644 --- a/src/schema/aws-fis-experimenttemplate.json +++ b/src/schema/aws-fis-experimenttemplate.json @@ -10,6 +10,20 @@ "maxLength": 64, "type": "string" }, + "CloudWatchDashboard": { + "additionalProperties": false, + "properties": { + "DashboardIdentifier": { + "maxLength": 512, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "DashboardIdentifier" + ], + "type": "object" + }, "ExperimentTemplateAction": { "additionalProperties": false, "description": "Specifies an action for the experiment template.", @@ -110,6 +124,61 @@ }, "type": "object" }, + "ExperimentTemplateExperimentReportConfiguration": { + "additionalProperties": false, + "properties": { + "DataSources": { + "additionalProperties": false, + "properties": { + "CloudWatchDashboards": { + "items": { + "$ref": "#/definitions/CloudWatchDashboard" + }, + "type": "array" + } + }, + "type": "object" + }, + "Outputs": { + "additionalProperties": false, + "properties": { + "ExperimentReportS3Configuration": { + "additionalProperties": false, + "properties": { + "BucketName": { + "maxLength": 63, + "minLength": 3, + "type": "string" + }, + "Prefix": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "BucketName" + ], + "type": "object" + } + }, + "required": [ + "ExperimentReportS3Configuration" + ], + "type": "object" + }, + "PostExperimentDuration": { + "type": "string" + }, + "PreExperimentDuration": { + "type": "string" + } + }, + "required": [ + "Outputs" + ], + "type": "object" + }, "ExperimentTemplateId": { "type": "string" }, @@ -143,7 +212,7 @@ "type": "string" }, "Prefix": { - "maxLength": 1024, + "maxLength": 700, "minLength": 1, "type": "string" } @@ -358,6 +427,9 @@ "ExperimentOptions": { "$ref": "#/definitions/ExperimentTemplateExperimentOptions" }, + "ExperimentReportConfiguration": { + "$ref": "#/definitions/ExperimentTemplateExperimentReportConfiguration" + }, "Id": { "$ref": "#/definitions/ExperimentTemplateId" }, @@ -403,6 +475,7 @@ "fis:ListTagsForResource" ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-fms-policy.json b/src/schema/aws-fms-policy.json index ad9e6dcf..c0a2c12f 100644 --- a/src/schema/aws-fms-policy.json +++ b/src/schema/aws-fms-policy.json @@ -129,7 +129,7 @@ }, "Protocol": { "description": "Protocol.", - "pattern": "^(tcp|udp|icmp|([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))$", + "pattern": "^(tcp|udp|icmp|-1|([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))$", "type": "string" }, "RuleAction": { @@ -453,6 +453,13 @@ "type": "array", "uniqueItems": true }, + "ResourceTagLogicalOperator": { + "enum": [ + "AND", + "OR" + ], + "type": "string" + }, "ResourceTags": { "insertionOrder": true, "items": { @@ -496,6 +503,17 @@ "SecurityServicePolicyData" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-fms.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "fms:TagResource", + "fms:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::FMS::Policy", "writeOnlyProperties": [ "/properties/DeleteAllPolicyResources" diff --git a/src/schema/aws-fms-resourceset.json b/src/schema/aws-fms-resourceset.json index 06132bc1..56fe2d32 100644 --- a/src/schema/aws-fms-resourceset.json +++ b/src/schema/aws-fms-resourceset.json @@ -138,6 +138,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-fms.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "fms:TagResource", + "fms:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-fsx-datarepositoryassociation.json b/src/schema/aws-fsx-datarepositoryassociation.json index d2711573..c0a010dc 100644 --- a/src/schema/aws-fsx-datarepositoryassociation.json +++ b/src/schema/aws-fsx-datarepositoryassociation.json @@ -203,6 +203,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-fsx.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "fsx:TagResource", + "fsx:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-fsx-filesystem.json b/src/schema/aws-fsx-filesystem.json index a0a47333..6f640929 100644 --- a/src/schema/aws-fsx-filesystem.json +++ b/src/schema/aws-fsx-filesystem.json @@ -3,7 +3,6 @@ "createOnlyProperties": [ "/properties/KmsKeyId", "/properties/SecurityGroupIds", - "/properties/FileSystemTypeVersion", "/properties/FileSystemType", "/properties/SubnetIds", "/properties/BackupId" @@ -80,6 +79,9 @@ "DriveCacheType": { "type": "string" }, + "EfaEnabled": { + "type": "boolean" + }, "ExportPath": { "type": "string" }, @@ -209,6 +211,9 @@ "PreferredSubnetId": { "type": "string" }, + "ReadCacheConfiguration": { + "$ref": "#/definitions/ReadCacheConfiguration" + }, "RootVolumeConfiguration": { "$ref": "#/definitions/RootVolumeConfiguration" }, @@ -231,6 +236,18 @@ ], "type": "object" }, + "ReadCacheConfiguration": { + "additionalProperties": false, + "properties": { + "SizeGiB": { + "type": "integer" + }, + "SizingMode": { + "type": "string" + } + }, + "type": "object" + }, "RootVolumeConfiguration": { "additionalProperties": false, "properties": { diff --git a/src/schema/aws-gamelift-alias.json b/src/schema/aws-gamelift-alias.json index d044f6dd..9981db95 100644 --- a/src/schema/aws-gamelift-alias.json +++ b/src/schema/aws-gamelift-alias.json @@ -18,7 +18,7 @@ "properties": { "FleetId": { "description": "A unique identifier for a fleet that the alias points to. If you specify SIMPLE for the Type property, you must specify this property.", - "pattern": "^fleet-\\S+", + "pattern": "^[a-z]*fleet-[a-zA-Z0-9\\-]+", "type": "string" }, "Message": { @@ -38,13 +38,37 @@ "Type" ], "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" } }, "description": "The AWS::GameLift::Alias resource creates an alias for an Amazon GameLift (GameLift) fleet destination.", "handlers": { "create": { "permissions": [ - "gamelift:CreateAlias" + "gamelift:CreateAlias", + "gamelift:TagResource" ] }, "delete": { @@ -59,12 +83,17 @@ }, "read": { "permissions": [ - "gamelift:DescribeAlias" + "gamelift:DescribeAlias", + "gamelift:ListTagsForResource" ] }, "update": { "permissions": [ - "gamelift:UpdateAlias" + "gamelift:UpdateAlias", + "gamelift:DescribeAlias", + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" ] } }, @@ -72,6 +101,11 @@ "/properties/AliasId" ], "properties": { + "AliasArn": { + "description": "The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Alias resource and uniquely identifies it. ARNs are unique across all Regions. In a GameLift Alias ARN, the resource ID matches the AliasId value.", + "pattern": "^arn:.*:alias\\/alias-\\S+", + "type": "string" + }, "AliasId": { "description": "Unique alias ID", "type": "string" @@ -92,16 +126,38 @@ "RoutingStrategy": { "$ref": "#/definitions/RoutingStrategy", "description": "A routing configuration that specifies where traffic is directed for this alias, such as to a fleet or to a message." + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "type": "array", + "uniqueItems": true } }, "readOnlyProperties": [ - "/properties/AliasId" + "/properties/AliasId", + "/properties/AliasArn" ], "required": [ "Name", "RoutingStrategy" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::GameLift::Alias" } diff --git a/src/schema/aws-gamelift-build.json b/src/schema/aws-gamelift-build.json index 7fe64161..401cb35f 100644 --- a/src/schema/aws-gamelift-build.json +++ b/src/schema/aws-gamelift-build.json @@ -33,6 +33,29 @@ "RoleArn" ], "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" } }, "description": "Resource Type definition for AWS::GameLift::Build", @@ -40,7 +63,9 @@ "create": { "permissions": [ "gamelift:DescribeBuild", - "gamelift:CreateBuild" + "gamelift:CreateBuild", + "gamelift:ListTagsForResource", + "gamelift:TagResource" ] }, "delete": { @@ -56,12 +81,17 @@ }, "read": { "permissions": [ - "gamelift:DescribeBuild" + "gamelift:DescribeBuild", + "gamelift:ListTagsForResource" ] }, "update": { "permissions": [ - "gamelift:UpdateBuild" + "gamelift:UpdateBuild", + "gamelift:DescribeBuild", + "gamelift:TagResource", + "gamelift:UntagResource", + "gamelift:ListTagsForResource" ] } }, @@ -69,6 +99,11 @@ "/properties/BuildId" ], "properties": { + "BuildArn": { + "description": "The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift build resource and uniquely identifies it. ARNs are unique across all Regions. In a GameLift build ARN, the resource ID matches the BuildId value.", + "pattern": "^arn:.*:build\\/build-\\S+", + "type": "string" + }, "BuildId": { "description": "A unique identifier for a build to be deployed on the new fleet. If you are deploying the fleet with a custom game build, you must specify this property. The build must have been successfully uploaded to Amazon GameLift and be in a READY status. This fleet setting cannot be changed once the fleet is created.", "type": "string" @@ -96,21 +131,38 @@ "$ref": "#/definitions/StorageLocation", "description": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region." }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "type": "array", + "uniqueItems": true + }, "Version": { "description": "Version information that is associated with this build. Version strings do not need to be unique.", "type": "string" } }, "readOnlyProperties": [ - "/properties/BuildId" + "/properties/BuildId", + "/properties/BuildArn" ], "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::GameLift::Build", "writeOnlyProperties": [ diff --git a/src/schema/aws-gamelift-containerfleet.json b/src/schema/aws-gamelift-containerfleet.json new file mode 100644 index 00000000..c89339dc --- /dev/null +++ b/src/schema/aws-gamelift-containerfleet.json @@ -0,0 +1,603 @@ +{ + "$schema": "https://schema.cloudformation.us-east-1.amazonaws.com/provider.definition.schema.v1.json", + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/InstanceType", + "/properties/BillingType", + "/properties/Locations" + ], + "definitions": { + "ConnectionPortRange": { + "additionalProperties": false, + "description": "Defines the range of ports on the instance that allow inbound traffic to connect with containers in a fleet.", + "properties": { + "FromPort": { + "description": "A starting value for a range of allowed port numbers.", + "maximum": 60000, + "minimum": 1, + "type": "integer" + }, + "ToPort": { + "description": "An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort.", + "maximum": 60000, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "FromPort", + "ToPort" + ], + "type": "object" + }, + "DeploymentConfiguration": { + "additionalProperties": false, + "description": "Provides details about how to drain old tasks and replace them with new updated tasks.", + "properties": { + "ImpairmentStrategy": { + "description": "The strategy to apply in case of impairment; defaults to MAINTAIN.", + "enum": [ + "MAINTAIN", + "ROLLBACK" + ], + "type": "string" + }, + "MinimumHealthyPercentage": { + "description": "The minimum percentage of healthy required; defaults to 75.", + "maximum": 75, + "minimum": 30, + "type": "integer" + }, + "ProtectionStrategy": { + "description": "The protection strategy for deployment on the container fleet; defaults to WITH_PROTECTION.", + "enum": [ + "WITH_PROTECTION", + "IGNORE_PROTECTION" + ], + "type": "string" + } + }, + "required": [], + "type": "object" + }, + "DeploymentDetails": { + "additionalProperties": false, + "description": "Provides information about the last deployment ID and its status.", + "properties": { + "LatestDeploymentId": { + "description": "The ID of the last deployment on the container fleet. This field will be empty if the container fleet does not have a ContainerGroupDefinition attached.", + "maxLength": 1024, + "pattern": "^[a-zA-Z0-9\\-]+$|^$", + "type": "string" + } + }, + "required": [], + "type": "object" + }, + "GameSessionCreationLimitPolicy": { + "additionalProperties": false, + "description": "A policy that limits the number of game sessions a player can create on the same fleet. This optional policy gives game owners control over how players can consume available game server resources. A resource creation policy makes the following statement: \"An individual player can create a maximum number of new game sessions within a specified time period\".\n\nThe policy is evaluated when a player tries to create a new game session. For example, assume you have a policy of 10 new game sessions and a time period of 60 minutes. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than 10 game sessions in the past 60 minutes.", + "properties": { + "NewGameSessionsPerCreator": { + "description": "The maximum number of game sessions that an individual can create during the policy period.", + "minimum": 0, + "type": "integer" + }, + "PolicyPeriodInMinutes": { + "description": "The time span used in evaluating the resource creation limit policy.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "IpPermission": { + "additionalProperties": false, + "description": "A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift hosting resource. New game sessions that are started on the fleet are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges. For fleets created with a custom game server, the ranges reflect the server's game session assignments. For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP messaging and one for UDP, for use by the Realtime servers.", + "properties": { + "FromPort": { + "description": "A starting value for a range of allowed port numbers.", + "maximum": 60000, + "minimum": 1, + "type": "integer" + }, + "IpRange": { + "description": "A range of allowed IP addresses. This value must be expressed in CIDR notation. Example: \"000.000.000.000/[subnet mask]\" or optionally the shortened version \"0.0.0.0/[subnet mask]\".", + "pattern": "(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$)", + "type": "string" + }, + "Protocol": { + "description": "The network communication protocol used by the fleet.", + "enum": [ + "TCP", + "UDP" + ], + "type": "string" + }, + "ToPort": { + "description": "An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort.", + "maximum": 60000, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "FromPort", + "IpRange", + "Protocol", + "ToPort" + ], + "type": "object" + }, + "Location": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[A-Za-z0-9\\-]+", + "type": "string" + }, + "LocationCapacity": { + "additionalProperties": false, + "description": "Current resource capacity settings in a specified fleet or location. The location value might refer to a fleet's remote location or its home Region.", + "properties": { + "DesiredEC2Instances": { + "description": "The number of EC2 instances you want to maintain in the specified fleet location. This value must fall between the minimum and maximum size limits.", + "minimum": 0, + "type": "integer" + }, + "MaxSize": { + "description": "The maximum value that is allowed for the fleet's instance count for a location.", + "minimum": 0, + "type": "integer" + }, + "MinSize": { + "description": "The minimum value allowed for the fleet's instance count for a location.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "DesiredEC2Instances", + "MinSize", + "MaxSize" + ], + "type": "object" + }, + "LocationConfiguration": { + "additionalProperties": false, + "description": "A remote location where a multi-location fleet can deploy EC2 instances for game hosting.", + "properties": { + "Location": { + "$ref": "#/definitions/Location" + }, + "LocationCapacity": { + "$ref": "#/definitions/LocationCapacity" + }, + "StoppedActions": { + "$ref": "#/definitions/StoppedActions" + } + }, + "required": [ + "Location" + ], + "type": "object" + }, + "LogConfiguration": { + "additionalProperties": false, + "description": "A policy the location and provider of logs from the fleet.", + "properties": { + "LogDestination": { + "$ref": "#/definitions/LogDestination" + }, + "S3BucketName": { + "description": "The name of the S3 bucket to pull logs from if S3 is the LogDestination", + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "LogDestination": { + "description": "Configures the service that provides logs.", + "enum": [ + "NONE", + "CLOUDWATCH", + "S3" + ], + "type": "string" + }, + "ScalingPolicy": { + "additionalProperties": false, + "description": "Rule that controls how a fleet is scaled. Scaling policies are uniquely identified by the combination of name and fleet ID.", + "properties": { + "ComparisonOperator": { + "description": "Comparison operator to use when measuring a metric against the threshold value.", + "enum": [ + "GreaterThanOrEqualToThreshold", + "GreaterThanThreshold", + "LessThanThreshold", + "LessThanOrEqualToThreshold" + ], + "type": "string" + }, + "EvaluationPeriods": { + "description": "Length of time (in minutes) the metric must be at or beyond the threshold before a scaling event is triggered.", + "minimum": 1, + "type": "integer" + }, + "MetricName": { + "description": "Name of the Amazon GameLift-defined metric that is used to trigger a scaling adjustment.", + "enum": [ + "ActivatingGameSessions", + "ActiveGameSessions", + "ActiveInstances", + "AvailableGameSessions", + "AvailablePlayerSessions", + "CurrentPlayerSessions", + "IdleInstances", + "PercentAvailableGameSessions", + "PercentIdleInstances", + "QueueDepth", + "WaitTime", + "ConcurrentActivatableGameSessions" + ], + "type": "string" + }, + "Name": { + "description": "A descriptive label that is associated with a fleet's scaling policy. Policy names do not need to be unique.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "PolicyType": { + "description": "The type of scaling policy to create. For a target-based policy, set the parameter MetricName to 'PercentAvailableGameSessions' and specify a TargetConfiguration. For a rule-based policy set the following parameters: MetricName, ComparisonOperator, Threshold, EvaluationPeriods, ScalingAdjustmentType, and ScalingAdjustment.", + "enum": [ + "RuleBased", + "TargetBased" + ], + "type": "string" + }, + "ScalingAdjustment": { + "description": "Amount of adjustment to make, based on the scaling adjustment type.", + "type": "integer" + }, + "ScalingAdjustmentType": { + "description": "The type of adjustment to make to a fleet's instance count.", + "enum": [ + "ChangeInCapacity", + "ExactCapacity", + "PercentChangeInCapacity" + ], + "type": "string" + }, + "TargetConfiguration": { + "$ref": "#/definitions/TargetConfiguration", + "description": "An object that contains settings for a target-based scaling policy." + }, + "Threshold": { + "description": "Metric value used to trigger a scaling event.", + "type": "number" + } + }, + "required": [ + "MetricName", + "Name" + ], + "type": "object" + }, + "StoppedActions": { + "description": "A list of fleet actions that have been suspended in the fleet location.", + "insertionOrder": false, + "items": { + "enum": [ + "AUTO_SCALING" + ], + "type": "string" + }, + "maxItems": 1, + "type": "array" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "TargetConfiguration": { + "additionalProperties": false, + "description": "Settings for a target-based scaling policy. A target-based policy tracks a particular fleet metric specifies a target value for the metric. As player usage changes, the policy triggers Amazon GameLift to adjust capacity so that the metric returns to the target value. The target configuration specifies settings as needed for the target based policy, including the target value.", + "properties": { + "TargetValue": { + "description": "Desired value to use with a target-based scaling policy. The value must be relevant for whatever metric the scaling policy is using. For example, in a policy using the metric PercentAvailableGameSessions, the target value should be the preferred size of the fleet's buffer (the percent of capacity that should be idle and ready for new game sessions).", + "type": "number" + } + }, + "required": [ + "TargetValue" + ], + "type": "object" + } + }, + "description": "The AWS::GameLift::ContainerFleet resource creates an Amazon GameLift (GameLift) container fleet to host game servers.", + "handlers": { + "create": { + "permissions": [ + "gamelift:CreateContainerFleet", + "gamelift:DescribeContainerFleet", + "gamelift:DescribeFleetDeployment", + "gamelift:DescribeFleetLocationAttributes", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:DescribeScalingPolicies", + "gamelift:ListTagsForResource", + "gamelift:PutScalingPolicy", + "gamelift:StopFleetActions", + "gamelift:TagResource", + "gamelift:UpdateFleetCapacity", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "gamelift:DeleteContainerFleet", + "gamelift:DescribeContainerFleet" + ] + }, + "list": { + "permissions": [ + "gamelift:ListContainerFleets" + ] + }, + "read": { + "permissions": [ + "gamelift:DescribeContainerFleet", + "gamelift:DescribeFleetLocationAttributes", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:DescribeScalingPolicies", + "gamelift:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "gamelift:CreateFleetLocations", + "gamelift:DeleteFleetLocations", + "gamelift:DeleteScalingPolicy", + "gamelift:DescribeContainerFleet", + "gamelift:DescribeFleetDeployment", + "gamelift:DescribeFleetLocationAttributes", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:DescribeScalingPolicies", + "gamelift:ListTagsForResource", + "gamelift:PutScalingPolicy", + "gamelift:StartFleetActions", + "gamelift:StopFleetActions", + "gamelift:TagResource", + "gamelift:UntagResource", + "gamelift:UpdateContainerFleet", + "gamelift:UpdateFleetCapacity", + "iam:PassRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/FleetId" + ], + "properties": { + "BillingType": { + "description": "Indicates whether to use On-Demand instances or Spot instances for this fleet. If empty, the default is ON_DEMAND. Both categories of instances use identical hardware and configurations based on the instance type selected for this fleet.", + "enum": [ + "ON_DEMAND", + "SPOT" + ], + "type": "string" + }, + "CreationTime": { + "description": "A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example \"1469498468.057\").", + "type": "string" + }, + "DeploymentConfiguration": { + "$ref": "#/definitions/DeploymentConfiguration" + }, + "DeploymentDetails": { + "$ref": "#/definitions/DeploymentDetails" + }, + "Description": { + "description": "A human-readable description of a fleet.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "FleetArn": { + "description": "The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift container fleet resource and uniquely identifies it across all AWS Regions.", + "maxLength": 512, + "minLength": 1, + "pattern": "^arn:.*:[a-z]*fleet\\/[a-z]*fleet-[a-zA-Z0-9\\-]+$", + "type": "string" + }, + "FleetId": { + "description": "Unique fleet ID", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-z]*fleet-[a-zA-Z0-9\\-]+", + "type": "string" + }, + "FleetRoleArn": { + "description": "A unique identifier for an AWS IAM role that manages access to your AWS services. Create a role or look up a role's ARN from the IAM dashboard in the AWS Management Console.", + "maxLength": 256, + "minLength": 1, + "pattern": "^arn:aws(-.*)?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$", + "type": "string" + }, + "GameServerContainerGroupDefinitionArn": { + "description": "The Amazon Resource Name (ARN) of the game server container group definition. This field will be empty if GameServerContainerGroupDefinitionName is not specified.", + "maxLength": 512, + "pattern": "^arn:.*:containergroupdefinition\\/[a-zA-Z0-9\\-]+(:[0-9]+)?$|^$", + "type": "string" + }, + "GameServerContainerGroupDefinitionName": { + "description": "The name of the container group definition that will be created per game server. You must specify GAME_SERVER container group. You have the option to also specify one PER_INSTANCE container group.", + "maxLength": 512, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\-]+$|^arn:.*:containergroupdefinition\\/[a-zA-Z0-9\\-]+(:[0-9]+)?$", + "type": "string" + }, + "GameServerContainerGroupsPerInstance": { + "description": "The number of desired game server container groups per instance, a number between 1-5000.", + "maximum": 5000, + "minimum": 1, + "type": "integer" + }, + "GameSessionCreationLimitPolicy": { + "$ref": "#/definitions/GameSessionCreationLimitPolicy", + "description": "A policy that limits the number of game sessions an individual player can create over a span of time for this fleet." + }, + "InstanceConnectionPortRange": { + "$ref": "#/definitions/ConnectionPortRange" + }, + "InstanceInboundPermissions": { + "description": "A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift server.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/IpPermission" + }, + "maxItems": 50, + "type": "array" + }, + "InstanceType": { + "description": "The name of an EC2 instance type that is supported in Amazon GameLift. A fleet instance type determines the computing resources of each instance in the fleet, including CPU, memory, storage, and networking capacity. Amazon GameLift supports the following EC2 instance types. See Amazon EC2 Instance Types for detailed descriptions.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "Locations": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/LocationConfiguration" + }, + "maxItems": 100, + "type": "array" + }, + "LogConfiguration": { + "$ref": "#/definitions/LogConfiguration" + }, + "MaximumGameServerContainerGroupsPerInstance": { + "description": "The maximum number of game server container groups per instance, a number between 1-5000.", + "maximum": 5000, + "minimum": 1, + "type": "integer" + }, + "MetricGroups": { + "description": "The name of an Amazon CloudWatch metric group. A metric group aggregates the metrics for all fleets in the group. Specify a string containing the metric group name. You can use an existing name or use a new name to create a new metric group. Currently, this parameter can have only one string.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "maxItems": 1, + "type": "array" + }, + "NewGameSessionProtectionPolicy": { + "description": "A game session protection policy to apply to all game sessions hosted on instances in this fleet. When protected, active game sessions cannot be terminated during a scale-down event. If this parameter is not set, instances in this fleet default to no protection. You can change a fleet's protection policy to affect future game sessions on the fleet. You can also set protection for individual game sessions.", + "enum": [ + "FullProtection", + "NoProtection" + ], + "type": "string" + }, + "PerInstanceContainerGroupDefinitionArn": { + "description": "The Amazon Resource Name (ARN) of the per instance container group definition. This field will be empty if PerInstanceContainerGroupDefinitionName is not specified.", + "maxLength": 512, + "pattern": "^arn:.*:containergroupdefinition\\/[a-zA-Z0-9\\-]+(:[0-9]+)?$|^$", + "type": "string" + }, + "PerInstanceContainerGroupDefinitionName": { + "description": "The name of the container group definition that will be created per instance. This field is optional if you specify GameServerContainerGroupDefinitionName.", + "maxLength": 512, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\-]+$|^arn:.*:containergroupdefinition\\/[a-zA-Z0-9\\-]+(:[0-9]+)?$", + "type": "string" + }, + "ScalingPolicies": { + "description": "A list of rules that control how a fleet is scaled.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ScalingPolicy" + }, + "maxItems": 50, + "type": "array" + }, + "Status": { + "description": "The current status of the container fleet.", + "enum": [ + "PENDING", + "CREATING", + "CREATED", + "ACTIVATING", + "ACTIVE", + "UPDATING", + "DELETING" + ], + "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/CreationTime", + "/properties/Status", + "/properties/FleetId", + "/properties/FleetArn", + "/properties/DeploymentDetails", + "/properties/GameServerContainerGroupDefinitionArn", + "/properties/PerInstanceContainerGroupDefinitionArn", + "/properties/MaximumGameServerContainerGroupsPerInstance" + ], + "required": [ + "FleetRoleArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::GameLift::ContainerFleet", + "writeOnlyProperties": [ + "/properties/ScalingPolicies", + "/properties/Locations", + "/properties/DeploymentConfiguration", + "/properties/GameServerContainerGroupsPerInstance", + "/properties/GameServerContainerGroupDefinitionName", + "/properties/PerInstanceContainerGroupDefinitionName" + ] +} diff --git a/src/schema/aws-gamelift-containergroupdefinition.json b/src/schema/aws-gamelift-containergroupdefinition.json index 4326983a..9b85f467 100644 --- a/src/schema/aws-gamelift-containergroupdefinition.json +++ b/src/schema/aws-gamelift-containergroupdefinition.json @@ -3,121 +3,9 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Name", - "/properties/SchedulingStrategy", - "/properties/TotalMemoryLimit", - "/properties/TotalCpuLimit", - "/properties/ContainerDefinitions", - "/properties/OperatingSystem" + "/properties/ContainerGroupType" ], "definitions": { - "ContainerDefinition": { - "additionalProperties": false, - "description": "Details about a container that is used in a container fleet", - "properties": { - "Command": { - "description": "The command that's passed to the container.", - "insertionOrder": true, - "items": { - "maxLength": 255, - "minLength": 1, - "pattern": "^.*$", - "type": "string" - }, - "maxItems": 20, - "minItems": 1, - "type": "array", - "uniqueItems": false - }, - "ContainerName": { - "description": "A descriptive label for the container definition. Container definition names must be unique with a container group definition.", - "maxLength": 128, - "minLength": 1, - "pattern": "^[a-zA-Z0-9-]+$", - "type": "string" - }, - "Cpu": { - "description": "The maximum number of CPU units reserved for this container. The value is expressed as an integer amount of CPU units. 1 vCPU is equal to 1024 CPU units", - "maximum": 10240, - "minimum": 1, - "type": "integer" - }, - "DependsOn": { - "description": "A list of container dependencies that determines when this container starts up and shuts down. For container groups with multiple containers, dependencies let you define a startup/shutdown sequence across the containers.", - "insertionOrder": true, - "items": { - "$ref": "#/definitions/ContainerDependency" - }, - "maxItems": 10, - "minItems": 1, - "type": "array", - "uniqueItems": true - }, - "EntryPoint": { - "description": "The entry point that's passed to the container so that it will run as an executable. If there are multiple arguments, each argument is a string in the array.", - "insertionOrder": true, - "items": { - "maxLength": 1024, - "minLength": 1, - "type": "string" - }, - "maxItems": 20, - "minItems": 1, - "type": "array", - "uniqueItems": false - }, - "Environment": { - "description": "The environment variables to pass to a container.", - "insertionOrder": false, - "items": { - "$ref": "#/definitions/ContainerEnvironment" - }, - "maxItems": 20, - "minItems": 1, - "type": "array", - "uniqueItems": true - }, - "Essential": { - "description": "Specifies if the container is essential. If an essential container fails a health check, then all containers in the container group will be restarted. You must specify exactly 1 essential container in a container group.", - "type": "boolean" - }, - "HealthCheck": { - "$ref": "#/definitions/ContainerHealthCheck", - "description": "Specifies how the health of the containers will be checked." - }, - "ImageUri": { - "description": "Specifies the image URI of this container.", - "maxLength": 255, - "minLength": 1, - "pattern": "^[a-zA-Z0-9-_\\.@\\/:]+$", - "type": "string" - }, - "MemoryLimits": { - "$ref": "#/definitions/MemoryLimits", - "description": "Specifies how much memory is available to the container. You must specify at least this parameter or the TotalMemoryLimit parameter of the ContainerGroupDefinition." - }, - "PortConfiguration": { - "$ref": "#/definitions/PortConfiguration", - "description": "Defines the ports on the container." - }, - "ResolvedImageDigest": { - "description": "The digest of the container image.", - "pattern": "^sha256:[a-fA-F0-9]{64}$", - "type": "string" - }, - "WorkingDirectory": { - "description": "The working directory to run commands inside the container in.", - "maxLength": 255, - "minLength": 1, - "pattern": "^.*$", - "type": "string" - } - }, - "required": [ - "ContainerName", - "ImageUri" - ], - "type": "object" - }, "ContainerDependency": { "additionalProperties": false, "description": "A dependency that impacts a container's startup and shutdown.", @@ -219,6 +107,38 @@ ], "type": "object" }, + "ContainerMountPoint": { + "additionalProperties": false, + "description": "Defines the mount point configuration within a container.", + "properties": { + "AccessLevel": { + "description": "The access permissions for the mounted path.", + "enum": [ + "READ_ONLY", + "READ_AND_WRITE" + ], + "type": "string" + }, + "ContainerPath": { + "description": "The path inside the container where the mount is accessible.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^(\\/+[^\\/]+\\/*)+$", + "type": "string" + }, + "InstancePath": { + "description": "The path on the host that will be mounted in the container.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^\\/[\\s\\S]*$", + "type": "string" + } + }, + "required": [ + "InstancePath" + ], + "type": "object" + }, "ContainerPortRange": { "additionalProperties": false, "description": "A set of one or more port numbers that can be opened on the container.", @@ -251,23 +171,78 @@ ], "type": "object" }, - "MemoryLimits": { + "GameServerContainerDefinition": { "additionalProperties": false, - "description": "Specifies how much memory is available to the container.", + "description": "Specifies the information required to run game servers with this container group", "properties": { - "HardLimit": { - "description": "The hard limit of memory to reserve for the container.", - "maximum": 1024000, - "minimum": 4, - "type": "integer" + "ContainerName": { + "description": "A descriptive label for the container definition. Container definition names must be unique with a container group definition.", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-]+$", + "type": "string" }, - "SoftLimit": { - "description": "The amount of memory that is reserved for the container.", - "maximum": 1024000, - "minimum": 4, - "type": "integer" + "DependsOn": { + "description": "A list of container dependencies that determines when this container starts up and shuts down. For container groups with multiple containers, dependencies let you define a startup/shutdown sequence across the containers.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ContainerDependency" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "EnvironmentOverride": { + "description": "The environment variables to pass to a container.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ContainerEnvironment" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "ImageUri": { + "description": "Specifies the image URI of this container.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-_\\.@\\/:]+$", + "type": "string" + }, + "MountPoints": { + "description": "A list of mount point configurations to be used in a container.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ContainerMountPoint" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "PortConfiguration": { + "$ref": "#/definitions/PortConfiguration", + "description": "Defines the ports on the container." + }, + "ResolvedImageDigest": { + "description": "The digest of the container image.", + "pattern": "^sha256:[a-fA-F0-9]{64}$", + "type": "string" + }, + "ServerSdkVersion": { + "description": "The version of the server SDK used in this container group", + "maxLength": 128, + "pattern": "^\\d+\\.\\d+\\.\\d+$", + "type": "string" } }, + "required": [ + "ContainerName", + "ImageUri", + "ServerSdkVersion" + ], "type": "object" }, "PortConfiguration": { @@ -291,6 +266,93 @@ ], "type": "object" }, + "SupportContainerDefinition": { + "additionalProperties": false, + "description": "Supports the function of the main container group", + "properties": { + "ContainerName": { + "description": "A descriptive label for the container definition.", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-]+$", + "type": "string" + }, + "DependsOn": { + "description": "A list of container dependencies that determines when this container starts up and shuts down. For container groups with multiple containers, dependencies let you define a startup/shutdown sequence across the containers.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ContainerDependency" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "EnvironmentOverride": { + "description": "The environment variables to pass to a container.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ContainerEnvironment" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "Essential": { + "description": "Specifies if the container is essential. If an essential container fails a health check, then all containers in the container group will be restarted. You must specify exactly 1 essential container in a container group.", + "type": "boolean" + }, + "HealthCheck": { + "$ref": "#/definitions/ContainerHealthCheck", + "description": "Specifies how the health of the containers will be checked." + }, + "ImageUri": { + "description": "Specifies the image URI of this container.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-_\\.@\\/:]+$", + "type": "string" + }, + "MemoryHardLimitMebibytes": { + "description": "The total memory limit of container groups following this definition in MiB", + "maximum": 1024000, + "minimum": 4, + "type": "integer" + }, + "MountPoints": { + "description": "A list of mount point configurations to be used in a container.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ContainerMountPoint" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "PortConfiguration": { + "$ref": "#/definitions/PortConfiguration", + "description": "Defines the ports on the container." + }, + "ResolvedImageDigest": { + "description": "The digest of the container image.", + "pattern": "^sha256:[a-fA-F0-9]{64}$", + "type": "string" + }, + "Vcpu": { + "description": "The number of virtual CPUs to give to the support group", + "maximum": 10, + "minimum": 0.125, + "type": "number" + } + }, + "required": [ + "ContainerName", + "ImageUri" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -328,12 +390,12 @@ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", - "ecr:DescribeImages" + "ecr:DescribeImages", + "ecr:GetAuthorizationToken" ] }, "delete": { "permissions": [ - "gamelift:DescribeContainerGroupDefinition", "gamelift:DeleteContainerGroupDefinition" ] }, @@ -350,6 +412,8 @@ }, "update": { "permissions": [ + "gamelift:DescribeContainerGroupDefinition", + "gamelift:UpdateContainerGroupDefinition", "gamelift:ListTagsForResource", "gamelift:TagResource", "gamelift:UntagResource" @@ -360,28 +424,28 @@ "/properties/Name" ], "properties": { - "ContainerDefinitions": { - "description": "A collection of container definitions that define the containers in this group.", - "insertionOrder": false, - "items": { - "$ref": "#/definitions/ContainerDefinition" - }, - "maxItems": 10, - "minItems": 1, - "type": "array", - "uniqueItems": true - }, "ContainerGroupDefinitionArn": { "description": "The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift container group resource and uniquely identifies it across all AWS Regions.", "maxLength": 512, "minLength": 1, - "pattern": "^arn:.*:containergroupdefinition/containergroupdefinition-[a-zA-Z0-9-]+$", + "pattern": "^arn:.*:containergroupdefinition\\/[a-zA-Z0-9\\-]+(:[0-9]+)?$", + "type": "string" + }, + "ContainerGroupType": { + "description": "The scope of the container group", + "enum": [ + "GAME_SERVER", + "PER_INSTANCE" + ], "type": "string" }, "CreationTime": { "description": "A time stamp indicating when this data object was created. Format is a number expressed in Unix time as milliseconds (for example \"1469498468.057\").", "type": "string" }, + "GameServerContainerDefinition": { + "$ref": "#/definitions/GameServerContainerDefinition" + }, "Name": { "description": "A descriptive label for the container group definition.", "maxLength": 128, @@ -396,14 +460,35 @@ ], "type": "string" }, - "SchedulingStrategy": { - "description": "Specifies whether the container group includes replica or daemon containers.", + "SourceVersionNumber": { + "description": "A specific ContainerGroupDefinition version to be updated", + "minimum": 0, + "type": "integer" + }, + "Status": { + "description": "A string indicating ContainerGroupDefinition status.", "enum": [ - "REPLICA", - "DAEMON" + "READY", + "COPYING", + "FAILED" ], "type": "string" }, + "StatusReason": { + "description": "A string indicating the reason for ContainerGroupDefinition status.", + "type": "string" + }, + "SupportContainerDefinitions": { + "description": "A collection of support container definitions that define the containers in this group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SupportContainerDefinition" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, "Tags": { "description": "An array of key-value pairs to apply to this resource.", "insertionOrder": false, @@ -415,38 +500,58 @@ "type": "array", "uniqueItems": true }, - "TotalCpuLimit": { - "description": "The maximum number of CPU units reserved for this container group. The value is expressed as an integer amount of CPU units. (1 vCPU is equal to 1024 CPU units.)", - "maximum": 10240, - "minimum": 128, - "type": "integer" - }, - "TotalMemoryLimit": { - "description": "The maximum amount of memory (in MiB) to allocate for this container group.", + "TotalMemoryLimitMebibytes": { + "description": "The total memory limit of container groups following this definition in MiB", "maximum": 1024000, "minimum": 4, "type": "integer" + }, + "TotalVcpuLimit": { + "description": "The total amount of virtual CPUs on the container group definition", + "maximum": 10, + "minimum": 0.125, + "type": "number" + }, + "VersionDescription": { + "description": "The description of this version", + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "VersionNumber": { + "description": "The version of this ContainerGroupDefinition", + "minimum": 0, + "type": "integer" } }, "readOnlyProperties": [ "/properties/ContainerGroupDefinitionArn", "/properties/CreationTime", - "/properties/ContainerDefinitions/*/ResolvedImageDigest" + "/properties/VersionNumber", + "/properties/Status", + "/properties/StatusReason" ], "required": [ "Name", - "TotalMemoryLimit", - "TotalCpuLimit", - "ContainerDefinitions", - "OperatingSystem" + "OperatingSystem", + "TotalMemoryLimitMebibytes", + "TotalVcpuLimit" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::GameLift::ContainerGroupDefinition" + "typeName": "AWS::GameLift::ContainerGroupDefinition", + "writeOnlyProperties": [ + "/properties/SourceVersionNumber" + ] } diff --git a/src/schema/aws-gamelift-fleet.json b/src/schema/aws-gamelift-fleet.json index 1fdbaa51..226f0907 100644 --- a/src/schema/aws-gamelift-fleet.json +++ b/src/schema/aws-gamelift-fleet.json @@ -5,7 +5,6 @@ "/properties/ApplyCapacity", "/properties/BuildId", "/properties/CertificateConfiguration", - "/properties/ContainerGroupsConfiguration", "/properties/EC2InstanceType", "/properties/FleetType", "/properties/InstanceRoleARN", @@ -52,78 +51,6 @@ ], "type": "object" }, - "ConnectionPortRange": { - "additionalProperties": false, - "description": "Defines the range of ports on the instance that allow inbound traffic to connect with containers in a fleet.", - "properties": { - "FromPort": { - "description": "A starting value for a range of allowed port numbers.", - "maximum": 60000, - "minimum": 1, - "type": "integer" - }, - "ToPort": { - "description": "An ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than FromPort.", - "maximum": 60000, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "FromPort", - "ToPort" - ], - "type": "object" - }, - "ContainerGroupsConfiguration": { - "additionalProperties": false, - "description": "Specifies container groups that this instance will hold. You must specify exactly one replica group. Optionally, you may specify exactly one daemon group. You can't change this property after you create the fleet.", - "properties": { - "ConnectionPortRange": { - "$ref": "#/definitions/ConnectionPortRange" - }, - "ContainerGroupDefinitionNames": { - "description": "The names of the container group definitions that will be created in an instance. You must specify exactly one REPLICA container group. You have the option to also specify one DAEMON container group.", - "insertionOrder": false, - "items": { - "maxLength": 128, - "minLength": 1, - "pattern": "^[a-zA-Z0-9\\-]+$", - "type": "string" - }, - "maxItems": 2, - "minItems": 1, - "type": "array" - }, - "ContainerGroupsPerInstance": { - "$ref": "#/definitions/ContainerGroupsPerInstance" - } - }, - "required": [ - "ContainerGroupDefinitionNames", - "ConnectionPortRange" - ], - "type": "object" - }, - "ContainerGroupsPerInstance": { - "additionalProperties": false, - "description": "The number of container groups per instance.", - "properties": { - "DesiredReplicaContainerGroupsPerInstance": { - "description": "Use this parameter to override the number of replica container groups GameLift will launch per instance with a number that is lower than that calculated maximum.", - "maximum": 5000, - "minimum": 1, - "type": "integer" - }, - "MaxReplicaContainerGroupsPerInstance": { - "description": "GameLift calculates the maximum number of replica container groups it can launch per instance based on instance properties such as CPU, memory, and connection ports.", - "maximum": 5000, - "minimum": 1, - "type": "integer" - } - }, - "type": "object" - }, "IpPermission": { "additionalProperties": false, "description": "A range of IP addresses and port settings that allow inbound traffic to connect to server processes on an Amazon GameLift hosting resource. New game sessions that are started on the fleet are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges. For fleets created with a custom game server, the ranges reflect the server's game session assignments. For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP messaging and one for UDP, for use by the Realtime servers.", @@ -492,14 +419,10 @@ "description": "ComputeType to differentiate EC2 hardware managed by GameLift and Anywhere hardware managed by the customer.", "enum": [ "EC2", - "ANYWHERE", - "CONTAINER" + "ANYWHERE" ], "type": "string" }, - "ContainerGroupsConfiguration": { - "$ref": "#/definitions/ContainerGroupsConfiguration" - }, "Description": { "description": "A human-readable description of a fleet.", "maxLength": 1024, @@ -651,7 +574,6 @@ } }, "readOnlyProperties": [ - "/properties/ContainerGroupsConfiguration/ContainerGroupsPerInstance/MaxReplicaContainerGroupsPerInstance", "/properties/FleetId" ], "required": [ diff --git a/src/schema/aws-gamelift-gameservergroup.json b/src/schema/aws-gamelift-gameservergroup.json index 8dc82eb8..d778386f 100644 --- a/src/schema/aws-gamelift-gameservergroup.json +++ b/src/schema/aws-gamelift-gameservergroup.json @@ -431,7 +431,18 @@ "RoleArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::GameLift::GameServerGroup", "writeOnlyProperties": [ "/properties/DeleteOption", diff --git a/src/schema/aws-gamelift-gamesessionqueue.json b/src/schema/aws-gamelift-gamesessionqueue.json index 7032f34c..94f122b1 100644 --- a/src/schema/aws-gamelift-gamesessionqueue.json +++ b/src/schema/aws-gamelift-gamesessionqueue.json @@ -153,7 +153,8 @@ "gamelift:UpdateGameSessionQueue", "gamelift:ListTagsForResource", "gamelift:TagResource", - "gamelift:UntagResource" + "gamelift:UntagResource", + "gamelift:DescribeGameSessionQueues" ] } }, @@ -240,7 +241,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GameLift::GameSessionQueue" diff --git a/src/schema/aws-gamelift-location.json b/src/schema/aws-gamelift-location.json index 5cfed41d..81442ef6 100644 --- a/src/schema/aws-gamelift-location.json +++ b/src/schema/aws-gamelift-location.json @@ -98,7 +98,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GameLift::Location" diff --git a/src/schema/aws-gamelift-matchmakingconfiguration.json b/src/schema/aws-gamelift-matchmakingconfiguration.json index e96d5d91..77167d3e 100644 --- a/src/schema/aws-gamelift-matchmakingconfiguration.json +++ b/src/schema/aws-gamelift-matchmakingconfiguration.json @@ -223,7 +223,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GameLift::MatchmakingConfiguration" diff --git a/src/schema/aws-gamelift-matchmakingruleset.json b/src/schema/aws-gamelift-matchmakingruleset.json index a2af578a..7e8ceb20 100644 --- a/src/schema/aws-gamelift-matchmakingruleset.json +++ b/src/schema/aws-gamelift-matchmakingruleset.json @@ -115,7 +115,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GameLift::MatchmakingRuleSet" diff --git a/src/schema/aws-gamelift-script.json b/src/schema/aws-gamelift-script.json index da5e4fce..6dc79c45 100644 --- a/src/schema/aws-gamelift-script.json +++ b/src/schema/aws-gamelift-script.json @@ -161,7 +161,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-gamelift.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "gamelift:ListTagsForResource", + "gamelift:TagResource", + "gamelift:UntagResource" + ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GameLift::Script" diff --git a/src/schema/aws-glue-connection.json b/src/schema/aws-glue-connection.json index 6259c04c..2a745bb0 100644 --- a/src/schema/aws-glue-connection.json +++ b/src/schema/aws-glue-connection.json @@ -4,9 +4,66 @@ "/properties/CatalogId" ], "definitions": { + "AuthenticationConfigurationInput": { + "additionalProperties": false, + "properties": { + "AuthenticationType": { + "type": "string" + }, + "BasicAuthenticationCredentials": { + "$ref": "#/definitions/BasicAuthenticationCredentials" + }, + "CustomAuthenticationCredentials": { + "type": "object" + }, + "KmsKeyArn": { + "type": "string" + }, + "OAuth2Properties": { + "$ref": "#/definitions/OAuth2PropertiesInput" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "AuthenticationType" + ], + "type": "object" + }, + "AuthorizationCodeProperties": { + "additionalProperties": false, + "properties": { + "AuthorizationCode": { + "type": "string" + }, + "RedirectUri": { + "type": "string" + } + }, + "type": "object" + }, + "BasicAuthenticationCredentials": { + "additionalProperties": false, + "properties": { + "Password": { + "type": "string" + }, + "Username": { + "type": "string" + } + }, + "type": "object" + }, "ConnectionInput": { "additionalProperties": false, "properties": { + "AthenaProperties": { + "type": "object" + }, + "AuthenticationConfiguration": { + "$ref": "#/definitions/AuthenticationConfigurationInput" + }, "ConnectionProperties": { "type": "object" }, @@ -28,6 +85,22 @@ }, "PhysicalConnectionRequirements": { "$ref": "#/definitions/PhysicalConnectionRequirements" + }, + "PythonProperties": { + "type": "object" + }, + "SparkProperties": { + "type": "object" + }, + "ValidateCredentials": { + "type": "boolean" + }, + "ValidateForComputeEnvironments": { + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false } }, "required": [ @@ -35,6 +108,60 @@ ], "type": "object" }, + "OAuth2ClientApplication": { + "additionalProperties": false, + "properties": { + "AWSManagedClientApplicationReference": { + "type": "string" + }, + "UserManagedClientApplicationClientId": { + "type": "string" + } + }, + "type": "object" + }, + "OAuth2Credentials": { + "additionalProperties": false, + "properties": { + "AccessToken": { + "type": "string" + }, + "JwtToken": { + "type": "string" + }, + "RefreshToken": { + "type": "string" + }, + "UserManagedClientApplicationClientSecret": { + "type": "string" + } + }, + "type": "object" + }, + "OAuth2PropertiesInput": { + "additionalProperties": false, + "properties": { + "AuthorizationCodeProperties": { + "$ref": "#/definitions/AuthorizationCodeProperties" + }, + "OAuth2ClientApplication": { + "$ref": "#/definitions/OAuth2ClientApplication" + }, + "OAuth2Credentials": { + "$ref": "#/definitions/OAuth2Credentials" + }, + "OAuth2GrantType": { + "type": "string" + }, + "TokenUrl": { + "type": "string" + }, + "TokenUrlParametersMap": { + "type": "object" + } + }, + "type": "object" + }, "PhysicalConnectionRequirements": { "additionalProperties": false, "properties": { diff --git a/src/schema/aws-glue-crawler.json b/src/schema/aws-glue-crawler.json index e7105fb3..7dd3410a 100644 --- a/src/schema/aws-glue-crawler.json +++ b/src/schema/aws-glue-crawler.json @@ -6,20 +6,26 @@ "definitions": { "CatalogTarget": { "additionalProperties": false, + "description": "Specifies an AWS Glue Data Catalog target.", "properties": { "ConnectionName": { + "description": "The name of the connection for an Amazon S3-backed Data Catalog table to be a target of the crawl when using a Catalog connection type paired with a NETWORK Connection type.", "type": "string" }, "DatabaseName": { + "description": "The name of the database to be synchronized.", "type": "string" }, "DlqEventQueueArn": { + "description": "A valid Amazon dead-letter SQS ARN. For example, arn:aws:sqs:region:account:deadLetterQueue.", "type": "string" }, "EventQueueArn": { + "description": "A valid Amazon SQS ARN. For example, arn:aws:sqs:region:account:sqs.", "type": "string" }, "Tables": { + "description": "A list of the tables to be synchronized.", "items": { "type": "string" }, @@ -31,21 +37,27 @@ }, "DeltaTarget": { "additionalProperties": false, + "description": "Specifies a Delta data store to crawl one or more Delta tables.", "properties": { "ConnectionName": { + "description": "The name of the connection to use to connect to the Delta table target.", "type": "string" }, "CreateNativeDeltaTable": { + "description": "Specifies whether the crawler will create native tables, to allow integration with query engines that support querying of the Delta transaction log directly.", "type": "boolean" }, "DeltaTables": { + "description": "", "items": { + "description": "A list of the Amazon S3 paths to the Delta tables.", "type": "string" }, "type": "array", "uniqueItems": false }, "WriteManifest": { + "description": "Specifies whether to write the manifest files to the Delta table path.", "type": "boolean" } }, @@ -53,20 +65,56 @@ }, "DynamoDBTarget": { "additionalProperties": false, + "description": "Specifies an Amazon DynamoDB table to crawl.", "properties": { "Path": { + "description": "The name of the DynamoDB table to crawl.", "type": "string" } }, "type": "object" }, + "HudiTarget": { + "additionalProperties": false, + "description": "Specifies Apache Hudi data store targets.", + "properties": { + "ConnectionName": { + "description": "The name of the connection to use to connect to the Hudi target.", + "type": "string" + }, + "Exclusions": { + "description": "A list of global patterns used to exclude from the crawl.", + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + }, + "MaximumTraversalDepth": { + "description": "The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Hudi metadata folder in your Amazon S3 path. Used to limit the crawler run time.", + "type": "integer" + }, + "Paths": { + "description": "One or more Amazon S3 paths that contains Hudi metadata folders as s3://bucket/prefix .", + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" + }, "IcebergTarget": { "additionalProperties": false, + "description": "Specifies Apache Iceberg data store targets.", "properties": { "ConnectionName": { + "description": "The name of the connection to use to connect to the Iceberg target.", "type": "string" }, "Exclusions": { + "description": "A list of global patterns used to exclude from the crawl.", "items": { "type": "string" }, @@ -74,9 +122,11 @@ "uniqueItems": false }, "MaximumTraversalDepth": { + "description": "The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Iceberg metadata folder in your Amazon S3 path. Used to limit the crawler run time.", "type": "integer" }, "Paths": { + "description": "One or more Amazon S3 paths that contains Iceberg metadata folders as s3://bucket/prefix .", "items": { "type": "string" }, @@ -88,11 +138,14 @@ }, "JdbcTarget": { "additionalProperties": false, + "description": "Specifies a JDBC data store to crawl.", "properties": { "ConnectionName": { + "description": "The name of the connection to use to connect to the JDBC target.", "type": "string" }, "EnableAdditionalMetadata": { + "description": "Specify a value of RAWTYPES or COMMENTS to enable additional metadata in table responses. RAWTYPES provides the native-level datatype. COMMENTS provides comments associated with a column or table in the database.\n\nIf you do not need additional metadata, keep the field empty.", "items": { "type": "string" }, @@ -100,6 +153,7 @@ "uniqueItems": false }, "Exclusions": { + "description": "A list of glob patterns used to exclude from the crawl. For more information, see Catalog Tables with a Crawler.", "items": { "type": "string" }, @@ -107,6 +161,7 @@ "uniqueItems": false }, "Path": { + "description": "The path of the JDBC target.", "type": "string" } }, @@ -114,11 +169,14 @@ }, "LakeFormationConfiguration": { "additionalProperties": false, + "description": "Specifies AWS Lake Formation configuration settings for the crawler", "properties": { "AccountId": { + "description": "Required for cross account crawls. For same account crawls as the target data, this can be left as null.", "type": "string" }, "UseLakeFormationCredentials": { + "description": "Specifies whether to use AWS Lake Formation credentials for the crawler instead of the IAM role credentials.", "type": "boolean" } }, @@ -126,11 +184,14 @@ }, "MongoDBTarget": { "additionalProperties": false, + "description": "Specifies an Amazon DocumentDB or MongoDB data store to crawl.", "properties": { "ConnectionName": { + "description": "The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target.", "type": "string" }, "Path": { + "description": "The path of the Amazon DocumentDB or MongoDB target (database/collection).", "type": "string" } }, @@ -138,8 +199,10 @@ }, "RecrawlPolicy": { "additionalProperties": false, + "description": "When crawling an Amazon S3 data source after the first crawl is complete, specifies whether to crawl the entire dataset again or to crawl only folders that were added since the last crawler run. For more information, see Incremental Crawls in AWS Glue in the developer guide.", "properties": { "RecrawlBehavior": { + "description": "Specifies whether to crawl the entire dataset again or to crawl only folders that were added since the last crawler run. A value of CRAWL_EVERYTHING specifies crawling the entire dataset again. A value of CRAWL_NEW_FOLDERS_ONLY specifies crawling only folders that were added since the last crawler run. A value of CRAWL_EVENT_MODE specifies crawling only the changes identified by Amazon S3 events.", "type": "string" } }, @@ -147,17 +210,22 @@ }, "S3Target": { "additionalProperties": false, + "description": "Specifies a data store in Amazon Simple Storage Service (Amazon S3).", "properties": { "ConnectionName": { + "description": "The name of a connection which allows a job or crawler to access data in Amazon S3 within an Amazon Virtual Private Cloud environment (Amazon VPC).", "type": "string" }, "DlqEventQueueArn": { + "description": "A valid Amazon dead-letter SQS ARN. For example, arn:aws:sqs:region:account:deadLetterQueue.", "type": "string" }, "EventQueueArn": { + "description": "A valid Amazon SQS ARN. For example, arn:aws:sqs:region:account:sqs.", "type": "string" }, "Exclusions": { + "description": "A list of glob patterns used to exclude from the crawl.", "items": { "type": "string" }, @@ -165,9 +233,11 @@ "uniqueItems": false }, "Path": { + "description": "The path to the Amazon S3 target.", "type": "string" }, "SampleSize": { + "description": "Sets the number of files in each leaf folder to be crawled when crawling sample files in a dataset. If not set, all the files are crawled. A valid value is an integer between 1 and 249.", "type": "integer" } }, @@ -175,8 +245,10 @@ }, "Schedule": { "additionalProperties": false, + "description": "A scheduling object using a cron statement to schedule an event.", "properties": { "ScheduleExpression": { + "description": "A cron expression used to specify the schedule. For more information, see Time-Based Schedules for Jobs and Crawlers. For example, to run something every day at 12:15 UTC, specify cron(15 12 * * ? *).", "type": "string" } }, @@ -184,11 +256,14 @@ }, "SchemaChangePolicy": { "additionalProperties": false, + "description": "The policy that specifies update and delete behaviors for the crawler. The policy tells the crawler what to do in the event that it detects a change in a table that already exists in the customer's database at the time of the crawl. The SchemaChangePolicy does not affect whether or how new tables and partitions are added. New tables and partitions are always created regardless of the SchemaChangePolicy on a crawler. The SchemaChangePolicy consists of two components, UpdateBehavior and DeleteBehavior.", "properties": { "DeleteBehavior": { + "description": "The deletion behavior when the crawler finds a deleted object. A value of LOG specifies that if a table or partition is found to no longer exist, do not delete it, only log that it was found to no longer exist. A value of DELETE_FROM_DATABASE specifies that if a table or partition is found to have been removed, delete it from the database. A value of DEPRECATE_IN_DATABASE specifies that if a table has been found to no longer exist, to add a property to the table that says 'DEPRECATED' and includes a timestamp with the time of deprecation.", "type": "string" }, "UpdateBehavior": { + "description": "The update behavior when the crawler finds a changed schema. A value of LOG specifies that if a table or a partition already exists, and a change is detected, do not update it, only log that a change was detected. Add new tables and new partitions (including on existing tables). A value of UPDATE_IN_DATABASE specifies that if a table or partition already exists, and a change is detected, update it. Add new tables and partitions.", "type": "string" } }, @@ -196,8 +271,10 @@ }, "Targets": { "additionalProperties": false, + "description": "Specifies data stores to crawl.", "properties": { "CatalogTargets": { + "description": "Specifies AWS Glue Data Catalog targets.", "items": { "$ref": "#/definitions/CatalogTarget" }, @@ -205,6 +282,7 @@ "uniqueItems": false }, "DeltaTargets": { + "description": "Specifies an array of Delta data store targets.", "items": { "$ref": "#/definitions/DeltaTarget" }, @@ -212,13 +290,23 @@ "uniqueItems": false }, "DynamoDBTargets": { + "description": "Specifies Amazon DynamoDB targets.", "items": { "$ref": "#/definitions/DynamoDBTarget" }, "type": "array", "uniqueItems": false }, + "HudiTargets": { + "description": "Specifies Apache Hudi data store targets.", + "items": { + "$ref": "#/definitions/HudiTarget" + }, + "type": "array", + "uniqueItems": false + }, "IcebergTargets": { + "description": "Specifies Apache Iceberg data store targets.", "items": { "$ref": "#/definitions/IcebergTarget" }, @@ -226,6 +314,7 @@ "uniqueItems": false }, "JdbcTargets": { + "description": "Specifies JDBC targets.", "items": { "$ref": "#/definitions/JdbcTarget" }, @@ -233,6 +322,7 @@ "uniqueItems": false }, "MongoDBTargets": { + "description": "A list of Mongo DB targets.", "items": { "$ref": "#/definitions/MongoDBTarget" }, @@ -240,6 +330,7 @@ "uniqueItems": false }, "S3Targets": { + "description": "Specifies Amazon Simple Storage Service (Amazon S3) targets.", "items": { "$ref": "#/definitions/S3Target" }, @@ -251,11 +342,51 @@ } }, "description": "Resource Type definition for AWS::Glue::Crawler", + "handlers": { + "create": { + "permissions": [ + "glue:CreateCrawler", + "glue:GetCrawler", + "glue:TagResource", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "glue:DeleteCrawler", + "glue:GetCrawler", + "glue:StopCrawler", + "iam:PassRole" + ] + }, + "list": { + "permissions": [ + "glue:ListCrawlers", + "iam:PassRole" + ] + }, + "read": { + "permissions": [ + "glue:GetCrawler", + "glue:GetTags", + "iam:PassRole" + ] + }, + "update": { + "permissions": [ + "glue:UpdateCrawler", + "glue:UntagResource", + "glue:TagResource", + "iam:PassRole" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Name" ], "properties": { "Classifiers": { + "description": "A list of UTF-8 strings that specify the names of custom classifiers that are associated with the crawler.", "items": { "type": "string" }, @@ -263,30 +394,33 @@ "uniqueItems": false }, "Configuration": { + "description": "Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior.", "type": "string" }, "CrawlerSecurityConfiguration": { + "description": "The name of the SecurityConfiguration structure to be used by this crawler.", "type": "string" }, "DatabaseName": { + "description": "The name of the database in which the crawler's output is stored.", "type": "string" }, "Description": { - "type": "string" - }, - "Id": { + "description": "A description of the crawler.", "type": "string" }, "LakeFormationConfiguration": { "$ref": "#/definitions/LakeFormationConfiguration" }, "Name": { + "description": "The name of the crawler.", "type": "string" }, "RecrawlPolicy": { "$ref": "#/definitions/RecrawlPolicy" }, "Role": { + "description": "The Amazon Resource Name (ARN) of an IAM role that's used to access customer resources, such as Amazon Simple Storage Service (Amazon S3) data.", "type": "string" }, "Schedule": { @@ -296,21 +430,32 @@ "$ref": "#/definitions/SchemaChangePolicy" }, "TablePrefix": { + "description": "The prefix added to the names of tables that are created.", "type": "string" }, "Tags": { + "description": "The tags to use with this crawler.", "type": "object" }, "Targets": { "$ref": "#/definitions/Targets" } }, - "readOnlyProperties": [ - "/properties/Id" - ], "required": [ "Role", "Targets" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "glue:TagResource", + "glue:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Glue::Crawler" } diff --git a/src/schema/aws-glue-database.json b/src/schema/aws-glue-database.json index 82f7306c..32091e6e 100644 --- a/src/schema/aws-glue-database.json +++ b/src/schema/aws-glue-database.json @@ -1,13 +1,15 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/CatalogId" + "/properties/DatabaseName" ], "definitions": { "DataLakePrincipal": { "additionalProperties": false, + "description": "The AWS Lake Formation principal.", "properties": { "DataLakePrincipalIdentifier": { + "description": "An identifier for the AWS Lake Formation principal.", "type": "string" } }, @@ -15,14 +17,18 @@ }, "DatabaseIdentifier": { "additionalProperties": false, + "description": "A structure that describes a target database for resource linking.", "properties": { "CatalogId": { + "description": "The ID of the Data Catalog in which the database resides.", "type": "string" }, "DatabaseName": { + "description": "The name of the catalog database.", "type": "string" }, "Region": { + "description": "Region of the target database.", "type": "string" } }, @@ -30,42 +36,55 @@ }, "DatabaseInput": { "additionalProperties": false, + "description": "The structure used to create or update a database.", "properties": { "CreateTableDefaultPermissions": { + "description": "Creates a set of default permissions on the table for principals. Used by AWS Lake Formation. Not used in the normal course of AWS Glue operations.", + "insertionOrder": false, "items": { - "$ref": "#/definitions/PrincipalPrivileges" + "$ref": "#/definitions/PrincipalPrivileges", + "description": "The permissions granted to a principal." }, "type": "array", "uniqueItems": false }, "Description": { + "description": "A description of the database.", "type": "string" }, "FederatedDatabase": { - "$ref": "#/definitions/FederatedDatabase" + "$ref": "#/definitions/FederatedDatabase", + "description": "A FederatedDatabase structure that references an entity outside the AWS Glue Data Catalog." }, "LocationUri": { + "description": "The location of the database (for example, an HDFS path).", "type": "string" }, "Name": { + "description": "The name of the database. For hive compatibility, this is folded to lowercase when it is stored.", "type": "string" }, "Parameters": { + "description": "These key-value pairs define parameters and properties of the database.", "type": "object" }, "TargetDatabase": { - "$ref": "#/definitions/DatabaseIdentifier" + "$ref": "#/definitions/DatabaseIdentifier", + "description": "A DatabaseIdentifier structure that describes a target database for resource linking." } }, "type": "object" }, "FederatedDatabase": { "additionalProperties": false, + "description": "A FederatedDatabase structure that references an entity outside the AWS Glue Data Catalog.", "properties": { "ConnectionName": { + "description": "The name of the connection to the external metastore.", "type": "string" }, "Identifier": { + "description": "A unique identifier for the federated database.", "type": "string" } }, @@ -73,8 +92,11 @@ }, "PrincipalPrivileges": { "additionalProperties": false, + "description": "The permissions granted to a principal.", "properties": { "Permissions": { + "description": "The permissions that are granted to the principal.", + "insertionOrder": false, "items": { "type": "string" }, @@ -82,33 +104,91 @@ "uniqueItems": false }, "Principal": { - "$ref": "#/definitions/DataLakePrincipal" + "$ref": "#/definitions/DataLakePrincipal", + "description": "The principal who is granted permissions." } }, "type": "object" } }, "description": "Resource Type definition for AWS::Glue::Database", + "handlers": { + "create": { + "permissions": [ + "glue:CreateDatabase", + "glue:GetDatabase", + "glue:PassConnection", + "glue:CreateConnection", + "lakeformation:ListResources", + "lakeformation:DescribeResource", + "lakeformation:DescribeLakeFormationIdentityCenterConfiguration" + ] + }, + "delete": { + "permissions": [ + "glue:DeleteDatabase", + "glue:GetDatabase", + "glue:DeleteConnection", + "glue:GetConnection", + "lakeformation:ListResources", + "lakeformation:DescribeResource", + "lakeformation:DescribeLakeFormationIdentityCenterConfiguration" + ] + }, + "list": { + "permissions": [ + "glue:GetDatabases", + "lakeformation:ListResources", + "lakeformation:DescribeResource", + "lakeformation:DescribeLakeFormationIdentityCenterConfiguration" + ] + }, + "read": { + "permissions": [ + "glue:GetDatabase", + "glue:GetConnection", + "lakeformation:ListResources", + "lakeformation:DescribeResource", + "lakeformation:DescribeLakeFormationIdentityCenterConfiguration" + ] + }, + "update": { + "permissions": [ + "glue:UpdateDatabase", + "glue:UpdateConnection", + "lakeformation:ListResources", + "lakeformation:DescribeResource", + "lakeformation:DescribeLakeFormationIdentityCenterConfiguration" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/DatabaseName" ], "properties": { "CatalogId": { + "description": "The AWS account ID for the account in which to create the catalog object.", "type": "string" }, "DatabaseInput": { - "$ref": "#/definitions/DatabaseInput" + "$ref": "#/definitions/DatabaseInput", + "description": "The metadata for the database." }, - "Id": { + "DatabaseName": { + "description": "The name of the database. For hive compatibility, this is folded to lowercase when it is store.", "type": "string" } }, - "readOnlyProperties": [ - "/properties/Id" - ], "required": [ "DatabaseInput", "CatalogId" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::Glue::Database" } diff --git a/src/schema/aws-glue-job.json b/src/schema/aws-glue-job.json index 89750c79..cd3c1a9c 100644 --- a/src/schema/aws-glue-job.json +++ b/src/schema/aws-glue-job.json @@ -8,6 +8,7 @@ "additionalProperties": false, "properties": { "Connections": { + "description": "A list of connections used by the job.", "items": { "type": "string" }, @@ -17,10 +18,23 @@ }, "type": "object" }, + "DefaultArguments": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, "ExecutionProperty": { "additionalProperties": false, "properties": { "MaxConcurrentRuns": { + "description": "The maximum number of concurrent runs allowed for the job.", "type": "number" } }, @@ -30,15 +44,31 @@ "additionalProperties": false, "properties": { "Name": { + "description": "The name of the job command", "type": "string" }, "PythonVersion": { + "description": "The Python version being used to execute a Python shell job.", "type": "string" }, "Runtime": { + "description": "Runtime is used to specify the versions of Ray, Python and additional libraries available in your environment", "type": "string" }, "ScriptLocation": { + "description": "Specifies the Amazon Simple Storage Service (Amazon S3) path to a script that executes a job", + "type": "string" + } + }, + "type": "object" + }, + "NonOverridableArguments": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { "type": "string" } }, @@ -48,6 +78,7 @@ "additionalProperties": false, "properties": { "NotifyDelayAfter": { + "description": "It is the number of minutes to wait before sending a job run delay notification after a job run starts", "type": "integer" } }, @@ -55,83 +86,165 @@ } }, "description": "Resource Type definition for AWS::Glue::Job", + "handlers": { + "create": { + "permissions": [ + "iam:GetRole", + "iam:PassRole", + "glue:CreateJob", + "glue:GetJob", + "glue:TagResource" + ] + }, + "delete": { + "permissions": [ + "glue:DeleteJob", + "glue:GetJob", + "glue:UntagResource" + ] + }, + "list": { + "permissions": [ + "glue:ListJobs" + ] + }, + "read": { + "permissions": [ + "glue:GetJob", + "glue:GetTags" + ] + }, + "update": { + "permissions": [ + "iam:GetRole", + "iam:PassRole", + "glue:UpdateJob", + "glue:UntagResource", + "glue:TagResource" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Name" ], "properties": { "AllocatedCapacity": { + "description": "The number of capacity units that are allocated to this job.", "type": "number" }, "Command": { - "$ref": "#/definitions/JobCommand" + "$ref": "#/definitions/JobCommand", + "description": "The code that executes a job." }, "Connections": { - "$ref": "#/definitions/ConnectionsList" + "$ref": "#/definitions/ConnectionsList", + "description": "Specifies the connections used by a job" }, "DefaultArguments": { + "description": "The default arguments for this job, specified as name-value pairs.", "type": "object" }, "Description": { + "description": "A description of the job.", "type": "string" }, "ExecutionClass": { + "description": "Indicates whether the job is run with a standard or flexible execution class.", "type": "string" }, "ExecutionProperty": { - "$ref": "#/definitions/ExecutionProperty" + "$ref": "#/definitions/ExecutionProperty", + "description": "The maximum number of concurrent runs that are allowed for this job." }, "GlueVersion": { + "description": "Glue version determines the versions of Apache Spark and Python that AWS Glue supports.", "type": "string" }, - "Id": { + "JobMode": { + "description": "Property description not available.", "type": "string" }, + "JobRunQueuingEnabled": { + "description": "Property description not available.", + "type": "boolean" + }, "LogUri": { + "description": "This field is reserved for future use.", "type": "string" }, "MaintenanceWindow": { + "description": "Property description not available.", "type": "string" }, "MaxCapacity": { + "description": "The number of AWS Glue data processing units (DPUs) that can be allocated when this job runs.", "type": "number" }, "MaxRetries": { + "description": "The maximum number of times to retry this job after a JobRun fails", "type": "number" }, "Name": { + "description": "The name you assign to the job definition", "type": "string" }, "NonOverridableArguments": { + "description": "Non-overridable arguments for this job, specified as name-value pairs.", "type": "object" }, "NotificationProperty": { - "$ref": "#/definitions/NotificationProperty" + "$ref": "#/definitions/NotificationProperty", + "description": "Specifies configuration properties of a notification." }, "NumberOfWorkers": { + "description": "The number of workers of a defined workerType that are allocated when a job runs.", "type": "integer" }, "Role": { + "description": "The name or Amazon Resource Name (ARN) of the IAM role associated with this job.", "type": "string" }, "SecurityConfiguration": { + "description": "The name of the SecurityConfiguration structure to be used with this job.", "type": "string" }, "Tags": { + "description": "The tags to use with this job.", "type": "object" }, "Timeout": { + "description": "The maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status.", "type": "integer" }, "WorkerType": { + "description": "TThe type of predefined worker that is allocated when a job runs.", + "enum": [ + "Standard", + "G.1X", + "G.2X", + "G.025X", + "G.4X", + "G.8X", + "Z.2X" + ], "type": "string" } }, - "readOnlyProperties": [ - "/properties/Id" - ], "required": [ "Role", "Command" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "glue:TagResource", + "glue:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Glue::Job" } diff --git a/src/schema/aws-glue-registry.json b/src/schema/aws-glue-registry.json index e6bb866e..c8ed17a5 100644 --- a/src/schema/aws-glue-registry.json +++ b/src/schema/aws-glue-registry.json @@ -33,7 +33,8 @@ "permissions": [ "glue:CreateRegistry", "glue:GetRegistry", - "glue:GetTags" + "glue:GetTags", + "glue:TagResource" ] }, "delete": { @@ -101,5 +102,17 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "glue:GetTags", + "glue:TagResource", + "glue:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Glue::Registry" } diff --git a/src/schema/aws-glue-schema.json b/src/schema/aws-glue-schema.json index 09be097e..f7289c29 100644 --- a/src/schema/aws-glue-schema.json +++ b/src/schema/aws-glue-schema.json @@ -69,7 +69,8 @@ "handlers": { "create": { "permissions": [ - "glue:CreateSchema" + "glue:CreateSchema", + "glue:TagResource" ] }, "delete": { @@ -179,10 +180,21 @@ "required": [ "Name", "DataFormat", - "SchemaDefinition", "Compatibility" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "glue:GetTags", + "glue:TagResource", + "glue:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Glue::Schema", "writeOnlyProperties": [ "/properties/SchemaDefinition" diff --git a/src/schema/aws-glue-tableoptimizer.json b/src/schema/aws-glue-tableoptimizer.json index b6d5685c..5e6a9861 100644 --- a/src/schema/aws-glue-tableoptimizer.json +++ b/src/schema/aws-glue-tableoptimizer.json @@ -7,14 +7,53 @@ "/properties/CatalogId" ], "definitions": { + "IcebergConfiguration": { + "additionalProperties": false, + "properties": { + "Location": { + "type": "string" + }, + "OrphanFileRetentionPeriodInDays": { + "type": "integer" + } + }, + "type": "object" + }, + "OrphanFileDeletionConfiguration": { + "additionalProperties": false, + "properties": { + "IcebergConfiguration": { + "$ref": "#/definitions/IcebergConfiguration" + } + }, + "type": "object" + }, + "RetentionConfiguration": { + "additionalProperties": false, + "properties": { + "IcebergConfiguration": { + "$ref": "#/definitions/IcebergConfiguration" + } + }, + "type": "object" + }, "TableOptimizerConfiguration": { "additionalProperties": false, "properties": { "Enabled": { "type": "boolean" }, + "OrphanFileDeletionConfiguration": { + "$ref": "#/definitions/OrphanFileDeletionConfiguration" + }, + "RetentionConfiguration": { + "$ref": "#/definitions/RetentionConfiguration" + }, "RoleArn": { "type": "string" + }, + "VpcConfiguration": { + "$ref": "#/definitions/VpcConfiguration" } }, "required": [ @@ -22,6 +61,15 @@ "RoleArn" ], "type": "object" + }, + "VpcConfiguration": { + "additionalProperties": false, + "properties": { + "GlueConnectionName": { + "type": "string" + } + }, + "type": "object" } }, "description": "Resource Type definition for AWS::Glue::TableOptimizer", diff --git a/src/schema/aws-glue-trigger.json b/src/schema/aws-glue-trigger.json index accc42db..1c8971e7 100644 --- a/src/schema/aws-glue-trigger.json +++ b/src/schema/aws-glue-trigger.json @@ -203,6 +203,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "glue:TagResource", + "glue:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-glue-usageprofile.json b/src/schema/aws-glue-usageprofile.json new file mode 100644 index 00000000..eaeccb3a --- /dev/null +++ b/src/schema/aws-glue-usageprofile.json @@ -0,0 +1,203 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name" + ], + "definitions": { + "ConfigurationObject": { + "additionalProperties": false, + "anyOf": [ + { + "required": [ + "DefaultValue" + ] + }, + { + "oneOf": [ + { + "required": [ + "AllowedValues" + ] + }, + { + "required": [ + "MinValue", + "MaxValue" + ] + } + ] + } + ], + "properties": { + "AllowedValues": { + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "DefaultValue": { + "type": "string" + }, + "MaxValue": { + "type": "string" + }, + "MinValue": { + "type": "string" + } + } + }, + "ProfileConfiguration": { + "additionalProperties": false, + "anyOf": [ + { + "required": [ + "JobConfiguration" + ] + }, + { + "required": [ + "SessionConfiguration" + ] + } + ], + "properties": { + "JobConfiguration": { + "additionalProperties": false, + "patternProperties": { + "^.+$": { + "$ref": "#/definitions/ConfigurationObject" + } + } + }, + "SessionConfiguration": { + "additionalProperties": false, + "patternProperties": { + "^.+$": { + "$ref": "#/definitions/ConfigurationObject" + } + } + } + } + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "description": "A key to identify the tag.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "Corresponding tag value for the key.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "This creates a Resource of UsageProfile type.", + "handlers": { + "create": { + "permissions": [ + "glue:CreateUsageProfile", + "glue:GetUsageProfile", + "glue:GetTags", + "glue:TagResource" + ] + }, + "delete": { + "permissions": [ + "glue:DeleteUsageProfile", + "glue:GetUsageProfile" + ] + }, + "list": { + "permissions": [ + "glue:ListUsageProfiles" + ] + }, + "read": { + "permissions": [ + "glue:GetUsageProfile", + "glue:GetTags" + ] + }, + "update": { + "permissions": [ + "glue:UpdateUsageProfile", + "glue:GetUsageProfile", + "glue:TagResource", + "glue:UntagResource", + "glue:GetTags" + ] + } + }, + "primaryIdentifier": [ + "/properties/Name" + ], + "properties": { + "Configuration": { + "$ref": "#/definitions/ProfileConfiguration", + "description": "UsageProfile configuration for supported service ex: (Jobs, Sessions).", + "minItems": 1 + }, + "CreatedOn": { + "description": "Creation time.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Description": { + "description": "The description of the UsageProfile.", + "maxLength": 512, + "minLength": 1, + "pattern": "[a-zA-Z0-9\\-\\:\\_]{1,64}", + "type": "string" + }, + "Name": { + "description": "The name of the UsageProfile.", + "maxLength": 128, + "minLength": 5, + "type": "string" + }, + "Tags": { + "description": "The tags to be applied to this UsageProfiles.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/CreatedOn" + ], + "required": [ + "Name" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-glue", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "glue:TagResource", + "glue:UntagResource", + "glue:GetTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Glue::UsageProfile" +} diff --git a/src/schema/aws-groundstation-config.json b/src/schema/aws-groundstation-config.json index 2da39a7a..24fd5eec 100644 --- a/src/schema/aws-groundstation-config.json +++ b/src/schema/aws-groundstation-config.json @@ -338,5 +338,17 @@ "ConfigData" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ground-station.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "groundstation:TagResource", + "groundstation:UntagResource", + "groundstation:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::GroundStation::Config" } diff --git a/src/schema/aws-groundstation-dataflowendpointgroup.json b/src/schema/aws-groundstation-dataflowendpointgroup.json index f0376623..30523751 100644 --- a/src/schema/aws-groundstation-dataflowendpointgroup.json +++ b/src/schema/aws-groundstation-dataflowendpointgroup.json @@ -1,5 +1,10 @@ { "additionalProperties": false, + "createOnlyProperties": [ + "/properties/EndpointDetails", + "/properties/ContactPrePassDurationSeconds", + "/properties/ContactPostPassDurationSeconds" + ], "definitions": { "AgentStatus": { "description": "The status of AgentEndpoint.", @@ -226,6 +231,13 @@ "groundstation:GetDataflowEndpointGroup", "groundstation:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "groundstation:ListTagsForResource", + "groundstation:TagResource", + "groundstation:UntagResource" + ] } }, "primaryIdentifier": [ @@ -269,5 +281,17 @@ "EndpointDetails" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ground-station.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "groundstation:TagResource", + "groundstation:UntagResource", + "groundstation:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::GroundStation::DataflowEndpointGroup" } diff --git a/src/schema/aws-groundstation-missionprofile.json b/src/schema/aws-groundstation-missionprofile.json index c4c11aad..fd68a5dd 100644 --- a/src/schema/aws-groundstation-missionprofile.json +++ b/src/schema/aws-groundstation-missionprofile.json @@ -25,6 +25,11 @@ "required": [ "KmsAliasArn" ] + }, + { + "required": [ + "KmsAliasName" + ] } ], "properties": { @@ -32,6 +37,10 @@ "pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$", "type": "string" }, + "KmsAliasName": { + "pattern": "^alias/[a-zA-Z0-9:/_-]+$", + "type": "string" + }, "KmsKeyArn": { "pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$", "type": "string" @@ -173,5 +182,17 @@ "TrackingConfigArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ground-station.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "groundstation:TagResource", + "groundstation:UntagResource", + "groundstation:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::GroundStation::MissionProfile" } diff --git a/src/schema/aws-guardduty-detector.json b/src/schema/aws-guardduty-detector.json index 4500a22d..53600f26 100644 --- a/src/schema/aws-guardduty-detector.json +++ b/src/schema/aws-guardduty-detector.json @@ -36,6 +36,7 @@ "additionalProperties": false, "properties": { "AdditionalConfiguration": { + "insertionOrder": false, "items": { "$ref": "#/definitions/CFNFeatureAdditionalConfiguration" }, @@ -159,7 +160,8 @@ }, "read": { "permissions": [ - "guardduty:GetDetector" + "guardduty:GetDetector", + "guardduty:ListTagsForResource" ] }, "update": { @@ -168,7 +170,9 @@ "guardduty:GetDetector", "guardduty:ListDetectors", "iam:CreateServiceLinkedRole", - "iam:GetRole" + "iam:GetRole", + "guardduty:TagResource", + "guardduty:UntagResource" ] } }, @@ -183,6 +187,7 @@ "type": "boolean" }, "Features": { + "insertionOrder": false, "items": { "$ref": "#/definitions/CFNFeatureConfiguration" }, @@ -195,6 +200,7 @@ "type": "string" }, "Tags": { + "insertionOrder": false, "items": { "$ref": "#/definitions/TagItem" }, @@ -210,7 +216,8 @@ "tagging": { "cloudFormationSystemTags": false, "tagOnCreate": true, - "tagUpdatable": false, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GuardDuty::Detector" diff --git a/src/schema/aws-guardduty-filter.json b/src/schema/aws-guardduty-filter.json index 8a8163d2..11e05cfb 100644 --- a/src/schema/aws-guardduty-filter.json +++ b/src/schema/aws-guardduty-filter.json @@ -134,14 +134,17 @@ }, "read": { "permissions": [ - "guardduty:GetFilter" + "guardduty:GetFilter", + "guardduty:ListTagsForResource" ] }, "update": { "permissions": [ "guardduty:UpdateFilter", "guardduty:GetFilter", - "guardduty:ListFilters" + "guardduty:ListFilters", + "guardduty:TagResource", + "guardduty:UntagResource" ] } }, @@ -175,6 +178,7 @@ "type": "integer" }, "Tags": { + "insertionOrder": false, "items": { "$ref": "#/definitions/TagItem" }, @@ -188,8 +192,14 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ], "tagOnCreate": true, - "tagUpdatable": false, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GuardDuty::Filter" diff --git a/src/schema/aws-guardduty-ipset.json b/src/schema/aws-guardduty-ipset.json index cb7f6e4d..643c7998 100644 --- a/src/schema/aws-guardduty-ipset.json +++ b/src/schema/aws-guardduty-ipset.json @@ -68,7 +68,9 @@ "guardduty:UpdateIPSet", "guardduty:GetIPSet", "guardduty:ListIPSets", - "iam:PutRolePolicy" + "iam:PutRolePolicy", + "guardduty:TagResource", + "guardduty:UntagResource" ] } }, @@ -102,6 +104,7 @@ "type": "string" }, "Tags": { + "insertionOrder": false, "items": { "$ref": "#/definitions/TagItem" }, @@ -117,8 +120,14 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ], "tagOnCreate": true, - "tagUpdatable": false, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GuardDuty::IPSet", diff --git a/src/schema/aws-guardduty-malwareprotectionplan.json b/src/schema/aws-guardduty-malwareprotectionplan.json index 094b015a..707bdc4c 100644 --- a/src/schema/aws-guardduty-malwareprotectionplan.json +++ b/src/schema/aws-guardduty-malwareprotectionplan.json @@ -175,7 +175,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-guardduty-publishingdestination.json b/src/schema/aws-guardduty-publishingdestination.json new file mode 100644 index 00000000..5284f6a2 --- /dev/null +++ b/src/schema/aws-guardduty-publishingdestination.json @@ -0,0 +1,148 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DetectorId" + ], + "definitions": { + "CFNDestinationProperties": { + "additionalProperties": false, + "properties": { + "DestinationArn": { + "description": "The ARN of the resource to publish to.", + "type": "string" + }, + "KmsKeyArn": { + "description": "The ARN of the KMS key to use for encryption.", + "type": "string" + } + }, + "type": "object" + }, + "TagItem": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::GuardDuty::PublishingDestination.", + "handlers": { + "create": { + "permissions": [ + "guardduty:CreatePublishingDestination", + "guardduty:TagResource", + "guardduty:DescribePublishingDestination", + "guardduty:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "guardduty:DeletePublishingDestination", + "guardduty:DescribePublishingDestination" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "DetectorId": { + "type": "string" + } + } + }, + "permissions": [ + "guardduty:ListPublishingDestinations" + ] + }, + "read": { + "permissions": [ + "guardduty:DescribePublishingDestination", + "guardduty:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "guardduty:UpdatePublishingDestination", + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource", + "guardduty:DescribePublishingDestination" + ] + } + }, + "primaryIdentifier": [ + "/properties/DetectorId", + "/properties/Id" + ], + "properties": { + "DestinationProperties": { + "$ref": "#/definitions/CFNDestinationProperties", + "type": "object" + }, + "DestinationType": { + "description": "The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.", + "type": "string" + }, + "DetectorId": { + "description": "The ID of the GuardDuty detector associated with the publishing destination.", + "maxLength": 300, + "minLength": 1, + "type": "string" + }, + "Id": { + "description": "The ID of the publishing destination.", + "type": "string" + }, + "PublishingFailureStartTimestamp": { + "description": "The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.", + "type": "string" + }, + "Status": { + "description": "The status of the publishing destination.", + "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/TagItem" + }, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Status", + "/properties/PublishingFailureStartTimestamp" + ], + "required": [ + "DetectorId", + "DestinationType", + "DestinationProperties" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::GuardDuty::PublishingDestination" +} diff --git a/src/schema/aws-guardduty-threatintelset.json b/src/schema/aws-guardduty-threatintelset.json index ab62e3ea..bd2ffe2c 100644 --- a/src/schema/aws-guardduty-threatintelset.json +++ b/src/schema/aws-guardduty-threatintelset.json @@ -67,7 +67,9 @@ "guardduty:UpdateThreatIntelSet", "guardduty:GetThreatIntelSet", "guardduty:ListThreatIntelSets", - "iam:PutRolePolicy" + "iam:PutRolePolicy", + "guardduty:TagResource", + "guardduty:UntagResource" ] } }, @@ -117,8 +119,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-guardduty", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "guardduty:TagResource", + "guardduty:UntagResource", + "guardduty:ListTagsForResource" + ], "tagOnCreate": true, - "tagUpdatable": false, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::GuardDuty::ThreatIntelSet", diff --git a/src/schema/aws-healthimaging-datastore.json b/src/schema/aws-healthimaging-datastore.json index eecbee03..b582ce1a 100644 --- a/src/schema/aws-healthimaging-datastore.json +++ b/src/schema/aws-healthimaging-datastore.json @@ -146,6 +146,11 @@ "required": [], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "medical-imaging:TagResource", + "medical-imaging:UntagResource", + "medical-imaging:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/src/schema/aws-healthlake-fhirdatastore.json b/src/schema/aws-healthlake-fhirdatastore.json index f03549c8..bedc2f76 100644 --- a/src/schema/aws-healthlake-fhirdatastore.json +++ b/src/schema/aws-healthlake-fhirdatastore.json @@ -68,13 +68,18 @@ }, "IdentityProviderConfiguration": { "additionalProperties": false, + "default": { + "AuthorizationStrategy": "AWS_AUTH", + "FineGrainedAuthorizationEnabled": false + }, "description": "The identity provider configuration for the datastore", "properties": { "AuthorizationStrategy": { "description": "Type of Authorization Strategy. The two types of supported Authorization strategies are SMART_ON_FHIR_V1 and AWS_AUTH.", "enum": [ "SMART_ON_FHIR_V1", - "AWS_AUTH" + "AWS_AUTH", + "SMART_ON_FHIR" ], "type": "string" }, @@ -143,6 +148,11 @@ }, "SseConfiguration": { "additionalProperties": false, + "default": { + "KmsEncryptionConfig": { + "CmkType": "AWS_OWNED_KMS_KEY" + } + }, "description": "The server-side encryption key configuration for a customer provided encryption key.", "properties": { "KmsEncryptionConfig": { @@ -290,6 +300,17 @@ "required": [ "DatastoreTypeVersion" ], - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "healthlake:UntagResource", + "healthlake:TagResource", + "healthlake:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::HealthLake::FHIRDatastore" } diff --git a/src/schema/aws-iam-instanceprofile.json b/src/schema/aws-iam-instanceprofile.json index 4d1ee4e4..d72a9be5 100644 --- a/src/schema/aws-iam-instanceprofile.json +++ b/src/schema/aws-iam-instanceprofile.json @@ -72,6 +72,10 @@ "required": [ "Roles" ], - "taggable": false, + "tagging": { + "cloudFormationSystemTags": false, + "tagProperty": "/properties/Tags", + "taggable": false + }, "typeName": "AWS::IAM::InstanceProfile" } diff --git a/src/schema/aws-iam-oidcprovider.json b/src/schema/aws-iam-oidcprovider.json index fab81864..b0e736d3 100644 --- a/src/schema/aws-iam-oidcprovider.json +++ b/src/schema/aws-iam-oidcprovider.json @@ -44,7 +44,7 @@ }, "list": { "permissions": [ - "iam:ListOpenIDConnectProvider", + "iam:ListOpenIDConnectProviders", "iam:GetOpenIDConnectProvider" ] }, @@ -114,7 +114,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "iam:TagOpenIDConnectProvider", + "iam:UntagOpenIDConnectProvider", + "iam:ListOpenIDConnectProviderTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-iam-policy.json b/src/schema/aws-iam-policy.json index 2013fab2..57299cba 100644 --- a/src/schema/aws-iam-policy.json +++ b/src/schema/aws-iam-policy.json @@ -1,6 +1,6 @@ { "additionalProperties": false, - "description": "Adds or updates an inline policy document that is embedded in the specified IAM group, user or role.\n An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.\n The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.\n For information about policy documents see [Creating policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *User Guide*.\n For information about limits on the number of inline policies that you can embed in an identity, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.\n This resource does not support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html). The following", + "description": "Adds or updates an inline policy document that is embedded in the specified IAM group, user or role.\n An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.\n The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.\n For information about policy documents see [Creating policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *User Guide*.\n For information about limits on the number of inline policies that you can embed in an identity, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.\n This resource does not support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html). The following inline policy resource types support drift detection:\n + [AWS::IAM::GroupPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-grouppolicy.html) \n + [AWS::IAM::RolePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-rolepolicy.html) \n + [AWS::IAM::UserPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-userpolicy.html)", "handlers": { "create": { "permissions": [ diff --git a/src/schema/aws-iam-role.json b/src/schema/aws-iam-role.json index 46984e0d..3fe7dc96 100644 --- a/src/schema/aws-iam-role.json +++ b/src/schema/aws-iam-role.json @@ -37,7 +37,7 @@ "type": "string" }, "Value": { - "description": "The value associated with this tag. For example, tags with a key name of ``Department`` could have values such as ``Human Resources``, ``Accounting``, and ``Support``. Tags with a key name of ``Cost Center`` might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.\n AWS always interprets the tag ``Value`` as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.", + "description": "The value associated with this tag. For example, tags with a key name of ``Department`` could have values such as ``Human Resources``, ``Accounting``, and ``Support``. Tags with a key name of ``Cost Center`` might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.", "type": "string" } }, @@ -144,7 +144,7 @@ "type": "string" }, "Policies": { - "description": "Adds or updates an inline policy document that is embedded in the specified IAM role.\n When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).\n A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.\n For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.\n If an external policy (such as ``AWS::IAM::Policy`` or", + "description": "Adds or updates an inline policy document that is embedded in the specified IAM role.\n When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).\n A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.\n For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.\n If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy.", "insertionOrder": false, "items": { "$ref": "#/definitions/Policy" @@ -157,7 +157,7 @@ "type": "string" }, "RoleName": { - "description": "A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.\n This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.\n If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use", + "description": "A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.\n This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both \"Role1\" and \"role1\".\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.\n If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).\n Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{\"Fn::Join\": [\"\", [{\"Ref\": \"AWS::Region\"}, {\"Ref\": \"MyResourceName\"}]]}``.", "type": "string" }, "Tags": { @@ -180,6 +180,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iam.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "iam:TagRole", + "iam:UntagRole", + "iam:ListRoleTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iam-samlprovider.json b/src/schema/aws-iam-samlprovider.json index 3103d153..1ee28824 100644 --- a/src/schema/aws-iam-samlprovider.json +++ b/src/schema/aws-iam-samlprovider.json @@ -1,9 +1,34 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Name" + "/properties/Name", + "/properties/AddPrivateKey", + "/properties/RemovePrivateKey" ], "definitions": { + "SAMLPrivateKey": { + "additionalProperties": false, + "description": "The private key metadata for the SAML provider", + "properties": { + "KeyId": { + "description": "The unique identifier for the SAML private key.", + "maxLength": 64, + "minLength": 22, + "pattern": "[A-Z0-9]+", + "type": "string" + }, + "Timestamp": { + "description": "The date and time, in ISO 8601 date-time format, when the private key was uploaded.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "KeyId", + "Timestamp" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -67,23 +92,60 @@ "/properties/Arn" ], "properties": { + "AddPrivateKey": { + "description": "The private key from your external identity provider", + "maxLength": 16384, + "minLength": 1, + "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", + "type": "string" + }, "Arn": { "description": "Amazon Resource Name (ARN) of the SAML provider", "maxLength": 1600, "minLength": 1, "type": "string" }, + "AssertionEncryptionMode": { + "description": "The encryption setting for the SAML provider", + "enum": [ + "Allowed", + "Required" + ], + "type": "string" + }, "Name": { "maxLength": 128, "minLength": 1, "pattern": "[\\w._-]+", "type": "string" }, + "PrivateKeyList": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SAMLPrivateKey" + }, + "maxItems": 2, + "type": "array" + }, + "RemovePrivateKey": { + "description": "The Key ID of the private key to remove", + "maxLength": 64, + "minLength": 22, + "pattern": "[A-Z0-9]+", + "type": "string" + }, "SamlMetadataDocument": { "maxLength": 10000000, "minLength": 1000, "type": "string" }, + "SamlProviderUUID": { + "description": "The unique identifier assigned to the SAML provider", + "maxLength": 64, + "minLength": 22, + "pattern": "[A-Z0-9]+", + "type": "string" + }, "Tags": { "insertionOrder": false, "items": { @@ -94,16 +156,24 @@ } }, "readOnlyProperties": [ - "/properties/Arn" - ], - "required": [ - "SamlMetadataDocument" + "/properties/Arn", + "/properties/SamlProviderUUID" ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "iam:TagSAMLProvider", + "iam:ListSAMLProviderTags", + "iam:UntagSAMLProvider" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::IAM::SAMLProvider" + "typeName": "AWS::IAM::SAMLProvider", + "writeOnlyProperties": [ + "/properties/AddPrivateKey", + "/properties/RemovePrivateKey" + ] } diff --git a/src/schema/aws-iam-servercertificate.json b/src/schema/aws-iam-servercertificate.json index 89128fdc..5d15ef03 100644 --- a/src/schema/aws-iam-servercertificate.json +++ b/src/schema/aws-iam-servercertificate.json @@ -119,7 +119,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "iam:TagServerCertificate", + "iam:UntagServerCertificate", + "iam:ListServerCertificateTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-iam-user.json b/src/schema/aws-iam-user.json index fe7cdfd3..cbb53849 100644 --- a/src/schema/aws-iam-user.json +++ b/src/schema/aws-iam-user.json @@ -53,7 +53,7 @@ "type": "string" }, "Value": { - "description": "The value associated with this tag. For example, tags with a key name of ``Department`` could have values such as ``Human Resources``, ``Accounting``, and ``Support``. Tags with a key name of ``Cost Center`` might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.\n AWS always interprets the tag ``Value`` as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.", + "description": "The value associated with this tag. For example, tags with a key name of ``Department`` could have values such as ``Human Resources``, ``Accounting``, and ``Support``. Tags with a key name of ``Cost Center`` might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.", "type": "string" } }, @@ -198,6 +198,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iam.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "iam:TagUser", + "iam:UntagUser", + "iam:ListUserTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-imagebuilder-component.json b/src/schema/aws-imagebuilder-component.json index 754fed7b..27bde0d8 100644 --- a/src/schema/aws-imagebuilder-component.json +++ b/src/schema/aws-imagebuilder-component.json @@ -51,12 +51,14 @@ ] }, "permissions": [ - "imagebuilder:ListComponents" + "imagebuilder:ListComponents", + "imagebuilder:ListComponentBuildVersions" ] }, "read": { "permissions": [ - "imagebuilder:GetComponent" + "imagebuilder:GetComponent", + "kms:Decrypt" ] } }, @@ -110,7 +112,8 @@ "description": "The platform of the component.", "enum": [ "Windows", - "Linux" + "Linux", + "macOS" ], "type": "string" }, @@ -161,12 +164,19 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true }, "typeName": "AWS::ImageBuilder::Component", "writeOnlyProperties": [ "/properties/Data", - "/properties/Uri", - "/properties/Platform" + "/properties/Uri" ] } diff --git a/src/schema/aws-imagebuilder-containerrecipe.json b/src/schema/aws-imagebuilder-containerrecipe.json index 4dafb57a..7fa02c33 100644 --- a/src/schema/aws-imagebuilder-containerrecipe.json +++ b/src/schema/aws-imagebuilder-containerrecipe.json @@ -208,7 +208,8 @@ }, "read": { "permissions": [ - "imagebuilder:GetContainerRecipe" + "imagebuilder:GetContainerRecipe", + "kms:Decrypt" ] } }, @@ -331,7 +332,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true }, "typeName": "AWS::ImageBuilder::ContainerRecipe", "writeOnlyProperties": [ diff --git a/src/schema/aws-imagebuilder-distributionconfiguration.json b/src/schema/aws-imagebuilder-distributionconfiguration.json index a0082dd2..b1ddf94d 100644 --- a/src/schema/aws-imagebuilder-distributionconfiguration.json +++ b/src/schema/aws-imagebuilder-distributionconfiguration.json @@ -334,7 +334,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::ImageBuilder::DistributionConfiguration" } diff --git a/src/schema/aws-imagebuilder-image.json b/src/schema/aws-imagebuilder-image.json index ceaf7e93..ec478737 100644 --- a/src/schema/aws-imagebuilder-image.json +++ b/src/schema/aws-imagebuilder-image.json @@ -155,7 +155,8 @@ ] }, "permissions": [ - "imagebuilder:ListImages" + "imagebuilder:ListImages", + "imagebuilder:ListImageBuildVersions" ] }, "read": { @@ -176,6 +177,11 @@ "ImageRecipeArn", "InfrastructureConfigurationArn" ] + }, + { + "required": [ + "ImportDiskImageSettings" + ] } ], "primaryIdentifier": [ @@ -257,7 +263,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true }, "typeName": "AWS::ImageBuilder::Image" } diff --git a/src/schema/aws-imagebuilder-imagepipeline.json b/src/schema/aws-imagebuilder-imagepipeline.json index 22df9854..da974817 100644 --- a/src/schema/aws-imagebuilder-imagepipeline.json +++ b/src/schema/aws-imagebuilder-imagepipeline.json @@ -271,7 +271,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::ImageBuilder::ImagePipeline" } diff --git a/src/schema/aws-imagebuilder-imagerecipe.json b/src/schema/aws-imagebuilder-imagerecipe.json index 78f995c5..21ec1b3b 100644 --- a/src/schema/aws-imagebuilder-imagerecipe.json +++ b/src/schema/aws-imagebuilder-imagerecipe.json @@ -256,7 +256,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true }, "typeName": "AWS::ImageBuilder::ImageRecipe" } diff --git a/src/schema/aws-imagebuilder-infrastructureconfiguration.json b/src/schema/aws-imagebuilder-infrastructureconfiguration.json index fb8de314..36812a68 100644 --- a/src/schema/aws-imagebuilder-infrastructureconfiguration.json +++ b/src/schema/aws-imagebuilder-infrastructureconfiguration.json @@ -33,6 +33,34 @@ }, "type": "object" }, + "Placement": { + "additionalProperties": false, + "description": "The placement options", + "properties": { + "AvailabilityZone": { + "description": "AvailabilityZone", + "type": "string" + }, + "HostId": { + "description": "HostId", + "type": "string" + }, + "HostResourceGroupArn": { + "description": "HostResourceGroupArn", + "type": "string" + }, + "Tenancy": { + "description": "Tenancy", + "enum": [ + "default", + "dedicated", + "host" + ], + "type": "string" + } + }, + "type": "object" + }, "S3Logs": { "additionalProperties": false, "description": "The S3 path in which to store the logs.", @@ -148,6 +176,10 @@ "description": "The name of the infrastructure configuration.", "type": "string" }, + "Placement": { + "$ref": "#/definitions/Placement", + "description": "The placement option settings for the infrastructure configuration." + }, "ResourceTags": { "additionalProperties": false, "description": "The tags attached to the resource created by Image Builder.", @@ -198,7 +230,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::ImageBuilder::InfrastructureConfiguration" } diff --git a/src/schema/aws-imagebuilder-lifecyclepolicy.json b/src/schema/aws-imagebuilder-lifecyclepolicy.json index c98431e5..4687dd56 100644 --- a/src/schema/aws-imagebuilder-lifecyclepolicy.json +++ b/src/schema/aws-imagebuilder-lifecyclepolicy.json @@ -337,7 +337,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::ImageBuilder::LifecyclePolicy" } diff --git a/src/schema/aws-imagebuilder-workflow.json b/src/schema/aws-imagebuilder-workflow.json index a27c5c83..91e0d193 100644 --- a/src/schema/aws-imagebuilder-workflow.json +++ b/src/schema/aws-imagebuilder-workflow.json @@ -49,12 +49,14 @@ ] }, "permissions": [ - "imagebuilder:ListWorkflows" + "imagebuilder:ListWorkflows", + "imagebuilder:ListWorkflowBuildVersions" ] }, "read": { "permissions": [ - "imagebuilder:GetWorkflow" + "imagebuilder:GetWorkflow", + "kms:Decrypt" ] } }, @@ -138,7 +140,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder", "tagging": { - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "imagebuilder:TagResource", + "imagebuilder:UnTagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true }, "typeName": "AWS::ImageBuilder::Workflow", "writeOnlyProperties": [ diff --git a/src/schema/aws-inspectorv2-cisscanconfiguration.json b/src/schema/aws-inspectorv2-cisscanconfiguration.json index 6a6d2526..3a6ad7a0 100644 --- a/src/schema/aws-inspectorv2-cisscanconfiguration.json +++ b/src/schema/aws-inspectorv2-cisscanconfiguration.json @@ -23,7 +23,7 @@ "properties": { "AccountIds": { "items": { - "pattern": "^\\d{12}|ALL_MEMBERS|SELF$", + "pattern": "^\\d{12}|ALL_ACCOUNTS|SELF$", "type": "string" }, "maxItems": 10000, @@ -36,7 +36,8 @@ } }, "required": [ - "AccountIds" + "AccountIds", + "TargetResourceTags" ] }, "DailySchedule": { @@ -227,6 +228,12 @@ "readOnlyProperties": [ "/properties/Arn" ], + "required": [ + "ScanName", + "SecurityLevel", + "Schedule", + "Targets" + ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-inspector.git", "tagging": { "cloudFormationSystemTags": true, diff --git a/src/schema/aws-internetmonitor-monitor.json b/src/schema/aws-internetmonitor-monitor.json index 57a52112..4e314e6f 100644 --- a/src/schema/aws-internetmonitor-monitor.json +++ b/src/schema/aws-internetmonitor-monitor.json @@ -145,6 +145,7 @@ "permissions": [ "internetmonitor:ListMonitors", "internetmonitor:GetMonitor", + "internetmonitor:ListTagsForResource", "logs:GetLogDelivery" ] }, @@ -278,6 +279,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "internetmonitor:TagResource", + "internetmonitor:UntagResource", + "internetmonitor:ListTagsForResource" + ], "tagOnCreate": false, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-invoicing-invoiceunit.json b/src/schema/aws-invoicing-invoiceunit.json new file mode 100644 index 00000000..6c63704e --- /dev/null +++ b/src/schema/aws-invoicing-invoiceunit.json @@ -0,0 +1,167 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/InvoiceReceiver", + "/properties/Name" + ], + "definitions": { + "Description": { + "maxLength": 500, + "minLength": 0, + "pattern": "^[\\S\\s]*$", + "type": "string" + }, + "InvoiceReceiver": { + "maxLength": 12, + "minLength": 12, + "pattern": "^\\d{12}$", + "type": "string" + }, + "InvoiceUnitArn": { + "maxLength": 256, + "minLength": 1, + "pattern": "^arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+$", + "type": "string" + }, + "LastModified": { + "type": "number" + }, + "Name": { + "maxLength": 50, + "minLength": 1, + "pattern": "^(?! )[\\p{L}\\p{N}\\p{Z}-_]*(?_raw``." }, "DynamoDBv2": { - "$ref": "#/definitions/DynamoDBv2" + "$ref": "#/definitions/DynamoDBv2", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``.\n + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. \n ``'{\\\"sensorID\\\": \\\"${$input.GreenhouseInput.sensor_id}\\\", \\\"temperature\\\": \\\"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\\\"}'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n The value for the ``type`` parameter in ``Payload`` must be ``JSON``." }, "Firehose": { - "$ref": "#/definitions/Firehose" + "$ref": "#/definitions/Firehose", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream." }, "IotEvents": { - "$ref": "#/definitions/IotEvents" + "$ref": "#/definitions/IotEvents", + "description": "Sends an ITE input, passing in information about the detector model instance and the event that triggered the action." }, "IotSiteWise": { - "$ref": "#/definitions/IotSiteWise" + "$ref": "#/definitions/IotSiteWise", + "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW.\n You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``.\n + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. \n ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` \n \n You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW.\n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*." }, "IotTopicPublish": { - "$ref": "#/definitions/IotTopicPublish" + "$ref": "#/definitions/IotTopicPublish", + "description": "Information required to publish the MQTT message through the IoT message broker." }, "Lambda": { - "$ref": "#/definitions/Lambda" + "$ref": "#/definitions/Lambda", + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action." }, "Sns": { - "$ref": "#/definitions/Sns" + "$ref": "#/definitions/Sns", + "description": "Information required to publish the Amazon SNS message." }, "Sqs": { - "$ref": "#/definitions/Sqs" + "$ref": "#/definitions/Sqs", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue." } }, "type": "object" @@ -62,13 +71,15 @@ }, "AlarmCapabilities": { "additionalProperties": false, - "description": "Contains the configuration information of alarm state changes", + "description": "Contains the configuration information of alarm state changes.", "properties": { "AcknowledgeFlow": { - "$ref": "#/definitions/AcknowledgeFlow" + "$ref": "#/definitions/AcknowledgeFlow", + "description": "Specifies whether to get notified for alarm state changes." }, "InitializationConfiguration": { - "$ref": "#/definitions/InitializationConfiguration" + "$ref": "#/definitions/InitializationConfiguration", + "description": "Specifies the default alarm state. The configuration applies to all alarms that were created based on this alarm model." } }, "type": "object" @@ -78,7 +89,8 @@ "description": "Contains information about one or more alarm actions.", "properties": { "AlarmActions": { - "$ref": "#/definitions/AlarmActions" + "$ref": "#/definitions/AlarmActions", + "description": "Specifies one or more supported actions to receive notifications when the alarm state changes." } }, "type": "object" @@ -88,21 +100,22 @@ "description": "Defines when your alarm is invoked.", "properties": { "SimpleRule": { - "$ref": "#/definitions/SimpleRule" + "$ref": "#/definitions/SimpleRule", + "description": "A rule that compares an input property value to a threshold value with a comparison operator." } }, "type": "object" }, "AssetPropertyTimestamp": { "additionalProperties": false, - "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyTimestamp``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``timeInSeconds`` parameter can be ``'1586400675'``.\n + For references, you must specify either variables or input values. For example, the value for the ``offsetInNanos`` parameter can be ``$variable.time``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``timeInSeconds`` parameter uses a substitution template.\n ``'${$input.TemperatureInput.sensorData.timestamp / 1000}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "OffsetInNanos": { - "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression.", + "description": "The nanosecond offset converted from ``timeInSeconds``. The valid range is between 0-999999999.", "type": "string" }, "TimeInSeconds": { - "description": "The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression.", + "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between 1-31556889864403199.", "type": "string" } }, @@ -113,17 +126,19 @@ }, "AssetPropertyValue": { "additionalProperties": false, - "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyValue``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``quality`` parameter can be ``'GOOD'``.\n + For references, you must specify either variables or input values. For example, the value for the ``quality`` parameter can be ``$input.TemperatureInput.sensorData.quality``.\n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "Quality": { - "description": "The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression.", + "description": "The quality of the asset property value. The value must be ``'GOOD'``, ``'BAD'``, or ``'UNCERTAIN'``.", "type": "string" }, "Timestamp": { - "$ref": "#/definitions/AssetPropertyTimestamp" + "$ref": "#/definitions/AssetPropertyTimestamp", + "description": "The timestamp associated with the asset property value. The default is the current event time." }, "Value": { - "$ref": "#/definitions/AssetPropertyVariant" + "$ref": "#/definitions/AssetPropertyVariant", + "description": "The value to send to an asset property." } }, "required": [ @@ -133,22 +148,22 @@ }, "AssetPropertyVariant": { "additionalProperties": false, - "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyVariant``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``integerValue`` parameter can be ``'100'``.\n + For references, you must specify either variables or parameters. For example, the value for the ``booleanValue`` parameter can be ``$variable.offline``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. \n In the following example, the value for the ``doubleValue`` parameter uses a substitution template. \n ``'${$input.TemperatureInput.sensorData.temperature * 6 / 5 + 32}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n You must specify one of the following value types, depending on the ``dataType`` of the specified asset property. For more information, see [AssetProperty](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetProperty.html) in the *API Reference*.", "properties": { "BooleanValue": { - "description": "The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value.", + "description": "The asset property value is a Boolean value that must be ``'TRUE'`` or ``'FALSE'``. You must use an expression, and the evaluated result should be a Boolean value.", "type": "string" }, "DoubleValue": { - "description": "The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double.", + "description": "The asset property value is a double. You must use an expression, and the evaluated result should be a double.", "type": "string" }, "IntegerValue": { - "description": "The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer.", + "description": "The asset property value is an integer. You must use an expression, and the evaluated result should be an integer.", "type": "string" }, "StringValue": { - "description": "The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string.", + "description": "The asset property value is a string. You must use an expression, and the evaluated result should be a string.", "type": "string" } }, @@ -156,14 +171,14 @@ }, "DynamoDB": { "additionalProperties": false, - "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the alarm model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``.\n + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. \n ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``_raw``.", "properties": { "HashKeyField": { - "description": "The name of the hash key (also called the partition key).", + "description": "The name of the hash key (also called the partition key). The ``hashKeyField`` value must match the partition key of the target DynamoDB table.", "type": "string" }, "HashKeyType": { - "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n\n* `STRING` - The hash key is a string.\n\n* `NUMBER` - The hash key is a number.\n\nIf you don't specify `hashKeyType`, the default value is `STRING`.", + "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n + ``'STRING'`` - The hash key is a string.\n + ``'NUMBER'`` - The hash key is a number.\n \n If you don't specify ``hashKeyType``, the default value is ``'STRING'``.", "type": "string" }, "HashKeyValue": { @@ -171,22 +186,23 @@ "type": "string" }, "Operation": { - "description": "The type of operation to perform. You can specify the following values:\n\n* `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n\n* `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\n* `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\nIf you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation.", + "description": "The type of operation to perform. You can specify the following values: \n + ``'INSERT'`` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n + ``'UPDATE'`` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n + ``'DELETE'`` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n \n If you don't specify this parameter, ITE triggers the ``'INSERT'`` operation.", "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "PayloadField": { - "description": "The name of the DynamoDB column that receives the action payload.\n\nIf you don't specify this parameter, the name of the DynamoDB column is `payload`.", + "description": "The name of the DynamoDB column that receives the action payload.\n If you don't specify this parameter, the name of the DynamoDB column is ``payload``.", "type": "string" }, "RangeKeyField": { - "description": "The name of the range key (also called the sort key).", + "description": "The name of the range key (also called the sort key). The ``rangeKeyField`` value must match the sort key of the target DynamoDB table.", "type": "string" }, "RangeKeyType": { - "description": "The data type for the range key (also called the sort key), You can specify the following values:\n\n* `STRING` - The range key is a string.\n\n* `NUMBER` - The range key is number.\n\nIf you don't specify `rangeKeyField`, the default value is `STRING`.", + "description": "The data type for the range key (also called the sort key), You can specify the following values:\n + ``'STRING'`` - The range key is a string.\n + ``'NUMBER'`` - The range key is number.\n \n If you don't specify ``rangeKeyField``, the default value is ``'STRING'``.", "type": "string" }, "RangeKeyValue": { @@ -194,7 +210,7 @@ "type": "string" }, "TableName": { - "description": "The name of the DynamoDB table.", + "description": "The name of the DynamoDB table. The ``tableName`` value must match the table name of the target DynamoDB table.", "type": "string" } }, @@ -207,10 +223,11 @@ }, "DynamoDBv2": { "additionalProperties": false, - "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the alarm model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n\nYou can use expressions for parameters that are strings. For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``.\n + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. \n ``'{\\\"sensorID\\\": \\\"${$input.GreenhouseInput.sensor_id}\\\", \\\"temperature\\\": \\\"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\\\"}'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n The value for the ``type`` parameter in ``Payload`` must be ``JSON``.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "TableName": { "description": "The name of the DynamoDB table.", @@ -224,14 +241,15 @@ }, "Firehose": { "additionalProperties": false, - "description": "Sends information about the alarm model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream.", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream.", "properties": { "DeliveryStreamName": { "description": "The name of the Kinesis Data Firehose delivery stream where the data is written.", "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon Data Firehose delivery stream." }, "Separator": { "description": "A character separator that is used to separate records written to the Kinesis Data Firehose delivery stream. Valid values are: '\\n' (newline), '\\t' (tab), '\\r\\n' (Windows newline), ',' (comma).", @@ -250,7 +268,7 @@ "properties": { "DisabledOnInitialization": { "default": "true", - "description": "The value must be TRUE or FALSE. If FALSE, all alarm instances created based on the alarm model are activated. The default value is TRUE.", + "description": "The value must be ``TRUE`` or ``FALSE``. If ``FALSE``, all alarm instances created based on the alarm model are activated. The default value is ``TRUE``.", "type": "boolean" } }, @@ -261,17 +279,18 @@ }, "IotEvents": { "additionalProperties": false, - "description": "Sends an AWS IoT Events input, passing in information about the alarm model instance and the event that triggered the action.", + "description": "Sends an ITE input, passing in information about the detector model instance and the event that triggered the action.", "properties": { "InputName": { - "description": "The name of the AWS IoT Events input where the data is sent.", + "description": "The name of the ITE input where the data is sent.", "maxLength": 128, "minLength": 1, "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$", "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an ITE input." } }, "required": [ @@ -281,42 +300,44 @@ }, "IotSiteWise": { "additionalProperties": false, - "description": "Sends information about the alarm model instance and the event that triggered the action to a specified asset property in AWS IoT SiteWise.", + "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW.\n You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``.\n + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. \n ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` \n \n You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW.\n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "AssetId": { - "description": "The ID of the asset that has the specified property. You can specify an expression.", + "description": "The ID of the asset that has the specified property.", "type": "string" }, "EntryId": { - "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression.", + "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier.", "type": "string" }, "PropertyAlias": { - "description": "The alias of the asset property. You can also specify an expression.", + "description": "The alias of the asset property.", "type": "string" }, "PropertyId": { - "description": "The ID of the asset property. You can specify an expression.", + "description": "The ID of the asset property.", "type": "string" }, "PropertyValue": { - "$ref": "#/definitions/AssetPropertyValue" + "$ref": "#/definitions/AssetPropertyValue", + "description": "The value to send to the asset property. This value contains timestamp, quality, and value (TQV) information." } }, "type": "object" }, "IotTopicPublish": { "additionalProperties": false, - "description": "Information required to publish the MQTT message through the AWS IoT message broker.", + "description": "Information required to publish the MQTT message through the IoT message broker.", "properties": { "MqttTopic": { - "description": "The MQTT topic of the message. You can use a string expression that includes variables (`$variable.`) and input values (`$input..`) as the topic string.", + "description": "The MQTT topic of the message. You can use a string expression that includes variables (``$variable.``) and input values (``$input..``) as the topic string.", "maxLength": 128, "minLength": 1, "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you publish a message to an IoTCore topic." } }, "required": [ @@ -326,6 +347,7 @@ }, "Lambda": { "additionalProperties": false, + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action.", "properties": { "FunctionArn": { "description": "The ARN of the Lambda function that is executed.", @@ -334,7 +356,8 @@ "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to a Lambda function." } }, "required": [ @@ -344,15 +367,15 @@ }, "Payload": { "additionalProperties": false, - "description": "Information needed to configure the payload.\n\nBy default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the alarm model instance and the event triggered the action. To configure the action payload, you can use `contentExpression`.", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``.", "properties": { "ContentExpression": { - "description": "The content of the payload. You can use a string expression that includes quoted strings (`''`), variables (`$variable.`), input values (`$input..`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB.", + "description": "The content of the payload. You can use a string expression that includes quoted strings (``''``), variables (``$variable.``), input values (``$input..``), string concatenations, and quoted strings that contain ``${}`` as the content. The recommended maximum size of a content expression is 1 KB.", "minLength": 1, "type": "string" }, "Type": { - "description": "The value of the payload type can be either `STRING` or `JSON`.", + "description": "The value of the payload type can be either ``STRING`` or ``JSON``.", "type": "string" } }, @@ -379,13 +402,13 @@ "type": "string" }, "InputProperty": { - "description": "The value on the left side of the comparison operator. You can specify an AWS IoT Events input attribute as an input property.", + "description": "The value on the left side of the comparison operator. You can specify an ITE input attribute as an input property.", "maxLength": 512, "minLength": 1, "type": "string" }, "Threshold": { - "description": "The value on the right side of the comparison operator. You can enter a number or specify an AWS IoT Events input attribute.", + "description": "The value on the right side of the comparison operator. You can enter a number or specify an ITE input attribute.", "maxLength": 512, "minLength": 1, "type": "string" @@ -403,7 +426,8 @@ "description": "Information required to publish the Amazon SNS message.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message as an Amazon SNS push notification." }, "TargetArn": { "description": "The ARN of the Amazon SNS target where the message is sent.", @@ -419,16 +443,18 @@ }, "Sqs": { "additionalProperties": false, + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon SQS queue." }, "QueueUrl": { "description": "The URL of the SQS queue where the data is written.", "type": "string" }, "UseBase64": { - "description": "Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`.", + "description": "Set this to TRUE if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to FALSE.", "type": "boolean" } }, @@ -439,14 +465,14 @@ }, "Tag": { "additionalProperties": false, - "description": "Tags to be applied to Input.", + "description": "Metadata that can be used to manage the resource.", "properties": { "Key": { - "description": "Key of the Tag.", + "description": "The tag's key.", "type": "string" }, "Value": { - "description": "Value of the Tag.", + "description": "The tag's value.", "type": "string" } }, @@ -457,7 +483,7 @@ "type": "object" } }, - "description": "The AWS::IoTEvents::AlarmModel resource creates a alarm model. AWS IoT Events alarms help you monitor your data for changes. The data can be metrics that you measure for your equipment and processes. You can create alarms that send notifications when a threshold is breached. Alarms help you detect issues, streamline maintenance, and optimize performance of your equipment and processes.\n\nAlarms are instances of alarm models. The alarm model specifies what to detect, when to send notifications, who gets notified, and more. You can also specify one or more supported actions that occur when the alarm state changes. AWS IoT Events routes input attributes derived from your data to the appropriate alarms. If the data that you're monitoring is outside the specified range, the alarm is invoked. You can also acknowledge the alarms or set them to the snooze mode.", + "description": "Represents an alarm model to monitor an ITE input attribute. You can use the alarm to get notified when the value is outside a specified range. For more information, see [Create an alarm model](https://docs.aws.amazon.com/iotevents/latest/developerguide/create-alarms.html) in the *Developer Guide*.", "handlers": { "create": { "permissions": [ @@ -503,13 +529,15 @@ ], "properties": { "AlarmCapabilities": { - "$ref": "#/definitions/AlarmCapabilities" + "$ref": "#/definitions/AlarmCapabilities", + "description": "Contains the configuration information of alarm state changes." }, "AlarmEventActions": { - "$ref": "#/definitions/AlarmEventActions" + "$ref": "#/definitions/AlarmEventActions", + "description": "Contains information about one or more alarm actions." }, "AlarmModelDescription": { - "description": "A brief description of the alarm model.", + "description": "The description of the alarm model.", "maxLength": 1024, "type": "string" }, @@ -521,29 +549,30 @@ "type": "string" }, "AlarmRule": { - "$ref": "#/definitions/AlarmRule" + "$ref": "#/definitions/AlarmRule", + "description": "Defines when your alarm is invoked." }, "Key": { - "description": "The value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value.", + "description": "An input attribute used as a key to create an alarm. ITE routes [inputs](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Input.html) associated with this key to the alarm.", "maxLength": 128, "minLength": 1, "pattern": "^((`[\\w\\- ]+`)|([\\w\\-]+))(\\.((`[\\w\\- ]+`)|([\\w\\-]+)))*$", "type": "string" }, "RoleArn": { - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations.", + "description": "The ARN of the IAM role that allows the alarm to perform actions and access AWS resources. For more information, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.", "maxLength": 2048, "minLength": 1, "type": "string" }, "Severity": { - "description": "A non-negative integer that reflects the severity level of the alarm.\n\n", + "description": "A non-negative integer that reflects the severity level of the alarm.", "maximum": 2147483647, "minimum": 0, "type": "integer" }, "Tags": { - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", + "description": "A list of key-value pairs that contain metadata for the alarm model. The tags help you manage the alarm model. For more information, see [Tagging your resources](https://docs.aws.amazon.com/iotevents/latest/developerguide/tagging-iotevents.html) in the *Developer Guide*.\n You can create up to 50 tags for one alarm model.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -557,5 +586,17 @@ "AlarmRule" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "iotevents:UntagResource", + "iotevents:TagResource", + "iotevents:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTEvents::AlarmModel" } diff --git a/src/schema/aws-iotevents-detectormodel.json b/src/schema/aws-iotevents-detectormodel.json index 395c0832..199cdb33 100644 --- a/src/schema/aws-iotevents-detectormodel.json +++ b/src/schema/aws-iotevents-detectormodel.json @@ -7,60 +7,73 @@ "definitions": { "Action": { "additionalProperties": false, - "description": "The actions to be performed.", + "description": "An action to be performed when the ``condition`` is TRUE.", "properties": { "ClearTimer": { - "$ref": "#/definitions/ClearTimer" + "$ref": "#/definitions/ClearTimer", + "description": "Information needed to clear the timer." }, "DynamoDB": { - "$ref": "#/definitions/DynamoDB" + "$ref": "#/definitions/DynamoDB", + "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*." }, "DynamoDBv2": { - "$ref": "#/definitions/DynamoDBv2" + "$ref": "#/definitions/DynamoDBv2", + "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*." }, "Firehose": { - "$ref": "#/definitions/Firehose" + "$ref": "#/definitions/Firehose", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream." }, "IotEvents": { - "$ref": "#/definitions/IotEvents" + "$ref": "#/definitions/IotEvents", + "description": "Sends ITE input, which passes information about the detector model instance and the event that triggered the action." }, "IotSiteWise": { - "$ref": "#/definitions/IotSiteWise" + "$ref": "#/definitions/IotSiteWise", + "description": "Sends information about the detector model instance and the event that triggered the action to an asset property in ITSW ." }, "IotTopicPublish": { - "$ref": "#/definitions/IotTopicPublish" + "$ref": "#/definitions/IotTopicPublish", + "description": "Publishes an MQTT message with the given topic to the IoT message broker." }, "Lambda": { - "$ref": "#/definitions/Lambda" + "$ref": "#/definitions/Lambda", + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action." }, "ResetTimer": { - "$ref": "#/definitions/ResetTimer" + "$ref": "#/definitions/ResetTimer", + "description": "Information needed to reset the timer." }, "SetTimer": { - "$ref": "#/definitions/SetTimer" + "$ref": "#/definitions/SetTimer", + "description": "Information needed to set the timer." }, "SetVariable": { - "$ref": "#/definitions/SetVariable" + "$ref": "#/definitions/SetVariable", + "description": "Sets a variable to a specified value." }, "Sns": { - "$ref": "#/definitions/Sns" + "$ref": "#/definitions/Sns", + "description": "Sends an Amazon SNS message." }, "Sqs": { - "$ref": "#/definitions/Sqs" + "$ref": "#/definitions/Sqs", + "description": "Sends an Amazon SNS message." } }, "type": "object" }, "AssetPropertyTimestamp": { "additionalProperties": false, - "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains timestamp information. For more information, see [TimeInNanos](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_TimeInNanos.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyTimestamp``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``timeInSeconds`` parameter can be ``'1586400675'``.\n + For references, you must specify either variables or input values. For example, the value for the ``offsetInNanos`` parameter can be ``$variable.time``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``timeInSeconds`` parameter uses a substitution template.\n ``'${$input.TemperatureInput.sensorData.timestamp / 1000}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "OffsetInNanos": { - "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression.", + "description": "The nanosecond offset converted from ``timeInSeconds``. The valid range is between 0-999999999.", "type": "string" }, "TimeInSeconds": { - "description": "The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression.", + "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between 1-31556889864403199.", "type": "string" } }, @@ -71,17 +84,19 @@ }, "AssetPropertyValue": { "additionalProperties": false, - "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains value information. For more information, see [AssetPropertyValue](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetPropertyValue.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyValue``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``quality`` parameter can be ``'GOOD'``.\n + For references, you must specify either variables or input values. For example, the value for the ``quality`` parameter can be ``$input.TemperatureInput.sensorData.quality``.\n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "Quality": { - "description": "The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression.", + "description": "The quality of the asset property value. The value must be ``'GOOD'``, ``'BAD'``, or ``'UNCERTAIN'``.", "type": "string" }, "Timestamp": { - "$ref": "#/definitions/AssetPropertyTimestamp" + "$ref": "#/definitions/AssetPropertyTimestamp", + "description": "The timestamp associated with the asset property value. The default is the current event time." }, "Value": { - "$ref": "#/definitions/AssetPropertyVariant" + "$ref": "#/definitions/AssetPropertyVariant", + "description": "The value to send to an asset property." } }, "required": [ @@ -91,22 +106,22 @@ }, "AssetPropertyVariant": { "additionalProperties": false, - "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *AWS IoT SiteWise API Reference*.", + "description": "A structure that contains an asset property value. For more information, see [Variant](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_Variant.html) in the *API Reference*.\n You must use expressions for all parameters in ``AssetPropertyVariant``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``integerValue`` parameter can be ``'100'``.\n + For references, you must specify either variables or parameters. For example, the value for the ``booleanValue`` parameter can be ``$variable.offline``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates. \n In the following example, the value for the ``doubleValue`` parameter uses a substitution template. \n ``'${$input.TemperatureInput.sensorData.temperature * 6 / 5 + 32}'`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n You must specify one of the following value types, depending on the ``dataType`` of the specified asset property. For more information, see [AssetProperty](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_AssetProperty.html) in the *API Reference*.", "properties": { "BooleanValue": { - "description": "The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value.", + "description": "The asset property value is a Boolean value that must be ``'TRUE'`` or ``'FALSE'``. You must use an expression, and the evaluated result should be a Boolean value.", "type": "string" }, "DoubleValue": { - "description": "The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double.", + "description": "The asset property value is a double. You must use an expression, and the evaluated result should be a double.", "type": "string" }, "IntegerValue": { - "description": "The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer.", + "description": "The asset property value is an integer. You must use an expression, and the evaluated result should be an integer.", "type": "string" }, "StringValue": { - "description": "The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string.", + "description": "The asset property value is a string. You must use an expression, and the evaluated result should be a string.", "type": "string" } }, @@ -117,6 +132,7 @@ "description": "Information needed to clear the timer.", "properties": { "TimerName": { + "description": "The name of the timer to clear.", "maxLength": 128, "minLength": 1, "type": "string" @@ -156,14 +172,14 @@ }, "DynamoDB": { "additionalProperties": false, - "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``.\n + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. \n ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``_raw``.", "properties": { "HashKeyField": { - "description": "The name of the hash key (also called the partition key).", + "description": "The name of the hash key (also called the partition key). The ``hashKeyField`` value must match the partition key of the target DynamoDB table.", "type": "string" }, "HashKeyType": { - "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n\n* `STRING` - The hash key is a string.\n\n* `NUMBER` - The hash key is a number.\n\nIf you don't specify `hashKeyType`, the default value is `STRING`.", + "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n + ``'STRING'`` - The hash key is a string.\n + ``'NUMBER'`` - The hash key is a number.\n \n If you don't specify ``hashKeyType``, the default value is ``'STRING'``.", "type": "string" }, "HashKeyValue": { @@ -171,22 +187,23 @@ "type": "string" }, "Operation": { - "description": "The type of operation to perform. You can specify the following values:\n\n* `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n\n* `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\n* `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\nIf you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation.", + "description": "The type of operation to perform. You can specify the following values: \n + ``'INSERT'`` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n + ``'UPDATE'`` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n + ``'DELETE'`` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n \n If you don't specify this parameter, ITE triggers the ``'INSERT'`` operation.", "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "PayloadField": { - "description": "The name of the DynamoDB column that receives the action payload.\n\nIf you don't specify this parameter, the name of the DynamoDB column is `payload`.", + "description": "The name of the DynamoDB column that receives the action payload.\n If you don't specify this parameter, the name of the DynamoDB column is ``payload``.", "type": "string" }, "RangeKeyField": { - "description": "The name of the range key (also called the sort key).", + "description": "The name of the range key (also called the sort key). The ``rangeKeyField`` value must match the sort key of the target DynamoDB table.", "type": "string" }, "RangeKeyType": { - "description": "The data type for the range key (also called the sort key), You can specify the following values:\n\n* `STRING` - The range key is a string.\n\n* `NUMBER` - The range key is number.\n\nIf you don't specify `rangeKeyField`, the default value is `STRING`.", + "description": "The data type for the range key (also called the sort key), You can specify the following values:\n + ``'STRING'`` - The range key is a string.\n + ``'NUMBER'`` - The range key is number.\n \n If you don't specify ``rangeKeyField``, the default value is ``'STRING'``.", "type": "string" }, "RangeKeyValue": { @@ -194,7 +211,7 @@ "type": "string" }, "TableName": { - "description": "The name of the DynamoDB table.", + "description": "The name of the DynamoDB table. The ``tableName`` value must match the table name of the target DynamoDB table.", "type": "string" } }, @@ -207,10 +224,11 @@ }, "DynamoDBv2": { "additionalProperties": false, - "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can also customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n\nYou can use expressions for parameters that are strings. For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *AWS IoT Events Developer Guide*.", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``.\n + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. \n ``'{\\\"sensorID\\\": \\\"${$input.GreenhouseInput.sensor_id}\\\", \\\"temperature\\\": \\\"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\\\"}'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n The value for the ``type`` parameter in ``Payload`` must be ``JSON``.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "TableName": { "description": "The name of the DynamoDB table.", @@ -224,7 +242,7 @@ }, "Event": { "additionalProperties": false, - "description": "Specifies the `actions` to be performed when the `condition` evaluates to `TRUE`.", + "description": "Specifies the ``actions`` to be performed when the ``condition`` evaluates to TRUE.", "properties": { "Actions": { "description": "The actions to be performed.", @@ -236,7 +254,7 @@ "uniqueItems": false }, "Condition": { - "description": "The Boolean expression that, when `TRUE`, causes the `actions` to be performed. If not present, the `actions` are performed (=`TRUE`). If the expression result is not a `Boolean` value, the `actions` are not performed (=`FALSE`).", + "description": "Optional. The Boolean expression that, when TRUE, causes the ``actions`` to be performed. If not present, the actions are performed (=TRUE). If the expression result is not a Boolean value, the actions are not performed (=FALSE).", "maxLength": 512, "type": "string" }, @@ -260,7 +278,8 @@ "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon Data Firehose delivery stream." }, "Separator": { "description": "A character separator that is used to separate records written to the Kinesis Data Firehose delivery stream. Valid values are: '\\n' (newline), '\\t' (tab), '\\r\\n' (Windows newline), ',' (comma).", @@ -275,17 +294,18 @@ }, "IotEvents": { "additionalProperties": false, - "description": "Sends an AWS IoT Events input, passing in information about the detector model instance and the event that triggered the action.", + "description": "Sends an ITE input, passing in information about the detector model instance and the event that triggered the action.", "properties": { "InputName": { - "description": "The name of the AWS IoT Events input where the data is sent.", + "description": "The name of the ITE input where the data is sent.", "maxLength": 128, "minLength": 1, "pattern": "^[a-zA-Z][a-zA-Z0-9_]*$", "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an ITE input." } }, "required": [ @@ -295,26 +315,27 @@ }, "IotSiteWise": { "additionalProperties": false, - "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in AWS IoT SiteWise.", + "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW.\n You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``.\n + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. \n ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` \n \n You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW.\n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.", "properties": { "AssetId": { - "description": "The ID of the asset that has the specified property. You can specify an expression.", + "description": "The ID of the asset that has the specified property.", "type": "string" }, "EntryId": { - "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression.", + "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier.", "type": "string" }, "PropertyAlias": { - "description": "The alias of the asset property. You can also specify an expression.", + "description": "The alias of the asset property.", "type": "string" }, "PropertyId": { - "description": "The ID of the asset property. You can specify an expression.", + "description": "The ID of the asset property.", "type": "string" }, "PropertyValue": { - "$ref": "#/definitions/AssetPropertyValue" + "$ref": "#/definitions/AssetPropertyValue", + "description": "The value to send to the asset property. This value contains timestamp, quality, and value (TQV) information." } }, "required": [ @@ -324,16 +345,17 @@ }, "IotTopicPublish": { "additionalProperties": false, - "description": "Information required to publish the MQTT message through the AWS IoT message broker.", + "description": "Information required to publish the MQTT message through the IoT message broker.", "properties": { "MqttTopic": { - "description": "The MQTT topic of the message. You can use a string expression that includes variables (`$variable.`) and input values (`$input..`) as the topic string.", + "description": "The MQTT topic of the message. You can use a string expression that includes variables (``$variable.``) and input values (``$input..``) as the topic string.", "maxLength": 128, "minLength": 1, "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you publish a message to an IoTCore topic." } }, "required": [ @@ -343,6 +365,7 @@ }, "Lambda": { "additionalProperties": false, + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action.", "properties": { "FunctionArn": { "description": "The ARN of the Lambda function that is executed.", @@ -351,7 +374,8 @@ "type": "string" }, "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to a Lambda function." } }, "required": [ @@ -361,10 +385,10 @@ }, "OnEnter": { "additionalProperties": false, - "description": "When entering this state, perform these `actions` if the `condition` is `TRUE`.", + "description": "When entering this state, perform these ``actions`` if the ``condition`` is TRUE.", "properties": { "Events": { - "description": "Specifies the `actions` that are performed when the state is entered and the `condition` is `TRUE`.", + "description": "Specifies the actions that are performed when the state is entered and the ``condition`` is ``TRUE``.", "insertionOrder": false, "items": { "$ref": "#/definitions/Event" @@ -377,10 +401,10 @@ }, "OnExit": { "additionalProperties": false, - "description": "When exiting this state, perform these `actions` if the specified `condition` is `TRUE`.", + "description": "When exiting this state, perform these ``actions`` if the specified ``condition`` is ``TRUE``.", "properties": { "Events": { - "description": "Specifies the `actions` that are performed when the state is exited and the `condition` is `TRUE`.", + "description": "Specifies the ``actions`` that are performed when the state is exited and the ``condition`` is ``TRUE``.", "insertionOrder": false, "items": { "$ref": "#/definitions/Event" @@ -393,10 +417,10 @@ }, "OnInput": { "additionalProperties": false, - "description": "When an input is received and the `condition` is `TRUE`, perform the specified `actions`.", + "description": "Specifies the actions performed when the ``condition`` evaluates to TRUE.", "properties": { "Events": { - "description": "Specifies the `actions` performed when the `condition` evaluates to `TRUE`.", + "description": "Specifies the actions performed when the ``condition`` evaluates to TRUE.", "insertionOrder": false, "items": { "$ref": "#/definitions/Event" @@ -405,7 +429,7 @@ "uniqueItems": false }, "TransitionEvents": { - "description": "Specifies the `actions` performed, and the next `state` entered, when a `condition` evaluates to `TRUE`.", + "description": "Specifies the actions performed, and the next state entered, when a ``condition`` evaluates to TRUE.", "insertionOrder": true, "items": { "$ref": "#/definitions/TransitionEvent" @@ -418,15 +442,15 @@ }, "Payload": { "additionalProperties": false, - "description": "Information needed to configure the payload.\n\nBy default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use `contentExpression`.", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``.", "properties": { "ContentExpression": { - "description": "The content of the payload. You can use a string expression that includes quoted strings (`''`), variables (`$variable.`), input values (`$input..`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB.", + "description": "The content of the payload. You can use a string expression that includes quoted strings (``''``), variables (``$variable.``), input values (``$input..``), string concatenations, and quoted strings that contain ``${}`` as the content. The recommended maximum size of a content expression is 1 KB.", "minLength": 1, "type": "string" }, "Type": { - "description": "The value of the payload type can be either `STRING` or `JSON`.", + "description": "The value of the payload type can be either ``STRING`` or ``JSON``.", "type": "string" } }, @@ -457,13 +481,13 @@ "description": "Information needed to set the timer.", "properties": { "DurationExpression": { - "description": "The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (`$variable.`), and input values (`$input..`) as the duration. The range of the duration is `1-31622400` seconds. To ensure accuracy, the minimum duration is `60` seconds. The evaluated result of the duration is rounded down to the nearest whole number.", + "description": "The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (``$variable.``), and input values (``$input..``) as the duration. The range of the duration is 1-31622400 seconds. To ensure accuracy, the minimum duration is 60 seconds. The evaluated result of the duration is rounded down to the nearest whole number.", "maxLength": 1024, "minLength": 1, "type": "string" }, "Seconds": { - "description": "The number of seconds until the timer expires. The minimum value is `60` seconds to ensure accuracy. The maximum value is `31622400` seconds.", + "description": "The number of seconds until the timer expires. The minimum value is 60 seconds to ensure accuracy. The maximum value is 31622400 seconds.", "maximum": 31622400, "minimum": 60, "type": "integer" @@ -509,7 +533,8 @@ "description": "Information required to publish the Amazon SNS message.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message as an Amazon SNS push notification." }, "TargetArn": { "description": "The ARN of the Amazon SNS target where the message is sent.", @@ -525,16 +550,18 @@ }, "Sqs": { "additionalProperties": false, + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue.", "properties": { "Payload": { - "$ref": "#/definitions/Payload" + "$ref": "#/definitions/Payload", + "description": "You can configure the action payload when you send a message to an Amazon SQS queue." }, "QueueUrl": { "description": "The URL of the SQS queue where the data is written.", "type": "string" }, "UseBase64": { - "description": "Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`.", + "description": "Set this to TRUE if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to FALSE.", "type": "boolean" } }, @@ -548,13 +575,16 @@ "description": "Information that defines a state of a detector.", "properties": { "OnEnter": { - "$ref": "#/definitions/OnEnter" + "$ref": "#/definitions/OnEnter", + "description": "When entering this state, perform these ``actions`` if the ``condition`` is TRUE." }, "OnExit": { - "$ref": "#/definitions/OnExit" + "$ref": "#/definitions/OnExit", + "description": "When exiting this state, perform these ``actions`` if the specified ``condition`` is ``TRUE``." }, "OnInput": { - "$ref": "#/definitions/OnInput" + "$ref": "#/definitions/OnInput", + "description": "When an input is received and the ``condition`` is TRUE, perform the specified ``actions``." }, "StateName": { "description": "The name of the state.", @@ -570,14 +600,14 @@ }, "Tag": { "additionalProperties": false, - "description": "Tags to be applied to Input.", + "description": "Metadata that can be used to manage the resource.", "properties": { "Key": { - "description": "Key of the Tag.", + "description": "The tag's key.", "type": "string" }, "Value": { - "description": "Value of the Tag.", + "description": "The tag's value.", "type": "string" } }, @@ -589,7 +619,7 @@ }, "TransitionEvent": { "additionalProperties": false, - "description": "Specifies the `actions `performed and the next `state` entered when a `condition` evaluates to `TRUE`.", + "description": "Specifies the actions performed and the next state entered when a ``condition`` evaluates to TRUE.", "properties": { "Actions": { "description": "The actions to be performed.", @@ -601,12 +631,12 @@ "uniqueItems": false }, "Condition": { - "description": "A Boolean expression that when `TRUE` causes the `actions` to be performed and the `nextState` to be entered.", + "description": "Required. A Boolean expression that when TRUE causes the actions to be performed and the ``nextState`` to be entered.", "maxLength": 512, "type": "string" }, "EventName": { - "description": "The name of the event.", + "description": "The name of the transition event.", "maxLength": 128, "minLength": 1, "type": "string" @@ -626,7 +656,7 @@ "type": "object" } }, - "description": "The AWS::IoTEvents::DetectorModel resource creates a detector model. You create a *detector model* (a model of your equipment or process) using *states*. For each state, you define conditional (Boolean) logic that evaluates the incoming inputs to detect significant events. When an event is detected, it can change the state or trigger custom-built or predefined actions using other AWS services. You can define additional events that trigger actions when entering or exiting a state and, optionally, when a condition is met. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*.", + "description": "The AWS::IoTEvents::DetectorModel resource creates a detector model. You create a *detector model* (a model of your equipment or process) using *states*. For each state, you define conditional (Boolean) logic that evaluates the incoming inputs to detect significant events. When an event is detected, it can change the state or trigger custom-built or predefined actions using other AWS services. You can define additional events that trigger actions when entering or exiting a state and, optionally, when a condition is met. For more information, see [How to Use](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *Developer Guide*.\n When you successfully update a detector model (using the ITE console, ITE API or CLI commands, or CFN) all detector instances created by the model are reset to their initial states. (The detector's ``state``, and the values of any variables and timers are reset.)\n When you successfully update a detector model (using the ITE console, ITE API or CLI commands, or CFN) the version number of the detector model is incremented. (A detector model with version number 1 before the update has version number 2 after the update succeeds.)\n If you attempt to update a detector model using CFN and the update does not succeed, the system may, in some cases, restore the original detector model. When this occurs, the detector model's version is incremented twice (for example, from version 1 to version 3) and the detector instances are reset.\n Also, be aware that if you attempt to update several detector models at once using CFN, some updates may succeed and others fail. In this case, the effects on each detector model's detector instances and version number depend on whether the update succeeded or failed, with the results as stated.", "handlers": { "create": { "permissions": [ @@ -672,7 +702,8 @@ ], "properties": { "DetectorModelDefinition": { - "$ref": "#/definitions/DetectorModelDefinition" + "$ref": "#/definitions/DetectorModelDefinition", + "description": "Information that defines how a detector operates." }, "DetectorModelDescription": { "description": "A brief description of the detector model.", @@ -695,20 +726,20 @@ "type": "string" }, "Key": { - "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value.", + "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. ITE can continue to route input to its corresponding detector instance based on this identifying information. \n This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value.", "maxLength": 128, "minLength": 1, "pattern": "^((`[\\w\\- ]+`)|([\\w\\-]+))(\\.((`[\\w\\- ]+`)|([\\w\\-]+)))*$", "type": "string" }, "RoleArn": { - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations.", + "description": "The ARN of the role that grants permission to ITE to perform its operations.", "maxLength": 2048, "minLength": 1, "type": "string" }, "Tags": { - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -722,6 +753,17 @@ "RoleArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "iotevents:UntagResource", + "iotevents:TagResource", + "iotevents:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTEvents::DetectorModel" } diff --git a/src/schema/aws-iotevents-input.json b/src/schema/aws-iotevents-input.json index d8c618ea..d2babf68 100644 --- a/src/schema/aws-iotevents-input.json +++ b/src/schema/aws-iotevents-input.json @@ -6,10 +6,10 @@ "definitions": { "Attribute": { "additionalProperties": false, - "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input.", + "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the ITE system using ``BatchPutMessage``. Each such message contains a JSON payload. Those attributes (and their paired values) specified here are available for use in the ``condition`` expressions used by detectors.", "properties": { "JsonPath": { - "description": "An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to AWS IoT Events (`BatchPutMessage`). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the `condition` expressions used by detectors.\n\n_Syntax_: `....`", + "description": "An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to ITE (``BatchPutMessage``). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the ``condition`` expressions used by detectors. \n Syntax: ``....``", "maxLength": 128, "minLength": 1, "pattern": "^((`[a-zA-Z0-9_\\- ]+`)|([a-zA-Z0-9_\\-]+))(\\.((`[a-zA-Z0-9_\\- ]+`)|([a-zA-Z0-9_\\-]+)))*$", @@ -26,7 +26,7 @@ "description": "The definition of the input.", "properties": { "Attributes": { - "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input.", + "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the ITE system using ``BatchPutMessage``. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the ``condition`` expressions used by detectors that monitor this input.", "insertionOrder": false, "items": { "$ref": "#/definitions/Attribute" @@ -44,14 +44,14 @@ }, "Tag": { "additionalProperties": false, - "description": "Tags to be applied to Input.", + "description": "Metadata that can be used to manage the resource.", "properties": { "Key": { - "description": "Key of the Tag.", + "description": "The tag's key.", "type": "string" }, "Value": { - "description": "Value of the Tag.", + "description": "The tag's value.", "type": "string" } }, @@ -62,7 +62,7 @@ "type": "object" } }, - "description": "The AWS::IoTEvents::Input resource creates an input. To monitor your devices and processes, they must have a way to get telemetry data into AWS IoT Events. This is done by sending messages as *inputs* to AWS IoT Events. For more information, see [How to Use AWS IoT Events](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *AWS IoT Events Developer Guide*.", + "description": "The AWS::IoTEvents::Input resource creates an input. To monitor your devices and processes, they must have a way to get telemetry data into ITE. This is done by sending messages as *inputs* to ITE. For more information, see [How to Use](https://docs.aws.amazon.com/iotevents/latest/developerguide/how-to-use-iotevents.html) in the *Developer Guide*.", "handlers": { "create": { "permissions": [ @@ -104,7 +104,8 @@ ], "properties": { "InputDefinition": { - "$ref": "#/definitions/InputDefinition" + "$ref": "#/definitions/InputDefinition", + "description": "The definition of the input." }, "InputDescription": { "description": "A brief description of the input.", @@ -120,7 +121,7 @@ "type": "string" }, "Tags": { - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -133,6 +134,17 @@ "InputDefinition" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iotevents.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "iotevents:UntagResource", + "iotevents:TagResource", + "iotevents:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTEvents::Input" } diff --git a/src/schema/aws-iotfleetwise-campaign.json b/src/schema/aws-iotfleetwise-campaign.json index 4809c8b4..a584f3c4 100644 --- a/src/schema/aws-iotfleetwise-campaign.json +++ b/src/schema/aws-iotfleetwise-campaign.json @@ -11,7 +11,8 @@ "/properties/Priority", "/properties/Compression", "/properties/StartTime", - "/properties/ExpiryTime" + "/properties/ExpiryTime", + "/properties/DataPartitions" ], "definitions": { "CampaignStatus": { @@ -65,13 +66,10 @@ "additionalProperties": false, "properties": { "ConditionLanguageVersion": { - "minimum": 1, - "type": "integer" + "$ref": "#/definitions/LanguageVersion" }, "Expression": { - "maxLength": 2048, - "minLength": 1, - "type": "string" + "$ref": "#/definitions/EventExpression" }, "MinimumTriggerIntervalMs": { "maximum": 4294967295, @@ -87,6 +85,24 @@ ], "type": "object" }, + "ConditionBasedSignalFetchConfig": { + "additionalProperties": false, + "properties": { + "ConditionExpression": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "TriggerMode": { + "$ref": "#/definitions/TriggerMode" + } + }, + "required": [ + "ConditionExpression", + "TriggerMode" + ], + "type": "object" + }, "DataDestinationConfig": { "oneOf": [ { @@ -114,6 +130,19 @@ ], "title": "TimestreamConfig", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "MqttTopicConfig": { + "$ref": "#/definitions/MqttTopicConfig" + } + }, + "required": [ + "MqttTopicConfig" + ], + "title": "MqttTopicConfig", + "type": "object" } ] }, @@ -124,6 +153,66 @@ ], "type": "string" }, + "DataPartition": { + "additionalProperties": false, + "properties": { + "Id": { + "$ref": "#/definitions/DataPartitionId" + }, + "StorageOptions": { + "$ref": "#/definitions/DataPartitionStorageOptions" + }, + "UploadOptions": { + "$ref": "#/definitions/DataPartitionUploadOptions" + } + }, + "required": [ + "Id", + "StorageOptions" + ], + "type": "object" + }, + "DataPartitionId": { + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "DataPartitionStorageOptions": { + "additionalProperties": false, + "properties": { + "MaximumSize": { + "$ref": "#/definitions/StorageMaximumSize" + }, + "MinimumTimeToLive": { + "$ref": "#/definitions/StorageMinimumTimeToLive" + }, + "StorageLocation": { + "$ref": "#/definitions/StorageLocation" + } + }, + "required": [ + "MaximumSize", + "MinimumTimeToLive", + "StorageLocation" + ], + "type": "object" + }, + "DataPartitionUploadOptions": { + "additionalProperties": false, + "properties": { + "ConditionLanguageVersion": { + "$ref": "#/definitions/LanguageVersion" + }, + "Expression": { + "$ref": "#/definitions/EventExpression" + } + }, + "required": [ + "Expression" + ], + "type": "object" + }, "DiagnosticsMode": { "default": "OFF", "enum": [ @@ -132,6 +221,37 @@ ], "type": "string" }, + "EventExpression": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "LanguageVersion": { + "minimum": 1, + "type": "integer" + }, + "MqttTopicConfig": { + "additionalProperties": false, + "properties": { + "ExecutionRoleArn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:(aws[a-zA-Z0-9-]*):iam::(\\d{12})?:(role((\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F))[\\w+=,.@-]+)$", + "type": "string" + }, + "MqttTopicArn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:.*", + "type": "string" + } + }, + "required": [ + "ExecutionRoleArn", + "MqttTopicArn" + ], + "type": "object" + }, "S3Config": { "additionalProperties": false, "properties": { @@ -159,9 +279,77 @@ ], "type": "object" }, + "SignalFetchConfig": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "TimeBased": { + "$ref": "#/definitions/TimeBasedSignalFetchConfig" + } + }, + "required": [ + "TimeBased" + ], + "title": "TimeBased", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "ConditionBased": { + "$ref": "#/definitions/ConditionBasedSignalFetchConfig" + } + }, + "required": [ + "ConditionBased" + ], + "title": "ConditionBased", + "type": "object" + } + ] + }, + "SignalFetchInformation": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + }, + "ConditionLanguageVersion": { + "maximum": 1, + "minimum": 1, + "type": "number" + }, + "FullyQualifiedName": { + "maxLength": 150, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_.]+$", + "type": "string" + }, + "SignalFetchConfig": { + "$ref": "#/definitions/SignalFetchConfig" + } + }, + "required": [ + "Actions", + "FullyQualifiedName", + "SignalFetchConfig" + ], + "type": "object" + }, "SignalInformation": { "additionalProperties": false, "properties": { + "DataPartitionId": { + "$ref": "#/definitions/DataPartitionId" + }, "MaxSampleCount": { "maximum": 4294967295, "minimum": 1, @@ -199,6 +387,69 @@ ], "type": "string" }, + "StorageLocation": { + "maxLength": 4096, + "minLength": 1, + "type": "string" + }, + "StorageMaximumSize": { + "additionalProperties": false, + "properties": { + "Unit": { + "$ref": "#/definitions/StorageMaximumSizeUnit" + }, + "Value": { + "$ref": "#/definitions/StorageMaximumSizeValue" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "StorageMaximumSizeUnit": { + "enum": [ + "MB", + "GB", + "TB" + ], + "type": "string" + }, + "StorageMaximumSizeValue": { + "maximum": 1073741824, + "minimum": 1, + "type": "integer" + }, + "StorageMinimumTimeToLive": { + "additionalProperties": false, + "properties": { + "Unit": { + "$ref": "#/definitions/StorageMinimumTimeToLiveUnit" + }, + "Value": { + "$ref": "#/definitions/StorageMinimumTimeToLiveValue" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "StorageMinimumTimeToLiveUnit": { + "enum": [ + "HOURS", + "DAYS", + "WEEKS" + ], + "type": "string" + }, + "StorageMinimumTimeToLiveValue": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + }, "Tag": { "additionalProperties": false, "properties": { @@ -223,7 +474,7 @@ "additionalProperties": false, "properties": { "PeriodMs": { - "maximum": 60000, + "maximum": 86400000, "minimum": 10000, "type": "number" } @@ -233,6 +484,45 @@ ], "type": "object" }, + "TimeBasedSignalFetchConfig": { + "additionalProperties": false, + "properties": { + "ExecutionFrequencyMs": { + "minimum": 1, + "type": "number" + } + }, + "required": [ + "ExecutionFrequencyMs" + ], + "type": "object" + }, + "TimePeriod": { + "additionalProperties": false, + "properties": { + "Unit": { + "$ref": "#/definitions/TimeUnit" + }, + "Value": { + "minimum": 1, + "type": "number" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "TimeUnit": { + "enum": [ + "MILLISECOND", + "SECOND", + "MINUTE", + "HOUR" + ], + "type": "string" + }, "TimestreamConfig": { "additionalProperties": false, "properties": { @@ -354,6 +644,16 @@ "minItems": 0, "type": "array" }, + "DataPartitions": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/DataPartition" + }, + "maxItems": 20, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, "Description": { "maxLength": 2048, "minLength": 1, @@ -401,6 +701,15 @@ "minItems": 0, "type": "array" }, + "SignalsToFetch": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SignalFetchInformation" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "SpoolingMode": { "$ref": "#/definitions/SpoolingMode" }, @@ -434,13 +743,17 @@ ], "required": [ "Name", - "Action", "CollectionScheme", "SignalCatalogArn", "TargetArn" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iotfleetwise:UntagResource", + "iotfleetwise:TagResource", + "iotfleetwise:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iotfleetwise-decodermanifest.json b/src/schema/aws-iotfleetwise-decodermanifest.json index 476946f0..c556ce97 100644 --- a/src/schema/aws-iotfleetwise-decodermanifest.json +++ b/src/schema/aws-iotfleetwise-decodermanifest.json @@ -98,6 +98,9 @@ "string" ] }, + "SignalValueType": { + "$ref": "#/definitions/SignalValueType" + }, "StartBit": { "type": [ "integer", @@ -147,6 +150,98 @@ ], "type": "object" }, + "CustomDecodingInterface": { + "additionalProperties": false, + "properties": { + "Name": { + "maxLength": 100, + "minLength": 1, + "pattern": "^[a-zA-Z\\d\\-_:]+$", + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "CustomDecodingNetworkInterface": { + "additionalProperties": false, + "properties": { + "CustomDecodingInterface": { + "$ref": "#/definitions/CustomDecodingInterface" + }, + "InterfaceId": { + "maxLength": 50, + "minLength": 1, + "type": "string" + }, + "Type": { + "enum": [ + "CUSTOM_DECODING_INTERFACE" + ], + "type": "string" + } + }, + "required": [ + "InterfaceId", + "Type", + "CustomDecodingInterface" + ], + "type": "object" + }, + "CustomDecodingSignal": { + "additionalProperties": false, + "properties": { + "Id": { + "maxLength": 150, + "minLength": 1, + "pattern": "^(?!.*\\.\\.)[a-zA-Z0-9_\\-#:.]+$", + "type": "string" + } + }, + "required": [ + "Id" + ], + "type": "object" + }, + "CustomDecodingSignalDecoder": { + "additionalProperties": false, + "properties": { + "CustomDecodingSignal": { + "$ref": "#/definitions/CustomDecodingSignal" + }, + "FullyQualifiedName": { + "maxLength": 150, + "minLength": 1, + "type": "string" + }, + "InterfaceId": { + "maxLength": 50, + "minLength": 1, + "type": "string" + }, + "Type": { + "enum": [ + "CUSTOM_DECODING_SIGNAL" + ], + "type": "string" + } + }, + "required": [ + "FullyQualifiedName", + "InterfaceId", + "Type", + "CustomDecodingSignal" + ], + "type": "object" + }, + "DefaultForUnmappedSignalsType": { + "enum": [ + "CUSTOM_DECODING" + ], + "type": "string" + }, "ManifestStatus": { "default": "DRAFT", "enum": [ @@ -251,6 +346,12 @@ "string" ] }, + "IsSigned": { + "type": [ + "boolean", + "string" + ] + }, "Offset": { "type": [ "number", @@ -281,6 +382,9 @@ "string" ] }, + "SignalValueType": { + "$ref": "#/definitions/SignalValueType" + }, "StartByte": { "type": [ "integer", @@ -330,6 +434,13 @@ ], "type": "object" }, + "SignalValueType": { + "enum": [ + "INTEGER", + "FLOATING_POINT" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -406,6 +517,9 @@ "format": "date-time", "type": "string" }, + "DefaultForUnmappedSignals": { + "$ref": "#/definitions/DefaultForUnmappedSignalsType" + }, "Description": { "maxLength": 2048, "minLength": 1, @@ -434,10 +548,13 @@ }, { "$ref": "#/definitions/ObdNetworkInterface" + }, + { + "$ref": "#/definitions/CustomDecodingNetworkInterface" } ] }, - "maxItems": 500, + "maxItems": 5000, "minItems": 1, "type": "array" }, @@ -450,10 +567,13 @@ }, { "$ref": "#/definitions/ObdSignalDecoder" + }, + { + "$ref": "#/definitions/CustomDecodingSignalDecoder" } ] }, - "maxItems": 500, + "maxItems": 5000, "minItems": 1, "type": "array" }, @@ -482,10 +602,18 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iotfleetwise:UntagResource", + "iotfleetwise:TagResource", + "iotfleetwise:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::IoTFleetWise::DecoderManifest" + "typeName": "AWS::IoTFleetWise::DecoderManifest", + "writeOnlyProperties": [ + "/properties/DefaultForUnmappedSignals" + ] } diff --git a/src/schema/aws-iotfleetwise-fleet.json b/src/schema/aws-iotfleetwise-fleet.json index 8570e629..93b74412 100644 --- a/src/schema/aws-iotfleetwise-fleet.json +++ b/src/schema/aws-iotfleetwise-fleet.json @@ -116,6 +116,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iotfleetwise:UntagResource", + "iotfleetwise:TagResource", + "iotfleetwise:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iotfleetwise-modelmanifest.json b/src/schema/aws-iotfleetwise-modelmanifest.json index 163dbb38..ea23f818 100644 --- a/src/schema/aws-iotfleetwise-modelmanifest.json +++ b/src/schema/aws-iotfleetwise-modelmanifest.json @@ -138,6 +138,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iotfleetwise:UntagResource", + "iotfleetwise:TagResource", + "iotfleetwise:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iotfleetwise-signalcatalog.json b/src/schema/aws-iotfleetwise-signalcatalog.json index a6d27671..4dc17fd1 100644 --- a/src/schema/aws-iotfleetwise-signalcatalog.json +++ b/src/schema/aws-iotfleetwise-signalcatalog.json @@ -334,7 +334,7 @@ "items": { "$ref": "#/definitions/Node" }, - "maxItems": 500, + "maxItems": 5000, "minItems": 1, "type": "array", "uniqueItems": true @@ -362,6 +362,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iotfleetwise:UntagResource", + "iotfleetwise:TagResource", + "iotfleetwise:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iotfleetwise-statetemplate.json b/src/schema/aws-iotfleetwise-statetemplate.json new file mode 100644 index 00000000..327548fd --- /dev/null +++ b/src/schema/aws-iotfleetwise-statetemplate.json @@ -0,0 +1,177 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/SignalCatalogArn" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + } + }, + "description": "Definition of AWS::IoTFleetWise::StateTemplate Resource Type", + "handlers": { + "create": { + "permissions": [ + "iotfleetwise:GetStateTemplate", + "iotfleetwise:CreateStateTemplate", + "iotfleetwise:ListTagsForResource", + "iotfleetwise:TagResource" + ] + }, + "delete": { + "permissions": [ + "iotfleetwise:DeleteStateTemplate", + "iotfleetwise:GetStateTemplate" + ] + }, + "list": { + "permissions": [ + "iotfleetwise:ListStateTemplates" + ] + }, + "read": { + "permissions": [ + "iotfleetwise:GetStateTemplate", + "iotfleetwise:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "iotfleetwise:UpdateStateTemplate", + "iotfleetwise:GetStateTemplate", + "iotfleetwise:ListTagsForResource", + "iotfleetwise:TagResource", + "iotfleetwise:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Name" + ], + "properties": { + "Arn": { + "type": "string" + }, + "CreationTime": { + "format": "date-time", + "type": "string" + }, + "DataExtraDimensions": { + "insertionOrder": false, + "items": { + "maxLength": 150, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_.]+$", + "type": "string" + }, + "maxItems": 5, + "minItems": 0, + "type": "array" + }, + "Description": { + "maxLength": 2048, + "minLength": 1, + "pattern": "^[^\\u0000-\\u001F\\u007F]+$", + "type": "string" + }, + "Id": { + "maxLength": 26, + "minLength": 26, + "pattern": "^[A-Z0-9]+$", + "type": "string" + }, + "LastModificationTime": { + "format": "date-time", + "type": "string" + }, + "MetadataExtraDimensions": { + "insertionOrder": false, + "items": { + "maxLength": 150, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_.]+$", + "type": "string" + }, + "maxItems": 5, + "minItems": 0, + "type": "array" + }, + "Name": { + "maxLength": 100, + "minLength": 1, + "pattern": "^[a-zA-Z\\d\\-_:]+$", + "type": "string" + }, + "SignalCatalogArn": { + "type": "string" + }, + "StateTemplateProperties": { + "insertionOrder": false, + "items": { + "maxLength": 150, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_.]+$", + "type": "string" + }, + "maxItems": 500, + "minItems": 1, + "type": "array" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Id", + "/properties/CreationTime", + "/properties/LastModificationTime" + ], + "required": [ + "Name", + "SignalCatalogArn", + "StateTemplateProperties" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotfleetwise:ListTagsForResource", + "iotfleetwise:TagResource", + "iotfleetwise:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::IoTFleetWise::StateTemplate" +} diff --git a/src/schema/aws-iotfleetwise-vehicle.json b/src/schema/aws-iotfleetwise-vehicle.json index b9dc4ede..3ec85ddc 100644 --- a/src/schema/aws-iotfleetwise-vehicle.json +++ b/src/schema/aws-iotfleetwise-vehicle.json @@ -4,6 +4,69 @@ "/properties/Name" ], "definitions": { + "OnChangeStateTemplateUpdateStrategy": { + "additionalProperties": false, + "type": "object" + }, + "PeriodicStateTemplateUpdateStrategy": { + "additionalProperties": false, + "properties": { + "StateTemplateUpdateRate": { + "$ref": "#/definitions/TimePeriod" + } + }, + "required": [ + "StateTemplateUpdateRate" + ], + "type": "object" + }, + "StateTemplateAssociation": { + "additionalProperties": false, + "minProperties": 0, + "properties": { + "Identifier": { + "maxLength": 100, + "minLength": 1, + "type": "string" + }, + "StateTemplateUpdateStrategy": { + "$ref": "#/definitions/StateTemplateUpdateStrategy" + } + }, + "required": [ + "Identifier", + "StateTemplateUpdateStrategy" + ], + "type": "object" + }, + "StateTemplateUpdateStrategy": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Periodic": { + "$ref": "#/definitions/PeriodicStateTemplateUpdateStrategy" + } + }, + "required": [ + "Periodic" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "OnChange": { + "$ref": "#/definitions/OnChangeStateTemplateUpdateStrategy" + } + }, + "required": [ + "OnChange" + ], + "type": "object" + } + ] + }, "Tag": { "additionalProperties": false, "properties": { @@ -24,6 +87,32 @@ ], "type": "object" }, + "TimePeriod": { + "additionalProperties": false, + "properties": { + "Unit": { + "$ref": "#/definitions/TimeUnit" + }, + "Value": { + "minimum": 1, + "type": "number" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "TimeUnit": { + "enum": [ + "MILLISECOND", + "SECOND", + "MINUTE", + "HOUR" + ], + "type": "string" + }, "VehicleAssociationBehavior": { "enum": [ "CreateIotThing", @@ -115,6 +204,16 @@ "pattern": "^[a-zA-Z\\d\\-_:]+$", "type": "string" }, + "StateTemplates": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StateTemplateAssociation" + }, + "maxItems": 20, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, "Tags": { "insertionOrder": false, "items": { @@ -138,6 +237,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iotfleetwise:UntagResource", + "iotfleetwise:TagResource", + "iotfleetwise:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iotsitewise-accesspolicy.json b/src/schema/aws-iotsitewise-accesspolicy.json index 484902fb..45131d48 100644 --- a/src/schema/aws-iotsitewise-accesspolicy.json +++ b/src/schema/aws-iotsitewise-accesspolicy.json @@ -101,7 +101,9 @@ }, "list": { "permissions": [ - "iotsitewise:ListAccessPolicies" + "iotsitewise:ListAccessPolicies", + "iotsitewise:ListProjects", + "iotsitewise:ListPortals" ] }, "read": { @@ -151,6 +153,8 @@ "AccessPolicyResource" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-IoTSiteWise.git", - "taggable": false, + "tagging": { + "taggable": false + }, "typeName": "AWS::IoTSiteWise::AccessPolicy" } diff --git a/src/schema/aws-iotsitewise-dashboard.json b/src/schema/aws-iotsitewise-dashboard.json index ada68439..875b90fc 100644 --- a/src/schema/aws-iotsitewise-dashboard.json +++ b/src/schema/aws-iotsitewise-dashboard.json @@ -49,7 +49,10 @@ }, "list": { "permissions": [ - "iotsitewise:ListDashboards" + "iotsitewise:ListDashboards", + "iotsitewise:ListPortals", + "iotsitewise:ListProjects", + "iotsitewise:ListTagsForResource" ] }, "read": { @@ -120,6 +123,17 @@ "DashboardName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iotsitewise.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotsitewise:TagResource", + "iotsitewise:UntagResource", + "iotsitewise:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTSiteWise::Dashboard" } diff --git a/src/schema/aws-iotsitewise-dataset.json b/src/schema/aws-iotsitewise-dataset.json new file mode 100644 index 00000000..49a69b66 --- /dev/null +++ b/src/schema/aws-iotsitewise-dataset.json @@ -0,0 +1,177 @@ +{ + "additionalProperties": false, + "definitions": { + "DatasetSource": { + "additionalProperties": false, + "properties": { + "SourceDetail": { + "$ref": "#/definitions/SourceDetail", + "description": "The details of the dataset source associated with the dataset." + }, + "SourceFormat": { + "description": "The format of the dataset source associated with the dataset.", + "enum": [ + "KNOWLEDGE_BASE" + ], + "type": "string" + }, + "SourceType": { + "description": "The type of data source for the dataset.", + "enum": [ + "KENDRA" + ], + "type": "string" + } + }, + "required": [ + "SourceFormat", + "SourceType" + ], + "type": "object" + }, + "KendraSourceDetail": { + "additionalProperties": false, + "properties": { + "KnowledgeBaseArn": { + "description": "The knowledgeBaseArn details for the Kendra dataset source.", + "type": "string" + }, + "RoleArn": { + "description": "The roleARN details for the Kendra dataset source.", + "type": "string" + } + }, + "required": [ + "KnowledgeBaseArn", + "RoleArn" + ], + "type": "object" + }, + "SourceDetail": { + "additionalProperties": false, + "properties": { + "Kendra": { + "$ref": "#/definitions/KendraSourceDetail", + "description": "Contains details about the Kendra dataset source." + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + } + }, + "description": "Resource schema for AWS::IoTSiteWise::Dataset.", + "handlers": { + "create": { + "permissions": [ + "iotsitewise:CreateDataset", + "iotsitewise:DescribeDataset", + "iam:PassRole", + "iotsitewise:ListTagsForResource", + "iotsitewise:TagResource" + ] + }, + "delete": { + "permissions": [ + "iotsitewise:DeleteDataset", + "iotsitewise:DescribeDataset", + "iotsitewise:ListTagsForResource" + ] + }, + "list": { + "permissions": [ + "iotsitewise:ListDatasets", + "iotsitewise:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "iotsitewise:DescribeDataset", + "iotsitewise:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "iotsitewise:UpdateDataset", + "iotsitewise:DescribeDataset", + "iam:PassRole", + "iotsitewise:ListTagsForResource", + "iotsitewise:TagResource", + "iotsitewise:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/DatasetId" + ], + "properties": { + "DatasetArn": { + "description": "The ARN of the dataset.", + "type": "string" + }, + "DatasetDescription": { + "description": "A description about the dataset, and its functionality.", + "type": "string" + }, + "DatasetId": { + "description": "The ID of the dataset.", + "maxLength": 36, + "minLength": 36, + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", + "type": "string" + }, + "DatasetName": { + "description": "The name of the dataset.", + "type": "string" + }, + "DatasetSource": { + "$ref": "#/definitions/DatasetSource", + "description": "The data source for the dataset." + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/DatasetArn", + "/properties/DatasetId" + ], + "required": [ + "DatasetName", + "DatasetSource" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-IoTSiteWise.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotsitewise:TagResource", + "iotsitewise:UntagResource", + "iotsitewise:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::IoTSiteWise::Dataset" +} diff --git a/src/schema/aws-iotsitewise-gateway.json b/src/schema/aws-iotsitewise-gateway.json index 20942d10..3143b91d 100644 --- a/src/schema/aws-iotsitewise-gateway.json +++ b/src/schema/aws-iotsitewise-gateway.json @@ -1,7 +1,8 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/GatewayPlatform" + "/properties/GatewayPlatform", + "/properties/GatewayVersion" ], "definitions": { "CapabilityConfiguration": { @@ -32,11 +33,6 @@ "additionalProperties": false, "description": "Contains a gateway's platform information.", "oneOf": [ - { - "required": [ - "Greengrass" - ] - }, { "required": [ "GreengrassV2" @@ -49,10 +45,6 @@ } ], "properties": { - "Greengrass": { - "$ref": "#/definitions/Greengrass", - "description": "A gateway that runs on AWS IoT Greengrass V1." - }, "GreengrassV2": { "$ref": "#/definitions/GreengrassV2", "description": "A gateway that runs on AWS IoT Greengrass V2." @@ -64,24 +56,23 @@ }, "type": "object" }, - "Greengrass": { - "additionalProperties": false, - "description": "Contains the ARN of AWS IoT Greengrass Group V1 that the gateway runs on.", - "properties": { - "GroupArn": { - "description": "The ARN of the Greengrass group.", - "type": "string" - } - }, - "required": [ - "GroupArn" - ], - "type": "object" + "GatewayVersion": { + "description": "The version of the gateway you want to create.", + "type": "string" }, "GreengrassV2": { "additionalProperties": false, "description": "Contains the CoreDeviceThingName of AWS IoT Greengrass Group V2 that the gateway runs on.", "properties": { + "CoreDeviceOperatingSystem": { + "description": "The operating system of the core device in AWS IoT Greengrass V2.", + "enum": [ + "LINUX_AARCH64", + "LINUX_AMD64", + "WINDOWS_AMD64" + ], + "type": "string" + }, "CoreDeviceThingName": { "description": "The name of the CoreDevice in GreenGrass V2.", "type": "string" @@ -134,10 +125,8 @@ "iotsitewise:UpdateGatewayCapabilityConfiguration", "iam:PassRole", "iam:GetRole", - "greengrass:GetCoreDevice", "iotsitewise:ListTagsForResource", - "iotsitewise:TagResource", - "iot:DescribeThing" + "iotsitewise:TagResource" ] }, "delete": { @@ -149,7 +138,8 @@ }, "list": { "permissions": [ - "iotsitewise:ListGateways" + "iotsitewise:ListGateways", + "iotsitewise:ListTagsForResource" ] }, "read": { @@ -196,6 +186,10 @@ "$ref": "#/definitions/GatewayPlatform", "description": "The gateway's platform. You can only specify one platform in a gateway." }, + "GatewayVersion": { + "description": "The version of the gateway you want to create.", + "type": "string" + }, "Tags": { "description": "A list of key-value pairs that contain metadata for the gateway.", "insertionOrder": false, @@ -214,6 +208,17 @@ "GatewayPlatform" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-IoTSiteWise.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotsitewise:TagResource", + "iotsitewise:UntagResource", + "iotsitewise:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTSiteWise::Gateway" } diff --git a/src/schema/aws-iotsitewise-portal.json b/src/schema/aws-iotsitewise-portal.json index 17cd080c..95cccdf5 100644 --- a/src/schema/aws-iotsitewise-portal.json +++ b/src/schema/aws-iotsitewise-portal.json @@ -6,9 +6,40 @@ ], "additionalProperties": false, "createOnlyProperties": [ - "/properties/PortalAuthMode" + "/properties/PortalAuthMode", + "/properties/PortalType" ], "definitions": { + "PortalTools": { + "description": "List of enabled Tools for a certain portal.", + "items": { + "type": "string" + }, + "type": "array" + }, + "PortalTypeConfiguration": { + "additionalProperties": false, + "description": "Map to associate detail of configuration related with a PortalType.", + "patternProperties": { + "^[a-z][a-zA-Z0-9_]*$": { + "$ref": "#/definitions/PortalTypeEntry" + } + }, + "type": "object" + }, + "PortalTypeEntry": { + "additionalProperties": false, + "description": "Container associated a certain PortalType.", + "properties": { + "PortalTools": { + "$ref": "#/definitions/PortalTools" + } + }, + "required": [ + "PortalTools" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "To add or update tag, provide both key and value. To delete tag, provide only tag key to be deleted.", @@ -49,7 +80,8 @@ }, "list": { "permissions": [ - "iotsitewise:ListPortals" + "iotsitewise:ListPortals", + "iotsitewise:ListTagsForResource" ] }, "read": { @@ -126,6 +158,17 @@ "description": "The public root URL for the AWS IoT AWS IoT SiteWise Monitor application portal.", "type": "string" }, + "PortalType": { + "description": "The type of portal", + "enum": [ + "SITEWISE_PORTAL_V1", + "SITEWISE_PORTAL_V2" + ], + "type": "string" + }, + "PortalTypeConfiguration": { + "$ref": "#/definitions/PortalTypeConfiguration" + }, "RoleArn": { "description": "The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf.", "type": "string" @@ -152,9 +195,17 @@ "RoleArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iotsitewise.git", - "taggable": true, - "typeName": "AWS::IoTSiteWise::Portal", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotsitewise:TagResource", + "iotsitewise:UntagResource", + "iotsitewise:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::IoTSiteWise::Portal" } diff --git a/src/schema/aws-iotsitewise-project.json b/src/schema/aws-iotsitewise-project.json index 7f48c136..a27d85dc 100644 --- a/src/schema/aws-iotsitewise-project.json +++ b/src/schema/aws-iotsitewise-project.json @@ -46,7 +46,9 @@ }, "list": { "permissions": [ - "iotsitewise:ListProjects" + "iotsitewise:ListPortals", + "iotsitewise:ListProjects", + "iotsitewise:ListTagsForResource" ] }, "read": { @@ -120,6 +122,17 @@ "ProjectName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-IoTSiteWise.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotsitewise:TagResource", + "iotsitewise:UntagResource", + "iotsitewise:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTSiteWise::Project" } diff --git a/src/schema/aws-iottwinmaker-componenttype.json b/src/schema/aws-iottwinmaker-componenttype.json index df218796..bbcedea5 100644 --- a/src/schema/aws-iottwinmaker-componenttype.json +++ b/src/schema/aws-iottwinmaker-componenttype.json @@ -549,6 +549,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iottwinmaker", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iottwinmaker-entity.json b/src/schema/aws-iottwinmaker-entity.json index c3e9fc36..24f534f9 100644 --- a/src/schema/aws-iottwinmaker-entity.json +++ b/src/schema/aws-iottwinmaker-entity.json @@ -591,6 +591,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iottwinmaker", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iottwinmaker-scene.json b/src/schema/aws-iottwinmaker-scene.json index 8eae43c2..eeafe452 100644 --- a/src/schema/aws-iottwinmaker-scene.json +++ b/src/schema/aws-iottwinmaker-scene.json @@ -180,6 +180,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iottwinmaker", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iottwinmaker-syncjob.json b/src/schema/aws-iottwinmaker-syncjob.json index 1210f8b1..47b35b5d 100644 --- a/src/schema/aws-iottwinmaker-syncjob.json +++ b/src/schema/aws-iottwinmaker-syncjob.json @@ -132,6 +132,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iottwinmaker", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/src/schema/aws-iottwinmaker-workspace.json b/src/schema/aws-iottwinmaker-workspace.json index 7f90b269..618be2ef 100644 --- a/src/schema/aws-iottwinmaker-workspace.json +++ b/src/schema/aws-iottwinmaker-workspace.json @@ -118,6 +118,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iottwinmaker:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-iotwireless-destination.json b/src/schema/aws-iotwireless-destination.json index 539aa6aa..0d7f50e8 100644 --- a/src/schema/aws-iotwireless-destination.json +++ b/src/schema/aws-iotwireless-destination.json @@ -27,8 +27,7 @@ "permissions": [ "iam:PassRole", "iotwireless:CreateDestination", - "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] }, "delete": { @@ -51,9 +50,10 @@ "update": { "permissions": [ "iam:PassRole", + "iotwireless:GetDestination", "iotwireless:UpdateDestination", "iotwireless:UntagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] } }, @@ -115,6 +115,17 @@ "ExpressionType" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::Destination" } diff --git a/src/schema/aws-iotwireless-deviceprofile.json b/src/schema/aws-iotwireless-deviceprofile.json index efa65515..262e912e 100644 --- a/src/schema/aws-iotwireless-deviceprofile.json +++ b/src/schema/aws-iotwireless-deviceprofile.json @@ -1,5 +1,9 @@ { "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/LoRaWAN" + ], "definitions": { "FactoryPresetFreq": { "maximum": 16700000, @@ -120,8 +124,7 @@ "create": { "permissions": [ "iotwireless:CreateDeviceProfile", - "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] }, "delete": { @@ -140,6 +143,13 @@ "iotwireless:GetDeviceProfile", "iotwireless:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "iotwireless:GetDeviceProfile", + "iotwireless:TagResource", + "iotwireless:UntagResource" + ] } }, "primaryIdentifier": [ @@ -181,6 +191,17 @@ ], "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::DeviceProfile" } diff --git a/src/schema/aws-iotwireless-fuotatask.json b/src/schema/aws-iotwireless-fuotatask.json index 73d26da5..79aa05e7 100644 --- a/src/schema/aws-iotwireless-fuotatask.json +++ b/src/schema/aws-iotwireless-fuotatask.json @@ -44,7 +44,6 @@ "permissions": [ "iotwireless:CreateFuotaTask", "iotwireless:TagResource", - "iotwireless:ListTagsForResource", "iam:GetRole", "iam:PassRole" ] @@ -70,8 +69,9 @@ "permissions": [ "iam:PassRole", "iotwireless:UpdateFuotaTask", + "iotwireless:GetFuotaTask", + "iotwireless:TagResource", "iotwireless:UntagResource", - "iotwireless:ListTagsForResource", "iotwireless:AssociateMulticastGroupWithFuotaTask", "iotwireless:DisassociateMulticastGroupFromFuotaTask", "iotwireless:AssociateWirelessDeviceWithFuotaTask", @@ -165,6 +165,17 @@ "FirmwareUpdateRole" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::FuotaTask" } diff --git a/src/schema/aws-iotwireless-multicastgroup.json b/src/schema/aws-iotwireless-multicastgroup.json index 758ea7d4..bcf3706c 100644 --- a/src/schema/aws-iotwireless-multicastgroup.json +++ b/src/schema/aws-iotwireless-multicastgroup.json @@ -53,8 +53,7 @@ "create": { "permissions": [ "iotwireless:CreateMulticastGroup", - "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] }, "delete": { @@ -77,8 +76,9 @@ "update": { "permissions": [ "iotwireless:UpdateMulticastGroup", + "iotwireless:GetMulticastGroup", + "iotwireless:TagResource", "iotwireless:UntagResource", - "iotwireless:ListTagsForResource", "iotwireless:AssociateWirelessDeviceWithMulticastGroup", "iotwireless:DisassociateWirelessDeviceFromMulticastGroup" ] @@ -147,6 +147,17 @@ "LoRaWAN" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::MulticastGroup" } diff --git a/src/schema/aws-iotwireless-networkanalyzerconfiguration.json b/src/schema/aws-iotwireless-networkanalyzerconfiguration.json index fb57c966..ffd8897e 100644 --- a/src/schema/aws-iotwireless-networkanalyzerconfiguration.json +++ b/src/schema/aws-iotwireless-networkanalyzerconfiguration.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Name", - "/properties/Tags" + "/properties/Name" ], "definitions": { "LogLevel": { @@ -49,8 +48,7 @@ "create": { "permissions": [ "iotwireless:CreateNetworkAnalyzerConfiguration", - "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] }, "delete": { @@ -73,8 +71,9 @@ "update": { "permissions": [ "iotwireless:UpdateNetworkAnalyzerConfiguration", - "iotwireless:UntagResource", - "iotwireless:ListTagsForResource" + "iotwireless:GetNetworkAnalyzerConfiguration", + "iotwireless:TagResource", + "iotwireless:UntagResource" ] } }, @@ -148,9 +147,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", - "tagUpdatable": false, + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::IoTWireless::NetworkAnalyzerConfiguration" diff --git a/src/schema/aws-iotwireless-partneraccount.json b/src/schema/aws-iotwireless-partneraccount.json index 6c473158..e8f8f51d 100644 --- a/src/schema/aws-iotwireless-partneraccount.json +++ b/src/schema/aws-iotwireless-partneraccount.json @@ -73,7 +73,7 @@ "permissions": [ "iotwireless:AssociateAwsAccountWithPartnerAccount", "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:GetPartnerAccount" ] }, "delete": { @@ -95,9 +95,12 @@ }, "update": { "permissions": [ + "iotwireless:GetPartnerAccount", + "iotwireless:AssociateAwsAccountWithPartnerAccount", "iotwireless:UpdatePartnerAccount", - "iotwireless:UntagResource", - "iotwireless:ListTagsForResource" + "iotwireless:ListTagsForResource", + "iotwireless:TagResource", + "iotwireless:UntagResource" ] } }, @@ -157,7 +160,18 @@ "/properties/Fingerprint" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::PartnerAccount", "writeOnlyProperties": [ "/properties/SidewalkUpdate", diff --git a/src/schema/aws-iotwireless-serviceprofile.json b/src/schema/aws-iotwireless-serviceprofile.json index c6027885..08b838ce 100644 --- a/src/schema/aws-iotwireless-serviceprofile.json +++ b/src/schema/aws-iotwireless-serviceprofile.json @@ -1,5 +1,9 @@ { "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/LoRaWAN" + ], "definitions": { "LoRaWANServiceProfile": { "additionalProperties": false, @@ -86,8 +90,7 @@ "create": { "permissions": [ "iotwireless:CreateServiceProfile", - "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] }, "delete": { @@ -106,6 +109,13 @@ "iotwireless:GetServiceProfile", "iotwireless:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "iotwireless:GetServiceProfile", + "iotwireless:TagResource", + "iotwireless:UntagResource" + ] } }, "primaryIdentifier": [ @@ -163,6 +173,17 @@ ], "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::ServiceProfile" } diff --git a/src/schema/aws-iotwireless-taskdefinition.json b/src/schema/aws-iotwireless-taskdefinition.json index 0f039f73..ccc7fa22 100644 --- a/src/schema/aws-iotwireless-taskdefinition.json +++ b/src/schema/aws-iotwireless-taskdefinition.json @@ -97,7 +97,6 @@ "permissions": [ "iotwireless:CreateWirelessGatewayTaskDefinition", "iotwireless:TagResource", - "iotwireless:ListTagsForResource", "iam:GetRole", "iam:PassRole" ] @@ -108,6 +107,13 @@ ] }, "list": { + "handlerSchema": { + "properties": { + "TaskDefinitionType": { + "$ref": "#/properties/TaskDefinitionType" + } + } + }, "permissions": [ "iotwireless:ListWirelessGatewayTaskDefinitions", "iotwireless:ListTagsForResource" @@ -118,6 +124,13 @@ "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:TagResource", + "iotwireless:UntagResource" + ] } }, "primaryIdentifier": [ @@ -177,6 +190,17 @@ "AutoCreateTasks" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::TaskDefinition" } diff --git a/src/schema/aws-iotwireless-wirelessdevice.json b/src/schema/aws-iotwireless-wirelessdevice.json index b934665d..876ba604 100644 --- a/src/schema/aws-iotwireless-wirelessdevice.json +++ b/src/schema/aws-iotwireless-wirelessdevice.json @@ -54,7 +54,10 @@ "Type": { "description": "Application type, which can be specified to obtain real-time position information of your LoRaWAN device.", "enum": [ - "SemtechGeolocation" + "SemtechGeolocation", + "SemtechGNSS", + "SemtechGNSSNG", + "SemtechWiFi" ], "type": "string" } @@ -240,8 +243,7 @@ "create": { "permissions": [ "iotwireless:CreateWirelessDevice", - "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] }, "delete": { @@ -265,9 +267,10 @@ "update": { "permissions": [ "iotwireless:UpdateWirelessDevice", - "iotwireless:UntagResource", - "iotwireless:ListTagsForResource", - "iotwireless:AssociateWirelessDeviceWithThing" + "iotwireless:GetWirelessDevice", + "iotwireless:AssociateWirelessDeviceWithThing", + "iotwireless:TagResource", + "iotwireless:UntagResource" ] } }, @@ -352,6 +355,17 @@ "DestinationName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::WirelessDevice" } diff --git a/src/schema/aws-iotwireless-wirelessdeviceimporttask.json b/src/schema/aws-iotwireless-wirelessdeviceimporttask.json index c50c8be7..0d97a632 100644 --- a/src/schema/aws-iotwireless-wirelessdeviceimporttask.json +++ b/src/schema/aws-iotwireless-wirelessdeviceimporttask.json @@ -45,7 +45,6 @@ "iotwireless:StartWirelessDeviceImportTask", "iotwireless:StartSingleWirelessDeviceImportTask", "iotwireless:TagResource", - "iotwireless:ListTagsForResource", "iam:PassRole" ] }, @@ -68,9 +67,10 @@ }, "update": { "permissions": [ + "iotwireless:GetWirelessDeviceImportTask", "iotwireless:UpdateWirelessDeviceImportTask", + "iotwireless:TagResource", "iotwireless:UntagResource", - "iotwireless:ListTagsForResource", "iam:PassRole" ] } @@ -118,27 +118,6 @@ "Sidewalk": { "additionalProperties": false, "description": "sidewalk contain file for created device and role", - "oneOf": [ - { - "allOf": [ - { - "required": [ - "DeviceCreationFile" - ] - }, - { - "required": [ - "Role" - ] - } - ] - }, - { - "required": [ - "SidewalkManufacturingSn" - ] - } - ], "properties": { "DeviceCreationFile": { "maxLength": 1024, @@ -201,10 +180,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", - "tagUpdatable": false, + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::IoTWireless::WirelessDeviceImportTask", diff --git a/src/schema/aws-iotwireless-wirelessgateway.json b/src/schema/aws-iotwireless-wirelessgateway.json index 1ae0c9d7..9f4f82d1 100644 --- a/src/schema/aws-iotwireless-wirelessgateway.json +++ b/src/schema/aws-iotwireless-wirelessgateway.json @@ -41,8 +41,7 @@ "create": { "permissions": [ "iotwireless:CreateWirelessGateway", - "iotwireless:TagResource", - "iotwireless:ListTagsForResource" + "iotwireless:TagResource" ] }, "delete": { @@ -65,10 +64,11 @@ }, "update": { "permissions": [ + "iotwireless:GetWirelessGateway", "iotwireless:UpdateWirelessGateway", - "iotwireless:UntagResource", - "iotwireless:ListTagsForResource", - "iotwireless:AssociateWirelessGatewayWithThing" + "iotwireless:AssociateWirelessGatewayWithThing", + "iotwireless:TagResource", + "iotwireless:UntagResource" ] } }, @@ -130,6 +130,17 @@ "LoRaWAN" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "iotwireless:TagResource", + "iotwireless:UntagResource", + "iotwireless:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::IoTWireless::WirelessGateway" } diff --git a/src/schema/aws-ivs-channel.json b/src/schema/aws-ivs-channel.json index 7061a512..61b8a357 100644 --- a/src/schema/aws-ivs-channel.json +++ b/src/schema/aws-ivs-channel.json @@ -1,17 +1,47 @@ { "additionalProperties": false, "definitions": { + "MultitrackInputConfiguration": { + "additionalProperties": false, + "properties": { + "Enabled": { + "default": false, + "description": "Indicates whether multitrack input is enabled. Can be set to true only if channel type is STANDARD. Setting enabled to true with any other channel type will cause an exception. If true, then policy, maximumResolution, and containerFormat are required, and containerFormat must be set to FRAGMENTED_MP4. Default: false.", + "type": "boolean" + }, + "MaximumResolution": { + "description": "Maximum resolution for multitrack input. Required if enabled is true.", + "enum": [ + "SD", + "HD", + "FULL_HD" + ], + "type": "string" + }, + "Policy": { + "description": "Indicates whether multitrack input is allowed or required. Required if enabled is true.", + "enum": [ + "ALLOW", + "REQUIRE" + ], + "type": "string" + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, - "minLength": 1, + "minLength": 0, "type": "string" } }, @@ -33,7 +63,7 @@ "delete": { "permissions": [ "ivs:DeleteChannel", - "ivs:UnTagResource" + "ivs:UntagResource" ] }, "list": { @@ -53,7 +83,7 @@ "ivs:GetChannel", "ivs:UpdateChannel", "ivs:TagResource", - "ivs:UnTagResource", + "ivs:UntagResource", "ivs:ListTagsForResource" ] } @@ -74,6 +104,15 @@ "description": "Whether the channel is authorized.", "type": "boolean" }, + "ContainerFormat": { + "default": "TS", + "description": "Indicates which content-packaging format is used (MPEG-TS or fMP4). If multitrackInputConfiguration is specified and enabled is true, then containerFormat is required and must be set to FRAGMENTED_MP4. Otherwise, containerFormat may be set to TS or FRAGMENTED_MP4. Default: TS.", + "enum": [ + "TS", + "FRAGMENTED_MP4" + ], + "type": "string" + }, "IngestEndpoint": { "description": "Channel ingest endpoint, part of the definition of an ingest server, used when you set up streaming software.", "type": "string" @@ -92,6 +131,9 @@ ], "type": "string" }, + "MultitrackInputConfiguration": { + "$ref": "#/definitions/MultitrackInputConfiguration" + }, "Name": { "default": "-", "description": "Channel", @@ -107,6 +149,7 @@ "Preset": { "description": "Optional transcode preset for the channel. This is selectable only for ADVANCED_HD and ADVANCED_SD channel types. For those channel types, the default preset is HIGHER_BANDWIDTH_DELIVERY. For other channel types (BASIC and STANDARD), preset is the empty string (\"\").", "enum": [ + "", "HIGHER_BANDWIDTH_DELIVERY", "CONSTRAINED_BANDWIDTH_DELIVERY" ], @@ -151,6 +194,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivs-encoderconfiguration.json b/src/schema/aws-ivs-encoderconfiguration.json index 39abc7fc..4bc32906 100644 --- a/src/schema/aws-ivs-encoderconfiguration.json +++ b/src/schema/aws-ivs-encoderconfiguration.json @@ -116,16 +116,16 @@ }, "Height": { "default": 720, - "description": "Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", + "description": "Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", "maximum": 1920, - "minimum": 1, + "minimum": 2, "type": "integer" }, "Width": { "default": 1280, - "description": "Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", + "description": "Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", "maximum": 1920, - "minimum": 1, + "minimum": 2, "type": "integer" } }, @@ -139,6 +139,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivs-ingestconfiguration.json b/src/schema/aws-ivs-ingestconfiguration.json new file mode 100644 index 00000000..ff7e3bc9 --- /dev/null +++ b/src/schema/aws-ivs-ingestconfiguration.json @@ -0,0 +1,169 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/InsecureIngest", + "/properties/UserId", + "/properties/Name", + "/properties/IngestProtocol" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::IVS::IngestConfiguration", + "handlers": { + "create": { + "permissions": [ + "ivs:CreateIngestConfiguration", + "ivs:TagResource" + ] + }, + "delete": { + "permissions": [ + "ivs:DeleteIngestConfiguration", + "ivs:UntagResource" + ] + }, + "list": { + "permissions": [ + "ivs:ListIngestConfigurations", + "ivs:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "ivs:GetIngestConfiguration", + "ivs:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "ivs:GetIngestConfiguration", + "ivs:UpdateIngestConfiguration", + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "description": "IngestConfiguration ARN is automatically generated on creation and assigned as the unique identifier.", + "maxLength": 128, + "minLength": 1, + "pattern": "^arn:aws:ivs:[a-z0-9-]+:[0-9]+:ingest-configuration/[a-zA-Z0-9-]+$", + "type": "string" + }, + "IngestProtocol": { + "default": "RTMPS", + "description": "Ingest Protocol.", + "enum": [ + "RTMP", + "RTMPS" + ], + "type": "string" + }, + "InsecureIngest": { + "default": false, + "description": "Whether ingest configuration allows insecure ingest.", + "type": "boolean" + }, + "Name": { + "default": "-", + "description": "IngestConfiguration", + "maxLength": 128, + "minLength": 0, + "pattern": "^[a-zA-Z0-9-_]*$", + "type": "string" + }, + "ParticipantId": { + "description": "Participant Id is automatically generated on creation and assigned.", + "maxLength": 64, + "minLength": 0, + "pattern": "^[a-zA-Z0-9-_]*$", + "type": "string" + }, + "StageArn": { + "default": "", + "description": "Stage ARN. A value other than an empty string indicates that stage is linked to IngestConfiguration. Default: \"\" (recording is disabled).", + "maxLength": 128, + "minLength": 0, + "pattern": "^arn:aws:ivs:[a-z0-9-]+:[0-9]+:stage/[a-zA-Z0-9-]+$", + "type": "string" + }, + "State": { + "default": "INACTIVE", + "description": "State of IngestConfiguration which determines whether IngestConfiguration is in use or not.", + "enum": [ + "ACTIVE", + "INACTIVE" + ], + "type": "string" + }, + "StreamKey": { + "description": "Stream-key value.", + "type": "string" + }, + "Tags": { + "description": "A list of key-value pairs that contain metadata for the asset model.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + }, + "UserId": { + "description": "User defined indentifier for participant associated with IngestConfiguration.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/ParticipantId", + "/properties/StreamKey", + "/properties/State" + ], + "required": [], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::IVS::IngestConfiguration", + "writeOnlyProperties": [ + "/properties/InsecureIngest" + ] +} diff --git a/src/schema/aws-ivs-playbackkeypair.json b/src/schema/aws-ivs-playbackkeypair.json index fda6285c..45b7cb88 100644 --- a/src/schema/aws-ivs-playbackkeypair.json +++ b/src/schema/aws-ivs-playbackkeypair.json @@ -15,7 +15,7 @@ }, "Value": { "maxLength": 256, - "minLength": 1, + "minLength": 0, "type": "string" } }, @@ -83,7 +83,7 @@ "type": "string" }, "PublicKeyMaterial": { - "description": "The public portion of a customer-generated key pair.", + "description": "The public portion of a customer-generated key pair. This field is required to create the AWS::IVS::PlaybackKeyPair resource.", "type": "string" }, "Tags": { @@ -104,6 +104,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivs-playbackrestrictionpolicy.json b/src/schema/aws-ivs-playbackrestrictionpolicy.json index 52b9c8da..ce9ef5bc 100644 --- a/src/schema/aws-ivs-playbackrestrictionpolicy.json +++ b/src/schema/aws-ivs-playbackrestrictionpolicy.json @@ -124,6 +124,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivs-publickey.json b/src/schema/aws-ivs-publickey.json new file mode 100644 index 00000000..97636e4a --- /dev/null +++ b/src/schema/aws-ivs-publickey.json @@ -0,0 +1,119 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/PublicKeyMaterial", + "/properties/Name" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::IVS::PublicKey", + "handlers": { + "create": { + "permissions": [ + "ivs:ImportPublicKey", + "ivs:TagResource" + ] + }, + "delete": { + "permissions": [ + "ivs:DeletePublicKey", + "ivs:UntagResource" + ] + }, + "list": { + "permissions": [ + "ivs:ListPublicKeys", + "ivs:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "ivs:GetPublicKey" + ] + }, + "update": { + "permissions": [ + "ivs:GetPublicKey", + "ivs:ListTagsForResource", + "ivs:UntagResource", + "ivs:TagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "description": "Key-pair identifier.", + "maxLength": 128, + "minLength": 1, + "pattern": "^arn:aws:ivs:[a-z0-9-]+:[0-9]+:public-key/[a-zA-Z0-9-]+$", + "type": "string" + }, + "Fingerprint": { + "description": "Key-pair identifier.", + "type": "string" + }, + "Name": { + "description": "Name of the public key to be imported. The value does not need to be unique.", + "maxLength": 128, + "minLength": 0, + "pattern": "^[a-zA-Z0-9-_]*$", + "type": "string" + }, + "PublicKeyMaterial": { + "description": "The public portion of a customer-generated key pair. This field is required to create the AWS::IVS::PublicKey resource.", + "pattern": "-----BEGIN PUBLIC KEY-----\\r?\\n([a-zA-Z0-9+/=\\r\\n]+)\\r?\\n-----END PUBLIC KEY-----(\\r?\\n)?", + "type": "string" + }, + "Tags": { + "description": "A list of key-value pairs that contain metadata for the asset model.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Fingerprint" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::IVS::PublicKey" +} diff --git a/src/schema/aws-ivs-recordingconfiguration.json b/src/schema/aws-ivs-recordingconfiguration.json index 41b531a9..5baa67c4 100644 --- a/src/schema/aws-ivs-recordingconfiguration.json +++ b/src/schema/aws-ivs-recordingconfiguration.json @@ -82,13 +82,15 @@ "additionalProperties": false, "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, - "minLength": 1, + "minLength": 0, "type": "string" } }, @@ -262,6 +264,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivs-stage.json b/src/schema/aws-ivs-stage.json index 22aac3bb..3ee310df 100644 --- a/src/schema/aws-ivs-stage.json +++ b/src/schema/aws-ivs-stage.json @@ -1,17 +1,54 @@ { "additionalProperties": false, "definitions": { + "AutoParticipantRecordingConfiguration": { + "additionalProperties": false, + "description": "Configuration object for individual participant recording, to attach to the new stage.", + "properties": { + "MediaTypes": { + "default": [ + "AUDIO_VIDEO" + ], + "description": "Types of media to be recorded. Default: AUDIO_VIDEO.", + "insertionOrder": false, + "items": { + "enum": [ + "AUDIO_VIDEO", + "AUDIO_ONLY" + ], + "type": "string" + }, + "maxItems": 1, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, + "StorageConfigurationArn": { + "description": "ARN of the StorageConfiguration resource to use for individual participant recording.", + "maxLength": 128, + "minLength": 0, + "pattern": "^$|^arn:aws:ivs:[a-z0-9-]+:[0-9]+:storage-configuration/[a-zA-Z0-9-]+$", + "type": "string" + } + }, + "required": [ + "StorageConfigurationArn" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, - "minLength": 1, + "minLength": 0, "type": "string" } }, @@ -35,7 +72,7 @@ "delete": { "permissions": [ "ivs:DeleteStage", - "ivs:UnTagResource" + "ivs:UntagResource" ] }, "list": { @@ -55,7 +92,7 @@ "ivs:GetStage", "ivs:UpdateStage", "ivs:TagResource", - "ivs:UnTagResource", + "ivs:UntagResource", "ivs:ListTagsForResource" ] } @@ -78,6 +115,9 @@ "pattern": "^arn:aws[-a-z]*:ivs:[a-z0-9-]+:[0-9]+:stage/[a-zA-Z0-9-]+$", "type": "string" }, + "AutoParticipantRecordingConfiguration": { + "$ref": "#/definitions/AutoParticipantRecordingConfiguration" + }, "Name": { "description": "Stage name", "maxLength": 128, @@ -91,6 +131,7 @@ "items": { "$ref": "#/definitions/Tag" }, + "maxItems": 50, "type": "array", "uniqueItems": true } @@ -102,6 +143,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivs-storageconfiguration.json b/src/schema/aws-ivs-storageconfiguration.json index 179accb4..3f160a79 100644 --- a/src/schema/aws-ivs-storageconfiguration.json +++ b/src/schema/aws-ivs-storageconfiguration.json @@ -27,13 +27,15 @@ "additionalProperties": false, "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, - "minLength": 1, + "minLength": 0, "type": "string" } }, @@ -129,6 +131,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivs-streamkey.json b/src/schema/aws-ivs-streamkey.json index cf0a4eff..793dace1 100644 --- a/src/schema/aws-ivs-streamkey.json +++ b/src/schema/aws-ivs-streamkey.json @@ -8,13 +8,15 @@ "additionalProperties": false, "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, - "minLength": 1, + "minLength": 0, "type": "string" } }, @@ -113,6 +115,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivs:TagResource", + "ivs:UntagResource", + "ivs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivschat-loggingconfiguration.json b/src/schema/aws-ivschat-loggingconfiguration.json index 48d2a351..2f3a77dd 100644 --- a/src/schema/aws-ivschat-loggingconfiguration.json +++ b/src/schema/aws-ivschat-loggingconfiguration.json @@ -216,6 +216,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ivschat.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivschat:TagResource", + "ivschat:UntagResource", + "ivschat:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ivschat-room.json b/src/schema/aws-ivschat-room.json index 8501e159..73c08024 100644 --- a/src/schema/aws-ivschat-room.json +++ b/src/schema/aws-ivschat-room.json @@ -158,6 +158,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ivschat.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ivschat:TagResource", + "ivschat:ListTagsForResource", + "ivschat:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-kafkaconnect-connector.json b/src/schema/aws-kafkaconnect-connector.json index 141dc5ba..24dafebf 100644 --- a/src/schema/aws-kafkaconnect-connector.json +++ b/src/schema/aws-kafkaconnect-connector.json @@ -6,7 +6,6 @@ ], "additionalProperties": false, "createOnlyProperties": [ - "/properties/ConnectorConfiguration", "/properties/ConnectorDescription", "/properties/ConnectorName", "/properties/KafkaCluster", @@ -454,6 +453,7 @@ "permissions": [ "kafkaconnect:UpdateConnector", "kafkaconnect:DescribeConnector", + "kafkaconnect:DescribeConnectorOperation", "kafkaconnect:TagResource", "kafkaconnect:ListTagsForResource", "kafkaconnect:UntagResource", @@ -565,6 +565,12 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kafkaconnect.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafkaconnect:ListTagsForResource", + "kafkaconnect:UntagResource", + "kafkaconnect:TagResource", + "firehose:TagDeliveryStream" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-kafkaconnect-customplugin.json b/src/schema/aws-kafkaconnect-customplugin.json index fdeda7df..08feaf9d 100644 --- a/src/schema/aws-kafkaconnect-customplugin.json +++ b/src/schema/aws-kafkaconnect-customplugin.json @@ -190,6 +190,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafkaconnect:ListTagsForResource", + "kafkaconnect:UntagResource", + "kafkaconnect:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-kafkaconnect-workerconfiguration.json b/src/schema/aws-kafkaconnect-workerconfiguration.json index 142e4ca8..3ffa71ea 100644 --- a/src/schema/aws-kafkaconnect-workerconfiguration.json +++ b/src/schema/aws-kafkaconnect-workerconfiguration.json @@ -117,6 +117,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kafkaconnect.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafkaconnect:ListTagsForResource", + "kafkaconnect:UntagResource", + "kafkaconnect:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-kendra-datasource.json b/src/schema/aws-kendra-datasource.json index 726f7490..a991e2aa 100644 --- a/src/schema/aws-kendra-datasource.json +++ b/src/schema/aws-kendra-datasource.json @@ -1779,5 +1779,17 @@ "Type" ], "sourceUrl": "https://docs.aws.amazon.com/kendra/latest/dg/hiw-data-source.html", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "kendra:UntagResource", + "kendra:TagResource", + "kendra:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Kendra::DataSource" } diff --git a/src/schema/aws-kendra-faq.json b/src/schema/aws-kendra-faq.json index a273fafa..4ceccd60 100644 --- a/src/schema/aws-kendra-faq.json +++ b/src/schema/aws-kendra-faq.json @@ -204,5 +204,17 @@ "RoleArn" ], "sourceUrl": "https://docs.aws.amazon.com/kendra/latest/dg/in-creating-faq.html", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "kendra:UntagResource", + "kendra:TagResource", + "kendra:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Kendra::Faq" } diff --git a/src/schema/aws-kendra-index.json b/src/schema/aws-kendra-index.json index 85da0593..0d9d7b7f 100644 --- a/src/schema/aws-kendra-index.json +++ b/src/schema/aws-kendra-index.json @@ -87,7 +87,8 @@ "description": "Edition of index", "enum": [ "DEVELOPER_EDITION", - "ENTERPRISE_EDITION" + "ENTERPRISE_EDITION", + "GEN_AI_ENTERPRISE_EDITION" ], "type": "string" }, @@ -440,5 +441,17 @@ "Edition" ], "sourceUrl": "https://docs.aws.amazon.com/kendra/latest/dg/hiw-index.html", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "kendra:UntagResource", + "kendra:TagResource", + "kendra:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Kendra::Index" } diff --git a/src/schema/aws-kinesis-resourcepolicy.json b/src/schema/aws-kinesis-resourcepolicy.json new file mode 100644 index 00000000..7af53c4f --- /dev/null +++ b/src/schema/aws-kinesis-resourcepolicy.json @@ -0,0 +1,71 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ResourceArn" + ], + "description": "Resource Type definition for AWS::Kinesis::ResourcePolicy", + "handlers": { + "create": { + "permissions": [ + "kinesis:GetResourcePolicy", + "kinesis:PutResourcePolicy" + ] + }, + "delete": { + "permissions": [ + "kinesis:DeleteResourcePolicy", + "kinesis:GetResourcePolicy" + ] + }, + "read": { + "permissions": [ + "kinesis:GetResourcePolicy" + ] + }, + "update": { + "permissions": [ + "kinesis:PutResourcePolicy", + "kinesis:GetResourcePolicy" + ] + } + }, + "primaryIdentifier": [ + "/properties/ResourceArn" + ], + "properties": { + "ResourceArn": { + "anyOf": [ + { + "relationshipRef": { + "propertyPath": "/properties/Arn", + "typeName": "AWS::Kinesis::Stream" + } + }, + { + "relationshipRef": { + "propertyPath": "/properties/ConsumerARN", + "typeName": "AWS::Kinesis::StreamConsumer" + } + } + ], + "description": "The ARN of the AWS Kinesis resource to which the policy applies.", + "maxLength": 2048, + "minLength": 1, + "pattern": "arn:aws.*:kinesis:.*:\\d{12}:stream/\\S+", + "type": "string" + }, + "ResourcePolicy": { + "description": "A policy document containing permissions to add to the specified resource. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM.", + "type": "object" + } + }, + "required": [ + "ResourceArn", + "ResourcePolicy" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kinesis.git", + "tagging": { + "taggable": false + }, + "typeName": "AWS::Kinesis::ResourcePolicy" +} diff --git a/src/schema/aws-kinesis-stream.json b/src/schema/aws-kinesis-stream.json index 75a721ca..3b72e02c 100644 --- a/src/schema/aws-kinesis-stream.json +++ b/src/schema/aws-kinesis-stream.json @@ -1,9 +1,25 @@ { + "$comment": "Do not set SystemTags to true without implementing a fail-open mechanism. It should not fail when adding systemTags for customers without AddTagsToStream Permission. Cloudformation will automatically add system tags even if customer does not have the AddTagsToStream permission. COE: https://www.coe.a2z.com/coe/236297/content", "additionalProperties": false, "createOnlyProperties": [ "/properties/Name" ], "definitions": { + "EnhancedMetric": { + "additionalProperties": false, + "description": "Value of an enhanced metric", + "enum": [ + "IncomingBytes", + "IncomingRecords", + "OutgoingBytes", + "OutgoingRecords", + "WriteProvisionedThroughputExceeded", + "ReadProvisionedThroughputExceeded", + "IteratorAgeMilliseconds", + "ALL" + ], + "type": "string" + }, "StreamEncryption": { "additionalProperties": false, "description": "When specified, enables or updates server-side encryption using an AWS KMS key for a specified stream. Removing this property from your stack template and updating your stack disables encryption.", @@ -141,6 +157,16 @@ "description": "The Amazon resource name (ARN) of the Kinesis stream", "type": "string" }, + "DesiredShardLevelMetrics": { + "description": "The final list of shard-level metrics", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EnhancedMetric" + }, + "maxItems": 7, + "type": "array", + "uniqueItems": true + }, "Name": { "description": "The name of the Kinesis stream.", "maxLength": 128, @@ -186,6 +212,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kinesis.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "kinesis:AddTagsToStream", + "kinesis:RemoveTagsFromStream", + "kinesis:ListTagsForStream" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-kinesisanalyticsv2-application.json b/src/schema/aws-kinesisanalyticsv2-application.json index 559c2fa4..614370c1 100644 --- a/src/schema/aws-kinesisanalyticsv2-application.json +++ b/src/schema/aws-kinesisanalyticsv2-application.json @@ -987,6 +987,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kinesisanalyticsv2.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kinesisanalytics:TagResource", + "kinesisanalytics:UntagResource", + "kinesisanalytics:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-kinesisfirehose-deliverystream.json b/src/schema/aws-kinesisfirehose-deliverystream.json index 6cbd1144..2e814958 100644 --- a/src/schema/aws-kinesisfirehose-deliverystream.json +++ b/src/schema/aws-kinesisfirehose-deliverystream.json @@ -6,9 +6,11 @@ "/properties/ElasticsearchDestinationConfiguration/VpcConfiguration", "/properties/AmazonopensearchserviceDestinationConfiguration/VpcConfiguration", "/properties/AmazonOpenSearchServerlessDestinationConfiguration/VpcConfiguration", + "/properties/DatabaseSourceConfiguration", "/properties/KinesisStreamSourceConfiguration", + "/properties/DirectPutSourceConfiguration", "/properties/MSKSourceConfiguration", - "/properties/IcebergDestinationConfiguration", + "/properties/IcebergDestinationConfiguration/CatalogConfiguration", "/properties/SnowflakeDestinationConfiguration/SnowflakeVpcConfiguration" ], "definitions": { @@ -312,6 +314,182 @@ }, "type": "object" }, + "DatabaseColumnName": { + "maxLength": 194, + "minLength": 1, + "pattern": "[\\u0001-\\uFFFF]*", + "type": "string" + }, + "DatabaseColumns": { + "additionalProperties": false, + "properties": { + "Exclude": { + "items": { + "$ref": "#/definitions/DatabaseColumnName" + }, + "type": "array" + }, + "Include": { + "items": { + "$ref": "#/definitions/DatabaseColumnName" + }, + "type": "array" + } + }, + "type": "object" + }, + "DatabaseName": { + "maxLength": 64, + "minLength": 1, + "pattern": "[\\u0001-\\uFFFF]*", + "type": "string" + }, + "DatabaseSourceAuthenticationConfiguration": { + "additionalProperties": false, + "properties": { + "SecretsManagerConfiguration": { + "$ref": "#/definitions/SecretsManagerConfiguration" + } + }, + "required": [ + "SecretsManagerConfiguration" + ], + "type": "object" + }, + "DatabaseSourceConfiguration": { + "additionalProperties": false, + "properties": { + "Columns": { + "$ref": "#/definitions/DatabaseColumns" + }, + "DatabaseSourceAuthenticationConfiguration": { + "$ref": "#/definitions/DatabaseSourceAuthenticationConfiguration" + }, + "DatabaseSourceVPCConfiguration": { + "$ref": "#/definitions/DatabaseSourceVPCConfiguration" + }, + "Databases": { + "$ref": "#/definitions/Databases" + }, + "Digest": { + "maxLength": 512, + "minLength": 1, + "pattern": ".*", + "type": "string" + }, + "Endpoint": { + "maxLength": 255, + "minLength": 1, + "pattern": "^(?!\\s*$).+", + "type": "string" + }, + "Port": { + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, + "PublicCertificate": { + "maxLength": 4096, + "minLength": 1, + "pattern": ".*", + "type": "string" + }, + "SSLMode": { + "enum": [ + "Disabled", + "Enabled" + ], + "type": "string" + }, + "SnapshotWatermarkTable": { + "$ref": "#/definitions/DatabaseTableName" + }, + "SurrogateKeys": { + "items": { + "maxLength": 1024, + "minLength": 1, + "pattern": "^\\S+$", + "type": "string" + }, + "type": "array" + }, + "Tables": { + "$ref": "#/definitions/DatabaseTables" + }, + "Type": { + "enum": [ + "MySQL", + "PostgreSQL" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Endpoint", + "Port", + "Databases", + "Tables", + "SnapshotWatermarkTable", + "DatabaseSourceAuthenticationConfiguration", + "DatabaseSourceVPCConfiguration" + ], + "type": "object" + }, + "DatabaseSourceVPCConfiguration": { + "additionalProperties": false, + "properties": { + "VpcEndpointServiceName": { + "$ref": "#/definitions/VpcEndpointServiceName" + } + }, + "required": [ + "VpcEndpointServiceName" + ], + "type": "object" + }, + "DatabaseTableName": { + "maxLength": 129, + "minLength": 1, + "pattern": "[\\u0001-\\uFFFF]*", + "type": "string" + }, + "DatabaseTables": { + "additionalProperties": false, + "properties": { + "Exclude": { + "items": { + "$ref": "#/definitions/DatabaseTableName" + }, + "type": "array" + }, + "Include": { + "items": { + "$ref": "#/definitions/DatabaseTableName" + }, + "type": "array" + } + }, + "type": "object" + }, + "Databases": { + "additionalProperties": false, + "properties": { + "Exclude": { + "items": { + "$ref": "#/definitions/DatabaseName" + }, + "type": "array" + }, + "Include": { + "items": { + "$ref": "#/definitions/DatabaseName" + }, + "type": "array" + } + }, + "type": "object" + }, "DeliveryStreamEncryptionConfigurationInput": { "additionalProperties": false, "properties": { @@ -388,6 +566,17 @@ }, "type": "array" }, + "DirectPutSourceConfiguration": { + "additionalProperties": false, + "properties": { + "ThroughputHintInMBs": { + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, "DocumentIdOptions": { "additionalProperties": false, "properties": { @@ -765,6 +954,9 @@ "IcebergDestinationConfiguration": { "additionalProperties": false, "properties": { + "AppendOnly": { + "type": "boolean" + }, "BufferingHints": { "$ref": "#/definitions/BufferingHints" }, @@ -1262,7 +1454,7 @@ "RoleARN": { "maxLength": 512, "minLength": 1, - "pattern": "arn:.*", + "pattern": "arn:.*:iam::\\d{12}:role/[a-zA-Z_0-9+=,.@\\-_/]+", "relationshipRef": { "propertyPath": "/properties/Arn", "typeName": "AWS::IAM::Role" @@ -1270,9 +1462,9 @@ "type": "string" }, "SecretARN": { - "maxLength": 512, + "maxLength": 2048, "minLength": 1, - "pattern": "arn:.*", + "pattern": "arn:.*:secretsmanager:[a-zA-Z0-9\\-]+:\\d{12}:secret:[a-zA-Z0-9\\-/_+=.@]+", "relationshipRef": { "propertyPath": "/properties/Arn", "typeName": "AWS::SecretsManager::Secret" @@ -1608,6 +1800,12 @@ "SecurityGroupIds" ], "type": "object" + }, + "VpcEndpointServiceName": { + "maxLength": 255, + "minLength": 47, + "pattern": "([a-zA-Z0-9\\-\\_]+\\.){2,3}vpce\\.[a-zA-Z0-9\\-]*\\.vpce-svc\\-[a-zA-Z0-9\\-]{17}$", + "type": "string" } }, "description": "Resource Type definition for AWS::KinesisFirehose::DeliveryStream", @@ -1669,6 +1867,9 @@ "Arn": { "type": "string" }, + "DatabaseSourceConfiguration": { + "$ref": "#/definitions/DatabaseSourceConfiguration" + }, "DeliveryStreamEncryptionConfigurationInput": { "$ref": "#/definitions/DeliveryStreamEncryptionConfigurationInput" }, @@ -1680,12 +1881,16 @@ }, "DeliveryStreamType": { "enum": [ + "DatabaseAsSource", "DirectPut", "KinesisStreamAsSource", "MSKAsSource" ], "type": "string" }, + "DirectPutSourceConfiguration": { + "$ref": "#/definitions/DirectPutSourceConfiguration" + }, "ElasticsearchDestinationConfiguration": { "$ref": "#/definitions/ElasticsearchDestinationConfiguration" }, diff --git a/src/schema/aws-kinesisvideo-signalingchannel.json b/src/schema/aws-kinesisvideo-signalingchannel.json index 259219bb..eab9b7dc 100644 --- a/src/schema/aws-kinesisvideo-signalingchannel.json +++ b/src/schema/aws-kinesisvideo-signalingchannel.json @@ -33,7 +33,8 @@ "create": { "permissions": [ "kinesisvideo:CreateSignalingChannel", - "kinesisvideo:DescribeSignalingChannel" + "kinesisvideo:DescribeSignalingChannel", + "kinesisvideo:TagResource" ] }, "delete": { @@ -42,15 +43,24 @@ "kinesisvideo:DescribeSignalingChannel" ] }, + "list": { + "permissions": [ + "kinesisvideo:ListSignalingChannels" + ] + }, "read": { "permissions": [ - "kinesisvideo:DescribeSignalingChannel" + "kinesisvideo:DescribeSignalingChannel", + "kinesisvideo:ListTagsForResource" ] }, "update": { "permissions": [ "kinesisvideo:UpdateSignalingChannel", - "kinesisvideo:DescribeSignalingChannel" + "kinesisvideo:DescribeSignalingChannel", + "kinesisvideo:TagResource", + "kinesisvideo:UntagResource", + "kinesisvideo:ListTagsForResource" ] } }, @@ -99,5 +109,16 @@ ], "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kinesisvideo.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "kinesisvideo:TagResource", + "kinesisvideo:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::KinesisVideo::SignalingChannel" } diff --git a/src/schema/aws-kinesisvideo-stream.json b/src/schema/aws-kinesisvideo-stream.json index e547f482..8aeddbfc 100644 --- a/src/schema/aws-kinesisvideo-stream.json +++ b/src/schema/aws-kinesisvideo-stream.json @@ -33,7 +33,8 @@ "create": { "permissions": [ "kinesisvideo:DescribeStream", - "kinesisvideo:CreateStream" + "kinesisvideo:CreateStream", + "kinesisvideo:TagStream" ] }, "delete": { @@ -42,16 +43,25 @@ "kinesisvideo:DeleteStream" ] }, + "list": { + "permissions": [ + "kinesisvideo:ListStreams" + ] + }, "read": { "permissions": [ - "kinesisvideo:DescribeStream" + "kinesisvideo:DescribeStream", + "kinesisvideo:ListTagsForStream" ] }, "update": { "permissions": [ "kinesisvideo:DescribeStream", "kinesisvideo:UpdateStream", - "kinesisvideo:UpdateDataRetention" + "kinesisvideo:UpdateDataRetention", + "kinesisvideo:TagStream", + "kinesisvideo:UntagStream", + "kinesisvideo:ListTagsForStream" ] } }, @@ -114,5 +124,16 @@ ], "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kinesisvideo.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "kinesisvideo:TagStream", + "kinesisvideo:UntagStream" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::KinesisVideo::Stream" } diff --git a/src/schema/aws-kms-alias.json b/src/schema/aws-kms-alias.json index c56a6adc..4dba0f02 100644 --- a/src/schema/aws-kms-alias.json +++ b/src/schema/aws-kms-alias.json @@ -3,7 +3,7 @@ "createOnlyProperties": [ "/properties/AliasName" ], - "description": "The ``AWS::KMS::Alias`` resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). You can use an alias to identify a KMS key in the KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html).\n Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*.\n Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys in different AWS-Regions. For more information, see [Using aliases](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the *Developer Guide*.\n When specifying an alias, observe the following rules.\n + Each alias is associated with one KMS key, but multiple aliases can be associated with the same KMS key.\n + The alias and its associated KMS key must be in the same AWS-account and Region.\n + The alias name must be unique in the AWS-account and Region. However, you can create aliases with the same name in different AWS-Regions. For example, you can have an ``alias/projectKey`` in multiple Regions, each of which is associated with a KMS key in its Region.\n + Each alias name must begin with ``alias/`` followed by a name, such as ``alias/exampleKey``. The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with ``alias/aws/``. That alias name prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).\n \n *Regions* \n KMS CloudFormation resources are available in all AWS-Regions in which KMS and CFN are supported.", + "description": "The ``AWS::KMS::Alias`` resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). You can use an alias to identify a KMS key in the KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html).\n Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*.\n Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys in different AWS-Regions. For more information, see [Using aliases](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the *Developer Guide*.\n When specifying an alias, observe the following rules.\n + Each alias is associated with one KMS key, but multiple aliases can be associated with the same KMS key.\n + The alias and its associated KMS key must be in the same AWS-account and Region.\n + The alias name must be unique in the AWS-account and Region. However, you can create aliases with the same name in different AWS-Regions. For example, you can have an ``alias/projectKey`` in multiple Regions, each of which is associated with a KMS key in its Region.\n + Each alias name must begin with ``alias/`` followed by a name, such as ``alias/exampleKey``. The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with ``alias/aws/``. That alias name prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).\n \n *Regions* \n KMS CloudFormation resources are available in all AWS-Regions in which KMS and CFN are supported.", "handlers": { "create": { "permissions": [ @@ -43,7 +43,7 @@ "type": "string" }, "TargetKeyId": { - "description": "Associates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region.\n A valid key ID is required. If you supply a null or empty string value, this operation returns an error.\n For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*.\n Specify the key ID or the key ARN of the KMS key.\n For example:\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n \n To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).", + "description": "Associates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region.\n A valid key ID is required. If you supply a null or empty string value, this operation returns an error.\n For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*.\n Specify the key ID or the key ARN of the KMS key.\n For example:\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``\n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``\n \n To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).", "maxLength": 256, "minLength": 1, "type": "string" diff --git a/src/schema/aws-kms-key.json b/src/schema/aws-kms-key.json index 14345f5e..4815ba16 100644 --- a/src/schema/aws-kms-key.json +++ b/src/schema/aws-kms-key.json @@ -6,13 +6,13 @@ "description": "A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.\n Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.\n For information about the rules that apply to tag keys and tag values, see [User-Defined Tag Restrictions](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) in the *Billing and Cost Management User Guide*.", "properties": { "Key": { - "description": "", + "description": "The key name of the tag. You can specify a value that's 1 to 128 Unicode characters in length and can't be prefixed with ``aws:``. digits, whitespace, ``_``, ``.``, ``:``, ``/``, ``=``, ``+``, ``@``, ``-``, and ``\"``.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { - "description": "", + "description": "The value for the tag. You can specify a value that's 1 to 256 characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, ``_``, ``.``, ``/``, ``=``, ``+``, and ``-``.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).", "maxLength": 256, "minLength": 0, "type": "string" @@ -25,7 +25,7 @@ "type": "object" } }, - "description": "The ``AWS::KMS::Key`` resource specifies an [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in KMSlong. You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use ``AWS::KMS::Key`` to create [multi-Region primary keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-primary-key) of all supported types. To replicate a multi-Region key, use the ``AWS::KMS::ReplicaKey`` resource.\n If you change the value of the ``KeySpec``, ``KeyUsage``, ``Origin``, or ``MultiRegion`` properties of an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing any of its immutable property values.\n KMS replaced the term *customer master key (CMK)* with ** and *KMS key*. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.\n You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are [integrated with](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration). For more information, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the *Developer Guide*.\n You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric ``KeySpec`` value and a ``KeyUsage`` value. For details, see [Asymmetric keys in](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the *Developer Guide*.\n You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC ``KeySpec`` value and a ``KeyUsage`` value of ``GENERATE_VERIFY_MAC``. For details, see [HMAC keys in](https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the *Developer Guide*.\n You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the ``MultiRegion`` property to ``true``. For information about multi-Region keys, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*.\n You cannot use the ``AWS::KMS::Key`` resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).\n *Regions* \n KMS CloudFormation resources are available in all Regions in which KMS and CFN are supported. You can use the ``AWS::KMS::Key`` resource to create and manage all KMS key types that are supported in a Region.", + "description": "The ``AWS::KMS::Key`` resource specifies an [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in KMSlong. You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use ``AWS::KMS::Key`` to create [multi-Region primary keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-primary-key) of all supported types. To replicate a multi-Region key, use the ``AWS::KMS::ReplicaKey`` resource.\n If you change the value of the ``KeySpec``, ``KeyUsage``, ``Origin``, or ``MultiRegion`` properties of an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing any of its immutable property values.\n KMS replaced the term *customer master key (CMK)* with ** and *KMS key*. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.\n You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are [integrated with](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration). For more information, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the *Developer Guide*.\n You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric ``KeySpec`` value and a ``KeyUsage`` value. For details, see [Asymmetric keys in](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the *Developer Guide*.\n You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC ``KeySpec`` value and a ``KeyUsage`` value of ``GENERATE_VERIFY_MAC``. For details, see [HMAC keys in](https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the *Developer Guide*.\n You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the ``MultiRegion`` property to ``true``. For information about multi-Region keys, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*.\n You cannot use the ``AWS::KMS::Key`` resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).\n *Regions* \n KMS CloudFormation resources are available in all Regions in which KMS and CFN are supported. You can use the ``AWS::KMS::Key`` resource to create and manage all KMS key types that are supported in a Region.", "handlers": { "create": { "permissions": [ @@ -91,7 +91,7 @@ "type": "string" }, "EnableKeyRotation": { - "description": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n KMS supports automatic rotation only for symmetric encryption KMS keys (``KeySpec`` = ``SYMMETRIC_DEFAULT``). For asymmetric KMS keys, HMAC KMS keys, and KMS keys with Origin ``EXTERNAL``, omit the ``EnableKeyRotation`` property or set it to ``false``.\n To enable automatic key rotation of the key material for a multi-Region KMS key, set ``EnableKeyRotation`` to ``true`` on the primary key (created by using ``AWS::KMS::Key``). KMS copies the rotation status to all replica keys. For details, see [Rotating multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate) in the *Developer Guide*.\n When you enable automatic rotation, KMS automatically creates new key material for the KMS key one year after the enable date and every year thereafter. KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *Developer Guide*.", + "description": "Enables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.\n KMS supports automatic rotation only for symmetric encryption KMS keys (``KeySpec`` = ``SYMMETRIC_DEFAULT``). For asymmetric KMS keys, HMAC KMS keys, and KMS keys with Origin ``EXTERNAL``, omit the ``EnableKeyRotation`` property or set it to ``false``.\n To enable automatic key rotation of the key material for a multi-Region KMS key, set ``EnableKeyRotation`` to ``true`` on the primary key (created by using ``AWS::KMS::Key``). KMS copies the rotation status to all replica keys. For details, see [Rotating multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate) in the *Developer Guide*.\n When you enable automatic rotation, KMS automatically creates new key material for the KMS key one year after the enable date and every year thereafter. KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *Developer Guide*.", "type": "boolean" }, "Enabled": { @@ -104,7 +104,7 @@ }, "KeyPolicy": { "default": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"key-default\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn::iam:::root\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n }\n ]\n}", - "description": "The key policy to attach to the KMS key.\n If you provide a key policy, it must meet the following criteria:\n + The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) in the *Developer Guide*. (To omit this condition, set ``BypassPolicyLockoutSafetyCheck`` to true.)\n + Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *User Guide*.\n \n If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *Developer Guide*.\n A key policy document can include only the following characters:\n + Printable ASCII characters\n + Printable characters in the Basic Latin and Latin-1 Supplement character set\n + The tab (``\\u0009``), line feed (``\\u000A``), and carriage return (``\\u000D``) special characters\n \n *Minimum*: ``1`` \n *Maximum*: ``32768``", + "description": "The key policy to attach to the KMS key.\n If you provide a key policy, it must meet the following criteria:\n + The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) in the *Developer Guide*. (To omit this condition, set ``BypassPolicyLockoutSafetyCheck`` to true.)\n + Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *User Guide*.\n \n If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *Developer Guide*.\n A key policy document can include only the following characters:\n + Printable ASCII characters\n + Printable characters in the Basic Latin and Latin-1 Supplement character set\n + The tab (``\\u0009``), line feed (``\\u000A``), and carriage return (``\\u000D``) special characters\n \n *Minimum*: ``1``\n *Maximum*: ``32768``", "type": [ "object", "string" @@ -112,7 +112,7 @@ }, "KeySpec": { "default": "SYMMETRIC_DEFAULT", - "description": "Specifies the type of KMS key to create. The default value, ``SYMMETRIC_DEFAULT``, creates a KMS key with a 256-bit symmetric key for encryption and decryption. In China Regions, ``SYMMETRIC_DEFAULT`` creates a 128-bit symmetric key that uses SM4 encryption. You can't change the ``KeySpec`` value after the KMS key is created. For help choosing a key spec for your KMS key, see [Choosing a KMS key type](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in the *Developer Guide*.\n The ``KeySpec`` property determines the type of key material in the KMS key and the algorithms that the KMS key supports. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [condition keys](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms) in the *Developer Guide*.\n If you change the value of the ``KeySpec`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.\n [services that are integrated with](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric encryption KMS keys to protect your data. These services do not support encryption with asymmetric KMS keys. For help determining whether a KMS key is asymmetric, see [Identifying asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *Developer Guide*.\n KMS supports the following key specs for KMS keys:\n + Symmetric encryption key (default)\n + ``SYMMETRIC_DEFAULT`` (AES-256-GCM)\n \n + HMAC keys (symmetric)\n + ``HMAC_224`` \n + ``HMAC_256`` \n + ``HMAC_384`` \n + ``HMAC_512`` \n \n + Asymmetric RSA key pairs\n + ``RSA_2048`` \n + ``RSA_3072`` \n + ``RSA_4096`` \n \n + Asymmetric NIST-recommended elliptic curve key pairs\n + ``ECC_NIST_P256`` (secp256r1)\n + ``ECC_NIST_P384`` (secp384r1)\n + ``ECC_NIST_P521`` (secp521r1)\n \n + Other asymmetric elliptic curve key pairs\n + ``ECC_SECG_P256K1`` (secp256k1), commonly used for cryptocurrencies.\n \n + SM2 key pairs (China Regions only)\n + ``SM2``", + "description": "Specifies the type of KMS key to create. The default value, ``SYMMETRIC_DEFAULT``, creates a KMS key with a 256-bit symmetric key for encryption and decryption. In China Regions, ``SYMMETRIC_DEFAULT`` creates a 128-bit symmetric key that uses SM4 encryption. You can't change the ``KeySpec`` value after the KMS key is created. For help choosing a key spec for your KMS key, see [Choosing a KMS key type](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in the *Developer Guide*.\n The ``KeySpec`` property determines the type of key material in the KMS key and the algorithms that the KMS key supports. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [condition keys](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms) in the *Developer Guide*.\n If you change the value of the ``KeySpec`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.\n [services that are integrated with](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric encryption KMS keys to protect your data. These services do not support encryption with asymmetric KMS keys. For help determining whether a KMS key is asymmetric, see [Identifying asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *Developer Guide*.\n KMS supports the following key specs for KMS keys:\n + Symmetric encryption key (default)\n + ``SYMMETRIC_DEFAULT`` (AES-256-GCM)\n \n + HMAC keys (symmetric)\n + ``HMAC_224`` \n + ``HMAC_256`` \n + ``HMAC_384`` \n + ``HMAC_512`` \n \n + Asymmetric RSA key pairs (encryption and decryption *or* signing and verification)\n + ``RSA_2048`` \n + ``RSA_3072`` \n + ``RSA_4096`` \n \n + Asymmetric NIST-recommended elliptic curve key pairs (signing and verification *or* deriving shared secrets)\n + ``ECC_NIST_P256`` (secp256r1)\n + ``ECC_NIST_P384`` (secp384r1)\n + ``ECC_NIST_P521`` (secp521r1)\n \n + Other asymmetric elliptic curve key pairs (signing and verification)\n + ``ECC_SECG_P256K1`` (secp256k1), commonly used for cryptocurrencies.\n \n + SM2 key pairs (encryption and decryption *or* signing and verification *or* deriving shared secrets)\n + ``SM2`` (China Regions only)", "enum": [ "SYMMETRIC_DEFAULT", "RSA_2048", @@ -132,7 +132,7 @@ }, "KeyUsage": { "default": "ENCRYPT_DECRYPT", - "description": "Determines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ``ENCRYPT_DECRYPT``. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the ``KeyUsage`` value after the KMS key is created.\n If you change the value of the ``KeyUsage`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.\n Select only one valid value.\n + For symmetric encryption KMS keys, omit the property or specify ``ENCRYPT_DECRYPT``.\n + For asymmetric KMS keys with RSA key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``.\n + For asymmetric KMS keys with ECC key material, specify ``SIGN_VERIFY``.\n + For asymmetric KMS keys with SM2 (China Regions only) key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``.\n + For HMAC KMS keys, specify ``GENERATE_VERIFY_MAC``.", + "description": "Determines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ``ENCRYPT_DECRYPT``. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the ``KeyUsage`` value after the KMS key is created.\n If you change the value of the ``KeyUsage`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.\n Select only one valid value.\n + For symmetric encryption KMS keys, omit the parameter or specify ``ENCRYPT_DECRYPT``.\n + For HMAC KMS keys (symmetric), specify ``GENERATE_VERIFY_MAC``.\n + For asymmetric KMS keys with RSA key pairs, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``.\n + For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify ``SIGN_VERIFY`` or ``KEY_AGREEMENT``.\n + For asymmetric KMS keys with ``ECC_SECG_P256K1`` key pairs specify ``SIGN_VERIFY``.\n + For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ``ENCRYPT_DECRYPT``, ``SIGN_VERIFY``, or ``KEY_AGREEMENT``.", "enum": [ "ENCRYPT_DECRYPT", "SIGN_VERIFY", @@ -143,12 +143,12 @@ }, "MultiRegion": { "default": false, - "description": "Creates a multi-Region primary key that you can replicate in other AWS-Regions. You can't change the ``MultiRegion`` value after the KMS key is created.\n For a list of AWS-Regions in which multi-Region keys are supported, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the **.\n If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.\n For a multi-Region key, set to this property to ``true``. For a single-Region key, omit this property or set it to ``false``. The default value is ``false``.\n *Multi-Region keys* are an KMS feature that lets you create multiple interoperable KMS keys in different AWS-Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS-Region and decrypt it in a different AWS-Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*.\n You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store.\n To create a replica of this primary key in a different AWS-Region , create an [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key.", + "description": "Creates a multi-Region primary key that you can replicate in other AWS-Regions. You can't change the ``MultiRegion`` value after the KMS key is created.\n For a list of AWS-Regions in which multi-Region keys are supported, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the **.\n If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.\n For a multi-Region key, set to this property to ``true``. For a single-Region key, omit this property or set it to ``false``. The default value is ``false``.\n *Multi-Region keys* are an KMS feature that lets you create multiple interoperable KMS keys in different AWS-Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS-Region and decrypt it in a different AWS-Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*.\n You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store.\n To create a replica of this primary key in a different AWS-Region , create an [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key.", "type": "boolean" }, "Origin": { "default": "AWS_KMS", - "description": "The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS``, which means that KMS creates the key material.\n To [create a KMS key with no key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) (for imported key material), set this value to ``EXTERNAL``. For more information about importing key material into KMS, see [Importing Key Material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) in the *Developer Guide*.\n You can ignore ``ENABLED`` when Origin is ``EXTERNAL``. When a KMS key with Origin ``EXTERNAL`` is created, the key state is ``PENDING_IMPORT`` and ``ENABLED`` is ``false``. After you import the key material, ``ENABLED`` updated to ``true``. The KMS key can then be used for Cryptographic Operations. \n CFN doesn't support creating an ``Origin`` parameter of the ``AWS_CLOUDHSM`` or ``EXTERNAL_KEY_STORE`` values.", + "description": "The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is ``AWS_KMS``, which means that KMS creates the key material.\n To [create a KMS key with no key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) (for imported key material), set this value to ``EXTERNAL``. For more information about importing key material into KMS, see [Importing Key Material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) in the *Developer Guide*.\n You can ignore ``ENABLED`` when Origin is ``EXTERNAL``. When a KMS key with Origin ``EXTERNAL`` is created, the key state is ``PENDING_IMPORT`` and ``ENABLED`` is ``false``. After you import the key material, ``ENABLED`` updated to ``true``. The KMS key can then be used for Cryptographic Operations. \n CFN doesn't support creating an ``Origin`` parameter of the ``AWS_CLOUDHSM`` or ``EXTERNAL_KEY_STORE`` values.", "enum": [ "AWS_KMS", "EXTERNAL" @@ -156,7 +156,7 @@ "type": "string" }, "PendingWindowInDays": { - "description": "Specifies the number of days in the waiting period before KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.\n When you remove a KMS key from a CloudFormation stack, KMS schedules the KMS key for deletion and starts the mandatory waiting period. The ``PendingWindowInDays`` property determines the length of waiting period. During the waiting period, the key state of KMS key is ``Pending Deletion`` or ``Pending Replica Deletion``, which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, KMS permanently deletes the KMS key.\n KMS will not delete a [multi-Region primary key](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to ``PendingReplicaDeletion`` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to ``PendingDeletion`` and the waiting period specified by ``PendingWindowInDays`` begins. When this waiting period expires, KMS deletes the primary key. For details, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *Developer Guide*.\n You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the KMS console or the [CancelKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html) operation.\n For information about the ``Pending Deletion`` and ``Pending Replica Deletion`` key states, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*. For more information about deleting KMS keys, see the [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operation in the *API Reference* and [Deleting KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in the *Developer Guide*.", + "description": "Specifies the number of days in the waiting period before KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.\n When you remove a KMS key from a CloudFormation stack, KMS schedules the KMS key for deletion and starts the mandatory waiting period. The ``PendingWindowInDays`` property determines the length of waiting period. During the waiting period, the key state of KMS key is ``Pending Deletion`` or ``Pending Replica Deletion``, which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, KMS permanently deletes the KMS key.\n KMS will not delete a [multi-Region primary key](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to ``PendingReplicaDeletion`` so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to ``PendingDeletion`` and the waiting period specified by ``PendingWindowInDays`` begins. When this waiting period expires, KMS deletes the primary key. For details, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *Developer Guide*.\n You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the KMS console or the [CancelKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html) operation.\n For information about the ``Pending Deletion`` and ``Pending Replica Deletion`` key states, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*. For more information about deleting KMS keys, see the [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operation in the *API Reference* and [Deleting KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in the *Developer Guide*.", "maximum": 30, "minimum": 7, "type": "integer" @@ -185,6 +185,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kms", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "kms:TagResource", + "kms:UntagResource", + "kms:ListResourceTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-kms-replicakey.json b/src/schema/aws-kms-replicakey.json index 1c6a47b0..59bfbd60 100644 --- a/src/schema/aws-kms-replicakey.json +++ b/src/schema/aws-kms-replicakey.json @@ -130,7 +130,13 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kms", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "kms:TagResource", + "kms:UntagResource", + "kms:ListResourceTags" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-lakeformation-principalpermissions.json b/src/schema/aws-lakeformation-principalpermissions.json index 7cea2b4c..30a4cc1f 100644 --- a/src/schema/aws-lakeformation-principalpermissions.json +++ b/src/schema/aws-lakeformation-principalpermissions.json @@ -264,8 +264,9 @@ "CREATE_DATABASE", "CREATE_TABLE", "DATA_LOCATION_ACCESS", - "CREATE_TAG", - "ASSOCIATE" + "CREATE_LF_TAG", + "ASSOCIATE", + "GRANT_WITH_LF_TAG_EXPRESSION" ], "type": "string" }, diff --git a/src/schema/aws-lakeformation-tag.json b/src/schema/aws-lakeformation-tag.json index 4a45cd17..d8133d36 100644 --- a/src/schema/aws-lakeformation-tag.json +++ b/src/schema/aws-lakeformation-tag.json @@ -27,7 +27,7 @@ "items": { "$ref": "#/definitions/LFTagValue" }, - "maxItems": 50, + "maxItems": 1000, "minItems": 1, "type": "array" } diff --git a/src/schema/aws-lambda-codesigningconfig.json b/src/schema/aws-lambda-codesigningconfig.json index fce9c2d6..db9ae0e3 100644 --- a/src/schema/aws-lambda-codesigningconfig.json +++ b/src/schema/aws-lambda-codesigningconfig.json @@ -41,13 +41,35 @@ "UntrustedArtifactOnDeployment" ], "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" } }, "description": "Resource Type definition for AWS::Lambda::CodeSigningConfig.", "handlers": { "create": { "permissions": [ - "lambda:CreateCodeSigningConfig" + "lambda:CreateCodeSigningConfig", + "lambda:TagResource" ] }, "delete": { @@ -62,12 +84,16 @@ }, "read": { "permissions": [ - "lambda:GetCodeSigningConfig" + "lambda:GetCodeSigningConfig", + "lambda:ListTags" ] }, "update": { "permissions": [ - "lambda:UpdateCodeSigningConfig" + "lambda:UpdateCodeSigningConfig", + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource" ] } }, @@ -98,6 +124,15 @@ "maxLength": 256, "minLength": 0, "type": "string" + }, + "Tags": { + "description": "A list of tags to apply to CodeSigningConfig resource", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true } }, "readOnlyProperties": [ @@ -107,5 +142,17 @@ "required": [ "AllowedPublishers" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lambda::CodeSigningConfig" } diff --git a/src/schema/aws-lambda-eventinvokeconfig.json b/src/schema/aws-lambda-eventinvokeconfig.json index 62496fea..9f1b9458 100644 --- a/src/schema/aws-lambda-eventinvokeconfig.json +++ b/src/schema/aws-lambda-eventinvokeconfig.json @@ -26,7 +26,7 @@ "description": "The Amazon Resource Name (ARN) of the destination resource.", "maxLength": 350, "minLength": 0, - "pattern": "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "pattern": "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", "type": "string" } }, @@ -43,7 +43,7 @@ "description": "The Amazon Resource Name (ARN) of the destination resource.", "maxLength": 350, "minLength": 0, - "pattern": "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "pattern": "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", "type": "string" } }, @@ -101,7 +101,7 @@ }, "FunctionName": { "description": "The name of the Lambda function.", - "pattern": "^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?$", + "pattern": "^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?$", "type": "string" }, "MaximumEventAgeInSeconds": { diff --git a/src/schema/aws-lambda-eventsourcemapping.json b/src/schema/aws-lambda-eventsourcemapping.json index 3c7e6ad3..3683cf9b 100644 --- a/src/schema/aws-lambda-eventsourcemapping.json +++ b/src/schema/aws-lambda-eventsourcemapping.json @@ -123,12 +123,32 @@ "minimum": 2, "type": "integer" }, + "MetricsConfig": { + "additionalProperties": false, + "description": "The metrics configuration for your event source. Use this configuration object to define which metrics you want your event source mapping to produce.", + "properties": { + "Metrics": { + "description": "The metrics you want your event source mapping to produce. Include ``EventCount`` to receive event source mapping metrics related to the number of events processed by your event source mapping. For more information about these metrics, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics).", + "items": { + "enum": [ + "EventCount" + ], + "type": "string" + }, + "maxItems": 1, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "OnFailure": { "additionalProperties": false, "description": "A destination for events that failed processing.", "properties": { "Destination": { - "description": "The Amazon Resource Name (ARN) of the destination resource.\n To retain records of [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations), you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.\n To retain records of failed invocations from [Kinesis and DynamoDB event sources](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations), you can configure an Amazon SNS topic or Amazon SQS queue as the destination.\n To retain records of failed invocations from [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination), you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", + "description": "The Amazon Resource Name (ARN) of the destination resource.\n To retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations), you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n To retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html), [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html), [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination), you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", "maxLength": 1024, "minLength": 12, "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", @@ -137,6 +157,25 @@ }, "type": "object" }, + "ProvisionedPollerConfig": { + "additionalProperties": false, + "description": "The [provisioned mode](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#invocation-eventsourcemapping-provisioned-mode) configuration for the event source. Use provisioned mode to customize the minimum and maximum number of event pollers for your event source.", + "properties": { + "MaximumPollers": { + "description": "The maximum number of event pollers this event source can scale up to.", + "maximum": 2000, + "minimum": 1, + "type": "integer" + }, + "MinimumPollers": { + "description": "The minimum number of event pollers this event source can scale down to.", + "maximum": 200, + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, "ScalingConfig": { "additionalProperties": false, "description": "(Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value.", @@ -197,6 +236,28 @@ } }, "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A [tag](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the event source mapping.", + "properties": { + "Key": { + "description": "The key for this tag.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for this tag.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" } }, "description": "The ``AWS::Lambda::EventSourceMapping`` resource creates a mapping between an event source and an LAMlong function. LAM reads items from the event source and triggers the function.\n For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source. \n + [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping) \n + [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping) \n + [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource) \n + [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping) \n + [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) \n + [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) \n + [Configuring Amazon DocumentDB as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html)", @@ -204,13 +265,18 @@ "create": { "permissions": [ "lambda:CreateEventSourceMapping", - "lambda:GetEventSourceMapping" + "lambda:GetEventSourceMapping", + "lambda:TagResource", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" ] }, "delete": { "permissions": [ "lambda:DeleteEventSourceMapping", - "lambda:GetEventSourceMapping" + "lambda:GetEventSourceMapping", + "kms:Decrypt" ] }, "list": { @@ -220,13 +286,20 @@ }, "read": { "permissions": [ - "lambda:GetEventSourceMapping" + "lambda:GetEventSourceMapping", + "lambda:ListTags", + "kms:Decrypt" ] }, "update": { "permissions": [ "lambda:UpdateEventSourceMapping", - "lambda:GetEventSourceMapping" + "lambda:GetEventSourceMapping", + "lambda:TagResource", + "lambda:UntagResource", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" ] } }, @@ -245,7 +318,7 @@ "type": "integer" }, "BisectBatchOnFunctionError": { - "description": "(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.", + "description": "(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.\n When using ``BisectBatchOnFunctionError``, check the ``BatchSize`` parameter in the ``OnFailure`` destination message's metadata. The ``BatchSize`` could be greater than 1 since LAM consolidates failed messages metadata when writing to the ``OnFailure`` destination.", "type": "boolean" }, "DestinationConfig": { @@ -267,6 +340,13 @@ "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", "type": "string" }, + "EventSourceMappingArn": { + "description": "", + "maxLength": 120, + "minLength": 85, + "pattern": "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:event-source-mapping:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}", + "type": "string" + }, "FilterCriteria": { "$ref": "#/definitions/FilterCriteria", "description": "An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html)." @@ -279,7 +359,7 @@ "type": "string" }, "FunctionResponseTypes": { - "description": "(Streams and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``", + "description": "(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``", "items": { "enum": [ "ReportBatchItemFailures" @@ -298,6 +378,13 @@ "pattern": "[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}", "type": "string" }, + "KmsKeyArn": { + "description": "The ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics).", + "maxLength": 2048, + "minLength": 12, + "pattern": "(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()", + "type": "string" + }, "MaximumBatchingWindowInSeconds": { "description": "The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.\n *Default (, , event sources)*: 0\n *Default (, Kafka, , event sources)*: 500 ms\n *Related setting:* For SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1.", "maximum": 300, @@ -316,12 +403,20 @@ "minimum": -1, "type": "integer" }, + "MetricsConfig": { + "$ref": "#/definitions/MetricsConfig", + "description": "The metrics configuration for your event source. For more information, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics)." + }, "ParallelizationFactor": { "description": "(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.", "maximum": 10, "minimum": 1, "type": "integer" }, + "ProvisionedPollerConfig": { + "$ref": "#/definitions/ProvisionedPollerConfig", + "description": "(Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see [provisioned mode](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#invocation-eventsourcemapping-provisioned-mode)." + }, "Queues": { "description": "(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.", "items": { @@ -368,6 +463,15 @@ "description": "With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future.", "type": "number" }, + "Tags": { + "description": "A list of tags to add to the event source mapping.\n You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + }, "Topics": { "description": "The name of the Kafka topic.", "items": { @@ -392,16 +496,23 @@ "/properties/StartingPositionTimestamp": "StartingPositionTimestamp * 1000" }, "readOnlyProperties": [ - "/properties/Id" + "/properties/Id", + "/properties/EventSourceMappingArn" ], "required": [ "FunctionName" ], "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "cloudFormationSystemTags": true, + "permissions": [ + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::Lambda::EventSourceMapping" } diff --git a/src/schema/aws-lambda-function.json b/src/schema/aws-lambda-function.json index 0ea64fb9..9ade73d1 100644 --- a/src/schema/aws-lambda-function.json +++ b/src/schema/aws-lambda-function.json @@ -1,12 +1,13 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/FunctionName" + "/properties/FunctionName", + "/properties/PackageType" ], "definitions": { "Code": { "additionalProperties": false, - "description": "The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.\n Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.", + "description": "The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.\n When you specify source code inline for a Node.js function, the ``index`` file that CFN creates uses the extension ``.js``. This means that LAM treats the file as a CommonJS module. ES modules aren't supported for inline functions.\n Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.", "properties": { "ImageUri": { "description": "URI of a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) in the Amazon ECR registry.", @@ -31,8 +32,13 @@ "minLength": 1, "type": "string" }, + "SourceKMSKeyArn": { + "description": "The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's .zip deployment package. If you don't provide a customer managed key, Lambda uses an [owned key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk).", + "pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$", + "type": "string" + }, "ZipFile": { - "description": "(Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named ``index`` and zips it to create a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html). This zip file cannot exceed 4MB. For the ``Handler`` property, the first part of the handler identifier must be ``index``. For example, ``index.handler``.\n For JSON, you must escape quotes and special characters such as newline (``\\n``) with a backslash.\n If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ([cfn-response](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html)) that simplifies sending responses. See [Using Lambda with CloudFormation](https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html) for details.", + "description": "(Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named ``index`` and zips it to create a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html). This zip file cannot exceed 4MB. For the ``Handler`` property, the first part of the handler identifier must be ``index``. For example, ``index.handler``.\n When you specify source code inline for a Node.js function, the ``index`` file that CFN creates uses the extension ``.js``. This means that LAM treats the file as a CommonJS module. ES modules aren't supported for inline functions.\n For JSON, you must escape quotes and special characters such as newline (``\\n``) with a backslash.\n If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ([cfn-response](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html)) that simplifies sending responses. See [Using Lambda with CloudFormation](https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html) for details.", "type": "string" } }, @@ -56,7 +62,7 @@ "properties": { "Variables": { "additionalProperties": false, - "description": "Environment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html).", + "description": "Environment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html).\n If the value of the environment variable is a time or a duration, enclose the value in quotes.", "patternProperties": { "[a-zA-Z][a-zA-Z0-9_]+": { "type": "string" @@ -90,7 +96,7 @@ "Arn": { "description": "The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.", "maxLength": 200, - "pattern": "^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:access-point/fsap-[a-f0-9]{17}$", + "pattern": "^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:access-point/fsap-[a-f0-9]{17}$", "type": "string" }, "LocalMountPath": { @@ -178,6 +184,14 @@ }, "type": "object" }, + "RecursiveLoop": { + "description": "The function recursion configuration.", + "enum": [ + "Allow", + "Terminate" + ], + "type": "string" + }, "RuntimeManagementConfig": { "additionalProperties": false, "description": "Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html).", @@ -244,16 +258,16 @@ }, "Tag": { "additionalProperties": false, - "description": "", + "description": "A [tag](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function.", "properties": { "Key": { - "description": "", + "description": "The key for this tag.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { - "description": "", + "description": "The value for this tag.", "maxLength": 256, "minLength": 0, "type": "string" @@ -309,7 +323,7 @@ "type": "object" } }, - "description": "The ``AWS::Lambda::Function`` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.\n You set the package type to ``Image`` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. \n You set the package type to ``Zip`` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html).\n You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with ``UpdateFunctionCode``, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.\n Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a ``AWS::Lambda::Version`` or a ``AWS::Lambda::Alias``.\n For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.*", + "description": "The ``AWS::Lambda::Function`` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.\n You set the package type to ``Image`` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For these functions, include the URI of the container image in the ECR registry in the [ImageUri property of the Code property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri). You do not need to specify the handler and runtime properties. \n You set the package type to ``Zip`` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For these functions, specify the S3 location of your .zip file in the ``Code`` property. Alternatively, for Node.js and Python functions, you can define your function inline in the [ZipFile property of the Code property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile). In both cases, you must also specify the handler and runtime properties.\n You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with ``UpdateFunctionCode``, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.\n When you update a ``AWS::Lambda::Function`` resource, CFNshort calls the [UpdateFunctionConfiguration](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionConfiguration.html) and [UpdateFunctionCode](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionCode.html) LAM APIs under the hood. Because these calls happen sequentially, and invocations can happen between these calls, your function may encounter errors in the time between the calls. For example, if you remove an environment variable, and the code that references that environment variable in the same CFNshort update, you may see invocation errors related to a missing environment variable. To work around this, you can invoke your function against a version or alias by default, rather than the ``$LATEST`` version.\n Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a ``AWS::Lambda::Version`` or a ``AWS::Lambda::Alias``.\n For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.*", "handlers": { "create": { "permissions": [ @@ -332,7 +346,9 @@ "lambda:GetLayerVersion", "lambda:GetRuntimeManagementConfig", "lambda:PutRuntimeManagementConfig", - "lambda:TagResource" + "lambda:TagResource", + "lambda:PutFunctionRecursionConfig", + "lambda:GetFunctionRecursionConfig" ] }, "delete": { @@ -350,7 +366,8 @@ "read": { "permissions": [ "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig" + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetFunctionRecursionConfig" ] }, "update": { @@ -358,7 +375,6 @@ "lambda:DeleteFunctionConcurrency", "lambda:GetFunction", "lambda:PutFunctionConcurrency", - "lambda:ListTags", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionConfiguration", @@ -378,7 +394,9 @@ "lambda:PutFunctionCodeSigningConfig", "lambda:DeleteFunctionCodeSigningConfig", "lambda:GetCodeSigningConfig", - "lambda:GetFunctionCodeSigningConfig" + "lambda:GetFunctionCodeSigningConfig", + "lambda:PutFunctionRecursionConfig", + "lambda:GetFunctionRecursionConfig" ] } }, @@ -406,11 +424,11 @@ }, "Code": { "$ref": "#/definitions/Code", - "description": "The code for the function." + "description": "The code for the function. You can define your function code in multiple ways:\n + For .zip deployment packages, you can specify the S3 location of the .zip file in the ``S3Bucket``, ``S3Key``, and ``S3ObjectVersion`` properties.\n + For .zip deployment packages, you can alternatively define the function code inline in the ``ZipFile`` property. This method works only for Node.js and Python functions.\n + For container images, specify the URI of your container image in the ECR registry in the ``ImageUri`` property." }, "CodeSigningConfigArn": { "description": "To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.", - "pattern": "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:code-signing-config:csc-[a-z0-9]{17}", + "pattern": "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:code-signing-config:csc-[a-z0-9]{17}", "type": "string" }, "DeadLetterConfig": { @@ -454,7 +472,7 @@ "description": "Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms)." }, "KmsKeyArn": { - "description": "The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.", + "description": "The ARN of the KMSlong (KMS) customer managed key that's used to encrypt the following resources:\n + The function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption).\n + The function's [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) snapshots.\n + When used with ``SourceKMSKeyArn``, the unzipped version of the .zip deployment package that's used for function invocations. For more information, see [Specifying a customer managed key for Lambda](https://docs.aws.amazon.com/lambda/latest/dg/encrypt-zip-package.html#enable-zip-custom-encryption).\n + The optimized version of the container image that's used for function invocations. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). For more information, see [Function lifecycle](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-lifecycle).\n \n If you don't provide a customer managed key, Lambda uses an [owned key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) or an [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).", "pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$", "type": "string" }, @@ -482,6 +500,10 @@ ], "type": "string" }, + "RecursiveLoop": { + "$ref": "#/definitions/RecursiveLoop", + "description": "The status of your function's recursive loop detection configuration.\n When this value is set to ``Allow``and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action.\n When this value is set to ``Terminate`` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you." + }, "ReservedConcurrentExecutions": { "description": "The number of simultaneous executions to reserve for the function.", "minimum": 0, @@ -509,7 +531,7 @@ "description": "" }, "Tags": { - "description": "A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function.", + "description": "A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function.\n You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -543,6 +565,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -552,7 +579,6 @@ "writeOnlyProperties": [ "/properties/SnapStart", "/properties/SnapStart/ApplyOn", - "/properties/Code", "/properties/Code/ImageUri", "/properties/Code/S3Bucket", "/properties/Code/S3Key", diff --git a/src/schema/aws-lambda-layerversion.json b/src/schema/aws-lambda-layerversion.json index 8cbace9d..7a5c195e 100644 --- a/src/schema/aws-lambda-layerversion.json +++ b/src/schema/aws-lambda-layerversion.json @@ -100,6 +100,9 @@ "type": "string" } }, + "propertyTransform": { + "/properties/LayerName": "$split(LayerName, \":\")[-1] $OR LayerName" + }, "readOnlyProperties": [ "/properties/LayerVersionArn" ], diff --git a/src/schema/aws-lambda-permission.json b/src/schema/aws-lambda-permission.json index c5e99f8a..af62d9d4 100644 --- a/src/schema/aws-lambda-permission.json +++ b/src/schema/aws-lambda-permission.json @@ -89,7 +89,7 @@ "type": "string" }, "Principal": { - "description": "The AWS-service or AWS-account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.", + "description": "The AWS-service, AWS-account, IAM user, or IAM role that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.", "maxLength": 256, "minLength": 1, "pattern": "^.*$", diff --git a/src/schema/aws-lambda-version.json b/src/schema/aws-lambda-version.json index b7f0a28e..ebb71fc8 100644 --- a/src/schema/aws-lambda-version.json +++ b/src/schema/aws-lambda-version.json @@ -110,30 +110,12 @@ "type": "string" }, "FunctionName": { - "anyOf": [ - { - "relationshipRef": { - "propertyPath": "/properties/FunctionName", - "typeName": "AWS::Lambda::Function" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/Arn", - "typeName": "AWS::Lambda::Function" - } - } - ], "description": "The name of the Lambda function.", "maxLength": 140, "minLength": 1, "pattern": "^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?$", "type": "string" }, - "Policy": { - "description": "The resource policy of your function", - "type": "object" - }, "ProvisionedConcurrencyConfig": { "$ref": "#/definitions/ProvisionedConcurrencyConfiguration", "description": "Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property." diff --git a/src/schema/aws-launchwizard-deployment.json b/src/schema/aws-launchwizard-deployment.json index a5ec5f88..7c0cbea0 100644 --- a/src/schema/aws-launchwizard-deployment.json +++ b/src/schema/aws-launchwizard-deployment.json @@ -232,11 +232,15 @@ "required": [ "DeploymentPatternName", "Name", - "Specifications", "WorkloadName" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "launchwizard:ListTagsForResource", + "launchwizard:TagResource", + "launchwizard:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-lex-bot.json b/src/schema/aws-lex-bot.json index e3f78c77..3264e5ee 100644 --- a/src/schema/aws-lex-bot.json +++ b/src/schema/aws-lex-bot.json @@ -3,7 +3,6 @@ "definitions": { "AdvancedRecognitionSetting": { "additionalProperties": false, - "description": "Provides settings that enable advanced recognition settings for slot values.", "properties": { "AudioRecognitionStrategy": { "$ref": "#/definitions/AudioRecognitionStrategy" @@ -13,14 +12,11 @@ }, "AllowedInputTypes": { "additionalProperties": false, - "description": "Specifies the allowed input types.", "properties": { "AllowAudioInput": { - "description": "Indicates whether audio input is allowed.", "type": "boolean" }, "AllowDTMFInput": { - "description": "Indicates whether DTMF input is allowed.", "type": "boolean" } }, @@ -42,7 +38,6 @@ }, "AudioAndDTMFInputSpecification": { "additionalProperties": false, - "description": "Specifies the audio and DTMF input specification.", "properties": { "AudioSpecification": { "$ref": "#/definitions/AudioSpecification" @@ -51,7 +46,6 @@ "$ref": "#/definitions/DTMFSpecification" }, "StartTimeoutMs": { - "description": "Time for which a bot waits before assuming that the customer isn't going to speak or press a key. This timeout is shared between Audio and DTMF inputs.", "minimum": 1, "type": "integer" } @@ -63,7 +57,6 @@ }, "AudioLogDestination": { "additionalProperties": false, - "description": "The location of audio log files collected when conversation logging is enabled for a bot.", "properties": { "S3Bucket": { "$ref": "#/definitions/S3BucketLogDestination" @@ -76,13 +69,11 @@ }, "AudioLogSetting": { "additionalProperties": false, - "description": "Settings for logging audio of conversations between Amazon Lex and a user. You specify whether to log audio and the Amazon S3 bucket where the audio file is stored.", "properties": { "Destination": { "$ref": "#/definitions/AudioLogDestination" }, "Enabled": { - "description": "", "type": "boolean" } }, @@ -93,7 +84,6 @@ "type": "object" }, "AudioLogSettings": { - "description": "List of audio log settings that pertain to the conversation log settings for the bot's TestBotAlias.", "insertionOrder": false, "items": { "$ref": "#/definitions/AudioLogSetting" @@ -103,7 +93,6 @@ "uniqueItems": true }, "AudioRecognitionStrategy": { - "description": "Enables using slot values as a custom vocabulary when recognizing user utterances.", "enum": [ "UseSlotValuesAsCustomVocabulary" ], @@ -111,15 +100,12 @@ }, "AudioSpecification": { "additionalProperties": false, - "description": "Specifies the audio input specifications.", "properties": { "EndTimeoutMs": { - "description": "Time for which a bot waits after the customer stops speaking to assume the utterance is finished.", "minimum": 1, "type": "integer" }, "MaxLengthMs": { - "description": "Time for how long Amazon Lex waits before speech input is truncated and the speech is returned to application.", "minimum": 1, "type": "integer" } @@ -130,15 +116,95 @@ ], "type": "object" }, + "BedrockAgentIntentConfiguration": { + "additionalProperties": false, + "properties": { + "BedrockAgentConfiguration": { + "additionalProperties": false, + "properties": { + "BedrockAgentAliasId": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "BedrockAgentId": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "BedrockAgentIntentKnowledgeBaseConfiguration": { + "additionalProperties": false, + "properties": { + "BedrockKnowledgeBaseArn": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "BedrockModelConfiguration": { + "$ref": "#/definitions/BedrockModelSpecification" + } + }, + "required": [ + "BedrockKnowledgeBaseArn", + "BedrockModelConfiguration" + ], + "type": "object" + } + }, + "type": "object" + }, + "BedrockModelSpecification": { + "additionalProperties": false, + "properties": { + "BedrockGuardrailConfiguration": { + "additionalProperties": false, + "properties": { + "BedrockGuardrailIdentifier": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "BedrockGuardrailVersion": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "BedrockModelCustomPrompt": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "BedrockTraceStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "ModelArn": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "ModelArn" + ], + "type": "object" + }, "BotAliasLocaleSettings": { "additionalProperties": false, - "description": "You can use this parameter to specify a specific Lambda function to run different functions in different locales.", "properties": { "CodeHookSpecification": { "$ref": "#/definitions/CodeHookSpecification" }, "Enabled": { - "description": "Whether the Lambda code hook is enabled", "type": "boolean" } }, @@ -149,13 +215,11 @@ }, "BotAliasLocaleSettingsItem": { "additionalProperties": false, - "description": "A locale setting in alias", "properties": { "BotAliasLocaleSetting": { "$ref": "#/definitions/BotAliasLocaleSettings" }, "LocaleId": { - "description": "A string used to identify the locale", "maxLength": 128, "minLength": 1, "type": "string" @@ -168,7 +232,6 @@ "type": "object" }, "BotAliasLocaleSettingsList": { - "description": "A list of bot alias locale settings to add to the bot alias.", "insertionOrder": false, "items": { "$ref": "#/definitions/BotAliasLocaleSettingsItem" @@ -185,7 +248,6 @@ }, "BotLocale": { "additionalProperties": false, - "description": "A locale in the bot, which contains the intents and slot types that the bot uses in conversations with users in the specified language and locale.", "properties": { "CustomVocabulary": { "$ref": "#/definitions/CustomVocabulary" @@ -194,7 +256,6 @@ "$ref": "#/definitions/Description" }, "Intents": { - "description": "List of intents", "insertionOrder": false, "items": { "$ref": "#/definitions/Intent" @@ -210,7 +271,6 @@ "$ref": "#/definitions/ConfidenceThreshold" }, "SlotTypes": { - "description": "List of SlotTypes", "insertionOrder": false, "items": { "$ref": "#/definitions/SlotType" @@ -231,16 +291,13 @@ }, "Button": { "additionalProperties": false, - "description": "A button to use on a response card used to gather slot values from a user.", "properties": { "Text": { - "description": "The text that appears on the button.", "maxLength": 50, "minLength": 1, "type": "string" }, "Value": { - "description": "The value returned to Amazon Lex when the user chooses this button.", "maxLength": 50, "minLength": 1, "type": "string" @@ -256,13 +313,11 @@ "additionalProperties": false, "properties": { "CloudWatchLogGroupArn": { - "description": "A string used to identify the groupArn for the Cloudwatch Log Group", "maxLength": 2048, "minLength": 1, "type": "string" }, "LogPrefix": { - "description": "A string containing the value for the Log Prefix", "maxLength": 1024, "minLength": 0, "type": "string" @@ -276,7 +331,6 @@ }, "CodeHookSpecification": { "additionalProperties": false, - "description": "Contains information about code hooks that Amazon Lex calls during a conversation.", "properties": { "LambdaCodeHook": { "$ref": "#/definitions/LambdaCodeHook" @@ -287,13 +341,27 @@ ], "type": "object" }, + "CompositeSlotTypeSetting": { + "additionalProperties": false, + "properties": { + "SubSlots": { + "insertionOrder": true, + "items": { + "$ref": "#/definitions/SubSlotTypeComposition" + }, + "maxItems": 6, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "Condition": { "additionalProperties": false, - "description": "Provides an expression that evaluates to true or false.", "properties": { "ExpressionString": { - "$ref": "#/definitions/ConditionExpression", - "description": "The expression string that is evaluated." + "$ref": "#/definitions/ConditionExpression" } }, "required": [ @@ -302,14 +370,12 @@ "type": "object" }, "ConditionExpression": { - "description": "Expression that is evaluated to true or false at runtime.", "maxLength": 1024, "minLength": 1, "type": "string" }, "Conditional": { "additionalProperties": false, - "description": "Contains conditional branches to fork the conversation flow.", "properties": { "ConditionalBranches": { "$ref": "#/definitions/ConditionalBranches" @@ -326,23 +392,18 @@ }, "ConditionalBranch": { "additionalProperties": false, - "description": "A set of actions that Amazon Lex should run if the condition is matched.", "properties": { "Condition": { - "$ref": "#/definitions/Condition", - "description": "Contains the expression to evaluate. If the condition is true, the branch's actions are taken." + "$ref": "#/definitions/Condition" }, "Name": { - "$ref": "#/definitions/Name", - "description": "The name of the branch." + "$ref": "#/definitions/Name" }, "NextStep": { - "$ref": "#/definitions/DialogState", - "description": "The next step in the conversation." + "$ref": "#/definitions/DialogState" }, "Response": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" } }, "required": [ @@ -353,7 +414,6 @@ "type": "object" }, "ConditionalBranches": { - "description": "A list of 1 to 4 conditional branches to fork the conversation flow.", "insertionOrder": true, "items": { "$ref": "#/definitions/ConditionalBranch" @@ -364,18 +424,14 @@ }, "ConditionalSpecification": { "additionalProperties": false, - "description": "Provides a list of conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition.", "properties": { "ConditionalBranches": { - "$ref": "#/definitions/ConditionalBranches", - "description": "A list of conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true." + "$ref": "#/definitions/ConditionalBranches" }, "DefaultBranch": { - "$ref": "#/definitions/DefaultConditionalBranch", - "description": "The conditional branch that should be followed when the conditions for other branches are not satisfied. A conditional branch is made up of a condition, a response and a next step." + "$ref": "#/definitions/DefaultConditionalBranch" }, "IsActive": { - "description": "Determines whether a conditional branch is active. When active is false, the conditions are not evaluated.", "type": "boolean" } }, @@ -387,26 +443,22 @@ "type": "object" }, "ConfidenceThreshold": { - "description": "The specified confidence threshold for inserting the AMAZON.FallbackIntent and AMAZON.KendraSearchIntent intents.", "maximum": 1, "minimum": 0, "type": "number" }, "ContextTimeToLiveInSeconds": { - "description": "The amount of time, in seconds, that the output context should remain active.", "maximum": 86400, "minimum": 5, "type": "integer" }, "ContextTurnsToLive": { - "description": "The number of conversation turns that the output context should remain active.", "maximum": 20, "minimum": 1, "type": "integer" }, "ConversationLogSettings": { "additionalProperties": false, - "description": "Contains information about code hooks that Amazon Lex calls during a conversation.", "properties": { "AudioLogSettings": { "$ref": "#/definitions/AudioLogSettings" @@ -419,10 +471,8 @@ }, "CustomPayload": { "additionalProperties": false, - "description": "A message in a custom format defined by the client application.", "properties": { "Value": { - "description": "The string that is sent to your application.", "maxLength": 1000, "minLength": 1, "type": "string" @@ -435,7 +485,6 @@ }, "CustomVocabulary": { "additionalProperties": false, - "description": "A custom vocabulary is a list of specific phrases that you want Amazon Lex V2 to recognize in the audio input.", "properties": { "CustomVocabularyItems": { "$ref": "#/definitions/CustomVocabularyItems" @@ -448,22 +497,18 @@ }, "CustomVocabularyItem": { "additionalProperties": false, - "description": "A custom vocabulary item that contains the phrase to recognize and a weight to give the boost.", "properties": { "DisplayAs": { - "description": "Defines how you want your phrase to look in your transcription output.", "maxLength": 100, "minLength": 1, "type": "string" }, "Phrase": { - "description": "Phrase that should be recognized.", "maxLength": 100, "minLength": 1, "type": "string" }, "Weight": { - "description": "The degree to which the phrase recognition is boosted. The weight 0 means that no boosting will be applied and the entry will only be used for performing replacements using the displayAs field.", "maximum": 3, "minimum": 0, "type": "integer" @@ -485,25 +530,20 @@ }, "DTMFSpecification": { "additionalProperties": false, - "description": "Specifies the settings on DTMF input.", "properties": { "DeletionCharacter": { - "description": "The DTMF character that clears the accumulated DTMF digits and immediately ends the input.", "pattern": "^[A-D0-9#*]{1}$", "type": "string" }, "EndCharacter": { - "description": "The DTMF character that immediately ends input. If the user does not press this character, the input ends after the end timeout.", "pattern": "^[A-D0-9#*]{1}$", "type": "string" }, "EndTimeoutMs": { - "description": "How long the bot should wait after the last DTMF character input before assuming that the input has concluded.", "minimum": 1, "type": "integer" }, "MaxLength": { - "description": "The maximum number of DTMF digits allowed in an utterance.", "maximum": 1024, "minimum": 1, "type": "integer" @@ -519,10 +559,8 @@ }, "DataPrivacy": { "additionalProperties": false, - "description": "Provides information on additional privacy protections Amazon Lex should use with the bot's data.", "properties": { "ChildDirected": { - "description": "Specify whether your use of Amazon Lex is related to application that is directed or targeted, in whole or in part, to children under age 13 and subject to the Children's Online Privacy Protection Act (COPPA).", "type": "boolean" } }, @@ -533,15 +571,12 @@ }, "DefaultConditionalBranch": { "additionalProperties": false, - "description": "A set of actions that Amazon Lex should run if none of the other conditions are met.", "properties": { "NextStep": { - "$ref": "#/definitions/DialogState", - "description": "The next step in the conversation." + "$ref": "#/definitions/DialogState" }, "Response": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" } }, "type": "object" @@ -553,19 +588,15 @@ }, "DialogAction": { "additionalProperties": false, - "description": "Defines the action that the bot executes at runtime when the conversation reaches this step.", "properties": { "SlotToElicit": { - "$ref": "#/definitions/Name", - "description": "If the dialog action is ElicitSlot, defines the slot to elicit from the user." + "$ref": "#/definitions/Name" }, "SuppressNextMessage": { - "description": "When true the next message for the intent is not used.", "type": "boolean" }, "Type": { - "$ref": "#/definitions/DialogActionType", - "description": "The action that the bot should execute." + "$ref": "#/definitions/DialogActionType" } }, "required": [ @@ -574,7 +605,6 @@ "type": "object" }, "DialogActionType": { - "description": "The possible values of actions that the conversation can take.", "enum": [ "CloseIntent", "ConfirmIntent", @@ -590,23 +620,18 @@ }, "DialogCodeHookInvocationSetting": { "additionalProperties": false, - "description": "Settings that specify the dialog code hook that is called by Amazon Lex at a step of the conversation.", "properties": { "EnableCodeHookInvocation": { - "description": "Indicates whether a Lambda function should be invoked for the dialog.", "type": "boolean" }, "InvocationLabel": { - "$ref": "#/definitions/Name", - "description": "A label that indicates the dialog step from which the dialog code hook is happening." + "$ref": "#/definitions/Name" }, "IsActive": { - "description": "Determines whether a dialog code hook is used when the intent is activated.", "type": "boolean" }, "PostCodeHookSpecification": { - "$ref": "#/definitions/PostDialogCodeHookInvocationSpecification", - "description": "Contains the responses and actions that Amazon Lex takes after the Lambda function is complete." + "$ref": "#/definitions/PostDialogCodeHookInvocationSpecification" } }, "required": [ @@ -618,7 +643,6 @@ }, "DialogCodeHookSetting": { "additionalProperties": false, - "description": "Settings that determine the Lambda function that Amazon Lex uses for processing user responses.", "properties": { "Enabled": { "type": "boolean" @@ -631,18 +655,14 @@ }, "DialogState": { "additionalProperties": false, - "description": "The current state of the conversation with the user.", "properties": { "DialogAction": { - "$ref": "#/definitions/DialogAction", - "description": "Defines the action that the bot executes at runtime when the conversation reaches this step." + "$ref": "#/definitions/DialogAction" }, "Intent": { - "$ref": "#/definitions/IntentOverride", - "description": "Override settings to configure the intent state." + "$ref": "#/definitions/IntentOverride" }, "SessionAttributes": { - "description": "List of session attributes to be applied when the conversation reaches this step.", "insertionOrder": false, "items": { "$ref": "#/definitions/SessionAttribute" @@ -654,15 +674,12 @@ }, "ElicitationCodeHookInvocationSetting": { "additionalProperties": false, - "description": "Settings that specify the dialog code hook that is called by Amazon Lex between eliciting slot values.", "properties": { "EnableCodeHookInvocation": { - "description": "Indicates whether a Lambda function should be invoked for the dialog.", "type": "boolean" }, "InvocationLabel": { - "$ref": "#/definitions/Name", - "description": "A label that indicates the dialog step from which the dialog code hook is happening." + "$ref": "#/definitions/Name" } }, "required": [ @@ -672,7 +689,6 @@ }, "ExternalSourceSetting": { "additionalProperties": false, - "description": "Provides information about the external source of the slot type's definition.", "properties": { "GrammarSlotTypeSetting": { "$ref": "#/definitions/GrammarSlotTypeSetting" @@ -682,7 +698,6 @@ }, "FulfillmentCodeHookSetting": { "additionalProperties": false, - "description": "Settings that determine if a Lambda function should be invoked to fulfill a specific intent.", "properties": { "Enabled": { "type": "boolean" @@ -691,7 +706,6 @@ "$ref": "#/definitions/FulfillmentUpdatesSpecification" }, "IsActive": { - "description": "Determines whether the fulfillment code hook is used. When active is false, the code hook doesn't run.", "type": "boolean" }, "PostFulfillmentStatusSpecification": { @@ -705,14 +719,11 @@ }, "FulfillmentStartResponseSpecification": { "additionalProperties": false, - "description": "Provides settings for a message that is sent to the user when a fulfillment Lambda function starts running.", "properties": { "AllowInterrupt": { - "description": "Determines whether the user can interrupt the start message while it is playing.", "type": "boolean" }, "DelayInSeconds": { - "description": "The delay between when the Lambda fulfillment function starts running and the start message is played. If the Lambda function returns before the delay is over, the start message isn't played.", "maximum": 900, "minimum": 1, "type": "integer" @@ -729,14 +740,11 @@ }, "FulfillmentUpdateResponseSpecification": { "additionalProperties": false, - "description": "Provides settings for a message that is sent periodically to the user while a fulfillment Lambda function is running.", "properties": { "AllowInterrupt": { - "description": "Determines whether the user can interrupt an update message while it is playing.", "type": "boolean" }, "FrequencyInSeconds": { - "description": "The frequency that a message is sent to the user. When the period ends, Amazon Lex chooses a message from the message groups and plays it to the user. If the fulfillment Lambda returns before the first period ends, an update message is not played to the user.", "maximum": 900, "minimum": 1, "type": "integer" @@ -753,17 +761,14 @@ }, "FulfillmentUpdatesSpecification": { "additionalProperties": false, - "description": "Provides information for updating the user on the progress of fulfilling an intent.", "properties": { "Active": { - "description": "Determines whether fulfillment updates are sent to the user. When this field is true, updates are sent.", "type": "boolean" }, "StartResponse": { "$ref": "#/definitions/FulfillmentStartResponseSpecification" }, "TimeoutInSeconds": { - "description": "The length of time that the fulfillment Lambda function should run before it times out.", "maximum": 900, "minimum": 1, "type": "integer" @@ -779,7 +784,6 @@ }, "GrammarSlotTypeSetting": { "additionalProperties": false, - "description": "Settings required for a slot type based on a grammar that you provide.", "properties": { "Source": { "$ref": "#/definitions/GrammarSlotTypeSource" @@ -789,22 +793,18 @@ }, "GrammarSlotTypeSource": { "additionalProperties": false, - "description": "Describes the Amazon S3 bucket name and location for the grammar that is the source for the slot type.", "properties": { "KmsKeyArn": { - "description": "The Amazon KMS key required to decrypt the contents of the grammar, if any.", "maxLength": 2048, "minLength": 20, "pattern": "^arn:[\\w\\-]+:kms:[\\w\\-]+:[\\d]{12}:(?:key\\/[\\w\\-]+|alias\\/[a-zA-Z0-9:\\/_\\-]{1,256})$", "type": "string" }, "S3BucketName": { - "$ref": "#/definitions/S3BucketName", - "description": "The name of the S3 bucket that contains the grammar source." + "$ref": "#/definitions/S3BucketName" }, "S3ObjectKey": { - "$ref": "#/definitions/S3ObjectKey", - "description": "The path to the grammar in the S3 bucket." + "$ref": "#/definitions/S3ObjectKey" } }, "required": [ @@ -814,24 +814,20 @@ "type": "object" }, "Id": { - "description": "Unique ID of resource", "maxLength": 10, "minLength": 10, "pattern": "^[0-9a-zA-Z]+$", "type": "string" }, "IdleSessionTTLInSeconds": { - "description": "The time, in seconds, that Amazon Lex should keep information about a user's conversation with the bot.", "maximum": 86400, "minimum": 60, "type": "integer" }, "ImageResponseCard": { "additionalProperties": false, - "description": "A message that defines a response card that the client application can show to the user.", "properties": { "Buttons": { - "description": "A list of buttons that should be displayed on the response card.", "insertionOrder": false, "items": { "$ref": "#/definitions/Button" @@ -840,16 +836,13 @@ "type": "array" }, "ImageUrl": { - "$ref": "#/definitions/AttachmentUrl", - "description": "The URL of an image to display on the response card." + "$ref": "#/definitions/AttachmentUrl" }, "Subtitle": { - "$ref": "#/definitions/AttachmentTitle", - "description": "The subtitle to display on the response card." + "$ref": "#/definitions/AttachmentTitle" }, "Title": { - "$ref": "#/definitions/AttachmentTitle", - "description": "The title to display on the response card." + "$ref": "#/definitions/AttachmentTitle" } }, "required": [ @@ -859,34 +852,27 @@ }, "InitialResponseSetting": { "additionalProperties": false, - "description": "Configuration setting for a response sent to the user before Amazon Lex starts eliciting slots.", "properties": { "CodeHook": { - "$ref": "#/definitions/DialogCodeHookInvocationSetting", - "description": "Settings that specify the dialog code hook that is called by Amazon Lex at a step of the conversation." + "$ref": "#/definitions/DialogCodeHookInvocationSetting" }, "Conditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "Provides a list of conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition." + "$ref": "#/definitions/ConditionalSpecification" }, "InitialResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "NextStep": { - "$ref": "#/definitions/DialogState", - "description": "The next step in the conversation." + "$ref": "#/definitions/DialogState" } }, "type": "object" }, "InputContext": { "additionalProperties": false, - "description": "InputContext specified for the intent.", "properties": { "Name": { - "$ref": "#/definitions/Name", - "description": "The name of the context." + "$ref": "#/definitions/Name" } }, "required": [ @@ -895,7 +881,6 @@ "type": "object" }, "InputContextsList": { - "description": "The list of input contexts specified for the intent.", "insertionOrder": false, "items": { "$ref": "#/definitions/InputContext" @@ -905,8 +890,10 @@ }, "Intent": { "additionalProperties": false, - "description": "Represents an action that the user wants to perform.", "properties": { + "BedrockAgentIntentConfiguration": { + "$ref": "#/definitions/BedrockAgentIntentConfiguration" + }, "Description": { "$ref": "#/definitions/Description", "description": "Description of thr intent." @@ -918,8 +905,7 @@ "$ref": "#/definitions/FulfillmentCodeHookSetting" }, "InitialResponseSetting": { - "$ref": "#/definitions/InitialResponseSetting", - "description": "Configuration setting for a response sent to the user before Amazon Lex starts eliciting slots." + "$ref": "#/definitions/InitialResponseSetting" }, "InputContexts": { "$ref": "#/definitions/InputContextsList" @@ -934,8 +920,7 @@ "$ref": "#/definitions/KendraConfiguration" }, "Name": { - "$ref": "#/definitions/Name", - "description": "The name of the intent." + "$ref": "#/definitions/Name" }, "OutputContexts": { "$ref": "#/definitions/OutputContextsList" @@ -943,15 +928,19 @@ "ParentIntentSignature": { "$ref": "#/definitions/ParentIntentSignature" }, + "QInConnectIntentConfiguration": { + "$ref": "#/definitions/QInConnectIntentConfiguration" + }, + "QnAIntentConfiguration": { + "$ref": "#/definitions/QnAIntentConfiguration" + }, "SampleUtterances": { - "$ref": "#/definitions/SampleUtterancesList", - "description": "A sample utterance that invokes an intent or respond to a slot elicitation prompt." + "$ref": "#/definitions/SampleUtterancesList" }, "SlotPriorities": { "$ref": "#/definitions/SlotPrioritiesList" }, "Slots": { - "description": "List of slots", "insertionOrder": false, "items": { "$ref": "#/definitions/Slot" @@ -968,82 +957,63 @@ }, "IntentClosingSetting": { "additionalProperties": false, - "description": "Provides a statement the Amazon Lex conveys to the user when the intent is successfully fulfilled.", "properties": { "ClosingResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "The response that Amazon Lex sends to the user when the intent is complete." + "$ref": "#/definitions/ResponseSpecification" }, "Conditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches associated with the intent's closing response. These branches are executed when the nextStep attribute is set to EvalutateConditional." + "$ref": "#/definitions/ConditionalSpecification" }, "IsActive": { - "description": "Specifies whether an intent's closing response is used. When this field is false, the closing response isn't sent to the user. If the active field isn't specified, the default is true.", "type": "boolean" }, "NextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step that the bot executes after playing the intent's closing response." + "$ref": "#/definitions/DialogState" } }, "type": "object" }, "IntentConfirmationSetting": { "additionalProperties": false, - "description": "Provides a prompt for making sure that the user is ready for the intent to be fulfilled.", "properties": { "CodeHook": { - "$ref": "#/definitions/DialogCodeHookInvocationSetting", - "description": "The DialogCodeHookInvocationSetting object associated with intent's confirmation step. The dialog code hook is triggered based on these invocation settings when the confirmation next step or declination next step or failure next step is InvokeDialogCodeHook." + "$ref": "#/definitions/DialogCodeHookInvocationSetting" }, "ConfirmationConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate after the intent is closed." + "$ref": "#/definitions/ConditionalSpecification" }, "ConfirmationNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step that the bot executes when the customer confirms the intent." + "$ref": "#/definitions/DialogState" }, "ConfirmationResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "DeclinationConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate after the intent is declined." + "$ref": "#/definitions/ConditionalSpecification" }, "DeclinationNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step that the bot executes when the customer declines the intent." + "$ref": "#/definitions/DialogState" }, "DeclinationResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "When the user answers \"no\" to the question defined in promptSpecification, Amazon Lex responds with this response to acknowledge that the intent was canceled." + "$ref": "#/definitions/ResponseSpecification" }, "ElicitationCodeHook": { - "$ref": "#/definitions/ElicitationCodeHookInvocationSetting", - "description": "The DialogCodeHookInvocationSetting used when the code hook is invoked during confirmation prompt retries." + "$ref": "#/definitions/ElicitationCodeHookInvocationSetting" }, "FailureConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "Provides a list of conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition." + "$ref": "#/definitions/ConditionalSpecification" }, "FailureNextStep": { - "$ref": "#/definitions/DialogState", - "description": "The next step to take in the conversation if the confirmation step fails." + "$ref": "#/definitions/DialogState" }, "FailureResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "IsActive": { - "description": "Specifies whether the intent's confirmation is sent to the user. When this field is false, confirmation and declination responses aren't sent. If the active field isn't specified, the default is true.", "type": "boolean" }, "PromptSpecification": { - "$ref": "#/definitions/PromptSpecification", - "description": "Prompts the user to confirm the intent. This question should have a yes or no answer." + "$ref": "#/definitions/PromptSpecification" } }, "required": [ @@ -1053,14 +1023,11 @@ }, "IntentOverride": { "additionalProperties": false, - "description": "Override settings to configure the intent state.", "properties": { "Name": { - "$ref": "#/definitions/Name", - "description": "The name of the intent. Only required when you're switching intents." + "$ref": "#/definitions/Name" }, "Slots": { - "description": "A map of all of the slot value overrides for the intent.", "insertionOrder": false, "items": { "$ref": "#/definitions/SlotValueOverrideMap" @@ -1072,7 +1039,6 @@ }, "KendraConfiguration": { "additionalProperties": false, - "description": "Configuration for searching a Amazon Kendra index specified for the intent.", "properties": { "KendraIndex": { "$ref": "#/definitions/KendraIndexArn" @@ -1081,7 +1047,6 @@ "$ref": "#/definitions/QueryFilterString" }, "QueryFilterStringEnabled": { - "description": "Determines whether the AMAZON.KendraSearchIntent intent uses a custom query string to query the Amazon Kendra index.", "type": "boolean" } }, @@ -1091,7 +1056,6 @@ "type": "object" }, "KendraIndexArn": { - "description": "The Amazon Resource Name (ARN) of the Amazon Kendra index that you want the AMAZON.KendraSearchIntent intent to search.", "maxLength": 2048, "minLength": 32, "pattern": "^arn:aws[a-zA-Z-]*:kendra:[a-z]+-[a-z]+-[0-9]:[0-9]{12}:index/[a-zA-Z0-9][a-zA-Z0-9_-]*$", @@ -1099,16 +1063,13 @@ }, "LambdaCodeHook": { "additionalProperties": false, - "description": "Contains information about code hooks that Amazon Lex calls during a conversation.", "properties": { "CodeHookInterfaceVersion": { - "description": "The version of the request-response that you want Amazon Lex to use to invoke your Lambda function.", "maxLength": 5, "minLength": 1, "type": "string" }, "LambdaArn": { - "description": "The Amazon Resource Name (ARN) of the Lambda function.", "maxLength": 2048, "minLength": 20, "type": "string" @@ -1121,12 +1082,10 @@ "type": "object" }, "LocaleId": { - "description": "The identifier of the language and locale that the bot will be used in.", "type": "string" }, "Message": { "additionalProperties": false, - "description": "The primary message that Amazon Lex should send to the user.", "properties": { "CustomPayload": { "$ref": "#/definitions/CustomPayload" @@ -1146,13 +1105,11 @@ }, "MessageGroup": { "additionalProperties": false, - "description": "One or more messages that Amazon Lex can send to the user.", "properties": { "Message": { "$ref": "#/definitions/Message" }, "Variations": { - "description": "Message variations to send to the user.", "insertionOrder": false, "items": { "$ref": "#/definitions/Message" @@ -1167,7 +1124,6 @@ "type": "object" }, "MessageGroupsList": { - "description": "One to 5 message groups that contain update messages. Amazon Lex chooses one of the messages to play to the user.", "insertionOrder": false, "items": { "$ref": "#/definitions/MessageGroup" @@ -1177,7 +1133,6 @@ "type": "array" }, "MessageSelectionStrategy": { - "description": "Indicates how a message is selected from a message group among retries.", "enum": [ "Random", "Ordered" @@ -1186,7 +1141,6 @@ }, "MultipleValuesSetting": { "additionalProperties": false, - "description": "Indicates whether a slot can return multiple values.", "properties": { "AllowMultipleValues": { "type": "boolean" @@ -1196,7 +1150,6 @@ "type": "object" }, "Name": { - "description": "Unique name for a resource.", "maxLength": 100, "minLength": 1, "pattern": "^([0-9a-zA-Z][_-]?)+$", @@ -1204,10 +1157,8 @@ }, "ObfuscationSetting": { "additionalProperties": false, - "description": "Determines whether Amazon Lex obscures slot values in conversation logs.", "properties": { "ObfuscationSettingType": { - "description": "Value that determines whether Amazon Lex obscures slot values in conversation logs. The default is to obscure the values.", "enum": [ "None", "DefaultObfuscation" @@ -1222,7 +1173,6 @@ }, "OutputContext": { "additionalProperties": false, - "description": "A session context that is activated when an intent is fulfilled.", "properties": { "Name": { "$ref": "#/definitions/Name" @@ -1242,7 +1192,6 @@ "type": "object" }, "OutputContextsList": { - "description": "A list of contexts that the intent activates when it is fulfilled.", "insertionOrder": false, "items": { "$ref": "#/definitions/OutputContext" @@ -1251,19 +1200,15 @@ "type": "array" }, "ParentIntentSignature": { - "description": "A unique identifier for the built-in intent to base this intent on.", "type": "string" }, "ParentSlotTypeSignature": { - "description": "The built-in slot type used as a parent of this slot type.", "type": "string" }, "PlainTextMessage": { "additionalProperties": false, - "description": "A message in plain text format.", "properties": { "Value": { - "description": "The message to send to the user.", "maxLength": 1000, "minLength": 1, "type": "string" @@ -1276,103 +1221,80 @@ }, "PostDialogCodeHookInvocationSpecification": { "additionalProperties": false, - "description": "Specifies next steps to run after the dialog code hook finishes.", "properties": { "FailureConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed." + "$ref": "#/definitions/ConditionalSpecification" }, "FailureNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed." + "$ref": "#/definitions/DialogState" }, "FailureResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "SuccessConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate after the dialog code hook finishes successfully." + "$ref": "#/definitions/ConditionalSpecification" }, "SuccessNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifics the next step the bot runs after the dialog code hook finishes successfully." + "$ref": "#/definitions/DialogState" }, "SuccessResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "TimeoutConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate if the code hook times out." + "$ref": "#/definitions/ConditionalSpecification" }, "TimeoutNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step that the bot runs when the code hook times out." + "$ref": "#/definitions/DialogState" }, "TimeoutResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" } }, "type": "object" }, "PostFulfillmentStatusSpecification": { "additionalProperties": false, - "description": "Provides a setting that determines whether the post-fulfillment response is sent to the user.", "properties": { "FailureConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate after the fulfillment code hook throws an exception or returns with the State field of the Intent object set to Failed." + "$ref": "#/definitions/ConditionalSpecification" }, "FailureNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step the bot runs after the fulfillment code hook throws an exception or returns with the State field of the Intent object set to Failed." + "$ref": "#/definitions/DialogState" }, "FailureResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "SuccessConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate after the fulfillment code hook finishes successfully." + "$ref": "#/definitions/ConditionalSpecification" }, "SuccessNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step in the conversation that Amazon Lex invokes when the fulfillment code hook completes successfully." + "$ref": "#/definitions/DialogState" }, "SuccessResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "TimeoutConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate if the fulfillment code hook times out." + "$ref": "#/definitions/ConditionalSpecification" }, "TimeoutNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step that the bot runs when the fulfillment code hook times out." + "$ref": "#/definitions/DialogState" }, "TimeoutResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" } }, "required": [], "type": "object" }, "PriorityValue": { - "description": "The priority that a slot should be elicited.", "maximum": 100, "minimum": 0, "type": "integer" }, "PromptAttemptSpecification": { "additionalProperties": false, - "description": "Specifies the settings on a prompt attempt.", "properties": { "AllowInterrupt": { - "description": "Indicates whether the user can interrupt a speech prompt attempt from the bot.", "type": "boolean" }, "AllowedInputTypes": { @@ -1391,17 +1313,14 @@ "type": "object" }, "PromptMaxRetries": { - "description": "The maximum number of times the bot tries to elicit a response from the user using this prompt.", "maximum": 5, "minimum": 0, "type": "integer" }, "PromptSpecification": { "additionalProperties": false, - "description": "Prompts the user to confirm the intent.", "properties": { "AllowInterrupt": { - "description": "Indicates whether the user can interrupt a speech prompt from the bot.", "type": "boolean" }, "MaxRetries": { @@ -1415,7 +1334,6 @@ }, "PromptAttemptsSpecification": { "additionalProperties": false, - "description": "Specifies the advanced settings on each attempt of the prompt.", "patternProperties": { "^(Initial|Retry1|Retry2|Retry3|Retry4|Retry5)$": { "$ref": "#/definitions/PromptAttemptSpecification" @@ -1430,18 +1348,179 @@ ], "type": "object" }, + "QInConnectIntentConfiguration": { + "additionalProperties": false, + "properties": { + "QInConnectAssistantConfiguration": { + "additionalProperties": false, + "properties": { + "AssistantArn": { + "maxLength": 200, + "minLength": 1, + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + } + }, + "required": [ + "AssistantArn" + ], + "type": "object" + } + }, + "type": "object" + }, + "QnAIntentConfiguration": { + "additionalProperties": false, + "properties": { + "BedrockModelConfiguration": { + "$ref": "#/definitions/BedrockModelSpecification" + }, + "DataSourceConfiguration": { + "additionalProperties": false, + "properties": { + "BedrockKnowledgeStoreConfiguration": { + "additionalProperties": false, + "properties": { + "BKBExactResponseFields": { + "additionalProperties": false, + "properties": { + "AnswerField": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "BedrockKnowledgeBaseArn": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "ExactResponse": { + "type": "boolean" + } + }, + "type": "object" + }, + "KendraConfiguration": { + "$ref": "#/definitions/QnAKendraConfiguration" + }, + "OpensearchConfiguration": { + "additionalProperties": false, + "properties": { + "DomainEndpoint": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "ExactResponse": { + "type": "boolean" + }, + "ExactResponseFields": { + "additionalProperties": false, + "properties": { + "AnswerField": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "QuestionField": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "IncludeFields": { + "insertionOrder": false, + "items": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "type": "array" + }, + "IndexName": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "DataSourceConfiguration", + "BedrockModelConfiguration" + ], + "type": "object" + }, + "QnAKendraConfiguration": { + "additionalProperties": false, + "properties": { + "ExactResponse": { + "type": "boolean" + }, + "KendraIndex": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "QueryFilterString": { + "maxLength": 5000, + "minLength": 1, + "type": "string" + }, + "QueryFilterStringEnabled": { + "type": "boolean" + } + }, + "required": [ + "KendraIndex", + "QueryFilterStringEnabled", + "ExactResponse" + ], + "type": "object" + }, "QueryFilterString": { - "description": "A query filter that Amazon Lex sends to Amazon Kendra to filter the response from a query.", "maxLength": 5000, "minLength": 1, "type": "string" }, + "ReplicaRegion": { + "description": "The secondary region that will be used in the replication of the source bot.", + "maxLength": 25, + "minLength": 2, + "type": "string" + }, + "Replication": { + "additionalProperties": false, + "properties": { + "ReplicaRegions": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ReplicaRegion" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "ReplicaRegions" + ], + "type": "object" + }, "ResponseSpecification": { "additionalProperties": false, - "description": "A list of message groups that Amazon Lex uses to respond the user input.", "properties": { "AllowInterrupt": { - "description": "Indicates whether the user can interrupt a speech prompt from the bot.", "type": "boolean" }, "MessageGroupsList": { @@ -1454,7 +1533,6 @@ "type": "object" }, "RoleArn": { - "description": "The Amazon Resource Name (ARN) of an IAM role that has permission to access the bot.", "maxLength": 2048, "minLength": 32, "pattern": "^arn:aws[a-zA-Z-]*:iam::[0-9]{12}:role/.*$", @@ -1462,23 +1540,19 @@ }, "S3BucketLogDestination": { "additionalProperties": false, - "description": "Specifies an Amazon S3 bucket for logging audio conversations", "properties": { "KmsKeyArn": { - "description": "The Amazon Resource Name (ARN) of an AWS Key Management Service (KMS) key for encrypting audio log files stored in an S3 bucket.", "maxLength": 2048, "minLength": 20, "pattern": "^arn:[\\w\\-]+:kms:[\\w\\-]+:[\\d]{12}:(?:key\\/[\\w\\-]+|alias\\/[a-zA-Z0-9:\\/_\\-]{1,256})$", "type": "string" }, "LogPrefix": { - "description": "The Amazon S3 key of the deployment package.", "maxLength": 1024, "minLength": 0, "type": "string" }, "S3BucketArn": { - "description": "The Amazon Resource Name (ARN) of an Amazon S3 bucket where audio log files are stored.", "maxLength": 2048, "minLength": 1, "pattern": "^arn:[\\w\\-]+:s3:::[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$", @@ -1499,18 +1573,14 @@ }, "S3Location": { "additionalProperties": false, - "description": "S3 location of bot definitions zip file, if it's not defined inline in CloudFormation.", "properties": { "S3Bucket": { - "$ref": "#/definitions/S3BucketName", - "description": "An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account." + "$ref": "#/definitions/S3BucketName" }, "S3ObjectKey": { - "$ref": "#/definitions/S3ObjectKey", - "description": "The Amazon S3 key of the deployment package." + "$ref": "#/definitions/S3ObjectKey" }, "S3ObjectVersion": { - "description": "For versioned objects, the version of the deployment package object to use. If not specified, the current object version will be used.", "maxLength": 1024, "minLength": 1, "type": "string" @@ -1530,10 +1600,8 @@ }, "SSMLMessage": { "additionalProperties": false, - "description": "A message in Speech Synthesis Markup Language (SSML).", "properties": { "Value": { - "description": "The SSML text that defines the prompt.", "maxLength": 1000, "minLength": 1, "type": "string" @@ -1546,7 +1614,6 @@ }, "SampleUtterance": { "additionalProperties": false, - "description": "A sample utterance that invokes an intent or respond to a slot elicitation prompt.", "properties": { "Utterance": { "$ref": "#/definitions/Utterance" @@ -1558,7 +1625,6 @@ "type": "object" }, "SampleUtterancesList": { - "description": "An array of sample utterances", "insertionOrder": false, "items": { "$ref": "#/definitions/SampleUtterance" @@ -1567,10 +1633,8 @@ }, "SampleValue": { "additionalProperties": false, - "description": "Defines one of the values for a slot type.", "properties": { "Value": { - "description": "The value that can be used for a slot type.", "maxLength": 140, "minLength": 1, "type": "string" @@ -1583,7 +1647,6 @@ }, "SessionAttribute": { "additionalProperties": false, - "description": "Key/value pair representing session-specific context information. It contains application information passed between Amazon Lex and a client application.", "properties": { "Key": { "maxLength": 1024, @@ -1603,7 +1666,6 @@ }, "Slot": { "additionalProperties": false, - "description": "A slot is a variable needed to fulfill an intent, where an intent can require zero or more slots.", "properties": { "Description": { "$ref": "#/definitions/Description" @@ -1633,39 +1695,30 @@ }, "SlotCaptureSetting": { "additionalProperties": false, - "description": "Settings used when Amazon Lex successfully captures a slot value from a user.", "properties": { "CaptureConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate after the slot value is captured." + "$ref": "#/definitions/ConditionalSpecification" }, "CaptureNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step that the bot runs when the slot value is captured before the code hook times out." + "$ref": "#/definitions/DialogState" }, "CaptureResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" }, "CodeHook": { - "$ref": "#/definitions/DialogCodeHookInvocationSetting", - "description": "Code hook called after Amazon Lex successfully captures a slot value." + "$ref": "#/definitions/DialogCodeHookInvocationSetting" }, "ElicitationCodeHook": { - "$ref": "#/definitions/ElicitationCodeHookInvocationSetting", - "description": "Code hook called when Amazon Lex doesn't capture a slot value." + "$ref": "#/definitions/ElicitationCodeHookInvocationSetting" }, "FailureConditional": { - "$ref": "#/definitions/ConditionalSpecification", - "description": "A list of conditional branches to evaluate when the slot value isn't captured." + "$ref": "#/definitions/ConditionalSpecification" }, "FailureNextStep": { - "$ref": "#/definitions/DialogState", - "description": "Specifies the next step that the bot runs when the slot value code is not recognized." + "$ref": "#/definitions/DialogState" }, "FailureResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "Specifies a list of message groups that Amazon Lex uses to respond the user input." + "$ref": "#/definitions/ResponseSpecification" } }, "type": "object" @@ -1679,10 +1732,8 @@ }, "SlotDefaultValue": { "additionalProperties": false, - "description": "The default value to use when a user doesn't provide a value for a slot.", "properties": { "DefaultValue": { - "description": "The default value to use when a user doesn't provide a value for a slot.", "maxLength": 202, "minLength": 1, "type": "string" @@ -1695,10 +1746,8 @@ }, "SlotDefaultValueSpecification": { "additionalProperties": false, - "description": "A list of values that Amazon Lex should use as the default value for a slot.", "properties": { "DefaultValueList": { - "description": "A list of slot default values", "insertionOrder": false, "items": { "$ref": "#/definitions/SlotDefaultValue" @@ -1713,7 +1762,6 @@ "type": "object" }, "SlotPrioritiesList": { - "description": "List for slot priorities", "insertionOrder": false, "items": { "$ref": "#/definitions/SlotPriority" @@ -1722,14 +1770,12 @@ }, "SlotPriority": { "additionalProperties": false, - "description": "The priority that Amazon Lex should use when eliciting slot values from a user.", "properties": { "Priority": { "$ref": "#/definitions/PriorityValue" }, "SlotName": { - "$ref": "#/definitions/Name", - "description": "The name of the slot." + "$ref": "#/definitions/Name" } }, "required": [ @@ -1739,7 +1785,6 @@ "type": "object" }, "SlotShape": { - "description": "The different shapes that a slot can be in during a conversation.", "enum": [ "Scalar", "List" @@ -1748,8 +1793,10 @@ }, "SlotType": { "additionalProperties": false, - "description": "A custom, extended built-in or a grammar slot type.", "properties": { + "CompositeSlotTypeSetting": { + "$ref": "#/definitions/CompositeSlotTypeSetting" + }, "Description": { "$ref": "#/definitions/Description" }, @@ -1775,12 +1822,10 @@ "type": "object" }, "SlotTypeName": { - "description": "The slot type name that is used in the slot. Allows for custom and built-in slot type names", "type": "string" }, "SlotTypeValue": { "additionalProperties": false, - "description": "Value that the slot type can take.", "properties": { "SampleValue": { "$ref": "#/definitions/SampleValue" @@ -1795,7 +1840,6 @@ "type": "object" }, "SlotTypeValues": { - "description": "A List of slot type values", "insertionOrder": false, "items": { "$ref": "#/definitions/SlotTypeValue" @@ -1805,10 +1849,8 @@ }, "SlotValue": { "additionalProperties": false, - "description": "The value to set in a slot.", "properties": { "InterpretedValue": { - "description": "The value that Amazon Lex determines for the slot.", "maxLength": 202, "minLength": 1, "type": "string" @@ -1818,31 +1860,24 @@ }, "SlotValueElicitationSetting": { "additionalProperties": false, - "description": "Settings that you can use for eliciting a slot value.", "properties": { "DefaultValueSpecification": { - "$ref": "#/definitions/SlotDefaultValueSpecification", - "description": "A list of default values for a slot." + "$ref": "#/definitions/SlotDefaultValueSpecification" }, "PromptSpecification": { - "$ref": "#/definitions/PromptSpecification", - "description": "The prompt that Amazon Lex uses to elicit the slot value from the user." + "$ref": "#/definitions/PromptSpecification" }, "SampleUtterances": { - "$ref": "#/definitions/SampleUtterancesList", - "description": "If you know a specific pattern that users might respond to an Amazon Lex request for a slot value, you can provide those utterances to improve accuracy." + "$ref": "#/definitions/SampleUtterancesList" }, "SlotCaptureSetting": { - "$ref": "#/definitions/SlotCaptureSetting", - "description": "Specifies the next stage in the conversation after capturing the slot." + "$ref": "#/definitions/SlotCaptureSetting" }, "SlotConstraint": { - "$ref": "#/definitions/SlotConstraint", - "description": "Specifies whether the slot is required or optional." + "$ref": "#/definitions/SlotConstraint" }, "WaitAndContinueSpecification": { - "$ref": "#/definitions/WaitAndContinueSpecification", - "description": "Specifies the prompts that Amazon Lex uses while a bot is waiting for customer input." + "$ref": "#/definitions/WaitAndContinueSpecification" } }, "required": [ @@ -1852,26 +1887,21 @@ }, "SlotValueOverride": { "additionalProperties": false, - "description": "The slot values that Amazon Lex uses when it sets slot values in a dialog step.", "properties": { "Shape": { - "$ref": "#/definitions/SlotShape", - "description": "When the shape value is List, it indicates that the values field contains a list of slot values. When the value is Scalar, it indicates that the value field contains a single value." + "$ref": "#/definitions/SlotShape" }, "Value": { - "$ref": "#/definitions/SlotValue", - "description": "The current value of the slot." + "$ref": "#/definitions/SlotValue" }, "Values": { - "$ref": "#/definitions/SlotValues", - "description": "A list of one or more values that the user provided for the slot. For example, for a slot that elicits pizza toppings, the values might be \"pepperoni\" and \"pineapple.\"" + "$ref": "#/definitions/SlotValues" } }, "type": "object" }, "SlotValueOverrideMap": { "additionalProperties": false, - "description": "A map of slot names and their overridden values.", "properties": { "SlotName": { "$ref": "#/definitions/Name" @@ -1884,10 +1914,8 @@ }, "SlotValueRegexFilter": { "additionalProperties": false, - "description": "A regular expression used to validate the value of a slot.", "properties": { "Pattern": { - "description": "Regex pattern", "maxLength": 300, "minLength": 1, "type": "string" @@ -1901,13 +1929,13 @@ "SlotValueResolutionStrategy": { "enum": [ "ORIGINAL_VALUE", - "TOP_RESOLUTION" + "TOP_RESOLUTION", + "CONCATENATION" ], "type": "string" }, "SlotValueSelectionSetting": { "additionalProperties": false, - "description": "Contains settings used by Amazon Lex to select a slot value.", "properties": { "AdvancedRecognitionSetting": { "$ref": "#/definitions/AdvancedRecognitionSetting" @@ -1925,24 +1953,21 @@ "type": "object" }, "SlotValues": { - "description": "An array of values that slots should be set to", + "insertionOrder": false, "items": { "$ref": "#/definitions/SlotValueOverride" }, "type": "array" }, "StillWaitingResponseFrequency": { - "description": "How often a message should be sent to the user in seconds.", "maximum": 300, "minimum": 1, "type": "integer" }, "StillWaitingResponseSpecification": { "additionalProperties": false, - "description": "StillWaitingResponseSpecification.", "properties": { "AllowInterrupt": { - "description": "Indicates whether the user can interrupt a speech prompt from the bot.", "type": "boolean" }, "FrequencyInSeconds": { @@ -1963,13 +1988,33 @@ "type": "object" }, "StillWaitingResponseTimeout": { - "description": "If Amazon Lex waits longer than this length of time in seconds for a response, it will stop sending messages.", "maximum": 900, "minimum": 1, "type": "integer" }, + "SubSlotTypeComposition": { + "additionalProperties": false, + "properties": { + "Name": { + "maxLength": 100, + "minLength": 1, + "pattern": "^([0-9a-zA-Z][_-]?){1,100}$", + "type": "string" + }, + "SlotTypeId": { + "maxLength": 25, + "minLength": 1, + "pattern": "^((AMAZON\\.)[a-zA-Z_]+?|[0-9a-zA-Z]+)$", + "type": "string" + } + }, + "required": [ + "Name", + "SlotTypeId" + ], + "type": "object" + }, "SynonymList": { - "description": "Additional values related to the slot type entry.", "insertionOrder": false, "items": { "$ref": "#/definitions/SampleValue" @@ -1979,16 +2024,13 @@ }, "Tag": { "additionalProperties": false, - "description": "A key-value pair for tagging Lex resources", "properties": { "Key": { - "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { - "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, "minLength": 0, "type": "string" @@ -2002,7 +2044,6 @@ }, "TestBotAliasSettings": { "additionalProperties": false, - "description": "Configuring the test bot alias settings for a given bot", "properties": { "BotAliasLocaleSettings": { "$ref": "#/definitions/BotAliasLocaleSettingsList" @@ -2015,10 +2056,8 @@ }, "SentimentAnalysisSettings": { "additionalProperties": false, - "description": "Determines whether Amazon Lex will use Amazon Comprehend to detect the sentiment of user utterances.", "properties": { "DetectSentiment": { - "description": "Enable to call Amazon Comprehend for Sentiment natively within Lex", "type": "boolean" } }, @@ -2032,10 +2071,8 @@ }, "TextInputSpecification": { "additionalProperties": false, - "description": "Specifies the text input specifications.", "properties": { "StartTimeoutMs": { - "description": "Time for which a bot waits before re-prompting a customer for text input.", "minimum": 1, "type": "integer" } @@ -2047,7 +2084,6 @@ }, "TextLogDestination": { "additionalProperties": false, - "description": "Defines the Amazon CloudWatch Logs destination log group for conversation text logs.", "properties": { "CloudWatch": { "$ref": "#/definitions/CloudWatchLogGroupLogDestination" @@ -2060,13 +2096,11 @@ }, "TextLogSetting": { "additionalProperties": false, - "description": "Contains information about code hooks that Amazon Lex calls during a conversation.", "properties": { "Destination": { "$ref": "#/definitions/TextLogDestination" }, "Enabled": { - "description": "", "type": "boolean" } }, @@ -2077,7 +2111,6 @@ "type": "object" }, "TextLogSettings": { - "description": "List of text log settings that pertain to the conversation log settings for the bot's TestBotAlias", "insertionOrder": false, "items": { "$ref": "#/definitions/TextLogSetting" @@ -2087,23 +2120,21 @@ "uniqueItems": true }, "Utterance": { - "description": "The sample utterance that Amazon Lex uses to build its machine-learning model to recognize intents/slots.", "type": "string" }, "VoiceSettings": { "additionalProperties": false, - "description": "Settings for using an Amazon Polly voice to communicate with a user.", "properties": { "Engine": { - "description": "Indicates the type of Amazon Polly voice that Amazon Lex should use for voice interaction with the user. For more information, see the engine parameter of the SynthesizeSpeech operation in the Amazon Polly developer guide.", "enum": [ "standard", - "neural" + "neural", + "long-form", + "generative" ], "type": "string" }, "VoiceId": { - "description": "The Amazon Polly voice ID that Amazon Lex uses for voice interaction with the user.", "type": "string" } }, @@ -2114,23 +2145,18 @@ }, "WaitAndContinueSpecification": { "additionalProperties": false, - "description": "The prompts that Amazon Lex uses while a bot is waiting for customer input.", "properties": { "ContinueResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "The response that Amazon Lex sends to indicate that the bot is ready to continue the conversation." + "$ref": "#/definitions/ResponseSpecification" }, "IsActive": { - "description": "Specifies whether the bot will wait for a user to respond.", "type": "boolean" }, "StillWaitingResponse": { - "$ref": "#/definitions/StillWaitingResponseSpecification", - "description": "The response that Amazon Lex sends periodically to the user to indicate that the bot is still waiting for input from the user." + "$ref": "#/definitions/StillWaitingResponseSpecification" }, "WaitingResponse": { - "$ref": "#/definitions/ResponseSpecification", - "description": "The response that Amazon Lex sends to indicate that the bot is waiting for the conversation to continue." + "$ref": "#/definitions/ResponseSpecification" } }, "required": [ @@ -2173,7 +2199,12 @@ "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "s3:GetObject", - "lex:UpdateBotAlias" + "lex:UpdateBotAlias", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "lex:CreateBotReplica", + "lex:DescribeBotReplica", + "lex:DeleteBotReplica" ] }, "delete": { @@ -2187,18 +2218,21 @@ "lex:DeleteBotVersion", "lex:DeleteBotChannel", "lex:DeleteBotAlias", - "lex:DeleteCustomVocabulary" + "lex:DeleteCustomVocabulary", + "lex:DeleteBotReplica" ] }, "list": { "permissions": [ - "lex:ListBots" + "lex:ListBots", + "lex:ListBotReplicas" ] }, "read": { "permissions": [ "lex:DescribeBot", - "lex:ListTagsForResource" + "lex:ListTagsForResource", + "lex:DescribeBotReplica" ] }, "update": { @@ -2233,7 +2267,10 @@ "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "s3:GetObject", - "lex:UpdateBotAlias" + "lex:UpdateBotAlias", + "lex:CreateBotReplica", + "lex:DescribeBotReplica", + "lex:DeleteBotReplica" ] } }, @@ -2245,14 +2282,12 @@ "$ref": "#/definitions/BotArn" }, "AutoBuildBotLocales": { - "description": "Specifies whether to build the bot locales after bot creation completes.", "type": "boolean" }, "BotFileS3Location": { "$ref": "#/definitions/S3Location" }, "BotLocales": { - "description": "List of bot locales", "insertionOrder": false, "items": { "$ref": "#/definitions/BotLocale" @@ -2261,7 +2296,6 @@ "uniqueItems": true }, "BotTags": { - "description": "A list of tags to add to the bot, which can only be added at bot creation.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -2272,10 +2306,8 @@ }, "DataPrivacy": { "additionalProperties": false, - "description": "Data privacy setting of the Bot.", "properties": { "ChildDirected": { - "description": "", "type": "boolean" } }, @@ -2291,7 +2323,6 @@ "$ref": "#/definitions/Id" }, "IdleSessionTTLInSeconds": { - "description": "IdleSessionTTLInSeconds of the resource", "maximum": 86400, "minimum": 60, "type": "integer" @@ -2299,6 +2330,9 @@ "Name": { "$ref": "#/definitions/Name" }, + "Replication": { + "$ref": "#/definitions/Replication" + }, "RoleArn": { "$ref": "#/definitions/RoleArn" }, @@ -2306,7 +2340,6 @@ "$ref": "#/definitions/TestBotAliasSettings" }, "TestBotAliasTags": { - "description": "A list of tags to add to the test alias for a bot, , which can only be added at bot/bot alias creation.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -2334,6 +2367,7 @@ "/properties/BotFileS3Location", "/properties/AutoBuildBotLocales", "/properties/BotTags", - "/properties/TestBotAliasTags" + "/properties/TestBotAliasTags", + "/properties/Replication" ] } diff --git a/src/schema/aws-lightsail-bucket.json b/src/schema/aws-lightsail-bucket.json index 9931011e..0e267ca6 100644 --- a/src/schema/aws-lightsail-bucket.json +++ b/src/schema/aws-lightsail-bucket.json @@ -156,6 +156,16 @@ "BundleId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-lightsail.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::Bucket" } diff --git a/src/schema/aws-lightsail-certificate.json b/src/schema/aws-lightsail-certificate.json index 65ea904a..d3cbd345 100644 --- a/src/schema/aws-lightsail-certificate.json +++ b/src/schema/aws-lightsail-certificate.json @@ -110,6 +110,16 @@ "DomainName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::Certificate" } diff --git a/src/schema/aws-lightsail-container.json b/src/schema/aws-lightsail-container.json index 3f70d58e..8c1171c6 100644 --- a/src/schema/aws-lightsail-container.json +++ b/src/schema/aws-lightsail-container.json @@ -318,6 +318,16 @@ "Scale" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-lightsail.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::Container" } diff --git a/src/schema/aws-lightsail-database.json b/src/schema/aws-lightsail-database.json index a6595a0a..68eef3ac 100644 --- a/src/schema/aws-lightsail-database.json +++ b/src/schema/aws-lightsail-database.json @@ -221,7 +221,17 @@ "MasterUsername" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-lightsail.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::Database", "writeOnlyProperties": [ "/properties/MasterUserPassword", diff --git a/src/schema/aws-lightsail-disk.json b/src/schema/aws-lightsail-disk.json index 20d2d53b..f7e701dd 100644 --- a/src/schema/aws-lightsail-disk.json +++ b/src/schema/aws-lightsail-disk.json @@ -227,6 +227,16 @@ "SizeInGb" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-lightsail.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::Disk" } diff --git a/src/schema/aws-lightsail-distribution.json b/src/schema/aws-lightsail-distribution.json index 77ef52d3..4ffa231c 100644 --- a/src/schema/aws-lightsail-distribution.json +++ b/src/schema/aws-lightsail-distribution.json @@ -300,6 +300,16 @@ "Origin" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-lightsail.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::Distribution" } diff --git a/src/schema/aws-lightsail-instance.json b/src/schema/aws-lightsail-instance.json index b43f0c35..be3ff753 100644 --- a/src/schema/aws-lightsail-instance.json +++ b/src/schema/aws-lightsail-instance.json @@ -458,7 +458,17 @@ "BundleId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-lightsail.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::Instance", "writeOnlyProperties": [ "/properties/UserData" diff --git a/src/schema/aws-lightsail-loadbalancer.json b/src/schema/aws-lightsail-loadbalancer.json index d2dc05d2..c696dda8 100644 --- a/src/schema/aws-lightsail-loadbalancer.json +++ b/src/schema/aws-lightsail-loadbalancer.json @@ -138,6 +138,16 @@ "InstancePort" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-lightsail.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "lightsail:TagResource", + "lightsail:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Lightsail::LoadBalancer" } diff --git a/src/schema/aws-location-apikey.json b/src/schema/aws-location-apikey.json index b8e7adcf..317a4d03 100644 --- a/src/schema/aws-location-apikey.json +++ b/src/schema/aws-location-apikey.json @@ -12,10 +12,10 @@ "items": { "maxLength": 200, "minLength": 5, - "pattern": "^geo:\\w*\\*?$", + "pattern": "^(geo|geo-routes|geo-places|geo-maps):\\w*\\*?$", "type": "string" }, - "maxItems": 7, + "maxItems": 24, "minItems": 1, "type": "array" }, @@ -37,7 +37,7 @@ "pattern": "(^arn(:[a-z0-9]+([.-][a-z0-9]+)*):geo(:([a-z0-9]+([.-][a-z0-9]+)*))(:[0-9]+):((\\*)|([-a-z]+[/][*-._\\w]+))$)|(^arn(:[a-z0-9]+([.-][a-z0-9]+)*):(geo-routes|geo-places|geo-maps)(:((\\*)|([a-z0-9]+([.-][a-z0-9]+)*)))::((provider[\\/][*-._\\w]+))$)", "type": "string" }, - "maxItems": 5, + "maxItems": 8, "minItems": 1, "type": "array" } @@ -86,6 +86,10 @@ }, "type": "object" }, + "Unit": { + "additionalProperties": false, + "type": "object" + }, "iso8601UTC": { "description": "The datetime value in ISO 8601 format. The timezone is always UTC. (YYYY-MM-DDThh:mm:ss.sssZ)", "pattern": "^([0-2]\\d{3})-(0[0-9]|1[0-2])-([0-2]\\d|3[01])T([01]\\d|2[0-4]):([0-5]\\d):([0-6]\\d)((\\.\\d{3})?)Z$", @@ -109,7 +113,21 @@ "geo:SearchPlaceIndexForSuggestions", "geo:GetPlace", "geo:CalculateRoute", - "geo:CalculateRouteMatrix" + "geo:CalculateRouteMatrix", + "geo-maps:GetTile", + "geo-maps:GetStaticMap", + "geo-places:Autocomplete", + "geo-places:Geocode", + "geo-places:GetPlace", + "geo-places:ReverseGeocode", + "geo-places:SearchNearby", + "geo-places:SearchText", + "geo-places:Suggest", + "geo-routes:CalculateIsolines", + "geo-routes:CalculateRouteMatrix", + "geo-routes:CalculateRoutes", + "geo-routes:OptimizeWaypoints", + "geo-routes:SnapToRoads" ] }, "delete": { @@ -144,6 +162,20 @@ "geo:GetPlace", "geo:CalculateRoute", "geo:CalculateRouteMatrix", + "geo-maps:GetTile", + "geo-maps:GetStaticMap", + "geo-places:Autocomplete", + "geo-places:Geocode", + "geo-places:GetPlace", + "geo-places:ReverseGeocode", + "geo-places:SearchNearby", + "geo-places:SearchText", + "geo-places:Suggest", + "geo-routes:CalculateIsolines", + "geo-routes:CalculateRouteMatrix", + "geo-routes:CalculateRoutes", + "geo-routes:OptimizeWaypoints", + "geo-routes:SnapToRoads", "geo:UpdateKey" ] } @@ -218,6 +250,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "geo:TagResource", + "geo:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-location-geofencecollection.json b/src/schema/aws-location-geofencecollection.json index 17f9a7a6..c2a064d9 100644 --- a/src/schema/aws-location-geofencecollection.json +++ b/src/schema/aws-location-geofencecollection.json @@ -40,10 +40,10 @@ "additionalProperties": false, "maxProperties": 50, "patternProperties": { - "^[a-zA-Z+-=._:/]+$": { + "^([\\p{L}\\p{Z}\\p{N}_.,:/=+\\-@]*)$": { "maxLength": 256, "minLength": 0, - "pattern": "^[A-Za-z0-9 _=@:.+-/]*$", + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.,:/=+\\-@]*)$", "type": "string" } }, @@ -166,6 +166,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "geo:TagResource", + "geo:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-location-map.json b/src/schema/aws-location-map.json index 851636a8..3f480693 100644 --- a/src/schema/aws-location-map.json +++ b/src/schema/aws-location-map.json @@ -183,6 +183,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "geo:TagResource", + "geo:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-location-placeindex.json b/src/schema/aws-location-placeindex.json index 808ee0bc..adab7607 100644 --- a/src/schema/aws-location-placeindex.json +++ b/src/schema/aws-location-placeindex.json @@ -171,6 +171,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "geo:TagResource", + "geo:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-location-routecalculator.json b/src/schema/aws-location-routecalculator.json index f56c886d..256de2e1 100644 --- a/src/schema/aws-location-routecalculator.json +++ b/src/schema/aws-location-routecalculator.json @@ -152,6 +152,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "geo:TagResource", + "geo:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-location-tracker.json b/src/schema/aws-location-tracker.json index 20e03c25..ec94b317 100644 --- a/src/schema/aws-location-tracker.json +++ b/src/schema/aws-location-tracker.json @@ -183,6 +183,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "geo:TagResource", + "geo:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-logs-accountpolicy.json b/src/schema/aws-logs-accountpolicy.json index 7fc78f4d..9d3aa520 100644 --- a/src/schema/aws-logs-accountpolicy.json +++ b/src/schema/aws-logs-accountpolicy.json @@ -9,6 +9,7 @@ "create": { "permissions": [ "logs:PutAccountPolicy", + "logs:PutIndexPolicy", "logs:PutDataProtectionPolicy", "logs:DescribeAccountPolicies", "logs:CreateLogDelivery", @@ -16,15 +17,18 @@ "firehose:TagDeliveryStream", "logs:PutSubscriptionFilter", "logs:DeleteSubscriptionFilter", + "logs:PutTransformer", "iam:PassRole" ] }, "delete": { "permissions": [ "logs:DeleteAccountPolicy", + "logs:DeleteIndexPolicy", "logs:DeleteDataProtectionPolicy", "logs:DescribeAccountPolicies", "logs:DeleteSubscriptionFilter", + "logs:DeleteTransformer", "iam:PassRole" ] }, @@ -40,24 +44,30 @@ ] }, "permissions": [ - "logs:DescribeAccountPolicies" + "logs:DescribeAccountPolicies", + "logs:GetTransformer" ] }, "read": { "permissions": [ - "logs:DescribeAccountPolicies" + "logs:DescribeAccountPolicies", + "logs:GetTransformer" ] }, "update": { "permissions": [ "logs:PutAccountPolicy", + "logs:PutIndexPolicy", "logs:PutDataProtectionPolicy", "logs:DescribeAccountPolicies", "logs:DeleteAccountPolicy", + "logs:DeleteIndexPolicy", "logs:DeleteDataProtectionPolicy", "logs:CreateLogDelivery", "logs:PutSubscriptionFilter", "logs:DeleteSubscriptionFilter", + "logs:PutTransformer", + "logs:DeleteTransformer", "s3:REST.PUT.OBJECT", "firehose:TagDeliveryStream", "iam:PassRole" @@ -92,7 +102,9 @@ "description": "Type of the policy.", "enum": [ "DATA_PROTECTION_POLICY", - "SUBSCRIPTION_FILTER_POLICY" + "SUBSCRIPTION_FILTER_POLICY", + "FIELD_INDEX_POLICY", + "TRANSFORMER_POLICY" ], "type": "string" }, diff --git a/src/schema/aws-logs-delivery.json b/src/schema/aws-logs-delivery.json index d1b05564..c38a2fc3 100644 --- a/src/schema/aws-logs-delivery.json +++ b/src/schema/aws-logs-delivery.json @@ -12,6 +12,12 @@ "pattern": "[\\w#+=/:,.@-]*\\*?", "type": "string" }, + "FieldHeader": { + "description": "A single record field to be delivered to the destination.", + "maxLength": 50, + "minLength": 1, + "type": "string" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -73,7 +79,8 @@ "logs:GetDelivery", "logs:ListTagsForResource", "logs:TagResource", - "logs:UntagResource" + "logs:UntagResource", + "logs:UpdateDeliveryConfiguration" ] } }, @@ -110,6 +117,29 @@ "pattern": "[\\w-]*$", "type": "string" }, + "FieldDelimiter": { + "description": "The field delimiter to use between record fields when the final output format of a delivery is in Plain , W3C , or Raw format.", + "maxLength": 5, + "minLength": 1, + "type": "string" + }, + "RecordFields": { + "description": "The list of record fields to be delivered to the destination, in order. If the delivery's log source has mandatory fields, they must be included in this list.", + "items": { + "$ref": "#/definitions/FieldHeader" + }, + "type": "array" + }, + "S3EnableHiveCompatiblePath": { + "description": "This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive.", + "type": "boolean" + }, + "S3SuffixPath": { + "description": "This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. See ConfigurationTemplate$allowedSuffixPathFields for more info on what values are supported in the suffix path for each log source.", + "maxLength": 256, + "minLength": 0, + "type": "string" + }, "Tags": { "description": "The tags that have been assigned to this delivery.", "insertionOrder": false, @@ -132,6 +162,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "logs:TagResource", + "logs:UntagResource", + "logs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-logs-deliverydestination.json b/src/schema/aws-logs-deliverydestination.json index 30699eba..f00eff7e 100644 --- a/src/schema/aws-logs-deliverydestination.json +++ b/src/schema/aws-logs-deliverydestination.json @@ -2,6 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Name", + "/properties/OutputFormat", "/properties/DestinationResourceArn" ], "definitions": { @@ -127,7 +128,7 @@ }, "DestinationResourceArn": { "$ref": "#/definitions/Arn", - "description": "The ARN of the AWS resource that will receive the logs." + "description": "The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose." }, "Name": { "description": "The name of this delivery destination.", @@ -136,6 +137,13 @@ "pattern": "[\\w-]*$", "type": "string" }, + "OutputFormat": { + "description": "The format of the logs that are sent to this delivery destination.", + "maxLength": 12, + "minLength": 1, + "pattern": "^[0-9A-Za-z]+$", + "type": "string" + }, "Tags": { "description": "The tags that have been assigned to this delivery destination.", "insertionOrder": false, @@ -156,6 +164,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "logs:TagResource", + "logs:UntagResource", + "logs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-logs-deliverysource.json b/src/schema/aws-logs-deliverysource.json index 5a42cfe3..37b77d5a 100644 --- a/src/schema/aws-logs-deliverysource.json +++ b/src/schema/aws-logs-deliverysource.json @@ -138,6 +138,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "logs:TagResource", + "logs:UntagResource", + "logs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-logs-integration.json b/src/schema/aws-logs-integration.json new file mode 100644 index 00000000..9da27ece --- /dev/null +++ b/src/schema/aws-logs-integration.json @@ -0,0 +1,167 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/IntegrationName", + "/properties/IntegrationType", + "/properties/ResourceConfig" + ], + "definitions": { + "Arn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "[\\w#+=/:,.@-]*\\*?", + "type": "string" + }, + "OpenSearchResourceConfig": { + "additionalProperties": false, + "properties": { + "ApplicationARN": { + "$ref": "#/definitions/Arn" + }, + "DashboardViewerPrincipals": { + "items": { + "$ref": "#/definitions/Arn" + }, + "type": "array" + }, + "DataSourceRoleArn": { + "$ref": "#/definitions/Arn" + }, + "KmsKeyArn": { + "$ref": "#/definitions/Arn" + }, + "RetentionDays": { + "maximum": 3650, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "DataSourceRoleArn", + "DashboardViewerPrincipals" + ], + "type": "object" + } + }, + "description": "Resource Schema for Logs Integration Resource", + "handlers": { + "create": { + "permissions": [ + "logs:PutIntegration", + "logs:GetIntegration", + "aoss:CreateCollection", + "aoss:CreateSecurityPolicy", + "aoss:CreateAccessPolicy", + "aoss:CreateLifeCyclePolicy", + "aoss:BatchGetCollection", + "aoss:DeleteCollection", + "aoss:DeleteSecurityPolicy", + "aoss:DeleteAccessPolicy", + "aoss:DeleteLifeCyclePolicy", + "aoss:GetAccessPolicy", + "aoss:GetSecurityPolicy", + "aoss:BatchGetLifecyclePolicy", + "aoss:TagResource", + "aoss:APIAccessAll", + "opensearch:AddDirectQueryDataSource", + "opensearch:DeleteDirectQueryDataSource", + "opensearch:GetDirectQueryDataSource", + "opensearch:CreateApplication", + "opensearch:GetApplication", + "opensearch:UpdateApplication", + "opensearch:DeleteApplication", + "opensearch:ApplicationAccessAll", + "opensearch:DashboardsAccessAll", + "opensearch:StartDirectQuery", + "opensearch:GetDirectQuery", + "iam:PassRole", + "iam:CreateServiceLinkedRole", + "iam:AttachRolePolicy", + "iam:AttachUserPolicy", + "es:AddDirectQueryDataSource", + "es:CreateApplication", + "es:UpdateApplication", + "es:GetApplication", + "es:DeleteApplication", + "es:DeleteDirectQueryDataSource", + "es:GetDirectQueryDataSource", + "es:AddTags", + "es:ListApplications" + ], + "timeoutInMinutes": 30 + }, + "delete": { + "permissions": [ + "logs:DeleteIntegration" + ] + }, + "list": { + "permissions": [ + "logs:ListIntegrations" + ] + }, + "read": { + "permissions": [ + "logs:GetIntegration" + ] + } + }, + "primaryIdentifier": [ + "/properties/IntegrationName" + ], + "properties": { + "IntegrationName": { + "description": "User provided identifier for integration, unique to the user account.", + "maxLength": 50, + "minLength": 1, + "pattern": "[\\.\\-_/#A-Za-z0-9]+", + "type": "string" + }, + "IntegrationStatus": { + "description": "Status of creation for the Integration and its resources", + "enum": [ + "PROVISIONING", + "ACTIVE", + "FAILED" + ], + "type": "string" + }, + "IntegrationType": { + "description": "The type of the Integration.", + "enum": [ + "OPENSEARCH" + ], + "type": "string" + }, + "ResourceConfig": { + "additionalProperties": false, + "description": "OpenSearchResourceConfig for the given Integration", + "properties": { + "OpenSearchResourceConfig": { + "$ref": "#/definitions/OpenSearchResourceConfig" + } + }, + "type": "object" + } + }, + "readOnlyProperties": [ + "/properties/IntegrationStatus" + ], + "replacementStrategy": "delete_then_create", + "required": [ + "IntegrationName", + "IntegrationType", + "ResourceConfig" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Logs::Integration", + "writeOnlyProperties": [ + "/properties/ResourceConfig" + ] +} diff --git a/src/schema/aws-logs-loggroup.json b/src/schema/aws-logs-loggroup.json index b7c624c7..e6f2d084 100644 --- a/src/schema/aws-logs-loggroup.json +++ b/src/schema/aws-logs-loggroup.json @@ -6,7 +6,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "", + "description": "The value of this key-value pair.", "properties": { "Key": { "description": "", @@ -15,7 +15,7 @@ "type": "string" }, "Value": { - "description": "", + "description": "The value of this key-value pair.", "maxLength": 256, "minLength": 0, "type": "string" @@ -42,7 +42,9 @@ "s3:REST.PUT.OBJECT", "firehose:TagDeliveryStream", "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies" + "logs:DescribeResourcePolicies", + "logs:PutIndexPolicy", + "logs:DescribeIndexPolicies" ] }, "delete": { @@ -70,7 +72,8 @@ "permissions": [ "logs:DescribeLogGroups", "logs:ListTagsForResource", - "logs:GetDataProtectionPolicy" + "logs:GetDataProtectionPolicy", + "logs:DescribeIndexPolicies" ] }, "update": { @@ -82,11 +85,14 @@ "logs:DeleteRetentionPolicy", "logs:TagResource", "logs:UntagResource", + "logs:ListTagsForResource", "logs:GetDataProtectionPolicy", "logs:PutDataProtectionPolicy", "logs:CreateLogDelivery", "s3:REST.PUT.OBJECT", - "firehose:TagDeliveryStream" + "firehose:TagDeliveryStream", + "logs:PutIndexPolicy", + "logs:DeleteIndexPolicy" ] } }, @@ -102,6 +108,16 @@ "description": "Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.\n For more information, including a list of types of data that can be audited and masked, see [Protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html).", "type": "object" }, + "FieldIndexPolicies": { + "description": "Creates or updates a *field index policy* for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see [Log classes](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html).\n You can use field index policies to create *field indexes* on fields found in log events in the log group. Creating field indexes lowers the costs for CWL Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields that have high cardinality of values Common examples of indexes include request ID, session ID, userID, and instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html).\n Currently, this array supports only one field index policy object.", + "insertionOrder": false, + "items": { + "description": "Index policy for log group in JSON format", + "type": "object" + }, + "type": "array", + "uniqueItems": true + }, "KmsKeyId": { "description": "The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.\n To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested.\n If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an ``InvalidParameterException`` error.\n Log group data is always encrypted in CWL. If you omit this key, the encryption does not use KMS. For more information, see [Encrypt log data in using](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)", "maxLength": 256, @@ -113,7 +129,8 @@ "description": "Specifies the log group class for this log group. There are two classes:\n + The ``Standard`` log class supports all CWL features.\n + The ``Infrequent Access`` log class supports a subset of CWL features and incurs lower costs.\n \n For details about the features supported by each class, see [Log classes](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html)", "enum": [ "STANDARD", - "INFREQUENT_ACCESS" + "INFREQUENT_ACCESS", + "DELIVERY" ], "type": "string" }, @@ -168,6 +185,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "logs:TagResource", + "logs:UntagResource", + "logs:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-logs-metricfilter.json b/src/schema/aws-logs-metricfilter.json index e7d54384..59e5a5d5 100644 --- a/src/schema/aws-logs-metricfilter.json +++ b/src/schema/aws-logs-metricfilter.json @@ -146,6 +146,10 @@ "/properties/FilterName" ], "properties": { + "ApplyOnTransformedLogs": { + "description": "This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html).\n If this value is ``true``, the metric filter is applied on the transformed version of the log events instead of the original ingested log events.", + "type": "boolean" + }, "FilterName": { "description": "The name of the metric filter.", "maxLength": 512, diff --git a/src/schema/aws-logs-querydefinition.json b/src/schema/aws-logs-querydefinition.json index b6d4a94a..6155e5fc 100644 --- a/src/schema/aws-logs-querydefinition.json +++ b/src/schema/aws-logs-querydefinition.json @@ -61,6 +61,16 @@ "minLength": 0, "type": "string" }, + "QueryLanguage": { + "default": "CWLI", + "description": "Query language of the query string. Possible values are CWLI, SQL, PPL, with CWLI being the default.", + "enum": [ + "CWLI", + "SQL", + "PPL" + ], + "type": "string" + }, "QueryString": { "description": "The query string to use for this definition", "maxLength": 10000, diff --git a/src/schema/aws-logs-subscriptionfilter.json b/src/schema/aws-logs-subscriptionfilter.json index a49dbc2b..552d9842 100644 --- a/src/schema/aws-logs-subscriptionfilter.json +++ b/src/schema/aws-logs-subscriptionfilter.json @@ -52,6 +52,10 @@ "/properties/LogGroupName" ], "properties": { + "ApplyOnTransformedLogs": { + "description": "This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html).\n If this value is ``true``, the subscription filter is applied on the transformed version of the log events instead of the original ingested log events.", + "type": "boolean" + }, "DestinationArn": { "description": "The Amazon Resource Name (ARN) of the destination.", "type": "string" diff --git a/src/schema/aws-logs-transformer.json b/src/schema/aws-logs-transformer.json new file mode 100644 index 00000000..72ee6493 --- /dev/null +++ b/src/schema/aws-logs-transformer.json @@ -0,0 +1,658 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/LogGroupIdentifier" + ], + "definitions": { + "AddKeyEntry": { + "additionalProperties": false, + "properties": { + "Key": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + }, + "OverwriteIfExists": { + "type": "boolean" + }, + "Value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Column": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + }, + "CopyValueEntry": { + "additionalProperties": false, + "properties": { + "OverwriteIfExists": { + "type": "boolean" + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + }, + "Target": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + } + }, + "required": [ + "Source", + "Target" + ], + "type": "object" + }, + "MatchPattern": { + "$ref": "#/definitions/NonEmptyString" + }, + "MaxLengthString": { + "maxLength": 128, + "type": "string" + }, + "MoveKeyEntry": { + "additionalProperties": false, + "properties": { + "OverwriteIfExists": { + "type": "boolean" + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + }, + "Target": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "required": [ + "Source", + "Target" + ], + "type": "object" + }, + "NonEmptyAndMaxLengthString": { + "maxLength": 128, + "pattern": "^.*[a-zA-Z0-9]+.*$", + "type": "string" + }, + "NonEmptyString": { + "pattern": "^.*[a-zA-Z0-9]+.*$", + "type": "string" + }, + "ParseCloudfront": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "type": "object" + }, + "ParsePostgres": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "type": "object" + }, + "ParseRoute53": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "type": "object" + }, + "ParseVPC": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "type": "object" + }, + "ParseWAF": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "type": "object" + }, + "Processor": { + "additionalProperties": false, + "description": "Individual processor configuration", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "AddKeys": { + "additionalProperties": false, + "properties": { + "Entries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AddKeyEntry" + }, + "maxItems": 5, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "Entries" + ], + "type": "object" + }, + "CopyValue": { + "additionalProperties": false, + "properties": { + "Entries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CopyValueEntry" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Entries" + ], + "type": "object" + }, + "Csv": { + "additionalProperties": false, + "properties": { + "Columns": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Column" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "Delimiter": { + "maxLength": 1, + "type": "string" + }, + "QuoteCharacter": { + "maxLength": 1, + "type": "string" + }, + "Source": { + "type": "string" + } + }, + "type": "object" + }, + "DateTimeConverter": { + "additionalProperties": false, + "properties": { + "Locale": { + "type": "string" + }, + "MatchPatterns": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/MatchPattern" + }, + "maxItems": 5, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + }, + "SourceTimezone": { + "type": "string" + }, + "Target": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + }, + "TargetFormat": { + "type": "string" + }, + "TargetTimezone": { + "type": "string" + } + }, + "required": [ + "Source", + "Target", + "MatchPatterns" + ], + "type": "object" + }, + "DeleteKeys": { + "additionalProperties": false, + "properties": { + "WithKeys": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/WithKey" + }, + "maxItems": 5, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "WithKeys" + ], + "type": "object" + }, + "Grok": { + "additionalProperties": false, + "properties": { + "Match": { + "maxLength": 128, + "type": "string" + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "required": [ + "Match" + ], + "type": "object" + }, + "ListToMap": { + "additionalProperties": false, + "properties": { + "Flatten": { + "type": "boolean" + }, + "FlattenedElement": { + "enum": [ + "first", + "last" + ], + "type": "string" + }, + "Key": { + "$ref": "#/definitions/NonEmptyString" + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + }, + "Target": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + }, + "ValueKey": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "required": [ + "Source", + "Key" + ], + "type": "object" + }, + "LowerCaseString": { + "additionalProperties": false, + "properties": { + "WithKeys": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/WithKey" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "WithKeys" + ], + "type": "object" + }, + "MoveKeys": { + "additionalProperties": false, + "properties": { + "Entries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/MoveKeyEntry" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Entries" + ], + "type": "object" + }, + "ParseCloudfront": { + "$ref": "#/definitions/ParseCloudfront" + }, + "ParseJSON": { + "additionalProperties": false, + "properties": { + "Destination": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + }, + "Source": { + "type": "string" + } + }, + "type": "object" + }, + "ParseKeyValue": { + "additionalProperties": false, + "properties": { + "Destination": { + "$ref": "#/definitions/NonEmptyString" + }, + "FieldDelimiter": { + "type": "string" + }, + "KeyPrefix": { + "$ref": "#/definitions/NonEmptyString" + }, + "KeyValueDelimiter": { + "type": "string" + }, + "NonMatchValue": { + "$ref": "#/definitions/NonEmptyString" + }, + "OverwriteIfExists": { + "type": "boolean" + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "type": "object" + }, + "ParsePostgres": { + "$ref": "#/definitions/ParsePostgres" + }, + "ParseRoute53": { + "$ref": "#/definitions/ParseRoute53" + }, + "ParseVPC": { + "$ref": "#/definitions/ParseVPC" + }, + "ParseWAF": { + "$ref": "#/definitions/ParseWAF" + }, + "RenameKeys": { + "additionalProperties": false, + "properties": { + "Entries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/RenameKeyEntry" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Entries" + ], + "type": "object" + }, + "SplitString": { + "additionalProperties": false, + "properties": { + "Entries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SplitStringEntry" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Entries" + ], + "type": "object" + }, + "SubstituteString": { + "additionalProperties": false, + "properties": { + "Entries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SubstituteStringEntry" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Entries" + ], + "type": "object" + }, + "TrimString": { + "additionalProperties": false, + "properties": { + "WithKeys": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/WithKey" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "WithKeys" + ], + "type": "object" + }, + "TypeConverter": { + "additionalProperties": false, + "properties": { + "Entries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/TypeConverterEntry" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Entries" + ], + "type": "object" + }, + "UpperCaseString": { + "additionalProperties": false, + "properties": { + "WithKeys": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/WithKey" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "WithKeys" + ], + "type": "object" + } + }, + "type": "object" + }, + "RenameKeyEntry": { + "additionalProperties": false, + "properties": { + "Key": { + "$ref": "#/definitions/NonEmptyString" + }, + "OverwriteIfExists": { + "type": "boolean" + }, + "RenameTo": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "required": [ + "Key", + "RenameTo" + ], + "type": "object" + }, + "SplitStringEntry": { + "additionalProperties": false, + "properties": { + "Delimiter": { + "maxLength": 1, + "type": "string" + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + } + }, + "required": [ + "Source", + "Delimiter" + ], + "type": "object" + }, + "SubstituteStringEntry": { + "additionalProperties": false, + "properties": { + "From": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + }, + "Source": { + "$ref": "#/definitions/NonEmptyString" + }, + "To": { + "$ref": "#/definitions/NonEmptyAndMaxLengthString" + } + }, + "required": [ + "Source", + "From", + "To" + ], + "type": "object" + }, + "TypeConverterEntry": { + "additionalProperties": false, + "properties": { + "Key": { + "$ref": "#/definitions/NonEmptyString" + }, + "Type": { + "enum": [ + "boolean", + "integer", + "double", + "string" + ], + "type": "string" + } + }, + "required": [ + "Key", + "Type" + ], + "type": "object" + }, + "WithKey": { + "maxLength": 128, + "minLength": 1, + "type": "string" + } + }, + "description": "Specifies a transformer on the log group to transform logs into consistent structured and information rich format.", + "handlers": { + "create": { + "permissions": [ + "logs:PutTransformer", + "logs:GetTransformer" + ] + }, + "delete": { + "permissions": [ + "logs:DeleteTransformer" + ] + }, + "list": { + "permissions": [ + "logs:DescribeLogGroups", + "logs:GetTransformer" + ] + }, + "read": { + "permissions": [ + "logs:GetTransformer" + ] + }, + "update": { + "permissions": [ + "logs:GetTransformer", + "logs:PutTransformer" + ] + } + }, + "primaryIdentifier": [ + "/properties/LogGroupIdentifier" + ], + "properties": { + "LogGroupIdentifier": { + "description": "Existing log group that you want to associate with this transformer.", + "maxLength": 2048, + "minLength": 1, + "pattern": "[\\w#+=/:,.@-]*", + "type": "string" + }, + "TransformerConfig": { + "description": "List of processors in a transformer", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Processor" + }, + "maxItems": 20, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "LogGroupIdentifier", + "TransformerConfig" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Logs::Transformer" +} diff --git a/src/schema/aws-m2-application.json b/src/schema/aws-m2-application.json index e394537d..68a3e957 100644 --- a/src/schema/aws-m2-application.json +++ b/src/schema/aws-m2-application.json @@ -153,13 +153,18 @@ "/properties/ApplicationId" ], "required": [ - "Definition", "EngineType", "Name" ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "m2:TagResource", + "m2:UntagResource", + "m2:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-m2-deployment.json b/src/schema/aws-m2-deployment.json new file mode 100644 index 00000000..345e50f0 --- /dev/null +++ b/src/schema/aws-m2-deployment.json @@ -0,0 +1,131 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/EnvironmentId", + "/properties/ApplicationId" + ], + "description": "Represents a deployment resource of an AWS Mainframe Modernization (M2) application to a specified environment", + "handlers": { + "create": { + "permissions": [ + "m2:CreateDeployment", + "m2:ListDeployments", + "m2:GetDeployment", + "iam:PassRole", + "ec2:DescribeNetworkInterfaces", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RegisterTargets", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:CreateLogGroup", + "logs:PutResourcePolicy" + ], + "timeoutInMinutes": 60 + }, + "delete": { + "permissions": [ + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DeleteLoadBalancer", + "logs:DeleteLogDelivery", + "m2:ListDeployments", + "m2:GetDeployment", + "m2:DeleteApplicationFromEnvironment" + ], + "timeoutInMinutes": 60 + }, + "list": { + "handlerSchema": { + "properties": { + "ApplicationId": { + "$ref": "resource-schema.json#/properties/ApplicationId" + } + }, + "required": [ + "ApplicationId" + ] + }, + "permissions": [ + "m2:ListDeployments" + ] + }, + "read": { + "permissions": [ + "m2:ListDeployments", + "m2:GetDeployment" + ] + }, + "update": { + "permissions": [ + "m2:CreateDeployment", + "m2:ListDeployments", + "m2:GetDeployment", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RegisterTargets", + "ec2:DescribeNetworkInterfaces" + ], + "timeoutInMinutes": 60 + } + }, + "primaryIdentifier": [ + "/properties/ApplicationId" + ], + "properties": { + "ApplicationId": { + "description": "The application ID.", + "pattern": "^\\S{1,80}$", + "type": "string" + }, + "ApplicationVersion": { + "description": "The version number of the application to deploy", + "type": "integer" + }, + "DeploymentId": { + "description": "The deployment ID.", + "pattern": "^\\S{1,80}$", + "type": "string" + }, + "EnvironmentId": { + "description": "The environment ID.", + "pattern": "^\\S{1,80}$", + "type": "string" + }, + "Status": { + "description": "The status of the deployment.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/DeploymentId", + "/properties/Status" + ], + "required": [ + "EnvironmentId", + "ApplicationId", + "ApplicationVersion" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-m2.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::M2::Deployment" +} diff --git a/src/schema/aws-m2-environment.json b/src/schema/aws-m2-environment.json index a017eadc..bc03f0d0 100644 --- a/src/schema/aws-m2-environment.json +++ b/src/schema/aws-m2-environment.json @@ -5,6 +5,7 @@ "/properties/EngineType", "/properties/KmsKeyId", "/properties/Name", + "/properties/NetworkType", "/properties/PubliclyAccessible", "/properties/SecurityGroupIds", "/properties/StorageConfigurations", @@ -76,6 +77,13 @@ ], "type": "object" }, + "NetworkType": { + "enum": [ + "ipv4", + "dual" + ], + "type": "string" + }, "StorageConfiguration": { "description": "Defines the storage configuration for an environment.", "oneOf": [ @@ -143,14 +151,16 @@ "m2:GetEnvironment", "m2:ListTagsForResource", "m2:TagResource" - ] + ], + "timeoutInMinutes": 120 }, "delete": { "permissions": [ "elasticloadbalancing:DeleteLoadBalancer", "m2:DeleteEnvironment", "m2:GetEnvironment" - ] + ], + "timeoutInMinutes": 120 }, "list": { "permissions": [ @@ -171,7 +181,8 @@ "m2:GetEnvironment", "m2:UpdateEnvironment", "kms:DescribeKey" - ] + ], + "timeoutInMinutes": 120 } }, "primaryIdentifier": [ @@ -220,6 +231,9 @@ "pattern": "^[A-Za-z0-9][A-Za-z0-9_\\-]{1,59}$", "type": "string" }, + "NetworkType": { + "$ref": "#/definitions/NetworkType" + }, "PreferredMaintenanceWindow": { "description": "Configures a desired maintenance window for the environment. If you do not provide a value, a random system-generated value will be assigned.", "pattern": "^\\S{1,50}$", @@ -271,7 +285,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "m2:TagResource", + "m2:UntagResource", + "m2:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-macie-allowlist.json b/src/schema/aws-macie-allowlist.json index 8428cf98..ab423bd9 100644 --- a/src/schema/aws-macie-allowlist.json +++ b/src/schema/aws-macie-allowlist.json @@ -171,6 +171,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-macie.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "macie2:TagResource", + "macie2:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-macie-customdataidentifier.json b/src/schema/aws-macie-customdataidentifier.json index 6ab5a422..c7ccadaa 100644 --- a/src/schema/aws-macie-customdataidentifier.json +++ b/src/schema/aws-macie-customdataidentifier.json @@ -61,7 +61,8 @@ "update": { "permissions": [ "macie2:TagResource", - "macie2:UntagResource" + "macie2:UntagResource", + "macie2:GetCustomDataIdentifier" ] } }, @@ -127,6 +128,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-macie.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "macie2:TagResource", + "macie2:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-macie-findingsfilter.json b/src/schema/aws-macie-findingsfilter.json index e0647afe..cf2892ad 100644 --- a/src/schema/aws-macie-findingsfilter.json +++ b/src/schema/aws-macie-findingsfilter.json @@ -186,6 +186,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-macie.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "macie2:TagResource", + "macie2:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-macie-session.json b/src/schema/aws-macie-session.json index 1865affd..88e53872 100644 --- a/src/schema/aws-macie-session.json +++ b/src/schema/aws-macie-session.json @@ -5,7 +5,8 @@ "create": { "permissions": [ "macie2:GetMacieSession", - "macie2:EnableMacie" + "macie2:EnableMacie", + "macie2:ListAutomatedDiscoveryAccounts" ] }, "delete": { @@ -15,18 +16,21 @@ }, "list": { "permissions": [ - "macie2:GetMacieSession" + "macie2:GetMacieSession", + "macie2:ListAutomatedDiscoveryAccounts" ] }, "read": { "permissions": [ - "macie2:GetMacieSession" + "macie2:GetMacieSession", + "macie2:ListAutomatedDiscoveryAccounts" ] }, "update": { "permissions": [ "macie2:GetMacieSession", - "macie2:UpdateMacieSession" + "macie2:UpdateMacieSession", + "macie2:ListAutomatedDiscoveryAccounts" ] } }, @@ -34,6 +38,14 @@ "/properties/AwsAccountId" ], "properties": { + "AutomatedDiscoveryStatus": { + "description": "The status of automated sensitive data discovery for the Macie session.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "AwsAccountId": { "description": "AWS account ID of customer", "type": "string" @@ -64,7 +76,8 @@ }, "readOnlyProperties": [ "/properties/AwsAccountId", - "/properties/ServiceRole" + "/properties/ServiceRole", + "/properties/AutomatedDiscoveryStatus" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-macie.git", "tagging": { diff --git a/src/schema/aws-mediaconnect-bridge.json b/src/schema/aws-mediaconnect-bridge.json index 1ad0d273..5964eec1 100644 --- a/src/schema/aws-mediaconnect-bridge.json +++ b/src/schema/aws-mediaconnect-bridge.json @@ -71,6 +71,10 @@ "description": "The network source multicast IP.", "type": "string" }, + "MulticastSourceSettings": { + "$ref": "#/definitions/MulticastSourceSettings", + "description": "The settings related to the multicast source." + }, "Name": { "description": "The name of the network source.", "type": "string" @@ -201,6 +205,17 @@ ], "type": "object" }, + "MulticastSourceSettings": { + "additionalProperties": false, + "description": "The settings related to the multicast source.", + "properties": { + "MulticastSourceIp": { + "description": "The IP address of the source for source-specific multicast (SSM).", + "type": "string" + } + }, + "type": "object" + }, "ProtocolEnum": { "enum": [ "rtp-fec", @@ -237,13 +252,17 @@ "create": { "permissions": [ "mediaconnect:CreateBridge", - "mediaconnect:DescribeBridge" + "mediaconnect:DescribeBridge", + "mediaconnect:AddBridgeOutputs", + "mediaconnect:AddBridgeSources" ] }, "delete": { "permissions": [ "mediaconnect:DescribeBridge", - "mediaconnect:DeleteBridge" + "mediaconnect:DeleteBridge", + "mediaconnect:RemoveBridgeOutput", + "mediaconnect:RemoveBridgeSource" ] }, "list": { diff --git a/src/schema/aws-mediaconnect-bridgesource.json b/src/schema/aws-mediaconnect-bridgesource.json index 041f8c86..4cee14fd 100644 --- a/src/schema/aws-mediaconnect-bridgesource.json +++ b/src/schema/aws-mediaconnect-bridgesource.json @@ -31,6 +31,10 @@ "description": "The network source multicast IP.", "type": "string" }, + "MulticastSourceSettings": { + "$ref": "#/definitions/MulticastSourceSettings", + "description": "The settings related to the multicast source." + }, "NetworkName": { "description": "The network source's gateway network name.", "type": "string" @@ -52,6 +56,17 @@ ], "type": "object" }, + "MulticastSourceSettings": { + "additionalProperties": false, + "description": "The settings related to the multicast source.", + "properties": { + "MulticastSourceIp": { + "description": "The IP address of the source for source-specific multicast (SSM).", + "type": "string" + } + }, + "type": "object" + }, "ProtocolEnum": { "enum": [ "rtp-fec", diff --git a/src/schema/aws-mediaconnect-flow.json b/src/schema/aws-mediaconnect-flow.json index 175484d4..b202c822 100644 --- a/src/schema/aws-mediaconnect-flow.json +++ b/src/schema/aws-mediaconnect-flow.json @@ -6,6 +6,35 @@ "/properties/Source/Name" ], "definitions": { + "AudioMonitoringSetting": { + "additionalProperties": false, + "description": "Specifies the configuration for audio stream metrics monitoring.", + "properties": { + "SilentAudio": { + "$ref": "#/definitions/SilentAudio" + } + }, + "type": "object" + }, + "BlackFrames": { + "additionalProperties": false, + "description": "Configures settings for the BlackFrames metric.", + "properties": { + "State": { + "description": "Indicates whether the BlackFrames metric is enabled or disabled.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "ThresholdSeconds": { + "description": "Specifies the number of consecutive seconds of black frames that triggers an event or alert.", + "type": "integer" + } + }, + "type": "object" + }, "Encryption": { "additionalProperties": false, "description": "Information about the encryption of the flow.", @@ -168,6 +197,25 @@ }, "type": "object" }, + "FrozenFrames": { + "additionalProperties": false, + "description": "Configures settings for the FrozenFrames metric.", + "properties": { + "State": { + "description": "Indicates whether the FrozenFrames metric is enabled or disabled.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "ThresholdSeconds": { + "description": "Specifies the number of consecutive seconds of a static image that triggers an event or alert.", + "type": "integer" + } + }, + "type": "object" + }, "GatewayBridgeSource": { "additionalProperties": false, "description": "The source configuration for cloud flows receiving a stream from a bridge.", @@ -350,6 +398,75 @@ ], "type": "object" }, + "NdiConfig": { + "additionalProperties": false, + "description": "Specifies the configuration settings for NDI outputs. Required when the flow includes NDI outputs.", + "properties": { + "MachineName": { + "description": "A prefix for the names of the NDI sources that the flow creates. If a custom name isn't specified, MediaConnect generates a unique 12-character ID as the prefix.", + "type": "string" + }, + "NdiDiscoveryServers": { + "description": "A list of up to three NDI discovery server configurations. While not required by the API, this configuration is necessary for NDI functionality to work properly.", + "items": { + "$ref": "#/definitions/NdiDiscoveryServerConfig" + }, + "type": "array" + }, + "NdiState": { + "description": "A setting that controls whether NDI outputs can be used in the flow. Must be ENABLED to add NDI outputs. Default is DISABLED.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + } + }, + "type": "object" + }, + "NdiDiscoveryServerConfig": { + "additionalProperties": false, + "description": "Specifies the configuration settings for individual NDI discovery servers. A maximum of 3 servers is allowed.", + "properties": { + "DiscoveryServerAddress": { + "description": "The unique network address of the NDI discovery server.", + "type": "string" + }, + "DiscoveryServerPort": { + "description": "The port for the NDI discovery server. Defaults to 5959 if a custom port isn't specified.", + "format": "int32", + "type": "integer" + }, + "VpcInterfaceAdapter": { + "description": "The identifier for the Virtual Private Cloud (VPC) network interface used by the flow.", + "type": "string" + } + }, + "required": [ + "DiscoveryServerAddress", + "VpcInterfaceAdapter" + ], + "type": "object" + }, + "SilentAudio": { + "additionalProperties": false, + "description": "Configures settings for the SilentAudio metric.", + "properties": { + "State": { + "description": "Indicates whether the SilentAudio metric is enabled or disabled.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "ThresholdSeconds": { + "description": "Specifies the number of consecutive seconds of silence that triggers an event or alert.", + "type": "integer" + } + }, + "type": "object" + }, "Source": { "additionalProperties": false, "description": "The settings for the source of the flow.", @@ -459,6 +576,56 @@ }, "type": "object" }, + "SourceMonitoringConfig": { + "additionalProperties": false, + "description": "The settings for source monitoring.", + "properties": { + "AudioMonitoringSettings": { + "description": "Contains the settings for audio stream metrics monitoring.", + "items": { + "$ref": "#/definitions/AudioMonitoringSetting" + }, + "type": "array" + }, + "ContentQualityAnalysisState": { + "description": "Indicates whether content quality analysis is enabled or disabled.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "ThumbnailState": { + "description": "The state of thumbnail monitoring.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "VideoMonitoringSettings": { + "description": "Contains the settings for video stream metrics monitoring.", + "items": { + "$ref": "#/definitions/VideoMonitoringSetting" + }, + "type": "array" + } + }, + "type": "object" + }, + "VideoMonitoringSetting": { + "additionalProperties": false, + "description": "Specifies the configuration for video stream metrics monitoring.", + "properties": { + "BlackFrames": { + "$ref": "#/definitions/BlackFrames" + }, + "FrozenFrames": { + "$ref": "#/definitions/FrozenFrames" + } + }, + "type": "object" + }, "VpcInterface": { "additionalProperties": false, "description": "The details of a VPC interface.", @@ -523,13 +690,21 @@ "create": { "permissions": [ "mediaconnect:CreateFlow", + "mediaconnect:AddFlowMediaStreams", + "mediaconnect:AddFlowSources", + "mediaconnect:AddFlowVpcInterfaces", "iam:PassRole" ] }, "delete": { "permissions": [ "mediaconnect:DescribeFlow", - "mediaconnect:DeleteFlow" + "mediaconnect:DeleteFlow", + "mediaconnect:RemoveFlowMediaStream", + "mediaconnect:RemoveFlowOutput", + "mediaconnect:RemoveFlowSource", + "mediaconnect:RemoveFlowVpcInterface", + "mediaconnect:RevokeFlowEntitlement" ] }, "list": { @@ -575,9 +750,21 @@ "description": "The Availability Zone that you want to create the flow in. These options are limited to the Availability Zones within the current AWS.(ReadOnly)", "type": "string" }, + "FlowNdiMachineName": { + "description": "A prefix for the names of the NDI sources that the flow creates.(ReadOnly)", + "type": "string" + }, + "FlowSize": { + "description": "Determines the processing capacity and feature set of the flow. Set this optional parameter to LARGE if you want to enable NDI outputs on the flow.", + "enum": [ + "MEDIUM", + "LARGE" + ], + "type": "string" + }, "Maintenance": { "$ref": "#/definitions/Maintenance", - "description": "The maintenance settings you want to use for the flow. " + "description": "The maintenance settings you want to use for the flow." }, "MediaStreams": { "description": "The media streams associated with the flow. You can associate any of these media streams with sources and outputs on the flow.", @@ -590,6 +777,10 @@ "description": "The name of the flow.", "type": "string" }, + "NdiConfig": { + "$ref": "#/definitions/NdiConfig", + "description": "Specifies the configuration settings for NDI outputs. Required when the flow includes NDI outputs." + }, "Source": { "$ref": "#/definitions/Source", "description": "The source of the flow." @@ -598,6 +789,10 @@ "$ref": "#/definitions/FailoverConfig", "description": "The source failover config of the flow." }, + "SourceMonitoringConfig": { + "$ref": "#/definitions/SourceMonitoringConfig", + "description": "The source monitoring config of the flow." + }, "VpcInterfaces": { "description": "The VPC interfaces that you added to this flow.", "items": { @@ -614,7 +809,8 @@ "/properties/Source/SourceIngestPort", "/properties/VpcInterfaces/*/NetworkInterfaceIds", "/properties/MediaStreams/*/Fmt", - "/properties/EgressIp" + "/properties/EgressIp", + "/properties/FlowNdiMachineName" ], "required": [ "Name", diff --git a/src/schema/aws-mediaconnect-flowentitlement.json b/src/schema/aws-mediaconnect-flowentitlement.json index 601667bf..ce4c6e70 100644 --- a/src/schema/aws-mediaconnect-flowentitlement.json +++ b/src/schema/aws-mediaconnect-flowentitlement.json @@ -79,7 +79,8 @@ }, "list": { "permissions": [ - "mediaconnect:DescribeFlow" + "mediaconnect:DescribeFlow", + "mediaconnect:ListFlows" ] }, "read": { diff --git a/src/schema/aws-mediaconnect-flowoutput.json b/src/schema/aws-mediaconnect-flowoutput.json index c8506290..95cbccc1 100644 --- a/src/schema/aws-mediaconnect-flowoutput.json +++ b/src/schema/aws-mediaconnect-flowoutput.json @@ -165,7 +165,8 @@ }, "list": { "permissions": [ - "mediaconnect:DescribeFlow" + "mediaconnect:DescribeFlow", + "mediaconnect:ListFlows" ] }, "read": { @@ -226,6 +227,14 @@ "description": "The name of the output. This value must be unique within the current flow.", "type": "string" }, + "NdiProgramName": { + "description": "A suffix for the names of the NDI sources that the flow creates. If a custom name isn't specified, MediaConnect uses the output name.", + "type": "string" + }, + "NdiSpeedHqQuality": { + "description": "A quality setting for the NDI Speed HQ encoder.", + "type": "integer" + }, "OutputArn": { "description": "The ARN of the output.", "type": "string" @@ -254,7 +263,8 @@ "srt-listener", "srt-caller", "st2110-jpegxs", - "cdi" + "cdi", + "ndi-speed-hq" ], "type": "string" }, diff --git a/src/schema/aws-mediaconnect-flowsource.json b/src/schema/aws-mediaconnect-flowsource.json index bad2d09d..d1fe2111 100644 --- a/src/schema/aws-mediaconnect-flowsource.json +++ b/src/schema/aws-mediaconnect-flowsource.json @@ -109,7 +109,8 @@ }, "list": { "permissions": [ - "mediaconnect:DescribeFlow" + "mediaconnect:DescribeFlow", + "mediaconnect:ListFlows" ] }, "read": { diff --git a/src/schema/aws-mediaconvert-queue.json b/src/schema/aws-mediaconvert-queue.json index 41f979dd..007b4134 100644 --- a/src/schema/aws-mediaconvert-queue.json +++ b/src/schema/aws-mediaconvert-queue.json @@ -11,6 +11,9 @@ "Arn": { "type": "string" }, + "ConcurrentJobs": { + "type": "integer" + }, "Description": { "type": "string" }, diff --git a/src/schema/aws-medialive-channel.json b/src/schema/aws-medialive-channel.json index 1f31bd63..d2300c39 100644 --- a/src/schema/aws-medialive-channel.json +++ b/src/schema/aws-medialive-channel.json @@ -1,7 +1,8 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Vpc" + "/properties/Vpc", + "/properties/AnywhereSettings" ], "definitions": { "AacSettings": { @@ -76,6 +77,18 @@ }, "type": "object" }, + "AnywhereSettings": { + "additionalProperties": false, + "properties": { + "ChannelPlacementGroupId": { + "type": "string" + }, + "ClusterId": { + "type": "string" + } + }, + "type": "object" + }, "ArchiveCdnSettings": { "additionalProperties": false, "properties": { @@ -409,6 +422,81 @@ }, "type": "object" }, + "Av1ColorSpaceSettings": { + "additionalProperties": false, + "properties": { + "ColorSpacePassthroughSettings": { + "$ref": "#/definitions/ColorSpacePassthroughSettings" + }, + "Hdr10Settings": { + "$ref": "#/definitions/Hdr10Settings" + }, + "Rec601Settings": { + "$ref": "#/definitions/Rec601Settings" + }, + "Rec709Settings": { + "$ref": "#/definitions/Rec709Settings" + } + }, + "type": "object" + }, + "Av1Settings": { + "additionalProperties": false, + "properties": { + "AfdSignaling": { + "type": "string" + }, + "BufSize": { + "type": "integer" + }, + "ColorSpaceSettings": { + "$ref": "#/definitions/Av1ColorSpaceSettings" + }, + "FixedAfd": { + "type": "string" + }, + "FramerateDenominator": { + "type": "integer" + }, + "FramerateNumerator": { + "type": "integer" + }, + "GopSize": { + "type": "number" + }, + "GopSizeUnits": { + "type": "string" + }, + "Level": { + "type": "string" + }, + "LookAheadRateControl": { + "type": "string" + }, + "MaxBitrate": { + "type": "integer" + }, + "MinIInterval": { + "type": "integer" + }, + "ParDenominator": { + "type": "integer" + }, + "ParNumerator": { + "type": "integer" + }, + "QvbrQualityLevel": { + "type": "integer" + }, + "SceneChangeDetect": { + "type": "string" + }, + "TimecodeBurninSettings": { + "$ref": "#/definitions/TimecodeBurninSettings" + } + }, + "type": "object" + }, "AvailBlanking": { "additionalProperties": false, "properties": { @@ -448,6 +536,18 @@ }, "type": "object" }, + "BandwidthReductionFilterSettings": { + "additionalProperties": false, + "properties": { + "PostFilterSharpening": { + "type": "string" + }, + "Strength": { + "type": "string" + } + }, + "type": "object" + }, "BlackoutSlate": { "additionalProperties": false, "properties": { @@ -689,15 +789,42 @@ }, "type": "object" }, + "ChannelEngineVersionRequest": { + "additionalProperties": false, + "properties": { + "Version": { + "type": "string" + } + }, + "type": "object" + }, "CmafIngestGroupSettings": { "additionalProperties": false, "properties": { "Destination": { "$ref": "#/definitions/OutputLocationRef" }, + "Id3Behavior": { + "type": "string" + }, + "Id3NameModifier": { + "type": "string" + }, + "KlvBehavior": { + "type": "string" + }, + "KlvNameModifier": { + "type": "string" + }, "NielsenId3Behavior": { "type": "string" }, + "NielsenId3NameModifier": { + "type": "string" + }, + "Scte35NameModifier": { + "type": "string" + }, "Scte35Type": { "type": "string" }, @@ -1275,6 +1402,9 @@ "H264FilterSettings": { "additionalProperties": false, "properties": { + "BandwidthReductionFilterSettings": { + "$ref": "#/definitions/BandwidthReductionFilterSettings" + }, "TemporalFilterSettings": { "$ref": "#/definitions/TemporalFilterSettings" } @@ -1356,6 +1486,9 @@ "MinIInterval": { "type": "integer" }, + "MinQp": { + "type": "integer" + }, "NumRefFrames": { "type": "integer" }, @@ -1437,6 +1570,9 @@ "H265FilterSettings": { "additionalProperties": false, "properties": { + "BandwidthReductionFilterSettings": { + "$ref": "#/definitions/BandwidthReductionFilterSettings" + }, "TemporalFilterSettings": { "$ref": "#/definitions/TemporalFilterSettings" } @@ -1467,6 +1603,9 @@ "ColorSpaceSettings": { "$ref": "#/definitions/H265ColorSpaceSettings" }, + "Deblocking": { + "type": "string" + }, "FilterSettings": { "$ref": "#/definitions/H265FilterSettings" }, @@ -1503,6 +1642,9 @@ "MinIInterval": { "type": "integer" }, + "MinQp": { + "type": "integer" + }, "MvOverPictureBoundaries": { "type": "string" }, @@ -1904,6 +2046,13 @@ }, "InputSettings": { "$ref": "#/definitions/InputSettings" + }, + "LogicalInterfaceNames": { + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": false } }, "type": "object" @@ -2273,8 +2422,14 @@ "MediaPackageOutputDestinationSettings": { "additionalProperties": false, "properties": { + "ChannelGroup": { + "type": "string" + }, "ChannelId": { "type": "string" + }, + "ChannelName": { + "type": "string" } }, "type": "object" @@ -2460,13 +2615,82 @@ }, "type": "object" }, + "MulticastInputSettings": { + "additionalProperties": false, + "properties": { + "SourceIpAddress": { + "type": "string" + } + }, + "type": "object" + }, + "MultiplexContainerSettings": { + "additionalProperties": false, + "properties": { + "MultiplexM2tsSettings": { + "$ref": "#/definitions/MultiplexM2tsSettings" + } + }, + "type": "object" + }, "MultiplexGroupSettings": { "additionalProperties": false, "type": "object" }, + "MultiplexM2tsSettings": { + "additionalProperties": false, + "properties": { + "AbsentInputAudioBehavior": { + "type": "string" + }, + "Arib": { + "type": "string" + }, + "AudioBufferModel": { + "type": "string" + }, + "AudioFramesPerPes": { + "type": "integer" + }, + "AudioStreamType": { + "type": "string" + }, + "CcDescriptor": { + "type": "string" + }, + "Ebif": { + "type": "string" + }, + "EsRateInPes": { + "type": "string" + }, + "Klv": { + "type": "string" + }, + "NielsenId3Behavior": { + "type": "string" + }, + "PcrControl": { + "type": "string" + }, + "PcrPeriod": { + "type": "integer" + }, + "Scte35Control": { + "type": "string" + }, + "Scte35PrerollPullupMilliseconds": { + "type": "number" + } + }, + "type": "object" + }, "MultiplexOutputSettings": { "additionalProperties": false, "properties": { + "ContainerSettings": { + "$ref": "#/definitions/MultiplexContainerSettings" + }, "Destination": { "$ref": "#/definitions/OutputLocationRef" } @@ -2491,6 +2715,9 @@ "HlsInputSettings": { "$ref": "#/definitions/HlsInputSettings" }, + "MulticastInputSettings": { + "$ref": "#/definitions/MulticastInputSettings" + }, "ServerValidation": { "type": "string" } @@ -2605,6 +2832,13 @@ }, "type": "array", "uniqueItems": false + }, + "SrtSettings": { + "items": { + "$ref": "#/definitions/SrtOutputDestinationSettings" + }, + "type": "array", + "uniqueItems": false } }, "type": "object" @@ -2673,6 +2907,9 @@ "RtmpGroupSettings": { "$ref": "#/definitions/RtmpGroupSettings" }, + "SrtGroupSettings": { + "$ref": "#/definitions/SrtGroupSettings" + }, "UdpGroupSettings": { "$ref": "#/definitions/UdpGroupSettings" } @@ -2727,6 +2964,9 @@ "RtmpOutputSettings": { "$ref": "#/definitions/RtmpOutputSettings" }, + "SrtOutputSettings": { + "$ref": "#/definitions/SrtOutputSettings" + }, "UdpOutputSettings": { "$ref": "#/definitions/UdpOutputSettings" } @@ -2894,6 +3134,51 @@ "additionalProperties": false, "type": "object" }, + "SrtGroupSettings": { + "additionalProperties": false, + "properties": { + "InputLossAction": { + "type": "string" + } + }, + "type": "object" + }, + "SrtOutputDestinationSettings": { + "additionalProperties": false, + "properties": { + "EncryptionPassphraseSecretArn": { + "type": "string" + }, + "StreamId": { + "type": "string" + }, + "Url": { + "type": "string" + } + }, + "type": "object" + }, + "SrtOutputSettings": { + "additionalProperties": false, + "properties": { + "BufferMsec": { + "type": "integer" + }, + "ContainerSettings": { + "$ref": "#/definitions/UdpContainerSettings" + }, + "Destination": { + "$ref": "#/definitions/OutputLocationRef" + }, + "EncryptionType": { + "type": "string" + }, + "Latency": { + "type": "integer" + } + }, + "type": "object" + }, "StandardHlsSettings": { "additionalProperties": false, "properties": { @@ -3048,6 +3333,9 @@ "VideoCodecSettings": { "additionalProperties": false, "properties": { + "Av1Settings": { + "$ref": "#/definitions/Av1Settings" + }, "FrameCaptureSettings": { "$ref": "#/definitions/FrameCaptureSettings" }, @@ -3204,6 +3492,9 @@ "/properties/Id" ], "properties": { + "AnywhereSettings": { + "$ref": "#/definitions/AnywhereSettings" + }, "Arn": { "type": "string" }, @@ -3213,6 +3504,9 @@ "ChannelClass": { "type": "string" }, + "ChannelEngineVersion": { + "$ref": "#/definitions/ChannelEngineVersionRequest" + }, "Destinations": { "items": { "$ref": "#/definitions/OutputDestination" @@ -3220,6 +3514,9 @@ "type": "array", "uniqueItems": false }, + "DryRun": { + "type": "boolean" + }, "EncoderSettings": { "$ref": "#/definitions/EncoderSettings" }, diff --git a/src/schema/aws-medialive-channelplacementgroup.json b/src/schema/aws-medialive-channelplacementgroup.json new file mode 100644 index 00000000..61cdc231 --- /dev/null +++ b/src/schema/aws-medialive-channelplacementgroup.json @@ -0,0 +1,148 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ClusterId" + ], + "definitions": { + "ChannelPlacementGroupState": { + "description": "The current state of the ChannelPlacementGroupState", + "enum": [ + "UNASSIGNED", + "ASSIGNING", + "ASSIGNED", + "DELETING", + "DELETED", + "UNASSIGNING" + ], + "type": "string" + }, + "Tags": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::ChannelPlacementGroup Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateChannelPlacementGroup", + "medialive:DescribeChannelPlacementGroup", + "medialive:CreateTags", + "medialive:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteChannelPlacementGroup", + "medialive:DescribeChannelPlacementGroup" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ClusterId": { + "$ref": "resource-schema.json#/properties/ClusterId" + } + }, + "required": [ + "ClusterId" + ] + }, + "permissions": [ + "medialive:ListChannelPlacementGroups" + ] + }, + "read": { + "permissions": [ + "medialive:DescribeChannelPlacementGroup", + "medialive:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateChannelPlacementGroup", + "medialive:DescribeChannelPlacementGroup", + "medialive:CreateTags", + "medialive:DeleteTags", + "medialive:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id", + "/properties/ClusterId" + ], + "properties": { + "Arn": { + "description": "The ARN of the channel placement group.", + "type": "string" + }, + "Channels": { + "description": "List of channel IDs added to the channel placement group.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "ClusterId": { + "description": "The ID of the cluster the node is on.", + "type": "string" + }, + "Id": { + "description": "Unique internal identifier.", + "type": "string" + }, + "Name": { + "description": "The name of the channel placement group.", + "type": "string" + }, + "Nodes": { + "description": "List of nodes added to the channel placement group", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "State": { + "$ref": "#/definitions/ChannelPlacementGroupState" + }, + "Tags": { + "description": "A collection of key-value pairs.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tags" + }, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Channels", + "/properties/Id", + "/properties/State" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-medialive.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::ChannelPlacementGroup" +} diff --git a/src/schema/aws-medialive-cloudwatchalarmtemplate.json b/src/schema/aws-medialive-cloudwatchalarmtemplate.json new file mode 100644 index 00000000..794be787 --- /dev/null +++ b/src/schema/aws-medialive-cloudwatchalarmtemplate.json @@ -0,0 +1,229 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Tags" + ], + "definitions": { + "CloudWatchAlarmTemplateComparisonOperator": { + "description": "The comparison operator used to compare the specified statistic and the threshold.", + "enum": [ + "GreaterThanOrEqualToThreshold", + "GreaterThanThreshold", + "LessThanThreshold", + "LessThanOrEqualToThreshold" + ], + "type": "string" + }, + "CloudWatchAlarmTemplateStatistic": { + "description": "The statistic to apply to the alarm's metric data.", + "enum": [ + "SampleCount", + "Average", + "Sum", + "Minimum", + "Maximum" + ], + "type": "string" + }, + "CloudWatchAlarmTemplateTargetResourceType": { + "description": "The resource type this template should dynamically generate cloudwatch metric alarms for.", + "enum": [ + "CLOUDFRONT_DISTRIBUTION", + "MEDIALIVE_MULTIPLEX", + "MEDIALIVE_CHANNEL", + "MEDIALIVE_INPUT_DEVICE", + "MEDIAPACKAGE_CHANNEL", + "MEDIAPACKAGE_ORIGIN_ENDPOINT", + "MEDIACONNECT_FLOW", + "MEDIATAILOR_PLAYBACK_CONFIGURATION", + "S3_BUCKET" + ], + "type": "string" + }, + "CloudWatchAlarmTemplateTreatMissingData": { + "description": "Specifies how missing data points are treated when evaluating the alarm's condition.", + "enum": [ + "notBreaching", + "breaching", + "ignore", + "missing" + ], + "type": "string" + }, + "TagMap": { + "additionalProperties": false, + "description": "Represents the tags associated with a resource.", + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::CloudWatchAlarmTemplate Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateCloudWatchAlarmTemplate", + "medialive:GetCloudWatchAlarmTemplate", + "medialive:CreateTags" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteCloudWatchAlarmTemplate" + ] + }, + "list": { + "permissions": [ + "medialive:ListCloudWatchAlarmTemplates" + ] + }, + "read": { + "permissions": [ + "medialive:GetCloudWatchAlarmTemplate" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateCloudWatchAlarmTemplate", + "medialive:GetCloudWatchAlarmTemplate", + "medialive:CreateTags", + "medialive:DeleteTags" + ] + } + }, + "primaryIdentifier": [ + "/properties/Identifier" + ], + "properties": { + "Arn": { + "description": "A cloudwatch alarm template's ARN (Amazon Resource Name)", + "pattern": "^arn:.+:medialive:.+:cloudwatch-alarm-template:.+$", + "type": "string" + }, + "ComparisonOperator": { + "$ref": "#/definitions/CloudWatchAlarmTemplateComparisonOperator" + }, + "CreatedAt": { + "format": "date-time", + "type": "string" + }, + "DatapointsToAlarm": { + "default": 0, + "description": "The number of datapoints within the evaluation period that must be breaching to trigger the alarm.", + "minimum": 1, + "type": "number" + }, + "Description": { + "description": "A resource's optional description.", + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "EvaluationPeriods": { + "default": 0, + "description": "The number of periods over which data is compared to the specified threshold.", + "minimum": 1, + "type": "number" + }, + "GroupId": { + "description": "A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-`", + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "GroupIdentifier": { + "description": "A cloudwatch alarm template group's identifier. Can be either be its id or current name.", + "pattern": "^[^\\s]+$", + "type": "string" + }, + "Id": { + "description": "A cloudwatch alarm template's id. AWS provided templates have ids that start with `aws-`", + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "Identifier": { + "type": "string" + }, + "MetricName": { + "description": "The name of the metric associated with the alarm. Must be compatible with targetResourceType.", + "maxLength": 64, + "minLength": 0, + "type": "string" + }, + "ModifiedAt": { + "format": "date-time", + "type": "string" + }, + "Name": { + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[^\\s]+$", + "type": "string" + }, + "Period": { + "default": 0, + "description": "The period, in seconds, over which the specified statistic is applied.", + "maximum": 86400, + "minimum": 10, + "type": "number" + }, + "Statistic": { + "$ref": "#/definitions/CloudWatchAlarmTemplateStatistic" + }, + "Tags": { + "$ref": "#/definitions/TagMap" + }, + "TargetResourceType": { + "$ref": "#/definitions/CloudWatchAlarmTemplateTargetResourceType" + }, + "Threshold": { + "default": 0, + "description": "The threshold value to compare with the specified statistic.", + "type": "number" + }, + "TreatMissingData": { + "$ref": "#/definitions/CloudWatchAlarmTemplateTreatMissingData" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/CreatedAt", + "/properties/Id", + "/properties/GroupId", + "/properties/Identifier", + "/properties/ModifiedAt" + ], + "required": [ + "ComparisonOperator", + "EvaluationPeriods", + "MetricName", + "Name", + "Period", + "Statistic", + "TargetResourceType", + "Threshold", + "TreatMissingData" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::CloudWatchAlarmTemplate", + "writeOnlyProperties": [ + "/properties/GroupIdentifier" + ] +} diff --git a/src/schema/aws-medialive-cloudwatchalarmtemplategroup.json b/src/schema/aws-medialive-cloudwatchalarmtemplategroup.json new file mode 100644 index 00000000..3e2991e9 --- /dev/null +++ b/src/schema/aws-medialive-cloudwatchalarmtemplategroup.json @@ -0,0 +1,118 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/Tags" + ], + "definitions": { + "TagMap": { + "additionalProperties": false, + "description": "Represents the tags associated with a resource.", + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::CloudWatchAlarmTemplateGroup Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateCloudWatchAlarmTemplateGroup", + "medialive:GetCloudWatchAlarmTemplateGroup", + "medialive:CreateTags" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteCloudWatchAlarmTemplateGroup" + ] + }, + "list": { + "permissions": [ + "medialive:ListCloudWatchAlarmTemplateGroups" + ] + }, + "read": { + "permissions": [ + "medialive:GetCloudWatchAlarmTemplateGroup" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateCloudWatchAlarmTemplateGroup", + "medialive:GetCloudWatchAlarmTemplateGroup", + "medialive:CreateTags", + "medialive:DeleteTags" + ] + } + }, + "primaryIdentifier": [ + "/properties/Identifier" + ], + "properties": { + "Arn": { + "description": "A cloudwatch alarm template group's ARN (Amazon Resource Name)", + "pattern": "^arn:.+:medialive:.+:cloudwatch-alarm-template-group:.+$", + "type": "string" + }, + "CreatedAt": { + "format": "date-time", + "type": "string" + }, + "Description": { + "description": "A resource's optional description.", + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "Id": { + "description": "A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-`", + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "Identifier": { + "type": "string" + }, + "ModifiedAt": { + "format": "date-time", + "type": "string" + }, + "Name": { + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[^\\s]+$", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/TagMap" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/CreatedAt", + "/properties/Id", + "/properties/Identifier", + "/properties/ModifiedAt" + ], + "required": [ + "Name" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::CloudWatchAlarmTemplateGroup" +} diff --git a/src/schema/aws-medialive-cluster.json b/src/schema/aws-medialive-cluster.json new file mode 100644 index 00000000..403abad8 --- /dev/null +++ b/src/schema/aws-medialive-cluster.json @@ -0,0 +1,202 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ClusterType", + "/properties/InstanceRoleArn" + ], + "definitions": { + "ClusterNetworkSettings": { + "additionalProperties": false, + "description": "On premises settings which will have the interface network mappings and default Output logical interface", + "properties": { + "DefaultRoute": { + "description": "Default value if the customer does not define it in channel Output API", + "type": "string" + }, + "InterfaceMappings": { + "description": "Network mappings for the cluster", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/InterfaceMapping" + }, + "type": "array" + } + }, + "type": "object" + }, + "ClusterState": { + "description": "The current state of the Cluster.", + "enum": [ + "CREATING", + "CREATE_FAILED", + "ACTIVE", + "DELETING", + "DELETED" + ], + "type": "string" + }, + "ClusterType": { + "description": "The hardware type for the cluster.", + "enum": [ + "ON_PREMISES", + "OUTPOSTS_RACK", + "OUTPOSTS_SERVER", + "EC2" + ], + "type": "string" + }, + "InterfaceMapping": { + "additionalProperties": false, + "description": "Network mappings for the cluster", + "properties": { + "LogicalInterfaceName": { + "description": "logical interface name, unique in the list", + "type": "string" + }, + "NetworkId": { + "description": "Network Id to be associated with the logical interface name, can be duplicated in list", + "type": "string" + } + }, + "type": "object" + }, + "InterfaceNetworkMapping": { + "additionalProperties": false, + "description": "Network mappings for the cluster", + "properties": { + "LogicalInterfaceName": { + "description": "logical interface name, unique in the list", + "type": "string" + }, + "NetworkId": { + "description": "Network Id to be associated with the logical interface name, can be duplicated in list", + "type": "string" + } + }, + "type": "object" + }, + "Tags": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::Cluster Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateCluster", + "medialive:DescribeCluster", + "medialive:CreateTags", + "ecs:CreateCluster", + "ecs:RegisterTaskDefinition", + "ecs:TagResource", + "ecs:CreateService", + "iam:PassRole", + "medialive:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteCluster", + "medialive:DescribeCluster", + "ecs:DeleteService" + ] + }, + "list": { + "permissions": [ + "medialive:ListClusters" + ] + }, + "read": { + "permissions": [ + "medialive:DescribeCluster", + "medialive:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateCluster", + "medialive:DescribeCluster", + "medialive:CreateTags", + "medialive:DeleteTags", + "medialive:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "Arn": { + "description": "The ARN of the Cluster.", + "pattern": "^arn:.+:medialive:.+:cluster:.+$", + "type": "string" + }, + "ChannelIds": { + "description": "The MediaLive Channels that are currently running on Nodes in this Cluster.", + "insertionOrder": false, + "items": { + "description": "MediaLive Channel Ids", + "type": "string" + }, + "type": "array" + }, + "ClusterType": { + "$ref": "#/definitions/ClusterType" + }, + "Id": { + "description": "The unique ID of the Cluster.", + "type": "string" + }, + "InstanceRoleArn": { + "description": "The IAM role your nodes will use.", + "pattern": "^arn:.+:iam:.+:role/.+$", + "type": "string" + }, + "Name": { + "description": "The user-specified name of the Cluster to be created.", + "type": "string" + }, + "NetworkSettings": { + "$ref": "#/definitions/ClusterNetworkSettings" + }, + "State": { + "$ref": "#/definitions/ClusterState" + }, + "Tags": { + "description": "A collection of key-value pairs.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tags" + }, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/ChannelIds", + "/properties/Id", + "/properties/State" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::Cluster" +} diff --git a/src/schema/aws-medialive-eventbridgeruletemplate.json b/src/schema/aws-medialive-eventbridgeruletemplate.json new file mode 100644 index 00000000..4081129b --- /dev/null +++ b/src/schema/aws-medialive-eventbridgeruletemplate.json @@ -0,0 +1,184 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Tags" + ], + "definitions": { + "EventBridgeRuleTemplateEventType": { + "description": "The type of event to match with the rule.", + "enum": [ + "MEDIALIVE_MULTIPLEX_ALERT", + "MEDIALIVE_MULTIPLEX_STATE_CHANGE", + "MEDIALIVE_CHANNEL_ALERT", + "MEDIALIVE_CHANNEL_INPUT_CHANGE", + "MEDIALIVE_CHANNEL_STATE_CHANGE", + "MEDIAPACKAGE_INPUT_NOTIFICATION", + "MEDIAPACKAGE_KEY_PROVIDER_NOTIFICATION", + "MEDIAPACKAGE_HARVEST_JOB_NOTIFICATION", + "SIGNAL_MAP_ACTIVE_ALARM", + "MEDIACONNECT_ALERT", + "MEDIACONNECT_SOURCE_HEALTH", + "MEDIACONNECT_OUTPUT_HEALTH", + "MEDIACONNECT_FLOW_STATUS_CHANGE" + ], + "type": "string" + }, + "EventBridgeRuleTemplateTarget": { + "additionalProperties": false, + "description": "The target to which to send matching events.", + "properties": { + "Arn": { + "description": "Target ARNs must be either an SNS topic or CloudWatch log group.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn.+$", + "type": "string" + } + }, + "required": [ + "Arn" + ], + "type": "object" + }, + "TagMap": { + "additionalProperties": false, + "description": "Represents the tags associated with a resource.", + "patternProperties": { + ".+": { + "description": "Placeholder documentation for __string", + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::EventBridgeRuleTemplate Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateEventBridgeRuleTemplate", + "medialive:GetEventBridgeRuleTemplate", + "medialive:CreateTags" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteEventBridgeRuleTemplate" + ] + }, + "list": { + "permissions": [ + "medialive:ListEventBridgeRuleTemplates" + ] + }, + "read": { + "permissions": [ + "medialive:GetEventBridgeRuleTemplate" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateEventBridgeRuleTemplate", + "medialive:GetEventBridgeRuleTemplate", + "medialive:CreateTags", + "medialive:DeleteTags" + ] + } + }, + "primaryIdentifier": [ + "/properties/Identifier" + ], + "properties": { + "Arn": { + "description": "An eventbridge rule template's ARN (Amazon Resource Name)", + "pattern": "^arn:.+:medialive:.+:eventbridge-rule-template:.+$", + "type": "string" + }, + "CreatedAt": { + "description": "Placeholder documentation for __timestampIso8601", + "format": "date-time", + "type": "string" + }, + "Description": { + "description": "A resource's optional description.", + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "EventTargets": { + "description": "Placeholder documentation for __listOfEventBridgeRuleTemplateTarget", + "items": { + "$ref": "#/definitions/EventBridgeRuleTemplateTarget" + }, + "type": "array" + }, + "EventType": { + "$ref": "#/definitions/EventBridgeRuleTemplateEventType" + }, + "GroupId": { + "description": "An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-`", + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "GroupIdentifier": { + "description": "An eventbridge rule template group's identifier. Can be either be its id or current name.", + "pattern": "^[^\\s]+$", + "type": "string" + }, + "Id": { + "description": "An eventbridge rule template's id. AWS provided templates have ids that start with `aws-`", + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "Identifier": { + "description": "Placeholder documentation for __string", + "type": "string" + }, + "ModifiedAt": { + "description": "Placeholder documentation for __timestampIso8601", + "format": "date-time", + "type": "string" + }, + "Name": { + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[^\\s]+$", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/TagMap" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/CreatedAt", + "/properties/GroupId", + "/properties/Id", + "/properties/Identifier", + "/properties/ModifiedAt" + ], + "required": [ + "EventType", + "Name" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::EventBridgeRuleTemplate", + "writeOnlyProperties": [ + "/properties/GroupIdentifier" + ] +} diff --git a/src/schema/aws-medialive-eventbridgeruletemplategroup.json b/src/schema/aws-medialive-eventbridgeruletemplategroup.json new file mode 100644 index 00000000..d06ce9ec --- /dev/null +++ b/src/schema/aws-medialive-eventbridgeruletemplategroup.json @@ -0,0 +1,118 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/Tags" + ], + "definitions": { + "TagMap": { + "additionalProperties": false, + "description": "Represents the tags associated with a resource.", + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::EventBridgeRuleTemplateGroup Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateEventBridgeRuleTemplateGroup", + "medialive:GetEventBridgeRuleTemplateGroup", + "medialive:CreateTags" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteEventBridgeRuleTemplateGroup" + ] + }, + "list": { + "permissions": [ + "medialive:ListEventBridgeRuleTemplateGroups" + ] + }, + "read": { + "permissions": [ + "medialive:GetEventBridgeRuleTemplateGroup" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateEventBridgeRuleTemplateGroup", + "medialive:GetEventBridgeRuleTemplateGroup", + "medialive:CreateTags", + "medialive:DeleteTags" + ] + } + }, + "primaryIdentifier": [ + "/properties/Identifier" + ], + "properties": { + "Arn": { + "description": "An eventbridge rule template group's ARN (Amazon Resource Name)", + "pattern": "^arn:.+:medialive:.+:eventbridge-rule-template-group:.+$", + "type": "string" + }, + "CreatedAt": { + "format": "date-time", + "type": "string" + }, + "Description": { + "description": "A resource's optional description.", + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "Id": { + "description": "An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-`", + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "Identifier": { + "type": "string" + }, + "ModifiedAt": { + "format": "date-time", + "type": "string" + }, + "Name": { + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[^\\s]+$", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/TagMap" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/CreatedAt", + "/properties/Id", + "/properties/Identifier", + "/properties/ModifiedAt" + ], + "required": [ + "Name" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::EventBridgeRuleTemplateGroup" +} diff --git a/src/schema/aws-medialive-input.json b/src/schema/aws-medialive-input.json index a5d32b5d..f07da482 100644 --- a/src/schema/aws-medialive-input.json +++ b/src/schema/aws-medialive-input.json @@ -2,12 +2,26 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Vpc", - "/properties/Type" + "/properties/Type", + "/properties/InputNetworkLocation" ], "definitions": { "InputDestinationRequest": { "additionalProperties": false, "properties": { + "Network": { + "type": "string" + }, + "NetworkRoutes": { + "items": { + "$ref": "#/definitions/InputRequestDestinationRoute" + }, + "type": "array", + "uniqueItems": false + }, + "StaticIpAddress": { + "type": "string" + }, "StreamName": { "type": "string" } @@ -23,6 +37,18 @@ }, "type": "object" }, + "InputRequestDestinationRoute": { + "additionalProperties": false, + "properties": { + "Cidr": { + "type": "string" + }, + "Gateway": { + "type": "string" + } + }, + "type": "object" + }, "InputSourceRequest": { "additionalProperties": false, "properties": { @@ -66,6 +92,77 @@ } }, "type": "object" + }, + "MulticastSettingsCreateRequest": { + "additionalProperties": false, + "properties": { + "Sources": { + "items": { + "$ref": "#/definitions/MulticastSourceCreateRequest" + }, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" + }, + "MulticastSourceCreateRequest": { + "additionalProperties": false, + "properties": { + "SourceIp": { + "type": "string" + }, + "Url": { + "type": "string" + } + }, + "type": "object" + }, + "SrtCallerDecryptionRequest": { + "additionalProperties": false, + "properties": { + "Algorithm": { + "type": "string" + }, + "PassphraseSecretArn": { + "type": "string" + } + }, + "type": "object" + }, + "SrtCallerSourceRequest": { + "additionalProperties": false, + "properties": { + "Decryption": { + "$ref": "#/definitions/SrtCallerDecryptionRequest" + }, + "MinimumLatency": { + "type": "integer" + }, + "SrtListenerAddress": { + "type": "string" + }, + "SrtListenerPort": { + "type": "string" + }, + "StreamId": { + "type": "string" + } + }, + "type": "object" + }, + "SrtSettingsRequest": { + "additionalProperties": false, + "properties": { + "SrtCallerSources": { + "items": { + "$ref": "#/definitions/SrtCallerSourceRequest" + }, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" } }, "description": "Resource Type definition for AWS::MediaLive::Input", @@ -93,6 +190,9 @@ "type": "array", "uniqueItems": false }, + "InputNetworkLocation": { + "type": "string" + }, "InputSecurityGroups": { "items": { "type": "string" @@ -107,6 +207,9 @@ "type": "array", "uniqueItems": false }, + "MulticastSettings": { + "$ref": "#/definitions/MulticastSettingsCreateRequest" + }, "Name": { "type": "string" }, @@ -120,6 +223,9 @@ "type": "array", "uniqueItems": false }, + "SrtSettings": { + "$ref": "#/definitions/SrtSettingsRequest" + }, "Tags": { "type": "object" }, diff --git a/src/schema/aws-medialive-inputsecuritygroup.json b/src/schema/aws-medialive-inputsecuritygroup.json index 089370ba..6ce9954d 100644 --- a/src/schema/aws-medialive-inputsecuritygroup.json +++ b/src/schema/aws-medialive-inputsecuritygroup.json @@ -1,5 +1,8 @@ { "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Tags" + ], "definitions": { "InputWhitelistRuleCidr": { "additionalProperties": false, @@ -34,8 +37,8 @@ } }, "readOnlyProperties": [ - "/properties/Arn", - "/properties/Id" + "/properties/Id", + "/properties/Arn" ], "typeName": "AWS::MediaLive::InputSecurityGroup" } diff --git a/src/schema/aws-medialive-multiplex.json b/src/schema/aws-medialive-multiplex.json index fd260d25..6772410f 100644 --- a/src/schema/aws-medialive-multiplex.json +++ b/src/schema/aws-medialive-multiplex.json @@ -187,6 +187,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-medialive.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-medialive-multiplexprogram.json b/src/schema/aws-medialive-multiplexprogram.json index aa6888f5..87328dc4 100644 --- a/src/schema/aws-medialive-multiplexprogram.json +++ b/src/schema/aws-medialive-multiplexprogram.json @@ -281,6 +281,9 @@ "type": "string" } }, + "readOnlyProperties": [ + "/properties/ChannelId" + ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-medialiveprogram.git", "tagging": { "taggable": false diff --git a/src/schema/aws-medialive-network.json b/src/schema/aws-medialive-network.json new file mode 100644 index 00000000..01eec8b1 --- /dev/null +++ b/src/schema/aws-medialive-network.json @@ -0,0 +1,169 @@ +{ + "additionalProperties": false, + "definitions": { + "IpPool": { + "additionalProperties": false, + "description": "IP address cidr pool", + "properties": { + "Cidr": { + "description": "IP address cidr pool", + "type": "string" + } + }, + "type": "object" + }, + "NetworkState": { + "enum": [ + "CREATING", + "CREATE_FAILED", + "ACTIVE", + "DELETING", + "IDLE", + "IN_USE", + "UPDATING", + "DELETED", + "DELETE_FAILED" + ], + "type": "string" + }, + "Route": { + "additionalProperties": false, + "properties": { + "Cidr": { + "description": "Ip address cidr", + "type": "string" + }, + "Gateway": { + "description": "IP address for the route packet paths", + "type": "string" + } + }, + "type": "object" + }, + "Tags": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Resource schema for AWS::MediaLive::Network.", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateNetwork", + "medialive:CreateTags", + "medialive:DescribeNetwork", + "medialive:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteNetwork", + "medialive:DescribeNetwork" + ] + }, + "list": { + "permissions": [ + "medialive:ListNetworks" + ] + }, + "read": { + "permissions": [ + "medialive:DescribeNetwork", + "medialive:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateNetwork", + "medialive:CreateTags", + "medialive:DeleteTags", + "medialive:DescribeNetwork", + "medialive:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "Arn": { + "description": "The ARN of the Network.", + "type": "string" + }, + "AssociatedClusterIds": { + "insertionOrder": false, + "items": { + "description": "Cluster Ids which have this network ID in their Interface Network Mappings", + "type": "string" + }, + "type": "array" + }, + "Id": { + "description": "The unique ID of the Network.", + "type": "string" + }, + "IpPools": { + "description": "The list of IP address cidr pools for the network", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/IpPool" + }, + "type": "array" + }, + "Name": { + "description": "The user-specified name of the Network to be created.", + "type": "string" + }, + "Routes": { + "description": "The routes for the network", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Route" + }, + "type": "array" + }, + "State": { + "$ref": "#/definitions/NetworkState", + "description": "The current state of the Network." + }, + "Tags": { + "description": "A collection of key-value pairs.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tags" + }, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Id", + "/properties/State", + "/properties/AssociatedClusterIds" + ], + "required": [ + "Name", + "IpPools" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::Network" +} diff --git a/src/schema/aws-medialive-sdisource.json b/src/schema/aws-medialive-sdisource.json new file mode 100644 index 00000000..4e351f0e --- /dev/null +++ b/src/schema/aws-medialive-sdisource.json @@ -0,0 +1,144 @@ +{ + "additionalProperties": false, + "definitions": { + "SdiSourceMode": { + "description": "The current state of the SdiSource.", + "enum": [ + "QUADRANT", + "INTERLEAVE" + ], + "type": "string" + }, + "SdiSourceState": { + "description": "The current state of the SdiSource.", + "enum": [ + "IDLE", + "IN_USE", + "DELETED" + ], + "type": "string" + }, + "SdiSourceType": { + "description": "The interface mode of the SdiSource.", + "enum": [ + "SINGLE", + "QUAD" + ], + "type": "string" + }, + "Tags": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::SdiSource Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateSdiSource", + "medialive:CreateTags", + "medialive:DescribeSdiSource", + "medialive:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "medialive:DeleteSdiSource", + "medialive:DescribeSdiSource" + ] + }, + "list": { + "permissions": [ + "medialive:ListSdiSources" + ] + }, + "read": { + "permissions": [ + "medialive:DescribeSdiSource", + "medialive:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "medialive:UpdateSdiSource", + "medialive:DescribeSdiSource", + "medialive:CreateTags", + "medialive:DeleteTags", + "medialive:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Id" + ], + "properties": { + "Arn": { + "description": "The unique arn of the SdiSource.", + "type": "string" + }, + "Id": { + "description": "The unique identifier of the SdiSource.", + "type": "string" + }, + "Inputs": { + "description": "The list of inputs currently using this SDI source.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "Mode": { + "$ref": "#/definitions/SdiSourceMode" + }, + "Name": { + "description": "The name of the SdiSource.", + "type": "string" + }, + "State": { + "$ref": "#/definitions/SdiSourceState" + }, + "Tags": { + "description": "A collection of key-value pairs.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tags" + }, + "type": "array" + }, + "Type": { + "$ref": "#/definitions/SdiSourceType" + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/State", + "/properties/Arn", + "/properties/Inputs" + ], + "required": [ + "Name", + "Type" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::SdiSource" +} diff --git a/src/schema/aws-medialive-signalmap.json b/src/schema/aws-medialive-signalmap.json new file mode 100644 index 00000000..1d558c89 --- /dev/null +++ b/src/schema/aws-medialive-signalmap.json @@ -0,0 +1,424 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Tags" + ], + "definitions": { + "FailedMediaResourceMap": { + "additionalProperties": false, + "description": "A map representing an incomplete AWS media workflow as a graph.", + "patternProperties": { + ".+": { + "$ref": "#/definitions/MediaResource" + } + }, + "type": "object" + }, + "MediaResource": { + "additionalProperties": false, + "description": "An AWS resource used in media workflows.", + "properties": { + "Destinations": { + "items": { + "$ref": "#/definitions/MediaResourceNeighbor" + }, + "type": "array" + }, + "Name": { + "description": "The logical name of an AWS media resource.", + "maxLength": 256, + "minLength": 0, + "type": "string" + }, + "Sources": { + "items": { + "$ref": "#/definitions/MediaResourceNeighbor" + }, + "type": "array" + } + }, + "type": "object" + }, + "MediaResourceMap": { + "additionalProperties": false, + "description": "A map representing an AWS media workflow as a graph.", + "patternProperties": { + ".+": { + "$ref": "#/definitions/MediaResource" + } + }, + "type": "object" + }, + "MediaResourceNeighbor": { + "additionalProperties": false, + "description": "A direct source or destination neighbor to an AWS media resource.", + "properties": { + "Arn": { + "description": "The ARN of a resource used in AWS media workflows.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn.+$", + "type": "string" + }, + "Name": { + "description": "The logical name of an AWS media resource.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Arn" + ], + "type": "object" + }, + "MonitorDeployment": { + "additionalProperties": false, + "description": "Represents the latest monitor deployment of a signal map.", + "properties": { + "DetailsUri": { + "description": "URI associated with a signal map's monitor deployment.", + "maxLength": 2048, + "minLength": 0, + "type": "string" + }, + "ErrorMessage": { + "description": "Error message associated with a failed monitor deployment of a signal map.", + "maxLength": 2048, + "minLength": 0, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/SignalMapMonitorDeploymentStatus" + } + }, + "required": [ + "Status" + ], + "type": "object" + }, + "SignalMapMonitorDeploymentStatus": { + "description": "A signal map's monitor deployment status.", + "enum": [ + "NOT_DEPLOYED", + "DRY_RUN_DEPLOYMENT_COMPLETE", + "DRY_RUN_DEPLOYMENT_FAILED", + "DRY_RUN_DEPLOYMENT_IN_PROGRESS", + "DEPLOYMENT_COMPLETE", + "DEPLOYMENT_FAILED", + "DEPLOYMENT_IN_PROGRESS", + "DELETE_COMPLETE", + "DELETE_FAILED", + "DELETE_IN_PROGRESS" + ], + "type": "string" + }, + "SignalMapStatus": { + "description": "A signal map's current status which is dependent on its lifecycle actions or associated jobs.", + "enum": [ + "CREATE_IN_PROGRESS", + "CREATE_COMPLETE", + "CREATE_FAILED", + "UPDATE_IN_PROGRESS", + "UPDATE_COMPLETE", + "UPDATE_REVERTED", + "UPDATE_FAILED", + "READY", + "NOT_READY" + ], + "type": "string" + }, + "SuccessfulMonitorDeployment": { + "additionalProperties": false, + "description": "Represents the latest successful monitor deployment of a signal map.", + "properties": { + "DetailsUri": { + "description": "URI associated with a signal map's monitor deployment.", + "maxLength": 2048, + "minLength": 0, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/SignalMapMonitorDeploymentStatus" + } + }, + "required": [ + "DetailsUri", + "Status" + ], + "type": "object" + }, + "TagMap": { + "additionalProperties": false, + "description": "Represents the tags associated with a resource.", + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + } + }, + "description": "Definition of AWS::MediaLive::SignalMap Resource Type", + "handlers": { + "create": { + "permissions": [ + "medialive:CreateSignalMap", + "medialive:GetSignalMap", + "medialive:CreateTags", + "medialive:DescribeChannel", + "medialive:DescribeInput", + "medialive:DescribeInputDevice", + "medialive:DescribeInputSecurityGroup", + "medialive:DescribeMultiplex", + "medialive:DescribeMultiplexProgram", + "medialive:ListChannels", + "medialive:ListInputDevices", + "medialive:ListInputSecurityGroups", + "medialive:ListInputs", + "medialive:ListMultiplexPrograms", + "medialive:ListMultiplexes", + "medialive:ListOfferings", + "medialive:ListReservations", + "medialive:ListTagsForResource", + "cloudfront:ListDistributions", + "cloudfront:GetDistribution", + "ec2:DescribeNetworkInterfaces", + "mediaconnect:ListEntitlements", + "mediaconnect:ListFlows", + "mediaconnect:ListOfferings", + "mediaconnect:ListReservations", + "mediaconnect:DescribeFlow", + "mediapackage:ListChannels", + "mediapackage:ListOriginEndpoints", + "mediapackage:DescribeChannel", + "mediapackage:DescribeOriginEndpoint", + "mediapackagev2:ListChannelGroups", + "mediapackagev2:ListChannels", + "mediapackagev2:ListOriginEndpoints", + "mediapackagev2:GetChannelGroup", + "mediapackagev2:GetChannel", + "mediapackagev2:GetOriginEndpoint", + "tag:GetResources" + ] + }, + "delete": { + "permissions": [ + "medialive:GetSignalMap", + "medialive:DeleteSignalMap" + ] + }, + "list": { + "permissions": [ + "medialive:ListSignalMaps" + ] + }, + "read": { + "permissions": [ + "medialive:GetSignalMap", + "tag:GetResources" + ] + }, + "update": { + "permissions": [ + "medialive:StartUpdateSignalMap", + "medialive:GetSignalMap", + "medialive:CreateTags", + "medialive:DeleteTags", + "medialive:DescribeChannel", + "medialive:DescribeInput", + "medialive:DescribeInputDevice", + "medialive:DescribeInputSecurityGroup", + "medialive:DescribeMultiplex", + "medialive:DescribeMultiplexProgram", + "medialive:ListChannels", + "medialive:ListInputDevices", + "medialive:ListInputSecurityGroups", + "medialive:ListInputs", + "medialive:ListMultiplexPrograms", + "medialive:ListMultiplexes", + "medialive:ListOfferings", + "medialive:ListReservations", + "medialive:ListTagsForResource", + "cloudfront:ListDistributions", + "cloudfront:GetDistribution", + "ec2:DescribeNetworkInterfaces", + "mediaconnect:ListEntitlements", + "mediaconnect:ListFlows", + "mediaconnect:ListOfferings", + "mediaconnect:ListReservations", + "mediaconnect:DescribeFlow", + "mediapackage:ListChannels", + "mediapackage:ListOriginEndpoints", + "mediapackage:DescribeChannel", + "mediapackage:DescribeOriginEndpoint", + "mediapackagev2:ListChannelGroups", + "mediapackagev2:ListChannels", + "mediapackagev2:ListOriginEndpoints", + "mediapackagev2:GetChannelGroup", + "mediapackagev2:GetChannel", + "mediapackagev2:GetOriginEndpoint", + "tag:GetResources" + ] + } + }, + "primaryIdentifier": [ + "/properties/Identifier" + ], + "properties": { + "Arn": { + "description": "A signal map's ARN (Amazon Resource Name)", + "pattern": "^arn:.+:medialive:.+:signal-map:.+$", + "type": "string" + }, + "CloudWatchAlarmTemplateGroupIdentifiers": { + "items": { + "pattern": "^[^\\s]+$", + "type": "string" + }, + "type": "array" + }, + "CloudWatchAlarmTemplateGroupIds": { + "items": { + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "type": "array" + }, + "CreatedAt": { + "format": "date-time", + "type": "string" + }, + "Description": { + "description": "A resource's optional description.", + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "DiscoveryEntryPointArn": { + "description": "A top-level supported AWS resource ARN to discovery a signal map from.", + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "ErrorMessage": { + "description": "Error message associated with a failed creation or failed update attempt of a signal map.", + "maxLength": 2048, + "minLength": 0, + "type": "string" + }, + "EventBridgeRuleTemplateGroupIdentifiers": { + "items": { + "pattern": "^[^\\s]+$", + "type": "string" + }, + "type": "array" + }, + "EventBridgeRuleTemplateGroupIds": { + "items": { + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "type": "array" + }, + "FailedMediaResourceMap": { + "$ref": "#/definitions/FailedMediaResourceMap" + }, + "ForceRediscovery": { + "default": false, + "description": "If true, will force a rediscovery of a signal map if an unchanged discoveryEntryPointArn is provided.", + "type": "boolean" + }, + "Id": { + "description": "A signal map's id.", + "maxLength": 11, + "minLength": 7, + "pattern": "^(aws-)?[0-9]{7}$", + "type": "string" + }, + "Identifier": { + "type": "string" + }, + "LastDiscoveredAt": { + "format": "date-time", + "type": "string" + }, + "LastSuccessfulMonitorDeployment": { + "$ref": "#/definitions/SuccessfulMonitorDeployment" + }, + "MediaResourceMap": { + "$ref": "#/definitions/MediaResourceMap" + }, + "ModifiedAt": { + "format": "date-time", + "type": "string" + }, + "MonitorChangesPendingDeployment": { + "default": false, + "description": "If true, there are pending monitor changes for this signal map that can be deployed.", + "type": "boolean" + }, + "MonitorDeployment": { + "$ref": "#/definitions/MonitorDeployment" + }, + "Name": { + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[^\\s]+$", + "type": "string" + }, + "Status": { + "$ref": "#/definitions/SignalMapStatus" + }, + "Tags": { + "$ref": "#/definitions/TagMap" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/CloudWatchAlarmTemplateGroupIds", + "/properties/CreatedAt", + "/properties/ErrorMessage", + "/properties/EventBridgeRuleTemplateGroupIds", + "/properties/FailedMediaResourceMap", + "/properties/Id", + "/properties/Identifier", + "/properties/LastDiscoveredAt", + "/properties/LastSuccessfulMonitorDeployment", + "/properties/MediaResourceMap", + "/properties/ModifiedAt", + "/properties/MonitorChangesPendingDeployment", + "/properties/MonitorDeployment", + "/properties/Status" + ], + "required": [ + "DiscoveryEntryPointArn", + "Name" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "medialive:CreateTags", + "medialive:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MediaLive::SignalMap", + "writeOnlyProperties": [ + "/properties/CloudWatchAlarmTemplateGroupIdentifiers", + "/properties/EventBridgeRuleTemplateGroupIdentifiers", + "/properties/ForceRediscovery" + ] +} diff --git a/src/schema/aws-mediapackage-originendpoint.json b/src/schema/aws-mediapackage-originendpoint.json index 1558ac6c..8d304125 100644 --- a/src/schema/aws-mediapackage-originendpoint.json +++ b/src/schema/aws-mediapackage-originendpoint.json @@ -590,6 +590,10 @@ "update": { "permissions": [ "mediapackage:UpdateOriginEndpoint", + "mediapackage:TagResource", + "mediapackage:ListTagsForResource", + "mediapackage:UntagResource", + "mediapackage:DescribeOriginEndpoint", "iam:PassRole" ] } @@ -683,9 +687,13 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "mediapackage:TagResource", + "mediapackage:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", - "tagUpdatable": false, + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::MediaPackage::OriginEndpoint" diff --git a/src/schema/aws-mediapackagev2-channel.json b/src/schema/aws-mediapackagev2-channel.json index c5c85ef1..178a9776 100644 --- a/src/schema/aws-mediapackagev2-channel.json +++ b/src/schema/aws-mediapackagev2-channel.json @@ -27,6 +27,17 @@ }, "type": "object" }, + "InputSwitchConfiguration": { + "additionalProperties": false, + "description": "

The configuration for input switching based on the media quality confidence score (MQCS) as provided from AWS Elemental MediaLive.

", + "properties": { + "MQCSInputSwitching": { + "description": "

When true, AWS Elemental MediaPackage performs input switching based on the MQCS. Default is true. This setting is valid only when InputType is CMAF.

", + "type": "boolean" + } + }, + "type": "object" + }, "InputType": { "enum": [ "HLS", @@ -34,6 +45,17 @@ ], "type": "string" }, + "OutputHeaderConfiguration": { + "additionalProperties": false, + "description": "

The settings for what common media server data (CMSD) headers AWS Elemental MediaPackage includes in responses to the CDN.

", + "properties": { + "PublishMQCS": { + "description": "

When true, AWS Elemental MediaPackage includes the MQCS in responses to the CDN. This setting is valid only when InputType is CMAF.

", + "type": "boolean" + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -134,6 +156,9 @@ }, "type": "array" }, + "InputSwitchConfiguration": { + "$ref": "#/definitions/InputSwitchConfiguration" + }, "InputType": { "$ref": "#/definitions/InputType" }, @@ -142,6 +167,9 @@ "format": "date-time", "type": "string" }, + "OutputHeaderConfiguration": { + "$ref": "#/definitions/OutputHeaderConfiguration" + }, "Tags": { "insertionOrder": false, "items": { @@ -164,6 +192,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-mediapackagev2", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "mediapackagev2:TagResource", + "mediapackagev2:UntagResource", + "mediapackagev2:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-mediapackagev2-channelgroup.json b/src/schema/aws-mediapackagev2-channelgroup.json index 24d9534d..478bb3bc 100644 --- a/src/schema/aws-mediapackagev2-channelgroup.json +++ b/src/schema/aws-mediapackagev2-channelgroup.json @@ -109,6 +109,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-mediapackagev2", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "mediapackagev2:TagResource", + "mediapackagev2:UntagResource", + "mediapackagev2:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-mediapackagev2-originendpoint.json b/src/schema/aws-mediapackagev2-originendpoint.json index d91e30ab..eba923e4 100644 --- a/src/schema/aws-mediapackagev2-originendpoint.json +++ b/src/schema/aws-mediapackagev2-originendpoint.json @@ -150,7 +150,8 @@ "CLEAR_KEY_AES_128", "FAIRPLAY", "PLAYREADY", - "WIDEVINE" + "WIDEVINE", + "IRDETO" ], "type": "string" }, @@ -227,6 +228,11 @@ "additionalProperties": false, "description": "

Filter configuration includes settings for manifest filtering, start and end times, and time delay that apply to all of your egress requests for this manifest.

", "properties": { + "ClipStartTime": { + "description": "

Optionally specify the clip start time for all of your manifest egress requests. When you include clip start time, note that you cannot use clip start time query parameters for this manifest's endpoint URL.

", + "format": "date-time", + "type": "string" + }, "End": { "description": "

Optionally specify the end time for all of your manifest egress requests. When you include end time, note that you cannot use end time query parameters for this manifest's endpoint URL.

", "format": "date-time", @@ -257,7 +263,7 @@ "description": "

The failover settings for the endpoint.

", "properties": { "EndpointErrorConditions": { - "description": "

The failover settings for the endpoint. The options are:

\n
    \n
  • \n

    \n STALE_MANIFEST - The manifest stalled and there a no new segments or parts.

    \n
    • \n
  • \n

    \n INCOMPLETE_MANIFEST - There is a gap in the manifest.

    \n
    • \n
  • \n

    \n MISSING_DRM_KEY - Key rotation is enabled but we're unable to fetch the key for the current key period.

    \n
    • \n
", + "description": "

The failover conditions for the endpoint. The options are:

\n
    \n
  • \n

    \n STALE_MANIFEST - The manifest stalled and there are no new segments or parts.

    \n
    • \n
  • \n

    \n INCOMPLETE_MANIFEST - There is a gap in the manifest.

    \n
    • \n
  • \n

    \n MISSING_DRM_KEY - Key rotation is enabled but we're unable to fetch the key for the current key period.

    \n
    • \n
  • \n

    \n SLATE_INPUT - The segments which contain slate content are considered to be missing content.

    \n
    • \n
", "items": { "$ref": "#/definitions/EndpointErrorCondition" }, @@ -292,15 +298,22 @@ "type": "integer" }, "ProgramDateTimeIntervalSeconds": { - "description": "

Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, \n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. \n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. \n ID3Timed metadata messages generate every 5 seconds whenever the content is ingested.

\n

Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

", + "description": "

Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval,\n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest.\n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.

\n

Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

", "type": "integer" }, "ScteHls": { "$ref": "#/definitions/ScteHls" }, + "StartTag": { + "$ref": "#/definitions/StartTag" + }, "Url": { "description": "

The egress domain URL for stream delivery from MediaPackage.

", "type": "string" + }, + "UrlEncodeChildManifest": { + "description": "

When enabled, MediaPackage URL-encodes the query string for API requests for HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol.\n For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.

", + "type": "boolean" } }, "required": [ @@ -334,15 +347,22 @@ "type": "integer" }, "ProgramDateTimeIntervalSeconds": { - "description": "

Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, \n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. \n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. \n ID3Timed metadata messages generate every 5 seconds whenever the content is ingested.

\n

Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

", + "description": "

Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval,\n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest.\n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.

\n

Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

", "type": "integer" }, "ScteHls": { "$ref": "#/definitions/ScteHls" }, + "StartTag": { + "$ref": "#/definitions/StartTag" + }, "Url": { "description": "

The egress domain URL for stream delivery from MediaPackage.

", "type": "string" + }, + "UrlEncodeChildManifest": { + "description": "

When enabled, MediaPackage URL-encodes the query string for API requests for LL-HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol.\n For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.

", + "type": "boolean" } }, "required": [ @@ -508,6 +528,24 @@ ], "type": "object" }, + "StartTag": { + "additionalProperties": false, + "description": "

To insert an EXT-X-START tag in your HLS playlist, specify a StartTag configuration object with a valid TimeOffset. When you do, you can also optionally specify whether to include a PRECISE value in the EXT-X-START tag.

", + "properties": { + "Precise": { + "description": "

Specify the value for PRECISE within your EXT-X-START tag. Leave blank, or choose false, to use the default value NO. Choose yes to use the value YES.

", + "type": "boolean" + }, + "TimeOffset": { + "description": "

Specify the value for TIME-OFFSET within your EXT-X-START tag. Enter a signed floating point value which, if positive, must be less than the configured manifest duration minus three times the configured segment target duration. If negative, the absolute value must be larger than three times the configured segment target duration, and the absolute value must be smaller than the configured manifest duration.

", + "type": "number" + } + }, + "required": [ + "TimeOffset" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -694,11 +732,17 @@ "required": [ "ChannelGroupName", "ChannelName", - "OriginEndpointName" + "OriginEndpointName", + "ContainerType" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-mediapackagev2", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "mediapackagev2:TagResource", + "mediapackagev2:UntagResource", + "mediapackagev2:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-memorydb-acl.json b/src/schema/aws-memorydb-acl.json index a9572dd0..fb0b2825 100644 --- a/src/schema/aws-memorydb-acl.json +++ b/src/schema/aws-memorydb-acl.json @@ -36,7 +36,8 @@ "memorydb:CreateACL", "memorydb:DescribeACLs", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -114,6 +115,17 @@ "ACLName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::MemoryDB::ACL" } diff --git a/src/schema/aws-memorydb-cluster.json b/src/schema/aws-memorydb-cluster.json index 4858a770..1791b730 100644 --- a/src/schema/aws-memorydb-cluster.json +++ b/src/schema/aws-memorydb-cluster.json @@ -8,7 +8,9 @@ "/properties/Port", "/properties/SubnetGroupName", "/properties/SnapshotArns", - "/properties/SnapshotName" + "/properties/MultiRegionClusterName", + "/properties/SnapshotName", + "/properties/NetworkType" ], "definitions": { "DataTieringStatus": { @@ -32,6 +34,21 @@ }, "type": "object" }, + "SupportedIpDiscoveryTypes": { + "enum": [ + "ipv4", + "ipv6" + ], + "type": "string" + }, + "SupportedNetworkTypes": { + "enum": [ + "ipv4", + "ipv6", + "dual_stack" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -62,10 +79,15 @@ "handlers": { "create": { "permissions": [ + "kms:DescribeKey", + "kms:CreateGrant", "memorydb:CreateCluster", "memorydb:DescribeClusters", - "memorydb:ListTags" - ] + "memorydb:TagResource", + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" + ], + "timeoutInMinutes": 720 }, "delete": { "permissions": [ @@ -91,7 +113,8 @@ "memorydb:ListTags", "memorydb:TagResource", "memorydb:UntagResource" - ] + ], + "timeoutInMinutes": 2160 } }, "primaryIdentifier": [ @@ -129,6 +152,10 @@ "description": "An optional description of the cluster.", "type": "string" }, + "Engine": { + "description": "The engine type used by the cluster.", + "type": "string" + }, "EngineVersion": { "description": "The Redis engine version used by the cluster.", "type": "string" @@ -137,6 +164,11 @@ "description": "The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward.", "type": "string" }, + "IpDiscovery": { + "$ref": "#/definitions/SupportedIpDiscoveryTypes", + "description": "For clusters wth dual stack NetworkType, IpDiscovery controls the Ip protocol (ipv4 or ipv6) returned by the engine commands such as `cluster info` and `cluster nodes` which are used by clients to connect to the nodes in the cluster.", + "type": "object" + }, "KmsKeyId": { "description": "The ID of the KMS key used to encrypt the cluster.", "type": "string" @@ -145,6 +177,15 @@ "description": "Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period.", "type": "string" }, + "MultiRegionClusterName": { + "description": "The name of the Global Datastore, it is generated by MemoryDB adding a prefix to MultiRegionClusterNameSuffix.", + "type": "string" + }, + "NetworkType": { + "$ref": "#/definitions/SupportedNetworkTypes", + "description": "Must be either ipv4 | ipv6 | dual_stack.", + "type": "object" + }, "NodeType": { "description": "The compute and memory capacity of the nodes in the cluster.", "type": "string" @@ -243,11 +284,23 @@ "ACLName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::MemoryDB::Cluster", "writeOnlyProperties": [ "/properties/SnapshotArns", "/properties/SnapshotName", + "/properties/MultiRegionClusterName", "/properties/FinalSnapshotName" ] } diff --git a/src/schema/aws-memorydb-multiregioncluster.json b/src/schema/aws-memorydb-multiregioncluster.json new file mode 100644 index 00000000..63e430c6 --- /dev/null +++ b/src/schema/aws-memorydb-multiregioncluster.json @@ -0,0 +1,170 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/MultiRegionClusterNameSuffix", + "/properties/EngineVersion", + "/properties/MultiRegionParameterGroupName", + "/properties/TLSEnabled" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key for the tag. May not be null.", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)(?!memorydb:)[a-zA-Z0-9 _\\.\\/=+:\\-@]{1,128}$", + "type": "string" + }, + "Value": { + "description": "The tag's value. May be null.", + "maxLength": 256, + "minLength": 1, + "pattern": "^(?!aws:)(?!memorydb:)[a-zA-Z0-9 _\\.\\/=+:\\-@]{1,256}$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "The AWS::MemoryDB::Multi Region Cluster resource creates an Amazon MemoryDB Multi Region Cluster.", + "handlers": { + "create": { + "permissions": [ + "memorydb:CreateMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters", + "memorydb:TagResource", + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" + ], + "timeoutInMinutes": 2160 + }, + "delete": { + "permissions": [ + "memorydb:DeleteMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters" + ] + }, + "list": { + "permissions": [ + "memorydb:DescribeMultiRegionClusters" + ] + }, + "read": { + "permissions": [ + "memorydb:DescribeMultiRegionClusters", + "memorydb:ListTags" + ] + }, + "update": { + "permissions": [ + "memorydb:UpdateMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters", + "memorydb:ListTags", + "memorydb:TagResource", + "memorydb:UntagResource" + ], + "timeoutInMinutes": 2160 + } + }, + "primaryIdentifier": [ + "/properties/MultiRegionClusterName" + ], + "properties": { + "ARN": { + "description": "The Amazon Resource Name (ARN) of the multi region cluster.", + "type": "string" + }, + "Description": { + "description": "Description of the multi region cluster.", + "type": "string" + }, + "Engine": { + "description": "The engine type used by the multi region cluster.", + "type": "string" + }, + "EngineVersion": { + "description": "The Redis engine version used by the multi region cluster.", + "type": "string" + }, + "MultiRegionClusterName": { + "description": "The name of the Global Datastore, it is generated by MemoryDB adding a prefix to MultiRegionClusterNameSuffix.", + "type": "string" + }, + "MultiRegionClusterNameSuffix": { + "description": "The name of the Multi Region cluster. This value must be unique as it also serves as the multi region cluster identifier.", + "pattern": "[a-z][a-z0-9\\-]*", + "type": "string" + }, + "MultiRegionParameterGroupName": { + "description": "The name of the parameter group associated with the multi region cluster.", + "type": "string" + }, + "NodeType": { + "description": "The compute and memory capacity of the nodes in the multi region cluster.", + "type": "string" + }, + "NumShards": { + "description": "The number of shards the multi region cluster will contain.", + "type": "integer" + }, + "Status": { + "description": "The status of the multi region cluster. For example, Available, Updating, Creating.", + "type": "string" + }, + "TLSEnabled": { + "description": "A flag that enables in-transit encryption when set to true.\n\nYou cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster.", + "type": "boolean" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this multi region cluster.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + }, + "UpdateStrategy": { + "description": "An enum string value that determines the update strategy for scaling. Possible values are 'COORDINATED' and 'UNCOORDINATED'. Default is 'COORDINATED'.", + "enum": [ + "COORDINATED", + "UNCOORDINATED" + ], + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/MultiRegionClusterName", + "/properties/Status", + "/properties/ARN" + ], + "required": [ + "NodeType" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::MemoryDB::MultiRegionCluster", + "writeOnlyProperties": [ + "/properties/MultiRegionClusterNameSuffix", + "/properties/UpdateStrategy" + ] +} diff --git a/src/schema/aws-memorydb-parametergroup.json b/src/schema/aws-memorydb-parametergroup.json index 1701d045..569392ec 100644 --- a/src/schema/aws-memorydb-parametergroup.json +++ b/src/schema/aws-memorydb-parametergroup.json @@ -39,7 +39,8 @@ "memorydb:CreateParameterGroup", "memorydb:DescribeParameterGroups", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -113,7 +114,18 @@ "Family" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::MemoryDB::ParameterGroup", "writeOnlyProperties": [ "/properties/Parameters" diff --git a/src/schema/aws-memorydb-subnetgroup.json b/src/schema/aws-memorydb-subnetgroup.json index bc5c638f..a5827cd9 100644 --- a/src/schema/aws-memorydb-subnetgroup.json +++ b/src/schema/aws-memorydb-subnetgroup.json @@ -37,7 +37,8 @@ "memorydb:CreateSubnetGroup", "memorydb:DescribeSubnetGroups", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -93,6 +94,15 @@ "type": "array", "uniqueItems": true }, + "SupportedNetworkTypes": { + "description": "Supported network types would be a list of network types supported by subnet group and can be either [ipv4] or [ipv4, dual_stack] or [ipv6].", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, "Tags": { "description": "An array of key-value pairs to apply to this subnet group.", "insertionOrder": false, @@ -105,13 +115,25 @@ } }, "readOnlyProperties": [ - "/properties/ARN" + "/properties/ARN", + "/properties/SupportedNetworkTypes" ], "required": [ "SubnetGroupName", "SubnetIds" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::MemoryDB::SubnetGroup" } diff --git a/src/schema/aws-memorydb-user.json b/src/schema/aws-memorydb-user.json index 5897714d..75772616 100644 --- a/src/schema/aws-memorydb-user.json +++ b/src/schema/aws-memorydb-user.json @@ -36,7 +36,8 @@ "memorydb:CreateUser", "memorydb:DescribeUsers", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -133,7 +134,18 @@ "UserName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "memorydb:TagResource", + "memorydb:ListTags", + "memorydb:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::MemoryDB::User", "writeOnlyProperties": [ "/properties/AuthenticationMode", diff --git a/src/schema/aws-msk-cluster.json b/src/schema/aws-msk-cluster.json index a04a9272..9bea92f1 100644 --- a/src/schema/aws-msk-cluster.json +++ b/src/schema/aws-msk-cluster.json @@ -608,6 +608,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafka:TagResource", + "kafka:UntagResource", + "kafka:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-msk-replicator.json b/src/schema/aws-msk-replicator.json index b12ef8ec..b6ea7d40 100644 --- a/src/schema/aws-msk-replicator.json +++ b/src/schema/aws-msk-replicator.json @@ -10,7 +10,11 @@ "/properties/Description", "/properties/KafkaClusters", "/properties/ServiceExecutionRoleArn", - "/properties/ReplicationInfoList/-/TopicReplication/StartingPosition/Type" + "/properties/ReplicationInfoList/*/SourceKafkaClusterArn", + "/properties/ReplicationInfoList/*/TargetKafkaClusterArn", + "/properties/ReplicationInfoList/*/TargetCompressionType", + "/properties/ReplicationInfoList/*/TopicReplication/StartingPosition", + "/properties/ReplicationInfoList/*/TopicReplication/TopicNameConfiguration" ], "definitions": { "AmazonMskCluster": { @@ -183,6 +187,25 @@ ], "type": "string" }, + "ReplicationTopicNameConfiguration": { + "additionalProperties": false, + "description": "Configuration for specifying replicated topic names should be the same as their corresponding upstream topics or prefixed with source cluster alias.", + "properties": { + "Type": { + "$ref": "#/definitions/ReplicationTopicNameConfigurationType" + } + }, + "required": [], + "type": "object" + }, + "ReplicationTopicNameConfigurationType": { + "description": "The type of replicated topic name.", + "enum": [ + "PREFIXED_WITH_SOURCE_CLUSTER_ALIAS", + "IDENTICAL" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -221,6 +244,10 @@ "$ref": "#/definitions/ReplicationStartingPosition", "description": "Configuration for specifying the position in the topics to start replicating from." }, + "TopicNameConfiguration": { + "$ref": "#/definitions/ReplicationTopicNameConfiguration", + "description": "Configuration for specifying replicated topic names should be the same as their corresponding upstream topics or prefixed with source cluster alias." + }, "TopicsToExclude": { "description": "List of regular expression patterns indicating the topics that should not be replicated.", "insertionOrder": false, @@ -363,7 +390,8 @@ } }, "readOnlyProperties": [ - "/properties/ReplicatorArn" + "/properties/ReplicatorArn", + "/properties/CurrentVersion" ], "required": [ "ReplicatorName", @@ -374,6 +402,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-msk-replicator.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafka:UntagResource", + "kafka:ListTagsForResource", + "kafka:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-msk-serverlesscluster.json b/src/schema/aws-msk-serverlesscluster.json index c5acdc8e..4f24ff7a 100644 --- a/src/schema/aws-msk-serverlesscluster.json +++ b/src/schema/aws-msk-serverlesscluster.json @@ -149,6 +149,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafka:TagResource", + "kafka:UntagResource", + "kafka:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/src/schema/aws-msk-vpcconnection.json b/src/schema/aws-msk-vpcconnection.json index b3b0e0b4..74de6407 100644 --- a/src/schema/aws-msk-vpcconnection.json +++ b/src/schema/aws-msk-vpcconnection.json @@ -152,6 +152,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafka:TagResource", + "kafka:UntagResource", + "kafka:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-mwaa-environment.json b/src/schema/aws-mwaa-environment.json index e74a78cc..b96676da 100644 --- a/src/schema/aws-mwaa-environment.json +++ b/src/schema/aws-mwaa-environment.json @@ -195,7 +195,7 @@ }, "MaxWebservers": { "description": "Maximum webserver compute units.", - "minimum": 2, + "minimum": 1, "type": "integer" }, "MaxWorkers": { @@ -205,7 +205,7 @@ }, "MinWebservers": { "description": "Minimum webserver compute units.", - "minimum": 2, + "minimum": 1, "type": "integer" }, "MinWorkers": { @@ -368,12 +368,40 @@ "handlers": { "create": { "permissions": [ - "airflow:CreateEnvironment" + "airflow:GetEnvironment", + "airflow:CreateEnvironment", + "airflow:TagResource", + "airflow:UntagResource", + "iam:PassRole", + "iam:ListRoles", + "iam:CreatePolicy", + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:CreateServiceLinkedRole", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:CreateBucket", + "s3:PutObject", + "s3:GetEncryptionConfiguration", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:CreateVpcEndpoint", + "ec2:CreateNetworkInterface", + "kms:CreateGrant", + "kms:DescribeKey", + "kms:ListAliases" ], "timeoutInMinutes": 180 }, "delete": { "permissions": [ + "airflow:GetEnvironment", "airflow:DeleteEnvironment" ] }, @@ -389,9 +417,23 @@ }, "update": { "permissions": [ + "airflow:GetEnvironment", "airflow:UpdateEnvironment", "airflow:TagResource", - "airflow:UntagResource" + "airflow:UntagResource", + "iam:PassRole", + "iam:ListRoles", + "iam:AttachRolePolicy", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetEncryptionConfiguration", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables", + "kms:DescribeKey", + "kms:ListAliases" ], "timeoutInMinutes": 480 } @@ -509,6 +551,16 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-mwaa.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "airflow:UntagResource", + "airflow:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::MWAA::Environment" } diff --git a/src/schema/aws-neptune-dbcluster.json b/src/schema/aws-neptune-dbcluster.json index 3acd9275..1750055c 100644 --- a/src/schema/aws-neptune-dbcluster.json +++ b/src/schema/aws-neptune-dbcluster.json @@ -236,7 +236,7 @@ "type": "boolean" }, "KmsKeyId": { - "description": "If `StorageEncrypted` is true, the Amazon KMS key identifier for the encrypted DB cluster.", + "description": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the database instances in the DB cluster, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, the default KMS key is used. If you specify this property, you must set the StorageEncrypted property to true.", "type": "string" }, "Port": { @@ -277,7 +277,7 @@ "type": "string" }, "StorageEncrypted": { - "description": "Indicates whether the DB cluster is encrypted.\n\nIf you specify the `DBClusterIdentifier`, `DBSnapshotIdentifier`, or `SourceDBInstanceIdentifier` property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. If you specify the KmsKeyId property, you must enable encryption.\n\nIf you specify the KmsKeyId, you must enable encryption by setting StorageEncrypted to true.", + "description": "Indicates whether the DB cluster is encrypted.\n\nIf you specify the KmsKeyId property, then you must enable encryption and set this property to true.\n\nIf you enable the StorageEncrypted property but don't specify KmsKeyId property, then the default KMS key is used. If you specify KmsKeyId property, then that KMS Key is used to encrypt the database instances in the DB cluster.\n\nIf you specify the SourceDBClusterIdentifier property and don't specify this property or disable it. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the KmsKeyId property from the source cluster is used.\n\nIf you specify the DBSnapshotIdentifier and don't specify this property or disable it. The value is inherited from the snapshot, and the specified KmsKeyId property from the snapshot is used.", "type": "boolean" }, "Tags": { @@ -320,6 +320,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-neptune-dbclusterparametergroup.json b/src/schema/aws-neptune-dbclusterparametergroup.json index 93eb5302..74dcc783 100644 --- a/src/schema/aws-neptune-dbclusterparametergroup.json +++ b/src/schema/aws-neptune-dbclusterparametergroup.json @@ -1,63 +1,129 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Family", + "/properties/Name", "/properties/Description", - "/properties/Name" + "/properties/Family" ], "definitions": { "Tag": { "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::Neptune::DBClusterParameterGroup", + "description": "The AWS::Neptune::DBClusterParameterGroup resource creates a new Amazon Neptune DB cluster parameter group", + "handlers": { + "create": { + "permissions": [ + "rds:AddTagsToResource", + "rds:CreateDBClusterParameterGroup", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeEngineDefaultClusterParameters", + "rds:ListTagsForResource", + "rds:ModifyDBClusterParameterGroup", + "iam:CreateServiceLinkedRole" + ], + "timeoutInMinutes": 180 + }, + "delete": { + "permissions": [ + "rds:DeleteDBClusterParameterGroup", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ] + }, + "list": { + "permissions": [ + "rds:DescribeDBClusterParameterGroups", + "rds:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "rds:DescribeDBClusterParameterGroups", + "rds:ListTagsForResource", + "rds:DescribeDBClusterParameters" + ] + }, + "update": { + "permissions": [ + "rds:AddTagsToResource", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusters", + "rds:DescribeEngineDefaultClusterParameters", + "rds:ListTagsForResource", + "rds:ModifyDBClusterParameterGroup", + "rds:RemoveTagsFromResource", + "rds:ResetDBClusterParameterGroup" + ], + "timeoutInMinutes": 180 + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Name" ], "properties": { "Description": { + "description": "Provides the customer-specified description for this DB cluster parameter group.", "type": "string" }, "Family": { - "type": "string" - }, - "Id": { + "description": "Must be neptune1 for engine versions prior to 1.2.0.0, or neptune1.2 for engine version 1.2.0.0 and higher.", "type": "string" }, "Name": { + "description": "Provides the name of the DB cluster parameter group.", "type": "string" }, "Parameters": { + "description": "An array of parameters to be modified. A maximum of 20 parameters can be modified in a single request.", "type": "object" }, "Tags": { + "description": "The list of tags for the cluster parameter group.", "items": { "$ref": "#/definitions/Tag" }, - "type": "array", - "uniqueItems": false + "type": "array" } }, - "readOnlyProperties": [ - "/properties/Id" - ], + "propertyTransform": { + "/properties/Name": "$lowercase(Name)" + }, "required": [ - "Family", "Description", + "Family", "Parameters" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Neptune::DBClusterParameterGroup" } diff --git a/src/schema/aws-neptune-dbparametergroup.json b/src/schema/aws-neptune-dbparametergroup.json index 11f30ea4..a202295d 100644 --- a/src/schema/aws-neptune-dbparametergroup.json +++ b/src/schema/aws-neptune-dbparametergroup.json @@ -1,49 +1,101 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Family", + "/properties/Name", "/properties/Description", - "/properties/Name" + "/properties/Family" ], "definitions": { "Tag": { "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::Neptune::DBParameterGroup", + "description": "AWS::Neptune::DBParameterGroup creates a new DB parameter group. This type can be declared in a template and referenced in the DBParameterGroupName parameter of AWS::Neptune::DBInstance", + "handlers": { + "create": { + "permissions": [ + "rds:AddTagsToResource", + "rds:CreateDBParameterGroup", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeEngineDefaultParameters", + "rds:ModifyDBParameterGroup", + "rds:ListTagsForResource", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "rds:DeleteDBParameterGroup", + "rds:RemoveTagsFromResource" + ] + }, + "list": { + "permissions": [ + "rds:DescribeDBParameterGroups", + "rds:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "rds:DescribeDBParameterGroups", + "rds:ListTagsForResource", + "rds:DescribeDBParameters", + "rds:DescribeEngineDefaultParameters" + ] + }, + "update": { + "permissions": [ + "rds:AddTagsToResource", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeEngineDefaultParameters", + "rds:ListTagsForResource", + "rds:ModifyDBParameterGroup", + "rds:ResetDBParameterGroup", + "rds:RemoveTagsFromResource", + "rds:DescribeDBInstances" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Name" ], "properties": { "Description": { + "description": "Provides the customer-specified description for this DB parameter group.", "type": "string" }, "Family": { - "type": "string" - }, - "Id": { + "description": "Must be `neptune1` for engine versions prior to 1.2.0.0, or `neptune1.2` for engine version `1.2.0.0` and higher.", "type": "string" }, "Name": { + "description": "Provides the name of the DB parameter group.", "type": "string" }, "Parameters": { + "description": "The parameters to set for this DB parameter group.\n\nThe parameters are expressed as a JSON object consisting of key-value pairs.\n\nChanges to dynamic parameters are applied immediately. During an update, if you have static parameters (whether they were changed or not), it triggers AWS CloudFormation to reboot the associated DB instance without failover.", "type": "object" }, "Tags": { + "description": "An optional array of key-value pairs to apply to this DB parameter group.", "items": { "$ref": "#/definitions/Tag" }, @@ -51,13 +103,26 @@ "uniqueItems": false } }, - "readOnlyProperties": [ - "/properties/Id" - ], + "propertyTransform": { + "/properties/Name": "$lowercase(Name)" + }, "required": [ "Family", "Description", "Parameters" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Neptune::DBParameterGroup" } diff --git a/src/schema/aws-neptune-dbsubnetgroup.json b/src/schema/aws-neptune-dbsubnetgroup.json index 3f81a2a0..ddaa0ad1 100644 --- a/src/schema/aws-neptune-dbsubnetgroup.json +++ b/src/schema/aws-neptune-dbsubnetgroup.json @@ -6,36 +6,79 @@ "definitions": { "Tag": { "additionalProperties": false, + "description": "An optional array of key-value pairs to apply to this DB subnet group.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::Neptune::DBSubnetGroup", + "description": "The AWS::Neptune::DBSubnetGroup type creates an Amazon Neptune DB subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same AWS Region.", + "handlers": { + "create": { + "permissions": [ + "rds:CreateDBSubnetGroup", + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource", + "rds:AddTagsToResource", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "rds:DeleteDBSubnetGroup", + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ] + }, + "list": { + "permissions": [ + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "rds:ModifyDBSubnetGroup", + "rds:DescribeDBSubnetGroups", + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource", + "rds:ListTagsForResource" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/DBSubnetGroupName" ], "properties": { "DBSubnetGroupDescription": { + "description": "The description for the DB subnet group.", "type": "string" }, "DBSubnetGroupName": { - "type": "string" - }, - "Id": { + "description": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n\nExample: mysubnetgroup\n\n", "type": "string" }, "SubnetIds": { + "description": "The Amazon EC2 subnet IDs for the DB subnet group.", "items": { "type": "string" }, @@ -43,6 +86,7 @@ "uniqueItems": false }, "Tags": { + "description": "An optional array of key-value pairs to apply to this DB subnet group.", "items": { "$ref": "#/definitions/Tag" }, @@ -50,12 +94,25 @@ "uniqueItems": false } }, - "readOnlyProperties": [ - "/properties/Id" - ], + "propertyTransform": { + "/properties/DBSubnetGroupName": "$lowercase(DBSubnetGroupName)" + }, "required": [ "DBSubnetGroupDescription", "SubnetIds" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Neptune::DBSubnetGroup" } diff --git a/src/schema/aws-neptunegraph-privategraphendpoint.json b/src/schema/aws-neptunegraph-privategraphendpoint.json index ab50fd96..bbb71ba8 100644 --- a/src/schema/aws-neptunegraph-privategraphendpoint.json +++ b/src/schema/aws-neptunegraph-privategraphendpoint.json @@ -51,7 +51,8 @@ "list": { "permissions": [ "neptune-graph:GetPrivateGraphEndpoint", - "neptune-graph:ListPrivateGraphEndpoints" + "neptune-graph:ListPrivateGraphEndpoints", + "neptune-graph:ListGraphs" ], "timeoutInMinutes": 2160 }, diff --git a/src/schema/aws-networkfirewall-firewall.json b/src/schema/aws-networkfirewall-firewall.json index 006109dd..6dadf458 100644 --- a/src/schema/aws-networkfirewall-firewall.json +++ b/src/schema/aws-networkfirewall-firewall.json @@ -5,6 +5,14 @@ "/properties/FirewallName" ], "definitions": { + "EnabledAnalysisType": { + "description": "An analysis type.", + "enum": [ + "TLS_SNI", + "HTTP_HOST" + ], + "type": "string" + }, "EndpointId": { "description": "An endpoint Id.", "type": "string" @@ -107,7 +115,8 @@ "network-firewall:AssociateFirewallPolicy", "network-firewall:TagResource", "network-firewall:UntagResource", - "network-firewall:DescribeFirewall" + "network-firewall:DescribeFirewall", + "network-firewall:UpdateFirewallAnalysisSettings" ] } }, @@ -123,6 +132,14 @@ "pattern": "^.*$", "type": "string" }, + "EnabledAnalysisTypes": { + "description": "The types of analysis to enable for the firewall. Can be TLS_SNI, HTTP_HOST, or both.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EnabledAnalysisType" + }, + "type": "array" + }, "EndpointIds": { "insertionOrder": false, "items": { @@ -191,6 +208,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "network-firewall:TagResource", + "network-firewall:UntagResource", + "network-firewall:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::NetworkFirewall::Firewall" diff --git a/src/schema/aws-networkfirewall-firewallpolicy.json b/src/schema/aws-networkfirewall-firewallpolicy.json index 60eec36c..1e01ed68 100644 --- a/src/schema/aws-networkfirewall-firewallpolicy.json +++ b/src/schema/aws-networkfirewall-firewallpolicy.json @@ -188,6 +188,17 @@ "StatefulEngineOptions": { "additionalProperties": false, "properties": { + "FlowTimeouts": { + "additionalProperties": false, + "properties": { + "TcpIdleTimeoutSeconds": { + "maximum": 6000, + "minimum": 60, + "type": "integer" + } + }, + "type": "object" + }, "RuleOrder": { "$ref": "#/definitions/RuleOrder" }, @@ -363,6 +374,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "network-firewall:TagResource", + "network-firewall:UntagResource", + "network-firewall:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::NetworkFirewall::FirewallPolicy" diff --git a/src/schema/aws-networkfirewall-loggingconfiguration.json b/src/schema/aws-networkfirewall-loggingconfiguration.json index 5ca11133..ce89fa2b 100644 --- a/src/schema/aws-networkfirewall-loggingconfiguration.json +++ b/src/schema/aws-networkfirewall-loggingconfiguration.json @@ -32,7 +32,8 @@ "LogType": { "enum": [ "ALERT", - "FLOW" + "FLOW", + "TLS" ], "type": "string" } diff --git a/src/schema/aws-networkfirewall-rulegroup.json b/src/schema/aws-networkfirewall-rulegroup.json index a1372f2b..8119d86e 100644 --- a/src/schema/aws-networkfirewall-rulegroup.json +++ b/src/schema/aws-networkfirewall-rulegroup.json @@ -711,6 +711,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "network-firewall:TagResource", + "network-firewall:UntagResource", + "network-firewall:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::NetworkFirewall::RuleGroup" diff --git a/src/schema/aws-networkfirewall-tlsinspectionconfiguration.json b/src/schema/aws-networkfirewall-tlsinspectionconfiguration.json index 675287dd..2fbd41fc 100644 --- a/src/schema/aws-networkfirewall-tlsinspectionconfiguration.json +++ b/src/schema/aws-networkfirewall-tlsinspectionconfiguration.json @@ -281,6 +281,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "network-firewall:TagResource", + "network-firewall:UntagResource", + "network-firewall:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::NetworkFirewall::TLSInspectionConfiguration" diff --git a/src/schema/aws-networkmanager-connectattachment.json b/src/schema/aws-networkmanager-connectattachment.json index ec7c61ea..f054dd52 100644 --- a/src/schema/aws-networkmanager-connectattachment.json +++ b/src/schema/aws-networkmanager-connectattachment.json @@ -18,6 +18,30 @@ }, "type": "object" }, + "ProposedNetworkFunctionGroupChange": { + "additionalProperties": false, + "description": "The attachment to move from one network function group to another.", + "properties": { + "AttachmentPolicyRuleNumber": { + "description": "The rule number in the policy document that applies to this change.", + "type": "integer" + }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group to change.", + "type": "string" + }, + "Tags": { + "description": "The key-value tags that changed for the network function group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "ProposedSegmentChange": { "additionalProperties": false, "description": "The attachment to move from one segment to another.", @@ -131,6 +155,10 @@ "description": "Edge location of the attachment.", "type": "string" }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group attachment.", + "type": "string" + }, "Options": { "$ref": "#/definitions/ConnectAttachmentOptions", "description": "Protocol options for connect attachment" @@ -139,6 +167,10 @@ "description": "The ID of the attachment account owner.", "type": "string" }, + "ProposedNetworkFunctionGroupChange": { + "$ref": "#/definitions/ProposedNetworkFunctionGroupChange", + "description": "The attachment to move from one network function group to another." + }, "ProposedSegmentChange": { "$ref": "#/definitions/ProposedSegmentChange", "description": "The attachment to move from one segment to another." @@ -194,6 +226,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-connectattachment", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-connectpeer.json b/src/schema/aws-networkmanager-connectpeer.json index 8dcf7754..6db89565 100644 --- a/src/schema/aws-networkmanager-connectpeer.json +++ b/src/schema/aws-networkmanager-connectpeer.json @@ -223,6 +223,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-connectpeer", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-corenetwork.json b/src/schema/aws-networkmanager-corenetwork.json index f39da5c9..faddbcde 100644 --- a/src/schema/aws-networkmanager-corenetwork.json +++ b/src/schema/aws-networkmanager-corenetwork.json @@ -34,6 +34,46 @@ }, "type": "object" }, + "CoreNetworkNetworkFunctionGroup": { + "additionalProperties": false, + "properties": { + "EdgeLocations": { + "insertionOrder": false, + "items": { + "description": "The Regions where the edges are located.", + "type": "string" + }, + "type": "array" + }, + "Name": { + "description": "Name of network function group", + "type": "string" + }, + "Segments": { + "additionalProperties": false, + "properties": { + "SendTo": { + "insertionOrder": false, + "items": { + "description": "The send-to segments.", + "type": "string" + }, + "type": "array" + }, + "SendVia": { + "insertionOrder": false, + "items": { + "description": "The send-via segments.", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, "CoreNetworkSegment": { "additionalProperties": false, "properties": { @@ -160,6 +200,14 @@ "description": "The ID of the global network that your core network is a part of.", "type": "string" }, + "NetworkFunctionGroups": { + "description": "The network function groups within a core network.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/CoreNetworkNetworkFunctionGroup" + }, + "type": "array" + }, "OwnerAccount": { "description": "Owner of the core network", "type": "string" @@ -197,6 +245,7 @@ "/properties/CreatedAt", "/properties/State", "/properties/Segments", + "/properties/NetworkFunctionGroups", "/properties/Edges" ], "required": [ @@ -205,6 +254,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-corenetwork", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-device.json b/src/schema/aws-networkmanager-device.json index 1387743d..b86f615f 100644 --- a/src/schema/aws-networkmanager-device.json +++ b/src/schema/aws-networkmanager-device.json @@ -187,6 +187,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-directconnectgatewayattachment.json b/src/schema/aws-networkmanager-directconnectgatewayattachment.json new file mode 100644 index 00000000..96cf1fa5 --- /dev/null +++ b/src/schema/aws-networkmanager-directconnectgatewayattachment.json @@ -0,0 +1,239 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/CoreNetworkId", + "/properties/DirectConnectGatewayArn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/CoreNetworkId", + "/properties/DirectConnectGatewayArn" + ], + "definitions": { + "ProposedNetworkFunctionGroupChange": { + "additionalProperties": false, + "description": "The attachment to move from one network function group to another.", + "properties": { + "AttachmentPolicyRuleNumber": { + "description": "The rule number in the policy document that applies to this change.", + "type": "integer" + }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group to change.", + "type": "string" + }, + "Tags": { + "description": "The key-value tags that changed for the network function group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "ProposedSegmentChange": { + "additionalProperties": false, + "description": "The attachment to move from one segment to another.", + "properties": { + "AttachmentPolicyRuleNumber": { + "description": "The rule number in the policy document that applies to this change.", + "type": "integer" + }, + "SegmentName": { + "description": "The name of the segment to change.", + "type": "string" + }, + "Tags": { + "description": "The key-value tags that changed for the segment.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "AWS::NetworkManager::DirectConnectGatewayAttachment Resource Type", + "handlers": { + "create": { + "permissions": [ + "networkmanager:CreateDirectConnectGatewayAttachment", + "networkmanager:GetDirectConnectGatewayAttachment", + "networkmanager:TagResource", + "ec2:DescribeRegions", + "iam:CreateServiceLinkedRole" + ], + "timeoutInMinutes": 60 + }, + "delete": { + "permissions": [ + "networkmanager:DeleteAttachment", + "networkmanager:GetDirectConnectGatewayAttachment", + "networkmanager:UntagResource", + "ec2:DescribeRegions" + ], + "timeoutInMinutes": 60 + }, + "list": { + "permissions": [ + "networkmanager:ListAttachments" + ] + }, + "read": { + "permissions": [ + "networkmanager:GetDirectConnectGatewayAttachment" + ] + }, + "update": { + "permissions": [ + "networkmanager:UpdateDirectConnectGatewayAttachment", + "networkmanager:GetDirectConnectGatewayAttachment", + "networkmanager:ListTagsForResource", + "networkmanager:TagResource", + "networkmanager:UntagResource", + "ec2:DescribeRegions" + ], + "timeoutInMinutes": 60 + } + }, + "primaryIdentifier": [ + "/properties/AttachmentId" + ], + "properties": { + "AttachmentId": { + "description": "Id of the attachment.", + "type": "string" + }, + "AttachmentPolicyRuleNumber": { + "description": "The policy rule number associated with the attachment.", + "type": "integer" + }, + "AttachmentType": { + "description": "Attachment type.", + "type": "string" + }, + "CoreNetworkArn": { + "description": "The ARN of a core network for the Direct Connect Gateway attachment.", + "type": "string" + }, + "CoreNetworkId": { + "description": "The ID of a core network for the Direct Connect Gateway attachment.", + "type": "string" + }, + "CreatedAt": { + "description": "Creation time of the attachment.", + "type": "string" + }, + "DirectConnectGatewayArn": { + "description": "The ARN of the Direct Connect Gateway.", + "type": "string" + }, + "EdgeLocations": { + "description": "The Regions where the edges are located.", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array" + }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group attachment.", + "type": "string" + }, + "OwnerAccountId": { + "description": "Owner account of the attachment.", + "type": "string" + }, + "ProposedNetworkFunctionGroupChange": { + "$ref": "#/definitions/ProposedNetworkFunctionGroupChange", + "description": "The attachment to move from one network function group to another." + }, + "ProposedSegmentChange": { + "$ref": "#/definitions/ProposedSegmentChange", + "description": "The attachment to move from one segment to another." + }, + "ResourceArn": { + "description": "The ARN of the Resource.", + "type": "string" + }, + "SegmentName": { + "description": "The name of the segment attachment..", + "type": "string" + }, + "State": { + "description": "State of the attachment.", + "type": "string" + }, + "Tags": { + "description": "Tags for the attachment.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + }, + "UpdatedAt": { + "description": "Last update time of the attachment.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/CoreNetworkArn", + "/properties/CreatedAt", + "/properties/UpdatedAt", + "/properties/AttachmentType", + "/properties/State", + "/properties/AttachmentId", + "/properties/OwnerAccountId", + "/properties/AttachmentPolicyRuleNumber", + "/properties/SegmentName", + "/properties/NetworkFunctionGroupName", + "/properties/ResourceArn" + ], + "required": [ + "CoreNetworkId", + "DirectConnectGatewayArn", + "EdgeLocations" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-directconnectgatewayattachment", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::NetworkManager::DirectConnectGatewayAttachment" +} diff --git a/src/schema/aws-networkmanager-globalnetwork.json b/src/schema/aws-networkmanager-globalnetwork.json index 437ab0bb..bb325f1b 100644 --- a/src/schema/aws-networkmanager-globalnetwork.json +++ b/src/schema/aws-networkmanager-globalnetwork.json @@ -103,6 +103,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-link.json b/src/schema/aws-networkmanager-link.json index 2d60e13f..378ee037 100644 --- a/src/schema/aws-networkmanager-link.json +++ b/src/schema/aws-networkmanager-link.json @@ -159,6 +159,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-site.json b/src/schema/aws-networkmanager-site.json index e0af3472..0a2e128a 100644 --- a/src/schema/aws-networkmanager-site.json +++ b/src/schema/aws-networkmanager-site.json @@ -148,6 +148,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-sitetositevpnattachment.json b/src/schema/aws-networkmanager-sitetositevpnattachment.json index fa48636d..8313c469 100644 --- a/src/schema/aws-networkmanager-sitetositevpnattachment.json +++ b/src/schema/aws-networkmanager-sitetositevpnattachment.json @@ -11,6 +11,30 @@ "/properties/VpnConnectionArn" ], "definitions": { + "ProposedNetworkFunctionGroupChange": { + "additionalProperties": false, + "description": "The attachment to move from one network function group to another.", + "properties": { + "AttachmentPolicyRuleNumber": { + "description": "The rule number in the policy document that applies to this change.", + "type": "integer" + }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group to change.", + "type": "string" + }, + "Tags": { + "description": "The key-value tags that changed for the network function group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "ProposedSegmentChange": { "additionalProperties": false, "description": "The attachment to move from one segment to another.", @@ -64,7 +88,7 @@ "ec2:DescribeRegions", "networkmanager:TagResource" ], - "timeoutInMinutes": 40 + "timeoutInMinutes": 120 }, "delete": { "permissions": [ @@ -126,10 +150,18 @@ "description": "The Region where the edge is located.", "type": "string" }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group attachment.", + "type": "string" + }, "OwnerAccountId": { "description": "Owner account of the attachment.", "type": "string" }, + "ProposedNetworkFunctionGroupChange": { + "$ref": "#/definitions/ProposedNetworkFunctionGroupChange", + "description": "The attachment to move from one network function group to another." + }, "ProposedSegmentChange": { "$ref": "#/definitions/ProposedSegmentChange", "description": "The attachment to move from one segment to another." @@ -184,6 +216,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-sitetositevpnattachment", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-transitgatewaypeering.json b/src/schema/aws-networkmanager-transitgatewaypeering.json index 4022f42f..009256c2 100644 --- a/src/schema/aws-networkmanager-transitgatewaypeering.json +++ b/src/schema/aws-networkmanager-transitgatewaypeering.json @@ -58,8 +58,7 @@ }, "read": { "permissions": [ - "networkmanager:GetTransitGatewayPeering", - "networkmanager:TagResource" + "networkmanager:GetTransitGatewayPeering" ] }, "update": { @@ -148,6 +147,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-transitgatewaypeering", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-transitgatewayroutetableattachment.json b/src/schema/aws-networkmanager-transitgatewayroutetableattachment.json index eb2ed010..914cfbba 100644 --- a/src/schema/aws-networkmanager-transitgatewayroutetableattachment.json +++ b/src/schema/aws-networkmanager-transitgatewayroutetableattachment.json @@ -5,6 +5,30 @@ "/properties/TransitGatewayRouteTableArn" ], "definitions": { + "ProposedNetworkFunctionGroupChange": { + "additionalProperties": false, + "description": "The attachment to move from one network function group to another.", + "properties": { + "AttachmentPolicyRuleNumber": { + "description": "The rule number in the policy document that applies to this change.", + "type": "integer" + }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group to change.", + "type": "string" + }, + "Tags": { + "description": "The key-value tags that changed for the network function group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "ProposedSegmentChange": { "additionalProperties": false, "description": "The attachment to move from one segment to another.", @@ -120,6 +144,10 @@ "description": "The Region where the edge is located.", "type": "string" }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group attachment.", + "type": "string" + }, "OwnerAccountId": { "description": "Owner account of the attachment.", "type": "string" @@ -128,6 +156,10 @@ "description": "The Id of peering between transit gateway and core network.", "type": "string" }, + "ProposedNetworkFunctionGroupChange": { + "$ref": "#/definitions/ProposedNetworkFunctionGroupChange", + "description": "The attachment to move from one network function group to another." + }, "ProposedSegmentChange": { "$ref": "#/definitions/ProposedSegmentChange", "description": "The attachment to move from one segment to another." @@ -183,6 +215,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-transitgatewayroutetableattachment", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-networkmanager-vpcattachment.json b/src/schema/aws-networkmanager-vpcattachment.json index 8ca0cddc..441dadfa 100644 --- a/src/schema/aws-networkmanager-vpcattachment.json +++ b/src/schema/aws-networkmanager-vpcattachment.json @@ -11,6 +11,30 @@ "/properties/VpcArn" ], "definitions": { + "ProposedNetworkFunctionGroupChange": { + "additionalProperties": false, + "description": "The attachment to move from one network function group to another.", + "properties": { + "AttachmentPolicyRuleNumber": { + "description": "The rule number in the policy document that applies to this change.", + "type": "integer" + }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group to change.", + "type": "string" + }, + "Tags": { + "description": "The key-value tags that changed for the network function group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, "ProposedSegmentChange": { "additionalProperties": false, "description": "The attachment to move from one segment to another.", @@ -147,6 +171,10 @@ "description": "The Region where the edge is located.", "type": "string" }, + "NetworkFunctionGroupName": { + "description": "The name of the network function group attachment.", + "type": "string" + }, "Options": { "$ref": "#/definitions/VpcOptions", "description": "Vpc options of the attachment." @@ -155,6 +183,10 @@ "description": "Owner account of the attachment.", "type": "string" }, + "ProposedNetworkFunctionGroupChange": { + "$ref": "#/definitions/ProposedNetworkFunctionGroupChange", + "description": "The attachment to move from one network function group to another." + }, "ProposedSegmentChange": { "$ref": "#/definitions/ProposedSegmentChange", "description": "The attachment to move from one segment to another." @@ -208,6 +240,7 @@ "/properties/EdgeLocation", "/properties/AttachmentPolicyRuleNumber", "/properties/SegmentName", + "/properties/NetworkFunctionGroupName", "/properties/ResourceArn" ], "required": [ @@ -218,6 +251,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkmanager/aws-networkmanager-vpcattachment", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "networkmanager:TagResource", + "networkmanager:UntagResource", + "networkmanager:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-nimblestudio-launchprofile.json b/src/schema/aws-nimblestudio-launchprofile.json deleted file mode 100644 index 6fbc9330..00000000 --- a/src/schema/aws-nimblestudio-launchprofile.json +++ /dev/null @@ -1,347 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/Ec2SubnetIds", - "/properties/StudioId", - "/properties/Tags" - ], - "definitions": { - "AutomaticTerminationMode": { - "enum": [ - "DEACTIVATED", - "ACTIVATED" - ], - "type": "string" - }, - "SessionBackupMode": { - "enum": [ - "AUTOMATIC", - "DEACTIVATED" - ], - "type": "string" - }, - "SessionPersistenceMode": { - "enum": [ - "DEACTIVATED", - "ACTIVATED" - ], - "type": "string" - }, - "StreamConfiguration": { - "additionalProperties": false, - "description": "

A configuration for a streaming session.

", - "properties": { - "AutomaticTerminationMode": { - "$ref": "#/definitions/AutomaticTerminationMode" - }, - "ClipboardMode": { - "$ref": "#/definitions/StreamingClipboardMode" - }, - "Ec2InstanceTypes": { - "description": "

The EC2 instance types that users can select from when launching a streaming session\n with this launch profile.

", - "items": { - "$ref": "#/definitions/StreamingInstanceType" - }, - "maxItems": 30, - "minItems": 1, - "type": "array" - }, - "MaxSessionLengthInMinutes": { - "default": 690, - "description": "

The length of time, in minutes, that a streaming session can be active before it is\n stopped or terminated. After this point, Nimble Studio automatically terminates or\n stops the session. The default length of time is 690 minutes, and the maximum length of\n time is 30 days.

", - "maximum": 43200, - "minimum": 1, - "type": "number" - }, - "MaxStoppedSessionLengthInMinutes": { - "default": 0, - "description": "

Integer that determines if you can start and stop your sessions and how long a session\n can stay in the STOPPED state. The default value is 0. The maximum value is\n 5760.

\n

This field is allowed only when sessionPersistenceMode is\n ACTIVATED and automaticTerminationMode is\n ACTIVATED.

\n

If the value is set to 0, your sessions can\u2019t be STOPPED. If you then\n call StopStreamingSession, the session fails. If the time that a session\n stays in the READY state exceeds the maxSessionLengthInMinutes\n value, the session will automatically be terminated (instead of\n STOPPED).

\n

If the value is set to a positive number, the session can be stopped. You can call\n StopStreamingSession to stop sessions in the READY state.\n If the time that a session stays in the READY state exceeds the\n maxSessionLengthInMinutes value, the session will automatically be\n stopped (instead of terminated).

", - "maximum": 5760, - "minimum": 0, - "type": "number" - }, - "SessionBackup": { - "$ref": "#/definitions/StreamConfigurationSessionBackup" - }, - "SessionPersistenceMode": { - "$ref": "#/definitions/SessionPersistenceMode" - }, - "SessionStorage": { - "$ref": "#/definitions/StreamConfigurationSessionStorage" - }, - "StreamingImageIds": { - "description": "

The streaming images that users can select from when launching a streaming session\n with this launch profile.

", - "items": { - "maxLength": 22, - "minLength": 0, - "pattern": "^[a-zA-Z0-9-_]*$", - "type": "string" - }, - "maxItems": 20, - "minItems": 1, - "type": "array" - }, - "VolumeConfiguration": { - "$ref": "#/definitions/VolumeConfiguration" - } - }, - "required": [ - "ClipboardMode", - "Ec2InstanceTypes", - "StreamingImageIds" - ], - "type": "object" - }, - "StreamConfigurationSessionBackup": { - "additionalProperties": false, - "description": "

Configures how streaming sessions are backed up when launched from this launch\n profile.

", - "properties": { - "MaxBackupsToRetain": { - "default": 0, - "description": "

The maximum number of backups that each streaming session created from this launch\n profile can have.

", - "maximum": 10, - "minimum": 0, - "type": "number" - }, - "Mode": { - "$ref": "#/definitions/SessionBackupMode" - } - }, - "type": "object" - }, - "StreamConfigurationSessionStorage": { - "additionalProperties": false, - "description": "

The configuration for a streaming session\u2019s upload storage.

", - "properties": { - "Mode": { - "description": "

Allows artists to upload files to their workstations. The only valid option is\n UPLOAD.

", - "items": { - "$ref": "#/definitions/StreamingSessionStorageMode" - }, - "minItems": 1, - "type": "array" - }, - "Root": { - "$ref": "#/definitions/StreamingSessionStorageRoot" - } - }, - "required": [ - "Mode" - ], - "type": "object" - }, - "StreamingClipboardMode": { - "enum": [ - "ENABLED", - "DISABLED" - ], - "type": "string" - }, - "StreamingInstanceType": { - "enum": [ - "g4dn.xlarge", - "g4dn.2xlarge", - "g4dn.4xlarge", - "g4dn.8xlarge", - "g4dn.12xlarge", - "g4dn.16xlarge", - "g3.4xlarge", - "g3s.xlarge", - "g5.xlarge", - "g5.2xlarge", - "g5.4xlarge", - "g5.8xlarge", - "g5.16xlarge" - ], - "type": "string" - }, - "StreamingSessionStorageMode": { - "enum": [ - "UPLOAD" - ], - "type": "string" - }, - "StreamingSessionStorageRoot": { - "additionalProperties": false, - "description": "

The upload storage root location (folder) on streaming workstations where files are\n uploaded.

", - "properties": { - "Linux": { - "description": "

The folder path in Linux workstations where files are uploaded.

", - "maxLength": 128, - "minLength": 1, - "pattern": "^(\\$HOME|/)[/]?([A-Za-z0-9-_]+/)*([A-Za-z0-9_-]+)$", - "type": "string" - }, - "Windows": { - "description": "

The folder path in Windows workstations where files are uploaded.

", - "maxLength": 128, - "minLength": 1, - "pattern": "^((\\%HOMEPATH\\%)|[a-zA-Z]:)[\\\\/](?:[a-zA-Z0-9_-]+[\\\\/])*[a-zA-Z0-9_-]+$", - "type": "string" - } - }, - "type": "object" - }, - "Tags": { - "additionalProperties": false, - "patternProperties": { - ".+": { - "type": "string" - } - }, - "type": "object" - }, - "VolumeConfiguration": { - "additionalProperties": false, - "description": "

Custom volume configuration for the root volumes that are attached to streaming\n sessions.

\n

This parameter is only allowed when sessionPersistenceMode is\n ACTIVATED.

", - "properties": { - "Iops": { - "default": 3000, - "description": "

The number of I/O operations per second for the root volume that is attached to\n streaming session.

", - "maximum": 16000, - "minimum": 3000, - "type": "number" - }, - "Size": { - "default": 500, - "description": "

The size of the root volume that is attached to the streaming session. The root volume\n size is measured in GiBs.

", - "maximum": 16000, - "minimum": 100, - "type": "number" - }, - "Throughput": { - "default": 125, - "description": "

The throughput to provision for the root volume that is attached to the streaming\n session. The throughput is measured in MiB/s.

", - "maximum": 1000, - "minimum": 125, - "type": "number" - } - }, - "type": "object" - } - }, - "description": "Represents a launch profile which delegates access to a collection of studio components to studio users", - "handlers": { - "create": { - "permissions": [ - "nimble:CreateLaunchProfile", - "nimble:GetLaunchProfile", - "nimble:TagResource", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:RunInstances", - "ec2:DescribeSubnets" - ] - }, - "delete": { - "permissions": [ - "nimble:DeleteLaunchProfile", - "nimble:GetLaunchProfile", - "nimble:UntagResource" - ] - }, - "list": { - "handlerSchema": { - "properties": { - "StudioId": { - "$ref": "resource-schema.json#/properties/StudioId" - } - }, - "required": [ - "StudioId" - ] - }, - "permissions": [ - "nimble:ListLaunchProfiles" - ] - }, - "read": { - "permissions": [ - "nimble:GetLaunchProfile" - ] - }, - "update": { - "permissions": [ - "nimble:UpdateLaunchProfile", - "nimble:GetLaunchProfile", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeSubnets", - "ec2:RunInstances" - ] - } - }, - "primaryIdentifier": [ - "/properties/LaunchProfileId", - "/properties/StudioId" - ], - "properties": { - "Description": { - "description": "

The description.

", - "maxLength": 256, - "minLength": 0, - "type": "string" - }, - "Ec2SubnetIds": { - "description": "

Specifies the IDs of the EC2 subnets where streaming sessions will be accessible from.\n These subnets must support the specified instance types.

", - "items": { - "type": "string" - }, - "maxItems": 6, - "minItems": 0, - "type": "array" - }, - "LaunchProfileId": { - "type": "string" - }, - "LaunchProfileProtocolVersions": { - "description": "

The version number of the protocol that is used by the launch profile. The only valid\n version is \"2021-03-31\".

", - "items": { - "description": "

The version number of the protocol that is used by the launch profile. The only valid\n version is \"2021-03-31\".

", - "maxLength": 10, - "minLength": 0, - "pattern": "^2021\\-03\\-31$", - "type": "string" - }, - "type": "array" - }, - "Name": { - "description": "

The name for the launch profile.

", - "maxLength": 64, - "minLength": 1, - "type": "string" - }, - "StreamConfiguration": { - "$ref": "#/definitions/StreamConfiguration" - }, - "StudioComponentIds": { - "description": "

Unique identifiers for a collection of studio components that can be used with this\n launch profile.

", - "items": { - "type": "string" - }, - "maxItems": 100, - "minItems": 1, - "type": "array" - }, - "StudioId": { - "description": "

The studio ID.

", - "type": "string" - }, - "Tags": { - "$ref": "#/definitions/Tags" - } - }, - "readOnlyProperties": [ - "/properties/LaunchProfileId" - ], - "required": [ - "StudioId", - "Name", - "StudioComponentIds", - "Ec2SubnetIds", - "StreamConfiguration", - "LaunchProfileProtocolVersions" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-nimblestudio", - "typeName": "AWS::NimbleStudio::LaunchProfile" -} diff --git a/src/schema/aws-nimblestudio-streamingimage.json b/src/schema/aws-nimblestudio-streamingimage.json deleted file mode 100644 index 9eca367e..00000000 --- a/src/schema/aws-nimblestudio-streamingimage.json +++ /dev/null @@ -1,177 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/Ec2ImageId", - "/properties/StudioId", - "/properties/Tags" - ], - "definitions": { - "StreamingImageEncryptionConfiguration": { - "additionalProperties": false, - "description": "

TODO

", - "properties": { - "KeyArn": { - "description": "

The ARN for a KMS key that is used to encrypt studio data.

", - "minLength": 4, - "pattern": "^arn:.*", - "type": "string" - }, - "KeyType": { - "$ref": "#/definitions/StreamingImageEncryptionConfigurationKeyType" - } - }, - "required": [ - "KeyType" - ], - "type": "object" - }, - "StreamingImageEncryptionConfigurationKeyType": { - "description": "

", - "enum": [ - "CUSTOMER_MANAGED_KEY" - ], - "type": "string" - }, - "Tags": { - "additionalProperties": false, - "description": "", - "patternProperties": { - ".+": { - "type": "string" - } - }, - "type": "object" - } - }, - "description": "Represents a streaming session machine image that can be used to launch a streaming session", - "handlers": { - "create": { - "permissions": [ - "nimble:CreateStreamingImage", - "nimble:GetStreamingImage", - "nimble:TagResource", - "ec2:DescribeImages", - "ec2:DescribeSnapshots", - "ec2:ModifyInstanceAttribute", - "ec2:ModifySnapshotAttribute", - "ec2:ModifyImageAttribute", - "ec2:RegisterImage", - "kms:Encrypt", - "kms:Decrypt", - "kms:CreateGrant", - "kms:ListGrants", - "kms:GenerateDataKey" - ] - }, - "delete": { - "permissions": [ - "nimble:DeleteStreamingImage", - "nimble:GetStreamingImage", - "nimble:UntagResource", - "ec2:ModifyInstanceAttribute", - "ec2:ModifySnapshotAttribute", - "ec2:DeregisterImage", - "ec2:DeleteSnapshot", - "kms:ListGrants", - "kms:RetireGrant" - ] - }, - "list": { - "handlerSchema": { - "properties": { - "StudioId": { - "$ref": "resource-schema.json#/properties/StudioId" - } - }, - "required": [ - "StudioId" - ] - }, - "permissions": [ - "nimble:ListStreamingImages" - ] - }, - "read": { - "permissions": [ - "nimble:GetStreamingImage" - ] - }, - "update": { - "permissions": [ - "nimble:UpdateStreamingImage", - "nimble:GetStreamingImage", - "kms:Encrypt", - "kms:Decrypt", - "kms:CreateGrant", - "kms:ListGrants", - "kms:GenerateDataKey" - ] - } - }, - "primaryIdentifier": [ - "/properties/StudioId", - "/properties/StreamingImageId" - ], - "properties": { - "Description": { - "description": "

A human-readable description of the streaming image.

", - "maxLength": 256, - "minLength": 0, - "type": "string" - }, - "Ec2ImageId": { - "description": "

The ID of an EC2 machine image with which to create this streaming image.

", - "pattern": "^ami-[0-9A-z]+$", - "type": "string" - }, - "EncryptionConfiguration": { - "$ref": "#/definitions/StreamingImageEncryptionConfiguration" - }, - "EulaIds": { - "description": "

The list of EULAs that must be accepted before a Streaming Session can be started using this streaming image.

", - "items": { - "type": "string" - }, - "type": "array" - }, - "Name": { - "description": "

A friendly name for a streaming image resource.

", - "maxLength": 64, - "minLength": 0, - "type": "string" - }, - "Owner": { - "description": "

The owner of the streaming image, either the studioId that contains the streaming image, or 'amazon' for images that are provided by Amazon Nimble Studio.

", - "type": "string" - }, - "Platform": { - "description": "

The platform of the streaming image, either WINDOWS or LINUX.

", - "pattern": "^[a-zA-Z]*$", - "type": "string" - }, - "StreamingImageId": { - "type": "string" - }, - "StudioId": { - "description": "

The studioId.

", - "type": "string" - }, - "Tags": { - "$ref": "#/definitions/Tags" - } - }, - "readOnlyProperties": [ - "/properties/EncryptionConfiguration", - "/properties/EulaIds", - "/properties/Owner", - "/properties/Platform", - "/properties/StreamingImageId" - ], - "required": [ - "StudioId", - "Ec2ImageId", - "Name" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-nimblestudio", - "typeName": "AWS::NimbleStudio::StreamingImage" -} diff --git a/src/schema/aws-nimblestudio-studio.json b/src/schema/aws-nimblestudio-studio.json deleted file mode 100644 index a2f0b833..00000000 --- a/src/schema/aws-nimblestudio-studio.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/StudioName", - "/properties/Tags" - ], - "definitions": { - "StudioEncryptionConfiguration": { - "additionalProperties": false, - "description": "

Configuration of the encryption method that is used for the studio.

", - "properties": { - "KeyArn": { - "description": "

The ARN for a KMS key that is used to encrypt studio data.

", - "minLength": 4, - "pattern": "^arn:.*", - "type": "string" - }, - "KeyType": { - "$ref": "#/definitions/StudioEncryptionConfigurationKeyType" - } - }, - "required": [ - "KeyType" - ], - "type": "object" - }, - "StudioEncryptionConfigurationKeyType": { - "description": "

The type of KMS key that is used to encrypt studio data.

", - "enum": [ - "AWS_OWNED_KEY", - "CUSTOMER_MANAGED_KEY" - ], - "type": "string" - }, - "Tags": { - "additionalProperties": false, - "description": "", - "patternProperties": { - ".+": { - "type": "string" - } - }, - "type": "object" - } - }, - "description": "Represents a studio that contains other Nimble Studio resources", - "handlers": { - "create": { - "permissions": [ - "iam:PassRole", - "nimble:CreateStudio", - "nimble:GetStudio", - "nimble:TagResource", - "sso:CreateManagedApplicationInstance", - "kms:Encrypt", - "kms:Decrypt", - "kms:CreateGrant", - "kms:ListGrants", - "kms:GenerateDataKey" - ] - }, - "delete": { - "permissions": [ - "nimble:DeleteStudio", - "nimble:GetStudio", - "nimble:UntagResource", - "kms:Encrypt", - "kms:Decrypt", - "kms:ListGrants", - "kms:RetireGrant", - "kms:GenerateDataKey", - "sso:DeleteManagedApplicationInstance", - "sso:GetManagedApplicationInstance" - ] - }, - "list": { - "permissions": [ - "nimble:ListStudios" - ] - }, - "read": { - "permissions": [ - "nimble:GetStudio", - "kms:Encrypt", - "kms:Decrypt", - "kms:ListGrants", - "kms:GenerateDataKey" - ] - }, - "update": { - "permissions": [ - "iam:PassRole", - "nimble:UpdateStudio", - "nimble:GetStudio", - "kms:Encrypt", - "kms:Decrypt", - "kms:CreateGrant", - "kms:ListGrants", - "kms:GenerateDataKey" - ] - } - }, - "primaryIdentifier": [ - "/properties/StudioId" - ], - "properties": { - "AdminRoleArn": { - "description": "

The IAM role that Studio Admins will assume when logging in to the Nimble Studio portal.

", - "type": "string" - }, - "DisplayName": { - "description": "

A friendly name for the studio.

", - "maxLength": 64, - "minLength": 0, - "type": "string" - }, - "HomeRegion": { - "description": "

The Amazon Web Services Region where the studio resource is located.

", - "maxLength": 50, - "minLength": 0, - "pattern": "[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]", - "type": "string" - }, - "SsoClientId": { - "description": "

The Amazon Web Services SSO application client ID used to integrate with Amazon Web Services SSO to enable Amazon Web Services SSO users to log in to Nimble Studio portal.

", - "type": "string" - }, - "StudioEncryptionConfiguration": { - "$ref": "#/definitions/StudioEncryptionConfiguration" - }, - "StudioId": { - "type": "string" - }, - "StudioName": { - "description": "

The studio name that is used in the URL of the Nimble Studio portal when accessed by Nimble Studio users.

", - "maxLength": 64, - "minLength": 3, - "pattern": "^[a-z0-9]*$", - "type": "string" - }, - "StudioUrl": { - "description": "

The address of the web page for the studio.

", - "type": "string" - }, - "Tags": { - "$ref": "#/definitions/Tags" - }, - "UserRoleArn": { - "description": "

The IAM role that Studio Users will assume when logging in to the Nimble Studio portal.

", - "type": "string" - } - }, - "readOnlyProperties": [ - "/properties/HomeRegion", - "/properties/SsoClientId", - "/properties/StudioId", - "/properties/StudioUrl" - ], - "required": [ - "DisplayName", - "UserRoleArn", - "AdminRoleArn", - "StudioName" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-nimblestudio", - "typeName": "AWS::NimbleStudio::Studio" -} diff --git a/src/schema/aws-nimblestudio-studiocomponent.json b/src/schema/aws-nimblestudio-studiocomponent.json deleted file mode 100644 index 0399eab9..00000000 --- a/src/schema/aws-nimblestudio-studiocomponent.json +++ /dev/null @@ -1,393 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/StudioId", - "/properties/Subtype", - "/properties/Tags" - ], - "definitions": { - "ActiveDirectoryComputerAttribute": { - "additionalProperties": false, - "description": "

An LDAP attribute of an Active Directory computer account, in the form of a name:value\n pair.

", - "properties": { - "Name": { - "description": "

The name for the LDAP attribute.

", - "maxLength": 40, - "minLength": 1, - "type": "string" - }, - "Value": { - "description": "

The value for the LDAP attribute.

", - "maxLength": 64, - "minLength": 1, - "type": "string" - } - }, - "type": "object" - }, - "ActiveDirectoryConfiguration": { - "additionalProperties": false, - "description": "

The configuration for a Microsoft Active Directory (Microsoft AD) studio\n resource.

", - "properties": { - "ComputerAttributes": { - "description": "

A collection of custom attributes for an Active Directory computer.

", - "items": { - "$ref": "#/definitions/ActiveDirectoryComputerAttribute" - }, - "maxItems": 50, - "minItems": 0, - "type": "array" - }, - "DirectoryId": { - "description": "

The directory ID of the Directory Service for Microsoft Active Directory to access\n using this studio component.

", - "type": "string" - }, - "OrganizationalUnitDistinguishedName": { - "description": "

The distinguished name (DN) and organizational unit (OU) of an Active Directory\n computer.

", - "maxLength": 2000, - "minLength": 1, - "type": "string" - } - }, - "type": "object" - }, - "ComputeFarmConfiguration": { - "additionalProperties": false, - "description": "

The configuration for a render farm that is associated with a studio resource.

", - "properties": { - "ActiveDirectoryUser": { - "description": "

The name of an Active Directory user that is used on ComputeFarm worker\n instances.

", - "type": "string" - }, - "Endpoint": { - "description": "

The endpoint of the ComputeFarm that is accessed by the studio component\n resource.

", - "type": "string" - } - }, - "type": "object" - }, - "LaunchProfilePlatform": { - "enum": [ - "LINUX", - "WINDOWS" - ], - "type": "string" - }, - "LicenseServiceConfiguration": { - "additionalProperties": false, - "description": "

The configuration for a license service that is associated with a studio\n resource.

", - "properties": { - "Endpoint": { - "description": "

The endpoint of the license service that is accessed by the studio component\n resource.

", - "type": "string" - } - }, - "type": "object" - }, - "ScriptParameterKeyValue": { - "additionalProperties": false, - "description": "

A parameter for a studio component script, in the form of a key:value pair.

", - "properties": { - "Key": { - "description": "

A script parameter key.

", - "maxLength": 64, - "minLength": 1, - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]+$", - "type": "string" - }, - "Value": { - "description": "

A script parameter value.

", - "maxLength": 256, - "minLength": 1, - "type": "string" - } - }, - "type": "object" - }, - "SharedFileSystemConfiguration": { - "additionalProperties": false, - "description": "

The configuration for a shared file storage system that is associated with a studio\n resource.

", - "properties": { - "Endpoint": { - "description": "

The endpoint of the shared file system that is accessed by the studio component\n resource.

", - "type": "string" - }, - "FileSystemId": { - "description": "

The unique identifier for a file system.

", - "type": "string" - }, - "LinuxMountPoint": { - "description": "

The mount location for a shared file system on a Linux virtual workstation.

", - "maxLength": 128, - "minLength": 0, - "pattern": "^(/?|(\\$HOME)?(/[^/\\n\\s\\\\]+)*)$", - "type": "string" - }, - "ShareName": { - "description": "

The name of the file share.

", - "type": "string" - }, - "WindowsMountDrive": { - "description": "

The mount location for a shared file system on a Windows virtual workstation.

", - "pattern": "^[A-Z]$", - "type": "string" - } - }, - "type": "object" - }, - "StudioComponentConfiguration": { - "description": "

The configuration of the studio component, based on component type.

", - "oneOf": [ - { - "additionalProperties": false, - "properties": { - "ActiveDirectoryConfiguration": { - "$ref": "#/definitions/ActiveDirectoryConfiguration" - } - }, - "required": [ - "ActiveDirectoryConfiguration" - ], - "title": "ActiveDirectoryConfiguration", - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "ComputeFarmConfiguration": { - "$ref": "#/definitions/ComputeFarmConfiguration" - } - }, - "required": [ - "ComputeFarmConfiguration" - ], - "title": "ComputeFarmConfiguration", - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "LicenseServiceConfiguration": { - "$ref": "#/definitions/LicenseServiceConfiguration" - } - }, - "required": [ - "LicenseServiceConfiguration" - ], - "title": "LicenseServiceConfiguration", - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "SharedFileSystemConfiguration": { - "$ref": "#/definitions/SharedFileSystemConfiguration" - } - }, - "required": [ - "SharedFileSystemConfiguration" - ], - "title": "SharedFileSystemConfiguration", - "type": "object" - } - ] - }, - "StudioComponentInitializationScript": { - "additionalProperties": false, - "description": "

Initialization scripts for studio components.

", - "properties": { - "LaunchProfileProtocolVersion": { - "description": "

The version number of the protocol that is used by the launch profile. The only valid\n version is \"2021-03-31\".

", - "maxLength": 10, - "minLength": 0, - "pattern": "^2021\\-03\\-31$", - "type": "string" - }, - "Platform": { - "$ref": "#/definitions/LaunchProfilePlatform" - }, - "RunContext": { - "$ref": "#/definitions/StudioComponentInitializationScriptRunContext" - }, - "Script": { - "description": "

The initialization script.

", - "maxLength": 5120, - "minLength": 1, - "type": "string" - } - }, - "type": "object" - }, - "StudioComponentInitializationScriptRunContext": { - "enum": [ - "SYSTEM_INITIALIZATION", - "USER_INITIALIZATION" - ], - "type": "string" - }, - "StudioComponentSubtype": { - "enum": [ - "AWS_MANAGED_MICROSOFT_AD", - "AMAZON_FSX_FOR_WINDOWS", - "AMAZON_FSX_FOR_LUSTRE", - "CUSTOM" - ], - "type": "string" - }, - "StudioComponentType": { - "enum": [ - "ACTIVE_DIRECTORY", - "SHARED_FILE_SYSTEM", - "COMPUTE_FARM", - "LICENSE_SERVICE", - "CUSTOM" - ], - "type": "string" - }, - "Tags": { - "additionalProperties": false, - "patternProperties": { - ".+": { - "type": "string" - } - }, - "type": "object" - } - }, - "description": "Represents a studio component that connects a non-Nimble Studio resource in your account to your studio", - "handlers": { - "create": { - "permissions": [ - "iam:PassRole", - "nimble:CreateStudioComponent", - "nimble:GetStudioComponent", - "nimble:TagResource", - "ds:AuthorizeApplication", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFilesystems", - "ds:DescribeDirectories" - ] - }, - "delete": { - "permissions": [ - "nimble:DeleteStudioComponent", - "nimble:GetStudioComponent", - "nimble:UntagResource", - "ds:UnauthorizeApplication" - ] - }, - "list": { - "handlerSchema": { - "properties": { - "StudioId": { - "$ref": "resource-schema.json#/properties/StudioId" - } - }, - "required": [ - "StudioId" - ] - }, - "permissions": [ - "nimble:ListStudioComponents" - ] - }, - "read": { - "permissions": [ - "nimble:GetStudioComponent" - ] - }, - "update": { - "permissions": [ - "iam:PassRole", - "nimble:UpdateStudioComponent", - "nimble:GetStudioComponent", - "ds:AuthorizeApplication", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFilesystems", - "ds:DescribeDirectories" - ] - } - }, - "primaryIdentifier": [ - "/properties/StudioComponentId", - "/properties/StudioId" - ], - "properties": { - "Configuration": { - "$ref": "#/definitions/StudioComponentConfiguration" - }, - "Description": { - "description": "

The description.

", - "maxLength": 256, - "minLength": 0, - "type": "string" - }, - "Ec2SecurityGroupIds": { - "description": "

The EC2 security groups that control access to the studio component.

", - "items": { - "type": "string" - }, - "maxItems": 30, - "minItems": 0, - "type": "array" - }, - "InitializationScripts": { - "description": "

Initialization scripts for studio components.

", - "items": { - "$ref": "#/definitions/StudioComponentInitializationScript" - }, - "type": "array" - }, - "Name": { - "description": "

The name for the studio component.

", - "maxLength": 64, - "minLength": 0, - "type": "string" - }, - "RuntimeRoleArn": { - "maxLength": 2048, - "minLength": 0, - "type": "string" - }, - "ScriptParameters": { - "description": "

Parameters for the studio component scripts.

", - "items": { - "$ref": "#/definitions/ScriptParameterKeyValue" - }, - "maxItems": 30, - "minItems": 0, - "type": "array" - }, - "SecureInitializationRoleArn": { - "maxLength": 2048, - "minLength": 0, - "type": "string" - }, - "StudioComponentId": { - "type": "string" - }, - "StudioId": { - "description": "

The studio ID.

", - "type": "string" - }, - "Subtype": { - "$ref": "#/definitions/StudioComponentSubtype" - }, - "Tags": { - "$ref": "#/definitions/Tags" - }, - "Type": { - "$ref": "#/definitions/StudioComponentType" - } - }, - "readOnlyProperties": [ - "/properties/StudioComponentId" - ], - "required": [ - "StudioId", - "Name", - "Type" - ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-nimblestudio", - "typeName": "AWS::NimbleStudio::StudioComponent" -} diff --git a/src/schema/aws-notifications-channelassociation.json b/src/schema/aws-notifications-channelassociation.json new file mode 100644 index 00000000..5fdd15ee --- /dev/null +++ b/src/schema/aws-notifications-channelassociation.json @@ -0,0 +1,66 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Arn", + "/properties/NotificationConfigurationArn" + ], + "description": "Definition of AWS::Notifications::ChannelAssociation Resource Type", + "handlers": { + "create": { + "permissions": [ + "notifications:AssociateChannel", + "notifications:ListChannels" + ] + }, + "delete": { + "permissions": [ + "notifications:DisassociateChannel" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "NotificationConfigurationArn": { + "pattern": "^arn:aws:notifications::[0-9]{12}:configuration\\/[a-z0-9]{27}$", + "type": "string" + } + }, + "required": [ + "NotificationConfigurationArn" + ] + }, + "permissions": [ + "notifications:ListChannels" + ] + }, + "read": { + "permissions": [ + "notifications:ListChannels" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn", + "/properties/NotificationConfigurationArn" + ], + "properties": { + "Arn": { + "description": "ARN identifier of the channel.\nExample: arn:aws:chatbot::123456789012:chat-configuration/slack-channel/security-ops", + "pattern": "^arn:aws:(chatbot|consoleapp|notifications-contacts):[a-zA-Z0-9-]*:[0-9]{12}:[a-zA-Z0-9-_.@]+/[a-zA-Z0-9/_.@:-]+$", + "type": "string" + }, + "NotificationConfigurationArn": { + "description": "ARN identifier of the NotificationConfiguration.\nExample: arn:aws:notifications::123456789012:configuration/a01jes88qxwkbj05xv9c967pgm1", + "pattern": "^arn:aws:notifications::[0-9]{12}:configuration\\/[a-z0-9]{27}$", + "type": "string" + } + }, + "required": [ + "Arn", + "NotificationConfigurationArn" + ], + "tagging": { + "taggable": false + }, + "typeName": "AWS::Notifications::ChannelAssociation" +} diff --git a/src/schema/aws-notifications-eventrule.json b/src/schema/aws-notifications-eventrule.json new file mode 100644 index 00000000..623c9086 --- /dev/null +++ b/src/schema/aws-notifications-eventrule.json @@ -0,0 +1,163 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/EventType", + "/properties/NotificationConfigurationArn", + "/properties/Source" + ], + "definitions": { + "EventRuleStatus": { + "enum": [ + "ACTIVE", + "INACTIVE", + "CREATING", + "UPDATING", + "DELETING" + ], + "type": "string" + }, + "EventRuleStatusSummary": { + "additionalProperties": false, + "properties": { + "Reason": { + "type": "string" + }, + "Status": { + "$ref": "#/definitions/EventRuleStatus" + } + }, + "required": [ + "Reason", + "Status" + ], + "type": "object" + }, + "StatusSummaryByRegion": { + "additionalProperties": false, + "patternProperties": { + "^([a-z]{1,2})-([a-z]{1,15}-)+([0-9])$": { + "$ref": "#/definitions/EventRuleStatusSummary" + } + }, + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + } + }, + "description": "Definition of AWS::Notifications::EventRule Resource Type", + "handlers": { + "create": { + "permissions": [ + "notifications:CreateEventRule", + "notifications:UpdateEventRule", + "notifications:GetEventRule" + ] + }, + "delete": { + "permissions": [ + "notifications:DeleteEventRule", + "notifications:GetEventRule" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "NotificationConfigurationArn": { + "pattern": "^arn:aws:notifications::[0-9]{12}:configuration\\/[a-z0-9]{27}$", + "type": "string" + } + }, + "required": [ + "NotificationConfigurationArn" + ] + }, + "permissions": [ + "notifications:ListEventRules", + "notifications:GetEventRule" + ] + }, + "read": { + "permissions": [ + "notifications:GetEventRule" + ] + }, + "update": { + "permissions": [ + "notifications:UpdateEventRule", + "notifications:GetEventRule" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "pattern": "^arn:aws:notifications::[0-9]{12}:configuration/[a-z0-9]{27}/rule/[a-z0-9]{27}$", + "type": "string" + }, + "CreationTime": { + "format": "date-time", + "type": "string" + }, + "EventPattern": { + "maxLength": 4096, + "minLength": 0, + "type": "string" + }, + "EventType": { + "maxLength": 128, + "minLength": 1, + "pattern": "^([a-zA-Z0-9 \\-\\(\\)])+$", + "type": "string" + }, + "ManagedRules": { + "items": { + "pattern": "^arn:aws:events:[a-z-\\d]{2,25}:\\d{12}:rule\\/[a-zA-Z-\\d]{1,1024}$", + "type": "string" + }, + "type": "array" + }, + "NotificationConfigurationArn": { + "pattern": "^arn:aws:notifications::[0-9]{12}:configuration/[a-z0-9]{27}$", + "type": "string" + }, + "Regions": { + "items": { + "maxLength": 25, + "minLength": 2, + "pattern": "^([a-z]{1,2})-([a-z]{1,15}-)+([0-9])$", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "Source": { + "maxLength": 36, + "minLength": 1, + "pattern": "^aws.([a-z0-9\\-])+$", + "type": "string" + }, + "StatusSummaryByRegion": { + "$ref": "#/definitions/StatusSummaryByRegion" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/CreationTime", + "/properties/ManagedRules", + "/properties/StatusSummaryByRegion" + ], + "required": [ + "EventType", + "NotificationConfigurationArn", + "Regions", + "Source" + ], + "tagging": { + "taggable": false + }, + "typeName": "AWS::Notifications::EventRule" +} diff --git a/src/schema/aws-notifications-managednotificationaccountcontactassociation.json b/src/schema/aws-notifications-managednotificationaccountcontactassociation.json new file mode 100644 index 00000000..f1f6d142 --- /dev/null +++ b/src/schema/aws-notifications-managednotificationaccountcontactassociation.json @@ -0,0 +1,86 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ManagedNotificationConfigurationArn", + "/properties/ContactIdentifier" + ], + "definitions": { + "ContactIdentifier": { + "description": "This unique identifier for Contact", + "enum": [ + "ACCOUNT_PRIMARY", + "ACCOUNT_ALTERNATE_SECURITY", + "ACCOUNT_ALTERNATE_OPERATIONS", + "ACCOUNT_ALTERNATE_BILLING" + ], + "type": "string" + }, + "ManagedNotificationConfigurationArn": { + "description": "The managed notification configuration ARN, against which the account contact association will be created", + "pattern": "^arn:[-.a-z0-9]{1,63}:notifications::[0-9]{12}:managed-notification-configuration/category/[a-zA-Z0-9-]{3,64}/sub-category/[a-zA-Z0-9-]{3,64}$", + "type": "string" + } + }, + "description": "This resource schema represents the ManagedNotificationAccountContactAssociation resource in the AWS User Notifications.", + "handlers": { + "create": { + "permissions": [ + "notifications:AssociateManagedNotificationAccountContact", + "notifications:ListManagedNotificationChannelAssociations" + ] + }, + "delete": { + "permissions": [ + "notifications:DisassociateManagedNotificationAccountContact", + "notifications:ListManagedNotificationChannelAssociations" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ManagedNotificationConfigurationArn": { + "pattern": "^arn:[-.a-z0-9]{1,63}:notifications::([0-9]{12}|):managed-notification-configuration/category/[a-zA-Z0-9-]{3,64}/sub-category/[a-zA-Z0-9-]{3,64}$", + "type": "string" + } + }, + "required": [ + "ManagedNotificationConfigurationArn" + ] + }, + "permissions": [ + "notifications:ListManagedNotificationChannelAssociations" + ] + }, + "read": { + "permissions": [ + "notifications:ListManagedNotificationChannelAssociations" + ] + }, + "update": { + "permissions": [ + "notifications:ListManagedNotificationChannelAssociations" + ] + } + }, + "primaryIdentifier": [ + "/properties/ManagedNotificationConfigurationArn", + "/properties/ContactIdentifier" + ], + "properties": { + "ContactIdentifier": { + "$ref": "#/definitions/ContactIdentifier" + }, + "ManagedNotificationConfigurationArn": { + "$ref": "#/definitions/ManagedNotificationConfigurationArn" + } + }, + "required": [ + "ContactIdentifier", + "ManagedNotificationConfigurationArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "taggable": false + }, + "typeName": "AWS::Notifications::ManagedNotificationAccountContactAssociation" +} diff --git a/src/schema/aws-notifications-managednotificationadditionalchannelassociation.json b/src/schema/aws-notifications-managednotificationadditionalchannelassociation.json new file mode 100644 index 00000000..61c13a2e --- /dev/null +++ b/src/schema/aws-notifications-managednotificationadditionalchannelassociation.json @@ -0,0 +1,66 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ChannelArn", + "/properties/ManagedNotificationConfigurationArn" + ], + "description": "Definition of AWS::Notifications::ManagedNotificationAdditionalChannelAssociation Resource Type", + "handlers": { + "create": { + "permissions": [ + "notifications:AssociateManagedNotificationAdditionalChannel", + "notifications:ListManagedNotificationChannelAssociations" + ] + }, + "delete": { + "permissions": [ + "notifications:DisassociateManagedNotificationAdditionalChannel", + "notifications:ListManagedNotificationChannelAssociations" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "NotificationConfigurationArn": { + "type": "string" + } + }, + "required": [ + "ManagedNotificationConfigurationArn" + ] + }, + "permissions": [ + "notifications:ListManagedNotificationChannelAssociations" + ] + }, + "read": { + "permissions": [ + "notifications:ListManagedNotificationChannelAssociations" + ] + } + }, + "primaryIdentifier": [ + "/properties/ChannelArn", + "/properties/ManagedNotificationConfigurationArn" + ], + "properties": { + "ChannelArn": { + "description": "ARN identifier of the channel.\nExample: arn:aws:chatbot::123456789012:chat-configuration/slack-channel/security-ops", + "pattern": "^arn:aws:(chatbot|consoleapp|notifications-contacts):[a-zA-Z0-9-]*:[0-9]{12}:[a-zA-Z0-9-_.@]+/[a-zA-Z0-9/_.@:-]+$", + "type": "string" + }, + "ManagedNotificationConfigurationArn": { + "description": "ARN identifier of the Managed Notification.\nExample: arn:aws:notifications::381491923782:managed-notification-configuration/category/AWS-Health/sub-category/Billing", + "pattern": "^arn:[-.a-z0-9]{1,63}:notifications::[0-9]{12}:managed-notification-configuration/category/[a-zA-Z0-9-]{3,64}/sub-category/[a-zA-Z0-9-]{3,64}$", + "type": "string" + } + }, + "required": [ + "ChannelArn", + "ManagedNotificationConfigurationArn" + ], + "tagging": { + "taggable": false + }, + "typeName": "AWS::Notifications::ManagedNotificationAdditionalChannelAssociation" +} diff --git a/src/schema/aws-notifications-notificationconfiguration.json b/src/schema/aws-notifications-notificationconfiguration.json new file mode 100644 index 00000000..f1a9e889 --- /dev/null +++ b/src/schema/aws-notifications-notificationconfiguration.json @@ -0,0 +1,153 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Tags" + ], + "definitions": { + "AggregationDuration": { + "enum": [ + "LONG", + "SHORT", + "NONE" + ], + "type": "string" + }, + "NotificationConfigurationStatus": { + "enum": [ + "ACTIVE", + "PARTIALLY_ACTIVE", + "INACTIVE", + "DELETING" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "TagMap": { + "description": "A list of tags that are attached to the role.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + } + }, + "description": "Definition of AWS::Notifications::NotificationConfiguration Resource Type", + "handlers": { + "create": { + "permissions": [ + "notifications:CreateNotificationConfiguration", + "notifications:GetNotificationConfiguration", + "notifications:UpdateNotificationConfiguration", + "notifications:TagResource", + "notifications:UntagResource", + "notifications:ListTagsForResource", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "notifications:DeleteNotificationConfiguration" + ] + }, + "list": { + "permissions": [ + "notifications:ListNotificationConfigurations", + "notifications:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "notifications:GetNotificationConfiguration", + "notifications:ListTagsForResource", + "notifications:TagResource", + "notifications:UntagResource" + ] + }, + "update": { + "permissions": [ + "notifications:CreateNotificationConfiguration", + "notifications:GetNotificationConfiguration", + "notifications:UpdateNotificationConfiguration", + "notifications:TagResource", + "notifications:UntagResource", + "notifications:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "AggregationDuration": { + "$ref": "#/definitions/AggregationDuration" + }, + "Arn": { + "pattern": "^arn:aws:notifications::[0-9]{12}:configuration/[a-z0-9]{27}$", + "type": "string" + }, + "CreationTime": { + "format": "date-time", + "type": "string" + }, + "Description": { + "maxLength": 256, + "minLength": 0, + "pattern": "^[^\\u0001-\\u001F\\u007F-\\u009F]*$", + "type": "string" + }, + "Name": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[A-Za-z0-9_\\-]+$", + "type": "string" + }, + "Status": { + "$ref": "#/definitions/NotificationConfigurationStatus" + }, + "Tags": { + "$ref": "#/definitions/TagMap" + } + }, + "readOnlyProperties": [ + "/properties/CreationTime", + "/properties/Status", + "/properties/Arn" + ], + "required": [ + "Description", + "Name" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "notifications:TagResource", + "notifications:UntagResource", + "notifications:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::Notifications::NotificationConfiguration" +} diff --git a/src/schema/aws-notifications-notificationhub.json b/src/schema/aws-notifications-notificationhub.json new file mode 100644 index 00000000..3d1bf1d1 --- /dev/null +++ b/src/schema/aws-notifications-notificationhub.json @@ -0,0 +1,92 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Region" + ], + "definitions": { + "NotificationHubStatus": { + "enum": [ + "ACTIVE", + "REGISTERING", + "DEREGISTERING", + "INACTIVE" + ], + "type": "string" + }, + "NotificationHubStatusSummary": { + "additionalProperties": false, + "properties": { + "NotificationHubStatus": { + "$ref": "#/definitions/NotificationHubStatus" + }, + "NotificationHubStatusReason": { + "type": "string" + } + }, + "required": [ + "NotificationHubStatus", + "NotificationHubStatusReason" + ], + "type": "object" + }, + "Region": { + "description": "Region that NotificationHub is present in.", + "maxLength": 25, + "minLength": 2, + "pattern": "^([a-z]{1,2})-([a-z]{1,15}-)+([0-9])$", + "type": "string" + } + }, + "description": "Definition of AWS::Notifications::NotificationHub Resource Type", + "handlers": { + "create": { + "permissions": [ + "notifications:RegisterNotificationHub", + "notifications:ListNotificationHubs", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "notifications:DeregisterNotificationHub", + "notifications:ListNotificationHubs" + ] + }, + "list": { + "permissions": [ + "notifications:ListNotificationHubs" + ] + }, + "read": { + "permissions": [ + "notifications:ListNotificationHubs" + ] + } + }, + "primaryIdentifier": [ + "/properties/Region" + ], + "properties": { + "CreationTime": { + "format": "date-time", + "type": "string" + }, + "NotificationHubStatusSummary": { + "$ref": "#/definitions/NotificationHubStatusSummary" + }, + "Region": { + "$ref": "#/definitions/Region" + } + }, + "readOnlyProperties": [ + "/properties/CreationTime", + "/properties/NotificationHubStatusSummary" + ], + "required": [ + "Region" + ], + "tagging": { + "taggable": false + }, + "typeName": "AWS::Notifications::NotificationHub" +} diff --git a/src/schema/aws-notificationscontacts-emailcontact.json b/src/schema/aws-notificationscontacts-emailcontact.json new file mode 100644 index 00000000..680353b0 --- /dev/null +++ b/src/schema/aws-notificationscontacts-emailcontact.json @@ -0,0 +1,177 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/EmailAddress", + "/properties/Name", + "/properties/Tags" + ], + "definitions": { + "EmailContact": { + "additionalProperties": false, + "properties": { + "Address": { + "maxLength": 254, + "minLength": 6, + "pattern": "^(.+)@(.+)$", + "type": "string" + }, + "Arn": { + "pattern": "^arn:aws:notifications-contacts::[0-9]{12}:emailcontact/[a-z0-9]{27}$", + "type": "string" + }, + "CreationTime": { + "format": "date-time", + "type": "string" + }, + "Name": { + "maxLength": 64, + "minLength": 1, + "pattern": "[\\w-.~]+", + "type": "string" + }, + "Status": { + "$ref": "#/definitions/EmailContactStatus" + }, + "UpdateTime": { + "format": "date-time", + "type": "string" + } + }, + "required": [ + "Address", + "Arn", + "CreationTime", + "Name", + "Status", + "UpdateTime" + ], + "type": "object" + }, + "EmailContactStatus": { + "enum": [ + "inactive", + "active" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "TagMap": { + "description": "A list of tags that are attached to the role.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": false + } + }, + "description": "Definition of AWS::NotificationsContacts::EmailContact Resource Type", + "handlers": { + "create": { + "permissions": [ + "notifications-contacts:CreateEmailContact", + "notifications-contacts:GetEmailContact", + "notifications-contacts:SendActivationCode", + "notifications-contacts:ListEmailContacts", + "notifications-contacts:TagResource", + "notifications-contacts:UntagResource", + "notifications-contacts:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "notifications-contacts:DeleteEmailContact", + "notifications-contacts:GetEmailContact" + ] + }, + "list": { + "permissions": [ + "notifications-contacts:ListEmailContacts" + ] + }, + "read": { + "permissions": [ + "notifications-contacts:GetEmailContact", + "notifications-contacts:ListTagsForResource", + "notifications-contacts:TagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "pattern": "^arn:aws:notifications-contacts::[0-9]{12}:emailcontact/[a-z0-9]{27}$", + "type": "string" + }, + "EmailAddress": { + "maxLength": 254, + "minLength": 6, + "pattern": "^(.+)@(.+)$", + "type": "string" + }, + "EmailContact": { + "$ref": "#/definitions/EmailContact" + }, + "Name": { + "maxLength": 64, + "minLength": 1, + "pattern": "[\\w-.~]+", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/TagMap" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/EmailContact", + "/properties/EmailContact/Arn", + "/properties/EmailContact/Address", + "/properties/EmailContact/Name", + "/properties/EmailContact/Status", + "/properties/EmailContact/CreationTime", + "/properties/EmailContact/UpdateTime" + ], + "required": [ + "EmailAddress", + "Name" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "notifications-contacts:TagResource", + "notifications-contacts:UntagResource", + "notifications-contacts:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::NotificationsContacts::EmailContact", + "writeOnlyProperties": [ + "/properties/EmailAddress", + "/properties/Name" + ] +} diff --git a/src/schema/aws-oam-link.json b/src/schema/aws-oam-link.json index 3ac40257..adc5f8ca 100644 --- a/src/schema/aws-oam-link.json +++ b/src/schema/aws-oam-link.json @@ -37,7 +37,9 @@ "AWS::Logs::LogGroup", "AWS::XRay::Trace", "AWS::ApplicationInsights::Application", - "AWS::InternetMonitor::Monitor" + "AWS::InternetMonitor::Monitor", + "AWS::ApplicationSignals::Service", + "AWS::ApplicationSignals::ServiceLevelObjective" ], "type": "string" } @@ -48,11 +50,14 @@ "permissions": [ "oam:CreateLink", "oam:GetLink", + "oam:TagResource", + "oam:ListTagsForResource", "cloudwatch:Link", "logs:Link", "xray:Link", "applicationinsights:Link", - "internetmonitor:Link" + "internetmonitor:Link", + "application-signals:Link" ] }, "delete": { @@ -68,7 +73,8 @@ }, "read": { "permissions": [ - "oam:GetLink" + "oam:GetLink", + "oam:ListTagsForResource" ] }, "update": { @@ -80,8 +86,10 @@ "xray:Link", "applicationinsights:Link", "internetmonitor:Link", + "application-signals:Link", "oam:TagResource", - "oam:UntagResource" + "oam:UntagResource", + "oam:ListTagsForResource" ] } }, @@ -145,7 +153,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "oam:ListTagsForResource", + "oam:UntagResource", + "oam:TagResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-oam-sink.json b/src/schema/aws-oam-sink.json index d3b3345d..2c978a05 100644 --- a/src/schema/aws-oam-sink.json +++ b/src/schema/aws-oam-sink.json @@ -10,7 +10,9 @@ "oam:CreateSink", "oam:PutSinkPolicy", "oam:GetSinkPolicy", - "oam:GetSink" + "oam:GetSink", + "oam:TagResource", + "oam:ListTagsForResource" ] }, "delete": { @@ -28,7 +30,8 @@ "read": { "permissions": [ "oam:GetSinkPolicy", - "oam:GetSink" + "oam:GetSink", + "oam:ListTagsForResource" ] }, "update": { @@ -37,7 +40,8 @@ "oam:GetSinkPolicy", "oam:GetSink", "oam:TagResource", - "oam:UntagResource" + "oam:UntagResource", + "oam:ListTagsForResource" ] } }, @@ -84,7 +88,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "oam:ListTagsForResource", + "oam:UntagResource", + "oam:TagResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-omics-annotationstore.json b/src/schema/aws-omics-annotationstore.json index 5351564d..98a6986c 100644 --- a/src/schema/aws-omics-annotationstore.json +++ b/src/schema/aws-omics-annotationstore.json @@ -285,7 +285,13 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "omics:TagResource", + "omics:UntagResource", + "omics:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-omics-referencestore.json b/src/schema/aws-omics-referencestore.json index b7bfadd5..0bc9149e 100644 --- a/src/schema/aws-omics-referencestore.json +++ b/src/schema/aws-omics-referencestore.json @@ -50,7 +50,8 @@ "create": { "permissions": [ "omics:CreateReferenceStore", - "omics:TagResource" + "omics:TagResource", + "kms:DescribeKey" ] }, "delete": { @@ -123,12 +124,14 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "omics:TagResource", + "omics:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": false, "taggable": true }, - "typeName": "AWS::Omics::ReferenceStore", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Omics::ReferenceStore" } diff --git a/src/schema/aws-omics-rungroup.json b/src/schema/aws-omics-rungroup.json index 9071e7ba..f348e5cc 100644 --- a/src/schema/aws-omics-rungroup.json +++ b/src/schema/aws-omics-rungroup.json @@ -106,7 +106,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "omics:TagResource", + "omics:UntagResource", + "omics:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-omics-sequencestore.json b/src/schema/aws-omics-sequencestore.json index 54de14ae..d4e00921 100644 --- a/src/schema/aws-omics-sequencestore.json +++ b/src/schema/aws-omics-sequencestore.json @@ -1,19 +1,34 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Description", - "/properties/Name", - "/properties/FallbackLocation", - "/properties/SseConfig", - "/properties/Tags" + "/properties/ETagAlgorithmFamily", + "/properties/SseConfig" ], "definitions": { + "ETagAlgorithmFamily": { + "enum": [ + "MD5up", + "SHA256up", + "SHA512up" + ], + "type": "string" + }, "EncryptionType": { "enum": [ "KMS" ], "type": "string" }, + "SequenceStoreStatus": { + "enum": [ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "FAILED" + ], + "type": "string" + }, "SseConfig": { "additionalProperties": false, "description": "Server-side encryption (SSE) settings for a store.", @@ -46,12 +61,17 @@ "type": "object" } }, - "description": "Definition of AWS::Omics::SequenceStore Resource Type", + "description": "Resource Type definition for AWS::Omics::SequenceStore", "handlers": { "create": { "permissions": [ "omics:CreateSequenceStore", - "omics:TagResource" + "omics:GetSequenceStore", + "omics:GetS3AccessPolicy", + "omics:PutS3AccessPolicy", + "omics:ListTagsForResource", + "omics:TagResource", + "kms:DescribeKey" ] }, "delete": { @@ -66,15 +86,33 @@ }, "read": { "permissions": [ + "omics:GetS3AccessPolicy", "omics:GetSequenceStore", "omics:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "omics:UpdateSequenceStore", + "omics:GetSequenceStore", + "omics:TagResource", + "omics:UntagResource", + "omics:ListTagsForResource", + "omics:GetS3AccessPolicy", + "omics:DeleteS3AccessPolicy", + "omics:PutS3AccessPolicy" + ] } }, "primaryIdentifier": [ "/properties/SequenceStoreId" ], "properties": { + "AccessLogLocation": { + "description": "Location of the access logs.", + "pattern": "^$|^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/?((.{1,800})/)?$", + "type": "string" + }, "Arn": { "description": "The store's ARN.", "maxLength": 127, @@ -94,10 +132,13 @@ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$", "type": "string" }, + "ETagAlgorithmFamily": { + "$ref": "#/definitions/ETagAlgorithmFamily" + }, "FallbackLocation": { - "description": "An S3 URI representing the bucket and folder to store failed read set uploads.", - "minLength": 1, - "pattern": "^s3:\\/\\/([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])\\/?((.{1,1024})\\/)?$", + "description": "An S3 location that is used to store files that have failed a direct upload.", + "minLength": 0, + "pattern": "^$|^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/?((.{1,1024})/)?$", "type": "string" }, "Name": { @@ -107,6 +148,33 @@ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$", "type": "string" }, + "PropagatedSetLevelTags": { + "description": "The tags keys to propagate to the S3 objects associated with read sets in the sequence store.", + "items": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "maxItems": 50, + "minItems": 0, + "type": "array" + }, + "S3AccessPointArn": { + "description": "This is ARN of the access point associated with the S3 bucket storing read sets.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^arn:[^:]*:s3:[^:]*:[^:]*:accesspoint/.*$", + "type": "string" + }, + "S3AccessPolicy": { + "description": "The resource policy that controls S3 access on the store", + "type": "object" + }, + "S3Uri": { + "description": "The S3 URI of the sequence store.", + "pattern": "^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/(.{1,1024})$", + "type": "string" + }, "SequenceStoreId": { "maxLength": 36, "minLength": 10, @@ -116,26 +184,49 @@ "SseConfig": { "$ref": "#/definitions/SseConfig" }, + "Status": { + "$ref": "#/definitions/SequenceStoreStatus" + }, + "StatusMessage": { + "description": "The status message of the sequence store.", + "maxLength": 127, + "minLength": 1, + "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$", + "type": "string" + }, "Tags": { "$ref": "#/definitions/TagMap" + }, + "UpdateTime": { + "description": "The last-updated time of the sequence store.", + "format": "date-time", + "type": "string" } }, "readOnlyProperties": [ "/properties/Arn", "/properties/CreationTime", - "/properties/SequenceStoreId" + "/properties/S3AccessPointArn", + "/properties/S3Uri", + "/properties/SequenceStoreId", + "/properties/Status", + "/properties/StatusMessage", + "/properties/UpdateTime" ], "required": [ "Name" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "omics:TagResource", + "omics:ListTagsForResource", + "omics:UntagResource" + ], "tagOnCreate": true, - "tagUpdatable": false, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::Omics::SequenceStore", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Omics::SequenceStore" } diff --git a/src/schema/aws-omics-variantstore.json b/src/schema/aws-omics-variantstore.json index f6bf53ec..2dac788a 100644 --- a/src/schema/aws-omics-variantstore.json +++ b/src/schema/aws-omics-variantstore.json @@ -175,7 +175,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "omics:TagResource", + "omics:UntagResource", + "omics:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-omics-workflow.json b/src/schema/aws-omics-workflow.json index 431c14cf..c105d757 100644 --- a/src/schema/aws-omics-workflow.json +++ b/src/schema/aws-omics-workflow.json @@ -209,7 +209,13 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "omics:TagResource", + "omics:UntagResource", + "omics:ListTagsForResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-opensearchserverless-index.json b/src/schema/aws-opensearchserverless-index.json new file mode 100644 index 00000000..781e76e8 --- /dev/null +++ b/src/schema/aws-opensearchserverless-index.json @@ -0,0 +1,226 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/IndexName", + "/properties/CollectionEndpoint" + ], + "definitions": { + "IndexSettings": { + "additionalProperties": false, + "properties": { + "Index": { + "additionalProperties": false, + "properties": { + "Knn": { + "description": "Enable/disable k-nearest neighbor search capability", + "type": "boolean" + }, + "KnnAlgoParamEfSearch": { + "description": "Size of the dynamic list for the nearest neighbors", + "type": "integer" + }, + "RefreshInterval": { + "description": "How often to perform refresh operation (e.g. '1s', '5s')", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "PropertyMapping": { + "additionalProperties": false, + "properties": { + "Dimension": { + "description": "Dimension size for vector fields, defines the number of dimensions in the vector", + "type": "integer" + }, + "Index": { + "description": "Whether a field should be indexed", + "type": "boolean" + }, + "Method": { + "additionalProperties": false, + "description": "Configuration for k-NN search method", + "properties": { + "Engine": { + "description": "The k-NN search engine to use", + "enum": [ + "nmslib", + "faiss", + "lucene" + ], + "type": "string" + }, + "Name": { + "description": "The algorithm name for k-NN search", + "enum": [ + "hnsw", + "ivf" + ], + "type": "string" + }, + "Parameters": { + "additionalProperties": false, + "description": "Additional parameters for the k-NN algorithm", + "properties": { + "EfConstruction": { + "description": "The size of the dynamic list used during k-NN graph creation", + "minimum": 1, + "type": "integer" + }, + "M": { + "description": "Number of neighbors to consider during k-NN search", + "maximum": 100, + "minimum": 2, + "type": "integer" + } + }, + "type": "object" + }, + "SpaceType": { + "description": "The distance function used for k-NN search", + "enum": [ + "l2", + "l1", + "linf", + "cosinesimil", + "innerproduct", + "hamming" + ], + "type": "string" + } + }, + "required": [ + "Name", + "Engine" + ], + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "description": "Nested fields within an object or nested field type", + "patternProperties": { + "^[A-Za-z0-9_.-]{1,64}$": { + "$ref": "#/definitions/PropertyMapping", + "description": "Nested field name and its mapping configuration" + } + }, + "type": "object" + }, + "Type": { + "description": "The field data type. Must be a valid OpenSearch field type.", + "enum": [ + "text", + "knn_vector" + ], + "type": "string" + }, + "Value": { + "description": "Default value for the field when not specified in a document", + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + } + }, + "description": "An OpenSearch Serverless index resource", + "handlers": { + "create": { + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "delete": { + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "CollectionEndpoint": { + "$ref": "resource-schema.json#/properties/CollectionEndpoint" + } + }, + "required": [ + "CollectionEndpoint" + ] + }, + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "read": { + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "update": { + "permissions": [ + "aoss:APIAccessAll" + ] + } + }, + "primaryIdentifier": [ + "/properties/IndexName", + "/properties/CollectionEndpoint" + ], + "properties": { + "CollectionEndpoint": { + "description": "The endpoint for the collection.", + "type": "string" + }, + "IndexName": { + "description": "The name of the OpenSearch Serverless index.", + "pattern": "^(?![_-])[a-z][a-z0-9_-]*$", + "type": "string" + }, + "Mappings": { + "additionalProperties": false, + "description": "Index Mappings", + "properties": { + "Properties": { + "additionalProperties": false, + "description": "Defines the fields within the mapping, including their types and configurations", + "patternProperties": { + "^[A-Za-z0-9_.-]{1,64}$": { + "$ref": "#/definitions/PropertyMapping", + "description": "Field name and its mapping configuration" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "Settings": { + "$ref": "#/definitions/IndexSettings", + "description": "Index settings" + }, + "Uuid": { + "description": "The unique identifier for the index.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Uuid" + ], + "required": [ + "CollectionEndpoint", + "IndexName" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-opensearchserverless", + "tagging": { + "taggable": false + }, + "typeName": "AWS::OpenSearchServerless::Index", + "writeOnlyProperties": [ + "/properties/Settings/Index/RefreshInterval", + "/properties/Settings/Index/KnnAlgoParamEfSearch" + ] +} diff --git a/src/schema/aws-opensearchserverless-securityconfig.json b/src/schema/aws-opensearchserverless-securityconfig.json index ca9d5fc1..283c7303 100644 --- a/src/schema/aws-opensearchserverless-securityconfig.json +++ b/src/schema/aws-opensearchserverless-securityconfig.json @@ -7,9 +7,56 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Type", - "/properties/Name" + "/properties/Name", + "/properties/IamIdentityCenterOptions/InstanceArn" ], "definitions": { + "IamIdentityCenterApplicationArn": { + "description": "The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless", + "type": "string" + }, + "IamIdentityCenterConfigOptions": { + "additionalProperties": false, + "description": "Describes IAM Identity Center options for an OpenSearch Serverless security configuration in the form of a key-value map", + "properties": { + "ApplicationArn": { + "$ref": "#/definitions/IamIdentityCenterApplicationArn" + }, + "ApplicationDescription": { + "description": "The description of the IAM Identity Center application used to integrate with OpenSearch Serverless", + "type": "string" + }, + "ApplicationName": { + "description": "The name of the IAM Identity Center application used to integrate with OpenSearch Serverless", + "type": "string" + }, + "GroupAttribute": { + "$ref": "#/definitions/IamIdentityCenterGroupAttribute" + }, + "InstanceArn": { + "$ref": "#/definitions/IamIdentityCenterInstanceArn" + }, + "UserAttribute": { + "$ref": "#/definitions/IamIdentityCenterUserAttribute" + } + }, + "required": [ + "InstanceArn" + ], + "type": "object" + }, + "IamIdentityCenterGroupAttribute": { + "description": "Group attribute for this IAM Identity Center integration", + "type": "string" + }, + "IamIdentityCenterInstanceArn": { + "description": "The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless", + "type": "string" + }, + "IamIdentityCenterUserAttribute": { + "description": "User attribute for this IAM Identity Center integration", + "type": "string" + }, "SamlConfigOptions": { "additionalProperties": false, "description": "Describes saml options in form of key value map", @@ -28,6 +75,13 @@ "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+", "type": "string" }, + "OpenSearchServerlessEntityId": { + "description": "Custom entity id attribute to override default entity id for this saml integration", + "maxLength": 1024, + "minLength": 1, + "pattern": "^aws:opensearch:[0-9]{12}:*", + "type": "string" + }, "SessionTimeout": { "description": "Defines the session timeout in minutes", "type": "integer" @@ -48,7 +102,8 @@ "SecurityConfigType": { "description": "Config type for security config", "enum": [ - "saml" + "saml", + "iamidentitycenter" ], "type": "string" } @@ -57,12 +112,21 @@ "handlers": { "create": { "permissions": [ - "aoss:CreateSecurityConfig" + "aoss:CreateSecurityConfig", + "sso:CreateApplication", + "sso:ListApplications", + "sso:DeleteApplication", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant" ] }, "delete": { "permissions": [ - "aoss:DeleteSecurityConfig" + "aoss:DeleteSecurityConfig", + "sso:ListApplicationAssignments", + "sso:DeleteApplicationAssignment", + "sso:DeleteApplication" ] }, "list": { @@ -102,6 +166,9 @@ "minLength": 1, "type": "string" }, + "IamIdentityCenterOptions": { + "$ref": "#/definitions/IamIdentityCenterConfigOptions" + }, "Id": { "description": "The identifier of the security config", "maxLength": 100, @@ -123,7 +190,10 @@ } }, "readOnlyProperties": [ - "/properties/Id" + "/properties/Id", + "/properties/IamIdentityCenterOptions/ApplicationArn", + "/properties/IamIdentityCenterOptions/ApplicationName", + "/properties/IamIdentityCenterOptions/ApplicationDescription" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-opensearchserverless", "tagging": { diff --git a/src/schema/aws-opensearchservice-application.json b/src/schema/aws-opensearchservice-application.json new file mode 100644 index 00000000..f5cb30ee --- /dev/null +++ b/src/schema/aws-opensearchservice-application.json @@ -0,0 +1,210 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/Arn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name" + ], + "definitions": { + "AppConfig": { + "additionalProperties": false, + "description": "A key-value pair of AppConfig", + "properties": { + "Key": { + "$ref": "#/definitions/AppConfigType", + "description": "The configuration key" + }, + "Value": { + "description": "The configuration value.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "AppConfigType": { + "description": "AppConfig type values.", + "enum": [ + "opensearchDashboards.dashboardAdmin.users", + "opensearchDashboards.dashboardAdmin.groups" + ], + "type": "string" + }, + "DataSource": { + "additionalProperties": false, + "description": "Datasource arn and description", + "properties": { + "DataSourceArn": { + "$ref": "#/properties/Arn", + "description": "The ARN of the data source." + }, + "DataSourceDescription": { + "description": "Description of the data source.", + "type": "string" + } + }, + "required": [ + "DataSourceArn" + ], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair metadata associated with resource", + "properties": { + "Key": { + "description": "The key in the key-value pair", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value in the key-value pair", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Amazon OpenSearchService application resource", + "handlers": { + "create": { + "permissions": [ + "es:CreateApplication", + "es:GetApplication", + "es:AddTags", + "es:ListTags", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "es:GetApplication", + "es:DeleteApplication" + ] + }, + "list": { + "permissions": [ + "es:ListApplications" + ] + }, + "read": { + "permissions": [ + "es:GetApplication", + "es:ListTags" + ] + }, + "update": { + "permissions": [ + "es:UpdateApplication", + "es:GetApplication", + "es:AddTags", + "es:RemoveTags", + "es:ListTags" + ] + } + }, + "primaryIdentifier": [ + "/properties/Name" + ], + "properties": { + "AppConfigs": { + "description": "List of application configurations.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/AppConfig" + }, + "type": "array" + }, + "Arn": { + "description": "Amazon Resource Name (ARN) format.", + "type": "string" + }, + "DataSources": { + "description": "List of data sources.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/DataSource" + }, + "type": "array" + }, + "Endpoint": { + "description": "The endpoint for the application.", + "type": "string" + }, + "IamIdentityCenterOptions": { + "additionalProperties": false, + "description": "Options for configuring IAM Identity Center", + "properties": { + "Enabled": { + "description": "Whether IAM Identity Center is enabled.", + "type": "boolean" + }, + "IamIdentityCenterInstanceArn": { + "$ref": "#/properties/Arn", + "description": "The ARN of the IAM Identity Center instance." + }, + "IamRoleForIdentityCenterApplicationArn": { + "description": "The ARN of the IAM role for Identity Center application.", + "type": "string" + } + }, + "type": "object" + }, + "Id": { + "description": "The identifier of the application.", + "maxLength": 40, + "minLength": 3, + "type": "string" + }, + "Name": { + "description": "The name of the application.", + "maxLength": 40, + "minLength": 3, + "pattern": "[a-z][a-z0-9\\-]+", + "type": "string" + }, + "Tags": { + "description": "An arbitrary set of tags (key-value pairs) for this application.", + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Arn" + ], + "required": [ + "Name" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "es:AddTags", + "es:RemoveTags", + "es:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::OpenSearchService::Application" +} diff --git a/src/schema/aws-opensearchservice-domain.json b/src/schema/aws-opensearchservice-domain.json index 7d12e7fd..eb7d43af 100644 --- a/src/schema/aws-opensearchservice-domain.json +++ b/src/schema/aws-opensearchservice-domain.json @@ -23,6 +23,9 @@ "InternalUserDatabaseEnabled": { "type": "boolean" }, + "JWTOptions": { + "$ref": "#/definitions/JWTOptions" + }, "MasterUserOptions": { "$ref": "#/definitions/MasterUserOptions" }, @@ -56,6 +59,12 @@ "MultiAZWithStandbyEnabled": { "type": "boolean" }, + "NodeOptions": { + "items": { + "$ref": "#/definitions/NodeOption" + }, + "type": "array" + }, "WarmCount": { "type": "integer" }, @@ -155,6 +164,37 @@ }, "type": "object" }, + "IdentityCenterOptions": { + "additionalProperties": false, + "description": "Options for configuring Identity Center", + "properties": { + "EnabledAPIAccess": { + "description": "Whether Identity Center is enabled.", + "type": "boolean" + }, + "IdentityCenterApplicationARN": { + "description": "The ARN of the Identity Center application.", + "type": "string" + }, + "IdentityCenterInstanceARN": { + "description": "The ARN of the Identity Center instance.", + "type": "string" + }, + "IdentityStoreId": { + "description": "The IdentityStoreId for Identity Center options.", + "type": "string" + }, + "RolesKey": { + "$ref": "#/definitions/RolesKeyIdcType", + "description": "The roles key for Identity Center options." + }, + "SubjectKey": { + "$ref": "#/definitions/SubjectKeyIdcType", + "description": "The subject key for Identity Center options." + } + }, + "type": "object" + }, "Idp": { "additionalProperties": false, "properties": { @@ -173,6 +213,24 @@ ], "type": "object" }, + "JWTOptions": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "PublicKey": { + "type": "string" + }, + "RolesKey": { + "type": "string" + }, + "SubjectKey": { + "type": "string" + } + }, + "type": "object" + }, "LogPublishingOption": { "additionalProperties": false, "properties": { @@ -200,6 +258,36 @@ }, "type": "object" }, + "NodeConfig": { + "additionalProperties": false, + "properties": { + "Count": { + "type": "integer" + }, + "Enabled": { + "type": "boolean" + }, + "Type": { + "type": "string" + } + }, + "type": "object" + }, + "NodeOption": { + "additionalProperties": false, + "properties": { + "NodeConfig": { + "$ref": "#/definitions/NodeConfig" + }, + "NodeType": { + "enum": [ + "coordinator" + ], + "type": "string" + } + }, + "type": "object" + }, "NodeToNodeEncryptionOptions": { "additionalProperties": false, "properties": { @@ -230,6 +318,14 @@ }, "type": "object" }, + "RolesKeyIdcType": { + "description": "Roles Key Idc type values.", + "enum": [ + "GroupName", + "GroupId" + ], + "type": "string" + }, "SAMLOptions": { "additionalProperties": false, "properties": { @@ -305,6 +401,15 @@ }, "type": "object" }, + "SubjectKeyIdcType": { + "description": "Subject Key Idc type values.", + "enum": [ + "UserName", + "UserId", + "Email" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -479,6 +584,9 @@ "Id": { "type": "string" }, + "IdentityCenterOptions": { + "$ref": "#/definitions/IdentityCenterOptions" + }, "LogPublishingOptions": { "additionalProperties": false, "patternProperties": { @@ -497,6 +605,9 @@ "ServiceSoftwareOptions": { "$ref": "#/definitions/ServiceSoftwareOptions" }, + "SkipShardMigrationWait": { + "type": "boolean" + }, "SnapshotOptions": { "$ref": "#/definitions/SnapshotOptions" }, @@ -523,13 +634,16 @@ "/properties/DomainEndpointV2", "/properties/DomainEndpoints", "/properties/ServiceSoftwareOptions", - "/properties/AdvancedSecurityOptions/AnonymousAuthDisableDate" + "/properties/AdvancedSecurityOptions/AnonymousAuthDisableDate", + "/properties/IdentityCenterOptions/IdentityCenterApplicationARN", + "/properties/IdentityCenterOptions/IdentityStoreId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "typeName": "AWS::OpenSearchService::Domain", "writeOnlyProperties": [ "/properties/AdvancedSecurityOptions/MasterUserOptions", "/properties/AdvancedSecurityOptions/SAMLOptions/MasterUserName", - "/properties/AdvancedSecurityOptions/SAMLOptions/MasterBackendRole" + "/properties/AdvancedSecurityOptions/SAMLOptions/MasterBackendRole", + "/properties/AdvancedSecurityOptions/JWTOptions/PublicKey" ] } diff --git a/src/schema/aws-organizations-account.json b/src/schema/aws-organizations-account.json index e079ed87..497e6162 100644 --- a/src/schema/aws-organizations-account.json +++ b/src/schema/aws-organizations-account.json @@ -34,6 +34,7 @@ "organizations:CreateAccount", "organizations:DescribeCreateAccountStatus", "organizations:MoveAccount", + "organizations:ListAccounts", "organizations:ListParents", "organizations:TagResource", "organizations:DescribeAccount", @@ -161,6 +162,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-organizations", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-organizations-organizationalunit.json b/src/schema/aws-organizations-organizationalunit.json index b8d9156c..1acd3860 100644 --- a/src/schema/aws-organizations-organizationalunit.json +++ b/src/schema/aws-organizations-organizationalunit.json @@ -35,6 +35,7 @@ "organizations:CreateOrganizationalUnit", "organizations:DescribeOrganizationalUnit", "organizations:ListParents", + "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "organizations:TagResource" ] @@ -126,6 +127,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-organizations", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-organizations-policy.json b/src/schema/aws-organizations-policy.json index ab8ae576..c4b79f5d 100644 --- a/src/schema/aws-organizations-policy.json +++ b/src/schema/aws-organizations-policy.json @@ -37,6 +37,7 @@ "organizations:CreatePolicy", "organizations:DescribePolicy", "organizations:AttachPolicy", + "organizations:ListPolicies", "organizations:ListTagsForResource", "organizations:ListTargetsForPolicy", "organizations:TagResource" @@ -145,12 +146,15 @@ "uniqueItems": true }, "Type": { - "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY", + "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, CHATBOT_POLICY, RESOURCE_CONTROL_POLICY,DECLARATIVE_POLICY_EC2", "enum": [ "SERVICE_CONTROL_POLICY", "AISERVICES_OPT_OUT_POLICY", "BACKUP_POLICY", - "TAG_POLICY" + "TAG_POLICY", + "CHATBOT_POLICY", + "RESOURCE_CONTROL_POLICY", + "DECLARATIVE_POLICY_EC2" ], "type": "string" } @@ -168,6 +172,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-organizations", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-organizations-resourcepolicy.json b/src/schema/aws-organizations-resourcepolicy.json index 3cba2730..889397c8 100644 --- a/src/schema/aws-organizations-resourcepolicy.json +++ b/src/schema/aws-organizations-resourcepolicy.json @@ -106,6 +106,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-organizations", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "organizations:TagResource", + "organizations:UntagResource", + "organizations:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-osis-pipeline.json b/src/schema/aws-osis-pipeline.json index 2281d7ee..b70b97ed 100644 --- a/src/schema/aws-osis-pipeline.json +++ b/src/schema/aws-osis-pipeline.json @@ -126,6 +126,26 @@ }, "type": "array" }, + "VpcAttachmentOptions": { + "additionalProperties": false, + "description": "Options for attaching a VPC to the pipeline.", + "properties": { + "AttachToVpc": { + "description": "Whether the pipeline should be attached to the provided VPC", + "type": "boolean" + }, + "CidrBlock": { + "description": "The CIDR block to be reserved for OpenSearch Ingestion to create elastic network interfaces (ENIs).", + "pattern": "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/(3[0-2]|[12]?[0-9])$", + "type": "string" + } + }, + "required": [ + "AttachToVpc", + "CidrBlock" + ], + "type": "object" + }, "VpcEndpointManagement": { "description": "Defines whether you or Amazon OpenSearch Ingestion service create and manage the VPC endpoint configured for the pipeline.", "enum": [ diff --git a/src/schema/aws-panorama-applicationinstance.json b/src/schema/aws-panorama-applicationinstance.json index 77ad5f74..baa5a0c8 100644 --- a/src/schema/aws-panorama-applicationinstance.json +++ b/src/schema/aws-panorama-applicationinstance.json @@ -75,9 +75,11 @@ }, "ManifestOverridesPayload": { "additionalProperties": false, + "description": "Parameter overrides for an application instance. This is a JSON document that has a single key (``PayloadData``) where the value is an escaped string representation of the overrides document.", "properties": { "PayloadData": { - "$ref": "#/definitions/ManifestOverridesPayloadData" + "$ref": "#/definitions/ManifestOverridesPayloadData", + "description": "The overrides document." } }, "type": "object" @@ -90,9 +92,11 @@ }, "ManifestPayload": { "additionalProperties": false, + "description": "A application verion's manifest file. This is a JSON document that has a single key (``PayloadData``) where the value is an escaped string representation of the application manifest (``graph.json``). This file is located in the ``graphs`` folder in your application source.", "properties": { "PayloadData": { - "$ref": "#/definitions/ManifestPayloadData" + "$ref": "#/definitions/ManifestPayloadData", + "description": "The application manifest." } }, "type": "object" @@ -128,16 +132,17 @@ }, "Tag": { "additionalProperties": false, + "description": "", "properties": { "Key": { - "description": "A string used to identify this tag", + "description": "", "maxLength": 128, "minLength": 1, "pattern": "^.+$", "type": "string" }, "Value": { - "description": "A string containing the value for the tag", + "description": "", "maxLength": 256, "minLength": 0, "pattern": "^.+$", @@ -163,7 +168,7 @@ "type": "integer" } }, - "description": "Schema for ApplicationInstance CloudFormation Resource", + "description": "Creates an application instance and deploys it to a device.", "handlers": { "create": { "permissions": [ @@ -228,52 +233,68 @@ ], "properties": { "ApplicationInstanceId": { - "$ref": "#/definitions/ApplicationInstanceId" + "$ref": "#/definitions/ApplicationInstanceId", + "description": "" }, "ApplicationInstanceIdToReplace": { - "$ref": "#/definitions/ApplicationInstanceId" + "$ref": "#/definitions/ApplicationInstanceId", + "description": "The ID of an application instance to replace with the new instance." }, "Arn": { - "$ref": "#/definitions/ApplicationInstanceArn" + "$ref": "#/definitions/ApplicationInstanceArn", + "description": "" }, "CreatedTime": { - "$ref": "#/definitions/Timestamp" + "$ref": "#/definitions/Timestamp", + "description": "" }, "DefaultRuntimeContextDevice": { - "$ref": "#/definitions/DefaultRuntimeContextDevice" + "$ref": "#/definitions/DefaultRuntimeContextDevice", + "description": "The device's ID." }, "DefaultRuntimeContextDeviceName": { - "$ref": "#/definitions/DeviceName" + "$ref": "#/definitions/DeviceName", + "description": "" }, "Description": { - "$ref": "#/definitions/Description" + "$ref": "#/definitions/Description", + "description": "A description for the application instance." }, "HealthStatus": { - "$ref": "#/definitions/ApplicationInstanceHealthStatus" + "$ref": "#/definitions/ApplicationInstanceHealthStatus", + "description": "" }, "LastUpdatedTime": { - "$ref": "#/definitions/Timestamp" + "$ref": "#/definitions/Timestamp", + "description": "" }, "ManifestOverridesPayload": { - "$ref": "#/definitions/ManifestOverridesPayload" + "$ref": "#/definitions/ManifestOverridesPayload", + "description": "Setting overrides for the application manifest." }, "ManifestPayload": { - "$ref": "#/definitions/ManifestPayload" + "$ref": "#/definitions/ManifestPayload", + "description": "The application's manifest document." }, "Name": { - "$ref": "#/definitions/Name" + "$ref": "#/definitions/Name", + "description": "A name for the application instance." }, "RuntimeRoleArn": { - "$ref": "#/definitions/RuntimeRoleArn" + "$ref": "#/definitions/RuntimeRoleArn", + "description": "The ARN of a runtime role for the application instance." }, "Status": { - "$ref": "#/definitions/ApplicationInstanceStatus" + "$ref": "#/definitions/ApplicationInstanceStatus", + "description": "" }, "StatusDescription": { - "$ref": "#/definitions/ApplicationInstanceStatusDescription" + "$ref": "#/definitions/ApplicationInstanceStatusDescription", + "description": "" }, "Tags": { - "$ref": "#/definitions/TagList" + "$ref": "#/definitions/TagList", + "description": "Tags for the application instance." } }, "readOnlyProperties": [ @@ -291,7 +312,18 @@ "DefaultRuntimeContextDevice" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "panorama:ListTagsForResource", + "panorama:TagResource", + "panorama:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Panorama::ApplicationInstance", "writeOnlyProperties": [ "/properties/ApplicationInstanceIdToReplace" diff --git a/src/schema/aws-panorama-package.json b/src/schema/aws-panorama-package.json index 76a2d8aa..12387b80 100644 --- a/src/schema/aws-panorama-package.json +++ b/src/schema/aws-panorama-package.json @@ -23,20 +23,26 @@ }, "StorageLocation": { "additionalProperties": false, + "description": "A storage location.", "properties": { "BinaryPrefixLocation": { + "description": "The location's binary prefix.", "type": "string" }, "Bucket": { + "description": "The location's bucket.", "type": "string" }, "GeneratedPrefixLocation": { + "description": "The location's generated prefix.", "type": "string" }, "ManifestPrefixLocation": { + "description": "The location's manifest prefix.", "type": "string" }, "RepoPrefixLocation": { + "description": "The location's repo prefix.", "type": "string" } }, @@ -44,14 +50,17 @@ }, "Tag": { "additionalProperties": false, + "description": "", "properties": { "Key": { + "description": "", "maxLength": 128, "minLength": 1, "pattern": "^.+$", "type": "string" }, "Value": { + "description": "", "maxLength": 256, "minLength": 0, "pattern": "^.+$", @@ -76,7 +85,7 @@ "type": "integer" } }, - "description": "Schema for Package CloudFormation Resource", + "description": "Creates a package and storage location in an Amazon S3 access point.", "handlers": { "create": { "permissions": [ @@ -139,22 +148,28 @@ ], "properties": { "Arn": { - "$ref": "#/definitions/NodePackageArn" + "$ref": "#/definitions/NodePackageArn", + "description": "" }, "CreatedTime": { - "$ref": "#/definitions/Timestamp" + "$ref": "#/definitions/Timestamp", + "description": "" }, "PackageId": { - "$ref": "#/definitions/NodePackageId" + "$ref": "#/definitions/NodePackageId", + "description": "" }, "PackageName": { - "$ref": "#/definitions/NodePackageName" + "$ref": "#/definitions/NodePackageName", + "description": "A name for the package." }, "StorageLocation": { - "$ref": "#/definitions/StorageLocation" + "$ref": "#/definitions/StorageLocation", + "description": "A storage location." }, "Tags": { - "$ref": "#/definitions/TagList" + "$ref": "#/definitions/TagList", + "description": "Tags for the package." } }, "readOnlyProperties": [ @@ -171,6 +186,17 @@ "PackageName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "panorama:ListTagsForResource", + "panorama:TagResource", + "panorama:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Panorama::Package" } diff --git a/src/schema/aws-panorama-packageversion.json b/src/schema/aws-panorama-packageversion.json index 9c7db690..47bc8ca4 100644 --- a/src/schema/aws-panorama-packageversion.json +++ b/src/schema/aws-panorama-packageversion.json @@ -60,7 +60,7 @@ "type": "integer" } }, - "description": "Schema for PackageVersion Resource Type", + "description": "Registers a package version.", "handlers": { "create": { "permissions": [ @@ -110,40 +110,52 @@ ], "properties": { "IsLatestPatch": { + "description": "", "type": "boolean" }, "MarkLatest": { + "description": "Whether to mark the new version as the latest version.", "type": "boolean" }, "OwnerAccount": { - "$ref": "#/definitions/PackageOwnerAccount" + "$ref": "#/definitions/PackageOwnerAccount", + "description": "An owner account." }, "PackageArn": { - "$ref": "#/definitions/NodePackageArn" + "$ref": "#/definitions/NodePackageArn", + "description": "" }, "PackageId": { - "$ref": "#/definitions/NodePackageId" + "$ref": "#/definitions/NodePackageId", + "description": "A package ID." }, "PackageName": { - "$ref": "#/definitions/NodePackageName" + "$ref": "#/definitions/NodePackageName", + "description": "" }, "PackageVersion": { - "$ref": "#/definitions/NodePackageVersion" + "$ref": "#/definitions/NodePackageVersion", + "description": "A package version." }, "PatchVersion": { - "$ref": "#/definitions/NodePackagePatchVersion" + "$ref": "#/definitions/NodePackagePatchVersion", + "description": "A patch version." }, "RegisteredTime": { - "$ref": "#/definitions/TimeStamp" + "$ref": "#/definitions/TimeStamp", + "description": "" }, "Status": { - "$ref": "#/definitions/PackageVersionStatus" + "$ref": "#/definitions/PackageVersionStatus", + "description": "" }, "StatusDescription": { - "$ref": "#/definitions/PackageVersionStatusDescription" + "$ref": "#/definitions/PackageVersionStatusDescription", + "description": "" }, "UpdatedLatestPatchVersion": { - "$ref": "#/definitions/NodePackagePatchVersion" + "$ref": "#/definitions/NodePackagePatchVersion", + "description": "If the version was marked latest, the new version to maker as latest." } }, "readOnlyProperties": [ @@ -160,7 +172,6 @@ "PatchVersion" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-panorama.git", - "taggable": false, "typeName": "AWS::Panorama::PackageVersion", "writeOnlyProperties": [ "/properties/UpdatedLatestPatchVersion" diff --git a/src/schema/aws-paymentcryptography-key.json b/src/schema/aws-paymentcryptography-key.json index c7bc6609..82a91584 100644 --- a/src/schema/aws-paymentcryptography-key.json +++ b/src/schema/aws-paymentcryptography-key.json @@ -1,6 +1,30 @@ { "additionalProperties": false, "definitions": { + "DeriveKeyUsage": { + "enum": [ + "TR31_B0_BASE_DERIVATION_KEY", + "TR31_C0_CARD_VERIFICATION_KEY", + "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", + "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", + "TR31_E1_EMV_MKEY_CONFIDENTIALITY", + "TR31_E2_EMV_MKEY_INTEGRITY", + "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", + "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", + "TR31_E6_EMV_MKEY_OTHER", + "TR31_K0_KEY_ENCRYPTION_KEY", + "TR31_K1_KEY_BLOCK_PROTECTION_KEY", + "TR31_M3_ISO_9797_3_MAC_KEY", + "TR31_M1_ISO_9797_1_MAC_KEY", + "TR31_M6_ISO_9797_5_CMAC_KEY", + "TR31_M7_HMAC_KEY", + "TR31_P0_PIN_ENCRYPTION_KEY", + "TR31_P1_PIN_GENERATION_KEY", + "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", + "TR31_V2_VISA_PIN_VERIFICATION_KEY" + ], + "type": "string" + }, "KeyAlgorithm": { "enum": [ "TDES_2KEY", @@ -8,9 +32,16 @@ "AES_128", "AES_192", "AES_256", + "HMAC_SHA256", + "HMAC_SHA384", + "HMAC_SHA512", + "HMAC_SHA224", "RSA_2048", "RSA_3072", - "RSA_4096" + "RSA_4096", + "ECC_NIST_P256", + "ECC_NIST_P384", + "ECC_NIST_P521" ], "type": "string" }, @@ -41,7 +72,8 @@ "KeyCheckValueAlgorithm": { "enum": [ "CMAC", - "ANSI_X9_24" + "ANSI_X9_24", + "HMAC" ], "type": "string" }, @@ -152,12 +184,13 @@ }, "Value": { "maxLength": 256, - "minLength": 0, + "minLength": 1, "type": "string" } }, "required": [ - "Key" + "Key", + "Value" ], "type": "object" } @@ -203,6 +236,9 @@ "/properties/KeyIdentifier" ], "properties": { + "DeriveKeyUsage": { + "$ref": "#/definitions/DeriveKeyUsage" + }, "Enabled": { "type": "boolean" }, @@ -248,6 +284,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "payment-cryptography:ListTagsForResource", + "payment-cryptography:TagResource", + "payment-cryptography:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-pcaconnectorad-connector.json b/src/schema/aws-pcaconnectorad-connector.json index 44a27b2a..125afed5 100644 --- a/src/schema/aws-pcaconnectorad-connector.json +++ b/src/schema/aws-pcaconnectorad-connector.json @@ -15,9 +15,20 @@ }, "type": "object" }, + "Unit": { + "additionalProperties": false, + "type": "object" + }, "VpcInformation": { "additionalProperties": false, "properties": { + "IpAddressType": { + "enum": [ + "IPV4", + "DUALSTACK" + ], + "type": "string" + }, "SecurityGroupIds": { "items": { "maxLength": 20, @@ -37,7 +48,7 @@ "type": "object" } }, - "description": "Definition of AWS::PCAConnectorAD::Connector Resource Type", + "description": "Represents a Connector that connects AWS PrivateCA and your directory", "handlers": { "create": { "permissions": [ @@ -50,15 +61,17 @@ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "pca-connector-ad:CreateConnector", - "pca-connector-ad:GetConnector" + "pca-connector-ad:GetConnector", + "pca-connector-ad:TagResource" ] }, "delete": { "permissions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints", "pca-connector-ad:GetConnector", "pca-connector-ad:DeleteConnector", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeVpcEndpoints" + "pca-connector-ad:UntagResource" ] }, "list": { @@ -87,13 +100,13 @@ "CertificateAuthorityArn": { "maxLength": 200, "minLength": 5, - "pattern": "^arn:[\\w-]+:acm-pca:[\\w-]+:[0-9]+:certificate-authority(\\/[\\w-]+)$", + "pattern": "^arn:[\\w-]+:acm-pca:[\\w-]+:[0-9]+:certificate-authority\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", "type": "string" }, "ConnectorArn": { "maxLength": 200, "minLength": 5, - "pattern": "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector(\\/[\\w-]+)$", + "pattern": "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", "type": "string" }, "DirectoryId": { @@ -117,16 +130,15 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "pca-connector-ad:ListTagsForResource", + "pca-connector-ad:TagResource", + "pca-connector-ad:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::PCAConnectorAD::Connector", - "writeOnlyProperties": [ - "/properties/CertificateAuthorityArn", - "/properties/DirectoryId", - "/properties/Tags", - "/properties/VpcInformation" - ] + "typeName": "AWS::PCAConnectorAD::Connector" } diff --git a/src/schema/aws-pcaconnectorad-directoryregistration.json b/src/schema/aws-pcaconnectorad-directoryregistration.json index 6161b48e..a477c410 100644 --- a/src/schema/aws-pcaconnectorad-directoryregistration.json +++ b/src/schema/aws-pcaconnectorad-directoryregistration.json @@ -18,19 +18,21 @@ "handlers": { "create": { "permissions": [ + "ds:AuthorizeApplication", + "ds:DescribeDirectories", "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:CreateDirectoryRegistration", - "ds:AuthorizeApplication", - "ds:DescribeDirectories" + "pca-connector-ad:TagResource" ] }, "delete": { "permissions": [ - "pca-connector-ad:GetDirectoryRegistration", - "pca-connector-ad:DeleteDirectoryRegistration", "ds:DescribeDirectories", "ds:UnauthorizeApplication", - "ds:UpdateAuthorizedApplication" + "ds:UpdateAuthorizedApplication", + "pca-connector-ad:GetDirectoryRegistration", + "pca-connector-ad:DeleteDirectoryRegistration", + "pca-connector-ad:UntagResource" ] }, "list": { @@ -40,8 +42,8 @@ }, "read": { "permissions": [ - "pca-connector-ad:ListTagsForResource", - "pca-connector-ad:GetDirectoryRegistration" + "pca-connector-ad:GetDirectoryRegistration", + "pca-connector-ad:ListTagsForResource" ] }, "update": { @@ -78,14 +80,15 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "pca-connector-ad:ListTagsForResource", + "pca-connector-ad:TagResource", + "pca-connector-ad:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::PCAConnectorAD::DirectoryRegistration", - "writeOnlyProperties": [ - "/properties/DirectoryId", - "/properties/Tags" - ] + "typeName": "AWS::PCAConnectorAD::DirectoryRegistration" } diff --git a/src/schema/aws-pcaconnectorad-template.json b/src/schema/aws-pcaconnectorad-template.json index c701a752..43b778e5 100644 --- a/src/schema/aws-pcaconnectorad-template.json +++ b/src/schema/aws-pcaconnectorad-template.json @@ -939,13 +939,15 @@ "handlers": { "create": { "permissions": [ - "pca-connector-ad:CreateTemplate" + "pca-connector-ad:CreateTemplate", + "pca-connector-ad:TagResource" ] }, "delete": { "permissions": [ "pca-connector-ad:GetTemplate", - "pca-connector-ad:DeleteTemplate" + "pca-connector-ad:DeleteTemplate", + "pca-connector-ad:UntagResource" ] }, "list": { @@ -1021,6 +1023,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-pcaconnectorad", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "pca-connector-ad:ListTagsForResource", + "pca-connector-ad:TagResource", + "pca-connector-ad:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -1028,10 +1035,6 @@ }, "typeName": "AWS::PCAConnectorAD::Template", "writeOnlyProperties": [ - "/properties/ConnectorArn", - "/properties/Definition", - "/properties/Name", - "/properties/ReenrollAllCertificateHolders", - "/properties/Tags" + "/properties/ReenrollAllCertificateHolders" ] } diff --git a/src/schema/aws-pcaconnectorscep-challenge.json b/src/schema/aws-pcaconnectorscep-challenge.json new file mode 100644 index 00000000..10633c6a --- /dev/null +++ b/src/schema/aws-pcaconnectorscep-challenge.json @@ -0,0 +1,105 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ConnectorArn" + ], + "definitions": { + "Tags": { + "additionalProperties": false, + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + } + }, + "description": "Represents a SCEP Challenge that is used for certificate enrollment", + "handlers": { + "create": { + "permissions": [ + "pca-connector-scep:CreateChallenge", + "pca-connector-scep:TagResource" + ] + }, + "delete": { + "permissions": [ + "pca-connector-scep:GetChallengeMetadata", + "pca-connector-scep:DeleteChallenge", + "pca-connector-scep:UntagResource" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ConnectorArn": { + "$ref": "resource-schema.json#/properties/ConnectorArn" + } + }, + "required": [ + "ConnectorArn" + ] + }, + "permissions": [ + "pca-connector-scep:ListChallengeMetadata" + ] + }, + "read": { + "permissions": [ + "pca-connector-scep:ListTagsForResource", + "pca-connector-scep:GetChallengeMetadata" + ] + }, + "update": { + "permissions": [ + "pca-connector-scep:ListTagsForResource", + "pca-connector-scep:TagResource", + "pca-connector-scep:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/ChallengeArn" + ], + "properties": { + "ChallengeArn": { + "maxLength": 200, + "minLength": 5, + "pattern": "^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\\d*:\\d{12}:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/challenge\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", + "type": "string" + }, + "ConnectorArn": { + "maxLength": 200, + "minLength": 5, + "pattern": "^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\\d*:\\d{12}:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/Tags" + } + }, + "readOnlyProperties": [ + "/properties/ChallengeArn" + ], + "required": [ + "ConnectorArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-pcaconnectorscep", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "pca-connector-scep:ListTagsForResource", + "pca-connector-scep:TagResource", + "pca-connector-scep:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::PCAConnectorSCEP::Challenge" +} diff --git a/src/schema/aws-pcaconnectorscep-connector.json b/src/schema/aws-pcaconnectorscep-connector.json new file mode 100644 index 00000000..75dbfb29 --- /dev/null +++ b/src/schema/aws-pcaconnectorscep-connector.json @@ -0,0 +1,183 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/CertificateAuthorityArn", + "/properties/MobileDeviceManagement" + ], + "definitions": { + "ConnectorType": { + "enum": [ + "GENERAL_PURPOSE", + "INTUNE" + ], + "type": "string" + }, + "IntuneConfiguration": { + "additionalProperties": false, + "properties": { + "AzureApplicationId": { + "maxLength": 100, + "minLength": 15, + "pattern": "^[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}$", + "type": "string" + }, + "Domain": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-zA-Z0-9._-]+$", + "type": "string" + } + }, + "required": [ + "AzureApplicationId", + "Domain" + ], + "type": "object" + }, + "MobileDeviceManagement": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Intune": { + "$ref": "#/definitions/IntuneConfiguration" + } + }, + "required": [ + "Intune" + ], + "title": "Intune" + } + ], + "type": "object" + }, + "OpenIdConfiguration": { + "additionalProperties": false, + "properties": { + "Audience": { + "type": "string" + }, + "Issuer": { + "type": "string" + }, + "Subject": { + "type": "string" + } + }, + "type": "object" + }, + "Tags": { + "additionalProperties": false, + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + } + }, + "description": "Represents a Connector that allows certificate issuance through Simple Certificate Enrollment Protocol (SCEP)", + "handlers": { + "create": { + "permissions": [ + "acm-pca:DescribeCertificateAuthority", + "acm-pca:GetCertificate", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:IssueCertificate", + "pca-connector-scep:GetConnector", + "pca-connector-scep:CreateConnector", + "pca-connector-scep:TagResource" + ] + }, + "delete": { + "permissions": [ + "acm-pca:DescribeCertificateAuthority", + "acm-pca:GetCertificate", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:IssueCertificate", + "pca-connector-scep:GetConnector", + "pca-connector-scep:DeleteConnector", + "pca-connector-scep:UntagResource" + ] + }, + "list": { + "permissions": [ + "pca-connector-scep:ListConnectors" + ] + }, + "read": { + "permissions": [ + "pca-connector-scep:ListTagsForResource", + "pca-connector-scep:GetConnector" + ] + }, + "update": { + "permissions": [ + "pca-connector-scep:ListTagsForResource", + "pca-connector-scep:TagResource", + "pca-connector-scep:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/ConnectorArn" + ], + "properties": { + "CertificateAuthorityArn": { + "maxLength": 200, + "minLength": 5, + "pattern": "^arn:aws(-[a-z]+)*:acm-pca:[a-z]+(-[a-z]+)+-[1-9]\\d*:\\d{12}:certificate-authority\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", + "type": "string" + }, + "ConnectorArn": { + "maxLength": 200, + "minLength": 5, + "pattern": "^arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\\d*:\\d{12}:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", + "type": "string" + }, + "Endpoint": { + "maxLength": 200, + "minLength": 5, + "type": "string" + }, + "MobileDeviceManagement": { + "$ref": "#/definitions/MobileDeviceManagement" + }, + "OpenIdConfiguration": { + "$ref": "#/definitions/OpenIdConfiguration" + }, + "Tags": { + "$ref": "#/definitions/Tags" + }, + "Type": { + "$ref": "#/definitions/ConnectorType" + } + }, + "readOnlyProperties": [ + "/properties/ConnectorArn", + "/properties/Endpoint", + "/properties/OpenIdConfiguration", + "/properties/Type" + ], + "required": [ + "CertificateAuthorityArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-pcaconnectorscep", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "pca-connector-scep:ListTagsForResource", + "pca-connector-scep:TagResource", + "pca-connector-scep:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::PCAConnectorSCEP::Connector" +} diff --git a/src/schema/aws-pcs-cluster.json b/src/schema/aws-pcs-cluster.json new file mode 100644 index 00000000..dc26e865 --- /dev/null +++ b/src/schema/aws-pcs-cluster.json @@ -0,0 +1,333 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/Networking", + "/properties/Scheduler", + "/properties/Size", + "/properties/SlurmConfiguration" + ], + "definitions": { + "AuthKey": { + "additionalProperties": false, + "description": "The shared Slurm key for authentication, also known as the cluster secret.", + "properties": { + "SecretArn": { + "description": "The Amazon Resource Name (ARN) of the the shared Slurm key.", + "type": "string" + }, + "SecretVersion": { + "description": "The version of the shared Slurm key.", + "type": "string" + } + }, + "required": [ + "SecretArn", + "SecretVersion" + ], + "type": "object" + }, + "Endpoint": { + "additionalProperties": false, + "description": "An endpoint available for interaction with the scheduler.", + "properties": { + "Port": { + "description": "The endpoint's connection port number.", + "type": "string" + }, + "PrivateIpAddress": { + "description": "The endpoint's private IP address.", + "type": "string" + }, + "PublicIpAddress": { + "description": "The endpoint's public IP address.", + "type": "string" + }, + "Type": { + "description": "Indicates the type of endpoint running at the specific IP address.", + "enum": [ + "SLURMCTLD", + "SLURMDBD" + ], + "type": "string" + } + }, + "required": [ + "Port", + "PrivateIpAddress", + "Type" + ], + "type": "object" + }, + "ErrorInfo": { + "additionalProperties": false, + "description": "An error that occurred during resource provisioning.", + "properties": { + "Code": { + "description": "The short-form error code.", + "type": "string" + }, + "Message": { + "description": "The detailed error information.", + "type": "string" + } + }, + "type": "object" + }, + "SecurityGroupId": { + "description": "A VPC security group ID.", + "type": "string" + }, + "SlurmCustomSetting": { + "additionalProperties": false, + "description": "Additional settings that directly map to Slurm settings.", + "properties": { + "ParameterName": { + "description": "AWS PCS supports configuration of the following Slurm parameters for clusters: Prolog, Epilog, and SelectTypeParameters.", + "type": "string" + }, + "ParameterValue": { + "description": "The value for the configured Slurm setting.", + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, + "SubnetId": { + "description": "A VPC subnet ID.", + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + } + }, + "description": "AWS::PCS::Cluster resource creates an AWS PCS cluster.", + "handlers": { + "create": { + "permissions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:GetSecurityGroupsForVpc", + "iam:CreateServiceLinkedRole", + "secretsmanager:CreateSecret", + "secretsmanager:TagResource", + "pcs:CreateCluster", + "pcs:GetCluster", + "pcs:ListTagsForResource", + "pcs:TagResource" + ], + "timeoutInMinutes": 60 + }, + "delete": { + "permissions": [ + "pcs:DeleteCluster", + "pcs:GetCluster" + ], + "timeoutInMinutes": 60 + }, + "list": { + "permissions": [ + "pcs:ListClusters" + ] + }, + "read": { + "permissions": [ + "pcs:GetCluster", + "pcs:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "pcs:GetCluster", + "pcs:ListTagsForResource", + "pcs:TagResource", + "pcs:UntagResource" + ], + "timeoutInMinutes": 60 + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "description": "The unique Amazon Resource Name (ARN) of the cluster.", + "type": "string" + }, + "Endpoints": { + "description": "The list of endpoints available for interaction with the scheduler.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Endpoint" + }, + "type": "array" + }, + "ErrorInfo": { + "description": "The list of errors that occurred during cluster provisioning.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ErrorInfo" + }, + "type": "array" + }, + "Id": { + "description": "The generated unique ID of the cluster.", + "pattern": "^(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{1,40})$", + "type": "string" + }, + "Name": { + "description": "The name that identifies the cluster.", + "type": "string" + }, + "Networking": { + "additionalProperties": false, + "description": "The networking configuration for the cluster's control plane.", + "properties": { + "SecurityGroupIds": { + "description": "The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SecurityGroupId" + }, + "type": "array" + }, + "SubnetIds": { + "description": "The list of subnet IDs where AWS PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and AWS PCS resources. The subnet must have an available IP address, cannot reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone. AWS PCS currently supports only 1 subnet in this list.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SubnetId" + }, + "type": "array" + } + }, + "type": "object" + }, + "Scheduler": { + "additionalProperties": false, + "description": "The cluster management and job scheduling software associated with the cluster.", + "properties": { + "Type": { + "description": "The software AWS PCS uses to manage cluster scaling and job scheduling.", + "enum": [ + "SLURM" + ], + "type": "string" + }, + "Version": { + "description": "The version of the specified scheduling software that AWS PCS uses to manage cluster scaling and job scheduling.", + "type": "string" + } + }, + "required": [ + "Type", + "Version" + ], + "type": "object" + }, + "Size": { + "description": "The size of the cluster.", + "enum": [ + "SMALL", + "MEDIUM", + "LARGE" + ], + "type": "string" + }, + "SlurmConfiguration": { + "additionalProperties": false, + "description": "Additional options related to the Slurm scheduler.", + "properties": { + "AuthKey": { + "$ref": "#/definitions/AuthKey" + }, + "ScaleDownIdleTimeInSeconds": { + "description": "The time before an idle node is scaled down.", + "minimum": 1, + "type": "integer" + }, + "SlurmCustomSettings": { + "description": "Additional Slurm-specific configuration that directly maps to Slurm settings.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SlurmCustomSetting" + }, + "type": "array" + } + }, + "type": "object" + }, + "Status": { + "description": "The provisioning status of the cluster. The provisioning status doesn't indicate the overall health of the cluster.", + "enum": [ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "CREATE_FAILED", + "DELETE_FAILED", + "UPDATE_FAILED" + ], + "type": "string" + }, + "Tags": { + "additionalProperties": false, + "description": "1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string.", + "patternProperties": { + "^.+$": { + "type": "string" + } + } + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Endpoints", + "/properties/ErrorInfo", + "/properties/Id", + "/properties/Status" + ], + "required": [ + "Networking", + "Scheduler", + "Size" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-pcs.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "pcs:TagResource", + "pcs:ListTagsForResource", + "pcs:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::PCS::Cluster" +} diff --git a/src/schema/aws-pcs-computenodegroup.json b/src/schema/aws-pcs-computenodegroup.json new file mode 100644 index 00000000..47669860 --- /dev/null +++ b/src/schema/aws-pcs-computenodegroup.json @@ -0,0 +1,335 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/ClusterId", + "/properties/InstanceConfigs" + ], + "definitions": { + "ErrorInfo": { + "additionalProperties": false, + "description": "An error that occurred during resource provisioning.", + "properties": { + "Code": { + "description": "The short-form error code.", + "type": "string" + }, + "Message": { + "description": "The detailed error information.", + "type": "string" + } + }, + "type": "object" + }, + "InstanceConfig": { + "additionalProperties": false, + "description": "An EC2 instance configuration AWS PCS uses to launch compute nodes.", + "properties": { + "InstanceType": { + "description": "The EC2 instance type that AWS PCS can provision in the compute node group.", + "type": "string" + } + }, + "type": "object" + }, + "SlurmCustomSetting": { + "additionalProperties": false, + "description": "Additional settings that directly map to Slurm settings.", + "properties": { + "ParameterName": { + "description": "AWS PCS supports configuration of the following Slurm parameters for compute node groups: Weight and RealMemory.", + "type": "string" + }, + "ParameterValue": { + "description": "The value for the configured Slurm setting.", + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, + "SubnetId": { + "description": "A VPC subnet ID.", + "type": "string" + } + }, + "description": "AWS::PCS::ComputeNodeGroup resource creates an AWS PCS compute node group.", + "handlers": { + "create": { + "permissions": [ + "ec2:DescribeImages", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceTypeOfferings", + "ec2:RunInstances", + "ec2:CreateFleet", + "ec2:CreateTags", + "iam:PassRole", + "iam:GetInstanceProfile", + "pcs:CreateComputeNodeGroup", + "pcs:GetComputeNodeGroup", + "pcs:ListTagsForResource", + "pcs:TagResource" + ], + "timeoutInMinutes": 60 + }, + "delete": { + "permissions": [ + "ec2:DescribeImages", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceTypeOfferings", + "ec2:TerminateInstances", + "ec2:CreateFleet", + "ec2:CreateTags", + "iam:PassRole", + "iam:GetInstanceProfile", + "pcs:GetComputeNodeGroup", + "pcs:DeleteComputeNodeGroup", + "pcs:ListTagsForResource", + "pcs:TagResource", + "pcs:UntagResource" + ], + "timeoutInMinutes": 60 + }, + "list": { + "handlerSchema": { + "properties": { + "ClusterId": { + "$ref": "resource-schema.json#/properties/ClusterId" + } + }, + "required": [ + "ClusterId" + ] + }, + "permissions": [ + "pcs:ListClusters", + "pcs:ListComputeNodeGroups" + ] + }, + "read": { + "permissions": [ + "pcs:GetComputeNodeGroup", + "pcs:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "ec2:DescribeImages", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceTypeOfferings", + "ec2:RunInstances", + "ec2:CreateFleet", + "ec2:CreateTags", + "iam:PassRole", + "iam:GetInstanceProfile", + "pcs:GetComputeNodeGroup", + "pcs:UpdateComputeNodeGroup", + "pcs:ListTagsForResource", + "pcs:TagResource", + "pcs:UntagResource" + ], + "timeoutInMinutes": 60 + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "AmiId": { + "description": "The ID of the Amazon Machine Image (AMI) that AWS PCS uses to launch instances. If not provided, AWS PCS uses the AMI ID specified in the custom launch template.", + "pattern": "^ami-[a-z0-9]+$", + "type": "string" + }, + "Arn": { + "description": "The unique Amazon Resource Name (ARN) of the compute node group.", + "type": "string" + }, + "ClusterId": { + "description": "The ID of the cluster of the compute node group.", + "type": "string" + }, + "CustomLaunchTemplate": { + "additionalProperties": false, + "description": "An Amazon EC2 launch template AWS PCS uses to launch compute nodes.", + "properties": { + "TemplateId": { + "description": "The ID of the EC2 launch template to use to provision instances.", + "type": "string" + }, + "Version": { + "description": "The version of the EC2 launch template to use to provision instances.", + "type": "string" + } + }, + "required": [ + "Version" + ], + "type": "object" + }, + "ErrorInfo": { + "description": "The list of errors that occurred during compute node group provisioning.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ErrorInfo" + }, + "type": "array" + }, + "IamInstanceProfileArn": { + "description": "The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have pcs:RegisterComputeNodeGroupInstance permissions attached to provision instances correctly.", + "pattern": "^arn:aws([a-zA-Z-]{0,10})?:iam::[0-9]{12}:instance-profile/.{1,128}$", + "type": "string" + }, + "Id": { + "description": "The generated unique ID of the compute node group.", + "type": "string" + }, + "InstanceConfigs": { + "description": "A list of EC2 instance configurations that AWS PCS can provision in the compute node group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/InstanceConfig" + }, + "type": "array" + }, + "Name": { + "description": "The name that identifies the compute node group.", + "type": "string" + }, + "PurchaseOption": { + "description": "Specifies how EC2 instances are purchased on your behalf. AWS PCS supports On-Demand and Spot instances. For more information, see Instance purchasing options in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to On-Demand.", + "enum": [ + "ONDEMAND", + "SPOT" + ], + "type": "string" + }, + "ScalingConfiguration": { + "additionalProperties": false, + "description": "Specifies the boundaries of the compute node group auto scaling.", + "properties": { + "MaxInstanceCount": { + "description": "The upper bound of the number of instances allowed in the compute fleet.", + "minimum": 0, + "type": "integer" + }, + "MinInstanceCount": { + "description": "The lower bound of the number of instances allowed in the compute fleet.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "MaxInstanceCount", + "MinInstanceCount" + ], + "type": "object" + }, + "SlurmConfiguration": { + "additionalProperties": false, + "description": "Additional options related to the Slurm scheduler.", + "properties": { + "SlurmCustomSettings": { + "description": "Additional Slurm-specific configuration that directly maps to Slurm settings.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SlurmCustomSetting" + }, + "type": "array" + } + }, + "type": "object" + }, + "SpotOptions": { + "additionalProperties": false, + "description": "Additional configuration when you specify SPOT as the purchase option.", + "properties": { + "AllocationStrategy": { + "description": "The Amazon EC2 allocation strategy AWS PCS uses to provision EC2 instances. AWS PCS supports lowest price, capacity optimized, and price capacity optimized. If you don't provide this option, it defaults to price capacity optimized.", + "enum": [ + "lowest-price", + "capacity-optimized", + "price-capacity-optimized" + ], + "type": "string" + } + }, + "type": "object" + }, + "Status": { + "description": "The provisioning status of the compute node group. The provisioning status doesn't indicate the overall health of the compute node group.", + "enum": [ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "CREATE_FAILED", + "DELETE_FAILED", + "UPDATE_FAILED" + ], + "type": "string" + }, + "SubnetIds": { + "description": "The list of subnet IDs where instances are provisioned by the compute node group. The subnets must be in the same VPC as the cluster.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/SubnetId" + }, + "type": "array" + }, + "Tags": { + "additionalProperties": false, + "description": "1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string.", + "patternProperties": { + "^.+$": { + "type": "string" + } + } + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/ErrorInfo", + "/properties/Id", + "/properties/Status" + ], + "required": [ + "ClusterId", + "CustomLaunchTemplate", + "IamInstanceProfileArn", + "InstanceConfigs", + "ScalingConfiguration", + "SubnetIds" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-pcs.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "pcs:TagResource", + "pcs:ListTagsForResource", + "pcs:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::PCS::ComputeNodeGroup" +} diff --git a/src/schema/aws-pcs-queue.json b/src/schema/aws-pcs-queue.json new file mode 100644 index 00000000..4333d8be --- /dev/null +++ b/src/schema/aws-pcs-queue.json @@ -0,0 +1,178 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/ClusterId" + ], + "definitions": { + "ComputeNodeGroupConfiguration": { + "additionalProperties": false, + "description": "The compute node group configuration for a queue.", + "properties": { + "ComputeNodeGroupId": { + "description": "The compute node group ID for the compute node group configuration.", + "type": "string" + } + }, + "type": "object" + }, + "ErrorInfo": { + "additionalProperties": false, + "description": "An error that occurred during resource provisioning.", + "properties": { + "Code": { + "description": "The short-form error code.", + "type": "string" + }, + "Message": { + "description": "The detailed error information.", + "type": "string" + } + }, + "type": "object" + } + }, + "description": "AWS::PCS::Queue resource creates an AWS PCS queue.", + "handlers": { + "create": { + "permissions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:GetSecurityGroupsForVpc", + "iam:CreateServiceLinkedRole", + "secretsmanager:CreateSecret", + "secretsmanager:TagResource", + "pcs:CreateQueue", + "pcs:GetQueue", + "pcs:ListTagsForResource", + "pcs:TagResource" + ], + "timeoutInMinutes": 60 + }, + "delete": { + "permissions": [ + "pcs:DeleteQueue", + "pcs:GetQueue" + ], + "timeoutInMinutes": 60 + }, + "list": { + "handlerSchema": { + "properties": { + "ClusterId": { + "$ref": "resource-schema.json#/properties/ClusterId" + } + }, + "required": [ + "ClusterId" + ] + }, + "permissions": [ + "pcs:ListClusters", + "pcs:ListQueues" + ] + }, + "read": { + "permissions": [ + "pcs:GetQueue", + "pcs:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "pcs:GetQueue", + "pcs:UpdateQueue", + "pcs:ListTagsForResource", + "pcs:TagResource", + "pcs:UntagResource" + ], + "timeoutInMinutes": 60 + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "description": "The unique Amazon Resource Name (ARN) of the queue.", + "pattern": "^(.*?)", + "type": "string" + }, + "ClusterId": { + "description": "The ID of the cluster of the queue.", + "type": "string" + }, + "ComputeNodeGroupConfigurations": { + "description": "The list of compute node group configurations associated with the queue. Queues assign jobs to associated compute node groups.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ComputeNodeGroupConfiguration" + }, + "type": "array" + }, + "ErrorInfo": { + "description": "The list of errors that occurred during queue provisioning.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ErrorInfo" + }, + "type": "array" + }, + "Id": { + "description": "The generated unique ID of the queue.", + "type": "string" + }, + "Name": { + "description": "The name that identifies the queue.", + "type": "string" + }, + "Status": { + "description": "The provisioning status of the queue. The provisioning status doesn't indicate the overall health of the queue.", + "enum": [ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "CREATE_FAILED", + "DELETE_FAILED", + "UPDATE_FAILED" + ], + "type": "string" + }, + "Tags": { + "additionalProperties": false, + "description": "1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string.", + "patternProperties": { + "^.+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/ErrorInfo", + "/properties/Id", + "/properties/Status" + ], + "required": [ + "ClusterId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-pcs.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "pcs:TagResource", + "pcs:ListTagsForResource", + "pcs:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::PCS::Queue" +} diff --git a/src/schema/aws-pinpoint-inapptemplate.json b/src/schema/aws-pinpoint-inapptemplate.json index 3b7e1862..60f2574e 100644 --- a/src/schema/aws-pinpoint-inapptemplate.json +++ b/src/schema/aws-pinpoint-inapptemplate.json @@ -159,7 +159,9 @@ "update": { "permissions": [ "mobiletargeting:UpdateInAppTemplate", - "mobiletargeting:GetInAppTemplate" + "mobiletargeting:GetInAppTemplate", + "mobiletargeting:TagResource", + "mobiletargeting:UntagResource" ] } }, @@ -208,6 +210,16 @@ "TemplateName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "mobiletargeting:TagResource", + "mobiletargeting:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Pinpoint::InAppTemplate" } diff --git a/src/schema/aws-pipes-pipe.json b/src/schema/aws-pipes-pipe.json index 1a1dc6ee..7e197391 100644 --- a/src/schema/aws-pipes-pipe.json +++ b/src/schema/aws-pipes-pipe.json @@ -17,10 +17,10 @@ "/properties/SourceParameters/ManagedStreamingKafkaParameters/TopicName", "/properties/SourceParameters/ManagedStreamingKafkaParameters/StartingPosition", "/properties/SourceParameters/ManagedStreamingKafkaParameters/ConsumerGroupID", - "/properties/SourceParameters/SelfManagedApacheKafkaParameters/TopicName", - "/properties/SourceParameters/SelfManagedApacheKafkaParameters/StartingPosition", - "/properties/SourceParameters/SelfManagedApacheKafkaParameters/AdditionalBootstrapServers", - "/properties/SourceParameters/SelfManagedApacheKafkaParameters/ConsumerGroupID" + "/properties/SourceParameters/SelfManagedKafkaParameters/TopicName", + "/properties/SourceParameters/SelfManagedKafkaParameters/StartingPosition", + "/properties/SourceParameters/SelfManagedKafkaParameters/AdditionalBootstrapServers", + "/properties/SourceParameters/SelfManagedKafkaParameters/ConsumerGroupID" ], "definitions": { "AssignPublicIp": { @@ -211,7 +211,7 @@ "LogGroupArn": { "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:logs:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):log-group:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:logs:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):log-group:.+)$", "type": "string" } }, @@ -223,7 +223,7 @@ "Arn": { "maxLength": 1600, "minLength": 1, - "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", + "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", "type": "string" } }, @@ -410,7 +410,7 @@ "ExecutionRoleArn": { "maxLength": 1600, "minLength": 1, - "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", + "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", "type": "string" }, "InferenceAcceleratorOverrides": { @@ -425,7 +425,7 @@ "TaskRoleArn": { "maxLength": 1600, "minLength": 1, - "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", + "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", "type": "string" } }, @@ -471,7 +471,7 @@ "DeliveryStreamArn": { "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:firehose:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):deliverystream/.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:firehose:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):deliverystream/.+)$", "type": "string" } }, @@ -529,7 +529,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" } }, @@ -550,7 +550,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" } }, @@ -567,7 +567,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" } }, @@ -974,7 +974,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" }, "StartingPosition": { @@ -1155,7 +1155,7 @@ "TaskDefinitionArn": { "maxLength": 1600, "minLength": 1, - "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", + "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", "type": "string" } }, @@ -1182,7 +1182,7 @@ "items": { "maxLength": 1600, "minLength": 1, - "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", + "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", "type": "string" }, "maxItems": 10, @@ -1319,7 +1319,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", "type": "string" }, "Sqls": { @@ -1570,7 +1570,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" } }, @@ -1587,7 +1587,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" } }, @@ -1604,7 +1604,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" } }, @@ -1621,7 +1621,7 @@ "description": "Optional SecretManager ARN which stores the database credentials", "maxLength": 1600, "minLength": 1, - "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern": "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "type": "string" } }, @@ -1752,18 +1752,25 @@ "logs:ListLogDeliveries", "s3:PutBucketPolicy", "s3:GetBucketPolicy", - "firehose:TagDeliveryStream" + "firehose:TagDeliveryStream", + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" ] }, "delete": { "permissions": [ "pipes:DeletePipe", "pipes:DescribePipe", + "pipes:UntagResource", "logs:CreateLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:GetLogDelivery", - "logs:ListLogDeliveries" + "logs:ListLogDeliveries", + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" ] }, "list": { @@ -1773,7 +1780,8 @@ }, "read": { "permissions": [ - "pipes:DescribePipe" + "pipes:DescribePipe", + "kms:Decrypt" ] }, "update": { @@ -1794,7 +1802,10 @@ "logs:ListLogDeliveries", "s3:PutBucketPolicy", "s3:GetBucketPolicy", - "firehose:TagDeliveryStream" + "firehose:TagDeliveryStream", + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" ] } }, @@ -1827,12 +1838,17 @@ "Enrichment": { "maxLength": 1600, "minLength": 0, - "pattern": "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", + "pattern": "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", "type": "string" }, "EnrichmentParameters": { "$ref": "#/definitions/PipeEnrichmentParameters" }, + "KmsKeyIdentifier": { + "maxLength": 2048, + "minLength": 0, + "type": "string" + }, "LastModifiedTime": { "format": "date-time", "type": "string" @@ -1855,7 +1871,7 @@ "Source": { "maxLength": 1600, "minLength": 1, - "pattern": "^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", + "pattern": "^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", "type": "string" }, "SourceParameters": { @@ -1873,7 +1889,7 @@ "Target": { "maxLength": 1600, "minLength": 1, - "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", + "pattern": "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$", "type": "string" }, "TargetParameters": { @@ -1894,6 +1910,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "pipes:TagResource", + "pipes:UntagResource", + "pipes:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-proton-environmentaccountconnection.json b/src/schema/aws-proton-environmentaccountconnection.json index 18855c34..6195db4b 100644 --- a/src/schema/aws-proton-environmentaccountconnection.json +++ b/src/schema/aws-proton-environmentaccountconnection.json @@ -156,6 +156,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-proton", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "proton:ListTagsForResource", + "proton:UntagResource", + "proton:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-proton-environmenttemplate.json b/src/schema/aws-proton-environmenttemplate.json index 877d13fa..cad9a4dd 100644 --- a/src/schema/aws-proton-environmenttemplate.json +++ b/src/schema/aws-proton-environmenttemplate.json @@ -46,16 +46,90 @@ "create": { "permissions": [ "proton:CreateEnvironmentTemplate", + "proton:DeleteEnvironmentTemplate", + "proton:ListTagsForResource", "proton:TagResource", "proton:GetEnvironmentTemplate", - "kms:*" + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] }, "delete": { "permissions": [ + "proton:CreateEnvironmentTemplate", "proton:DeleteEnvironmentTemplate", "proton:GetEnvironmentTemplate", - "kms:*" + "proton:ListTagsForResource", + "proton:TagResource", + "proton:UntagResource", + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] }, "list": { @@ -65,20 +139,91 @@ }, "read": { "permissions": [ - "proton:GetEnvironmentTemplate", + "proton:CreateEnvironmentTemplate", + "proton:DeleteEnvironmentTemplate", "proton:ListTagsForResource", - "kms:*" + "proton:GetEnvironmentTemplate", + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] }, "update": { "permissions": [ "proton:CreateEnvironmentTemplate", + "proton:DeleteEnvironmentTemplate", + "proton:GetEnvironmentTemplate", "proton:ListTagsForResource", "proton:TagResource", - "proton:UntagResource", "proton:UpdateEnvironmentTemplate", - "proton:GetEnvironmentTemplate", - "kms:*" + "proton:UntagResource", + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] } }, @@ -135,6 +280,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-proton", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "proton:ListTagsForResource", + "proton:UntagResource", + "proton:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-proton-servicetemplate.json b/src/schema/aws-proton-servicetemplate.json index 78317c88..473f38d0 100644 --- a/src/schema/aws-proton-servicetemplate.json +++ b/src/schema/aws-proton-servicetemplate.json @@ -47,28 +47,131 @@ "permissions": [ "proton:CreateServiceTemplate", "proton:TagResource", - "kms:*", - "proton:GetServiceTemplate" + "proton:GetServiceTemplate", + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] }, "delete": { "permissions": [ "proton:DeleteServiceTemplate", "proton:UntagResource", - "kms:*", - "proton:GetServiceTemplate" + "proton:GetServiceTemplate", + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] }, "list": { "permissions": [ - "proton:ListServiceTemplates" + "proton:ListServiceTemplates", + "proton:ListTagsForResource" ] }, "read": { "permissions": [ "proton:GetServiceTemplate", "proton:ListTagsForResource", - "kms:*" + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] }, "update": { @@ -79,7 +182,41 @@ "proton:TagResource", "proton:UntagResource", "proton:UpdateServiceTemplate", - "kms:*" + "kms:CancelKeyDeletion", + "kms:CreateAlias", + "kms:CreateCustomKeyStore", + "kms:CreateGrant", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:DeleteCustomKeyStore", + "kms:DeleteImportedKeyMaterial", + "kms:DescribeCustomKeyStores", + "kms:DescribeKey", + "kms:DisableKey", + "kms:DisableKeyRotation", + "kms:EnableKey", + "kms:EnableKeyRotation", + "kms:GenerateDataKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:GetParametersForImport", + "kms:GetPublicKey", + "kms:ListAliases", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeyRotations", + "kms:ListKeys", + "kms:ListResourceTags", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:RevokeGrant", + "kms:ScheduleKeyDeletion", + "kms:TagResource", + "kms:UntagResource", + "kms:UpdateAlias", + "kms:UpdateCustomKeyStore", + "kms:UpdateKeyDescription", + "kms:UpdatePrimaryRegion" ] } }, @@ -139,6 +276,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-proton", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "proton:ListTagsForResource", + "proton:UntagResource", + "proton:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-qbusiness-application.json b/src/schema/aws-qbusiness-application.json index d72da591..3e8920da 100644 --- a/src/schema/aws-qbusiness-application.json +++ b/src/schema/aws-qbusiness-application.json @@ -1,7 +1,11 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/EncryptionConfiguration" + "/properties/ClientIdsForOIDC", + "/properties/EncryptionConfiguration", + "/properties/IamIdentityProviderArn", + "/properties/IdentityType", + "/properties/QuickSightConfiguration" ], "definitions": { "ApplicationStatus": { @@ -33,6 +37,28 @@ ], "type": "string" }, + "AutoSubscriptionConfiguration": { + "additionalProperties": false, + "properties": { + "AutoSubscribe": { + "$ref": "#/definitions/AutoSubscriptionStatus" + }, + "DefaultSubscriptionType": { + "$ref": "#/definitions/SubscriptionType" + } + }, + "required": [ + "AutoSubscribe" + ], + "type": "object" + }, + "AutoSubscriptionStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "EncryptionConfiguration": { "additionalProperties": false, "properties": { @@ -44,6 +70,34 @@ }, "type": "object" }, + "IdentityType": { + "enum": [ + "AWS_IAM_IDP_SAML", + "AWS_IAM_IDP_OIDC", + "AWS_IAM_IDC", + "AWS_QUICKSIGHT_IDP" + ], + "type": "string" + }, + "PersonalizationConfiguration": { + "additionalProperties": false, + "properties": { + "PersonalizationControlMode": { + "$ref": "#/definitions/PersonalizationControlMode" + } + }, + "required": [ + "PersonalizationControlMode" + ], + "type": "object" + }, + "PersonalizationControlMode": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "QAppsConfiguration": { "additionalProperties": false, "properties": { @@ -63,6 +117,28 @@ ], "type": "string" }, + "QuickSightConfiguration": { + "additionalProperties": false, + "properties": { + "ClientNamespace": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9._-]*$", + "type": "string" + } + }, + "required": [ + "ClientNamespace" + ], + "type": "object" + }, + "SubscriptionType": { + "enum": [ + "Q_LITE", + "Q_BUSINESS" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -88,6 +164,7 @@ "handlers": { "create": { "permissions": [ + "iam:GetSAMLProvider", "iam:PassRole", "kms:CreateGrant", "kms:DescribeKey", @@ -95,8 +172,12 @@ "qbusiness:GetApplication", "qbusiness:ListTagsForResource", "qbusiness:TagResource", + "qbusiness:UpdateApplication", + "quicksight:DescribeAccountSubscription", + "quicksight:ListNamespaces", "sso:CreateApplication", "sso:DeleteApplication", + "sso:DescribeInstance", "sso:PutApplicationAccessScope", "sso:PutApplicationAuthenticationMethod", "sso:PutApplicationGrant" @@ -131,6 +212,7 @@ "qbusiness:UpdateApplication", "sso:CreateApplication", "sso:DeleteApplication", + "sso:DescribeInstance", "sso:PutApplicationAccessScope", "sso:PutApplicationAuthenticationMethod", "sso:PutApplicationGrant" @@ -156,6 +238,18 @@ "AttachmentsConfiguration": { "$ref": "#/definitions/AttachmentsConfiguration" }, + "AutoSubscriptionConfiguration": { + "$ref": "#/definitions/AutoSubscriptionConfiguration" + }, + "ClientIdsForOIDC": { + "items": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_.:/()*?=-]*$", + "type": "string" + }, + "type": "array" + }, "CreatedAt": { "format": "date-time", "type": "string" @@ -175,6 +269,12 @@ "EncryptionConfiguration": { "$ref": "#/definitions/EncryptionConfiguration" }, + "IamIdentityProviderArn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:aws:iam::\\d{12}:(oidc-provider|saml-provider)/[a-zA-Z0-9_\\.\\/@\\-]+$", + "type": "string" + }, "IdentityCenterApplicationArn": { "maxLength": 1224, "minLength": 10, @@ -187,9 +287,18 @@ "pattern": "^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$", "type": "string" }, + "IdentityType": { + "$ref": "#/definitions/IdentityType" + }, + "PersonalizationConfiguration": { + "$ref": "#/definitions/PersonalizationConfiguration" + }, "QAppsConfiguration": { "$ref": "#/definitions/QAppsConfiguration" }, + "QuickSightConfiguration": { + "$ref": "#/definitions/QuickSightConfiguration" + }, "RoleArn": { "maxLength": 1284, "minLength": 0, @@ -200,7 +309,6 @@ "$ref": "#/definitions/ApplicationStatus" }, "Tags": { - "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" }, @@ -225,6 +333,15 @@ "DisplayName" ], "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::Application", diff --git a/src/schema/aws-qbusiness-dataaccessor.json b/src/schema/aws-qbusiness-dataaccessor.json new file mode 100644 index 00000000..5758b7fa --- /dev/null +++ b/src/schema/aws-qbusiness-dataaccessor.json @@ -0,0 +1,330 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ApplicationId", + "/properties/Principal" + ], + "definitions": { + "ActionConfiguration": { + "additionalProperties": false, + "properties": { + "Action": { + "pattern": "^qbusiness:[a-zA-Z]+$", + "type": "string" + }, + "FilterConfiguration": { + "$ref": "#/definitions/ActionFilterConfiguration" + } + }, + "required": [ + "Action" + ], + "type": "object" + }, + "ActionFilterConfiguration": { + "additionalProperties": false, + "properties": { + "DocumentAttributeFilter": { + "$ref": "#/definitions/AttributeFilter" + } + }, + "required": [ + "DocumentAttributeFilter" + ], + "type": "object" + }, + "AttributeFilter": { + "additionalProperties": false, + "properties": { + "AndAllFilters": { + "items": { + "$ref": "#/definitions/AttributeFilter" + }, + "type": "array" + }, + "ContainsAll": { + "$ref": "#/definitions/DocumentAttribute" + }, + "ContainsAny": { + "$ref": "#/definitions/DocumentAttribute" + }, + "EqualsTo": { + "$ref": "#/definitions/DocumentAttribute" + }, + "GreaterThan": { + "$ref": "#/definitions/DocumentAttribute" + }, + "GreaterThanOrEquals": { + "$ref": "#/definitions/DocumentAttribute" + }, + "LessThan": { + "$ref": "#/definitions/DocumentAttribute" + }, + "LessThanOrEquals": { + "$ref": "#/definitions/DocumentAttribute" + }, + "NotFilter": { + "$ref": "#/definitions/AttributeFilter" + }, + "OrAllFilters": { + "items": { + "$ref": "#/definitions/AttributeFilter" + }, + "type": "array" + } + }, + "type": "object" + }, + "DocumentAttribute": { + "additionalProperties": false, + "properties": { + "Name": { + "maxLength": 200, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_][a-zA-Z0-9_-]*$", + "type": "string" + }, + "Value": { + "$ref": "#/definitions/DocumentAttributeValue" + } + }, + "required": [ + "Name", + "Value" + ], + "type": "object" + }, + "DocumentAttributeValue": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "StringValue": { + "maxLength": 2048, + "type": "string" + } + }, + "required": [ + "StringValue" + ], + "title": "StringValue", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "StringListValue": { + "items": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "StringListValue" + ], + "title": "StringListValue", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "LongValue": { + "type": "number" + } + }, + "required": [ + "LongValue" + ], + "title": "LongValue", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "DateValue": { + "format": "date-time", + "type": "string" + } + }, + "required": [ + "DateValue" + ], + "title": "DateValue", + "type": "object" + } + ] + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "Unit": { + "additionalProperties": false, + "type": "object" + } + }, + "description": "Definition of AWS::QBusiness::DataAccessor Resource Type", + "handlers": { + "create": { + "permissions": [ + "qbusiness:CreateDataAccessor", + "qbusiness:GetDataAccessor", + "qbusiness:ListTagsForResource", + "qbusiness:TagResource", + "sso:CreateApplication", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant", + "sso:PutApplicationAccessScope" + ] + }, + "delete": { + "permissions": [ + "qbusiness:DeleteDataAccessor", + "qbusiness:GetDataAccessor", + "sso:DeleteApplication" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ApplicationId": { + "$ref": "resource-schema.json#/properties/ApplicationId" + } + }, + "required": [ + "ApplicationId" + ] + }, + "permissions": [ + "qbusiness:ListDataAccessors" + ] + }, + "read": { + "permissions": [ + "qbusiness:GetDataAccessor", + "qbusiness:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "qbusiness:GetDataAccessor", + "qbusiness:ListTagsForResource", + "qbusiness:TagResource", + "qbusiness:UntagResource", + "qbusiness:UpdateDataAccessor" + ] + } + }, + "primaryIdentifier": [ + "/properties/ApplicationId", + "/properties/DataAccessorId" + ], + "properties": { + "ActionConfigurations": { + "items": { + "$ref": "#/definitions/ActionConfiguration" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + }, + "ApplicationId": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{35}$", + "type": "string" + }, + "CreatedAt": { + "format": "date-time", + "type": "string" + }, + "DataAccessorArn": { + "maxLength": 1284, + "minLength": 0, + "pattern": "^arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}$", + "type": "string" + }, + "DataAccessorId": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{35}$", + "type": "string" + }, + "DisplayName": { + "maxLength": 100, + "minLength": 1, + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_-]*$", + "type": "string" + }, + "IdcApplicationArn": { + "maxLength": 1224, + "minLength": 10, + "pattern": "^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$", + "type": "string" + }, + "Principal": { + "maxLength": 1284, + "minLength": 1, + "pattern": "^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+$", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "UpdatedAt": { + "format": "date-time", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/CreatedAt", + "/properties/DataAccessorArn", + "/properties/DataAccessorId", + "/properties/IdcApplicationArn", + "/properties/UpdatedAt" + ], + "required": [ + "ApplicationId", + "ActionConfigurations", + "DisplayName", + "Principal" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::QBusiness::DataAccessor" +} diff --git a/src/schema/aws-qbusiness-datasource.json b/src/schema/aws-qbusiness-datasource.json index a2fef648..bc8a2ba0 100644 --- a/src/schema/aws-qbusiness-datasource.json +++ b/src/schema/aws-qbusiness-datasource.json @@ -11,6 +11,25 @@ ], "type": "string" }, + "AudioExtractionConfiguration": { + "additionalProperties": false, + "properties": { + "AudioExtractionStatus": { + "$ref": "#/definitions/AudioExtractionStatus" + } + }, + "required": [ + "AudioExtractionStatus" + ], + "type": "object" + }, + "AudioExtractionStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "DataSourceStatus": { "enum": [ "PENDING_CREATION", @@ -231,6 +250,25 @@ }, "type": "object" }, + "ImageExtractionConfiguration": { + "additionalProperties": false, + "properties": { + "ImageExtractionStatus": { + "$ref": "#/definitions/ImageExtractionStatus" + } + }, + "required": [ + "ImageExtractionStatus" + ], + "type": "object" + }, + "ImageExtractionStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "InlineDocumentEnrichmentConfiguration": { "additionalProperties": false, "properties": { @@ -246,6 +284,21 @@ }, "type": "object" }, + "MediaExtractionConfiguration": { + "additionalProperties": false, + "properties": { + "AudioExtractionConfiguration": { + "$ref": "#/definitions/AudioExtractionConfiguration" + }, + "ImageExtractionConfiguration": { + "$ref": "#/definitions/ImageExtractionConfiguration" + }, + "VideoExtractionConfiguration": { + "$ref": "#/definitions/VideoExtractionConfiguration" + } + }, + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -265,6 +318,25 @@ "Value" ], "type": "object" + }, + "VideoExtractionConfiguration": { + "additionalProperties": false, + "properties": { + "VideoExtractionStatus": { + "$ref": "#/definitions/VideoExtractionStatus" + } + }, + "required": [ + "VideoExtractionStatus" + ], + "type": "object" + }, + "VideoExtractionStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" } }, "description": "Definition of AWS::QBusiness::DataSource Resource Type", @@ -370,6 +442,9 @@ "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{35}$", "type": "string" }, + "MediaExtractionConfiguration": { + "$ref": "#/definitions/MediaExtractionConfiguration" + }, "RoleArn": { "maxLength": 1284, "minLength": 0, @@ -422,6 +497,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::DataSource" diff --git a/src/schema/aws-qbusiness-index.json b/src/schema/aws-qbusiness-index.json index bf712ab3..5d4cb290 100644 --- a/src/schema/aws-qbusiness-index.json +++ b/src/schema/aws-qbusiness-index.json @@ -246,6 +246,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::Index" diff --git a/src/schema/aws-qbusiness-permission.json b/src/schema/aws-qbusiness-permission.json new file mode 100644 index 00000000..ac60cbda --- /dev/null +++ b/src/schema/aws-qbusiness-permission.json @@ -0,0 +1,91 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ApplicationId", + "/properties/StatementId", + "/properties/Actions", + "/properties/Principal" + ], + "description": "Definition of AWS::QBusiness::Permission Resource Type", + "handlers": { + "create": { + "permissions": [ + "qbusiness:AssociatePermission", + "qbusiness:PutResourcePolicy" + ] + }, + "delete": { + "permissions": [ + "qbusiness:DisassociatePermission", + "qbusiness:PutResourcePolicy" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ApplicationId": { + "$ref": "resource-schema.json#/properties/ApplicationId" + } + }, + "required": [ + "ApplicationId" + ] + }, + "permissions": [ + "qbusiness:GetPolicy" + ] + }, + "read": { + "permissions": [ + "qbusiness:GetPolicy" + ] + } + }, + "primaryIdentifier": [ + "/properties/ApplicationId", + "/properties/StatementId" + ], + "properties": { + "Actions": { + "items": { + "pattern": "^qbusiness:[a-zA-Z]+$", + "type": "string" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + }, + "ApplicationId": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{35}$", + "type": "string" + }, + "Principal": { + "maxLength": 1284, + "minLength": 1, + "pattern": "^arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+$", + "type": "string" + }, + "StatementId": { + "maxLength": 100, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_-]+$", + "type": "string" + } + }, + "required": [ + "ApplicationId", + "StatementId", + "Actions", + "Principal" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::QBusiness::Permission" +} diff --git a/src/schema/aws-qbusiness-plugin.json b/src/schema/aws-qbusiness-plugin.json index 215c92b5..224581b0 100644 --- a/src/schema/aws-qbusiness-plugin.json +++ b/src/schema/aws-qbusiness-plugin.json @@ -92,6 +92,12 @@ "OAuth2ClientCredentialConfiguration": { "additionalProperties": false, "properties": { + "AuthorizationUrl": { + "maxLength": 2048, + "minLength": 1, + "pattern": "^(https?|ftp|file)://([^\\s]*)$", + "type": "string" + }, "RoleArn": { "maxLength": 1284, "minLength": 0, @@ -103,6 +109,12 @@ "minLength": 0, "pattern": "^arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}$", "type": "string" + }, + "TokenUrl": { + "maxLength": 2048, + "minLength": 1, + "pattern": "^(https?|ftp|file)://([^\\s]*)$", + "type": "string" } }, "required": [ @@ -179,7 +191,19 @@ "SALESFORCE", "JIRA", "ZENDESK", - "CUSTOM" + "CUSTOM", + "QUICKSIGHT", + "SERVICENOW_NOW_PLATFORM", + "JIRA_CLOUD", + "SALESFORCE_CRM", + "ZENDESK_SUITE", + "ATLASSIAN_CONFLUENCE", + "GOOGLE_CALENDAR", + "MICROSOFT_TEAMS", + "MICROSOFT_EXCHANGE", + "PAGERDUTY_ADVANCE", + "SMARTSHEET", + "ASANA" ], "type": "string" }, @@ -233,8 +257,7 @@ "qbusiness:CreatePlugin", "qbusiness:GetPlugin", "qbusiness:ListTagsForResource", - "qbusiness:TagResource", - "qbusiness:UpdatePlugin" + "qbusiness:TagResource" ] }, "delete": { @@ -327,7 +350,6 @@ "$ref": "#/definitions/PluginState" }, "Tags": { - "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" }, @@ -351,13 +373,21 @@ "/properties/UpdatedAt" ], "required": [ - "ApplicationId", "AuthConfiguration", "DisplayName", "Type" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::Plugin" diff --git a/src/schema/aws-qbusiness-retriever.json b/src/schema/aws-qbusiness-retriever.json index d2dfb5da..a45d2a5e 100644 --- a/src/schema/aws-qbusiness-retriever.json +++ b/src/schema/aws-qbusiness-retriever.json @@ -227,6 +227,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::Retriever" diff --git a/src/schema/aws-qbusiness-webexperience.json b/src/schema/aws-qbusiness-webexperience.json index a83fe2dc..af1aedb7 100644 --- a/src/schema/aws-qbusiness-webexperience.json +++ b/src/schema/aws-qbusiness-webexperience.json @@ -4,6 +4,135 @@ "/properties/ApplicationId" ], "definitions": { + "BrowserExtension": { + "enum": [ + "FIREFOX", + "CHROME" + ], + "type": "string" + }, + "BrowserExtensionConfiguration": { + "additionalProperties": false, + "properties": { + "EnabledBrowserExtensions": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/BrowserExtension" + }, + "maxItems": 2, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "EnabledBrowserExtensions" + ], + "type": "object" + }, + "CustomizationConfiguration": { + "additionalProperties": false, + "properties": { + "CustomCSSUrl": { + "maxLength": 1284, + "minLength": 0, + "pattern": "^(https?://[a-zA-Z0-9-_.+%/]+\\.css)?$", + "type": "string" + }, + "FaviconUrl": { + "maxLength": 1284, + "minLength": 0, + "pattern": "^(https?://[a-zA-Z0-9-_.+%/]+\\.(svg|ico))?$", + "type": "string" + }, + "FontUrl": { + "maxLength": 1284, + "minLength": 0, + "pattern": "^(https?://[a-zA-Z0-9-_.+%/]+\\.(ttf|woff|woff2|otf))?$", + "type": "string" + }, + "LogoUrl": { + "maxLength": 1284, + "minLength": 0, + "pattern": "^(https?://[a-zA-Z0-9-_.+%/]+\\.(svg|png))?$", + "type": "string" + } + }, + "type": "object" + }, + "IdentityProviderConfiguration": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "SamlConfiguration": { + "$ref": "#/definitions/SamlProviderConfiguration" + } + }, + "required": [ + "SamlConfiguration" + ], + "title": "SamlConfiguration", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "OpenIDConnectConfiguration": { + "$ref": "#/definitions/OpenIDConnectProviderConfiguration" + } + }, + "required": [ + "OpenIDConnectConfiguration" + ], + "title": "OpenIDConnectConfiguration", + "type": "object" + } + ] + }, + "OpenIDConnectProviderConfiguration": { + "additionalProperties": false, + "properties": { + "SecretsArn": { + "maxLength": 1284, + "minLength": 0, + "pattern": "^arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}$", + "type": "string" + }, + "SecretsRole": { + "maxLength": 1284, + "minLength": 0, + "pattern": "^arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}$", + "type": "string" + } + }, + "required": [ + "SecretsArn", + "SecretsRole" + ], + "type": "object" + }, + "Origin": { + "maxLength": 64, + "minLength": 1, + "pattern": "^(http:\\/\\/|https:\\/\\/)[a-zA-Z0-9-_.]+(?::[0-9]{1,5})?$", + "type": "string" + }, + "SamlProviderConfiguration": { + "additionalProperties": false, + "properties": { + "AuthenticationUrl": { + "maxLength": 1284, + "minLength": 1, + "pattern": "^https://.*$", + "type": "string" + } + }, + "required": [ + "AuthenticationUrl" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -106,16 +235,34 @@ "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{35}$", "type": "string" }, + "BrowserExtensionConfiguration": { + "$ref": "#/definitions/BrowserExtensionConfiguration" + }, "CreatedAt": { "format": "date-time", "type": "string" }, + "CustomizationConfiguration": { + "$ref": "#/definitions/CustomizationConfiguration" + }, "DefaultEndpoint": { "maxLength": 2048, "minLength": 1, "pattern": "^(https?|ftp|file)://([^\\s]*)$", "type": "string" }, + "IdentityProviderConfiguration": { + "$ref": "#/definitions/IdentityProviderConfiguration" + }, + "Origins": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Origin" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "RoleArn": { "maxLength": 1284, "minLength": 0, @@ -184,6 +331,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::WebExperience" diff --git a/src/schema/aws-qldb-stream.json b/src/schema/aws-qldb-stream.json index eff3eb4b..03c7a629 100644 --- a/src/schema/aws-qldb-stream.json +++ b/src/schema/aws-qldb-stream.json @@ -66,6 +66,16 @@ ] }, "list": { + "handlerSchema": { + "properties": { + "LedgerName": { + "type": "string" + } + }, + "required": [ + "LedgerName" + ] + }, "permissions": [ "qldb:listJournalKinesisStreamsForLedger" ] diff --git a/src/schema/aws-quicksight-analysis.json b/src/schema/aws-quicksight-analysis.json index af1cdca0..2a8a678b 100644 --- a/src/schema/aws-quicksight-analysis.json +++ b/src/schema/aws-quicksight-analysis.json @@ -107,6 +107,9 @@ "minItems": 0, "type": "array" }, + "QueryExecutionOptions": { + "$ref": "#/definitions/QueryExecutionOptions" + }, "Sheets": { "items": { "$ref": "#/definitions/SheetDefinition" @@ -114,6 +117,14 @@ "maxItems": 20, "minItems": 0, "type": "array" + }, + "StaticFiles": { + "items": { + "$ref": "#/definitions/StaticFile" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" } }, "required": [ @@ -527,6 +538,9 @@ "FieldWells": { "$ref": "#/definitions/BarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -645,6 +659,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -708,6 +727,9 @@ "PageBreakConfiguration": { "$ref": "#/definitions/SectionPageBreakConfiguration" }, + "RepeatConfiguration": { + "$ref": "#/definitions/BodySectionRepeatConfiguration" + }, "SectionId": { "maxLength": 512, "minLength": 1, @@ -733,6 +755,105 @@ }, "type": "object" }, + "BodySectionDynamicCategoryDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionDynamicNumericDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionRepeatConfiguration": { + "additionalProperties": false, + "properties": { + "DimensionConfigurations": { + "items": { + "$ref": "#/definitions/BodySectionRepeatDimensionConfiguration" + }, + "maxItems": 3, + "minItems": 0, + "type": "array" + }, + "NonRepeatingVisuals": { + "items": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "PageBreakConfiguration": { + "$ref": "#/definitions/BodySectionRepeatPageBreakConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "DynamicCategoryDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicCategoryDimensionConfiguration" + }, + "DynamicNumericDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicNumericDimensionConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatPageBreakConfiguration": { + "additionalProperties": false, + "properties": { + "After": { + "$ref": "#/definitions/SectionAfterPageBreak" + } + }, + "type": "object" + }, "BoxPlotAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -770,6 +891,9 @@ "FieldWells": { "$ref": "#/definitions/BoxPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -884,6 +1008,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -1106,6 +1235,25 @@ ], "type": "string" }, + "CategoryInnerFilter": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Configuration": { + "$ref": "#/definitions/CategoryFilterConfiguration" + }, + "DefaultFilterControlConfiguration": { + "$ref": "#/definitions/DefaultFilterControlConfiguration" + } + }, + "required": [ + "Column", + "Configuration" + ], + "type": "object" + }, "ChartAxisLabelOptions": { "additionalProperties": false, "properties": { @@ -1283,6 +1431,9 @@ "Label": { "type": "string" }, + "TooltipTarget": { + "$ref": "#/definitions/TooltipTarget" + }, "Visibility": { "$ref": "#/definitions/Visibility" } @@ -1351,6 +1502,9 @@ "FieldWells": { "$ref": "#/definitions/ComboChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1377,6 +1531,9 @@ "SecondaryYAxisLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "SingleAxisOptions": { + "$ref": "#/definitions/SingleAxisOptions" + }, "SortConfiguration": { "$ref": "#/definitions/ComboChartSortConfiguration" }, @@ -1454,6 +1611,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -1466,6 +1628,13 @@ ], "type": "object" }, + "CommitMode": { + "enum": [ + "AUTO", + "MANUAL" + ], + "type": "string" + }, "ComparisonConfiguration": { "additionalProperties": false, "properties": { @@ -1680,6 +1849,15 @@ ], "type": "object" }, + "ContextMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "ContributionAnalysisDefault": { "additionalProperties": false, "properties": { @@ -1839,6 +2017,9 @@ }, "ImageScaling": { "$ref": "#/definitions/CustomContentImageScalingConfiguration" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -1884,6 +2065,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -2024,6 +2210,13 @@ ], "type": "object" }, + "DashboardBehavior": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "DataBarsOptions": { "additionalProperties": false, "properties": { @@ -2488,11 +2681,17 @@ "DateTimePickerControlDisplayOptions": { "additionalProperties": false, "properties": { + "DateIconVisibility": { + "$ref": "#/definitions/Visibility" + }, "DateTimeFormat": { "maxLength": 128, "minLength": 1, "type": "string" }, + "HelperTextVisibility": { + "$ref": "#/definitions/Visibility" + }, "InfoIconLabelOptions": { "$ref": "#/definitions/SheetControlInfoIconLabelOptions" }, @@ -2631,6 +2830,9 @@ "DefaultDateTimePickerControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DateTimePickerControlDisplayOptions" }, @@ -2688,6 +2890,9 @@ "DefaultFilterDropDownControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -2778,6 +2983,9 @@ "DefaultRelativeDateTimeControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/RelativeDateTimeControlDisplayOptions" } @@ -2871,6 +3079,13 @@ }, "type": "object" }, + "DigitGroupingStyle": { + "enum": [ + "DEFAULT", + "LAKHS" + ], + "type": "string" + }, "DimensionField": { "additionalProperties": false, "properties": { @@ -3141,6 +3356,9 @@ "Label": { "type": "string" }, + "TooltipTarget": { + "$ref": "#/definitions/TooltipTarget" + }, "Visibility": { "$ref": "#/definitions/Visibility" } @@ -3207,6 +3425,9 @@ "FieldWells": { "$ref": "#/definitions/FilledMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -3296,6 +3517,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -3314,6 +3540,9 @@ "CategoryFilter": { "$ref": "#/definitions/CategoryFilter" }, + "NestedFilter": { + "$ref": "#/definitions/NestedFilter" + }, "NumericEqualityFilter": { "$ref": "#/definitions/NumericEqualityFilter" }, @@ -3393,6 +3622,9 @@ "FilterDateTimePickerControl": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DateTimePickerControlDisplayOptions" }, @@ -3430,6 +3662,9 @@ "CascadingControlConfiguration": { "$ref": "#/definitions/CascadingControlConfiguration" }, + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -3615,6 +3850,9 @@ "FilterRelativeDateTimeControl": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/RelativeDateTimeControlDisplayOptions" }, @@ -3802,6 +4040,9 @@ "FontDecoration": { "$ref": "#/definitions/FontDecoration" }, + "FontFamily": { + "type": "string" + }, "FontSize": { "$ref": "#/definitions/FontSize" }, @@ -3824,6 +4065,10 @@ "FontSize": { "additionalProperties": false, "properties": { + "Absolute": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + }, "Relative": { "$ref": "#/definitions/RelativeFontSize" } @@ -4136,6 +4381,9 @@ "FieldWells": { "$ref": "#/definitions/FunnelChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/FunnelChartSortConfiguration" }, @@ -4243,6 +4491,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4264,6 +4517,20 @@ }, "type": "object" }, + "GaugeChartColorConfiguration": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + }, + "ForegroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "type": "object" + }, "GaugeChartConditionalFormatting": { "additionalProperties": false, "properties": { @@ -4293,6 +4560,9 @@ "GaugeChartConfiguration": { "additionalProperties": false, "properties": { + "ColorConfiguration": { + "$ref": "#/definitions/GaugeChartColorConfiguration" + }, "DataLabels": { "$ref": "#/definitions/DataLabelOptions" }, @@ -4302,6 +4572,9 @@ "GaugeChartOptions": { "$ref": "#/definitions/GaugeChartOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "TooltipOptions": { "$ref": "#/definitions/TooltipOptions" }, @@ -4389,6 +4662,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4401,74 +4679,391 @@ ], "type": "object" }, - "GeospatialCoordinateBounds": { + "GeospatialCategoricalColor": { "additionalProperties": false, "properties": { - "East": { - "maximum": 1800, - "minimum": -1800, - "type": "number" + "CategoryDataColors": { + "items": { + "$ref": "#/definitions/GeospatialCategoricalDataColor" + }, + "type": "array" }, - "North": { - "maximum": 90, - "minimum": -90, + "DefaultOpacity": { + "maximum": 1, + "minimum": 0, "type": "number" }, - "South": { - "maximum": 90, - "minimum": -90, - "type": "number" + "NullDataSettings": { + "$ref": "#/definitions/GeospatialNullDataSettings" }, - "West": { - "maximum": 1800, - "minimum": -1800, - "type": "number" + "NullDataVisibility": { + "$ref": "#/definitions/Visibility" } }, "required": [ - "East", - "North", - "South", - "West" + "CategoryDataColors" ], "type": "object" }, - "GeospatialHeatmapColorScale": { + "GeospatialCategoricalDataColor": { "additionalProperties": false, "properties": { - "Colors": { - "items": { - "$ref": "#/definitions/GeospatialHeatmapDataColor" - }, - "maxItems": 2, - "minItems": 2, - "type": "array" + "Color": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "DataValue": { + "type": "string" } }, + "required": [ + "Color", + "DataValue" + ], "type": "object" }, - "GeospatialHeatmapConfiguration": { + "GeospatialCircleRadius": { "additionalProperties": false, "properties": { - "HeatmapColor": { - "$ref": "#/definitions/GeospatialHeatmapColorScale" + "Radius": { + "minimum": 0, + "type": "number" } }, "type": "object" }, - "GeospatialHeatmapDataColor": { + "GeospatialCircleSymbolStyle": { "additionalProperties": false, "properties": { - "Color": { - "pattern": "^#[A-F0-9]{6}$", - "type": "string" + "CircleRadius": { + "$ref": "#/definitions/GeospatialCircleRadius" + }, + "FillColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeWidth": { + "$ref": "#/definitions/GeospatialLineWidth" } }, - "required": [ - "Color" + "type": "object" + }, + "GeospatialColor": { + "additionalProperties": false, + "properties": { + "Categorical": { + "$ref": "#/definitions/GeospatialCategoricalColor" + }, + "Gradient": { + "$ref": "#/definitions/GeospatialGradientColor" + }, + "Solid": { + "$ref": "#/definitions/GeospatialSolidColor" + } + }, + "type": "object" + }, + "GeospatialColorState": { + "description": "Defines view state of the color", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "GeospatialCoordinateBounds": { + "additionalProperties": false, + "properties": { + "East": { + "maximum": 1800, + "minimum": -1800, + "type": "number" + }, + "North": { + "maximum": 90, + "minimum": -90, + "type": "number" + }, + "South": { + "maximum": 90, + "minimum": -90, + "type": "number" + }, + "West": { + "maximum": 1800, + "minimum": -1800, + "type": "number" + } + }, + "required": [ + "East", + "North", + "South", + "West" + ], + "type": "object" + }, + "GeospatialDataSourceItem": { + "additionalProperties": false, + "properties": { + "StaticFileDataSource": { + "$ref": "#/definitions/GeospatialStaticFileSource" + } + }, + "type": "object" + }, + "GeospatialGradientColor": { + "additionalProperties": false, + "properties": { + "DefaultOpacity": { + "maximum": 1, + "minimum": 0, + "type": "number" + }, + "NullDataSettings": { + "$ref": "#/definitions/GeospatialNullDataSettings" + }, + "NullDataVisibility": { + "$ref": "#/definitions/Visibility" + }, + "StepColors": { + "items": { + "$ref": "#/definitions/GeospatialGradientStepColor" + }, + "maxItems": 3, + "minItems": 2, + "type": "array" + } + }, + "required": [ + "StepColors" + ], + "type": "object" + }, + "GeospatialGradientStepColor": { + "additionalProperties": false, + "properties": { + "Color": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "DataValue": { + "default": 0, + "type": "number" + } + }, + "required": [ + "Color", + "DataValue" + ], + "type": "object" + }, + "GeospatialHeatmapColorScale": { + "additionalProperties": false, + "properties": { + "Colors": { + "items": { + "$ref": "#/definitions/GeospatialHeatmapDataColor" + }, + "maxItems": 2, + "minItems": 2, + "type": "array" + } + }, + "type": "object" + }, + "GeospatialHeatmapConfiguration": { + "additionalProperties": false, + "properties": { + "HeatmapColor": { + "$ref": "#/definitions/GeospatialHeatmapColorScale" + } + }, + "type": "object" + }, + "GeospatialHeatmapDataColor": { + "additionalProperties": false, + "properties": { + "Color": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "required": [ + "Color" + ], + "type": "object" + }, + "GeospatialLayerColorField": { + "additionalProperties": false, + "properties": { + "ColorDimensionsFields": { + "items": { + "$ref": "#/definitions/DimensionField" + }, + "maxItems": 1, + "minItems": 0, + "type": "array" + }, + "ColorValuesFields": { + "items": { + "$ref": "#/definitions/MeasureField" + }, + "maxItems": 1, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, + "GeospatialLayerDefinition": { + "additionalProperties": false, + "properties": { + "LineLayer": { + "$ref": "#/definitions/GeospatialLineLayer" + }, + "PointLayer": { + "$ref": "#/definitions/GeospatialPointLayer" + }, + "PolygonLayer": { + "$ref": "#/definitions/GeospatialPolygonLayer" + } + }, + "type": "object" + }, + "GeospatialLayerItem": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "$ref": "#/definitions/LayerCustomAction" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "DataSource": { + "$ref": "#/definitions/GeospatialDataSourceItem" + }, + "JoinDefinition": { + "$ref": "#/definitions/GeospatialLayerJoinDefinition" + }, + "Label": { + "type": "string" + }, + "LayerDefinition": { + "$ref": "#/definitions/GeospatialLayerDefinition" + }, + "LayerId": { + "type": "string" + }, + "LayerType": { + "$ref": "#/definitions/GeospatialLayerType" + }, + "Tooltip": { + "$ref": "#/definitions/TooltipOptions" + }, + "Visibility": { + "$ref": "#/definitions/Visibility" + } + }, + "required": [ + "LayerId" ], "type": "object" }, + "GeospatialLayerJoinDefinition": { + "additionalProperties": false, + "properties": { + "ColorField": { + "$ref": "#/definitions/GeospatialLayerColorField" + }, + "DatasetKeyField": { + "$ref": "#/definitions/UnaggregatedField" + }, + "ShapeKeyField": { + "type": "string" + } + }, + "type": "object" + }, + "GeospatialLayerMapConfiguration": { + "additionalProperties": false, + "properties": { + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, + "Legend": { + "$ref": "#/definitions/LegendOptions" + }, + "MapLayers": { + "items": { + "$ref": "#/definitions/GeospatialLayerItem" + }, + "type": "array" + }, + "MapState": { + "$ref": "#/definitions/GeospatialMapState" + }, + "MapStyle": { + "$ref": "#/definitions/GeospatialMapStyle" + } + }, + "type": "object" + }, + "GeospatialLayerType": { + "enum": [ + "POINT", + "LINE", + "POLYGON" + ], + "type": "string" + }, + "GeospatialLineLayer": { + "additionalProperties": false, + "properties": { + "Style": { + "$ref": "#/definitions/GeospatialLineStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialLineStyle": { + "additionalProperties": false, + "properties": { + "LineSymbolStyle": { + "$ref": "#/definitions/GeospatialLineSymbolStyle" + } + }, + "type": "object" + }, + "GeospatialLineSymbolStyle": { + "additionalProperties": false, + "properties": { + "FillColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "LineWidth": { + "$ref": "#/definitions/GeospatialLineWidth" + } + }, + "type": "object" + }, + "GeospatialLineWidth": { + "additionalProperties": false, + "properties": { + "LineWidth": { + "minimum": 0, + "type": "number" + } + }, + "type": "object" + }, "GeospatialMapAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -4505,6 +5100,9 @@ "FieldWells": { "$ref": "#/definitions/GeospatialMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -4535,6 +5133,41 @@ }, "type": "object" }, + "GeospatialMapNavigation": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "GeospatialMapState": { + "additionalProperties": false, + "properties": { + "Bounds": { + "$ref": "#/definitions/GeospatialCoordinateBounds" + }, + "MapNavigation": { + "$ref": "#/definitions/GeospatialMapNavigation" + } + }, + "type": "object" + }, + "GeospatialMapStyle": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "BaseMapStyle": { + "$ref": "#/definitions/BaseMapStyleType" + }, + "BaseMapVisibility": { + "$ref": "#/definitions/Visibility" + } + }, + "type": "object" + }, "GeospatialMapStyleOptions": { "additionalProperties": false, "properties": { @@ -4572,6 +5205,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4584,6 +5222,57 @@ ], "type": "object" }, + "GeospatialNullDataSettings": { + "additionalProperties": false, + "properties": { + "SymbolStyle": { + "$ref": "#/definitions/GeospatialNullSymbolStyle" + } + }, + "required": [ + "SymbolStyle" + ], + "type": "object" + }, + "GeospatialNullSymbolStyle": { + "additionalProperties": false, + "properties": { + "FillColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "StrokeColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "StrokeWidth": { + "minimum": 0, + "type": "number" + } + }, + "type": "object" + }, + "GeospatialPointLayer": { + "additionalProperties": false, + "properties": { + "Style": { + "$ref": "#/definitions/GeospatialPointStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialPointStyle": { + "additionalProperties": false, + "properties": { + "CircleSymbolStyle": { + "$ref": "#/definitions/GeospatialCircleSymbolStyle" + } + }, + "type": "object" + }, "GeospatialPointStyleOptions": { "additionalProperties": false, "properties": { @@ -4599,13 +5288,81 @@ }, "type": "object" }, + "GeospatialPolygonLayer": { + "additionalProperties": false, + "properties": { + "Style": { + "$ref": "#/definitions/GeospatialPolygonStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialPolygonStyle": { + "additionalProperties": false, + "properties": { + "PolygonSymbolStyle": { + "$ref": "#/definitions/GeospatialPolygonSymbolStyle" + } + }, + "type": "object" + }, + "GeospatialPolygonSymbolStyle": { + "additionalProperties": false, + "properties": { + "FillColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeWidth": { + "$ref": "#/definitions/GeospatialLineWidth" + } + }, + "type": "object" + }, "GeospatialSelectedPointStyle": { "enum": [ "POINT", "CLUSTER", "HEATMAP" ], - "type": "string" + "type": "string" + }, + "GeospatialSolidColor": { + "additionalProperties": false, + "description": "Describes the properties for a solid color", + "properties": { + "Color": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "State": { + "$ref": "#/definitions/GeospatialColorState" + } + }, + "required": [ + "Color" + ], + "type": "object" + }, + "GeospatialStaticFileSource": { + "additionalProperties": false, + "properties": { + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" }, "GeospatialWindowOptions": { "additionalProperties": false, @@ -4849,6 +5606,9 @@ "FieldWells": { "$ref": "#/definitions/HeatMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -4929,6 +5689,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4993,6 +5758,9 @@ "FieldWells": { "$ref": "#/definitions/HistogramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -5040,6 +5808,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5092,6 +5865,110 @@ ], "type": "string" }, + "ImageCustomAction": { + "additionalProperties": false, + "properties": { + "ActionOperations": { + "items": { + "$ref": "#/definitions/ImageCustomActionOperation" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "CustomActionId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Name": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/WidgetStatus" + }, + "Trigger": { + "$ref": "#/definitions/ImageCustomActionTrigger" + } + }, + "required": [ + "ActionOperations", + "CustomActionId", + "Name", + "Trigger" + ], + "type": "object" + }, + "ImageCustomActionOperation": { + "additionalProperties": false, + "properties": { + "NavigationOperation": { + "$ref": "#/definitions/CustomActionNavigationOperation" + }, + "SetParametersOperation": { + "$ref": "#/definitions/CustomActionSetParametersOperation" + }, + "URLOperation": { + "$ref": "#/definitions/CustomActionURLOperation" + } + }, + "type": "object" + }, + "ImageCustomActionTrigger": { + "enum": [ + "CLICK", + "MENU" + ], + "type": "string" + }, + "ImageInteractionOptions": { + "additionalProperties": false, + "properties": { + "ImageMenuOption": { + "$ref": "#/definitions/ImageMenuOption" + } + }, + "type": "object" + }, + "ImageMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, + "ImageStaticFile": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/StaticFileSource" + }, + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, + "InnerFilter": { + "additionalProperties": false, + "properties": { + "CategoryInnerFilter": { + "$ref": "#/definitions/CategoryInnerFilter" + } + }, + "type": "object" + }, "InsightConfiguration": { "additionalProperties": false, "properties": { @@ -5105,6 +5982,9 @@ }, "CustomNarrative": { "$ref": "#/definitions/CustomNarrativeOptions" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -5134,6 +6014,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5309,6 +6194,9 @@ "FieldWells": { "$ref": "#/definitions/KPIFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "KPIOptions": { "$ref": "#/definitions/KPIOptions" }, @@ -5433,42 +6321,181 @@ "$ref": "#/definitions/Visibility" } }, - "required": [ - "Type" - ], + "required": [ + "Type" + ], + "type": "object" + }, + "KPISparklineType": { + "enum": [ + "LINE", + "AREA" + ], + "type": "string" + }, + "KPIVisual": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "$ref": "#/definitions/VisualCustomAction" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "ChartConfiguration": { + "$ref": "#/definitions/KPIConfiguration" + }, + "ColumnHierarchies": { + "items": { + "$ref": "#/definitions/ColumnHierarchy" + }, + "maxItems": 2, + "minItems": 0, + "type": "array" + }, + "ConditionalFormatting": { + "$ref": "#/definitions/KPIConditionalFormatting" + }, + "Subtitle": { + "$ref": "#/definitions/VisualSubtitleLabelOptions" + }, + "Title": { + "$ref": "#/definitions/VisualTitleLabelOptions" + }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "VisualId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "VisualId" + ], + "type": "object" + }, + "KPIVisualLayoutOptions": { + "additionalProperties": false, + "properties": { + "StandardLayout": { + "$ref": "#/definitions/KPIVisualStandardLayout" + } + }, + "type": "object" + }, + "KPIVisualStandardLayout": { + "additionalProperties": false, + "properties": { + "Type": { + "$ref": "#/definitions/KPIVisualStandardLayoutType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "KPIVisualStandardLayoutType": { + "enum": [ + "CLASSIC", + "VERTICAL" + ], + "type": "string" + }, + "LabelOptions": { + "additionalProperties": false, + "properties": { + "CustomLabel": { + "type": "string" + }, + "FontConfiguration": { + "$ref": "#/definitions/FontConfiguration" + }, + "Visibility": { + "$ref": "#/definitions/Visibility" + } + }, + "type": "object" + }, + "LayerCustomAction": { + "additionalProperties": false, + "properties": { + "ActionOperations": { + "items": { + "$ref": "#/definitions/LayerCustomActionOperation" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "CustomActionId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Name": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/WidgetStatus" + }, + "Trigger": { + "$ref": "#/definitions/LayerCustomActionTrigger" + } + }, + "required": [ + "ActionOperations", + "CustomActionId", + "Name", + "Trigger" + ], + "type": "object" + }, + "LayerCustomActionOperation": { + "additionalProperties": false, + "properties": { + "FilterOperation": { + "$ref": "#/definitions/CustomActionFilterOperation" + }, + "NavigationOperation": { + "$ref": "#/definitions/CustomActionNavigationOperation" + }, + "SetParametersOperation": { + "$ref": "#/definitions/CustomActionSetParametersOperation" + }, + "URLOperation": { + "$ref": "#/definitions/CustomActionURLOperation" + } + }, "type": "object" }, - "KPISparklineType": { + "LayerCustomActionTrigger": { "enum": [ - "LINE", - "AREA" + "DATA_POINT_CLICK", + "DATA_POINT_MENU" ], "type": "string" }, - "KPIVisual": { + "LayerMapVisual": { "additionalProperties": false, "properties": { - "Actions": { - "items": { - "$ref": "#/definitions/VisualCustomAction" - }, - "maxItems": 10, - "minItems": 0, - "type": "array" - }, "ChartConfiguration": { - "$ref": "#/definitions/KPIConfiguration" - }, - "ColumnHierarchies": { - "items": { - "$ref": "#/definitions/ColumnHierarchy" - }, - "maxItems": 2, - "minItems": 0, - "type": "array" + "$ref": "#/definitions/GeospatialLayerMapConfiguration" }, - "ConditionalFormatting": { - "$ref": "#/definitions/KPIConditionalFormatting" + "DataSetIdentifier": { + "maxLength": 2048, + "minLength": 1, + "type": "string" }, "Subtitle": { "$ref": "#/definitions/VisualSubtitleLabelOptions" @@ -5476,6 +6503,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5484,53 +6516,11 @@ } }, "required": [ + "DataSetIdentifier", "VisualId" ], "type": "object" }, - "KPIVisualLayoutOptions": { - "additionalProperties": false, - "properties": { - "StandardLayout": { - "$ref": "#/definitions/KPIVisualStandardLayout" - } - }, - "type": "object" - }, - "KPIVisualStandardLayout": { - "additionalProperties": false, - "properties": { - "Type": { - "$ref": "#/definitions/KPIVisualStandardLayoutType" - } - }, - "required": [ - "Type" - ], - "type": "object" - }, - "KPIVisualStandardLayoutType": { - "enum": [ - "CLASSIC", - "VERTICAL" - ], - "type": "string" - }, - "LabelOptions": { - "additionalProperties": false, - "properties": { - "CustomLabel": { - "type": "string" - }, - "FontConfiguration": { - "$ref": "#/definitions/FontConfiguration" - }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } - }, - "type": "object" - }, "Layout": { "additionalProperties": false, "properties": { @@ -5563,7 +6553,8 @@ "VISUAL", "FILTER_CONTROL", "PARAMETER_CONTROL", - "TEXT_BOX" + "TEXT_BOX", + "IMAGE" ], "type": "string" }, @@ -5580,6 +6571,9 @@ "Title": { "$ref": "#/definitions/LabelOptions" }, + "ValueFontConfiguration": { + "$ref": "#/definitions/FontConfiguration" + }, "Visibility": { "$ref": "#/definitions/Visibility" }, @@ -5665,6 +6659,9 @@ "minItems": 0, "type": "array" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5696,6 +6693,9 @@ "minItems": 0, "type": "array" }, + "SingleAxisOptions": { + "$ref": "#/definitions/SingleAxisOptions" + }, "SmallMultiplesOptions": { "$ref": "#/definitions/SmallMultiplesOptions" }, @@ -5880,6 +6880,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -6155,6 +7160,34 @@ ], "type": "string" }, + "NestedFilter": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "FilterId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "IncludeInnerSet": { + "default": false, + "type": "boolean" + }, + "InnerFilter": { + "$ref": "#/definitions/InnerFilter" + } + }, + "required": [ + "Column", + "FilterId", + "IncludeInnerSet", + "InnerFilter" + ], + "type": "object" + }, "NullValueFormatConfiguration": { "additionalProperties": false, "properties": { @@ -6216,7 +7249,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -6654,6 +7689,9 @@ "CascadingControlConfiguration": { "$ref": "#/definitions/CascadingControlConfiguration" }, + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -7069,6 +8107,9 @@ "FieldWells": { "$ref": "#/definitions/PieChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -7155,6 +8196,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -7292,6 +8338,9 @@ "FieldWells": { "$ref": "#/definitions/PivotTableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/PivotTablePaginatedReportOptions" }, @@ -7610,6 +8659,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -7657,6 +8711,159 @@ }, "type": "object" }, + "PluginVisual": { + "additionalProperties": false, + "properties": { + "ChartConfiguration": { + "$ref": "#/definitions/PluginVisualConfiguration" + }, + "PluginArn": { + "type": "string" + }, + "Subtitle": { + "$ref": "#/definitions/VisualSubtitleLabelOptions" + }, + "Title": { + "$ref": "#/definitions/VisualTitleLabelOptions" + }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "VisualId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "PluginArn", + "VisualId" + ], + "type": "object" + }, + "PluginVisualAxisName": { + "enum": [ + "GROUP_BY", + "VALUE" + ], + "type": "string" + }, + "PluginVisualConfiguration": { + "additionalProperties": false, + "properties": { + "FieldWells": { + "items": { + "$ref": "#/definitions/PluginVisualFieldWell" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "SortConfiguration": { + "$ref": "#/definitions/PluginVisualSortConfiguration" + }, + "VisualOptions": { + "$ref": "#/definitions/PluginVisualOptions" + } + }, + "type": "object" + }, + "PluginVisualFieldWell": { + "additionalProperties": false, + "properties": { + "AxisName": { + "$ref": "#/definitions/PluginVisualAxisName" + }, + "Dimensions": { + "items": { + "$ref": "#/definitions/DimensionField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Measures": { + "items": { + "$ref": "#/definitions/MeasureField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Unaggregated": { + "items": { + "$ref": "#/definitions/UnaggregatedField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, + "PluginVisualItemsLimitConfiguration": { + "additionalProperties": false, + "properties": { + "ItemsLimit": { + "default": null, + "type": "number" + } + }, + "type": "object" + }, + "PluginVisualOptions": { + "additionalProperties": false, + "properties": { + "VisualProperties": { + "items": { + "$ref": "#/definitions/PluginVisualProperty" + }, + "type": "array" + } + }, + "type": "object" + }, + "PluginVisualProperty": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "PluginVisualSortConfiguration": { + "additionalProperties": false, + "properties": { + "PluginVisualTableQuerySort": { + "$ref": "#/definitions/PluginVisualTableQuerySort" + } + }, + "type": "object" + }, + "PluginVisualTableQuerySort": { + "additionalProperties": false, + "properties": { + "ItemsLimitConfiguration": { + "$ref": "#/definitions/PluginVisualItemsLimitConfiguration" + }, + "RowSort": { + "items": { + "$ref": "#/definitions/FieldSortOptions" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, "PredefinedHierarchy": { "additionalProperties": false, "properties": { @@ -7696,11 +8903,27 @@ ], "type": "string" }, - "ProgressBarOptions": { + "ProgressBarOptions": { + "additionalProperties": false, + "properties": { + "Visibility": { + "$ref": "#/definitions/Visibility" + } + }, + "type": "object" + }, + "QueryExecutionMode": { + "enum": [ + "AUTO", + "MANUAL" + ], + "type": "string" + }, + "QueryExecutionOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" + "QueryExecutionMode": { + "$ref": "#/definitions/QueryExecutionMode" } }, "type": "object" @@ -7787,6 +9010,9 @@ "FieldWells": { "$ref": "#/definitions/RadarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -7888,6 +9114,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -8315,6 +9546,9 @@ "FieldWells": { "$ref": "#/definitions/SankeyDiagramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/SankeyDiagramSortConfiguration" } @@ -8370,6 +9604,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -8437,9 +9676,15 @@ "FieldWells": { "$ref": "#/definitions/ScatterPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, + "SortConfiguration": { + "$ref": "#/definitions/ScatterPlotSortConfiguration" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -8473,6 +9718,15 @@ }, "type": "object" }, + "ScatterPlotSortConfiguration": { + "additionalProperties": false, + "properties": { + "ScatterPlotLimitConfiguration": { + "$ref": "#/definitions/ItemsLimitConfiguration" + } + }, + "type": "object" + }, "ScatterPlotUnaggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -8547,6 +9801,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -8871,6 +10130,14 @@ "minItems": 0, "type": "array" }, + "Images": { + "items": { + "$ref": "#/definitions/SheetImage" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "Layouts": { "items": { "$ref": "#/definitions/Layout" @@ -8960,6 +10227,112 @@ ], "type": "object" }, + "SheetImage": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "$ref": "#/definitions/ImageCustomAction" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "ImageContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "Interactions": { + "$ref": "#/definitions/ImageInteractionOptions" + }, + "Scaling": { + "$ref": "#/definitions/SheetImageScalingConfiguration" + }, + "SheetImageId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Source": { + "$ref": "#/definitions/SheetImageSource" + }, + "Tooltip": { + "$ref": "#/definitions/SheetImageTooltipConfiguration" + } + }, + "required": [ + "SheetImageId", + "Source" + ], + "type": "object" + }, + "SheetImageScalingConfiguration": { + "additionalProperties": false, + "properties": { + "ScalingType": { + "$ref": "#/definitions/SheetImageScalingType" + } + }, + "type": "object" + }, + "SheetImageScalingType": { + "enum": [ + "SCALE_TO_WIDTH", + "SCALE_TO_HEIGHT", + "SCALE_TO_CONTAINER", + "SCALE_NONE" + ], + "type": "string" + }, + "SheetImageSource": { + "additionalProperties": false, + "properties": { + "SheetImageStaticFileSource": { + "$ref": "#/definitions/SheetImageStaticFileSource" + } + }, + "type": "object" + }, + "SheetImageStaticFileSource": { + "additionalProperties": false, + "properties": { + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, + "SheetImageTooltipConfiguration": { + "additionalProperties": false, + "properties": { + "TooltipText": { + "$ref": "#/definitions/SheetImageTooltipText" + }, + "Visibility": { + "$ref": "#/definitions/Visibility" + } + }, + "type": "object" + }, + "SheetImageTooltipText": { + "additionalProperties": false, + "properties": { + "PlainText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, "SheetTextBox": { "additionalProperties": false, "properties": { @@ -9069,6 +10442,21 @@ ], "type": "string" }, + "SingleAxisOptions": { + "additionalProperties": false, + "properties": { + "YAxisOptions": { + "$ref": "#/definitions/YAxisOptions" + } + }, + "type": "object" + }, + "SingleYAxisOption": { + "enum": [ + "PRIMARY_Y_AXIS" + ], + "type": "string" + }, "SliderControlDisplayOptions": { "additionalProperties": false, "properties": { @@ -9161,6 +10549,24 @@ }, "type": "object" }, + "SpatialStaticFile": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/StaticFileSource" + }, + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, "SpecialValue": { "enum": [ "EMPTY", @@ -9169,6 +10575,62 @@ ], "type": "string" }, + "StaticFile": { + "additionalProperties": false, + "properties": { + "ImageStaticFile": { + "$ref": "#/definitions/ImageStaticFile" + }, + "SpatialStaticFile": { + "$ref": "#/definitions/SpatialStaticFile" + } + }, + "type": "object" + }, + "StaticFileS3SourceOptions": { + "additionalProperties": false, + "properties": { + "BucketName": { + "type": "string" + }, + "ObjectKey": { + "type": "string" + }, + "Region": { + "type": "string" + } + }, + "required": [ + "BucketName", + "ObjectKey", + "Region" + ], + "type": "object" + }, + "StaticFileSource": { + "additionalProperties": false, + "properties": { + "S3Options": { + "$ref": "#/definitions/StaticFileS3SourceOptions" + }, + "UrlOptions": { + "$ref": "#/definitions/StaticFileUrlSourceOptions" + } + }, + "type": "object" + }, + "StaticFileUrlSourceOptions": { + "additionalProperties": false, + "properties": { + "Url": { + "type": "string" + } + }, + "required": [ + "Url" + ], + "type": "object" + }, "StringDefaultValues": { "additionalProperties": false, "properties": { @@ -9463,6 +10925,9 @@ "FieldWells": { "$ref": "#/definitions/TableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/TablePaginatedReportOptions" }, @@ -9605,6 +11070,14 @@ "maxItems": 100, "minItems": 0, "type": "array" + }, + "TransposedTableOptions": { + "items": { + "$ref": "#/definitions/TransposedTableOption" + }, + "maxItems": 10001, + "minItems": 0, + "type": "array" } }, "type": "object" @@ -9812,6 +11285,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -9917,6 +11395,9 @@ "ThousandSeparatorOptions": { "additionalProperties": false, "properties": { + "GroupingStyle": { + "$ref": "#/definitions/DigitGroupingStyle" + }, "Symbol": { "$ref": "#/definitions/NumericSeparatorSymbol" }, @@ -10130,6 +11611,14 @@ }, "type": "object" }, + "TooltipTarget": { + "enum": [ + "BOTH", + "BAR", + "LINE" + ], + "type": "string" + }, "TooltipTitleType": { "enum": [ "NONE", @@ -10346,6 +11835,34 @@ }, "type": "object" }, + "TransposedColumnType": { + "enum": [ + "ROW_HEADER_COLUMN", + "VALUE_COLUMN" + ], + "type": "string" + }, + "TransposedTableOption": { + "additionalProperties": false, + "properties": { + "ColumnIndex": { + "maximum": 9999, + "minimum": 0, + "type": "number" + }, + "ColumnType": { + "$ref": "#/definitions/TransposedColumnType" + }, + "ColumnWidth": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + } + }, + "required": [ + "ColumnType" + ], + "type": "object" + }, "TreeMapAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -10394,6 +11911,9 @@ "GroupLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -10463,6 +11983,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -10628,6 +12153,9 @@ "KPIVisual": { "$ref": "#/definitions/KPIVisual" }, + "LayerMapVisual": { + "$ref": "#/definitions/LayerMapVisual" + }, "LineChartVisual": { "$ref": "#/definitions/LineChartVisual" }, @@ -10637,6 +12165,9 @@ "PivotTableVisual": { "$ref": "#/definitions/PivotTableVisual" }, + "PluginVisual": { + "$ref": "#/definitions/PluginVisual" + }, "RadarChartVisual": { "$ref": "#/definitions/RadarChartVisual" }, @@ -10723,6 +12254,27 @@ ], "type": "string" }, + "VisualInteractionOptions": { + "additionalProperties": false, + "properties": { + "ContextMenuOption": { + "$ref": "#/definitions/ContextMenuOption" + }, + "VisualMenuOption": { + "$ref": "#/definitions/VisualMenuOption" + } + }, + "type": "object" + }, + "VisualMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "VisualPalette": { "additionalProperties": false, "properties": { @@ -10822,6 +12374,9 @@ "FieldWells": { "$ref": "#/definitions/WaterfallChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -10924,6 +12479,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -11015,6 +12575,9 @@ "FieldWells": { "$ref": "#/definitions/WordCloudFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/WordCloudSortConfiguration" }, @@ -11111,6 +12674,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -11152,6 +12720,18 @@ "NORMAL" ], "type": "string" + }, + "YAxisOptions": { + "additionalProperties": false, + "properties": { + "YAxis": { + "$ref": "#/definitions/SingleYAxisOption" + } + }, + "required": [ + "YAxis" + ], + "type": "object" } }, "description": "Definition of the AWS::QuickSight::Analysis Resource Type.", @@ -11166,7 +12746,10 @@ "quicksight:PassDataSet", "quicksight:TagResource", "quicksight:UntagResource", - "quicksight:ListTagsForResource" + "quicksight:ListTagsForResource", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource" ] }, "delete": { @@ -11203,6 +12786,9 @@ "quicksight:DescribeAnalysisPermissions", "quicksight:UpdateAnalysis", "quicksight:UpdateAnalysisPermissions", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource", "quicksight:DescribeTemplate", "quicksight:DescribeTheme", "quicksight:PassDataSet", @@ -11258,6 +12844,14 @@ "minItems": 1, "type": "array" }, + "FolderArns": { + "items": { + "type": "string" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "LastUpdatedTime": { "description": "

The time that the analysis was last updated.

", "format": "date-time", @@ -11323,12 +12917,25 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::Analysis", "writeOnlyProperties": [ "/properties/Definition", "/properties/Parameters", "/properties/SourceEntity", "/properties/Status", - "/properties/ValidationStrategy" + "/properties/ValidationStrategy", + "/properties/FolderArns" ] } diff --git a/src/schema/aws-quicksight-custompermissions.json b/src/schema/aws-quicksight-custompermissions.json new file mode 100644 index 00000000..6e18afc9 --- /dev/null +++ b/src/schema/aws-quicksight-custompermissions.json @@ -0,0 +1,180 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AwsAccountId", + "/properties/CustomPermissionsName" + ], + "definitions": { + "Capabilities": { + "additionalProperties": false, + "properties": { + "AddOrRunAnomalyDetectionForAnalyses": { + "$ref": "#/definitions/CapabilityState" + }, + "CreateAndUpdateDashboardEmailReports": { + "$ref": "#/definitions/CapabilityState" + }, + "CreateAndUpdateDataSources": { + "$ref": "#/definitions/CapabilityState" + }, + "CreateAndUpdateDatasets": { + "$ref": "#/definitions/CapabilityState" + }, + "CreateAndUpdateThemes": { + "$ref": "#/definitions/CapabilityState" + }, + "CreateAndUpdateThresholdAlerts": { + "$ref": "#/definitions/CapabilityState" + }, + "CreateSPICEDataset": { + "$ref": "#/definitions/CapabilityState" + }, + "CreateSharedFolders": { + "$ref": "#/definitions/CapabilityState" + }, + "ExportToCsv": { + "$ref": "#/definitions/CapabilityState" + }, + "ExportToExcel": { + "$ref": "#/definitions/CapabilityState" + }, + "RenameSharedFolders": { + "$ref": "#/definitions/CapabilityState" + }, + "ShareAnalyses": { + "$ref": "#/definitions/CapabilityState" + }, + "ShareDashboards": { + "$ref": "#/definitions/CapabilityState" + }, + "ShareDataSources": { + "$ref": "#/definitions/CapabilityState" + }, + "ShareDatasets": { + "$ref": "#/definitions/CapabilityState" + }, + "SubscribeDashboardEmailReports": { + "$ref": "#/definitions/CapabilityState" + }, + "ViewAccountSPICECapacity": { + "$ref": "#/definitions/CapabilityState" + } + }, + "type": "object" + }, + "CapabilityState": { + "enum": [ + "DENY" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "

The key or keys of the key-value pairs for the resource tag or tags assigned to the\n resource.

", + "properties": { + "Key": { + "description": "

Tag key.

", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "

Tag value.

", + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Definition of the AWS::QuickSight::CustomPermissions Resource Type.", + "handlers": { + "create": { + "permissions": [ + "quicksight:CreateCustomPermissions", + "quicksight:TagResource" + ] + }, + "delete": { + "permissions": [ + "quicksight:DeleteCustomPermissions" + ] + }, + "list": { + "permissions": [ + "quicksight:ListCustomPermissions" + ] + }, + "read": { + "permissions": [ + "quicksight:DescribeCustomPermissions", + "quicksight:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "quicksight:UpdateCustomPermissions", + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/AwsAccountId", + "/properties/CustomPermissionsName" + ], + "properties": { + "Arn": { + "type": "string" + }, + "AwsAccountId": { + "maxLength": 12, + "minLength": 12, + "pattern": "^[0-9]{12}$", + "type": "string" + }, + "Capabilities": { + "$ref": "#/definitions/Capabilities" + }, + "CustomPermissionsName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[a-zA-Z0-9+=,.@_-]+$", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 1, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/Arn" + ], + "required": [ + "AwsAccountId", + "CustomPermissionsName" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::QuickSight::CustomPermissions" +} diff --git a/src/schema/aws-quicksight-dashboard.json b/src/schema/aws-quicksight-dashboard.json index cab841a9..a89117eb 100644 --- a/src/schema/aws-quicksight-dashboard.json +++ b/src/schema/aws-quicksight-dashboard.json @@ -402,6 +402,9 @@ "FieldWells": { "$ref": "#/definitions/BarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -520,6 +523,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -583,6 +591,9 @@ "PageBreakConfiguration": { "$ref": "#/definitions/SectionPageBreakConfiguration" }, + "RepeatConfiguration": { + "$ref": "#/definitions/BodySectionRepeatConfiguration" + }, "SectionId": { "maxLength": 512, "minLength": 1, @@ -608,6 +619,105 @@ }, "type": "object" }, + "BodySectionDynamicCategoryDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionDynamicNumericDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionRepeatConfiguration": { + "additionalProperties": false, + "properties": { + "DimensionConfigurations": { + "items": { + "$ref": "#/definitions/BodySectionRepeatDimensionConfiguration" + }, + "maxItems": 3, + "minItems": 0, + "type": "array" + }, + "NonRepeatingVisuals": { + "items": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "PageBreakConfiguration": { + "$ref": "#/definitions/BodySectionRepeatPageBreakConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "DynamicCategoryDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicCategoryDimensionConfiguration" + }, + "DynamicNumericDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicNumericDimensionConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatPageBreakConfiguration": { + "additionalProperties": false, + "properties": { + "After": { + "$ref": "#/definitions/SectionAfterPageBreak" + } + }, + "type": "object" + }, "BoxPlotAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -645,6 +755,9 @@ "FieldWells": { "$ref": "#/definitions/BoxPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -759,6 +872,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -981,6 +1099,25 @@ ], "type": "string" }, + "CategoryInnerFilter": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Configuration": { + "$ref": "#/definitions/CategoryFilterConfiguration" + }, + "DefaultFilterControlConfiguration": { + "$ref": "#/definitions/DefaultFilterControlConfiguration" + } + }, + "required": [ + "Column", + "Configuration" + ], + "type": "object" + }, "ChartAxisLabelOptions": { "additionalProperties": false, "properties": { @@ -1158,6 +1295,9 @@ "Label": { "type": "string" }, + "TooltipTarget": { + "$ref": "#/definitions/TooltipTarget" + }, "Visibility": { "$ref": "#/definitions/Visibility" } @@ -1226,6 +1366,9 @@ "FieldWells": { "$ref": "#/definitions/ComboChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1252,6 +1395,9 @@ "SecondaryYAxisLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "SingleAxisOptions": { + "$ref": "#/definitions/SingleAxisOptions" + }, "SortConfiguration": { "$ref": "#/definitions/ComboChartSortConfiguration" }, @@ -1329,6 +1475,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -1341,6 +1492,13 @@ ], "type": "object" }, + "CommitMode": { + "enum": [ + "AUTO", + "MANUAL" + ], + "type": "string" + }, "ComparisonConfiguration": { "additionalProperties": false, "properties": { @@ -1555,6 +1713,15 @@ ], "type": "object" }, + "ContextMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "ContributionAnalysisDefault": { "additionalProperties": false, "properties": { @@ -1714,6 +1881,9 @@ }, "ImageScaling": { "$ref": "#/definitions/CustomContentImageScalingConfiguration" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -1759,6 +1929,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -2145,6 +2320,14 @@ "maxItems": 20, "minItems": 0, "type": "array" + }, + "StaticFiles": { + "items": { + "$ref": "#/definitions/StaticFile" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" } }, "required": [ @@ -2656,11 +2839,17 @@ "DateTimePickerControlDisplayOptions": { "additionalProperties": false, "properties": { + "DateIconVisibility": { + "$ref": "#/definitions/Visibility" + }, "DateTimeFormat": { "maxLength": 128, "minLength": 1, "type": "string" }, + "HelperTextVisibility": { + "$ref": "#/definitions/Visibility" + }, "InfoIconLabelOptions": { "$ref": "#/definitions/SheetControlInfoIconLabelOptions" }, @@ -2799,6 +2988,9 @@ "DefaultDateTimePickerControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DateTimePickerControlDisplayOptions" }, @@ -2856,6 +3048,9 @@ "DefaultFilterDropDownControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -2946,6 +3141,9 @@ "DefaultRelativeDateTimeControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/RelativeDateTimeControlDisplayOptions" } @@ -3039,6 +3237,13 @@ }, "type": "object" }, + "DigitGroupingStyle": { + "enum": [ + "DEFAULT", + "LAKHS" + ], + "type": "string" + }, "DimensionField": { "additionalProperties": false, "properties": { @@ -3339,6 +3544,9 @@ "Label": { "type": "string" }, + "TooltipTarget": { + "$ref": "#/definitions/TooltipTarget" + }, "Visibility": { "$ref": "#/definitions/Visibility" } @@ -3405,6 +3613,9 @@ "FieldWells": { "$ref": "#/definitions/FilledMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -3494,6 +3705,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -3512,6 +3728,9 @@ "CategoryFilter": { "$ref": "#/definitions/CategoryFilter" }, + "NestedFilter": { + "$ref": "#/definitions/NestedFilter" + }, "NumericEqualityFilter": { "$ref": "#/definitions/NumericEqualityFilter" }, @@ -3591,6 +3810,9 @@ "FilterDateTimePickerControl": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DateTimePickerControlDisplayOptions" }, @@ -3628,6 +3850,9 @@ "CascadingControlConfiguration": { "$ref": "#/definitions/CascadingControlConfiguration" }, + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -3813,6 +4038,9 @@ "FilterRelativeDateTimeControl": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/RelativeDateTimeControlDisplayOptions" }, @@ -4000,6 +4228,9 @@ "FontDecoration": { "$ref": "#/definitions/FontDecoration" }, + "FontFamily": { + "type": "string" + }, "FontSize": { "$ref": "#/definitions/FontSize" }, @@ -4022,6 +4253,10 @@ "FontSize": { "additionalProperties": false, "properties": { + "Absolute": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + }, "Relative": { "$ref": "#/definitions/RelativeFontSize" } @@ -4334,6 +4569,9 @@ "FieldWells": { "$ref": "#/definitions/FunnelChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/FunnelChartSortConfiguration" }, @@ -4441,6 +4679,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4462,6 +4705,20 @@ }, "type": "object" }, + "GaugeChartColorConfiguration": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + }, + "ForegroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "type": "object" + }, "GaugeChartConditionalFormatting": { "additionalProperties": false, "properties": { @@ -4491,6 +4748,9 @@ "GaugeChartConfiguration": { "additionalProperties": false, "properties": { + "ColorConfiguration": { + "$ref": "#/definitions/GaugeChartColorConfiguration" + }, "DataLabels": { "$ref": "#/definitions/DataLabelOptions" }, @@ -4500,6 +4760,9 @@ "GaugeChartOptions": { "$ref": "#/definitions/GaugeChartOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "TooltipOptions": { "$ref": "#/definitions/TooltipOptions" }, @@ -4587,6 +4850,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4599,80 +4867,397 @@ ], "type": "object" }, - "GeospatialCoordinateBounds": { + "GeospatialCategoricalColor": { "additionalProperties": false, "properties": { - "East": { - "maximum": 1800, - "minimum": -1800, - "type": "number" + "CategoryDataColors": { + "items": { + "$ref": "#/definitions/GeospatialCategoricalDataColor" + }, + "type": "array" }, - "North": { - "maximum": 90, - "minimum": -90, + "DefaultOpacity": { + "maximum": 1, + "minimum": 0, "type": "number" }, - "South": { - "maximum": 90, - "minimum": -90, - "type": "number" + "NullDataSettings": { + "$ref": "#/definitions/GeospatialNullDataSettings" }, - "West": { - "maximum": 1800, - "minimum": -1800, - "type": "number" + "NullDataVisibility": { + "$ref": "#/definitions/Visibility" } }, "required": [ - "East", - "North", - "South", - "West" + "CategoryDataColors" ], "type": "object" }, - "GeospatialHeatmapColorScale": { + "GeospatialCategoricalDataColor": { "additionalProperties": false, "properties": { - "Colors": { - "items": { - "$ref": "#/definitions/GeospatialHeatmapDataColor" - }, - "maxItems": 2, - "minItems": 2, - "type": "array" + "Color": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "DataValue": { + "type": "string" } }, + "required": [ + "Color", + "DataValue" + ], "type": "object" }, - "GeospatialHeatmapConfiguration": { + "GeospatialCircleRadius": { "additionalProperties": false, "properties": { - "HeatmapColor": { - "$ref": "#/definitions/GeospatialHeatmapColorScale" + "Radius": { + "minimum": 0, + "type": "number" } }, "type": "object" }, - "GeospatialHeatmapDataColor": { + "GeospatialCircleSymbolStyle": { "additionalProperties": false, "properties": { - "Color": { - "pattern": "^#[A-F0-9]{6}$", - "type": "string" + "CircleRadius": { + "$ref": "#/definitions/GeospatialCircleRadius" + }, + "FillColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeWidth": { + "$ref": "#/definitions/GeospatialLineWidth" } }, - "required": [ - "Color" - ], "type": "object" }, - "GeospatialMapAggregatedFieldWells": { + "GeospatialColor": { "additionalProperties": false, "properties": { - "Colors": { - "items": { - "$ref": "#/definitions/DimensionField" + "Categorical": { + "$ref": "#/definitions/GeospatialCategoricalColor" + }, + "Gradient": { + "$ref": "#/definitions/GeospatialGradientColor" + }, + "Solid": { + "$ref": "#/definitions/GeospatialSolidColor" + } + }, + "type": "object" + }, + "GeospatialColorState": { + "description": "Defines view state of the color", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "GeospatialCoordinateBounds": { + "additionalProperties": false, + "properties": { + "East": { + "maximum": 1800, + "minimum": -1800, + "type": "number" + }, + "North": { + "maximum": 90, + "minimum": -90, + "type": "number" + }, + "South": { + "maximum": 90, + "minimum": -90, + "type": "number" + }, + "West": { + "maximum": 1800, + "minimum": -1800, + "type": "number" + } + }, + "required": [ + "East", + "North", + "South", + "West" + ], + "type": "object" + }, + "GeospatialDataSourceItem": { + "additionalProperties": false, + "properties": { + "StaticFileDataSource": { + "$ref": "#/definitions/GeospatialStaticFileSource" + } + }, + "type": "object" + }, + "GeospatialGradientColor": { + "additionalProperties": false, + "properties": { + "DefaultOpacity": { + "maximum": 1, + "minimum": 0, + "type": "number" + }, + "NullDataSettings": { + "$ref": "#/definitions/GeospatialNullDataSettings" + }, + "NullDataVisibility": { + "$ref": "#/definitions/Visibility" + }, + "StepColors": { + "items": { + "$ref": "#/definitions/GeospatialGradientStepColor" + }, + "maxItems": 3, + "minItems": 2, + "type": "array" + } + }, + "required": [ + "StepColors" + ], + "type": "object" + }, + "GeospatialGradientStepColor": { + "additionalProperties": false, + "properties": { + "Color": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "DataValue": { + "default": 0, + "type": "number" + } + }, + "required": [ + "Color", + "DataValue" + ], + "type": "object" + }, + "GeospatialHeatmapColorScale": { + "additionalProperties": false, + "properties": { + "Colors": { + "items": { + "$ref": "#/definitions/GeospatialHeatmapDataColor" + }, + "maxItems": 2, + "minItems": 2, + "type": "array" + } + }, + "type": "object" + }, + "GeospatialHeatmapConfiguration": { + "additionalProperties": false, + "properties": { + "HeatmapColor": { + "$ref": "#/definitions/GeospatialHeatmapColorScale" + } + }, + "type": "object" + }, + "GeospatialHeatmapDataColor": { + "additionalProperties": false, + "properties": { + "Color": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "required": [ + "Color" + ], + "type": "object" + }, + "GeospatialLayerColorField": { + "additionalProperties": false, + "properties": { + "ColorDimensionsFields": { + "items": { + "$ref": "#/definitions/DimensionField" + }, + "maxItems": 1, + "minItems": 0, + "type": "array" + }, + "ColorValuesFields": { + "items": { + "$ref": "#/definitions/MeasureField" + }, + "maxItems": 1, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, + "GeospatialLayerDefinition": { + "additionalProperties": false, + "properties": { + "LineLayer": { + "$ref": "#/definitions/GeospatialLineLayer" + }, + "PointLayer": { + "$ref": "#/definitions/GeospatialPointLayer" + }, + "PolygonLayer": { + "$ref": "#/definitions/GeospatialPolygonLayer" + } + }, + "type": "object" + }, + "GeospatialLayerItem": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "$ref": "#/definitions/LayerCustomAction" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "DataSource": { + "$ref": "#/definitions/GeospatialDataSourceItem" + }, + "JoinDefinition": { + "$ref": "#/definitions/GeospatialLayerJoinDefinition" + }, + "Label": { + "type": "string" + }, + "LayerDefinition": { + "$ref": "#/definitions/GeospatialLayerDefinition" + }, + "LayerId": { + "type": "string" + }, + "LayerType": { + "$ref": "#/definitions/GeospatialLayerType" + }, + "Tooltip": { + "$ref": "#/definitions/TooltipOptions" + }, + "Visibility": { + "$ref": "#/definitions/Visibility" + } + }, + "required": [ + "LayerId" + ], + "type": "object" + }, + "GeospatialLayerJoinDefinition": { + "additionalProperties": false, + "properties": { + "ColorField": { + "$ref": "#/definitions/GeospatialLayerColorField" + }, + "DatasetKeyField": { + "$ref": "#/definitions/UnaggregatedField" + }, + "ShapeKeyField": { + "type": "string" + } + }, + "type": "object" + }, + "GeospatialLayerMapConfiguration": { + "additionalProperties": false, + "properties": { + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, + "Legend": { + "$ref": "#/definitions/LegendOptions" + }, + "MapLayers": { + "items": { + "$ref": "#/definitions/GeospatialLayerItem" + }, + "type": "array" + }, + "MapState": { + "$ref": "#/definitions/GeospatialMapState" + }, + "MapStyle": { + "$ref": "#/definitions/GeospatialMapStyle" + } + }, + "type": "object" + }, + "GeospatialLayerType": { + "enum": [ + "POINT", + "LINE", + "POLYGON" + ], + "type": "string" + }, + "GeospatialLineLayer": { + "additionalProperties": false, + "properties": { + "Style": { + "$ref": "#/definitions/GeospatialLineStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialLineStyle": { + "additionalProperties": false, + "properties": { + "LineSymbolStyle": { + "$ref": "#/definitions/GeospatialLineSymbolStyle" + } + }, + "type": "object" + }, + "GeospatialLineSymbolStyle": { + "additionalProperties": false, + "properties": { + "FillColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "LineWidth": { + "$ref": "#/definitions/GeospatialLineWidth" + } + }, + "type": "object" + }, + "GeospatialLineWidth": { + "additionalProperties": false, + "properties": { + "LineWidth": { + "minimum": 0, + "type": "number" + } + }, + "type": "object" + }, + "GeospatialMapAggregatedFieldWells": { + "additionalProperties": false, + "properties": { + "Colors": { + "items": { + "$ref": "#/definitions/DimensionField" }, "maxItems": 200, "minItems": 0, @@ -4703,6 +5288,9 @@ "FieldWells": { "$ref": "#/definitions/GeospatialMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -4733,6 +5321,41 @@ }, "type": "object" }, + "GeospatialMapNavigation": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "GeospatialMapState": { + "additionalProperties": false, + "properties": { + "Bounds": { + "$ref": "#/definitions/GeospatialCoordinateBounds" + }, + "MapNavigation": { + "$ref": "#/definitions/GeospatialMapNavigation" + } + }, + "type": "object" + }, + "GeospatialMapStyle": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "BaseMapStyle": { + "$ref": "#/definitions/BaseMapStyleType" + }, + "BaseMapVisibility": { + "$ref": "#/definitions/Visibility" + } + }, + "type": "object" + }, "GeospatialMapStyleOptions": { "additionalProperties": false, "properties": { @@ -4770,6 +5393,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4782,6 +5410,57 @@ ], "type": "object" }, + "GeospatialNullDataSettings": { + "additionalProperties": false, + "properties": { + "SymbolStyle": { + "$ref": "#/definitions/GeospatialNullSymbolStyle" + } + }, + "required": [ + "SymbolStyle" + ], + "type": "object" + }, + "GeospatialNullSymbolStyle": { + "additionalProperties": false, + "properties": { + "FillColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "StrokeColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "StrokeWidth": { + "minimum": 0, + "type": "number" + } + }, + "type": "object" + }, + "GeospatialPointLayer": { + "additionalProperties": false, + "properties": { + "Style": { + "$ref": "#/definitions/GeospatialPointStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialPointStyle": { + "additionalProperties": false, + "properties": { + "CircleSymbolStyle": { + "$ref": "#/definitions/GeospatialCircleSymbolStyle" + } + }, + "type": "object" + }, "GeospatialPointStyleOptions": { "additionalProperties": false, "properties": { @@ -4797,13 +5476,81 @@ }, "type": "object" }, + "GeospatialPolygonLayer": { + "additionalProperties": false, + "properties": { + "Style": { + "$ref": "#/definitions/GeospatialPolygonStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialPolygonStyle": { + "additionalProperties": false, + "properties": { + "PolygonSymbolStyle": { + "$ref": "#/definitions/GeospatialPolygonSymbolStyle" + } + }, + "type": "object" + }, + "GeospatialPolygonSymbolStyle": { + "additionalProperties": false, + "properties": { + "FillColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeColor": { + "$ref": "#/definitions/GeospatialColor" + }, + "StrokeWidth": { + "$ref": "#/definitions/GeospatialLineWidth" + } + }, + "type": "object" + }, "GeospatialSelectedPointStyle": { "enum": [ "POINT", "CLUSTER", "HEATMAP" ], - "type": "string" + "type": "string" + }, + "GeospatialSolidColor": { + "additionalProperties": false, + "description": "Describes the properties for a solid color", + "properties": { + "Color": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "State": { + "$ref": "#/definitions/GeospatialColorState" + } + }, + "required": [ + "Color" + ], + "type": "object" + }, + "GeospatialStaticFileSource": { + "additionalProperties": false, + "properties": { + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" }, "GeospatialWindowOptions": { "additionalProperties": false, @@ -5047,6 +5794,9 @@ "FieldWells": { "$ref": "#/definitions/HeatMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5127,6 +5877,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5191,6 +5946,9 @@ "FieldWells": { "$ref": "#/definitions/HistogramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -5238,6 +5996,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5290,6 +6053,110 @@ ], "type": "string" }, + "ImageCustomAction": { + "additionalProperties": false, + "properties": { + "ActionOperations": { + "items": { + "$ref": "#/definitions/ImageCustomActionOperation" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "CustomActionId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Name": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/WidgetStatus" + }, + "Trigger": { + "$ref": "#/definitions/ImageCustomActionTrigger" + } + }, + "required": [ + "ActionOperations", + "CustomActionId", + "Name", + "Trigger" + ], + "type": "object" + }, + "ImageCustomActionOperation": { + "additionalProperties": false, + "properties": { + "NavigationOperation": { + "$ref": "#/definitions/CustomActionNavigationOperation" + }, + "SetParametersOperation": { + "$ref": "#/definitions/CustomActionSetParametersOperation" + }, + "URLOperation": { + "$ref": "#/definitions/CustomActionURLOperation" + } + }, + "type": "object" + }, + "ImageCustomActionTrigger": { + "enum": [ + "CLICK", + "MENU" + ], + "type": "string" + }, + "ImageInteractionOptions": { + "additionalProperties": false, + "properties": { + "ImageMenuOption": { + "$ref": "#/definitions/ImageMenuOption" + } + }, + "type": "object" + }, + "ImageMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, + "ImageStaticFile": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/StaticFileSource" + }, + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, + "InnerFilter": { + "additionalProperties": false, + "properties": { + "CategoryInnerFilter": { + "$ref": "#/definitions/CategoryInnerFilter" + } + }, + "type": "object" + }, "InsightConfiguration": { "additionalProperties": false, "properties": { @@ -5303,6 +6170,9 @@ }, "CustomNarrative": { "$ref": "#/definitions/CustomNarrativeOptions" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -5332,6 +6202,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5507,6 +6382,9 @@ "FieldWells": { "$ref": "#/definitions/KPIFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "KPIOptions": { "$ref": "#/definitions/KPIOptions" }, @@ -5631,42 +6509,181 @@ "$ref": "#/definitions/Visibility" } }, - "required": [ - "Type" - ], + "required": [ + "Type" + ], + "type": "object" + }, + "KPISparklineType": { + "enum": [ + "LINE", + "AREA" + ], + "type": "string" + }, + "KPIVisual": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "$ref": "#/definitions/VisualCustomAction" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "ChartConfiguration": { + "$ref": "#/definitions/KPIConfiguration" + }, + "ColumnHierarchies": { + "items": { + "$ref": "#/definitions/ColumnHierarchy" + }, + "maxItems": 2, + "minItems": 0, + "type": "array" + }, + "ConditionalFormatting": { + "$ref": "#/definitions/KPIConditionalFormatting" + }, + "Subtitle": { + "$ref": "#/definitions/VisualSubtitleLabelOptions" + }, + "Title": { + "$ref": "#/definitions/VisualTitleLabelOptions" + }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "VisualId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "VisualId" + ], + "type": "object" + }, + "KPIVisualLayoutOptions": { + "additionalProperties": false, + "properties": { + "StandardLayout": { + "$ref": "#/definitions/KPIVisualStandardLayout" + } + }, + "type": "object" + }, + "KPIVisualStandardLayout": { + "additionalProperties": false, + "properties": { + "Type": { + "$ref": "#/definitions/KPIVisualStandardLayoutType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "KPIVisualStandardLayoutType": { + "enum": [ + "CLASSIC", + "VERTICAL" + ], + "type": "string" + }, + "LabelOptions": { + "additionalProperties": false, + "properties": { + "CustomLabel": { + "type": "string" + }, + "FontConfiguration": { + "$ref": "#/definitions/FontConfiguration" + }, + "Visibility": { + "$ref": "#/definitions/Visibility" + } + }, + "type": "object" + }, + "LayerCustomAction": { + "additionalProperties": false, + "properties": { + "ActionOperations": { + "items": { + "$ref": "#/definitions/LayerCustomActionOperation" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "CustomActionId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Name": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/WidgetStatus" + }, + "Trigger": { + "$ref": "#/definitions/LayerCustomActionTrigger" + } + }, + "required": [ + "ActionOperations", + "CustomActionId", + "Name", + "Trigger" + ], + "type": "object" + }, + "LayerCustomActionOperation": { + "additionalProperties": false, + "properties": { + "FilterOperation": { + "$ref": "#/definitions/CustomActionFilterOperation" + }, + "NavigationOperation": { + "$ref": "#/definitions/CustomActionNavigationOperation" + }, + "SetParametersOperation": { + "$ref": "#/definitions/CustomActionSetParametersOperation" + }, + "URLOperation": { + "$ref": "#/definitions/CustomActionURLOperation" + } + }, "type": "object" }, - "KPISparklineType": { + "LayerCustomActionTrigger": { "enum": [ - "LINE", - "AREA" + "DATA_POINT_CLICK", + "DATA_POINT_MENU" ], "type": "string" }, - "KPIVisual": { + "LayerMapVisual": { "additionalProperties": false, "properties": { - "Actions": { - "items": { - "$ref": "#/definitions/VisualCustomAction" - }, - "maxItems": 10, - "minItems": 0, - "type": "array" - }, "ChartConfiguration": { - "$ref": "#/definitions/KPIConfiguration" - }, - "ColumnHierarchies": { - "items": { - "$ref": "#/definitions/ColumnHierarchy" - }, - "maxItems": 2, - "minItems": 0, - "type": "array" + "$ref": "#/definitions/GeospatialLayerMapConfiguration" }, - "ConditionalFormatting": { - "$ref": "#/definitions/KPIConditionalFormatting" + "DataSetIdentifier": { + "maxLength": 2048, + "minLength": 1, + "type": "string" }, "Subtitle": { "$ref": "#/definitions/VisualSubtitleLabelOptions" @@ -5674,6 +6691,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5682,53 +6704,11 @@ } }, "required": [ + "DataSetIdentifier", "VisualId" ], "type": "object" }, - "KPIVisualLayoutOptions": { - "additionalProperties": false, - "properties": { - "StandardLayout": { - "$ref": "#/definitions/KPIVisualStandardLayout" - } - }, - "type": "object" - }, - "KPIVisualStandardLayout": { - "additionalProperties": false, - "properties": { - "Type": { - "$ref": "#/definitions/KPIVisualStandardLayoutType" - } - }, - "required": [ - "Type" - ], - "type": "object" - }, - "KPIVisualStandardLayoutType": { - "enum": [ - "CLASSIC", - "VERTICAL" - ], - "type": "string" - }, - "LabelOptions": { - "additionalProperties": false, - "properties": { - "CustomLabel": { - "type": "string" - }, - "FontConfiguration": { - "$ref": "#/definitions/FontConfiguration" - }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } - }, - "type": "object" - }, "Layout": { "additionalProperties": false, "properties": { @@ -5761,7 +6741,8 @@ "VISUAL", "FILTER_CONTROL", "PARAMETER_CONTROL", - "TEXT_BOX" + "TEXT_BOX", + "IMAGE" ], "type": "string" }, @@ -5778,6 +6759,9 @@ "Title": { "$ref": "#/definitions/LabelOptions" }, + "ValueFontConfiguration": { + "$ref": "#/definitions/FontConfiguration" + }, "Visibility": { "$ref": "#/definitions/Visibility" }, @@ -5863,6 +6847,9 @@ "minItems": 0, "type": "array" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5894,6 +6881,9 @@ "minItems": 0, "type": "array" }, + "SingleAxisOptions": { + "$ref": "#/definitions/SingleAxisOptions" + }, "SmallMultiplesOptions": { "$ref": "#/definitions/SmallMultiplesOptions" }, @@ -6078,6 +7068,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -6367,6 +7362,34 @@ ], "type": "string" }, + "NestedFilter": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "FilterId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "IncludeInnerSet": { + "default": false, + "type": "boolean" + }, + "InnerFilter": { + "$ref": "#/definitions/InnerFilter" + } + }, + "required": [ + "Column", + "FilterId", + "IncludeInnerSet", + "InnerFilter" + ], + "type": "object" + }, "NullValueFormatConfiguration": { "additionalProperties": false, "properties": { @@ -6428,7 +7451,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -6866,6 +7891,9 @@ "CascadingControlConfiguration": { "$ref": "#/definitions/CascadingControlConfiguration" }, + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -7281,6 +8309,9 @@ "FieldWells": { "$ref": "#/definitions/PieChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -7367,6 +8398,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -7504,6 +8540,9 @@ "FieldWells": { "$ref": "#/definitions/PivotTableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/PivotTablePaginatedReportOptions" }, @@ -7822,6 +8861,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -7853,18 +8897,171 @@ "items": { "$ref": "#/definitions/TotalAggregationOption" }, - "maxItems": 200, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "TotalCellStyle": { + "$ref": "#/definitions/TableCellStyle" + }, + "TotalsVisibility": { + "$ref": "#/definitions/Visibility" + }, + "ValueCellStyle": { + "$ref": "#/definitions/TableCellStyle" + } + }, + "type": "object" + }, + "PluginVisual": { + "additionalProperties": false, + "properties": { + "ChartConfiguration": { + "$ref": "#/definitions/PluginVisualConfiguration" + }, + "PluginArn": { + "type": "string" + }, + "Subtitle": { + "$ref": "#/definitions/VisualSubtitleLabelOptions" + }, + "Title": { + "$ref": "#/definitions/VisualTitleLabelOptions" + }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "VisualId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "PluginArn", + "VisualId" + ], + "type": "object" + }, + "PluginVisualAxisName": { + "enum": [ + "GROUP_BY", + "VALUE" + ], + "type": "string" + }, + "PluginVisualConfiguration": { + "additionalProperties": false, + "properties": { + "FieldWells": { + "items": { + "$ref": "#/definitions/PluginVisualFieldWell" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "SortConfiguration": { + "$ref": "#/definitions/PluginVisualSortConfiguration" + }, + "VisualOptions": { + "$ref": "#/definitions/PluginVisualOptions" + } + }, + "type": "object" + }, + "PluginVisualFieldWell": { + "additionalProperties": false, + "properties": { + "AxisName": { + "$ref": "#/definitions/PluginVisualAxisName" + }, + "Dimensions": { + "items": { + "$ref": "#/definitions/DimensionField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Measures": { + "items": { + "$ref": "#/definitions/MeasureField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Unaggregated": { + "items": { + "$ref": "#/definitions/UnaggregatedField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, + "PluginVisualItemsLimitConfiguration": { + "additionalProperties": false, + "properties": { + "ItemsLimit": { + "default": null, + "type": "number" + } + }, + "type": "object" + }, + "PluginVisualOptions": { + "additionalProperties": false, + "properties": { + "VisualProperties": { + "items": { + "$ref": "#/definitions/PluginVisualProperty" + }, + "type": "array" + } + }, + "type": "object" + }, + "PluginVisualProperty": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "PluginVisualSortConfiguration": { + "additionalProperties": false, + "properties": { + "PluginVisualTableQuerySort": { + "$ref": "#/definitions/PluginVisualTableQuerySort" + } + }, + "type": "object" + }, + "PluginVisualTableQuerySort": { + "additionalProperties": false, + "properties": { + "ItemsLimitConfiguration": { + "$ref": "#/definitions/PluginVisualItemsLimitConfiguration" + }, + "RowSort": { + "items": { + "$ref": "#/definitions/FieldSortOptions" + }, + "maxItems": 100, "minItems": 0, "type": "array" - }, - "TotalCellStyle": { - "$ref": "#/definitions/TableCellStyle" - }, - "TotalsVisibility": { - "$ref": "#/definitions/Visibility" - }, - "ValueCellStyle": { - "$ref": "#/definitions/TableCellStyle" } }, "type": "object" @@ -7999,6 +9196,9 @@ "FieldWells": { "$ref": "#/definitions/RadarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -8100,6 +9300,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -8527,6 +9732,9 @@ "FieldWells": { "$ref": "#/definitions/SankeyDiagramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/SankeyDiagramSortConfiguration" } @@ -8582,6 +9790,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -8649,9 +9862,15 @@ "FieldWells": { "$ref": "#/definitions/ScatterPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, + "SortConfiguration": { + "$ref": "#/definitions/ScatterPlotSortConfiguration" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -8685,6 +9904,15 @@ }, "type": "object" }, + "ScatterPlotSortConfiguration": { + "additionalProperties": false, + "properties": { + "ScatterPlotLimitConfiguration": { + "$ref": "#/definitions/ItemsLimitConfiguration" + } + }, + "type": "object" + }, "ScatterPlotUnaggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -8759,6 +9987,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -9093,6 +10326,14 @@ "minItems": 0, "type": "array" }, + "Images": { + "items": { + "$ref": "#/definitions/SheetImage" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "Layouts": { "items": { "$ref": "#/definitions/Layout" @@ -9182,6 +10423,112 @@ ], "type": "object" }, + "SheetImage": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "$ref": "#/definitions/ImageCustomAction" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "ImageContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "Interactions": { + "$ref": "#/definitions/ImageInteractionOptions" + }, + "Scaling": { + "$ref": "#/definitions/SheetImageScalingConfiguration" + }, + "SheetImageId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Source": { + "$ref": "#/definitions/SheetImageSource" + }, + "Tooltip": { + "$ref": "#/definitions/SheetImageTooltipConfiguration" + } + }, + "required": [ + "SheetImageId", + "Source" + ], + "type": "object" + }, + "SheetImageScalingConfiguration": { + "additionalProperties": false, + "properties": { + "ScalingType": { + "$ref": "#/definitions/SheetImageScalingType" + } + }, + "type": "object" + }, + "SheetImageScalingType": { + "enum": [ + "SCALE_TO_WIDTH", + "SCALE_TO_HEIGHT", + "SCALE_TO_CONTAINER", + "SCALE_NONE" + ], + "type": "string" + }, + "SheetImageSource": { + "additionalProperties": false, + "properties": { + "SheetImageStaticFileSource": { + "$ref": "#/definitions/SheetImageStaticFileSource" + } + }, + "type": "object" + }, + "SheetImageStaticFileSource": { + "additionalProperties": false, + "properties": { + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, + "SheetImageTooltipConfiguration": { + "additionalProperties": false, + "properties": { + "TooltipText": { + "$ref": "#/definitions/SheetImageTooltipText" + }, + "Visibility": { + "$ref": "#/definitions/Visibility" + } + }, + "type": "object" + }, + "SheetImageTooltipText": { + "additionalProperties": false, + "properties": { + "PlainText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, "SheetLayoutElementMaximizationOption": { "additionalProperties": false, "description": "

The sheet layout maximization options of a dashbaord.

", @@ -9301,6 +10648,21 @@ ], "type": "string" }, + "SingleAxisOptions": { + "additionalProperties": false, + "properties": { + "YAxisOptions": { + "$ref": "#/definitions/YAxisOptions" + } + }, + "type": "object" + }, + "SingleYAxisOption": { + "enum": [ + "PRIMARY_Y_AXIS" + ], + "type": "string" + }, "SliderControlDisplayOptions": { "additionalProperties": false, "properties": { @@ -9393,6 +10755,24 @@ }, "type": "object" }, + "SpatialStaticFile": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/StaticFileSource" + }, + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, "SpecialValue": { "enum": [ "EMPTY", @@ -9401,6 +10781,62 @@ ], "type": "string" }, + "StaticFile": { + "additionalProperties": false, + "properties": { + "ImageStaticFile": { + "$ref": "#/definitions/ImageStaticFile" + }, + "SpatialStaticFile": { + "$ref": "#/definitions/SpatialStaticFile" + } + }, + "type": "object" + }, + "StaticFileS3SourceOptions": { + "additionalProperties": false, + "properties": { + "BucketName": { + "type": "string" + }, + "ObjectKey": { + "type": "string" + }, + "Region": { + "type": "string" + } + }, + "required": [ + "BucketName", + "ObjectKey", + "Region" + ], + "type": "object" + }, + "StaticFileSource": { + "additionalProperties": false, + "properties": { + "S3Options": { + "$ref": "#/definitions/StaticFileS3SourceOptions" + }, + "UrlOptions": { + "$ref": "#/definitions/StaticFileUrlSourceOptions" + } + }, + "type": "object" + }, + "StaticFileUrlSourceOptions": { + "additionalProperties": false, + "properties": { + "Url": { + "type": "string" + } + }, + "required": [ + "Url" + ], + "type": "object" + }, "StringDefaultValues": { "additionalProperties": false, "properties": { @@ -9695,6 +11131,9 @@ "FieldWells": { "$ref": "#/definitions/TableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/TablePaginatedReportOptions" }, @@ -9837,6 +11276,14 @@ "maxItems": 100, "minItems": 0, "type": "array" + }, + "TransposedTableOptions": { + "items": { + "$ref": "#/definitions/TransposedTableOption" + }, + "maxItems": 10001, + "minItems": 0, + "type": "array" } }, "type": "object" @@ -10044,6 +11491,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -10149,6 +11601,9 @@ "ThousandSeparatorOptions": { "additionalProperties": false, "properties": { + "GroupingStyle": { + "$ref": "#/definitions/DigitGroupingStyle" + }, "Symbol": { "$ref": "#/definitions/NumericSeparatorSymbol" }, @@ -10362,6 +11817,14 @@ }, "type": "object" }, + "TooltipTarget": { + "enum": [ + "BOTH", + "BAR", + "LINE" + ], + "type": "string" + }, "TooltipTitleType": { "enum": [ "NONE", @@ -10578,6 +12041,34 @@ }, "type": "object" }, + "TransposedColumnType": { + "enum": [ + "ROW_HEADER_COLUMN", + "VALUE_COLUMN" + ], + "type": "string" + }, + "TransposedTableOption": { + "additionalProperties": false, + "properties": { + "ColumnIndex": { + "maximum": 9999, + "minimum": 0, + "type": "number" + }, + "ColumnType": { + "$ref": "#/definitions/TransposedColumnType" + }, + "ColumnWidth": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + } + }, + "required": [ + "ColumnType" + ], + "type": "object" + }, "TreeMapAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -10626,6 +12117,9 @@ "GroupLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -10695,6 +12189,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -10860,6 +12359,9 @@ "KPIVisual": { "$ref": "#/definitions/KPIVisual" }, + "LayerMapVisual": { + "$ref": "#/definitions/LayerMapVisual" + }, "LineChartVisual": { "$ref": "#/definitions/LineChartVisual" }, @@ -10869,6 +12371,9 @@ "PivotTableVisual": { "$ref": "#/definitions/PivotTableVisual" }, + "PluginVisual": { + "$ref": "#/definitions/PluginVisual" + }, "RadarChartVisual": { "$ref": "#/definitions/RadarChartVisual" }, @@ -10964,6 +12469,18 @@ ], "type": "string" }, + "VisualInteractionOptions": { + "additionalProperties": false, + "properties": { + "ContextMenuOption": { + "$ref": "#/definitions/ContextMenuOption" + }, + "VisualMenuOption": { + "$ref": "#/definitions/VisualMenuOption" + } + }, + "type": "object" + }, "VisualMenuOption": { "additionalProperties": false, "properties": { @@ -11072,6 +12589,9 @@ "FieldWells": { "$ref": "#/definitions/WaterfallChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -11174,6 +12694,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -11265,6 +12790,9 @@ "FieldWells": { "$ref": "#/definitions/WordCloudFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/WordCloudSortConfiguration" }, @@ -11361,6 +12889,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -11402,6 +12935,18 @@ "NORMAL" ], "type": "string" + }, + "YAxisOptions": { + "additionalProperties": false, + "properties": { + "YAxis": { + "$ref": "#/definitions/SingleYAxisOption" + } + }, + "required": [ + "YAxis" + ], + "type": "object" } }, "description": "Definition of the AWS::QuickSight::Dashboard Resource Type.", @@ -11416,7 +12961,10 @@ "quicksight:PassDataSet", "quicksight:TagResource", "quicksight:UntagResource", - "quicksight:ListTagsForResource" + "quicksight:ListTagsForResource", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource" ] }, "delete": { @@ -11458,6 +13006,9 @@ "quicksight:DescribeTemplate", "quicksight:DescribeTheme", "quicksight:PassDataSet", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource", "quicksight:TagResource", "quicksight:UntagResource", "quicksight:ListTagsForResource" @@ -11496,6 +13047,14 @@ "Definition": { "$ref": "#/definitions/DashboardVersionDefinition" }, + "FolderArns": { + "items": { + "type": "string" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "LastPublishedTime": { "description": "

The last time that this dashboard was published.

", "format": "date-time", @@ -11575,6 +13134,18 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::Dashboard", "writeOnlyProperties": [ "/properties/DashboardPublishOptions", @@ -11584,6 +13155,7 @@ "/properties/SourceEntity", "/properties/ThemeArn", "/properties/VersionDescription", - "/properties/ValidationStrategy" + "/properties/ValidationStrategy", + "/properties/FolderArns" ] } diff --git a/src/schema/aws-quicksight-dataset.json b/src/schema/aws-quicksight-dataset.json index 18b70a92..705c9427 100644 --- a/src/schema/aws-quicksight-dataset.json +++ b/src/schema/aws-quicksight-dataset.json @@ -23,7 +23,7 @@ }, "Expression": { "description": "

An expression that defines the calculated column.

", - "maxLength": 4096, + "maxLength": 250000, "minLength": 1, "type": "string" } @@ -157,13 +157,10 @@ "$ref": "#/definitions/CalculatedColumn" }, "maxItems": 128, - "minItems": 1, + "minItems": 0, "type": "array" } }, - "required": [ - "Columns" - ], "type": "object" }, "CustomSql": { @@ -197,7 +194,6 @@ } }, "required": [ - "Columns", "DataSourceArn", "Name", "SqlQuery" @@ -215,13 +211,13 @@ "additionalProperties": false, "description": "

The refresh properties of a dataset.

", "properties": { + "FailureConfiguration": { + "$ref": "#/definitions/RefreshFailureConfiguration" + }, "RefreshConfiguration": { "$ref": "#/definitions/RefreshConfiguration" } }, - "required": [ - "RefreshConfiguration" - ], "type": "object" }, "DataSetUsageConfiguration": { @@ -241,6 +237,12 @@ }, "type": "object" }, + "DataSetUseAs": { + "enum": [ + "RLS_RULES" + ], + "type": "string" + }, "DatasetParameter": { "additionalProperties": false, "description": "

A dataset parameter.

", @@ -683,8 +685,7 @@ } }, "required": [ - "Alias", - "Source" + "Alias" ], "type": "object" }, @@ -856,6 +857,20 @@ ], "type": "object" }, + "PerformanceConfiguration": { + "additionalProperties": false, + "properties": { + "UniqueKeys": { + "items": { + "$ref": "#/definitions/UniqueKey" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + } + }, + "type": "object" + }, "PhysicalTable": { "additionalProperties": false, "description": "

A view of a data source that contains information about the shape of the data in the\n underlying source. This is a variant type structure. For this structure to be valid,\n only one of the attributes can be non-null.

", @@ -893,7 +908,7 @@ "type": "string" }, "maxItems": 2000, - "minItems": 1, + "minItems": 0, "type": "array" } }, @@ -915,6 +930,31 @@ ], "type": "object" }, + "RefreshFailureAlertStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "RefreshFailureConfiguration": { + "additionalProperties": false, + "properties": { + "EmailAlert": { + "$ref": "#/definitions/RefreshFailureEmailAlert" + } + }, + "type": "object" + }, + "RefreshFailureEmailAlert": { + "additionalProperties": false, + "properties": { + "AlertStatus": { + "$ref": "#/definitions/RefreshFailureAlertStatus" + } + }, + "type": "object" + }, "RelationalTable": { "additionalProperties": false, "description": "

A physical table type for relational data sources.

", @@ -953,7 +993,6 @@ }, "required": [ "DataSourceArn", - "InputColumns", "Name" ], "type": "object" @@ -976,8 +1015,7 @@ } }, "required": [ - "ColumnName", - "NewColumnName" + "ColumnName" ], "type": "object" }, @@ -1145,8 +1183,7 @@ } }, "required": [ - "DataSourceArn", - "InputColumns" + "DataSourceArn" ], "type": "object" }, @@ -1309,6 +1346,25 @@ }, "type": "object" }, + "UniqueKey": { + "additionalProperties": false, + "properties": { + "ColumnNames": { + "items": { + "maxLength": 127, + "minLength": 1, + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "ColumnNames" + ], + "type": "object" + }, "UntagColumnOperation": { "additionalProperties": false, "description": "

A transform operation that removes tags associated with a column.

", @@ -1376,7 +1432,10 @@ "quicksight:TagResource", "quicksight:ListTagsForResource", "quicksight:DescribeDataSetRefreshProperties", - "quicksight:PutDataSetRefreshProperties" + "quicksight:PutDataSetRefreshProperties", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource" ] }, "delete": { @@ -1414,6 +1473,9 @@ "quicksight:DescribeIngestion", "quicksight:ListIngestions", "quicksight:CancelIngestion", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource", "quicksight:TagResource", "quicksight:UntagResource", "quicksight:ListTagsForResource", @@ -1486,6 +1548,15 @@ "FieldFolders": { "$ref": "#/definitions/FieldFolderMap" }, + "FolderArns": { + "description": "

When you create the dataset, Amazon QuickSight adds the dataset to these folders.

", + "items": { + "type": "string" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "ImportMode": { "$ref": "#/definitions/DataSetImportMode" }, @@ -1513,6 +1584,9 @@ }, "type": "array" }, + "PerformanceConfiguration": { + "$ref": "#/definitions/PerformanceConfiguration" + }, "Permissions": { "description": "

A list of resource permissions on the dataset.

", "items": { @@ -1539,6 +1613,9 @@ "maxItems": 200, "minItems": 1, "type": "array" + }, + "UseAs": { + "$ref": "#/definitions/DataSetUseAs" } }, "readOnlyProperties": [ @@ -1550,6 +1627,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -1558,6 +1640,7 @@ "typeName": "AWS::QuickSight::DataSet", "writeOnlyProperties": [ "/properties/FieldFolders", - "/properties/IngestionWaitPolicy" + "/properties/IngestionWaitPolicy", + "/properties/FolderArns" ] } diff --git a/src/schema/aws-quicksight-datasource.json b/src/schema/aws-quicksight-datasource.json index 360950e2..e3e43d57 100644 --- a/src/schema/aws-quicksight-datasource.json +++ b/src/schema/aws-quicksight-datasource.json @@ -119,6 +119,14 @@ ], "type": "object" }, + "AuthenticationType": { + "enum": [ + "PASSWORD", + "TOKEN", + "X509" + ], + "type": "string" + }, "AwsIotAnalyticsParameters": { "additionalProperties": false, "description": "

The parameters for IoT Analytics.

", @@ -309,6 +317,7 @@ "PRESTO", "REDSHIFT", "S3", + "S3_TABLES", "SALESFORCE", "SERVICENOW", "SNOWFLAKE", @@ -324,7 +333,9 @@ "MONGO", "MONGO_ATLAS", "DOCUMENTDB", - "APPFLOW" + "APPFLOW", + "IMPALA", + "GLUE" ], "type": "string" }, @@ -456,6 +467,33 @@ ], "type": "object" }, + "OAuthParameters": { + "additionalProperties": false, + "properties": { + "IdentityProviderResourceUri": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "IdentityProviderVpcConnectionProperties": { + "$ref": "#/definitions/VpcConnectionProperties" + }, + "OAuthScope": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "TokenProviderUrl": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "TokenProviderUrl" + ], + "type": "object" + }, "OracleParameters": { "additionalProperties": false, "description": "

The parameters for Oracle.

", @@ -715,18 +753,29 @@ "additionalProperties": false, "description": "

The parameters for Snowflake.

", "properties": { + "AuthenticationType": { + "$ref": "#/definitions/AuthenticationType" + }, "Database": { "description": "

Database.

", "maxLength": 128, "minLength": 1, "type": "string" }, + "DatabaseAccessControlRole": { + "maxLength": 128, + "minLength": 0, + "type": "string" + }, "Host": { "description": "

Host.

", "maxLength": 256, "minLength": 1, "type": "string" }, + "OAuthParameters": { + "$ref": "#/definitions/OAuthParameters" + }, "Warehouse": { "description": "

Warehouse.

", "maxLength": 128, @@ -812,18 +861,29 @@ "additionalProperties": false, "description": "

The parameters that are required to connect to a Starburst data source.

", "properties": { + "AuthenticationType": { + "$ref": "#/definitions/AuthenticationType" + }, "Catalog": { "description": "

The catalog name for the Starburst data source.

", "maxLength": 128, "minLength": 0, "type": "string" }, + "DatabaseAccessControlRole": { + "maxLength": 128, + "minLength": 0, + "type": "string" + }, "Host": { "description": "

The host name of the Starburst data source.

", "maxLength": 256, "minLength": 1, "type": "string" }, + "OAuthParameters": { + "$ref": "#/definitions/OAuthParameters" + }, "Port": { "default": 0, "description": "

The port for the Starburst data source.

", @@ -957,7 +1017,10 @@ "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", "quicksight:TagResource", - "quicksight:ListTagsForResource" + "quicksight:ListTagsForResource", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource" ] }, "delete": { @@ -987,6 +1050,9 @@ "quicksight:DescribeDataSourcePermissions", "quicksight:UpdateDataSource", "quicksight:UpdateDataSourcePermissions", + "quicksight:CreateFolderMembership", + "quicksight:DeleteFolderMembership", + "quicksight:ListFoldersForResource", "quicksight:TagResource", "quicksight:UntagResource", "quicksight:ListTagsForResource" @@ -1034,6 +1100,14 @@ "ErrorInfo": { "$ref": "#/definitions/DataSourceErrorInfo" }, + "FolderArns": { + "items": { + "type": "string" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "LastUpdatedTime": { "description": "

The last time that this data source was updated.

", "format": "date-time", @@ -1084,8 +1158,21 @@ "Type" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::DataSource", "writeOnlyProperties": [ - "/properties/Credentials" + "/properties/Credentials", + "/properties/FolderArns" ] } diff --git a/src/schema/aws-quicksight-folder.json b/src/schema/aws-quicksight-folder.json new file mode 100644 index 00000000..315ffdbf --- /dev/null +++ b/src/schema/aws-quicksight-folder.json @@ -0,0 +1,204 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ParentFolderArn", + "/properties/SharingModel", + "/properties/FolderType", + "/properties/FolderId", + "/properties/AwsAccountId" + ], + "definitions": { + "FolderType": { + "enum": [ + "SHARED", + "RESTRICTED" + ], + "type": "string" + }, + "ResourcePermission": { + "additionalProperties": false, + "description": "

Permission for the resource.

", + "properties": { + "Actions": { + "description": "

The IAM action to grant or revoke permissions on.

", + "insertionOrder": false, + "items": { + "type": "string" + }, + "maxItems": 20, + "minItems": 1, + "type": "array" + }, + "Principal": { + "description": "

The Amazon Resource Name (ARN) of the principal. This can be one of the\n following:

\n
    \n
  • \n

    The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)

    \n
    • \n
  • \n

    The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)

    \n
    • \n
  • \n

    The ARN of an Amazon Web Services account root: This is an IAM ARN rather than a QuickSight\n ARN. Use this option only to share resources (templates) across Amazon Web Services accounts.\n (This is less common.)

    \n
    • \n
", + "maxLength": 256, + "minLength": 1, + "pattern": "^arn:.*", + "type": "string" + } + }, + "required": [ + "Actions", + "Principal" + ], + "type": "object" + }, + "SharingModel": { + "enum": [ + "ACCOUNT", + "NAMESPACE" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "description": "

The key or keys of the key-value pairs for the resource tag or tags assigned to the\n resource.

", + "properties": { + "Key": { + "description": "

Tag key.

", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "

Tag value.

", + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Definition of the AWS::QuickSight::Folder Resource Type.", + "handlers": { + "create": { + "permissions": [ + "quicksight:CreateFolder", + "quicksight:DescribeFolder", + "quicksight:UpdateFolderPermissions", + "quicksight:DescribeFolderPermissions", + "quicksight:TagResource", + "quicksight:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "quicksight:DeleteFolder" + ] + }, + "list": { + "permissions": [ + "quicksight:ListFolders" + ] + }, + "read": { + "permissions": [ + "quicksight:DescribeFolder", + "quicksight:DescribeFolderPermissions", + "quicksight:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "quicksight:DescribeFolder", + "quicksight:UpdateFolder", + "quicksight:DescribeFolderPermissions", + "quicksight:UpdateFolderPermissions", + "quicksight:ListTagsForResource", + "quicksight:TagResource", + "quicksight:UntagResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/AwsAccountId", + "/properties/FolderId" + ], + "properties": { + "Arn": { + "description": "

The Amazon Resource Name (ARN) for the folder.

", + "pattern": "^arn:.*", + "type": "string" + }, + "AwsAccountId": { + "maxLength": 12, + "minLength": 12, + "pattern": "^[0-9]{12}$", + "type": "string" + }, + "CreatedTime": { + "description": "

The time that the folder was created.

", + "format": "date-time", + "type": "string" + }, + "FolderId": { + "maxLength": 2048, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "FolderType": { + "$ref": "#/definitions/FolderType" + }, + "LastUpdatedTime": { + "description": "

The time that the folder was last updated.

", + "format": "date-time", + "type": "string" + }, + "Name": { + "maxLength": 200, + "minLength": 1, + "type": "string" + }, + "ParentFolderArn": { + "type": "string" + }, + "Permissions": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ResourcePermission" + }, + "maxItems": 64, + "minItems": 1, + "type": "array" + }, + "SharingModel": { + "$ref": "#/definitions/SharingModel" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 1, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/CreatedTime", + "/properties/LastUpdatedTime" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::QuickSight::Folder", + "writeOnlyProperties": [ + "/properties/ParentFolderArn" + ] +} diff --git a/src/schema/aws-quicksight-template.json b/src/schema/aws-quicksight-template.json index 3e21f0fb..5104466c 100644 --- a/src/schema/aws-quicksight-template.json +++ b/src/schema/aws-quicksight-template.json @@ -209,9 +209,7 @@ "AxisDisplayOptions": { "additionalProperties": false, "properties": { - "AxisLineVisibility": { - "$ref": "#/definitions/Visibility" - }, + "AxisLineVisibility": {}, "AxisOffset": { "description": "String based length that is composed of value and unit in px", "type": "string" @@ -219,9 +217,7 @@ "DataOptions": { "$ref": "#/definitions/AxisDataOptions" }, - "GridLineVisibility": { - "$ref": "#/definitions/Visibility" - }, + "GridLineVisibility": {}, "ScrollbarOptions": { "$ref": "#/definitions/ScrollBarOptions" }, @@ -392,6 +388,9 @@ "FieldWells": { "$ref": "#/definitions/BarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -510,6 +509,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -573,6 +577,9 @@ "PageBreakConfiguration": { "$ref": "#/definitions/SectionPageBreakConfiguration" }, + "RepeatConfiguration": { + "$ref": "#/definitions/BodySectionRepeatConfiguration" + }, "SectionId": { "maxLength": 512, "minLength": 1, @@ -598,6 +605,105 @@ }, "type": "object" }, + "BodySectionDynamicCategoryDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionDynamicNumericDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionRepeatConfiguration": { + "additionalProperties": false, + "properties": { + "DimensionConfigurations": { + "items": { + "$ref": "#/definitions/BodySectionRepeatDimensionConfiguration" + }, + "maxItems": 3, + "minItems": 0, + "type": "array" + }, + "NonRepeatingVisuals": { + "items": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "PageBreakConfiguration": { + "$ref": "#/definitions/BodySectionRepeatPageBreakConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "DynamicCategoryDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicCategoryDimensionConfiguration" + }, + "DynamicNumericDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicNumericDimensionConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatPageBreakConfiguration": { + "additionalProperties": false, + "properties": { + "After": { + "$ref": "#/definitions/SectionAfterPageBreak" + } + }, + "type": "object" + }, "BoxPlotAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -635,6 +741,9 @@ "FieldWells": { "$ref": "#/definitions/BoxPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -683,12 +792,8 @@ "BoxPlotOptions": { "additionalProperties": false, "properties": { - "AllDataPointsVisibility": { - "$ref": "#/definitions/Visibility" - }, - "OutlierVisibility": { - "$ref": "#/definitions/Visibility" - }, + "AllDataPointsVisibility": {}, + "OutlierVisibility": {}, "StyleOptions": { "$ref": "#/definitions/BoxPlotStyleOptions" } @@ -749,6 +854,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -971,6 +1081,25 @@ ], "type": "string" }, + "CategoryInnerFilter": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Configuration": { + "$ref": "#/definitions/CategoryFilterConfiguration" + }, + "DefaultFilterControlConfiguration": { + "$ref": "#/definitions/DefaultFilterControlConfiguration" + } + }, + "required": [ + "Column", + "Configuration" + ], + "type": "object" + }, "ChartAxisLabelOptions": { "additionalProperties": false, "properties": { @@ -982,12 +1111,8 @@ "minItems": 0, "type": "array" }, - "SortIconVisibility": { - "$ref": "#/definitions/Visibility" - }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "SortIconVisibility": {}, + "Visibility": {} }, "type": "object" }, @@ -1198,9 +1323,10 @@ "Label": { "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "TooltipTarget": { + "$ref": "#/definitions/TooltipTarget" + }, + "Visibility": {} }, "required": [ "Column" @@ -1266,6 +1392,9 @@ "FieldWells": { "$ref": "#/definitions/ComboChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1292,6 +1421,9 @@ "SecondaryYAxisLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "SingleAxisOptions": { + "$ref": "#/definitions/SingleAxisOptions" + }, "SortConfiguration": { "$ref": "#/definitions/ComboChartSortConfiguration" }, @@ -1369,6 +1501,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -1381,6 +1518,13 @@ ], "type": "object" }, + "CommitMode": { + "enum": [ + "AUTO", + "MANUAL" + ], + "type": "string" + }, "ComparisonConfiguration": { "additionalProperties": false, "properties": { @@ -1595,6 +1739,15 @@ ], "type": "object" }, + "ContextMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "ContributionAnalysisDefault": { "additionalProperties": false, "properties": { @@ -1754,6 +1907,9 @@ }, "ImageScaling": { "$ref": "#/definitions/CustomContentImageScalingConfiguration" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -1799,6 +1955,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -1939,6 +2100,13 @@ ], "type": "object" }, + "DashboardBehavior": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "DataBarsOptions": { "additionalProperties": false, "properties": { @@ -2010,9 +2178,7 @@ "DataLabelOptions": { "additionalProperties": false, "properties": { - "CategoryLabelVisibility": { - "$ref": "#/definitions/Visibility" - }, + "CategoryLabelVisibility": {}, "DataLabelTypes": { "items": { "$ref": "#/definitions/DataLabelType" @@ -2031,21 +2197,15 @@ "LabelFontConfiguration": { "$ref": "#/definitions/FontConfiguration" }, - "MeasureLabelVisibility": { - "$ref": "#/definitions/Visibility" - }, + "MeasureLabelVisibility": {}, "Overlap": { "$ref": "#/definitions/DataLabelOverlap" }, "Position": { "$ref": "#/definitions/DataLabelPosition" }, - "TotalsVisibility": { - "$ref": "#/definitions/Visibility" - }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "TotalsVisibility": {}, + "Visibility": {} }, "type": "object" }, @@ -2121,9 +2281,7 @@ "minLength": 0, "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -2247,9 +2405,7 @@ "DateAxisOptions": { "additionalProperties": false, "properties": { - "MissingDateVisibility": { - "$ref": "#/definitions/Visibility" - } + "MissingDateVisibility": {} }, "type": "object" }, @@ -2401,11 +2557,13 @@ "DateTimePickerControlDisplayOptions": { "additionalProperties": false, "properties": { + "DateIconVisibility": {}, "DateTimeFormat": { "maxLength": 128, "minLength": 1, "type": "string" }, + "HelperTextVisibility": {}, "InfoIconLabelOptions": { "$ref": "#/definitions/SheetControlInfoIconLabelOptions" }, @@ -2520,6 +2678,9 @@ "DefaultDateTimePickerControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DateTimePickerControlDisplayOptions" }, @@ -2577,6 +2738,9 @@ "DefaultFilterDropDownControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -2667,6 +2831,9 @@ "DefaultRelativeDateTimeControlOptions": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/RelativeDateTimeControlDisplayOptions" } @@ -2760,6 +2927,13 @@ }, "type": "object" }, + "DigitGroupingStyle": { + "enum": [ + "DEFAULT", + "LAKHS" + ], + "type": "string" + }, "DimensionField": { "additionalProperties": false, "properties": { @@ -2778,9 +2952,7 @@ "DonutCenterOptions": { "additionalProperties": false, "properties": { - "LabelVisibility": { - "$ref": "#/definitions/Visibility" - } + "LabelVisibility": {} }, "type": "object" }, @@ -2937,9 +3109,7 @@ "FieldBasedTooltip": { "additionalProperties": false, "properties": { - "AggregationVisibility": { - "$ref": "#/definitions/Visibility" - }, + "AggregationVisibility": {}, "TooltipFields": { "items": { "$ref": "#/definitions/TooltipItem" @@ -2962,9 +3132,7 @@ "minLength": 1, "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -3030,9 +3198,10 @@ "Label": { "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "TooltipTarget": { + "$ref": "#/definitions/TooltipTarget" + }, + "Visibility": {} }, "required": [ "FieldId" @@ -3096,6 +3265,9 @@ "FieldWells": { "$ref": "#/definitions/FilledMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -3185,6 +3357,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -3203,6 +3380,9 @@ "CategoryFilter": { "$ref": "#/definitions/CategoryFilter" }, + "NestedFilter": { + "$ref": "#/definitions/NestedFilter" + }, "NumericEqualityFilter": { "$ref": "#/definitions/NumericEqualityFilter" }, @@ -3282,6 +3462,9 @@ "FilterDateTimePickerControl": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DateTimePickerControlDisplayOptions" }, @@ -3319,6 +3502,9 @@ "CascadingControlConfiguration": { "$ref": "#/definitions/CascadingControlConfiguration" }, + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -3504,6 +3690,9 @@ "FilterRelativeDateTimeControl": { "additionalProperties": false, "properties": { + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/RelativeDateTimeControlDisplayOptions" }, @@ -3691,6 +3880,9 @@ "FontDecoration": { "$ref": "#/definitions/FontDecoration" }, + "FontFamily": { + "type": "string" + }, "FontSize": { "$ref": "#/definitions/FontSize" }, @@ -3713,6 +3905,10 @@ "FontSize": { "additionalProperties": false, "properties": { + "Absolute": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + }, "Relative": { "$ref": "#/definitions/RelativeFontSize" } @@ -3909,9 +4105,7 @@ "SelectedBorderStyle": { "$ref": "#/definitions/FreeFormLayoutElementBorderStyle" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - }, + "Visibility": {}, "Width": { "description": "String based length that is composed of value and unit in px", "type": "string" @@ -3942,9 +4136,7 @@ "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -3955,9 +4147,7 @@ "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -4025,6 +4215,9 @@ "FieldWells": { "$ref": "#/definitions/FunnelChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/FunnelChartSortConfiguration" }, @@ -4043,9 +4236,7 @@ "FunnelChartDataLabelOptions": { "additionalProperties": false, "properties": { - "CategoryLabelVisibility": { - "$ref": "#/definitions/Visibility" - }, + "CategoryLabelVisibility": {}, "LabelColor": { "pattern": "^#[A-F0-9]{6}$", "type": "string" @@ -4056,15 +4247,11 @@ "MeasureDataLabelStyle": { "$ref": "#/definitions/FunnelChartMeasureDataLabelStyle" }, - "MeasureLabelVisibility": { - "$ref": "#/definitions/Visibility" - }, + "MeasureLabelVisibility": {}, "Position": { "$ref": "#/definitions/DataLabelPosition" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -4132,6 +4319,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4153,6 +4345,20 @@ }, "type": "object" }, + "GaugeChartColorConfiguration": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + }, + "ForegroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "type": "object" + }, "GaugeChartConditionalFormatting": { "additionalProperties": false, "properties": { @@ -4182,6 +4388,9 @@ "GaugeChartConfiguration": { "additionalProperties": false, "properties": { + "ColorConfiguration": { + "$ref": "#/definitions/GaugeChartColorConfiguration" + }, "DataLabels": { "$ref": "#/definitions/DataLabelOptions" }, @@ -4191,6 +4400,9 @@ "GaugeChartOptions": { "$ref": "#/definitions/GaugeChartOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "TooltipOptions": { "$ref": "#/definitions/TooltipOptions" }, @@ -4278,6 +4490,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4461,6 +4678,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4473,49 +4695,158 @@ ], "type": "object" }, - "GeospatialPointStyleOptions": { + "GeospatialNullDataSettings": { "additionalProperties": false, "properties": { - "ClusterMarkerConfiguration": { - "$ref": "#/definitions/ClusterMarkerConfiguration" - }, - "HeatmapConfiguration": { - "$ref": "#/definitions/GeospatialHeatmapConfiguration" - }, - "SelectedPointStyle": { - "$ref": "#/definitions/GeospatialSelectedPointStyle" + "SymbolStyle": { + "$ref": "#/definitions/GeospatialNullSymbolStyle" } }, - "type": "object" - }, - "GeospatialSelectedPointStyle": { - "enum": [ - "POINT", - "CLUSTER", - "HEATMAP" + "required": [ + "SymbolStyle" ], - "type": "string" + "type": "object" }, - "GeospatialWindowOptions": { + "GeospatialNullSymbolStyle": { "additionalProperties": false, "properties": { - "Bounds": { - "$ref": "#/definitions/GeospatialCoordinateBounds" + "FillColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" }, - "MapZoomMode": { - "$ref": "#/definitions/MapZoomMode" + "StrokeColor": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "StrokeWidth": { + "minimum": 0, + "type": "number" } }, "type": "object" }, - "GlobalTableBorderOptions": { + "GeospatialPointLayer": { "additionalProperties": false, "properties": { - "SideSpecificBorder": { - "$ref": "#/definitions/TableSideBorderOptions" - }, - "UniformBorder": { - "$ref": "#/definitions/TableBorderOptions" + "Style": { + "$ref": "#/definitions/GeospatialPointStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialPointStyle": { + "additionalProperties": false, + "properties": { + "CircleSymbolStyle": {} + }, + "type": "object" + }, + "GeospatialPointStyleOptions": { + "additionalProperties": false, + "properties": { + "ClusterMarkerConfiguration": { + "$ref": "#/definitions/ClusterMarkerConfiguration" + }, + "HeatmapConfiguration": { + "$ref": "#/definitions/GeospatialHeatmapConfiguration" + }, + "SelectedPointStyle": { + "$ref": "#/definitions/GeospatialSelectedPointStyle" + } + }, + "type": "object" + }, + "GeospatialPolygonLayer": { + "additionalProperties": false, + "properties": { + "Style": { + "$ref": "#/definitions/GeospatialPolygonStyle" + } + }, + "required": [ + "Style" + ], + "type": "object" + }, + "GeospatialPolygonStyle": { + "additionalProperties": false, + "properties": { + "PolygonSymbolStyle": { + "$ref": "#/definitions/GeospatialPolygonSymbolStyle" + } + }, + "type": "object" + }, + "GeospatialPolygonSymbolStyle": { + "additionalProperties": false, + "properties": { + "FillColor": {}, + "StrokeColor": {}, + "StrokeWidth": {} + }, + "type": "object" + }, + "GeospatialSelectedPointStyle": { + "enum": [ + "POINT", + "CLUSTER", + "HEATMAP" + ], + "type": "string" + }, + "GeospatialSolidColor": { + "additionalProperties": false, + "description": "Describes the properties for a solid color", + "properties": { + "Color": { + "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", + "type": "string" + }, + "State": {} + }, + "required": [ + "Color" + ], + "type": "object" + }, + "GeospatialStaticFileSource": { + "additionalProperties": false, + "properties": { + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, + "GeospatialWindowOptions": { + "additionalProperties": false, + "properties": { + "Bounds": { + "$ref": "#/definitions/GeospatialCoordinateBounds" + }, + "MapZoomMode": { + "$ref": "#/definitions/MapZoomMode" + } + }, + "type": "object" + }, + "GlobalTableBorderOptions": { + "additionalProperties": false, + "properties": { + "SideSpecificBorder": { + "$ref": "#/definitions/TableSideBorderOptions" + }, + "UniformBorder": { + "$ref": "#/definitions/TableBorderOptions" } }, "type": "object" @@ -4738,6 +5069,9 @@ "FieldWells": { "$ref": "#/definitions/HeatMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -4818,6 +5152,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4882,6 +5221,9 @@ "FieldWells": { "$ref": "#/definitions/HistogramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -4929,6 +5271,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -4981,6 +5328,110 @@ ], "type": "string" }, + "ImageCustomAction": { + "additionalProperties": false, + "properties": { + "ActionOperations": { + "items": { + "$ref": "#/definitions/ImageCustomActionOperation" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "CustomActionId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Name": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/WidgetStatus" + }, + "Trigger": { + "$ref": "#/definitions/ImageCustomActionTrigger" + } + }, + "required": [ + "ActionOperations", + "CustomActionId", + "Name", + "Trigger" + ], + "type": "object" + }, + "ImageCustomActionOperation": { + "additionalProperties": false, + "properties": { + "NavigationOperation": { + "$ref": "#/definitions/CustomActionNavigationOperation" + }, + "SetParametersOperation": { + "$ref": "#/definitions/CustomActionSetParametersOperation" + }, + "URLOperation": { + "$ref": "#/definitions/CustomActionURLOperation" + } + }, + "type": "object" + }, + "ImageCustomActionTrigger": { + "enum": [ + "CLICK", + "MENU" + ], + "type": "string" + }, + "ImageInteractionOptions": { + "additionalProperties": false, + "properties": { + "ImageMenuOption": { + "$ref": "#/definitions/ImageMenuOption" + } + }, + "type": "object" + }, + "ImageMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, + "ImageStaticFile": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/StaticFileSource" + }, + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, + "InnerFilter": { + "additionalProperties": false, + "properties": { + "CategoryInnerFilter": { + "$ref": "#/definitions/CategoryInnerFilter" + } + }, + "type": "object" + }, "InsightConfiguration": { "additionalProperties": false, "properties": { @@ -4994,6 +5445,9 @@ }, "CustomNarrative": { "$ref": "#/definitions/CustomNarrativeOptions" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -5023,6 +5477,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5174,6 +5633,9 @@ "FieldWells": { "$ref": "#/definitions/KPIFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "KPIOptions": { "$ref": "#/definitions/KPIOptions" }, @@ -5288,15 +5750,11 @@ "pattern": "^#[A-F0-9]{6}$", "type": "string" }, - "TooltipVisibility": { - "$ref": "#/definitions/Visibility" - }, + "TooltipVisibility": {}, "Type": { "$ref": "#/definitions/KPISparklineType" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "required": [ "Type" @@ -5341,6 +5799,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5390,12 +5853,105 @@ "FontConfiguration": { "$ref": "#/definitions/FontConfiguration" }, - "Visibility": { - "$ref": "#/definitions/Visibility" + "Visibility": {} + }, + "type": "object" + }, + "LayerCustomAction": { + "additionalProperties": false, + "properties": { + "ActionOperations": { + "items": { + "$ref": "#/definitions/LayerCustomActionOperation" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "CustomActionId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Name": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Status": { + "$ref": "#/definitions/WidgetStatus" + }, + "Trigger": { + "$ref": "#/definitions/LayerCustomActionTrigger" + } + }, + "required": [ + "ActionOperations", + "CustomActionId", + "Name", + "Trigger" + ], + "type": "object" + }, + "LayerCustomActionOperation": { + "additionalProperties": false, + "properties": { + "FilterOperation": { + "$ref": "#/definitions/CustomActionFilterOperation" + }, + "NavigationOperation": { + "$ref": "#/definitions/CustomActionNavigationOperation" + }, + "SetParametersOperation": { + "$ref": "#/definitions/CustomActionSetParametersOperation" + }, + "URLOperation": { + "$ref": "#/definitions/CustomActionURLOperation" } }, "type": "object" }, + "LayerCustomActionTrigger": { + "enum": [ + "DATA_POINT_CLICK", + "DATA_POINT_MENU" + ], + "type": "string" + }, + "LayerMapVisual": { + "additionalProperties": false, + "properties": { + "ChartConfiguration": {}, + "DataSetIdentifier": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "Subtitle": { + "$ref": "#/definitions/VisualSubtitleLabelOptions" + }, + "Title": { + "$ref": "#/definitions/VisualTitleLabelOptions" + }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "VisualId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "DataSetIdentifier", + "VisualId" + ], + "type": "object" + }, "Layout": { "additionalProperties": false, "properties": { @@ -5428,7 +5984,8 @@ "VISUAL", "FILTER_CONTROL", "PARAMETER_CONTROL", - "TEXT_BOX" + "TEXT_BOX", + "IMAGE" ], "type": "string" }, @@ -5445,9 +6002,10 @@ "Title": { "$ref": "#/definitions/LabelOptions" }, - "Visibility": { - "$ref": "#/definitions/Visibility" + "ValueFontConfiguration": { + "$ref": "#/definitions/FontConfiguration" }, + "Visibility": {}, "Width": { "description": "String based length that is composed of value and unit in px", "type": "string" @@ -5530,6 +6088,9 @@ "minItems": 0, "type": "array" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5561,6 +6122,9 @@ "minItems": 0, "type": "array" }, + "SingleAxisOptions": { + "$ref": "#/definitions/SingleAxisOptions" + }, "SmallMultiplesOptions": { "$ref": "#/definitions/SmallMultiplesOptions" }, @@ -5626,9 +6190,7 @@ "LineStyle": { "$ref": "#/definitions/LineChartLineStyle" }, - "LineVisibility": { - "$ref": "#/definitions/Visibility" - }, + "LineVisibility": {}, "LineWidth": { "description": "String based length that is composed of value and unit in px", "type": "string" @@ -5660,9 +6222,7 @@ "description": "String based length that is composed of value and unit in px", "type": "string" }, - "MarkerVisibility": { - "$ref": "#/definitions/Visibility" - } + "MarkerVisibility": {} }, "type": "object" }, @@ -5745,6 +6305,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -5803,27 +6368,21 @@ "ListControlSearchOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, "ListControlSelectAllOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, "LoadingAnimation": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -5889,9 +6448,7 @@ "MaximumLabelType": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -5978,9 +6535,7 @@ "MinimumLabelType": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -6020,6 +6575,34 @@ ], "type": "string" }, + "NestedFilter": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "FilterId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "IncludeInnerSet": { + "default": false, + "type": "boolean" + }, + "InnerFilter": { + "$ref": "#/definitions/InnerFilter" + } + }, + "required": [ + "Column", + "FilterId", + "IncludeInnerSet", + "InnerFilter" + ], + "type": "object" + }, "NullValueFormatConfiguration": { "additionalProperties": false, "properties": { @@ -6081,7 +6664,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -6372,9 +6957,7 @@ "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", "type": "string" }, - "BackgroundVisibility": { - "$ref": "#/definitions/Visibility" - }, + "BackgroundVisibility": {}, "BorderColor": { "pattern": "^#[A-F0-9]{6}(?:[A-F0-9]{2})?$", "type": "string" @@ -6386,16 +6969,12 @@ "description": "String based length that is composed of value and unit in px", "type": "string" }, - "BorderVisibility": { - "$ref": "#/definitions/Visibility" - }, + "BorderVisibility": {}, "GutterSpacing": { "description": "String based length that is composed of value and unit in px", "type": "string" }, - "GutterVisibility": { - "$ref": "#/definitions/Visibility" - }, + "GutterVisibility": {}, "Title": { "$ref": "#/definitions/PanelTitleOptions" } @@ -6411,9 +6990,7 @@ "HorizontalTextAlignment": { "$ref": "#/definitions/HorizontalTextAlignment" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -6519,6 +7096,9 @@ "CascadingControlConfiguration": { "$ref": "#/definitions/CascadingControlConfiguration" }, + "CommitMode": { + "$ref": "#/definitions/CommitMode" + }, "DisplayOptions": { "$ref": "#/definitions/DropDownControlDisplayOptions" }, @@ -6891,6 +7471,9 @@ "FieldWells": { "$ref": "#/definitions/PieChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -6977,6 +7560,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -7114,6 +7702,9 @@ "FieldWells": { "$ref": "#/definitions/PivotTableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/PivotTablePaginatedReportOptions" }, @@ -7211,9 +7802,7 @@ "minLength": 1, "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "required": [ "FieldId" @@ -7281,15 +7870,11 @@ "CellStyle": { "$ref": "#/definitions/TableCellStyle" }, - "CollapsedRowDimensionsVisibility": { - "$ref": "#/definitions/Visibility" - }, + "CollapsedRowDimensionsVisibility": {}, "ColumnHeaderStyle": { "$ref": "#/definitions/TableCellStyle" }, - "ColumnNamesVisibility": { - "$ref": "#/definitions/Visibility" - }, + "ColumnNamesVisibility": {}, "DefaultCellWidth": { "description": "String based length that is composed of value and unit in px", "type": "string" @@ -7312,24 +7897,16 @@ "RowsLayout": { "$ref": "#/definitions/PivotTableRowsLayout" }, - "SingleMetricVisibility": { - "$ref": "#/definitions/Visibility" - }, - "ToggleButtonsVisibility": { - "$ref": "#/definitions/Visibility" - } + "SingleMetricVisibility": {}, + "ToggleButtonsVisibility": {} }, "type": "object" }, "PivotTablePaginatedReportOptions": { "additionalProperties": false, "properties": { - "OverflowColumnHeaderVisibility": { - "$ref": "#/definitions/Visibility" - }, - "VerticalOverflowVisibility": { - "$ref": "#/definitions/Visibility" - } + "OverflowColumnHeaderVisibility": {}, + "VerticalOverflowVisibility": {} }, "type": "object" }, @@ -7341,9 +7918,7 @@ "minLength": 1, "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -7432,6 +8007,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -7470,15 +8050,166 @@ "TotalCellStyle": { "$ref": "#/definitions/TableCellStyle" }, - "TotalsVisibility": { - "$ref": "#/definitions/Visibility" - }, + "TotalsVisibility": {}, "ValueCellStyle": { "$ref": "#/definitions/TableCellStyle" } }, "type": "object" }, + "PluginVisual": { + "additionalProperties": false, + "properties": { + "ChartConfiguration": { + "$ref": "#/definitions/PluginVisualConfiguration" + }, + "PluginArn": { + "type": "string" + }, + "Subtitle": { + "$ref": "#/definitions/VisualSubtitleLabelOptions" + }, + "Title": { + "$ref": "#/definitions/VisualTitleLabelOptions" + }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "VisualId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "PluginArn", + "VisualId" + ], + "type": "object" + }, + "PluginVisualAxisName": { + "enum": [ + "GROUP_BY", + "VALUE" + ], + "type": "string" + }, + "PluginVisualConfiguration": { + "additionalProperties": false, + "properties": { + "FieldWells": { + "items": { + "$ref": "#/definitions/PluginVisualFieldWell" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "SortConfiguration": { + "$ref": "#/definitions/PluginVisualSortConfiguration" + }, + "VisualOptions": { + "$ref": "#/definitions/PluginVisualOptions" + } + }, + "type": "object" + }, + "PluginVisualFieldWell": { + "additionalProperties": false, + "properties": { + "AxisName": { + "$ref": "#/definitions/PluginVisualAxisName" + }, + "Dimensions": { + "items": { + "$ref": "#/definitions/DimensionField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Measures": { + "items": { + "$ref": "#/definitions/MeasureField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + }, + "Unaggregated": { + "items": { + "$ref": "#/definitions/UnaggregatedField" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, + "PluginVisualItemsLimitConfiguration": { + "additionalProperties": false, + "properties": { + "ItemsLimit": { + "default": null, + "type": "number" + } + }, + "type": "object" + }, + "PluginVisualOptions": { + "additionalProperties": false, + "properties": { + "VisualProperties": { + "items": { + "$ref": "#/definitions/PluginVisualProperty" + }, + "type": "array" + } + }, + "type": "object" + }, + "PluginVisualProperty": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "PluginVisualSortConfiguration": { + "additionalProperties": false, + "properties": { + "PluginVisualTableQuerySort": { + "$ref": "#/definitions/PluginVisualTableQuerySort" + } + }, + "type": "object" + }, + "PluginVisualTableQuerySort": { + "additionalProperties": false, + "properties": { + "ItemsLimitConfiguration": { + "$ref": "#/definitions/PluginVisualItemsLimitConfiguration" + }, + "RowSort": { + "items": { + "$ref": "#/definitions/FieldSortOptions" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "type": "object" + }, "PredefinedHierarchy": { "additionalProperties": false, "properties": { @@ -7521,8 +8252,22 @@ "ProgressBarOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" + "Visibility": {} + }, + "type": "object" + }, + "QueryExecutionMode": { + "enum": [ + "AUTO", + "MANUAL" + ], + "type": "string" + }, + "QueryExecutionOptions": { + "additionalProperties": false, + "properties": { + "QueryExecutionMode": { + "$ref": "#/definitions/QueryExecutionMode" } }, "type": "object" @@ -7560,9 +8305,7 @@ "RadarChartAreaStyleSettings": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -7577,9 +8320,7 @@ "RadarChartConfiguration": { "additionalProperties": false, "properties": { - "AlternateBandColorsVisibility": { - "$ref": "#/definitions/Visibility" - }, + "AlternateBandColorsVisibility": {}, "AlternateBandEvenColor": { "pattern": "^#[A-F0-9]{6}$", "type": "string" @@ -7609,6 +8350,9 @@ "FieldWells": { "$ref": "#/definitions/RadarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -7710,6 +8454,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -7725,9 +8474,7 @@ "RangeEndsLabelType": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -8137,6 +8884,9 @@ "FieldWells": { "$ref": "#/definitions/SankeyDiagramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/SankeyDiagramSortConfiguration" } @@ -8192,6 +8942,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -8259,9 +9014,15 @@ "FieldWells": { "$ref": "#/definitions/ScatterPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, + "SortConfiguration": { + "$ref": "#/definitions/ScatterPlotSortConfiguration" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -8295,6 +9056,15 @@ }, "type": "object" }, + "ScatterPlotSortConfiguration": { + "additionalProperties": false, + "properties": { + "ScatterPlotLimitConfiguration": { + "$ref": "#/definitions/ItemsLimitConfiguration" + } + }, + "type": "object" + }, "ScatterPlotUnaggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -8369,6 +9139,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -8384,9 +9159,7 @@ "ScrollBarOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - }, + "Visibility": {}, "VisibleRange": { "$ref": "#/definitions/VisibleRangeOptions" } @@ -8396,9 +9169,7 @@ "SecondaryValueOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -8633,9 +9404,7 @@ "minLength": 1, "type": "string" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -8693,6 +9462,14 @@ "minItems": 0, "type": "array" }, + "Images": { + "items": { + "$ref": "#/definitions/SheetImage" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, "Layouts": { "items": { "$ref": "#/definitions/Layout" @@ -8758,9 +9535,7 @@ "SheetElementConfigurationOverrides": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -8782,6 +9557,110 @@ ], "type": "object" }, + "SheetImage": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "$ref": "#/definitions/ImageCustomAction" + }, + "maxItems": 10, + "minItems": 0, + "type": "array" + }, + "ImageContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "Interactions": { + "$ref": "#/definitions/ImageInteractionOptions" + }, + "Scaling": { + "$ref": "#/definitions/SheetImageScalingConfiguration" + }, + "SheetImageId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "Source": { + "$ref": "#/definitions/SheetImageSource" + }, + "Tooltip": { + "$ref": "#/definitions/SheetImageTooltipConfiguration" + } + }, + "required": [ + "SheetImageId", + "Source" + ], + "type": "object" + }, + "SheetImageScalingConfiguration": { + "additionalProperties": false, + "properties": { + "ScalingType": { + "$ref": "#/definitions/SheetImageScalingType" + } + }, + "type": "object" + }, + "SheetImageScalingType": { + "enum": [ + "SCALE_TO_WIDTH", + "SCALE_TO_HEIGHT", + "SCALE_TO_CONTAINER", + "SCALE_NONE" + ], + "type": "string" + }, + "SheetImageSource": { + "additionalProperties": false, + "properties": { + "SheetImageStaticFileSource": { + "$ref": "#/definitions/SheetImageStaticFileSource" + } + }, + "type": "object" + }, + "SheetImageStaticFileSource": { + "additionalProperties": false, + "properties": { + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, + "SheetImageTooltipConfiguration": { + "additionalProperties": false, + "properties": { + "TooltipText": { + "$ref": "#/definitions/SheetImageTooltipText" + }, + "Visibility": {} + }, + "type": "object" + }, + "SheetImageTooltipText": { + "additionalProperties": false, + "properties": { + "PlainText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, "SheetTextBox": { "additionalProperties": false, "properties": { @@ -8891,6 +9770,21 @@ ], "type": "string" }, + "SingleAxisOptions": { + "additionalProperties": false, + "properties": { + "YAxisOptions": { + "$ref": "#/definitions/YAxisOptions" + } + }, + "type": "object" + }, + "SingleYAxisOption": { + "enum": [ + "PRIMARY_Y_AXIS" + ], + "type": "string" + }, "SliderControlDisplayOptions": { "additionalProperties": false, "properties": { @@ -8983,6 +9877,24 @@ }, "type": "object" }, + "SpatialStaticFile": { + "additionalProperties": false, + "properties": { + "Source": { + "$ref": "#/definitions/StaticFileSource" + }, + "StaticFileId": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + } + }, + "required": [ + "StaticFileId" + ], + "type": "object" + }, "SpecialValue": { "enum": [ "EMPTY", @@ -8991,6 +9903,62 @@ ], "type": "string" }, + "StaticFile": { + "additionalProperties": false, + "properties": { + "ImageStaticFile": { + "$ref": "#/definitions/ImageStaticFile" + }, + "SpatialStaticFile": { + "$ref": "#/definitions/SpatialStaticFile" + } + }, + "type": "object" + }, + "StaticFileS3SourceOptions": { + "additionalProperties": false, + "properties": { + "BucketName": { + "type": "string" + }, + "ObjectKey": { + "type": "string" + }, + "Region": { + "type": "string" + } + }, + "required": [ + "BucketName", + "ObjectKey", + "Region" + ], + "type": "object" + }, + "StaticFileSource": { + "additionalProperties": false, + "properties": { + "S3Options": { + "$ref": "#/definitions/StaticFileS3SourceOptions" + }, + "UrlOptions": { + "$ref": "#/definitions/StaticFileUrlSourceOptions" + } + }, + "type": "object" + }, + "StaticFileUrlSourceOptions": { + "additionalProperties": false, + "properties": { + "Url": { + "type": "string" + } + }, + "required": [ + "Url" + ], + "type": "object" + }, "StringDefaultValues": { "additionalProperties": false, "properties": { @@ -9104,9 +10072,7 @@ "TotalCellStyle": { "$ref": "#/definitions/TableCellStyle" }, - "TotalsVisibility": { - "$ref": "#/definitions/Visibility" - }, + "TotalsVisibility": {}, "ValueCellStyle": { "$ref": "#/definitions/TableCellStyle" } @@ -9221,9 +10187,7 @@ "VerticalTextAlignment": { "$ref": "#/definitions/VerticalTextAlignment" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -9262,6 +10226,9 @@ "FieldWells": { "$ref": "#/definitions/TableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/TablePaginatedReportOptions" }, @@ -9368,9 +10335,7 @@ "URLStyling": { "$ref": "#/definitions/TableFieldURLConfiguration" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - }, + "Visibility": {}, "Width": { "description": "String based length that is composed of value and unit in px", "type": "string" @@ -9404,6 +10369,14 @@ "maxItems": 100, "minItems": 0, "type": "array" + }, + "TransposedTableOptions": { + "items": { + "$ref": "#/definitions/TransposedTableOption" + }, + "maxItems": 10001, + "minItems": 0, + "type": "array" } }, "type": "object" @@ -9469,12 +10442,8 @@ "TablePaginatedReportOptions": { "additionalProperties": false, "properties": { - "OverflowColumnHeaderVisibility": { - "$ref": "#/definitions/Visibility" - }, - "VerticalOverflowVisibility": { - "$ref": "#/definitions/Visibility" - } + "OverflowColumnHeaderVisibility": {}, + "VerticalOverflowVisibility": {} }, "type": "object" }, @@ -9611,6 +10580,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -9844,6 +10818,9 @@ "minItems": 0, "type": "array" }, + "QueryExecutionOptions": { + "$ref": "#/definitions/QueryExecutionOptions" + }, "Sheets": { "items": { "$ref": "#/definitions/SheetDefinition" @@ -9891,9 +10868,7 @@ "TextControlPlaceholderOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -9922,12 +10897,13 @@ "ThousandSeparatorOptions": { "additionalProperties": false, "properties": { + "GroupingStyle": { + "$ref": "#/definitions/DigitGroupingStyle" + }, "Symbol": { "$ref": "#/definitions/NumericSeparatorSymbol" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -10129,12 +11105,18 @@ "SelectedTooltipType": { "$ref": "#/definitions/SelectedTooltipType" }, - "TooltipVisibility": { - "$ref": "#/definitions/Visibility" - } + "TooltipVisibility": {} }, "type": "object" }, + "TooltipTarget": { + "enum": [ + "BOTH", + "BAR", + "LINE" + ], + "type": "string" + }, "TooltipTitleType": { "enum": [ "NONE", @@ -10345,10 +11327,36 @@ "TotalCellStyle": { "$ref": "#/definitions/TableCellStyle" }, - "TotalsVisibility": { - "$ref": "#/definitions/Visibility" + "TotalsVisibility": {} + }, + "type": "object" + }, + "TransposedColumnType": { + "enum": [ + "ROW_HEADER_COLUMN", + "VALUE_COLUMN" + ], + "type": "string" + }, + "TransposedTableOption": { + "additionalProperties": false, + "properties": { + "ColumnIndex": { + "maximum": 9999, + "minimum": 0, + "type": "number" + }, + "ColumnType": { + "$ref": "#/definitions/TransposedColumnType" + }, + "ColumnWidth": { + "description": "String based length that is composed of value and unit in px", + "type": "string" } }, + "required": [ + "ColumnType" + ], "type": "object" }, "TreeMapAggregatedFieldWells": { @@ -10399,6 +11407,9 @@ "GroupLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -10468,6 +11479,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -10483,9 +11499,7 @@ "TrendArrowOptions": { "additionalProperties": false, "properties": { - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -10642,6 +11656,9 @@ "PivotTableVisual": { "$ref": "#/definitions/PivotTableVisual" }, + "PluginVisual": { + "$ref": "#/definitions/PluginVisual" + }, "RadarChartVisual": { "$ref": "#/definitions/RadarChartVisual" }, @@ -10728,6 +11745,27 @@ ], "type": "string" }, + "VisualInteractionOptions": { + "additionalProperties": false, + "properties": { + "ContextMenuOption": { + "$ref": "#/definitions/ContextMenuOption" + }, + "VisualMenuOption": { + "$ref": "#/definitions/VisualMenuOption" + } + }, + "type": "object" + }, + "VisualMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "VisualPalette": { "additionalProperties": false, "properties": { @@ -10752,9 +11790,7 @@ "FormatText": { "$ref": "#/definitions/LongFormatText" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -10764,9 +11800,7 @@ "FormatText": { "$ref": "#/definitions/ShortFormatText" }, - "Visibility": { - "$ref": "#/definitions/Visibility" - } + "Visibility": {} }, "type": "object" }, @@ -10827,6 +11861,9 @@ "FieldWells": { "$ref": "#/definitions/WaterfallChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -10929,6 +11966,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -11020,6 +12062,9 @@ "FieldWells": { "$ref": "#/definitions/WordCloudFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/WordCloudSortConfiguration" }, @@ -11116,6 +12161,11 @@ "Title": { "$ref": "#/definitions/VisualTitleLabelOptions" }, + "VisualContentAltText": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, "VisualId": { "maxLength": 512, "minLength": 1, @@ -11157,6 +12207,18 @@ "NORMAL" ], "type": "string" + }, + "YAxisOptions": { + "additionalProperties": false, + "properties": { + "YAxis": { + "$ref": "#/definitions/SingleYAxisOption" + } + }, + "required": [ + "YAxis" + ], + "type": "object" } }, "description": "Definition of the AWS::QuickSight::Template Resource Type.", @@ -11294,6 +12356,18 @@ "TemplateId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::Template", "writeOnlyProperties": [ "/properties/Definition", diff --git a/src/schema/aws-quicksight-theme.json b/src/schema/aws-quicksight-theme.json index 2df86839..8f35348e 100644 --- a/src/schema/aws-quicksight-theme.json +++ b/src/schema/aws-quicksight-theme.json @@ -517,10 +517,17 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", - "typeName": "AWS::QuickSight::Theme", - "writeOnlyProperties": [ - "/properties/BaseThemeId", - "/properties/Configuration", - "/properties/VersionDescription" - ] + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::QuickSight::Theme" } diff --git a/src/schema/aws-quicksight-topic.json b/src/schema/aws-quicksight-topic.json index 0f76d13a..3b91c330 100644 --- a/src/schema/aws-quicksight-topic.json +++ b/src/schema/aws-quicksight-topic.json @@ -2,6 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/AwsAccountId", + "/properties/FolderArns", "/properties/TopicId" ], "definitions": { @@ -390,7 +391,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -684,6 +687,16 @@ ], "type": "object" }, + "TopicConfigOptions": { + "additionalProperties": false, + "description": "Model for configuration of a Topic", + "properties": { + "QBusinessInsightsEnabled": { + "type": "boolean" + } + }, + "type": "object" + }, "TopicDateRangeFilter": { "additionalProperties": false, "properties": { @@ -700,6 +713,9 @@ "TopicDetails": { "additionalProperties": false, "properties": { + "ConfigOptions": { + "$ref": "#/definitions/TopicConfigOptions" + }, "DataSets": { "items": { "$ref": "#/definitions/DatasetMetadata" @@ -983,6 +999,9 @@ "pattern": "^[0-9]{12}$", "type": "string" }, + "ConfigOptions": { + "$ref": "#/definitions/TopicConfigOptions" + }, "DataSets": { "items": { "$ref": "#/definitions/DatasetMetadata" @@ -994,6 +1013,14 @@ "minLength": 0, "type": "string" }, + "FolderArns": { + "items": { + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, "Name": { "maxLength": 128, "minLength": 1, @@ -1018,5 +1045,8 @@ "tagUpdatable": false, "taggable": false }, - "typeName": "AWS::QuickSight::Topic" + "typeName": "AWS::QuickSight::Topic", + "writeOnlyProperties": [ + "/properties/FolderArns" + ] } diff --git a/src/schema/aws-quicksight-vpcconnection.json b/src/schema/aws-quicksight-vpcconnection.json index 2e0f38b0..b5dc4874 100644 --- a/src/schema/aws-quicksight-vpcconnection.json +++ b/src/schema/aws-quicksight-vpcconnection.json @@ -249,6 +249,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ram-permission.json b/src/schema/aws-ram-permission.json index c6126c83..9c9dfa33 100644 --- a/src/schema/aws-ram-permission.json +++ b/src/schema/aws-ram-permission.json @@ -121,7 +121,12 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ram", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ram:TagResource", + "ram:UntagResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/src/schema/aws-ram-resourceshare.json b/src/schema/aws-ram-resourceshare.json index 1f3070f8..996c93e2 100644 --- a/src/schema/aws-ram-resourceshare.json +++ b/src/schema/aws-ram-resourceshare.json @@ -3,80 +3,143 @@ "definitions": { "Tag": { "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::RAM::ResourceShare", + "description": "Resource type definition for AWS::RAM::ResourceShare", + "handlers": { + "create": { + "permissions": [ + "ram:CreateResourceShare", + "ram:TagResource" + ] + }, + "delete": { + "permissions": [ + "ram:DeleteResourceShare", + "ram:GetResourceShares" + ] + }, + "list": { + "permissions": [ + "ram:GetResourceShares" + ] + }, + "read": { + "permissions": [ + "ram:GetResourceShares" + ] + }, + "update": { + "permissions": [ + "ram:GetPermission", + "ram:GetResourceShares", + "ram:GetResourceShareAssociations", + "ram:ListResourceSharePermissions", + "ram:UpdateResourceShare", + "ram:AssociateResourceSharePermission", + "ram:AssociateResourceShare", + "ram:DisassociateResourceShare", + "ram:UntagResource", + "ram:TagResource" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Arn" ], "properties": { "AllowExternalPrincipals": { + "description": "Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. A value of `true` lets you share with individual AWS accounts that are not in your organization. A value of `false` only has meaning if your account is a member of an AWS Organization. The default value is `true`.", "type": "boolean" }, "Arn": { "type": "string" }, - "Id": { - "type": "string" - }, "Name": { + "description": "Specifies the name of the resource share.", "type": "string" }, "PermissionArns": { + "description": "Specifies the [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.", + "insertionOrder": false, "items": { "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "Principals": { + "description": "Specifies the principals to associate with the resource share. The possible values are:\n\n- An AWS account ID\n\n- An Amazon Resource Name (ARN) of an organization in AWS Organizations\n\n- An ARN of an organizational unit (OU) in AWS Organizations\n\n- An ARN of an IAM role\n\n- An ARN of an IAM user", + "insertionOrder": false, "items": { "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "ResourceArns": { + "description": "Specifies a list of one or more ARNs of the resources to associate with the resource share.", + "insertionOrder": false, "items": { "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "Sources": { + "description": "Specifies from which source accounts the service principal has access to the resources in this resource share.", + "insertionOrder": false, "items": { "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "Tags": { + "description": "Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.", + "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" }, "type": "array", - "uniqueItems": false + "uniqueItems": true } }, "readOnlyProperties": [ - "/properties/Id", "/properties/Arn" ], "required": [ "Name" ], - "typeName": "AWS::RAM::ResourceShare" + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ram", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ram:TagResource", + "ram:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::RAM::ResourceShare", + "writeOnlyProperties": [ + "/properties/PermissionArns", + "/properties/Principals", + "/properties/ResourceArns", + "/properties/Sources" + ] } diff --git a/src/schema/aws-rbin-rule.json b/src/schema/aws-rbin-rule.json new file mode 100644 index 00000000..d7d94ed8 --- /dev/null +++ b/src/schema/aws-rbin-rule.json @@ -0,0 +1,271 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/Identifier" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ResourceType" + ], + "definitions": { + "ResourceTag": { + "additionalProperties": false, + "description": "The resource tag of the rule.", + "properties": { + "ResourceTagKey": { + "description": "The tag key of the resource.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "ResourceTagValue": { + "description": "The tag value of the resource", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "ResourceTagKey", + "ResourceTagValue" + ], + "type": "object" + }, + "RetentionPeriod": { + "additionalProperties": false, + "description": "The retention period of the rule.", + "properties": { + "RetentionPeriodUnit": { + "description": "The retention period unit of the rule", + "enum": [ + "DAYS" + ], + "type": "string" + }, + "RetentionPeriodValue": { + "description": "The retention period value of the rule.", + "maximum": 3650, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "RetentionPeriodValue", + "RetentionPeriodUnit" + ], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "Metadata of a retention rule, consisting of a key-value pair.", + "properties": { + "Key": { + "description": "A unique identifier for the tag.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "String which you can use to describe or define the tag.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "UnlockDelay": { + "additionalProperties": false, + "properties": { + "UnlockDelayUnit": { + "description": "The unit of time in which to measure the unlock delay. Currently, the unlock delay can be measure only in days.", + "enum": [ + "DAYS" + ], + "type": "string" + }, + "UnlockDelayValue": { + "description": "The unlock delay period, measured in the unit specified for UnlockDelayUnit.", + "maximum": 30, + "minimum": 7, + "type": "integer" + } + }, + "type": "object" + } + }, + "description": "Resource Type definition for AWS::Rbin::Rule", + "handlers": { + "create": { + "permissions": [ + "rbin:CreateRule", + "rbin:GetRule", + "rbin:LockRule", + "rbin:TagResource", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "rbin:GetRule", + "rbin:DeleteRule", + "iam:PassRole" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ExcludeResourceTags": { + "$ref": "resource-schema.json#/properties/ExcludeResourceTags" + }, + "LockState": { + "$ref": "resource-schema.json#/properties/LockState" + }, + "ResourceTags": { + "$ref": "resource-schema.json#/properties/ResourceTags" + }, + "ResourceType": { + "$ref": "resource-schema.json#/properties/ResourceType" + } + }, + "required": [ + "ResourceType" + ] + }, + "permissions": [ + "rbin:ListRules", + "rbin:ListTagsForResource", + "iam:PassRole" + ] + }, + "read": { + "permissions": [ + "rbin:GetRule", + "rbin:ListTagsForResource", + "iam:PassRole" + ] + }, + "update": { + "permissions": [ + "rbin:GetRule", + "rbin:UpdateRule", + "rbin:LockRule", + "rbin:UnlockRule", + "rbin:TagResource", + "rbin:UntagResource", + "rbin:ListTagsForResource", + "iam:PassRole" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "description": "Rule Arn is unique for each rule.", + "maxLength": 1011, + "minLength": 0, + "type": "string" + }, + "Description": { + "description": "The description of the retention rule.", + "maxLength": 255, + "type": "string" + }, + "ExcludeResourceTags": { + "description": "Information about the exclude resource tags used to identify resources that are excluded by the retention rule.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ResourceTag" + }, + "maxItems": 5, + "type": "array", + "uniqueItems": true + }, + "Identifier": { + "description": "The unique ID of the retention rule.", + "pattern": "[0-9a-zA-Z]{11}", + "type": "string" + }, + "LockConfiguration": { + "$ref": "#/definitions/UnlockDelay", + "description": "Information about the retention rule lock configuration." + }, + "LockState": { + "description": "The lock state for the retention rule.", + "pattern": "locked|pending_unlock|unlocked", + "type": "string" + }, + "ResourceTags": { + "description": "Information about the resource tags used to identify resources that are retained by the retention rule.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ResourceTag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + }, + "ResourceType": { + "description": "The resource type retained by the retention rule.", + "enum": [ + "EBS_SNAPSHOT", + "EC2_IMAGE" + ], + "type": "string" + }, + "RetentionPeriod": { + "$ref": "#/definitions/RetentionPeriod", + "description": "Information about the retention period for which the retention rule is to retain resources." + }, + "Status": { + "description": "The state of the retention rule. Only retention rules that are in the available state retain resources.", + "pattern": "pending|available", + "type": "string" + }, + "Tags": { + "description": "Information about the tags assigned to the retention rule.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Identifier", + "/properties/LockState" + ], + "required": [ + "RetentionPeriod", + "ResourceType" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rbin", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rbin:TagResource", + "rbin:UntagResource", + "rbin:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Rbin::Rule", + "writeOnlyProperties": [ + "/properties/LockConfiguration", + "/properties/LockConfiguration/UnlockDelayValue", + "/properties/LockConfiguration/UnlockDelayUnit" + ] +} diff --git a/src/schema/aws-rds-customdbengineversion.json b/src/schema/aws-rds-customdbengineversion.json index de618cff..7517460e 100644 --- a/src/schema/aws-rds-customdbengineversion.json +++ b/src/schema/aws-rds-customdbengineversion.json @@ -14,16 +14,16 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "A key-value pair to associate with a resource.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { - "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", "maxLength": 128, "minLength": 1, "type": "string" }, "Value": { - "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "description": "A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", "maxLength": 256, "minLength": 0, "type": "string" @@ -35,7 +35,7 @@ "type": "object" } }, - "description": "The AWS::RDS::CustomDBEngineVersion resource creates an Amazon RDS custom DB engine version.", + "description": "Creates a custom DB engine version (CEV).", "handlers": { "create": { "permissions": [ @@ -96,17 +96,17 @@ ], "properties": { "DBEngineVersionArn": { - "description": "The ARN of the custom engine version.", + "description": "", "type": "string" }, "DatabaseInstallationFilesS3BucketName": { - "description": "The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is `my-custom-installation-files`.", + "description": "The name of an Amazon S3 bucket that contains database installation files for your CEV. For example, a valid bucket name is ``my-custom-installation-files``.", "maxLength": 63, "minLength": 3, "type": "string" }, "DatabaseInstallationFilesS3Prefix": { - "description": "The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is `123456789012/cev1`. If this setting isn't specified, no prefix is assumed.", + "description": "The Amazon S3 directory that contains the database installation files for your CEV. For example, a valid bucket name is ``123456789012/cev1``. If this setting isn't specified, no prefix is assumed.", "maxLength": 255, "minLength": 1, "type": "string" @@ -118,40 +118,40 @@ "type": "string" }, "Engine": { - "description": "The database engine to use for your custom engine version (CEV). The only supported value is `custom-oracle-ee`.", + "description": "The database engine to use for your custom engine version (CEV).\n Valid values:\n + ``custom-oracle-ee`` \n + ``custom-oracle-ee-cdb``", "maxLength": 35, "minLength": 1, "type": "string" }, "EngineVersion": { - "description": "The name of your CEV. The name format is 19.customized_string . For example, a valid name is 19.my_cev1. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of Engine and EngineVersion is unique per customer per Region.", + "description": "The name of your CEV. The name format is ``major version.customized_string``. For example, a valid CEV name is ``19.my_cev1``. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of ``Engine`` and ``EngineVersion`` is unique per customer per Region.\n *Constraints:* Minimum length is 1. Maximum length is 60.\n *Pattern:* ``^[a-z0-9_.-]{1,60$``}", "maxLength": 60, "minLength": 1, "type": "string" }, "ImageId": { - "description": "The identifier of Amazon Machine Image (AMI) used for CEV.", + "description": "A value that indicates the ID of the AMI.", "type": "string" }, "KMSKeyId": { - "description": "The AWS KMS key identifier for an encrypted CEV. A symmetric KMS key is required for RDS Custom, but optional for Amazon RDS.", + "description": "The AWS KMS key identifier for an encrypted CEV. A symmetric encryption KMS key is required for RDS Custom, but optional for Amazon RDS.\n If you have an existing symmetric encryption KMS key in your account, you can use it with RDS Custom. No further action is necessary. If you don't already have a symmetric encryption KMS key in your account, follow the instructions in [Creating a symmetric encryption KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) in the *Key Management Service Developer Guide*.\n You can choose the same symmetric encryption key when you create a CEV and a DB instance, or choose different keys.", "maxLength": 2048, "minLength": 1, "type": "string" }, "Manifest": { - "description": "The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed.", + "description": "The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed.\n The following JSON fields are valid:\n + MediaImportTemplateVersion Version of the CEV manifest. The date is in the format YYYY-MM-DD. + databaseInstallationFileNames Ordered list of installation files for the CEV. + opatchFileNames Ordered list of OPatch installers used for the Oracle DB engine. + psuRuPatchFileNames The PSU and RU patches for this CEV. + OtherPatchFileNames The patches that are not in the list of PSU and RU patches. Amazon RDS applies these patches after applying the PSU and RU patches. \n For more information, see [Creating the CEV manifest](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest) in the *Amazon RDS User Guide*.", "maxLength": 51000, "minLength": 1, "type": "string" }, "SourceCustomDbEngineVersionIdentifier": { - "description": "The identifier of the source custom engine version.", + "description": "The ARN of a CEV to use as a source for creating a new CEV. You can specify a different Amazon Machine Imagine (AMI) by using either ``Source`` or ``UseAwsProvidedLatestImage``. You can't specify a different JSON manifest when you specify ``SourceCustomDbEngineVersionIdentifier``.", "type": "string" }, "Status": { "default": "available", - "description": "The availability status to be assigned to the CEV.", + "description": "A value that indicates the status of a custom engine version (CEV).", "enum": [ "available", "inactive", @@ -160,7 +160,7 @@ "type": "string" }, "Tags": { - "description": "An array of key-value pairs to apply to this resource.", + "description": "A list of tags. For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide.*", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -169,14 +169,14 @@ "uniqueItems": false }, "UseAwsProvidedLatestImage": { - "description": "A value that indicates whether AWS provided latest image is applied automatically to the Custom Engine Version. By default, AWS provided latest image is applied automatically. This value is only applied on create.", + "description": "Specifies whether to use the latest service-provided Amazon Machine Image (AMI) for the CEV. If you specify ``UseAwsProvidedLatestImage``, you can't also specify ``ImageId``.", "type": "boolean" } }, "propertyTransform": { "/properties/Engine": "$lowercase(Engine)", "/properties/EngineVersion": "$lowercase(EngineVersion)", - "/properties/KMSKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KMSKeyId])" + "/properties/KMSKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", KMSKeyId])" }, "readOnlyProperties": [ "/properties/DBEngineVersionArn" @@ -187,6 +187,14 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::RDS::CustomDBEngineVersion", diff --git a/src/schema/aws-rds-dbcluster.json b/src/schema/aws-rds-dbcluster.json index c34277cd..2bd3711f 100644 --- a/src/schema/aws-rds-dbcluster.json +++ b/src/schema/aws-rds-dbcluster.json @@ -7,6 +7,7 @@ ], "createOnlyProperties": [ "/properties/AvailabilityZones", + "/properties/ClusterScalabilityType", "/properties/DBClusterIdentifier", "/properties/DBSubnetGroupName", "/properties/DBSystemId", @@ -122,15 +123,19 @@ "type": "number" }, "MinCapacity": { - "description": "The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5.", + "description": "The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. For Aurora versions that support the Aurora Serverless v2 auto-pause feature, the smallest value that you can use is 0. For versions that don't support Aurora Serverless v2 auto-pause, the smallest value that you can use is 0.5.", "type": "number" + }, + "SecondsUntilAutoPause": { + "description": "Specifies the number of seconds an Aurora Serverless v2 DB instance must be idle before Aurora attempts to automatically pause it. \n Specify a value between 300 seconds (five minutes) and 86,400 seconds (one day). The default is 300 seconds.", + "type": "integer" } }, "type": "object" }, "Tag": { "additionalProperties": false, - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", @@ -151,7 +156,7 @@ "type": "object" } }, - "description": "The ``AWS::RDS::DBCluster`` resource creates an Amazon Aurora DB cluster or Multi-AZ DB cluster.\n For more information about creating an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*.\n For more information about creating a Multi-AZ DB cluster, see [Creating a Multi-AZ DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html) in the *Amazon RDS User Guide*.\n You can only create this resource in AWS Regions where Amazon Aurora or Multi-AZ DB clusters are supported.\n *Updating DB clusters* \n When properties labeled \"*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)\" are updated, AWS CloudFormation first creates a replacement DB cluster, then changes references from other dependent resources to point to the replacement DB cluster, and finally deletes the old DB cluster.\n We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB cluster. To preserve your data, perform the following procedure:\n 1. Deactivate any applications that are using the DB cluster so that there's no activity on the DB instance.\n 1. Create a snapshot of the DB cluster. For more information, see [Creating a DB Cluster Snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CreateSnapshotCluster.html).\n 1. If you want to restore your DB cluster using a DB cluster snapshot, modify the updated template with your DB cluster changes and add the ``SnapshotIdentifier`` property with the ID of the DB cluster snapshot that you want to use.\n After you restore a DB cluster with a ``SnapshotIdentifier`` property, you must specify the same ``SnapshotIdentifier`` property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the DB cluster snapshot again, and the data in the database is not changed. However, if you don't specify the ``SnapshotIdentifier`` property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specified ``SnapshotIdentifier`` property, and the original DB cluster is deleted.\n 1. Update the stack.\n \n Currently, when you are updating the stack for an Aurora Serverless DB cluster, you can't include changes to any other properties when you specify one of the following properties: ``PreferredBackupWindow``, ``PreferredMaintenanceWindow``, and ``Port``. This limitation doesn't apply to provisioned DB clusters.\n For more information about updating other properties of this resource, see ``ModifyDBCluster``. For more information about updating stacks, see [CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html).\n *Deleting DB clusters* \n The default ``DeletionPolicy`` for ``AWS::RDS::DBCluster`` resources is ``Snapshot``. For more information about how AWS CloudFormation deletes resources, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).", + "description": "The ``AWS::RDS::DBCluster`` resource creates an Amazon Aurora DB cluster or Multi-AZ DB cluster.\n For more information about creating an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*.\n For more information about creating a Multi-AZ DB cluster, see [Creating a Multi-AZ DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html) in the *Amazon RDS User Guide*.\n You can only create this resource in AWS Regions where Amazon Aurora or Multi-AZ DB clusters are supported.\n *Updating DB clusters* \n When properties labeled \"*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)\" are updated, AWS CloudFormation first creates a replacement DB cluster, then changes references from other dependent resources to point to the replacement DB cluster, and finally deletes the old DB cluster.\n We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB cluster. To preserve your data, perform the following procedure:\n 1. Deactivate any applications that are using the DB cluster so that there's no activity on the DB instance.\n 1. Create a snapshot of the DB cluster. For more information, see [Creating a DB cluster snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CreateSnapshotCluster.html).\n 1. If you want to restore your DB cluster using a DB cluster snapshot, modify the updated template with your DB cluster changes and add the ``SnapshotIdentifier`` property with the ID of the DB cluster snapshot that you want to use.\n After you restore a DB cluster with a ``SnapshotIdentifier`` property, you must specify the same ``SnapshotIdentifier`` property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the DB cluster snapshot again, and the data in the database is not changed. However, if you don't specify the ``SnapshotIdentifier`` property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specified ``SnapshotIdentifier`` property, and the original DB cluster is deleted.\n 1. Update the stack.\n \n Currently, when you are updating the stack for an Aurora Serverless DB cluster, you can't include changes to any other properties when you specify one of the following properties: ``PreferredBackupWindow``, ``PreferredMaintenanceWindow``, and ``Port``. This limitation doesn't apply to provisioned DB clusters.\n For more information about updating other properties of this resource, see ``ModifyDBCluster``. For more information about updating stacks, see [CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html).\n *Deleting DB clusters* \n The default ``DeletionPolicy`` for ``AWS::RDS::DBCluster`` resources is ``Snapshot``. For more information about how AWS CloudFormation deletes resources, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).", "handlers": { "create": { "permissions": [ @@ -235,7 +240,7 @@ "uniqueItems": true }, "AutoMinorVersionUpgrade": { - "description": "Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.\n Valid for Cluster Type: Multi-AZ DB clusters only", + "description": "Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster", "type": "boolean" }, "AvailabilityZones": { @@ -247,7 +252,7 @@ "uniqueItems": true }, "BacktrackWindow": { - "description": "The target backtrack window, in seconds. To disable backtracking, set this value to 0. \n Currently, Backtrack is only supported for Aurora MySQL DB clusters.\n Default: 0\n Constraints:\n + If specified, this value must be set to a number from 0 to 259,200 (72 hours).\n \n Valid for: Aurora MySQL DB clusters only", + "description": "The target backtrack window, in seconds. To disable backtracking, set this value to ``0``.\n Valid for Cluster Type: Aurora MySQL DB clusters only\n Default: ``0`` \n Constraints:\n + If specified, this value must be set to a number from 0 to 259,200 (72 hours).", "minimum": 0, "type": "integer" }, @@ -257,6 +262,10 @@ "minimum": 1, "type": "integer" }, + "ClusterScalabilityType": { + "description": "Specifies the scalability mode of the Aurora DB cluster. When set to ``limitless``, the cluster operates as an Aurora Limitless Database, allowing you to create a DB shard group for horizontal scaling (sharding) capabilities. When set to ``standard`` (the default), the cluster uses normal DB instance creation.", + "type": "string" + }, "CopyTagsToSnapshot": { "description": "A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", "type": "boolean" @@ -277,7 +286,6 @@ "type": "string" }, "DBClusterParameterGroupName": { - "default": "default.aurora5.6", "description": "The name of the DB cluster parameter group to associate with this DB cluster.\n If you apply a parameter group to an existing DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting.\n If you apply a change to parameter group associated with a stopped DB cluster, then the update stack waits until the DB cluster is started.\n To list all of the available DB cluster parameter group names, use the following command:\n ``aws rds describe-db-cluster-parameter-groups --query \"DBClusterParameterGroups[].DBClusterParameterGroupName\" --output text`` \n Valid for: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" }, @@ -297,6 +305,10 @@ "description": "Reserved for future use.", "type": "string" }, + "DatabaseInsightsMode": { + "description": "The mode of Database Insights to enable for the DB cluster.\n If you set this value to ``advanced``, you must also set the ``PerformanceInsightsEnabled`` parameter to ``true`` and the ``PerformanceInsightsRetentionPeriod`` parameter to 465.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters", + "type": "string" + }, "DatabaseName": { "description": "The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see [Naming Constraints](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon Aurora User Guide*. \n Valid for: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" @@ -326,7 +338,7 @@ "type": "boolean" }, "EnableHttpEndpoint": { - "description": "Specifies whether to enable the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled.\n When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the DB cluster. You can also query your database from inside the RDS console with the RDS query editor.\n RDS Data API is supported with the following DB clusters:\n + Aurora PostgreSQL Serverless v2 and provisioned\n + Aurora PostgreSQL and Aurora MySQL Serverless v1\n \n For more information, see [Using RDS Data API](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) in the *Amazon Aurora User Guide*.\n Valid for Cluster Type: Aurora DB clusters only", + "description": "Specifies whether to enable the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled.\n When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the DB cluster. You can also query your database from inside the RDS console with the RDS query editor.\n For more information, see [Using RDS Data API](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) in the *Amazon Aurora User Guide*.\n Valid for Cluster Type: Aurora DB clusters only", "type": "boolean" }, "EnableIAMDatabaseAuthentication": { @@ -346,7 +358,7 @@ "type": "string" }, "EngineLifecycleSupport": { - "description": "The life cycle type for this DB cluster.\n By default, this value is set to ``open-source-rds-extended-support``, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled``. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date.\n You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:\n + Amazon Aurora (PostgreSQL only) - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) in the *Amazon Aurora User Guide* \n + Amazon RDS - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) in the *Amazon RDS User Guide* \n \n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` \n Default: ``open-source-rds-extended-support``", + "description": "The life cycle type for this DB cluster.\n By default, this value is set to ``open-source-rds-extended-support``, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled``. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date.\n You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:\n + Amazon Aurora - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) in the *Amazon Aurora User Guide* \n + Amazon RDS - [Using Amazon RDS Extended Support](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) in the *Amazon RDS User Guide* \n \n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` \n Default: ``open-source-rds-extended-support``", "type": "string" }, "EngineMode": { @@ -382,7 +394,7 @@ }, "MasterUserSecret": { "$ref": "#/definitions/MasterUserSecret", - "description": "The secret managed by RDS in AWS Secrets Manager for the master user password.\n For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.*" + "description": "The secret managed by RDS in AWS Secrets Manager for the master user password.\n When you restore a DB cluster from a snapshot, Amazon RDS generates a new secret instead of reusing the secret specified in the ``SecretArn`` property. This ensures that the restored DB cluster is securely managed with a dedicated secret. To maintain consistent integration with your application, you might need to update resource configurations to reference the newly created secret.\n For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.*" }, "MasterUsername": { "description": "The name of the master user for the DB cluster.\n If you specify the ``SourceDBClusterIdentifier``, ``SnapshotIdentifier``, or ``GlobalClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", @@ -391,12 +403,11 @@ "type": "string" }, "MonitoringInterval": { - "default": 0, - "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify ``0``.\n If ``MonitoringRoleArn`` is specified, also set ``MonitoringInterval`` to a value other than ``0``.\n Valid for Cluster Type: Multi-AZ DB clusters only\n Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` \n Default: ``0``", + "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify ``0``.\n If ``MonitoringRoleArn`` is specified, also set ``MonitoringInterval`` to a value other than ``0``.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` \n Default: ``0``", "type": "integer" }, "MonitoringRoleArn": { - "description": "The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting up and enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*.\n If ``MonitoringInterval`` is set to a value other than ``0``, supply a ``MonitoringRoleArn`` value.\n Valid for Cluster Type: Multi-AZ DB clusters only", + "description": "The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is ``arn:aws:iam:123456789012:role/emaccess``. For information on creating a monitoring role, see [Setting up and enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*.\n If ``MonitoringInterval`` is set to a value other than ``0``, supply a ``MonitoringRoleArn`` value.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" }, "NetworkType": { @@ -404,15 +415,15 @@ "type": "string" }, "PerformanceInsightsEnabled": { - "description": "Specifies whether to turn on Performance Insights for the DB cluster.\n For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*.\n Valid for Cluster Type: Multi-AZ DB clusters only", + "description": "Specifies whether to turn on Performance Insights for the DB cluster.\n For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters", "type": "boolean" }, "PerformanceInsightsKmsKeyId": { - "description": "The AWS KMS key identifier for encryption of Performance Insights data.\n The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.\n If you don't specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS-account. Your AWS-account has a different default KMS key for each AWS-Region.\n Valid for Cluster Type: Multi-AZ DB clusters only", + "description": "The AWS KMS key identifier for encryption of Performance Insights data.\n The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.\n If you don't specify a value for ``PerformanceInsightsKMSKeyId``, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS-account. Your AWS-account has a different default KMS key for each AWS-Region.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" }, "PerformanceInsightsRetentionPeriod": { - "description": "The number of days to retain Performance Insights data.\n Valid for Cluster Type: Multi-AZ DB clusters only\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS issues an error.", + "description": "The number of days to retain Performance Insights data. When creating a DB cluster without enabling Performance Insights, you can't specify the parameter ``PerformanceInsightsRetentionPeriod``.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS issues an error.", "type": "integer" }, "Port": { @@ -424,7 +435,7 @@ "type": "string" }, "PreferredMaintenanceWindow": { - "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Cluster Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) in the *Amazon Aurora User Guide.* \n Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.\n Constraints: Minimum 30-minute window.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", + "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Maintaining an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) in the *Amazon Aurora User Guide.* \n Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.\n Constraints: Minimum 30-minute window.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" }, "PubliclyAccessible": { @@ -433,7 +444,7 @@ }, "ReadEndpoint": { "$ref": "#/definitions/ReadEndpoint", - "description": "This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions:\n + ``CreateDBInstance`` \n + ``DescribeDBInstances`` \n + ``DeleteDBInstance`` \n \n For the data structure that represents Amazon Aurora DB cluster endpoints, see ``DBClusterEndpoint``." + "description": "" }, "ReplicationSourceIdentifier": { "description": "The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.\n Valid for: Aurora DB clusters only", @@ -444,8 +455,7 @@ "type": "string" }, "RestoreType": { - "default": "full-copy", - "description": "The type of restore to be performed. You can specify one of the following values:\n + ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster.\n + ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster.\n \n If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", + "description": "The type of restore to be performed. You can specify one of the following values:\n + ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster.\n + ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster.\n \n If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" }, "ScalingConfiguration": { @@ -481,7 +491,7 @@ "type": "string" }, "Tags": { - "description": "An optional array of key-value pairs to apply to this DB cluster.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", + "description": "Tags to assign to the DB cluster.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -507,13 +517,13 @@ "/properties/DBClusterIdentifier": "$lowercase(DBClusterIdentifier)", "/properties/DBClusterParameterGroupName": "$lowercase(DBClusterParameterGroupName)", "/properties/DBSubnetGroupName": "$lowercase(DBSubnetGroupName)", - "/properties/EnableHttpEndpoint": "$lowercase($string(EngineMode)) = 'serverless' ? EnableHttpEndpoint : ($lowercase($string(Engine)) = 'aurora-postgresql' ? EnableHttpEndpoint : false )", + "/properties/EnableHttpEndpoint": "$lowercase($string(EngineMode)) = 'serverless' ? EnableHttpEndpoint : ($lowercase($string(Engine)) in ['aurora-postgresql', 'aurora-mysql'] ? EnableHttpEndpoint : false )", "/properties/Engine": "$lowercase(Engine)", "/properties/EngineVersion": "$join([$string(EngineVersion), \".*\"])", - "/properties/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KmsKeyId])", - "/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", MasterUserSecret.KmsKeyId])", + "/properties/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", KmsKeyId])", + "/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", MasterUserSecret.KmsKeyId])", "/properties/NetworkType": "$lowercase(NetworkType)", - "/properties/PerformanceInsightsKmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", PerformanceInsightsKmsKeyId])", + "/properties/PerformanceInsightsKmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", PerformanceInsightsKmsKeyId])", "/properties/PreferredMaintenanceWindow": "$lowercase(PreferredMaintenanceWindow)", "/properties/SnapshotIdentifier": "$lowercase(SnapshotIdentifier)", "/properties/SourceDBClusterIdentifier": "$lowercase(SourceDBClusterIdentifier)", @@ -525,6 +535,7 @@ "/properties/Endpoint", "/properties/Endpoint/Address", "/properties/Endpoint/Port", + "/properties/ReadEndpoint", "/properties/ReadEndpoint/Address", "/properties/MasterUserSecret/SecretArn", "/properties/StorageThroughput" @@ -543,6 +554,7 @@ }, "typeName": "AWS::RDS::DBCluster", "writeOnlyProperties": [ + "/properties/ClusterScalabilityType", "/properties/DBInstanceParameterGroupName", "/properties/MasterUserPassword", "/properties/RestoreToTime", diff --git a/src/schema/aws-rds-dbclusterparametergroup.json b/src/schema/aws-rds-dbclusterparametergroup.json index 40031ca8..75cefe8f 100644 --- a/src/schema/aws-rds-dbclusterparametergroup.json +++ b/src/schema/aws-rds-dbclusterparametergroup.json @@ -8,7 +8,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", @@ -29,7 +29,7 @@ "type": "object" } }, - "description": "The ``AWS::RDS::DBClusterParameterGroup`` resource creates a new Amazon RDS DB cluster parameter group.\n For information about configuring parameters for Amazon Aurora DB clusters, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.\n If you apply a parameter group to a DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting.\n If you apply a change to parameter group associated with a stopped DB cluster, then the update stack waits until the DB cluster is started.", + "description": "The ``AWS::RDS::DBClusterParameterGroup`` resource creates a new Amazon RDS DB cluster parameter group.\n For information about configuring parameters for Amazon Aurora DB clusters, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.\n If you apply a parameter group to a DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting.\n If you apply a change to parameter group associated with a stopped DB cluster, then the updated stack waits until the DB cluster is started.", "handlers": { "create": { "permissions": [ @@ -84,16 +84,16 @@ ], "properties": { "DBClusterParameterGroupName": { - "description": "The name of the DB cluster parameter group.\n Constraints:\n + Must not match the name of an existing DB cluster parameter group.\n \n If you don't specify a value for ``DBClusterParameterGroupName`` property, a name is automatically created for the DB cluster parameter group.\n This value is stored as a lowercase string.", + "description": "The name of the DB cluster parameter group.\n Constraints:\n + Must not match the name of an existing DB cluster parameter group.\n \n This value is stored as a lowercase string.", "pattern": "^[a-zA-Z]{1}(?:-?[a-zA-Z0-9])*$", "type": "string" }, "Description": { - "description": "A friendly description for this DB cluster parameter group.", + "description": "The description for the DB cluster parameter group.", "type": "string" }, "Family": { - "description": "The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a DB engine and engine version compatible with that DB cluster parameter group family.\n The DB cluster parameter group family can't be changed when updating a DB cluster parameter group.\n To list all of the available parameter group families, use the following command:\n ``aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"`` \n The output contains duplicates.\n For more information, see ``CreateDBClusterParameterGroup``.", + "description": "The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.\n *Aurora MySQL* \n Example: ``aurora-mysql5.7``, ``aurora-mysql8.0`` \n *Aurora PostgreSQL* \n Example: ``aurora-postgresql14`` \n *RDS for MySQL* \n Example: ``mysql8.0`` \n *RDS for PostgreSQL* \n Example: ``postgres13`` \n To list all of the available parameter group families for a DB engine, use the following command:\n ``aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine `` \n For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:\n ``aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine aurora-postgresql`` \n The output contains duplicates.\n The following are the valid DB engine values:\n + ``aurora-mysql`` \n + ``aurora-postgresql`` \n + ``mysql`` \n + ``postgres``", "type": "string" }, "Parameters": { @@ -101,7 +101,7 @@ "type": "object" }, "Tags": { - "description": "An optional array of key-value pairs to apply to this DB cluster parameter group.", + "description": "Tags to assign to the DB cluster parameter group.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -119,5 +119,16 @@ "Parameters" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::RDS::DBClusterParameterGroup" } diff --git a/src/schema/aws-rds-dbinstance.json b/src/schema/aws-rds-dbinstance.json index 28c2cf18..005e539b 100644 --- a/src/schema/aws-rds-dbinstance.json +++ b/src/schema/aws-rds-dbinstance.json @@ -26,10 +26,10 @@ "/properties/DBInstanceIdentifier", "/properties/DBName", "/properties/DBSubnetGroupName", + "/properties/DBSystemId", "/properties/KmsKeyId", "/properties/MasterUsername", "/properties/NcharCharacterSetName", - "/properties/Port", "/properties/SourceRegion", "/properties/StorageEncrypted", "/properties/Timezone" @@ -125,7 +125,7 @@ }, "Tag": { "additionalProperties": false, - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", @@ -150,7 +150,7 @@ "/properties/TdeCredentialArn", "/properties/TdeCredentialPassword" ], - "description": "The ``AWS::RDS::DBInstance`` resource creates an Amazon DB instance. The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster.\n For more information about creating an RDS DB instance, see [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) in the *Amazon RDS User Guide*.\n For more information about creating a DB instance in an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*.\n If you import an existing DB instance, and the template configuration doesn't match the actual configuration of the DB instance, AWS CloudFormation applies the changes in the template during the import operation.\n If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an update that requires replacement, you can apply a stack policy to prevent DB instances from being replaced. For more information, see [Prevent Updates to Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html).\n *Updating DB instances* \n When properties labeled \"*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)\" are updated, AWS CloudFormation first creates a replacement DB instance, then changes references from other dependent resources to point to the replacement DB instance, and finally deletes the old DB instance.\n We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB instance. To preserve your data, perform the following procedure:\n 1. Deactivate any applications that are using the DB instance so that there's no activity on the DB instance.\n 1. Create a snapshot of the DB instance. For more information, see [Creating a DB Snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateSnapshot.html).\n 1. If you want to restore your instance using a DB snapshot, modify the updated template with your DB instance changes and add the ``DBSnapshotIdentifier`` property with the ID of the DB snapshot that you want to use.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you can delete the ``DBSnapshotIdentifier`` property. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n 1. Update the stack.\n \n For more information about updating other properties of this resource, see ``ModifyDBInstance``. For more information about updating stacks, see [CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html).\n *Deleting DB instances* \n For DB instances that are part of an Aurora DB cluster, you can set a deletion policy for your DB instance to control how AWS CloudFormation handles the DB instance when the stack is deleted. For Amazon RDS DB instances, you can choose to *retain* the DB instance, to *delete* the DB instance, or to *create a snapshot* of the DB instance. The default AWS CloudFormation behavior depends on the ``DBClusterIdentifier`` property:\n 1. For ``AWS::RDS::DBInstance`` resources that don't specify the ``DBClusterIdentifier`` property, AWS CloudFormation saves a snapshot of the DB instance.\n 1. For ``AWS::RDS::DBInstance`` resources that do specify the ``DBClusterIdentifier`` property, AWS CloudFormation deletes the DB instance.\n \n For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).", + "description": "The ``AWS::RDS::DBInstance`` resource creates an Amazon DB instance. The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster.\n For more information about creating an RDS DB instance, see [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) in the *Amazon RDS User Guide*.\n For more information about creating a DB instance in an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*.\n If you import an existing DB instance, and the template configuration doesn't match the actual configuration of the DB instance, AWS CloudFormation applies the changes in the template during the import operation.\n If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an update that requires replacement, you can apply a stack policy to prevent DB instances from being replaced. For more information, see [Prevent Updates to Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html).\n *Updating DB instances* \n When properties labeled \"*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)\" are updated, AWS CloudFormation first creates a replacement DB instance, then changes references from other dependent resources to point to the replacement DB instance, and finally deletes the old DB instance.\n We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB instance. To preserve your data, perform the following procedure:\n 1. Deactivate any applications that are using the DB instance so that there's no activity on the DB instance.\n 1. Create a snapshot of the DB instance. For more information, see [Creating a DB Snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateSnapshot.html).\n 1. If you want to restore your instance using a DB snapshot, modify the updated template with your DB instance changes and add the ``DBSnapshotIdentifier`` property with the ID of the DB snapshot that you want to use.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you can delete the ``DBSnapshotIdentifier`` property. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n 1. Update the stack.\n \n For more information about updating other properties of this resource, see ``ModifyDBInstance``. For more information about updating stacks, see [CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html).\n *Deleting DB instances* \n For DB instances that are part of an Aurora DB cluster, you can set a deletion policy for your DB instance to control how AWS CloudFormation handles the DB instance when the stack is deleted. For Amazon RDS DB instances, you can choose to *retain* the DB instance, to *delete* the DB instance, or to *create a snapshot* of the DB instance. The default AWS CloudFormation behavior depends on the ``DBClusterIdentifier`` property:\n 1. For ``AWS::RDS::DBInstance`` resources that don't specify the ``DBClusterIdentifier`` property, AWS CloudFormation saves a snapshot of the DB instance.\n 1. For ``AWS::RDS::DBInstance`` resources that do specify the ``DBClusterIdentifier`` property, AWS CloudFormation deletes the DB instance.\n \n For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).", "handlers": { "create": { "permissions": [ @@ -234,6 +234,7 @@ "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", + "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeEvents", "rds:ModifyDBInstance", "rds:PromoteReadReplica", @@ -261,6 +262,10 @@ "description": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.", "type": "boolean" }, + "ApplyImmediately": { + "description": "Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the ``PreferredMaintenanceWindow`` setting. If set to ``false``, changes are applied during the next maintenance window. Until RDS applies the changes, the DB instance remains in a drift state. As a result, the configuration doesn't fully reflect the requested modifications and temporarily diverges from the intended state.\n In addition to the settings described in [Modifying a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html), this property also determines whether the DB instance reboots when a static parameter is modified in the associated DB parameter group.\n Default: ``true``", + "type": "boolean" + }, "AssociatedRoles": { "description": "The IAMlong (IAM) roles associated with the DB instance. \n *Amazon Aurora* \n Not applicable. The associated roles are managed by the DB cluster.", "items": { @@ -277,15 +282,19 @@ "type": "string" }, "AutomaticBackupReplicationRegion": { - "description": "", + "description": "The AWS-Region associated with the automated backup.", "type": "string" }, + "AutomaticBackupReplicationRetentionPeriod": { + "description": "The retention period for automated backups in a different AWS Region. Use this parameter to set a unique retention period that only applies to cross-Region automated backups. To enable automated backups in a different Region, specify a positive value for the ``AutomaticBackupReplicationRegion`` parameter. \n If not specified, this parameter defaults to the value of the ``BackupRetentionPeriod`` parameter. The maximum allowed value is 35.", + "minimum": 1, + "type": "integer" + }, "AvailabilityZone": { "description": "The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html).\n For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one.\n Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region.\n Constraints:\n + The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment.\n + The specified Availability Zone must be in the same AWS-Region as the current endpoint.\n \n Example: ``us-east-1d``", "type": "string" }, "BackupRetentionPeriod": { - "default": 1, "description": "The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.\n *Amazon Aurora* \n Not applicable. The retention period for automated backups is managed by the DB cluster.\n Default: 1\n Constraints:\n + Must be a value from 0 to 35\n + Can't be set to 0 if the DB instance is a source to read replicas", "minimum": 0, "type": "integer" @@ -296,7 +305,7 @@ }, "CertificateDetails": { "$ref": "#/definitions/CertificateDetails", - "description": "The details of the DB instance's server certificate." + "description": "" }, "CertificateRotationRestart": { "description": "Specifies whether the DB instance is restarted when you rotate your SSL/TLS certificate.\n By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted.\n Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance.\n If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate:\n + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* \n + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*.\n \n This setting doesn't apply to RDS Custom DB instances.", @@ -315,7 +324,7 @@ "type": "string" }, "DBClusterIdentifier": { - "description": "The identifier of the DB cluster that the instance will belong to.", + "description": "The identifier of the DB cluster that this DB instance will belong to.\n This setting doesn't apply to RDS Custom DB instances.", "type": "string" }, "DBClusterSnapshotIdentifier": { @@ -354,17 +363,21 @@ "uniqueItems": true }, "DBSnapshotIdentifier": { - "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``DeleteAutomatedBackups`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PerformanceInsightsKMSKeyId`` \n + ``PerformanceInsightsRetentionPeriod`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an encrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster.", + "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties, and the point-in-time recovery properties ``RestoreTime`` and ``UseLatestRestorableTime``. For information about the properties that you can specify, see the [RestoreDBInstanceFromDBSnapshot](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html) action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an unencrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster.", "type": "string" }, "DBSubnetGroupName": { - "description": "A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. \n If there's no DB subnet group, then the DB instance isn't a VPC DB instance.\n For more information about using Amazon RDS in a VPC, see [Using Amazon RDS with Amazon Virtual Private Cloud (VPC)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. \n *Amazon Aurora* \n Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.", + "description": "A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. \n If you don't specify a DB subnet group, RDS uses the default DB subnet group if one exists. If a default DB subnet group does not exist, and you don't specify a ``DBSubnetGroupName``, the DB instance fails to launch. \n For more information about using Amazon RDS in a VPC, see [Amazon VPC and Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. \n This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.", "type": "string" }, "DBSystemId": { "description": "The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term \"Oracle database instance\" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB``. The Oracle SID is also the name of your CDB.", "type": "string" }, + "DatabaseInsightsMode": { + "description": "", + "type": "string" + }, "DbiResourceId": { "description": "", "type": "string" @@ -378,7 +391,7 @@ "type": "boolean" }, "DeletionProtection": { - "description": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). \n *Amazon Aurora* \n Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster``. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.", + "description": "Specifies whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html).\n This setting doesn't apply to Amazon Aurora DB instances. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster``. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.", "type": "boolean" }, "Domain": { @@ -425,7 +438,7 @@ }, "Endpoint": { "$ref": "#/definitions/Endpoint", - "description": "The connection endpoint for the DB instance.\n The endpoint might not be shown for instances with the status of ``creating``." + "description": "" }, "Engine": { "description": "The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region.\n This property is required when creating a DB instance.\n You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb``. Converting to the CDB architecture requires an interruption.\n Valid Values:\n + ``aurora-mysql`` (for Aurora MySQL DB instances)\n + ``aurora-postgresql`` (for Aurora PostgreSQL DB instances)\n + ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances)\n + ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances)\n + ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances)\n + ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances)\n + ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances)\n + ``db2-ae`` \n + ``db2-se`` \n + ``mariadb`` \n + ``mysql`` \n + ``oracle-ee`` \n + ``oracle-ee-cdb`` \n + ``oracle-se2`` \n + ``oracle-se2-cdb`` \n + ``postgres`` \n + ``sqlserver-ee`` \n + ``sqlserver-se`` \n + ``sqlserver-ex`` \n + ``sqlserver-web``", @@ -464,7 +477,7 @@ "description": "The secret managed by RDS in AWS Secrets Manager for the master user password.\n For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.*" }, "MasterUsername": { - "description": "The master user name for the DB instance.\n If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot.\n When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name.\n *Amazon Aurora* \n Not applicable. The name for the master user is managed by the DB cluster. \n *RDS for Db2* \n Constraints:\n + Must be 1 to 16 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for MariaDB* \n Constraints:\n + Must be 1 to 16 letters or numbers.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for Microsoft SQL Server* \n Constraints:\n + Must be 1 to 128 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for MySQL* \n Constraints:\n + Must be 1 to 16 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for Oracle* \n Constraints:\n + Must be 1 to 30 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for PostgreSQL* \n Constraints:\n + Must be 1 to 63 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.", + "description": "The master user name for the DB instance.\n If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot.\n When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name.\n *Amazon Aurora* \n Not applicable. The name for the master user is managed by the DB cluster. \n *RDS for Db2* \n Constraints:\n + Must be 1 to 16 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for MariaDB* \n Constraints:\n + Must be 1 to 16 letters or numbers.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for Microsoft SQL Server* \n Constraints:\n + Must be 1 to 128 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for MySQL* \n Constraints:\n + Must be 1 to 16 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for Oracle* \n Constraints:\n + Must be 1 to 30 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.\n \n *RDS for PostgreSQL* \n Constraints:\n + Must be 1 to 63 letters or numbers.\n + First character must be a letter.\n + Can't be a reserved word for the chosen database engine.", "maxLength": 128, "minLength": 1, "pattern": "^[a-zA-Z][a-zA-Z0-9_]{0,127}$", @@ -475,8 +488,7 @@ "type": "integer" }, "MonitoringInterval": { - "default": 0, - "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0.\n If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0.\n This setting doesn't apply to RDS Custom.\n Valid Values: ``0, 1, 5, 10, 15, 30, 60``", + "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify ``0``.\n If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than ``0``.\n This setting doesn't apply to RDS Custom DB instances.\n Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` \n Default: ``0``", "type": "integer" }, "MonitoringRoleArn": { @@ -484,7 +496,7 @@ "type": "string" }, "MultiAZ": { - "description": "Specifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the ``AvailabilityZone`` parameter if the ``MultiAZ`` parameter is set to true. \n For more information, see [Multi-AZ deployments for high availability](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) in the *Amazon RDS User Guide*.\n *Amazon Aurora* \n Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the ``MultiAZ`` option to be set.", + "description": "Specifies whether the DB instance is a Multi-AZ deployment. You can't set the ``AvailabilityZone`` parameter if the DB instance is a Multi-AZ deployment.\n This setting doesn't apply to the following DB instances:\n + Amazon Aurora (DB instance Availability Zones (AZs) are managed by the DB cluster.)\n + RDS Custom", "type": "boolean" }, "NcharCharacterSetName": { @@ -504,11 +516,11 @@ "type": "string" }, "PerformanceInsightsRetentionPeriod": { - "description": "The number of days to retain Performance Insights data.\n This setting doesn't apply to RDS Custom DB instances.\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error.", + "description": "The number of days to retain Performance Insights data. When creating a DB instance without enabling Performance Insights, you can't specify the parameter ``PerformanceInsightsRetentionPeriod``.\n This setting doesn't apply to RDS Custom DB instances.\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error.", "type": "integer" }, "Port": { - "description": "The port number on which the database accepts connections.\n *Amazon Aurora* \n Not applicable. The port number is managed by the DB cluster.\n *Db2* \n Default value: ``50000``", + "description": "The port number on which the database accepts connections.\n This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster.\n Valid Values: ``1150-65535`` \n Default:\n + RDS for Db2 - ``50000`` \n + RDS for MariaDB - ``3306`` \n + RDS for Microsoft SQL Server - ``1433`` \n + RDS for MySQL - ``3306`` \n + RDS for Oracle - ``1521`` \n + RDS for PostgreSQL - ``5432`` \n \n Constraints:\n + For RDS for Microsoft SQL Server, the value can't be ``1234``, ``1434``, ``3260``, ``3343``, ``3389``, ``47001``, or ``49152-49156``.", "pattern": "^\\d*$", "type": "string" }, @@ -517,7 +529,7 @@ "type": "string" }, "PreferredMaintenanceWindow": { - "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* \n This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.\n Constraints: Minimum 30-minute window.", + "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Maintaining a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* \n This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.\n Constraints: Minimum 30-minute window.", "type": "string" }, "ProcessorFeatures": { @@ -528,7 +540,6 @@ "type": "array" }, "PromotionTier": { - "default": 1, "description": "The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*.\n This setting doesn't apply to RDS Custom DB instances.\n Default: ``1`` \n Valid Values: ``0 - 15``", "minimum": 0, "type": "integer" @@ -542,7 +553,7 @@ "type": "string" }, "RestoreTime": { - "description": "The date and time to restore from.\n Constraints:\n + Must be a time in Universal Coordinated Time (UTC) format.\n + Must be before the latest restorable time for the DB instance.\n + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled.\n \n Example: ``2009-09-07T23:45:00Z``", + "description": "The date and time to restore from. This parameter applies to point-in-time recovery. For more information, see [Restoring a DB instance to a specified time](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIT.html) in the in the *Amazon RDS User Guide*.\n Constraints:\n + Must be a time in Universal Coordinated Time (UTC) format.\n + Must be before the latest restorable time for the DB instance.\n + Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled.\n \n Example: ``2009-09-07T23:45:00Z``", "format": "date-time", "type": "string" }, @@ -571,15 +582,15 @@ "type": "boolean" }, "StorageThroughput": { - "description": "Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. \n This setting doesn't apply to RDS Custom or Amazon Aurora.", + "description": "Specifies the storage throughput value, in mebibyte per second (MiBps), for the DB instance. This setting applies only to the ``gp3`` storage type. \n This setting doesn't apply to RDS Custom or Amazon Aurora.", "type": "integer" }, "StorageType": { - "description": "The storage type to associate with the DB instance.\n If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter.\n This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.\n Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` \n Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp2``.", + "description": "The storage type to associate with the DB instance.\n If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter.\n This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.\n Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` \n Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp3``.", "type": "string" }, "Tags": { - "description": "An optional array of key-value pairs to apply to this DB instance.", + "description": "Tags to assign to the DB instance.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -604,7 +615,7 @@ "type": "boolean" }, "UseLatestRestorableTime": { - "description": "Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time.\n Constraints:\n + Can't be specified if the ``RestoreTime`` parameter is provided.", + "description": "Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time. This parameter applies to point-in-time recovery. For more information, see [Restoring a DB instance to a specified time](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIT.html) in the in the *Amazon RDS User Guide*.\n Constraints:\n + Can't be specified if the ``RestoreTime`` parameter is provided.", "type": "boolean" }, "VPCSecurityGroups": { @@ -624,30 +635,43 @@ "/properties/DBParameterGroupName": "$lowercase(DBParameterGroupName)", "/properties/DBSnapshotIdentifier": "$lowercase(DBSnapshotIdentifier)", "/properties/DBSubnetGroupName": "$lowercase(DBSubnetGroupName)", + "/properties/DBSystemId": "$uppercase(DBSystemId)", "/properties/Engine": "$lowercase(Engine)", "/properties/EngineVersion": "$join([$string(EngineVersion), \".*\"])", - "/properties/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KmsKeyId])", - "/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", MasterUserSecret.KmsKeyId])", + "/properties/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", KmsKeyId])", + "/properties/MasterUserSecret/KmsKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", MasterUserSecret.KmsKeyId])", "/properties/NetworkType": "$lowercase(NetworkType)", "/properties/OptionGroupName": "$lowercase(OptionGroupName)", - "/properties/PerformanceInsightsKMSKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", PerformanceInsightsKMSKeyId])", + "/properties/PerformanceInsightsKMSKeyId": "$join([\"arn:.+?:kms:.+?:.+?:key\\/\", PerformanceInsightsKMSKeyId])", "/properties/PreferredMaintenanceWindow": "$lowercase(PreferredMaintenanceWindow)", "/properties/SourceDBInstanceAutomatedBackupsArn": "$lowercase(SourceDBInstanceAutomatedBackupsArn)", "/properties/SourceDBInstanceIdentifier": "$lowercase(SourceDBInstanceIdentifier)", "/properties/StorageType": "$lowercase(StorageType)" }, "readOnlyProperties": [ + "/properties/Endpoint", "/properties/Endpoint/Address", "/properties/Endpoint/Port", "/properties/Endpoint/HostedZoneId", "/properties/DbiResourceId", "/properties/DBInstanceArn", - "/properties/DBSystemId", "/properties/MasterUserSecret/SecretArn", + "/properties/CertificateDetails", "/properties/CertificateDetails/CAIdentifier", "/properties/CertificateDetails/ValidTill" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::RDS::DBInstance", "writeOnlyProperties": [ "/properties/AllowMajorVersionUpgrade", @@ -656,7 +680,6 @@ "/properties/DBSnapshotIdentifier", "/properties/DeleteAutomatedBackups", "/properties/MasterUserPassword", - "/properties/Port", "/properties/RestoreTime", "/properties/SourceDBInstanceAutomatedBackupsArn", "/properties/SourceDBInstanceIdentifier", @@ -664,6 +687,7 @@ "/properties/SourceRegion", "/properties/TdeCredentialPassword", "/properties/UseDefaultProcessorFeatures", - "/properties/UseLatestRestorableTime" + "/properties/UseLatestRestorableTime", + "/properties/ApplyImmediately" ] } diff --git a/src/schema/aws-rds-dbparametergroup.json b/src/schema/aws-rds-dbparametergroup.json index ef466119..c397df7b 100644 --- a/src/schema/aws-rds-dbparametergroup.json +++ b/src/schema/aws-rds-dbparametergroup.json @@ -8,7 +8,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", @@ -89,15 +89,15 @@ "type": "string" }, "Family": { - "description": "The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family.\n The DB parameter group family can't be changed when updating a DB parameter group.\n To list all of the available parameter group families, use the following command:\n ``aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"`` \n The output contains duplicates.\n For more information, see ``CreateDBParameterGroup``.", + "description": "The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.\n To list all of the available parameter group families for a DB engine, use the following command:\n ``aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine `` \n For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:\n ``aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine mysql`` \n The output contains duplicates.\n The following are the valid DB engine values:\n + ``aurora-mysql`` \n + ``aurora-postgresql`` \n + ``db2-ae`` \n + ``db2-se`` \n + ``mysql`` \n + ``oracle-ee`` \n + ``oracle-ee-cdb`` \n + ``oracle-se2`` \n + ``oracle-se2-cdb`` \n + ``postgres`` \n + ``sqlserver-ee`` \n + ``sqlserver-se`` \n + ``sqlserver-ex`` \n + ``sqlserver-web``", "type": "string" }, "Parameters": { - "description": "An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional.\n RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID (``rds.ibm_customer_id``) and site number (``rds.ibm_site_id``) before starting a Db2 instance.\n For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*.\n For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.\n AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.", + "description": "A mapping of parameter names and values for the parameter update. You must specify at least one parameter name and value.\n For more information about parameter groups, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*, or [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.\n AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.", "type": "object" }, "Tags": { - "description": "An optional array of key-value pairs to apply to this DB parameter group.\n Currently, this is the only property that supports drift detection.", + "description": "Tags to assign to the DB parameter group.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -115,5 +115,16 @@ "Description" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::RDS::DBParameterGroup" } diff --git a/src/schema/aws-rds-dbproxy.json b/src/schema/aws-rds-dbproxy.json index be200599..84cfb403 100644 --- a/src/schema/aws-rds-dbproxy.json +++ b/src/schema/aws-rds-dbproxy.json @@ -195,6 +195,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource", + "rds:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-rds-dbproxyendpoint.json b/src/schema/aws-rds-dbproxyendpoint.json index 8db2f30d..efd2899e 100644 --- a/src/schema/aws-rds-dbproxyendpoint.json +++ b/src/schema/aws-rds-dbproxyendpoint.json @@ -139,6 +139,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource", + "rds:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-rds-dbshardgroup.json b/src/schema/aws-rds-dbshardgroup.json new file mode 100644 index 00000000..0bfc70b7 --- /dev/null +++ b/src/schema/aws-rds-dbshardgroup.json @@ -0,0 +1,155 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/DBClusterIdentifier", + "/properties/DBShardGroupIdentifier", + "/properties/PubliclyAccessible" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "properties": { + "Key": { + "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + } + }, + "description": "Creates a new DB shard group for Aurora Limitless Database. You must enable Aurora Limitless Database to create a DB shard group.\n Valid for: Aurora DB clusters only", + "handlers": { + "create": { + "permissions": [ + "rds:AddTagsToResource", + "rds:CreateDBShardGroup", + "rds:DescribeDBClusters", + "rds:DescribeDBShardGroups", + "rds:ListTagsForResource" + ], + "timeoutInMinutes": 2160 + }, + "delete": { + "permissions": [ + "rds:DeleteDBShardGroup", + "rds:DescribeDBClusters", + "rds:DescribeDbShardGroups" + ], + "timeoutInMinutes": 2160 + }, + "list": { + "permissions": [ + "rds:DescribeDBShardGroups", + "rds:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "rds:DescribeDBShardGroups", + "rds:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "rds:AddTagsToResource", + "rds:DescribeDBShardGroups", + "rds:DescribeDBClusters", + "rds:RemoveTagsFromResource", + "rds:ModifyDBShardGroup", + "rds:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/DBShardGroupIdentifier" + ], + "properties": { + "ComputeRedundancy": { + "description": "Specifies whether to create standby DB shard groups for the DB shard group. Valid values are the following:\n + 0 - Creates a DB shard group without a standby DB shard group. This is the default value.\n + 1 - Creates a DB shard group with a standby DB shard group in a different Availability Zone (AZ).\n + 2 - Creates a DB shard group with two standby DB shard groups in two different AZs.", + "minimum": 0, + "type": "integer" + }, + "DBClusterIdentifier": { + "description": "The name of the primary DB cluster for the DB shard group.", + "maxLength": 63, + "minLength": 1, + "type": "string" + }, + "DBShardGroupIdentifier": { + "description": "The name of the DB shard group.", + "maxLength": 63, + "minLength": 1, + "type": "string" + }, + "DBShardGroupResourceId": { + "description": "", + "type": "string" + }, + "Endpoint": { + "description": "", + "type": "string" + }, + "MaxACU": { + "description": "The maximum capacity of the DB shard group in Aurora capacity units (ACUs).", + "type": "number" + }, + "MinACU": { + "description": "The minimum capacity of the DB shard group in Aurora capacity units (ACUs).", + "type": "number" + }, + "PubliclyAccessible": { + "description": "Specifies whether the DB shard group is publicly accessible.\n When the DB shard group is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB shard group's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB shard group's VPC. Access to the DB shard group is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB shard group doesn't permit it.\n When the DB shard group isn't publicly accessible, it is an internal DB shard group with a DNS name that resolves to a private IP address.\n Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified.\n If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies:\n + If the default VPC in the target Region doesn\u2019t have an internet gateway attached to it, the DB shard group is private.\n + If the default VPC in the target Region has an internet gateway attached to it, the DB shard group is public.\n \n If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies:\n + If the subnets are part of a VPC that doesn\u2019t have an internet gateway attached to it, the DB shard group is private.\n + If the subnets are part of a VPC that has an internet gateway attached to it, the DB shard group is public.", + "type": "boolean" + }, + "Tags": { + "description": "An optional set of key-value pairs to associate arbitrary data of your choosing with the DB shard group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + } + }, + "propertyTransform": { + "/properties/DBClusterIdentifier": "$lowercase(DBClusterIdentifier)", + "/properties/DBShardGroupIdentifier": "$lowercase(DBShardGroupIdentifier)" + }, + "readOnlyProperties": [ + "/properties/DBShardGroupResourceId", + "/properties/Endpoint" + ], + "required": [ + "DBClusterIdentifier", + "MaxACU" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::RDS::DBShardGroup", + "writeOnlyProperties": [ + "/properties/MinACU" + ] +} diff --git a/src/schema/aws-rds-dbsubnetgroup.json b/src/schema/aws-rds-dbsubnetgroup.json index 15efc8bc..b0cf082a 100644 --- a/src/schema/aws-rds-dbsubnetgroup.json +++ b/src/schema/aws-rds-dbsubnetgroup.json @@ -6,7 +6,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", @@ -76,11 +76,12 @@ "type": "string" }, "DBSubnetGroupName": { - "description": "The name for the DB subnet group. This value is stored as a lowercase string.\n Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n Example: ``mysubnetgroup``", + "description": "The name for the DB subnet group. This value is stored as a lowercase string.\n Constraints:\n + Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens.\n + Must not be default.\n + First character must be a letter.\n \n Example: ``mydbsubnetgroup``", "type": "string" }, "SubnetIds": { "description": "The EC2 Subnet IDs for the DB subnet group.", + "insertionOrder": false, "items": { "type": "string" }, @@ -88,7 +89,7 @@ "uniqueItems": false }, "Tags": { - "description": "An optional array of key-value pairs to apply to this DB subnet group.", + "description": "Tags to assign to the DB subnet group.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -106,8 +107,16 @@ "SubnetIds" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", - "typeName": "AWS::RDS::DBSubnetGroup", - "writeOnlyProperties": [ - "/properties/SubnetIds" - ] + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::RDS::DBSubnetGroup" } diff --git a/src/schema/aws-rds-eventsubscription.json b/src/schema/aws-rds-eventsubscription.json index c70603a9..50a81077 100644 --- a/src/schema/aws-rds-eventsubscription.json +++ b/src/schema/aws-rds-eventsubscription.json @@ -7,7 +7,7 @@ "definitions": { "Tag": { "additionalProperties": false, - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", @@ -91,7 +91,7 @@ "type": "string" }, "SourceIds": { - "description": "The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.\n Constraints:\n + If a ``SourceIds`` value is supplied, ``SourceType`` must also be provided.\n + If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied.\n + If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied.\n + If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied.\n + If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied.\n + If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied.\n + If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied.", + "description": "The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.\n Constraints:\n + If ``SourceIds`` are supplied, ``SourceType`` must also be provided.\n + If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied.\n + If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied.\n + If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied.\n + If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied.\n + If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied.\n + If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied.\n + If the source type is an RDS Proxy, a ``DBProxyName`` value must be supplied.", "insertionOrder": false, "items": { "type": "string" @@ -100,7 +100,7 @@ "uniqueItems": true }, "SourceType": { - "description": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to ``db-instance``. If this value isn't specified, all events are returned.\n Valid values: ``db-instance`` | ``db-cluster`` | ``db-parameter-group`` | ``db-security-group`` | ``db-snapshot`` | ``db-cluster-snapshot``", + "description": "The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to ``db-instance``. For RDS Proxy events, specify ``db-proxy``. If this value isn't specified, all events are returned.\n Valid Values:``db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment``", "type": "string" }, "SubscriptionName": { @@ -126,5 +126,16 @@ "SnsTopicArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::RDS::EventSubscription" } diff --git a/src/schema/aws-rds-globalcluster.json b/src/schema/aws-rds-globalcluster.json index 7e19f152..958180e9 100644 --- a/src/schema/aws-rds-globalcluster.json +++ b/src/schema/aws-rds-globalcluster.json @@ -6,6 +6,40 @@ "/properties/StorageEncrypted", "/properties/Engine" ], + "definitions": { + "GlobalEndpoint": { + "additionalProperties": false, + "properties": { + "Address": { + "description": "The writer endpoint for the global database cluster. This endpoint always points to the writer DB instance in the current primary cluster.", + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + } + }, "description": "Resource Type definition for AWS::RDS::GlobalCluster", "handlers": { "create": { @@ -36,7 +70,9 @@ "update": { "permissions": [ "rds:ModifyGlobalCluster", - "rds:DescribeGlobalClusters" + "rds:DescribeGlobalClusters", + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" ] } }, @@ -79,9 +115,14 @@ }, "GlobalClusterIdentifier": { "description": "The cluster identifier of the new global database cluster. This parameter is stored as a lowercase string.", + "maxLength": 63, + "minLength": 1, "pattern": "^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$", "type": "string" }, + "GlobalEndpoint": { + "$ref": "#/definitions/GlobalEndpoint" + }, "SourceDBClusterIdentifier": { "description": "The Amazon Resource Name (ARN) to use as the primary cluster of the global database. This parameter is optional. This parameter is stored as a lowercase string.", "oneOf": [ @@ -97,11 +138,35 @@ "StorageEncrypted": { "description": " The storage encryption setting for the new global database cluster.\nIf you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster.", "type": "boolean" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true } }, "propertyTransform": { "/properties/GlobalClusterIdentifier": "$lowercase(GlobalClusterIdentifier)" }, + "readOnlyProperties": [ + "/properties/GlobalEndpoint" + ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::RDS::GlobalCluster" } diff --git a/src/schema/aws-rds-optiongroup.json b/src/schema/aws-rds-optiongroup.json index 7072aeb8..50a9b052 100644 --- a/src/schema/aws-rds-optiongroup.json +++ b/src/schema/aws-rds-optiongroup.json @@ -12,7 +12,7 @@ "description": "The ``OptionConfiguration`` property type specifies an individual option, and its settings, within an ``AWS::RDS::OptionGroup`` resource.", "properties": { "DBSecurityGroupMemberships": { - "description": "A list of DBSecurityGroupMembership name strings used for this option.", + "description": "A list of DB security groups used for this option.", "insertionOrder": false, "items": { "type": "string" @@ -41,7 +41,7 @@ "type": "integer" }, "VpcSecurityGroupMemberships": { - "description": "A list of VpcSecurityGroupMembership name strings used for this option.", + "description": "A list of VPC security group names used for this option.", "insertionOrder": false, "items": { "type": "string" @@ -72,7 +72,7 @@ }, "Tag": { "additionalProperties": false, - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS Resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n For more information, see [Tagging Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) in the *Amazon RDS User Guide* or [Tagging Amazon Aurora and Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) in the *Amazon Aurora User Guide*.", "properties": { "Key": { "description": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:``. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-@]*)$\").", @@ -149,7 +149,7 @@ }, "OptionConfigurations": { "arrayType": "AttributeList", - "description": "A list of options and the settings for each option.", + "description": "A list of all available options for an option group.", "insertionOrder": false, "items": { "$ref": "#/definitions/OptionConfiguration" @@ -165,7 +165,7 @@ "type": "string" }, "Tags": { - "description": "An optional array of key-value pairs to apply to this option group.", + "description": "Tags to assign to the option group.", "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" @@ -182,5 +182,16 @@ "OptionGroupDescription" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::RDS::OptionGroup" } diff --git a/src/schema/aws-redshift-cluster.json b/src/schema/aws-redshift-cluster.json index 1e399f77..5e0195db 100644 --- a/src/schema/aws-redshift-cluster.json +++ b/src/schema/aws-redshift-cluster.json @@ -32,6 +32,17 @@ }, "type": "string" }, + "LogDestinationType": { + "type": "string" + }, + "LogExports": { + "insertionOrder": false, + "items": { + "type": "string" + }, + "maxItems": 3, + "type": "array" + }, "S3KeyPrefix": { "type": "string" } @@ -377,7 +388,7 @@ "type": "object" }, "NodeType": { - "description": "The node type to be provisioned for the cluster.Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.4xlarge | ra3.16xlarge", + "description": "The node type to be provisioned for the cluster.Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.large | ra3.4xlarge | ra3.16xlarge", "type": "string" }, "NumberOfNodes": { diff --git a/src/schema/aws-redshift-clusterparametergroup.json b/src/schema/aws-redshift-clusterparametergroup.json index 6ba4f114..83ae82b2 100644 --- a/src/schema/aws-redshift-clusterparametergroup.json +++ b/src/schema/aws-redshift-clusterparametergroup.json @@ -73,6 +73,7 @@ "delete": { "permissions": [ "redshift:DescribeTags", + "redshift:DeleteTags", "redshift:DescribeClusterParameterGroups", "redshift:DeleteClusterParameterGroup", "redshift:DescribeClusterParameters", @@ -147,12 +148,16 @@ "ParameterGroupFamily" ], "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "redshift:DescribeTags", + "redshift:CreateTags", + "redshift:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::Redshift::ClusterParameterGroup", - "writeOnlyProperties": [ - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" - ] + "typeName": "AWS::Redshift::ClusterParameterGroup" } diff --git a/src/schema/aws-redshift-clustersubnetgroup.json b/src/schema/aws-redshift-clustersubnetgroup.json index 5aaadeb8..840ee55b 100644 --- a/src/schema/aws-redshift-clustersubnetgroup.json +++ b/src/schema/aws-redshift-clustersubnetgroup.json @@ -159,7 +159,7 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-redshift", "tagging": { - "taggable": true + "taggable": false }, "typeName": "AWS::Redshift::ClusterSubnetGroup", "writeOnlyProperties": [ diff --git a/src/schema/aws-redshift-eventsubscription.json b/src/schema/aws-redshift-eventsubscription.json index 8cc1cfb0..1018e93b 100644 --- a/src/schema/aws-redshift-eventsubscription.json +++ b/src/schema/aws-redshift-eventsubscription.json @@ -188,7 +188,7 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-redshift", "tagging": { - "taggable": true + "taggable": false }, "typeName": "AWS::Redshift::EventSubscription", "writeOnlyProperties": [ diff --git a/src/schema/aws-redshift-integration.json b/src/schema/aws-redshift-integration.json new file mode 100644 index 00000000..c667ed99 --- /dev/null +++ b/src/schema/aws-redshift-integration.json @@ -0,0 +1,170 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/SourceArn", + "/properties/TargetArn", + "/properties/KMSKeyId", + "/properties/AdditionalEncryptionContext" + ], + "definitions": { + "EncryptionContextMap": { + "additionalProperties": false, + "description": "An optional set of non-secret key\u2013value pairs that contains additional contextual information about the data.", + "patternProperties": { + "^[\\s\\S]*$": { + "maxLength": 131072, + "minLength": 0, + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + } + }, + "description": "Integration from a source AWS service to a Redshift cluster", + "handlers": { + "create": { + "permissions": [ + "redshift:CreateIntegration", + "redshift:DescribeIntegrations", + "redshift:CreateTags", + "redshift:DescribeTags", + "redshift:DescribeClusters", + "redshift:CreateInboundIntegration", + "redshift-serverless:ListNamespaces", + "kms:CreateGrant", + "kms:DescribeKey" + ] + }, + "delete": { + "permissions": [ + "redshift:DeleteTags", + "redshift:DeleteIntegration", + "redshift:DescribeIntegrations" + ] + }, + "list": { + "permissions": [ + "redshift:DescribeTags", + "redshift:DescribeIntegrations" + ] + }, + "read": { + "permissions": [ + "redshift:DescribeIntegrations", + "redshift:DescribeTags" + ] + }, + "update": { + "permissions": [ + "redshift:DescribeIntegrations", + "redshift:ModifyIntegration", + "redshift:CreateTags", + "redshift:DeleteTags", + "redshift:DescribeClusters", + "redshift:DescribeTags", + "redshift-serverless:ListNamespaces" + ] + } + }, + "primaryIdentifier": [ + "/properties/IntegrationArn" + ], + "properties": { + "AdditionalEncryptionContext": { + "$ref": "#/definitions/EncryptionContextMap" + }, + "CreateTime": { + "description": "The time (UTC) when the integration was created.", + "type": "string" + }, + "IntegrationArn": { + "description": "The Amazon Resource Name (ARN) of the integration.", + "type": "string" + }, + "IntegrationName": { + "description": "The name of the integration.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, + "KMSKeyId": { + "description": "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used.", + "type": "string" + }, + "SourceArn": { + "description": "The Amazon Resource Name (ARN) of the database to use as the source for replication", + "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + }, + "TargetArn": { + "description": "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication", + "type": "string" + } + }, + "propertyTransform": { + "/properties/KmsKeyId": "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KmsKeyId])" + }, + "readOnlyProperties": [ + "/properties/IntegrationArn", + "/properties/CreateTime" + ], + "required": [ + "SourceArn", + "TargetArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "redshift:CreateTags", + "redshift:DeleteTags", + "redshift:DescribeTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Redshift::Integration" +} diff --git a/src/schema/aws-redshiftserverless-namespace.json b/src/schema/aws-redshiftserverless-namespace.json index 75f5f9ad..e53f887e 100644 --- a/src/schema/aws-redshiftserverless-namespace.json +++ b/src/schema/aws-redshiftserverless-namespace.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/NamespaceName", - "/properties/Tags" + "/properties/NamespaceName" ], "definitions": { "LogExport": { @@ -125,6 +124,7 @@ "handlers": { "create": { "permissions": [ + "iam:CreateServiceLinkedRole", "iam:PassRole", "kms:TagResource", "kms:UntagResource", @@ -143,6 +143,8 @@ "redshift-serverless:GetNamespace", "redshift-serverless:ListSnapshotCopyConfigurations", "redshift-serverless:CreateSnapshotCopyConfiguration", + "redshift-serverless:ListTagsForResource", + "redshift-serverless:TagResource", "redshift:GetResourcePolicy", "redshift:PutResourcePolicy", "secretsmanager:CreateSecret", @@ -156,6 +158,8 @@ "iam:PassRole", "redshift-serverless:DeleteNamespace", "redshift-serverless:GetNamespace", + "redshift-serverless:ListTagsForResource", + "redshift-serverless:UntagResource", "kms:RetireGrant", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", @@ -165,13 +169,15 @@ "list": { "permissions": [ "iam:PassRole", - "redshift-serverless:ListNamespaces" + "redshift-serverless:ListNamespaces", + "redshift-serverless:ListTagsForResource" ] }, "read": { "permissions": [ "iam:PassRole", "redshift-serverless:GetNamespace", + "redshift-serverless:ListTagsForResource", "redshift:GetResourcePolicy", "redshift-serverless:ListSnapshotCopyConfigurations" ] @@ -198,6 +204,9 @@ "redshift-serverless:CreateSnapshotCopyConfiguration", "redshift-serverless:UpdateSnapshotCopyConfiguration", "redshift-serverless:DeleteSnapshotCopyConfiguration", + "redshift-serverless:ListTagsForResource", + "redshift-serverless:TagResource", + "redshift-serverless:UntagResource", "redshift:GetResourcePolicy", "redshift:PutResourcePolicy", "redshift:DeleteResourcePolicy", @@ -337,16 +346,22 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-redshift-serverless", "tagging": { - "taggable": false + "cloudFormationSystemTags": false, + "permissions": [ + "redshift-serverless:ListTagsForResource", + "redshift-serverless:TagResource", + "redshift-serverless:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::RedshiftServerless::Namespace", "writeOnlyProperties": [ "/properties/AdminUserPassword", "/properties/FinalSnapshotName", "/properties/FinalSnapshotRetentionPeriod", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value", "/properties/ManageAdminPassword", "/properties/RedshiftIdcApplicationArn" ] diff --git a/src/schema/aws-redshiftserverless-workgroup.json b/src/schema/aws-redshiftserverless-workgroup.json index e1d05c11..43cafa8c 100644 --- a/src/schema/aws-redshiftserverless-workgroup.json +++ b/src/schema/aws-redshiftserverless-workgroup.json @@ -58,6 +58,27 @@ }, "type": "object" }, + "PerformanceTarget": { + "additionalProperties": false, + "properties": { + "Level": { + "maximum": 100, + "minimum": 1, + "type": "integer" + }, + "Status": { + "$ref": "#/definitions/PerformanceTargetStatus" + } + }, + "type": "object" + }, + "PerformanceTargetStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -129,6 +150,9 @@ "pattern": "^[a-z0-9-]+$", "type": "string" }, + "PricePerformanceTarget": { + "$ref": "#/definitions/PerformanceTarget" + }, "PubliclyAccessible": { "type": "boolean" }, @@ -155,6 +179,12 @@ }, "type": "array" }, + "TrackName": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_]+$", + "type": "string" + }, "WorkgroupArn": { "type": "string" }, @@ -194,7 +224,11 @@ "redshift-serverless:CreateNamespace", "redshift-serverless:CreateWorkgroup", "redshift-serverless:GetWorkgroup", - "redshift-serverless:GetNamespace" + "redshift-serverless:GetNamespace", + "redshift-serverless:ListTagsForResource", + "redshift-serverless:TagResource", + "redshift-serverless:RestoreFromSnapshot", + "redshift-serverless:RestoreFromRecoveryPoint" ] }, "delete": { @@ -208,7 +242,9 @@ "ec2:DescribeAvailabilityZones", "redshift-serverless:GetWorkgroup", "redshift-serverless:GetNamespace", - "redshift-serverless:DeleteWorkgroup" + "redshift-serverless:DeleteWorkgroup", + "redshift-serverless:ListTagsForResource", + "redshift-serverless:UntagResource" ] }, "list": { @@ -220,7 +256,8 @@ "ec2:DescribeSubnets", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", - "redshift-serverless:ListWorkgroups" + "redshift-serverless:ListWorkgroups", + "redshift-serverless:ListTagsForResource" ] }, "read": { @@ -232,7 +269,8 @@ "ec2:DescribeSubnets", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", - "redshift-serverless:GetWorkgroup" + "redshift-serverless:GetWorkgroup", + "redshift-serverless:ListTagsForResource" ] }, "update": { @@ -248,7 +286,12 @@ "redshift-serverless:TagResource", "redshift-serverless:UntagResource", "redshift-serverless:GetWorkgroup", - "redshift-serverless:UpdateWorkgroup" + "redshift-serverless:UpdateWorkgroup", + "redshift-serverless:ListTagsForResource", + "redshift-serverless:TagResource", + "redshift-serverless:UntagResource", + "redshift-serverless:RestoreFromSnapshot", + "redshift-serverless:RestoreFromRecoveryPoint" ] } }, @@ -290,11 +333,20 @@ "description": "The custom port to use when connecting to a workgroup. Valid port ranges are 5431-5455 and 8191-8215. The default is 5439.", "type": "integer" }, + "PricePerformanceTarget": { + "$ref": "#/definitions/PerformanceTarget", + "description": "A property that represents the price performance target settings for the workgroup.", + "type": "object" + }, "PubliclyAccessible": { "default": false, "description": "A value that specifies whether the workgroup can be accessible from a public network.", "type": "boolean" }, + "RecoveryPointId": { + "description": "The recovery point id to restore from.", + "type": "string" + }, "SecurityGroupIds": { "description": "A list of security group IDs to associate with the workgroup.", "insertionOrder": false, @@ -308,6 +360,18 @@ "minItems": 1, "type": "array" }, + "SnapshotArn": { + "description": "The Amazon Resource Name (ARN) of the snapshot to restore from.", + "type": "string" + }, + "SnapshotName": { + "description": "The snapshot name to restore from.", + "type": "string" + }, + "SnapshotOwnerAccount": { + "description": "The Amazon Web Services account that owns the snapshot.", + "type": "string" + }, "SubnetIds": { "description": "A list of subnet IDs the workgroup is associated with.", "insertionOrder": false, @@ -331,6 +395,12 @@ "minItems": 0, "type": "array" }, + "TrackName": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_]+$", + "type": "string" + }, "Workgroup": { "$ref": "#/definitions/Workgroup", "description": "Definition for workgroup resource" @@ -344,7 +414,6 @@ } }, "readOnlyProperties": [ - "/properties/Workgroup", "/properties/Workgroup/WorkgroupId", "/properties/Workgroup/WorkgroupArn", "/properties/Workgroup/WorkgroupName", @@ -356,6 +425,7 @@ "/properties/Workgroup/ConfigParameters/*/ParameterValue", "/properties/Workgroup/SecurityGroupIds", "/properties/Workgroup/SubnetIds", + "/properties/Workgroup/TrackName", "/properties/Workgroup/Status", "/properties/Workgroup/Endpoint/Address", "/properties/Workgroup/Endpoint/Port", @@ -373,17 +443,25 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-redshift-serverless", "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "redshift-serverless:ListTagsForResource", + "redshift-serverless:TagResource", + "redshift-serverless:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::RedshiftServerless::Workgroup", "writeOnlyProperties": [ - "/properties/BaseCapacity", - "/properties/MaxCapacity", "/properties/ConfigParameters", "/properties/SecurityGroupIds", "/properties/SubnetIds", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/SnapshotArn", + "/properties/SnapshotName", + "/properties/SnapshotOwnerAccount", + "/properties/RecoveryPointId" ] } diff --git a/src/schema/aws-refactorspaces-application.json b/src/schema/aws-refactorspaces-application.json index 963876c0..6c216a27 100644 --- a/src/schema/aws-refactorspaces-application.json +++ b/src/schema/aws-refactorspaces-application.json @@ -82,10 +82,6 @@ "apigateway:POST", "apigateway:PUT", "apigateway:UpdateRestApiPolicy", - "apigateway:Update*", - "apigateway:Delete*", - "apigateway:Get*", - "apigateway:Put*", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", @@ -107,10 +103,10 @@ "ec2:DeleteTags", "ec2:RevokeSecurityGroupIngress", "elasticloadbalancing:DeleteLoadBalancer", - "apigateway:Update*", - "apigateway:Delete*", - "apigateway:Get*", - "apigateway:Put*" + "apigateway:DELETE", + "apigateway:GET", + "apigateway:PUT", + "apigateway:UpdateRestApiPolicy" ] }, "list": { diff --git a/src/schema/aws-refactorspaces-environment.json b/src/schema/aws-refactorspaces-environment.json index 53e49550..f966c1d4 100644 --- a/src/schema/aws-refactorspaces-environment.json +++ b/src/schema/aws-refactorspaces-environment.json @@ -96,6 +96,13 @@ "refactor-spaces:GetEnvironment", "refactor-spaces:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "refactor-spaces:GetEnvironment", + "refactor-spaces:TagResource", + "refactor-spaces:UntagResource" + ] } }, "primaryIdentifier": [ @@ -149,11 +156,18 @@ "/properties/Arn", "/properties/TransitGatewayId" ], - "required": [ - "Name", - "NetworkFabricType" - ], - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "refactor-spaces:TagResource", + "refactor-spaces:ListTagsForResource", + "refactor-spaces:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::RefactorSpaces::Environment", "writeOnlyProperties": [ "/properties/Description", diff --git a/src/schema/aws-refactorspaces-service.json b/src/schema/aws-refactorspaces-service.json index a7335a3c..d4d57ca5 100644 --- a/src/schema/aws-refactorspaces-service.json +++ b/src/schema/aws-refactorspaces-service.json @@ -137,7 +137,7 @@ }, "read": { "permissions": [ - "refactor-spacess:GetService", + "refactor-spaces:GetService", "refactor-spaces:ListTagsForResource" ] } diff --git a/src/schema/aws-rekognition-collection.json b/src/schema/aws-rekognition-collection.json index c8c9c2eb..4d823b96 100644 --- a/src/schema/aws-rekognition-collection.json +++ b/src/schema/aws-rekognition-collection.json @@ -104,6 +104,17 @@ "CollectionId" ], "sourceUrl": "https://docs.aws.amazon.com/rekognition/latest/dg/collections.html", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rekognition:ListTagsForResource", + "rekognition:TagResource", + "rekognition:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Rekognition::Collection" } diff --git a/src/schema/aws-rekognition-streamprocessor.json b/src/schema/aws-rekognition-streamprocessor.json index 994c47bc..107d0ab1 100644 --- a/src/schema/aws-rekognition-streamprocessor.json +++ b/src/schema/aws-rekognition-streamprocessor.json @@ -390,6 +390,17 @@ "KinesisVideoStream" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "rekognition:TagResource", + "rekognition:UntagResource", + "rekognition:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Rekognition::StreamProcessor" } diff --git a/src/schema/aws-resiliencehub-app.json b/src/schema/aws-resiliencehub-app.json index d4105b6e..14c27060 100644 --- a/src/schema/aws-resiliencehub-app.json +++ b/src/schema/aws-resiliencehub-app.json @@ -164,7 +164,17 @@ "sns:GetTopicAttributes", "route53:List*", "iam:PassRole", - "resiliencehub:*" + "resiliencehub:CreateApp", + "resiliencehub:DescribeApp", + "resiliencehub:DescribeAppVersionTemplate", + "resiliencehub:PutDraftAppVersionTemplate", + "resiliencehub:AddDraftAppVersionResourceMappings", + "resiliencehub:ListAppVersionResourceMappings", + "resiliencehub:ListAppVersions", + "resiliencehub:PublishAppVersion", + "resiliencehub:ListTagsForResource", + "resiliencehub:TagResource", + "resiliencehub:UntagResource" ] }, "delete": { @@ -209,7 +219,18 @@ "sns:GetTopicAttributes", "route53:List*", "iam:PassRole", - "resiliencehub:*" + "resiliencehub:UpdateApp", + "resiliencehub:DescribeApp", + "resiliencehub:DescribeAppVersionTemplate", + "resiliencehub:PutDraftAppVersionTemplate", + "resiliencehub:AddDraftAppVersionResourceMappings", + "resiliencehub:RemoveDraftAppVersionResourceMappings", + "resiliencehub:ListAppVersionResourceMappings", + "resiliencehub:ListAppVersions", + "resiliencehub:PublishAppVersion", + "resiliencehub:ListTagsForResource", + "resiliencehub:TagResource", + "resiliencehub:UntagResource" ] } }, @@ -299,6 +320,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-resiliencehub", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "resiliencehub:TagResource", + "resiliencehub:ListTagsForResource", + "resiliencehub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-resiliencehub-resiliencypolicy.json b/src/schema/aws-resiliencehub-resiliencypolicy.json index e31a80da..a29ecd24 100644 --- a/src/schema/aws-resiliencehub-resiliencypolicy.json +++ b/src/schema/aws-resiliencehub-resiliencypolicy.json @@ -150,6 +150,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-resiliencehub", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "resiliencehub:TagResource", + "resiliencehub:ListTagsForResource", + "resiliencehub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-resourceexplorer2-index.json b/src/schema/aws-resourceexplorer2-index.json index 99ece596..d898bcde 100644 --- a/src/schema/aws-resourceexplorer2-index.json +++ b/src/schema/aws-resourceexplorer2-index.json @@ -93,6 +93,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "resource-explorer-2:ListTagsForResource", + "resource-explorer-2:TagResource", + "resource-explorer-2:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-resourceexplorer2-view.json b/src/schema/aws-resourceexplorer2-view.json index 26e8c39a..3f91d0d0 100644 --- a/src/schema/aws-resourceexplorer2-view.json +++ b/src/schema/aws-resourceexplorer2-view.json @@ -112,6 +112,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "resource-explorer-2:ListTagsForResource", + "resource-explorer-2:TagResource", + "resource-explorer-2:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-resourcegroups-group.json b/src/schema/aws-resourcegroups-group.json index 31a75920..4d940f13 100644 --- a/src/schema/aws-resourcegroups-group.json +++ b/src/schema/aws-resourcegroups-group.json @@ -202,7 +202,8 @@ "cloudFormationSystemTags": true, "permissions": [ "resource-groups:Tag", - "resource-groups:Untag" + "resource-groups:Untag", + "resource-groups:GetTags" ], "tagOnCreate": true, "tagProperty": "/properties/Tags", diff --git a/src/schema/aws-resourcegroups-tagsynctask.json b/src/schema/aws-resourcegroups-tagsynctask.json new file mode 100644 index 00000000..8c8bad24 --- /dev/null +++ b/src/schema/aws-resourcegroups-tagsynctask.json @@ -0,0 +1,120 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Group", + "/properties/TagKey", + "/properties/TagValue", + "/properties/RoleArn" + ], + "description": "Schema for ResourceGroups::TagSyncTask", + "handlers": { + "create": { + "permissions": [ + "resource-groups:StartTagSyncTask", + "resource-groups:CreateGroup", + "iam:PassRole" + ] + }, + "delete": { + "permissions": [ + "resource-groups:CancelTagSyncTask", + "resource-groups:DeleteGroup" + ] + }, + "list": { + "permissions": [ + "resource-groups:ListTagSyncTasks" + ] + }, + "read": { + "permissions": [ + "resource-groups:GetTagSyncTask" + ] + } + }, + "primaryIdentifier": [ + "/properties/TaskArn" + ], + "properties": { + "Group": { + "description": "The Amazon resource name (ARN) or name of the application group for which you want to create a tag-sync task", + "maxLength": 1600, + "minLength": 12, + "pattern": "([a-zA-Z0-9_\\\\.-]{1,150}/[a-z0-9]{26})|(arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\\\\.-]{1,150}/[a-z0-9]{26})", + "type": "string" + }, + "GroupArn": { + "description": "The Amazon resource name (ARN) of the ApplicationGroup for which the TagSyncTask is created", + "maxLength": 1600, + "minLength": 12, + "pattern": "arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\\.-]{1,150}/[a-z0-9]{26}", + "type": "string" + }, + "GroupName": { + "description": "The Name of the application group for which the TagSyncTask is created", + "maxLength": 300, + "minLength": 1, + "pattern": "[a-zA-Z0-9_\\.-]{1,150}/[a-z0-9]{26}", + "type": "string" + }, + "RoleArn": { + "description": "The Amazon resource name (ARN) of the role assumed by the service to tag and untag resources on your behalf.", + "maxLength": 2048, + "minLength": 20, + "pattern": "arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+", + "type": "string" + }, + "Status": { + "description": "The status of the TagSyncTask", + "enum": [ + "ACTIVE", + "ERROR" + ], + "type": "string" + }, + "TagKey": { + "description": "The tag key. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application.", + "maxLength": 128, + "minLength": 1, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + }, + "TagValue": { + "description": "The tag value. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application.", + "maxLength": 256, + "minLength": 0, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + }, + "TaskArn": { + "description": "The ARN of the TagSyncTask resource", + "maxLength": 1600, + "minLength": 12, + "pattern": "arn:aws(-[a-z]+)*:resource-groups(-(test|beta|gamma))?:[a-z]{2}(-[a-z]+)+-\\d{1}:[0-9]{12}:group/[a-zA-Z0-9_\\.-]{1,150}/[a-z0-9]{26}/tag-sync-task/[a-z0-9]{26}", + "type": "string" + } + }, + "propertyTransform": { + "/properties/Group": "$split(Group, \"/\")[1] & \"/\" & $split(Group, \"/\")[2] $OR Group" + }, + "readOnlyProperties": [ + "/properties/TaskArn", + "/properties/Status", + "/properties/GroupName", + "/properties/GroupArn" + ], + "required": [ + "Group", + "TagKey", + "TagValue", + "RoleArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::ResourceGroups::TagSyncTask" +} diff --git a/src/schema/aws-rolesanywhere-crl.json b/src/schema/aws-rolesanywhere-crl.json index 153de6a0..3274bf41 100644 --- a/src/schema/aws-rolesanywhere-crl.json +++ b/src/schema/aws-rolesanywhere-crl.json @@ -27,8 +27,7 @@ "create": { "permissions": [ "rolesanywhere:ImportCrl", - "rolesanywhere:TagResource", - "rolesanywhere:ListTagsForResource" + "rolesanywhere:TagResource" ] }, "delete": { @@ -98,6 +97,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "rolesanywhere:UntagResource", + "rolesanywhere:TagResource", + "rolesanywhere:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-rolesanywhere-profile.json b/src/schema/aws-rolesanywhere-profile.json index c1ed12b9..d20423d9 100644 --- a/src/schema/aws-rolesanywhere-profile.json +++ b/src/schema/aws-rolesanywhere-profile.json @@ -1,5 +1,8 @@ { "additionalProperties": false, + "createOnlyProperties": [ + "/properties/RequireInstanceProperties" + ], "definitions": { "AttributeMapping": { "additionalProperties": false, @@ -70,7 +73,6 @@ "iam:PassRole", "rolesanywhere:CreateProfile", "rolesanywhere:TagResource", - "rolesanywhere:ListTagsForResource", "rolesanywhere:PutAttributeMapping", "rolesanywhere:DeleteAttributeMapping" ] @@ -113,6 +115,9 @@ "/properties/ProfileId" ], "properties": { + "AcceptRoleSessionName": { + "type": "boolean" + }, "AttributeMappings": { "items": { "$ref": "#/definitions/AttributeMapping" @@ -176,10 +181,18 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "rolesanywhere:UntagResource", + "rolesanywhere:TagResource", + "rolesanywhere:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::RolesAnywhere::Profile" + "typeName": "AWS::RolesAnywhere::Profile", + "writeOnlyProperties": [ + "/properties/RequireInstanceProperties" + ] } diff --git a/src/schema/aws-rolesanywhere-trustanchor.json b/src/schema/aws-rolesanywhere-trustanchor.json index f7480e2f..e2f5f9e5 100644 --- a/src/schema/aws-rolesanywhere-trustanchor.json +++ b/src/schema/aws-rolesanywhere-trustanchor.json @@ -115,8 +115,7 @@ "permissions": [ "iam:CreateServiceLinkedRole", "rolesanywhere:CreateTrustAnchor", - "rolesanywhere:TagResource", - "rolesanywhere:ListTagsForResource" + "rolesanywhere:TagResource" ] }, "delete": { @@ -199,6 +198,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "rolesanywhere:UntagResource", + "rolesanywhere:TagResource", + "rolesanywhere:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-route53-cidrcollection.json b/src/schema/aws-route53-cidrcollection.json index becda42a..0567d1fd 100644 --- a/src/schema/aws-route53-cidrcollection.json +++ b/src/schema/aws-route53-cidrcollection.json @@ -30,7 +30,7 @@ "type": "object" } }, - "description": "Resource schema for AWS::Route53::CidrCollection.", + "description": "Resource Type definition for AWS::Route53::CidrCollection.", "handlers": { "create": { "permissions": [ @@ -41,7 +41,8 @@ "delete": { "permissions": [ "route53:DeleteCidrCollection", - "route53:ChangeCidrCollection" + "route53:ChangeCidrCollection", + "route53:ListCidrBlocks" ] }, "list": { diff --git a/src/schema/aws-route53-hostedzone.json b/src/schema/aws-route53-hostedzone.json index 407ac7a6..8df7d313 100644 --- a/src/schema/aws-route53-hostedzone.json +++ b/src/schema/aws-route53-hostedzone.json @@ -103,7 +103,6 @@ "permissions": [ "route53:GetHostedZone", "route53:ListHostedZones", - "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListTagsForResource" ] @@ -118,7 +117,9 @@ "update": { "permissions": [ "route53:GetChange", + "route53:GetHostedZone", "route53:ListTagsForResource", + "route53:ListQueryLoggingConfigs", "route53:UpdateHostedZoneComment", "route53:ChangeTagsForResource", "route53:AssociateVPCWithHostedZone", @@ -185,5 +186,16 @@ "/properties/NameServers" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "route53:ChangeTagsForResource", + "route53:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/HostedZoneTags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Route53::HostedZone" } diff --git a/src/schema/aws-route53profiles-profile.json b/src/schema/aws-route53profiles-profile.json index 99efd4e7..07195808 100644 --- a/src/schema/aws-route53profiles-profile.json +++ b/src/schema/aws-route53profiles-profile.json @@ -41,7 +41,8 @@ "permissions": [ "route53profiles:DeleteProfile", "route53profiles:GetProfile", - "route53profiles:UntagResource" + "route53profiles:UntagResource", + "route53profiles:ListTagsForResource" ] }, "list": { @@ -109,13 +110,14 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53profiles:TagResource", + "route53profiles:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::Route53Profiles::Profile", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Route53Profiles::Profile" } diff --git a/src/schema/aws-route53profiles-profileassociation.json b/src/schema/aws-route53profiles-profileassociation.json index ee77b8df..6c276bf2 100644 --- a/src/schema/aws-route53profiles-profileassociation.json +++ b/src/schema/aws-route53profiles-profileassociation.json @@ -36,14 +36,16 @@ "route53profiles:AssociateProfile", "route53profiles:GetProfileAssociation", "ec2:DescribeVpcs", - "route53profiles:TagResource" + "route53profiles:TagResource", + "route53profiles:ListTagsForResource" ] }, "delete": { "permissions": [ "route53profiles:DisassociateProfile", "route53profiles:GetProfileAssociation", - "route53profiles:UntagResource" + "route53profiles:UntagResource", + "route53profiles:ListTagsForResource" ] }, "list": { @@ -72,7 +74,7 @@ ], "properties": { "Arn": { - "description": "The Amazon Resource Name (ARN) of the profile association.", + "description": "The Amazon Resource Name (ARN) of the profile association.", "type": "string" }, "Id": { @@ -104,6 +106,7 @@ "readOnlyProperties": [ "/properties/Id" ], + "replacementStrategy": "delete_then_create", "required": [ "ResourceId", "ProfileId", @@ -111,6 +114,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53profiles:TagResource", + "route53profiles:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -118,7 +125,6 @@ }, "typeName": "AWS::Route53Profiles::ProfileAssociation", "writeOnlyProperties": [ - "/properties/Arn", - "/properties/Tags" + "/properties/Arn" ] } diff --git a/src/schema/aws-route53recoverycontrol-cluster.json b/src/schema/aws-route53recoverycontrol-cluster.json index 791f0a1c..ad2e9a38 100644 --- a/src/schema/aws-route53recoverycontrol-cluster.json +++ b/src/schema/aws-route53recoverycontrol-cluster.json @@ -67,6 +67,13 @@ "route53-recovery-control-config:DescribeCluster", "route53-recovery-control-config:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-control-config:UpdateCluster" + ] } }, "primaryIdentifier": [ @@ -94,6 +101,14 @@ "minLength": 1, "type": "string" }, + "NetworkType": { + "description": "Cluster supports IPv4 endpoints and Dual-stack IPv4 and IPv6 endpoints. NetworkType can be IPV4 or DUALSTACK.", + "enum": [ + "IPV4", + "DUALSTACK" + ], + "type": "string" + }, "Status": { "description": "Deployment status of a resource. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.", "enum": [ @@ -124,13 +139,15 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53-recovery-control.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53-recovery-control-config:TagResource", + "route53-recovery-control-config:UntagResource", + "route53-recovery-control-config:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, "taggable": true }, - "typeName": "AWS::Route53RecoveryControl::Cluster", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Route53RecoveryControl::Cluster" } diff --git a/src/schema/aws-route53recoverycontrol-controlpanel.json b/src/schema/aws-route53recoverycontrol-controlpanel.json index a7a1823a..7ef5332c 100644 --- a/src/schema/aws-route53recoverycontrol-controlpanel.json +++ b/src/schema/aws-route53recoverycontrol-controlpanel.json @@ -122,13 +122,15 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53-recovery-control.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53-recovery-control-config:TagResource", + "route53-recovery-control-config:UntagResource", + "route53-recovery-control-config:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::Route53RecoveryControl::ControlPanel", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Route53RecoveryControl::ControlPanel" } diff --git a/src/schema/aws-route53recoverycontrol-safetyrule.json b/src/schema/aws-route53recoverycontrol-safetyrule.json index 36af0233..ee401a6f 100644 --- a/src/schema/aws-route53recoverycontrol-safetyrule.json +++ b/src/schema/aws-route53recoverycontrol-safetyrule.json @@ -238,13 +238,15 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53-recovery-control.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53-recovery-control-config:TagResource", + "route53-recovery-control-config:UntagResource", + "route53-recovery-control-config:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::Route53RecoveryControl::SafetyRule", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Route53RecoveryControl::SafetyRule" } diff --git a/src/schema/aws-route53recoveryreadiness-cell.json b/src/schema/aws-route53recoveryreadiness-cell.json index 8e2eda83..d760023a 100644 --- a/src/schema/aws-route53recoveryreadiness-cell.json +++ b/src/schema/aws-route53recoveryreadiness-cell.json @@ -106,6 +106,17 @@ "/properties/ParentReadinessScopes" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-reoute53-recovery-readiness.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource", + "route53-recovery-readiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Route53RecoveryReadiness::Cell" } diff --git a/src/schema/aws-route53recoveryreadiness-readinesscheck.json b/src/schema/aws-route53recoveryreadiness-readinesscheck.json index 84b4fc71..2ad44949 100644 --- a/src/schema/aws-route53recoveryreadiness-readinesscheck.json +++ b/src/schema/aws-route53recoveryreadiness-readinesscheck.json @@ -98,6 +98,17 @@ "/properties/ReadinessCheckArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53-recovery-readiness.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource", + "route53-recovery-readiness:ListTagsForResources" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Route53RecoveryReadiness::ReadinessCheck" } diff --git a/src/schema/aws-route53recoveryreadiness-recoverygroup.json b/src/schema/aws-route53recoveryreadiness-recoverygroup.json index 746e6ee5..22d64e21 100644 --- a/src/schema/aws-route53recoveryreadiness-recoverygroup.json +++ b/src/schema/aws-route53recoveryreadiness-recoverygroup.json @@ -101,6 +101,17 @@ "/properties/RecoveryGroupArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53-recovery-readiness-readiness.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource", + "route53-recovery-readiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Route53RecoveryReadiness::RecoveryGroup" } diff --git a/src/schema/aws-route53recoveryreadiness-resourceset.json b/src/schema/aws-route53recoveryreadiness-resourceset.json index 37526fac..983e982f 100644 --- a/src/schema/aws-route53recoveryreadiness-resourceset.json +++ b/src/schema/aws-route53recoveryreadiness-resourceset.json @@ -213,6 +213,17 @@ "Resources" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53-recovery-readiness.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "route53-recovery-readiness:TagResource", + "route53-recovery-readiness:UntagResource", + "route53-recovery-readiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Route53RecoveryReadiness::ResourceSet" } diff --git a/src/schema/aws-route53resolver-firewalldomainlist.json b/src/schema/aws-route53resolver-firewalldomainlist.json index d9830855..b1e662d6 100644 --- a/src/schema/aws-route53resolver-firewalldomainlist.json +++ b/src/schema/aws-route53resolver-firewalldomainlist.json @@ -43,52 +43,42 @@ "handlers": { "create": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:CreateFirewallDomainList", + "route53resolver:GetFirewallDomainList", + "route53resolver:ImportFirewallDomains", + "route53resolver:UpdateFirewallDomains", + "route53resolver:TagResource", + "route53resolver:ListTagsForResource" ] }, "delete": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:GetFirewallDomainList", + "route53resolver:DeleteFirewallDomainList", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] }, "list": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:ListFirewallDomainLists", + "route53resolver:ListTagsForResource" ] }, "read": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:GetFirewallDomainList", + "route53resolver:ListTagsForResource" ] }, "update": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:GetFirewallDomainList", + "route53resolver:ImportFirewallDomains", + "route53resolver:UpdateFirewallDomains", + "route53resolver:TagResource", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] } }, @@ -192,6 +182,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53resolver:TagResource", + "route53resolver:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-route53resolver-firewallrulegroup.json b/src/schema/aws-route53resolver-firewallrulegroup.json index 36e79737..88086728 100644 --- a/src/schema/aws-route53resolver-firewallrulegroup.json +++ b/src/schema/aws-route53resolver-firewallrulegroup.json @@ -45,6 +45,23 @@ ], "type": "string" }, + "ConfidenceThreshold": { + "description": "FirewallDomainRedirectionAction", + "enum": [ + "LOW", + "MEDIUM", + "HIGH" + ], + "type": "string" + }, + "DnsThreatProtection": { + "description": "FirewallDomainRedirectionAction", + "enum": [ + "DGA", + "DNS_TUNNELING" + ], + "type": "string" + }, "FirewallDomainListId": { "description": "ResourceId", "maxLength": 64, @@ -59,6 +76,12 @@ ], "type": "string" }, + "FirewallThreatProtectionId": { + "description": "ResourceId", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, "Priority": { "description": "Rule Priority", "type": "integer" @@ -71,7 +94,6 @@ } }, "required": [ - "FirewallDomainListId", "Priority", "Action" ], @@ -105,52 +127,48 @@ "handlers": { "create": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:CreateFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroup", + "route53resolver:ListFirewallRules", + "route53resolver:CreateFirewallRule", + "route53resolver:DeleteFirewallRule", + "route53resolver:TagResource", + "route53resolver:ListTagsForResource" ] }, "delete": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:GetFirewallRuleGroup", + "route53resolver:DeleteFirewallRuleGroup", + "route53resolver:ListFirewallRules", + "route53resolver:DeleteFirewallRule", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] }, "list": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:ListFirewallRuleGroups", + "route53resolver:ListTagsForResource" ] }, "read": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:GetFirewallRuleGroup", + "route53resolver:ListFirewallRules", + "route53resolver:ListTagsForResource" ] }, "update": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:GetFirewallRuleGroup", + "route53resolver:ListFirewallRules", + "route53resolver:CreateFirewallRule", + "route53resolver:UpdateFirewallRule", + "route53resolver:DeleteFirewallRule", + "route53resolver:TagResource", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] } }, @@ -257,10 +275,15 @@ "/properties/ShareStatus", "/properties/CreatorRequestId", "/properties/CreationTime", - "/properties/ModificationTime" + "/properties/ModificationTime", + "/properties/FirewallRules/*/FirewallThreatProtectionId" ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53resolver:TagResource", + "route53resolver:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-route53resolver-firewallrulegroupassociation.json b/src/schema/aws-route53resolver-firewallrulegroupassociation.json index a25cd76a..0db11779 100644 --- a/src/schema/aws-route53resolver-firewallrulegroupassociation.json +++ b/src/schema/aws-route53resolver-firewallrulegroupassociation.json @@ -33,52 +33,40 @@ "handlers": { "create": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:AssociateFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:TagResource", + "route53resolver:ListTagsForResource", + "ec2:DescribeVpcs" ] }, "delete": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:DisassociateFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] }, "list": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:ListFirewallRuleGroupAssociations", + "route53resolver:ListTagsForResource" ] }, "read": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:ListTagsForResource" ] }, "update": { "permissions": [ - "route53resolver:*", - "ec2:*", - "logs:*", - "iam:*", - "lambda:*", - "s3:*" + "route53resolver:UpdateFirewallRuleGroupAssociation", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:TagResource", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] } }, @@ -194,6 +182,10 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53resolver:TagResource", + "route53resolver:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-route53resolver-outpostresolver.json b/src/schema/aws-route53resolver-outpostresolver.json index c2e47033..fd5f5786 100644 --- a/src/schema/aws-route53resolver-outpostresolver.json +++ b/src/schema/aws-route53resolver-outpostresolver.json @@ -34,8 +34,10 @@ "permissions": [ "route53resolver:CreateOutpostResolver", "route53resolver:GetOutpostResolver", + "route53resolver:ListOutpostResolvers", "route53resolver:ListTagsForResource", - "outposts:GetOutpost" + "outposts:GetOutpost", + "route53resolver:TagResource" ] }, "delete": { @@ -170,6 +172,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "route53resolver:TagResource", + "route53resolver:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-route53resolver-resolverqueryloggingconfig.json b/src/schema/aws-route53resolver-resolverqueryloggingconfig.json index b6dbbc5e..e3f8ffcf 100644 --- a/src/schema/aws-route53resolver-resolverqueryloggingconfig.json +++ b/src/schema/aws-route53resolver-resolverqueryloggingconfig.json @@ -2,8 +2,34 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Name", - "/properties/DestinationArn" + "/properties/DestinationArn", + "/properties/Tags" ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, "description": "Resource schema for AWS::Route53Resolver::ResolverQueryLoggingConfig.", "handlers": { "create": { @@ -20,7 +46,10 @@ "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "route53resolver:ListTagsForResource", + "route53resolver:TagResource", + "route53resolver:ListResolverQueryLogConfigs" ] }, "delete": { @@ -28,19 +57,24 @@ "resolverquerylogging:DeleteConfig", "resolverquerylogging:ListConfig", "route53resolver:DeleteResolverQueryLogConfig", - "route53resolver:ListResolverQueryLogConfigs" + "route53resolver:ListResolverQueryLogConfigs", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] }, "list": { "permissions": [ "resolverquerylogging:ListConfig", - "route53resolver:ListResolverQueryLogConfigs" + "route53resolver:ListResolverQueryLogConfigs", + "route53resolver:ListTagsForResource" ] }, "read": { "permissions": [ "resolverquerylogging:GetConfig", - "route53resolver:GetResolverQueryLogConfig" + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:ListTagsForResource", + "route53resolver:ListResolverQueryLogConfigs" ] } }, @@ -113,6 +147,15 @@ "FAILED" ], "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true } }, "readOnlyProperties": [ @@ -125,6 +168,16 @@ "/properties/CreationTime", "/properties/Id" ], - "taggable": false, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "route53resolver:TagResource", + "route53resolver:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::Route53Resolver::ResolverQueryLoggingConfig" } diff --git a/src/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json b/src/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json index aac1c0e9..eb268fa6 100644 --- a/src/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json +++ b/src/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json @@ -98,5 +98,8 @@ "/properties/CreationTime", "/properties/Id" ], + "tagging": { + "taggable": false + }, "typeName": "AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation" } diff --git a/src/schema/aws-route53resolver-resolverrule.json b/src/schema/aws-route53resolver-resolverrule.json index 7c236205..35f244f8 100644 --- a/src/schema/aws-route53resolver-resolverrule.json +++ b/src/schema/aws-route53resolver-resolverrule.json @@ -53,6 +53,12 @@ "DoH" ], "type": "string" + }, + "ServerNameIndication": { + "description": "The SNI of the target name servers for DoH/DoH-FIPS outbound endpoints", + "maxLength": 255, + "minLength": 0, + "type": "string" } }, "type": "object" @@ -130,7 +136,8 @@ "enum": [ "FORWARD", "SYSTEM", - "RECURSIVE" + "RECURSIVE", + "DELEGATE" ], "type": "string" }, @@ -161,12 +168,15 @@ "/properties/ResolverRuleId" ], "required": [ - "DomainName", "RuleType" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-route53resolver.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "route53resolver:TagResource", + "route53resolver:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-route53resolver-resolverruleassociation.json b/src/schema/aws-route53resolver-resolverruleassociation.json index 0c26a4dd..0f7c3dc3 100644 --- a/src/schema/aws-route53resolver-resolverruleassociation.json +++ b/src/schema/aws-route53resolver-resolverruleassociation.json @@ -22,7 +22,8 @@ }, "list": { "permissions": [ - "route53resolver:ListResolverRuleAssociations" + "route53resolver:ListResolverRuleAssociations", + "ec2:DescribeVpcs" ] }, "read": { diff --git a/src/schema/aws-rum-appmonitor.json b/src/schema/aws-rum-appmonitor.json index 92e1dd08..84d89ae2 100644 --- a/src/schema/aws-rum-appmonitor.json +++ b/src/schema/aws-rum-appmonitor.json @@ -95,6 +95,36 @@ ], "type": "string" }, + "DeobfuscationConfiguration": { + "additionalProperties": false, + "description": "A structure that contains the configuration for how an app monitor can deobfuscate stack traces.", + "properties": { + "JavaScriptSourceMaps": { + "additionalProperties": false, + "description": "A structure that contains the configuration for how an app monitor can unminify JavaScript error stack traces using source maps.", + "properties": { + "S3Uri": { + "description": "The S3Uri of the bucket or folder that stores the source map files. It is required if status is ENABLED.", + "pattern": "^s3://[a-z0-9][-.a-z0-9]{1,61}(?:/[-!_*'().a-z0-9A-Z]+(?:/[-!_*'().a-z0-9A-Z]+)*)?/?$", + "type": "string" + }, + "Status": { + "description": "Specifies whether JavaScript error stack traces should be unminified for this app monitor. The default is for JavaScript error stack trace unminification to be DISABLED", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + } + }, + "required": [ + "Status" + ], + "type": "object" + } + }, + "type": "object" + }, "FavoritePages": { "description": "List of favorite pages", "insertionOrder": false, @@ -209,6 +239,26 @@ "minItems": 0, "type": "array" }, + "ResourcePolicy": { + "additionalProperties": false, + "description": "A structure that defines resource policy attached to your app monitor.", + "properties": { + "PolicyDocument": { + "description": "The JSON to use as the resource policy. The document can be up to 4 KB in size. ", + "type": "string" + }, + "PolicyRevisionId": { + "description": "A string value that you can use to conditionally update your policy. You can provide the revision ID of your existing policy to make mutating requests against that policy. \n\n When you assign a policy revision ID, then later requests about that policy will be rejected with an InvalidPolicyRevisionIdException error if they don't provide the correct current revision ID.", + "maxLength": 255, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "PolicyDocument" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -287,7 +337,9 @@ "rum:PutRumMetricsDestination", "rum:BatchCreateRumMetricDefinitions", "rum:ListRumMetricsDestinations", - "rum:BatchGetRumMetricDefinitions" + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy" ] }, "delete": { @@ -304,7 +356,10 @@ "rum:DeleteRumMetricsDestination", "rum:BatchDeleteRumMetricDefinitions", "rum:ListRumMetricsDestinations", - "rum:BatchGetRumMetricDefinitions" + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy", + "rum:DeleteResourcePolicy" ] }, "list": { @@ -331,7 +386,8 @@ "s3:GetObjectAcl", "rum:ListTagsForResource", "rum:ListRumMetricsDestinations", - "rum:BatchGetRumMetricDefinitions" + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy" ] }, "update": { @@ -366,10 +422,25 @@ "rum:BatchCreateRumMetricDefinitions", "rum:BatchDeleteRumMetricDefinitions", "rum:BatchGetRumMetricDefinitions", - "rum:UpdateRumMetricDefinition" + "rum:UpdateRumMetricDefinition", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy", + "rum:DeleteResourcePolicy" ] } }, + "oneOf": [ + { + "required": [ + "Domain" + ] + }, + { + "required": [ + "DomainList" + ] + } + ], "primaryIdentifier": [ "/properties/Name" ], @@ -384,13 +455,28 @@ "description": "Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to CWLlong in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur CWLlong charges. If you omit this parameter, the default is false", "type": "boolean" }, + "DeobfuscationConfiguration": { + "$ref": "#/definitions/DeobfuscationConfiguration" + }, "Domain": { - "description": "The top-level internet domain name for which your application has administrative authority.", + "description": "The top-level internet domain name for which your application has administrative authority. The CreateAppMonitor requires either the domain or the domain list.", "maxLength": 253, "minLength": 1, "pattern": "^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\\*\\.)(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))", "type": "string" }, + "DomainList": { + "description": "The top-level internet domain names for which your application has administrative authority. The CreateAppMonitor requires either the domain or the domain list.", + "items": { + "maxLength": 253, + "minLength": 1, + "pattern": "^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\\*\\.)(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))", + "type": "string" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + }, "Id": { "description": "The unique ID of the new app monitor.", "maxLength": 36, @@ -405,6 +491,9 @@ "pattern": "[\\.\\-_/#A-Za-z0-9]+", "type": "string" }, + "ResourcePolicy": { + "$ref": "#/definitions/ResourcePolicy" + }, "Tags": { "$ref": "#/definitions/TagDef" } @@ -413,11 +502,19 @@ "/properties/Id" ], "required": [ - "Name", - "Domain" + "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rum:UntagResource", + "rum:TagResource", + "rum:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::RUM::AppMonitor" diff --git a/src/schema/aws-s3-accessgrant.json b/src/schema/aws-s3-accessgrant.json index 7c53df63..daee0fd8 100644 --- a/src/schema/aws-s3-accessgrant.json +++ b/src/schema/aws-s3-accessgrant.json @@ -82,12 +82,14 @@ }, "read": { "permissions": [ - "s3:GetAccessGrant" + "s3:GetAccessGrant", + "s3:ListTagsForResource" ] }, "update": { "permissions": [ - "s3:TagResource" + "s3:TagResource", + "s3:UntagResource" ] } }, @@ -167,8 +169,14 @@ "Permission", "AccessGrantsLocationId" ], - "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-s3", + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "s3:UntagResource", + "s3:TagResource", + "s3:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -176,7 +184,6 @@ }, "typeName": "AWS::S3::AccessGrant", "writeOnlyProperties": [ - "/properties/Tags", "/properties/S3PrefixType" ] } diff --git a/src/schema/aws-s3-accessgrantsinstance.json b/src/schema/aws-s3-accessgrantsinstance.json index c3b1e445..004684ea 100644 --- a/src/schema/aws-s3-accessgrantsinstance.json +++ b/src/schema/aws-s3-accessgrantsinstance.json @@ -34,12 +34,15 @@ "create": { "permissions": [ "s3:CreateAccessGrantsInstance", + "s3:AssociateAccessGrantsIdentityCenter", "s3:TagResource" ] }, "delete": { "permissions": [ - "s3:DeleteAccessGrantsInstance" + "s3:GetAccessGrantsInstance", + "s3:DeleteAccessGrantsInstance", + "s3:DissociateAccessGrantsIdentityCenter" ] }, "list": { @@ -49,12 +52,14 @@ }, "read": { "permissions": [ - "s3:GetAccessGrantsInstance" + "s3:GetAccessGrantsInstance", + "s3:ListTagsForResource" ] }, "update": { "permissions": [ - "s3:TagResource" + "s3:TagResource", + "s3:UntagResource" ] } }, @@ -96,13 +101,16 @@ "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-s3", "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "s3:UntagResource", + "s3:TagResource", + "s3:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::S3::AccessGrantsInstance", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::S3::AccessGrantsInstance" } diff --git a/src/schema/aws-s3-accessgrantslocation.json b/src/schema/aws-s3-accessgrantslocation.json index 4caa5309..c1e63aae 100644 --- a/src/schema/aws-s3-accessgrantslocation.json +++ b/src/schema/aws-s3-accessgrantslocation.json @@ -42,13 +42,15 @@ }, "read": { "permissions": [ - "s3:GetAccessGrantsLocation" + "s3:GetAccessGrantsLocation", + "s3:ListTagsForResource" ] }, "update": { "permissions": [ "s3:UpdateAccessGrantsLocation", "s3:TagResource", + "s3:UntagResource", "iam:PassRole" ] } @@ -98,13 +100,16 @@ "required": [], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-s3", "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "s3:UntagResource", + "s3:TagResource", + "s3:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::S3::AccessGrantsLocation", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::S3::AccessGrantsLocation" } diff --git a/src/schema/aws-s3-accesspoint.json b/src/schema/aws-s3-accesspoint.json index 9aaf316c..da63f95f 100644 --- a/src/schema/aws-s3-accesspoint.json +++ b/src/schema/aws-s3-accesspoint.json @@ -51,6 +51,7 @@ "permissions": [ "s3:CreateAccessPoint", "s3:PutAccessPointPolicy", + "s3:GetAccessPoint", "s3:PutAccessPointPublicAccessBlock" ] }, @@ -148,5 +149,8 @@ "Bucket" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-s3", + "tagging": { + "taggable": false + }, "typeName": "AWS::S3::AccessPoint" } diff --git a/src/schema/aws-s3-bucket.json b/src/schema/aws-s3-bucket.json index 398137d9..1f1e629c 100644 --- a/src/schema/aws-s3-bucket.json +++ b/src/schema/aws-s3-bucket.json @@ -283,7 +283,7 @@ }, "EncryptionConfiguration": { "additionalProperties": false, - "description": "Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.", + "description": "Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.\n If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester\u2019s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.", "properties": { "ReplicaKmsKeyID": { "description": "Specifies the ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.", @@ -483,6 +483,14 @@ }, "type": "array", "uniqueItems": true + }, + "TransitionDefaultMinimumObjectSize": { + "description": "Indicates which default minimum object size behavior is applied to the lifecycle configuration.\n This parameter applies to general purpose buckets only. It isn't supported for directory bucket lifecycle configurations.\n + ``all_storage_classes_128K`` - Objects smaller than 128 KB will not transition to any storage class by default.\n + ``varies_by_storage_class`` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB. \n \n To customize the minimum object size for any transition you can add a filter that specifies a custom ``ObjectSizeGreaterThan`` or ``ObjectSizeLessThan`` in the body of your transition rule. Custom filters always take precedence over the default transition behavior.", + "enum": [ + "varies_by_storage_class", + "all_storage_classes_128K" + ], + "type": "string" } }, "required": [ @@ -509,6 +517,20 @@ }, "type": "object" }, + "MetadataTableConfiguration": { + "additionalProperties": false, + "description": "The metadata table configuration of an S3 general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) and [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html).", + "properties": { + "S3TablesDestination": { + "$ref": "#/definitions/S3TablesDestination", + "description": "The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket." + } + }, + "required": [ + "S3TablesDestination" + ], + "type": "object" + }, "Metrics": { "additionalProperties": false, "description": "A container specifying replication metrics-related settings enabling replication metrics and events.", @@ -731,7 +753,7 @@ "description": "Amazon S3 keys for log objects are partitioned in the following format:\n ``[DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]`` \n PartitionedPrefix defaults to EventTime delivery when server access logs are delivered.", "properties": { "PartitionDateSource": { - "description": "Specifies the partition date source for the partitioned prefix. PartitionDateSource can be EventTime or DeliveryTime.", + "description": "Specifies the partition date source for the partitioned prefix. ``PartitionDateSource`` can be ``EventTime`` or ``DeliveryTime``.\n For ``DeliveryTime``, the time in the log file names corresponds to the delivery time for the log files. \n For ``EventTime``, The logs delivered are for a specific day only. The year, month, and day correspond to the day on which the event occurred, and the hour, minutes and seconds are set to 00 in the key.", "enum": [ "EventTime", "DeliveryTime" @@ -1207,36 +1229,43 @@ ], "type": "object" }, + "S3TablesDestination": { + "additionalProperties": false, + "description": "The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.", + "properties": { + "TableArn": { + "description": "The Amazon Resource Name (ARN) for the metadata table in the metadata table configuration. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.", + "type": "string" + }, + "TableBucketArn": { + "description": "The Amazon Resource Name (ARN) for the table bucket that's specified as the destination in the metadata table configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket.", + "type": "string" + }, + "TableName": { + "description": "The name for the metadata table in your metadata table configuration. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.", + "type": "string" + }, + "TableNamespace": { + "description": "The table bucket namespace for the metadata table in your metadata table configuration. This value is always ``aws_s3_metadata``.", + "type": "string" + } + }, + "required": [ + "TableBucketArn", + "TableName" + ], + "type": "object" + }, "ServerSideEncryptionByDefault": { "additionalProperties": false, - "description": "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*.", + "description": "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html).\n + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. \n + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. \n + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.", "properties": { "KMSMasterKeyID": { - "anyOf": [ - { - "relationshipRef": { - "propertyPath": "/properties/KeyId", - "typeName": "AWS::KMS::Key" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/Arn", - "typeName": "AWS::KMS::Key" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/AliasName", - "typeName": "AWS::KMS::Alias" - } - } - ], - "description": "AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.", + "description": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. \n + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.\n \n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester\u2019s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.\n \n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.", "type": "string" }, "SSEAlgorithm": { - "description": "Server-side encryption algorithm to use for the default encryption.", + "description": "Server-side encryption algorithm to use for the default encryption.\n For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``.", "enum": [ "aws:kms", "AES256", @@ -1252,7 +1281,7 @@ }, "ServerSideEncryptionRule": { "additionalProperties": false, - "description": "Specifies the default server-side encryption configuration.", + "description": "Specifies the default server-side encryption configuration.\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester\u2019s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.\n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.", "properties": { "BucketKeyEnabled": { "description": "Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the ``BucketKeyEnabled`` element to ``true`` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.\n For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide*.", @@ -1333,7 +1362,7 @@ }, "TagFilter": { "additionalProperties": false, - "description": "Specifies tags to use to identify a subset of objects for an Amazon S3 bucket.", + "description": "Specifies tags to use to identify a subset of objects for an Amazon S3 bucket. For more information, see [Categorizing your storage using tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html) in the *Amazon Simple Storage Service User Guide*.", "properties": { "Key": { "description": "The tag key.", @@ -1448,7 +1477,7 @@ "description": "Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC." }, "TransitionInDays": { - "description": "Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.", + "description": "Indicates the number of days after creation when objects are transitioned to the specified storage class. If the specified storage class is ``INTELLIGENT_TIERING``, ``GLACIER_IR``, ``GLACIER``, or ``DEEP_ARCHIVE``, valid values are ``0`` or positive integers. If the specified storage class is ``STANDARD_IA`` or ``ONEZONE_IA``, valid values are positive integers greater than ``30``. Be aware that some storage classes have a minimum storage duration and that you're charged for transitioning objects before their minimum storage duration. For more information, see [Constraints and considerations for transitions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html#lifecycle-configuration-constraints) in the *Amazon S3 User Guide*.", "type": "integer" } }, @@ -1459,7 +1488,7 @@ }, "VersioningConfiguration": { "additionalProperties": false, - "description": "Describes the versioning state of an Amazon S3 bucket. For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference*.", + "description": "Describes the versioning state of an Amazon S3 bucket. For more information, see [PUT Bucket versioning](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) in the *Amazon S3 API Reference*.\n When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket.", "properties": { "Status": { "default": "Suspended", @@ -1537,7 +1566,15 @@ "s3:PutBucketVersioning", "s3:PutObjectLockConfiguration", "s3:PutBucketOwnershipControls", - "s3:PutIntelligentTieringConfiguration" + "s3:PutIntelligentTieringConfiguration", + "s3:GetBucketMetadataTableConfiguration", + "s3:CreateBucketMetadataTableConfiguration", + "s3tables:CreateNamespace", + "s3tables:CreateTable", + "s3tables:GetTable", + "s3tables:PutTablePolicy", + "s3tables:GetTableMetadataLocation", + "s3tables:UpdateTableMetadataLocation" ] }, "delete": { @@ -1571,6 +1608,7 @@ "s3:GetBucketTagging", "s3:GetBucketOwnershipControls", "s3:GetIntelligentTieringConfiguration", + "s3:GetBucketMetadataTableConfiguration", "s3:ListBucket" ] }, @@ -1588,6 +1626,15 @@ "s3:PutBucketReplication", "s3:PutBucketWebsite", "s3:PutAccelerateConfiguration", + "s3:GetBucketMetadataTableConfiguration", + "s3:DeleteBucketMetadataTableConfiguration", + "s3:CreateBucketMetadataTableConfiguration", + "s3tables:CreateNamespace", + "s3tables:CreateTable", + "s3tables:GetTable", + "s3tables:PutTablePolicy", + "s3tables:GetTableMetadataLocation", + "s3tables:UpdateTableMetadataLocation", "s3:PutBucketPublicAccessBlock", "s3:PutReplicationConfiguration", "s3:PutBucketOwnershipControls", @@ -1651,7 +1698,7 @@ "description": "Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*." }, "BucketName": { - "description": "A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", + "description": "A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) in the *Amazon S3 User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", "type": "string" }, "CorsConfiguration": { @@ -1698,6 +1745,10 @@ "$ref": "#/definitions/LoggingConfiguration", "description": "Settings that define where logs are stored." }, + "MetadataTableConfiguration": { + "$ref": "#/definitions/MetadataTableConfiguration", + "description": "The metadata table configuration of an S3 general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) and [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html)." + }, "MetricsConfigurations": { "description": "Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html).", "insertionOrder": true, @@ -1713,7 +1764,7 @@ }, "ObjectLockConfiguration": { "$ref": "#/definitions/ObjectLockConfiguration", - "description": "This operation is not supported by directory buckets.\n Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). \n + The ``DefaultRetention`` settings require both a mode and a period.\n + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time.\n + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html)." + "description": "This operation is not supported for directory buckets.\n Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). \n + The ``DefaultRetention`` settings require both a mode and a period.\n + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time.\n + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html)." }, "ObjectLockEnabled": { "description": "Indicates whether this bucket has an Object Lock configuration enabled. Enable ``ObjectLockEnabled`` when you apply ``ObjectLockConfiguration`` to a bucket.", @@ -1748,7 +1799,7 @@ }, "VersioningConfiguration": { "$ref": "#/definitions/VersioningConfiguration", - "description": "Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them." + "description": "Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.\n When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket." }, "WebsiteConfiguration": { "$ref": "#/definitions/WebsiteConfiguration", @@ -1774,10 +1825,17 @@ "/properties/DomainName", "/properties/DualStackDomainName", "/properties/RegionalDomainName", + "/properties/MetadataTableConfiguration/S3TablesDestination/TableNamespace", + "/properties/MetadataTableConfiguration/S3TablesDestination/TableArn", "/properties/WebsiteURL" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "s3:PutBucketTagging", + "s3:GetBucketTagging", + "s3:DeleteBucketTagging" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-s3-bucketpolicy.json b/src/schema/aws-s3-bucketpolicy.json index c20f8372..3bc15f7d 100644 --- a/src/schema/aws-s3-bucketpolicy.json +++ b/src/schema/aws-s3-bucketpolicy.json @@ -3,7 +3,7 @@ "createOnlyProperties": [ "/properties/Bucket" ], - "description": "Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS-account that owns the bucket, the calling identity must have the ``PutBucketPolicy`` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.\n If you don't have ``PutBucketPolicy`` permissions, Amazon S3 returns a ``403 Access Denied`` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a ``405 Method Not Allowed`` error.\n As a security precaution, the root user of the AWS-account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action. \n For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).\n The following operations are related to ``PutBucketPolicy``:\n + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) \n + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)", + "description": "Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS-account that owns the bucket, the calling identity must have the ``PutBucketPolicy`` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.\n If you don't have ``PutBucketPolicy`` permissions, Amazon S3 returns a ``403 Access Denied`` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a ``405 Method Not Allowed`` error.\n As a security precaution, the root user of the AWS-account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action. \n When using the ``AWS::S3::BucketPolicy`` resource, you can create, update, and delete bucket policies for S3 buckets located in regions different from the stack's region. This cross-region bucket policy modification functionality is supported for backward compatibility with existing workflows.\n If the [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) is not specified or set to ``Delete``, the bucket policy will be removed when the stack is deleted. If set to ``Retain``, the bucket policy will be preserved even after the stack is deleted.\n For example, a CloudFormation stack in ``us-east-1`` can use the ``AWS::S3::BucketPolicy`` resource to manage the bucket policy for an S3 bucket in ``us-west-2``. The retention or removal of the bucket policy during the stack deletion is determined by the ``DeletionPolicy`` attribute specified in the stack template.\n For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).\n The following operations are related to ``PutBucketPolicy``:\n + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) \n + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)", "handlers": { "create": { "permissions": [ diff --git a/src/schema/aws-s3-multiregionaccesspoint.json b/src/schema/aws-s3-multiregionaccesspoint.json index 7d0d746a..e3033a1a 100644 --- a/src/schema/aws-s3-multiregionaccesspoint.json +++ b/src/schema/aws-s3-multiregionaccesspoint.json @@ -122,5 +122,8 @@ "required": [ "Regions" ], + "tagging": { + "taggable": false + }, "typeName": "AWS::S3::MultiRegionAccessPoint" } diff --git a/src/schema/aws-s3-multiregionaccesspointpolicy.json b/src/schema/aws-s3-multiregionaccesspointpolicy.json index 40dbfc53..c9494aaf 100644 --- a/src/schema/aws-s3-multiregionaccesspointpolicy.json +++ b/src/schema/aws-s3-multiregionaccesspointpolicy.json @@ -75,5 +75,8 @@ "Policy", "MrapName" ], + "tagging": { + "taggable": false + }, "typeName": "AWS::S3::MultiRegionAccessPointPolicy" } diff --git a/src/schema/aws-s3express-directorybucket.json b/src/schema/aws-s3express-directorybucket.json index ee120999..da3af01c 100644 --- a/src/schema/aws-s3express-directorybucket.json +++ b/src/schema/aws-s3express-directorybucket.json @@ -6,17 +6,162 @@ "/properties/DataRedundancy" ], "definitions": { + "AbortIncompleteMultipartUpload": { + "additionalProperties": false, + "description": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.", + "properties": { + "DaysAfterInitiation": { + "description": "Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "DaysAfterInitiation" + ], + "type": "object" + }, "Arn": { "description": "The Amazon Resource Name (ARN) of the specified bucket.", "type": "string" + }, + "BucketEncryption": { + "additionalProperties": false, + "description": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS).", + "properties": { + "ServerSideEncryptionConfiguration": { + "description": "Specifies the default server-side-encryption configuration.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ServerSideEncryptionRule" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "ServerSideEncryptionConfiguration" + ], + "type": "object" + }, + "LifecycleConfiguration": { + "additionalProperties": false, + "properties": { + "Rules": { + "description": "A lifecycle rule for individual objects in an Amazon S3 Express bucket.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/Rule" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "Rules" + ], + "type": "object" + }, + "Rule": { + "additionalProperties": false, + "description": "You must specify at least one of the following properties: AbortIncompleteMultipartUpload, or ExpirationInDays.", + "properties": { + "AbortIncompleteMultipartUpload": { + "$ref": "#/definitions/AbortIncompleteMultipartUpload" + }, + "ExpirationInDays": { + "type": "integer" + }, + "Id": { + "maxLength": 255, + "type": "string" + }, + "ObjectSizeGreaterThan": { + "maxLength": 20, + "pattern": "[0-9]+", + "type": "string" + }, + "ObjectSizeLessThan": { + "maxLength": 20, + "pattern": "[0-9]+", + "type": "string" + }, + "Prefix": { + "type": "string" + }, + "Status": { + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string" + } + }, + "required": [ + "Status" + ], + "type": "object" + }, + "ServerSideEncryptionByDefault": { + "additionalProperties": false, + "description": "Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.", + "properties": { + "KMSMasterKeyID": { + "anyOf": [ + { + "relationshipRef": { + "propertyPath": "/properties/KeyId", + "typeName": "AWS::KMS::Key" + } + }, + { + "relationshipRef": { + "propertyPath": "/properties/Arn", + "typeName": "AWS::KMS::Key" + } + } + ], + "description": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. This parameter is allowed only if SSEAlgorithm is set to aws:kms. You can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key", + "type": "string" + }, + "SSEAlgorithm": { + "enum": [ + "aws:kms", + "AES256" + ], + "type": "string" + } + }, + "required": [ + "SSEAlgorithm" + ], + "type": "object" + }, + "ServerSideEncryptionRule": { + "additionalProperties": false, + "description": "Specifies the default server-side encryption configuration.", + "properties": { + "BucketKeyEnabled": { + "description": "Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Amazon S3 Express One Zone uses an S3 Bucket Key with SSE-KMS and S3 Bucket Key cannot be disabled. It's only allowed to set the BucketKeyEnabled element to true.", + "type": "boolean" + }, + "ServerSideEncryptionByDefault": { + "$ref": "#/definitions/ServerSideEncryptionByDefault" + } + }, + "type": "object" } }, "description": "Resource Type definition for AWS::S3Express::DirectoryBucket.", "handlers": { "create": { "permissions": [ + "kms:GenerateDataKey", + "kms:Decrypt", "s3express:CreateBucket", - "s3express:ListAllMyDirectoryBuckets" + "s3express:ListAllMyDirectoryBuckets", + "s3express:PutEncryptionConfiguration", + "s3express:PutLifecycleConfiguration" ] }, "delete": { @@ -32,7 +177,18 @@ }, "read": { "permissions": [ - "s3express:ListAllMyDirectoryBuckets" + "s3express:ListAllMyDirectoryBuckets", + "ec2:DescribeAvailabilityZones", + "s3express:GetEncryptionConfiguration", + "s3express:GetLifecycleConfiguration" + ] + }, + "update": { + "permissions": [ + "kms:GenerateDataKey", + "kms:Decrypt", + "s3express:PutEncryptionConfiguration", + "s3express:PutLifecycleConfiguration" ] } }, @@ -47,26 +203,42 @@ "arn:aws:s3express:us-west-2:123456789123:bucket/DOC-EXAMPLE-BUCKET--usw2-az1--x-s3" ] }, + "AvailabilityZoneName": { + "description": "Returns the code for the Availability Zone or Local Zone where the directory bucket was created. An example for the code of an Availability Zone is 'us-east-1f'.", + "examples": [ + "us-east-1f" + ], + "type": "string" + }, + "BucketEncryption": { + "$ref": "#/definitions/BucketEncryption" + }, "BucketName": { - "description": "Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format 'bucket_base_name--az_id--x-s3' (for example, 'DOC-EXAMPLE-BUCKET--usw2-az1--x-s3'). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name.", + "description": "Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone or Local Zone. The bucket name must also follow the format 'bucket_base_name--zone_id--x-s3'. The zone_id can be the ID of an Availability Zone or a Local Zone. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name.", "maxLength": 63, "pattern": "^[a-z0-9][a-z0-9//.//-]*[a-z0-9]$", "type": "string" }, "DataRedundancy": { - "description": "Specifies the number of Availability Zone that's used for redundancy for the bucket.", + "description": "Specifies the number of Availability Zone or Local Zone that's used for redundancy for the bucket.", "enum": [ - "SingleAvailabilityZone" + "SingleAvailabilityZone", + "SingleLocalZone" ], "type": "string" }, + "LifecycleConfiguration": { + "$ref": "#/definitions/LifecycleConfiguration", + "description": "Lifecycle rules that define how Amazon S3 Express manages objects during their lifetime." + }, "LocationName": { - "description": "Specifies the AZ ID of the Availability Zone where the directory bucket will be created. An example AZ ID value is 'use1-az5'.", + "description": "Specifies the Zone ID of the Availability Zone or Local Zone where the directory bucket will be created. An example Availability Zone ID value is 'use1-az5'.", "type": "string" } }, "readOnlyProperties": [ - "/properties/Arn" + "/properties/Arn", + "/properties/AvailabilityZoneName" ], "required": [ "LocationName", diff --git a/src/schema/aws-s3tables-tablebucket.json b/src/schema/aws-s3tables-tablebucket.json new file mode 100644 index 00000000..2b01ca96 --- /dev/null +++ b/src/schema/aws-s3tables-tablebucket.json @@ -0,0 +1,136 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/TableBucketName" + ], + "definitions": { + "EncryptionConfiguration": { + "additionalProperties": false, + "description": "Specifies encryption settings for the table bucket", + "properties": { + "KMSKeyArn": { + "description": "ARN of the KMS key to use for encryption", + "type": "string" + }, + "SSEAlgorithm": { + "description": "Server-side encryption algorithm", + "enum": [ + "AES256", + "aws:kms" + ], + "type": "string" + } + }, + "type": "object" + }, + "TableBucketARN": { + "description": "The Amazon Resource Name (ARN) of the specified table bucket.", + "examples": [ + "arn:aws:s3tables:us-west-2:123456789012:bucket/mytablebucket" + ], + "type": "string" + }, + "TableBucketName": { + "description": "A name for the table bucket.", + "maxLength": 63, + "minLength": 3, + "type": "string" + }, + "UnreferencedFileRemoval": { + "additionalProperties": false, + "description": "Settings governing the Unreferenced File Removal maintenance action. Unreferenced file removal identifies and deletes all objects that are not referenced by any table snapshots.", + "properties": { + "NoncurrentDays": { + "description": "S3 permanently deletes noncurrent objects after the number of days specified by the NoncurrentDays property.", + "minimum": 1, + "type": "integer" + }, + "Status": { + "description": "Indicates whether the Unreferenced File Removal maintenance action is enabled.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string" + }, + "UnreferencedDays": { + "description": "For any object not referenced by your table and older than the UnreferencedDays property, S3 creates a delete marker and marks the object version as noncurrent.", + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + } + }, + "description": "Creates an Amazon S3 Tables table bucket in the same AWS Region where you create the AWS CloudFormation stack.", + "handlers": { + "create": { + "permissions": [ + "s3tables:CreateTableBucket", + "s3tables:PutTableBucketMaintenanceConfiguration", + "s3tables:PutTableBucketEncryption", + "s3tables:GetTableBucket", + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption", + "kms:DescribeKey" + ] + }, + "delete": { + "permissions": [ + "s3tables:DeleteTableBucket" + ] + }, + "list": { + "permissions": [ + "s3tables:ListTableBuckets" + ] + }, + "read": { + "permissions": [ + "s3tables:GetTableBucket", + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption" + ] + }, + "update": { + "permissions": [ + "s3tables:PutTableBucketMaintenanceConfiguration", + "s3tables:PutTableBucketEncryption", + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption", + "s3tables:GetTableBucket", + "kms:DescribeKey" + ] + } + }, + "primaryIdentifier": [ + "/properties/TableBucketARN" + ], + "properties": { + "EncryptionConfiguration": { + "$ref": "#/definitions/EncryptionConfiguration" + }, + "TableBucketARN": { + "$ref": "#/definitions/TableBucketARN" + }, + "TableBucketName": { + "$ref": "#/definitions/TableBucketName" + }, + "UnreferencedFileRemoval": { + "$ref": "#/definitions/UnreferencedFileRemoval" + } + }, + "readOnlyProperties": [ + "/properties/TableBucketARN" + ], + "required": [ + "TableBucketName" + ], + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::S3Tables::TableBucket" +} diff --git a/src/schema/aws-s3tables-tablebucketpolicy.json b/src/schema/aws-s3tables-tablebucketpolicy.json new file mode 100644 index 00000000..fbf184a3 --- /dev/null +++ b/src/schema/aws-s3tables-tablebucketpolicy.json @@ -0,0 +1,77 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/TableBucketARN" + ], + "definitions": { + "ResourcePolicy": { + "description": "A policy document containing permissions to add to the specified table bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM.", + "type": [ + "object", + "string" + ] + }, + "TableBucketARN": { + "description": "The Amazon Resource Name (ARN) of the table bucket to which the policy applies.", + "examples": [ + "arn:aws:s3tables:us-west-2:123456789012:bucket/mytablebucket" + ], + "type": "string" + } + }, + "description": "Applies an IAM resource policy to a table bucket.", + "handlers": { + "create": { + "permissions": [ + "s3tables:GetTableBucket", + "s3tables:GetTableBucketPolicy", + "s3tables:PutTableBucketPolicy" + ] + }, + "delete": { + "permissions": [ + "s3tables:GetTableBucketPolicy", + "s3tables:DeleteTableBucketPolicy" + ] + }, + "list": { + "permissions": [ + "s3tables:GetTableBucketPolicy", + "s3tables:ListTableBuckets" + ] + }, + "read": { + "permissions": [ + "s3tables:GetTableBucketPolicy" + ] + }, + "update": { + "permissions": [ + "s3tables:GetTableBucketPolicy", + "s3tables:PutTableBucketPolicy" + ] + } + }, + "primaryIdentifier": [ + "/properties/TableBucketARN" + ], + "properties": { + "ResourcePolicy": { + "$ref": "#/definitions/ResourcePolicy" + }, + "TableBucketARN": { + "$ref": "#/definitions/TableBucketARN" + } + }, + "required": [ + "ResourcePolicy", + "TableBucketARN" + ], + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::S3Tables::TableBucketPolicy" +} diff --git a/src/schema/aws-sagemaker-cluster.json b/src/schema/aws-sagemaker-cluster.json new file mode 100644 index 00000000..d948d190 --- /dev/null +++ b/src/schema/aws-sagemaker-cluster.json @@ -0,0 +1,405 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/ClusterName" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ClusterName", + "/properties/VpcConfig", + "/properties/Orchestrator", + "/properties/InstanceGroups/*/OverrideVpcConfig", + "/properties/InstanceGroups/*/ExecutionRole", + "/properties/InstanceGroups/*/InstanceGroupName", + "/properties/InstanceGroups/*/InstanceType", + "/properties/InstanceGroups/*/ThreadsPerCore" + ], + "definitions": { + "ClusterEbsVolumeConfig": { + "additionalProperties": false, + "description": "Defines the configuration for attaching additional Amazon Elastic Block Store (EBS) volumes to the instances in the SageMaker HyperPod cluster instance group. The additional EBS volume is attached to each instance within the SageMaker HyperPod cluster instance group and mounted to /opt/sagemaker.", + "properties": { + "VolumeSizeInGB": { + "description": "The size in gigabytes (GB) of the additional EBS volume to be attached to the instances in the SageMaker HyperPod cluster instance group. The additional EBS volume is attached to each instance within the SageMaker HyperPod cluster instance group and mounted to /opt/sagemaker.", + "maximum": 16384, + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, + "ClusterInstanceGroup": { + "additionalProperties": false, + "description": "Details of an instance group in a SageMaker HyperPod cluster.", + "properties": { + "CurrentCount": { + "description": "The number of instances that are currently in the instance group of a SageMaker HyperPod cluster.", + "minimum": 0, + "type": "integer" + }, + "ExecutionRole": { + "$ref": "#/definitions/ExecutionRole" + }, + "InstanceCount": { + "description": "The number of instances you specified to add to the instance group of a SageMaker HyperPod cluster.", + "minimum": 0, + "type": "integer" + }, + "InstanceGroupName": { + "$ref": "#/definitions/InstanceGroupName" + }, + "InstanceStorageConfigs": { + "$ref": "#/definitions/ClusterInstanceStorageConfigs" + }, + "InstanceType": { + "$ref": "#/definitions/InstanceType" + }, + "LifeCycleConfig": { + "$ref": "#/definitions/ClusterLifeCycleConfig" + }, + "OnStartDeepHealthChecks": { + "$ref": "#/definitions/OnStartDeepHealthChecks" + }, + "OverrideVpcConfig": { + "$ref": "#/definitions/VpcConfig" + }, + "ThreadsPerCore": { + "description": "The number you specified to TreadsPerCore in CreateCluster for enabling or disabling multithreading. For instance types that support multithreading, you can specify 1 for disabling multithreading and 2 for enabling multithreading.", + "maximum": 2, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "ExecutionRole", + "InstanceCount", + "InstanceGroupName", + "InstanceType", + "LifeCycleConfig" + ], + "type": "object" + }, + "ClusterInstanceGroupsList": { + "description": "The instance groups of the SageMaker HyperPod cluster.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ClusterInstanceGroup" + }, + "minItems": 1, + "type": "array" + }, + "ClusterInstanceStorageConfig": { + "description": "Defines the configuration for attaching additional storage to the instances in the SageMaker HyperPod cluster instance group.", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "EbsVolumeConfig": { + "$ref": "#/definitions/ClusterEbsVolumeConfig" + } + }, + "type": "object" + } + ], + "type": "object" + }, + "ClusterInstanceStorageConfigs": { + "description": "The instance storage configuration for the instance group.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/ClusterInstanceStorageConfig" + }, + "maxItems": 1, + "type": "array" + }, + "ClusterLifeCycleConfig": { + "additionalProperties": false, + "description": "The lifecycle configuration for a SageMaker HyperPod cluster.", + "properties": { + "OnCreate": { + "description": "The file name of the entrypoint script of lifecycle scripts under SourceS3Uri. This entrypoint script runs during cluster creation.", + "maxLength": 128, + "minLength": 1, + "pattern": "^[\\S\\s]+$", + "type": "string" + }, + "SourceS3Uri": { + "description": "An Amazon S3 bucket path where your lifecycle scripts are stored.", + "maxLength": 1024, + "pattern": "^(https|s3)://([^/]+)/?(.*)$", + "type": "string" + } + }, + "required": [ + "OnCreate", + "SourceS3Uri" + ], + "type": "object" + }, + "ClusterOrchestratorEksConfig": { + "additionalProperties": false, + "description": "Specifies parameter(s) related to EKS as orchestrator, e.g. the EKS cluster nodes will attach to,", + "properties": { + "ClusterArn": { + "description": "The ARN of the EKS cluster, such as arn:aws:eks:us-west-2:123456789012:cluster/my-eks-cluster", + "type": "string" + } + }, + "required": [ + "ClusterArn" + ], + "type": "object" + }, + "DeepHealthCheckType": { + "description": "The type of deep health check(s) to be performed on the instances in the SageMaker HyperPod cluster instance group.", + "enum": [ + "InstanceStress", + "InstanceConnectivity" + ], + "type": "string" + }, + "ExecutionRole": { + "description": "The execution role for the instance group to assume.", + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$", + "type": "string" + }, + "InstanceGroupName": { + "description": "The name of the instance group of a SageMaker HyperPod cluster.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", + "type": "string" + }, + "InstanceType": { + "description": "The instance type of the instance group of a SageMaker HyperPod cluster.", + "type": "string" + }, + "OnStartDeepHealthChecks": { + "description": "Nodes will undergo advanced stress test to detect and replace faulty instances, based on the type of deep health check(s) passed in.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/DeepHealthCheckType" + }, + "type": "array" + }, + "Orchestrator": { + "additionalProperties": false, + "description": "Specifies parameter(s) specific to the orchestrator, e.g. specify the EKS cluster.", + "properties": { + "Eks": { + "$ref": "#/definitions/ClusterOrchestratorEksConfig" + } + }, + "required": [ + "Eks" + ], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "VpcConfig": { + "additionalProperties": false, + "description": "Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC.", + "properties": { + "SecurityGroupIds": { + "description": "The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security groups for the VPC that is specified in the Subnets field.", + "insertionOrder": false, + "items": { + "maxLength": 32, + "pattern": "[-0-9a-zA-Z]+", + "type": "string" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + }, + "Subnets": { + "description": "The ID of the subnets in the VPC to which you want to connect your training job or model.", + "insertionOrder": false, + "items": { + "maxLength": 32, + "pattern": "[-0-9a-zA-Z]+", + "type": "string" + }, + "maxItems": 16, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "SecurityGroupIds", + "Subnets" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::SageMaker::Cluster", + "handlers": { + "create": { + "permissions": [ + "sagemaker:CreateCluster", + "sagemaker:DescribeCluster", + "sagemaker:AddTags", + "sagemaker:ListTags", + "eks:DescribeAccessEntry", + "eks:DescribeCluster", + "eks:CreateAccessEntry", + "eks:DeleteAccessEntry", + "eks:AssociateAccessPolicy", + "iam:CreateServiceLinkedRole", + "iam:PassRole" + ], + "timeoutInMinutes": 720 + }, + "delete": { + "permissions": [ + "sagemaker:DeleteCluster", + "sagemaker:DescribeCluster", + "eks:DescribeAccessEntry", + "eks:DeleteAccessEntry" + ], + "timeoutInMinutes": 720 + }, + "list": { + "permissions": [ + "sagemaker:ListClusters" + ] + }, + "read": { + "permissions": [ + "sagemaker:DescribeCluster", + "sagemaker:ListTags" + ] + }, + "update": { + "permissions": [ + "sagemaker:UpdateCluster", + "sagemaker:DescribeCluster", + "sagemaker:ListTags", + "sagemaker:AddTags", + "sagemaker:DeleteTags", + "eks:DescribeAccessEntry", + "eks:DescribeCluster", + "eks:CreateAccessEntry", + "eks:DeleteAccessEntry", + "iam:PassRole" + ], + "timeoutInMinutes": 720 + } + }, + "primaryIdentifier": [ + "/properties/ClusterArn" + ], + "properties": { + "ClusterArn": { + "description": "The Amazon Resource Name (ARN) of the HyperPod Cluster.", + "maxLength": 256, + "pattern": "^arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:cluster/[a-z0-9]{12}$", + "type": "string" + }, + "ClusterName": { + "description": "The name of the HyperPod Cluster.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$", + "type": "string" + }, + "ClusterStatus": { + "description": "The status of the HyperPod Cluster.", + "enum": [ + "Creating", + "Deleting", + "Failed", + "InService", + "RollingBack", + "SystemUpdating", + "Updating" + ], + "type": "string" + }, + "CreationTime": { + "description": "The time at which the HyperPod cluster was created.", + "type": "string" + }, + "FailureMessage": { + "description": "The failure message of the HyperPod Cluster.", + "type": "string" + }, + "InstanceGroups": { + "$ref": "#/definitions/ClusterInstanceGroupsList" + }, + "NodeRecovery": { + "description": "If node auto-recovery is set to true, faulty nodes will be replaced or rebooted when a failure is detected. If set to false, nodes will be labelled when a fault is detected.", + "enum": [ + "Automatic", + "None" + ], + "type": "string" + }, + "Orchestrator": { + "$ref": "#/definitions/Orchestrator" + }, + "Tags": { + "description": "Custom tags for managing the SageMaker HyperPod cluster as an AWS resource. You can add tags to your cluster in the same way you add them in other AWS services that support tagging.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array", + "uniqueItems": true + }, + "VpcConfig": { + "$ref": "#/definitions/VpcConfig" + } + }, + "readOnlyProperties": [ + "/properties/ClusterArn", + "/properties/CreationTime", + "/properties/ClusterStatus", + "/properties/FailureMessage", + "/properties/InstanceGroups/*/CurrentCount" + ], + "required": [ + "InstanceGroups" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::SageMaker::Cluster" +} diff --git a/src/schema/aws-sagemaker-dataqualityjobdefinition.json b/src/schema/aws-sagemaker-dataqualityjobdefinition.json index b7dff15e..0747107d 100644 --- a/src/schema/aws-sagemaker-dataqualityjobdefinition.json +++ b/src/schema/aws-sagemaker-dataqualityjobdefinition.json @@ -493,6 +493,7 @@ "sagemaker:CreateDataQualityJobDefinition", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:AddTags", + "sagemaker:ListTags", "iam:PassRole" ] }, @@ -509,7 +510,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeDataQualityJobDefinition" + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:ListTags" ] } }, @@ -581,11 +583,19 @@ "JobResources", "RoleArn" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::SageMaker::DataQualityJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/src/schema/aws-sagemaker-domain.json b/src/schema/aws-sagemaker-domain.json index ceff7791..03cf9716 100644 --- a/src/schema/aws-sagemaker-domain.json +++ b/src/schema/aws-sagemaker-domain.json @@ -9,6 +9,15 @@ "/properties/Tags" ], "definitions": { + "AppLifecycleManagement": { + "additionalProperties": false, + "properties": { + "IdleSettings": { + "$ref": "#/definitions/IdleSettings" + } + }, + "type": "object" + }, "AppType": { "enum": [ "JupyterServer", @@ -25,6 +34,9 @@ "additionalProperties": false, "description": "The CodeEditor app settings.", "properties": { + "AppLifecycleManagement": { + "$ref": "#/definitions/AppLifecycleManagement" + }, "CustomImages": { "description": "A list of custom images for use for CodeEditor apps.", "items": { @@ -72,6 +84,9 @@ "properties": { "EFSFileSystemConfig": { "$ref": "#/definitions/EFSFileSystemConfig" + }, + "FSxLustreFileSystemConfig": { + "$ref": "#/definitions/FSxLustreFileSystemConfig" } }, "type": "object" @@ -248,6 +263,14 @@ "DockerSettings": { "$ref": "#/definitions/DockerSettings" }, + "ExecutionRoleIdentityConfig": { + "description": "The configuration for attaching a SageMaker user profile name to the execution role as a sts:SourceIdentity key.", + "enum": [ + "USER_PROFILE_NAME", + "DISABLED" + ], + "type": "string" + }, "RStudioServerProDomainSettings": { "$ref": "#/definitions/RStudioServerProDomainSettings" }, @@ -288,10 +311,58 @@ ], "type": "object" }, + "FSxLustreFileSystemConfig": { + "additionalProperties": false, + "properties": { + "FileSystemId": { + "maxLength": 21, + "minLength": 11, + "pattern": "^(fs-[0-9a-f]{8,})$", + "type": "string" + }, + "FileSystemPath": { + "maxLength": 256, + "minLength": 1, + "pattern": "^\\/\\S*$", + "type": "string" + } + }, + "required": [ + "FileSystemId" + ], + "type": "object" + }, + "IdleSettings": { + "additionalProperties": false, + "properties": { + "IdleTimeoutInMinutes": { + "$ref": "#/definitions/IdleTimeoutInMinutes" + }, + "LifecycleManagement": { + "$ref": "#/definitions/LifecycleManagement" + }, + "MaxIdleTimeoutInMinutes": { + "$ref": "#/definitions/MaxIdleTimeoutInMinutes" + }, + "MinIdleTimeoutInMinutes": { + "$ref": "#/definitions/MinIdleTimeoutInMinutes" + } + }, + "type": "object" + }, + "IdleTimeoutInMinutes": { + "description": "The idle timeout value set in minutes", + "maximum": 525600, + "minimum": 60, + "type": "integer" + }, "JupyterLabAppSettings": { "additionalProperties": false, "description": "The JupyterLab app settings.", "properties": { + "AppLifecycleManagement": { + "$ref": "#/definitions/AppLifecycleManagement" + }, "CodeRepositories": { "description": "A list of CodeRepositories available for use with JupyterLab apps.", "items": { @@ -381,12 +452,32 @@ }, "type": "object" }, + "LifecycleManagement": { + "description": "A flag to enable/disable AppLifecycleManagement settings", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "MaxIdleTimeoutInMinutes": { + "description": "The maximum idle timeout value set in minutes", + "maximum": 525600, + "minimum": 60, + "type": "integer" + }, + "MinIdleTimeoutInMinutes": { + "description": "The minimum idle timeout value set in minutes", + "maximum": 525600, + "minimum": 60, + "type": "integer" + }, "MlTools": { "enum": [ "DataWrangler", "FeatureStore", "EmrClusters", - "AutoML", + "AutoMl", "Experiments", "Training", "ModelEvaluation", @@ -395,7 +486,14 @@ "JumpStart", "InferenceRecommender", "Endpoints", - "Projects" + "Projects", + "InferenceOptimization", + "HyperPodClusters", + "Comet", + "DeepchecksLLMEvaluation", + "Fiddler", + "LakeraGuard", + "PerformanceEvaluation" ], "type": "string" }, @@ -880,6 +978,14 @@ "type": "array", "uniqueItems": false }, + "TagPropagation": { + "description": "Indicates whether the tags added to Domain, User Profile and Space entity is propagated to all SageMaker resources.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "Tags": { "description": "A list of tags to apply to the user profile.", "insertionOrder": false, diff --git a/src/schema/aws-sagemaker-endpoint.json b/src/schema/aws-sagemaker-endpoint.json index 9a00ce79..58d5ff2a 100644 --- a/src/schema/aws-sagemaker-endpoint.json +++ b/src/schema/aws-sagemaker-endpoint.json @@ -8,6 +8,7 @@ "additionalProperties": false, "properties": { "AlarmName": { + "description": "The name of the CloudWatch alarm.", "type": "string" } }, @@ -20,11 +21,12 @@ "additionalProperties": false, "properties": { "Alarms": { + "description": "List of CloudWatch alarms to monitor during the deployment. If any alarm goes off, the deployment is rolled back.", "items": { "$ref": "#/definitions/Alarm" }, "type": "array", - "uniqueItems": false + "uniqueItems": true } }, "required": [ @@ -36,13 +38,16 @@ "additionalProperties": false, "properties": { "MaximumExecutionTimeoutInSeconds": { + "description": "The maximum time allowed for the blue/green update, in seconds.", "type": "integer" }, "TerminationWaitInSeconds": { + "description": "The wait time before terminating the old endpoint during a blue/green deployment.", "type": "integer" }, "TrafficRoutingConfiguration": { - "$ref": "#/definitions/TrafficRoutingConfig" + "$ref": "#/definitions/TrafficRoutingConfig", + "description": "The traffic routing configuration for the blue/green deployment." } }, "required": [ @@ -54,9 +59,11 @@ "additionalProperties": false, "properties": { "Type": { + "description": "Specifies whether the `Value` is an instance count or a capacity unit.", "type": "string" }, "Value": { + "description": "The value representing either the number of instances or the number of capacity units.", "type": "integer" } }, @@ -70,13 +77,16 @@ "additionalProperties": false, "properties": { "AutoRollbackConfiguration": { - "$ref": "#/definitions/AutoRollbackConfig" + "$ref": "#/definitions/AutoRollbackConfig", + "description": "Configuration for automatic rollback if an error occurs during deployment." }, "BlueGreenUpdatePolicy": { - "$ref": "#/definitions/BlueGreenUpdatePolicy" + "$ref": "#/definitions/BlueGreenUpdatePolicy", + "description": "Configuration for blue-green update deployment policies." }, "RollingUpdatePolicy": { - "$ref": "#/definitions/RollingUpdatePolicy" + "$ref": "#/definitions/RollingUpdatePolicy", + "description": "Configuration for rolling update deployment policies." } }, "type": "object" @@ -85,15 +95,19 @@ "additionalProperties": false, "properties": { "MaximumBatchSize": { - "$ref": "#/definitions/CapacitySize" + "$ref": "#/definitions/CapacitySize", + "description": "Specifies the maximum batch size for each rolling update." }, "MaximumExecutionTimeoutInSeconds": { + "description": "The maximum time allowed for the rolling update, in seconds.", "type": "integer" }, "RollbackMaximumBatchSize": { - "$ref": "#/definitions/CapacitySize" + "$ref": "#/definitions/CapacitySize", + "description": "The maximum batch size for rollback during an update failure." }, "WaitIntervalInSeconds": { + "description": "The time to wait between steps during the rolling update, in seconds.", "type": "integer" } }, @@ -107,9 +121,11 @@ "additionalProperties": false, "properties": { "Key": { + "description": "The key of the tag.", "type": "string" }, "Value": { + "description": "The value of the tag.", "type": "string" } }, @@ -123,15 +139,19 @@ "additionalProperties": false, "properties": { "CanarySize": { - "$ref": "#/definitions/CapacitySize" + "$ref": "#/definitions/CapacitySize", + "description": "Specifies the size of the canary traffic in a canary deployment." }, "LinearStepSize": { - "$ref": "#/definitions/CapacitySize" + "$ref": "#/definitions/CapacitySize", + "description": "Specifies the step size for linear traffic routing." }, "Type": { + "description": "Specifies the type of traffic routing (e.g., 'AllAtOnce', 'Canary', 'Linear').", "type": "string" }, "WaitIntervalInSeconds": { + "description": "Specifies the wait interval between traffic shifts, in seconds.", "type": "integer" } }, @@ -144,6 +164,7 @@ "additionalProperties": false, "properties": { "VariantPropertyType": { + "description": "The type of variant property (e.g., 'DesiredInstanceCount', 'DesiredWeight', 'DataCaptureConfig').", "type": "string" } }, @@ -151,36 +172,78 @@ } }, "description": "Resource Type definition for AWS::SageMaker::Endpoint", + "handlers": { + "create": { + "permissions": [ + "sagemaker:CreateEndpoint", + "sagemaker:DescribeEndpoint", + "sagemaker:AddTags" + ] + }, + "delete": { + "permissions": [ + "sagemaker:DeleteEndpoint", + "sagemaker:DescribeEndpoint" + ] + }, + "list": { + "permissions": [ + "sagemaker:ListEndpoints" + ] + }, + "read": { + "permissions": [ + "sagemaker:DescribeEndpoint", + "sagemaker:ListTags" + ] + }, + "update": { + "permissions": [ + "sagemaker:UpdateEndpoint", + "sagemaker:DescribeEndpoint", + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/EndpointArn" ], "properties": { "DeploymentConfig": { - "$ref": "#/definitions/DeploymentConfig" + "$ref": "#/definitions/DeploymentConfig", + "description": "Specifies deployment configuration for updating the SageMaker endpoint. Includes rollback and update policies." + }, + "EndpointArn": { + "description": "The Amazon Resource Name (ARN) of the endpoint.", + "type": "string" }, "EndpointConfigName": { + "description": "The name of the endpoint configuration for the SageMaker endpoint. This is a required property.", "type": "string" }, "EndpointName": { + "description": "The name of the SageMaker endpoint. This name must be unique within an AWS Region.", "type": "string" }, "ExcludeRetainedVariantProperties": { + "description": "Specifies a list of variant properties that you want to exclude when updating an endpoint.", "items": { "$ref": "#/definitions/VariantProperty" }, "type": "array", "uniqueItems": false }, - "Id": { - "type": "string" - }, "RetainAllVariantProperties": { + "description": "When set to true, retains all variant properties for an endpoint when it is updated.", "type": "boolean" }, "RetainDeploymentConfig": { + "description": "When set to true, retains the deployment configuration during endpoint updates.", "type": "boolean" }, "Tags": { + "description": "An array of key-value pairs to apply to this resource.", "items": { "$ref": "#/definitions/Tag" }, @@ -189,10 +252,28 @@ } }, "readOnlyProperties": [ - "/properties/Id" + "/properties/EndpointArn", + "/properties/EndpointName" ], "required": [ "EndpointConfigName" ], - "typeName": "AWS::SageMaker::Endpoint" + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags", + "sagemaker:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::SageMaker::Endpoint", + "writeOnlyProperties": [ + "/properties/ExcludeRetainedVariantProperties", + "/properties/RetainAllVariantProperties", + "/properties/RetainDeploymentConfig" + ] } diff --git a/src/schema/aws-sagemaker-endpointconfig.json b/src/schema/aws-sagemaker-endpointconfig.json index b43cce3e..e2162533 100644 --- a/src/schema/aws-sagemaker-endpointconfig.json +++ b/src/schema/aws-sagemaker-endpointconfig.json @@ -298,15 +298,15 @@ "ProductionVariant": { "additionalProperties": false, "properties": { - "AcceleratorType": { - "type": "string" - }, "ContainerStartupHealthCheckTimeoutInSeconds": { "type": "integer" }, "EnableSSMAccess": { "type": "boolean" }, + "InferenceAmiVersion": { + "type": "string" + }, "InitialInstanceCount": { "type": "integer" }, diff --git a/src/schema/aws-sagemaker-featuregroup.json b/src/schema/aws-sagemaker-featuregroup.json index 21b75968..5473bccd 100644 --- a/src/schema/aws-sagemaker-featuregroup.json +++ b/src/schema/aws-sagemaker-featuregroup.json @@ -350,6 +350,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/src/schema/aws-sagemaker-image.json b/src/schema/aws-sagemaker-image.json index 8ce55586..13b00cde 100644 --- a/src/schema/aws-sagemaker-image.json +++ b/src/schema/aws-sagemaker-image.json @@ -143,6 +143,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-sagemaker-inferencecomponent.json b/src/schema/aws-sagemaker-inferencecomponent.json index 6367c190..b574a04e 100644 --- a/src/schema/aws-sagemaker-inferencecomponent.json +++ b/src/schema/aws-sagemaker-inferencecomponent.json @@ -1,6 +1,48 @@ { "additionalProperties": false, "definitions": { + "Alarm": { + "additionalProperties": false, + "properties": { + "AlarmName": { + "maxLength": 255, + "minLength": 1, + "pattern": "^(?!\\s*$).+", + "type": "string" + } + }, + "required": [ + "AlarmName" + ], + "type": "object" + }, + "AutoRollbackConfiguration": { + "additionalProperties": false, + "properties": { + "Alarms": { + "items": { + "$ref": "#/definitions/Alarm" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Alarms" + ], + "type": "object" + }, + "BaseInferenceComponentName": { + "description": "The name of the base inference component", + "maxLength": 63, + "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", + "type": "string" + }, + "CapacitySizeValue": { + "description": "The number of copies for the inference component", + "type": "integer" + }, "ContainerImage": { "description": "The image to use for the container that will be materialized for the inference component", "maxLength": 255, @@ -59,6 +101,30 @@ "minLength": 1, "type": "string" }, + "InferenceComponentCapacitySize": { + "additionalProperties": false, + "description": "Capacity size configuration for the inference component", + "properties": { + "Type": { + "$ref": "#/definitions/InferenceComponentCapacitySizeType" + }, + "Value": { + "$ref": "#/definitions/CapacitySizeValue" + } + }, + "required": [ + "Type", + "Value" + ], + "type": "object" + }, + "InferenceComponentCapacitySizeType": { + "enum": [ + "COPY_COUNT", + "CAPACITY_PERCENT" + ], + "type": "string" + }, "InferenceComponentComputeResourceRequirements": { "additionalProperties": false, "description": "", @@ -102,12 +168,44 @@ "minimum": 0, "type": "integer" }, + "InferenceComponentDeploymentConfig": { + "additionalProperties": false, + "description": "The deployment config for the inference component", + "properties": { + "AutoRollbackConfiguration": { + "$ref": "#/definitions/AutoRollbackConfiguration" + }, + "RollingUpdatePolicy": { + "$ref": "#/definitions/InferenceComponentRollingUpdatePolicy" + } + }, + "type": "object" + }, "InferenceComponentName": { "description": "The name of the inference component", "maxLength": 63, "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", "type": "string" }, + "InferenceComponentRollingUpdatePolicy": { + "additionalProperties": false, + "description": "The rolling update policy for the inference component", + "properties": { + "MaximumBatchSize": { + "$ref": "#/definitions/InferenceComponentCapacitySize" + }, + "MaximumExecutionTimeoutInSeconds": { + "$ref": "#/definitions/MaximumExecutionTimeoutInSeconds" + }, + "RollbackMaximumBatchSize": { + "$ref": "#/definitions/InferenceComponentCapacitySize" + }, + "WaitIntervalInSeconds": { + "$ref": "#/definitions/WaitIntervalInSeconds" + } + }, + "type": "object" + }, "InferenceComponentRuntimeConfig": { "additionalProperties": false, "description": "The runtime config for the inference component", @@ -128,6 +226,9 @@ "additionalProperties": false, "description": "The specification for the inference component", "properties": { + "BaseInferenceComponentName": { + "$ref": "#/definitions/BaseInferenceComponentName" + }, "ComputeResourceRequirements": { "$ref": "#/definitions/InferenceComponentComputeResourceRequirements" }, @@ -141,9 +242,6 @@ "$ref": "#/definitions/InferenceComponentStartupParameters" } }, - "required": [ - "ComputeResourceRequirements" - ], "type": "object" }, "InferenceComponentStartupParameters": { @@ -169,6 +267,11 @@ ], "type": "string" }, + "MaximumExecutionTimeoutInSeconds": { + "maximum": 28800, + "minimum": 600, + "type": "integer" + }, "MemoryInMb": { "minimum": 128, "type": "integer" @@ -236,6 +339,11 @@ "maxLength": 63, "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", "type": "string" + }, + "WaitIntervalInSeconds": { + "maximum": 3600, + "minimum": 0, + "type": "integer" } }, "description": "Resource Type definition for AWS::SageMaker::InferenceComponent", @@ -286,6 +394,9 @@ "CreationTime": { "$ref": "#/definitions/Timestamp" }, + "DeploymentConfig": { + "$ref": "#/definitions/InferenceComponentDeploymentConfig" + }, "EndpointArn": { "$ref": "#/definitions/EndpointArn" }, @@ -332,12 +443,15 @@ ], "required": [ "EndpointName", - "VariantName", - "Specification", - "RuntimeConfig" + "Specification" ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -346,6 +460,7 @@ "typeName": "AWS::SageMaker::InferenceComponent", "writeOnlyProperties": [ "/properties/Specification/Container/Image", - "/properties/RuntimeConfig/CopyCount" + "/properties/RuntimeConfig/CopyCount", + "/properties/DeploymentConfig" ] } diff --git a/src/schema/aws-sagemaker-mlflowtrackingserver.json b/src/schema/aws-sagemaker-mlflowtrackingserver.json index 30696c9f..caaad79e 100644 --- a/src/schema/aws-sagemaker-mlflowtrackingserver.json +++ b/src/schema/aws-sagemaker-mlflowtrackingserver.json @@ -41,14 +41,14 @@ "sagemaker:ListTags", "iam:PassRole" ], - "timeoutInMinutes": 65 + "timeoutInMinutes": 95 }, "delete": { "permissions": [ "sagemaker:DeleteMlflowTrackingServer", "sagemaker:DescribeMlflowTrackingServer" ], - "timeoutInMinutes": 65 + "timeoutInMinutes": 95 }, "list": { "permissions": [ diff --git a/src/schema/aws-sagemaker-modelbiasjobdefinition.json b/src/schema/aws-sagemaker-modelbiasjobdefinition.json index 64265ff6..752712cb 100644 --- a/src/schema/aws-sagemaker-modelbiasjobdefinition.json +++ b/src/schema/aws-sagemaker-modelbiasjobdefinition.json @@ -529,7 +529,8 @@ "sagemaker:CreateModelBiasJobDefinition", "sagemaker:DescribeModelBiasJobDefinition", "iam:PassRole", - "sagemaker:AddTags" + "sagemaker:AddTags", + "sagemaker:ListTags" ] }, "delete": { @@ -545,7 +546,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeModelBiasJobDefinition" + "sagemaker:DescribeModelBiasJobDefinition", + "sagemaker:ListTags" ] } }, @@ -617,11 +619,19 @@ "JobResources", "RoleArn" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::SageMaker::ModelBiasJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/src/schema/aws-sagemaker-modelcard.json b/src/schema/aws-sagemaker-modelcard.json index b3bb0730..3def590c 100644 --- a/src/schema/aws-sagemaker-modelcard.json +++ b/src/schema/aws-sagemaker-modelcard.json @@ -1021,6 +1021,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-sagemaker-modelexplainabilityjobdefinition.json b/src/schema/aws-sagemaker-modelexplainabilityjobdefinition.json index 49bee372..4d9ece49 100644 --- a/src/schema/aws-sagemaker-modelexplainabilityjobdefinition.json +++ b/src/schema/aws-sagemaker-modelexplainabilityjobdefinition.json @@ -483,7 +483,8 @@ "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "iam:PassRole", - "sagemaker:AddTags" + "sagemaker:AddTags", + "sagemaker:ListTags" ] }, "delete": { @@ -499,7 +500,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeModelExplainabilityJobDefinition" + "sagemaker:DescribeModelExplainabilityJobDefinition", + "sagemaker:ListTags" ] } }, @@ -571,11 +573,19 @@ "JobResources", "RoleArn" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::SageMaker::ModelExplainabilityJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/src/schema/aws-sagemaker-modelpackage.json b/src/schema/aws-sagemaker-modelpackage.json index aa63431d..4f228c83 100644 --- a/src/schema/aws-sagemaker-modelpackage.json +++ b/src/schema/aws-sagemaker-modelpackage.json @@ -1,5 +1,9 @@ { "additionalProperties": false, + "conditionalCreateOnlyProperties": [ + "/properties/ModelCard", + "/properties/SourceUri" + ], "createOnlyProperties": [ "/properties/ModelPackageGroupName", "/properties/ModelPackageDescription", @@ -12,7 +16,8 @@ "/properties/DriftCheckBaselines", "/properties/Domain", "/properties/Task", - "/properties/SamplePayloadUrl" + "/properties/SamplePayloadUrl", + "/properties/SecurityConfig" ], "definitions": { "AdditionalInferenceSpecificationDefinition": { @@ -423,6 +428,20 @@ ], "type": "object" }, + "ModelAccessConfig": { + "additionalProperties": false, + "description": "Specifies the access configuration file for the ML model.", + "properties": { + "AcceptEula": { + "description": "Specifies agreement to the model end-user license agreement (EULA).", + "type": "boolean" + } + }, + "required": [ + "AcceptEula" + ], + "type": "object" + }, "ModelApprovalStatus": { "description": "The approval status of the model package.", "enum": [ @@ -432,6 +451,34 @@ ], "type": "string" }, + "ModelCard": { + "additionalProperties": false, + "description": "The model card associated with the model package.", + "properties": { + "ModelCardContent": { + "description": "The content of the model card.", + "maxLength": 100000, + "minLength": 0, + "pattern": ".*", + "type": "string" + }, + "ModelCardStatus": { + "description": "The approval status of the model card within your organization.", + "enum": [ + "Draft", + "PendingReview", + "Approved", + "Archived" + ], + "type": "string" + } + }, + "required": [ + "ModelCardContent", + "ModelCardStatus" + ], + "type": "object" + }, "ModelDataQuality": { "additionalProperties": false, "description": "Metrics that measure the quality of the input data for a model.", @@ -445,6 +492,16 @@ }, "type": "object" }, + "ModelDataSource": { + "additionalProperties": false, + "description": "Specifies the location of ML model data to deploy during endpoint creation.", + "properties": { + "S3DataSource": { + "$ref": "#/definitions/S3ModelDataSource" + } + }, + "type": "object" + }, "ModelMetrics": { "additionalProperties": false, "description": "A structure that contains model metrics reports.", @@ -468,7 +525,7 @@ "description": "The Amazon Resource Name (ARN) of the model package group.", "maxLength": 2048, "minLength": 1, - "pattern": "^arn:aws(-cn|-us-gov)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package/[\\S]{1,2048}$", + "pattern": "^arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package/[\\S]{1,2048}$", "type": "string" }, "ModelPackageContainerDefinition": { @@ -508,6 +565,9 @@ "pattern": "^[Ss][Hh][Aa]256:[0-9a-fA-F]{64}$", "type": "string" }, + "ModelDataSource": { + "$ref": "#/definitions/ModelDataSource" + }, "ModelDataUrl": { "description": "A structure with Model Input details.", "maxLength": 1024, @@ -664,12 +724,65 @@ ], "type": "object" }, + "S3ModelDataSource": { + "additionalProperties": false, + "description": "Specifies the S3 location of ML model data to deploy.", + "properties": { + "CompressionType": { + "description": "Specifies how the ML model data is prepared.", + "enum": [ + "None", + "Gzip" + ], + "type": "string" + }, + "ModelAccessConfig": { + "$ref": "#/definitions/ModelAccessConfig" + }, + "S3DataType": { + "description": "Specifies the type of ML model data to deploy.", + "enum": [ + "S3Prefix", + "S3Object" + ], + "type": "string" + }, + "S3Uri": { + "description": "Specifies the S3 path of ML model data to deploy.", + "maxLength": 1024, + "pattern": "^(https|s3)://([^/]+)/?(.*)$", + "type": "string" + } + }, + "required": [ + "S3DataType", + "S3Uri", + "CompressionType" + ], + "type": "object" + }, "SamplePayloadUrl": { "description": "The Amazon Simple Storage Service (Amazon S3) path where the sample payload are stored pointing to single gzip compressed tar archive.", "maxLength": 1024, "pattern": "^(https|s3)://([^/]+)/?(.*)$", "type": "string" }, + "SecurityConfig": { + "additionalProperties": false, + "description": "An optional AWS Key Management Service key to encrypt, decrypt, and re-encrypt model package information for regulated workloads with highly sensitive data.", + "properties": { + "KmsKeyId": { + "description": "The AWS KMS Key ID (KMSKeyId) used for encryption of model package information.", + "maxLength": 2048, + "pattern": "^[a-zA-Z0-9:/_-]*$", + "type": "string" + } + }, + "required": [ + "KmsKeyId" + ], + "type": "object" + }, "SkipModelValidation": { "description": "Indicates if you want to skip model validation.", "enum": [ @@ -722,6 +835,13 @@ ], "type": "object" }, + "SourceUri": { + "description": "The URI of the source for the model package.", + "maxLength": 1024, + "minLength": 0, + "pattern": "[\\p{L}\\p{M}\\p{Z}\\p{N}\\p{P}]{0,1024}", + "type": "string" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -961,14 +1081,22 @@ "sagemaker:DescribeTransformJob", "sagemaker:DescribeModelPackage", "sagemaker:ListTags", + "sagemaker:UpdateModelPackage", "iam:PassRole", - "s3:GetObject" + "s3:GetObject", + "s3:ListBucket", + "kms:CreateGrant", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" ] }, "delete": { "permissions": [ "sagemaker:DeleteModelPackage", - "sagemaker:DescribeModelPackage" + "sagemaker:DescribeModelPackage", + "kms:DescribeKey", + "kms:Decrypt" ] }, "list": { @@ -986,16 +1114,25 @@ "read": { "permissions": [ "sagemaker:DescribeModelPackage", - "sagemaker:ListTags" + "sagemaker:ListTags", + "kms:DescribeKey", + "kms:Decrypt" ] }, "update": { "permissions": [ + "ecr:BatchGetImage", "sagemaker:UpdateModelPackage", "sagemaker:DescribeModelPackage", "sagemaker:ListTags", "sagemaker:AddTags", - "sagemaker:DeleteTags" + "sagemaker:DeleteTags", + "s3:GetObject", + "s3:ListBucket", + "kms:CreateGrant", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" ] } }, @@ -1042,6 +1179,9 @@ "ModelApprovalStatus": { "$ref": "#/definitions/ModelApprovalStatus" }, + "ModelCard": { + "$ref": "#/definitions/ModelCard" + }, "ModelMetrics": { "$ref": "#/definitions/ModelMetrics" }, @@ -1069,12 +1209,18 @@ "SamplePayloadUrl": { "$ref": "#/definitions/SamplePayloadUrl" }, + "SecurityConfig": { + "$ref": "#/definitions/SecurityConfig" + }, "SkipModelValidation": { "$ref": "#/definitions/SkipModelValidation" }, "SourceAlgorithmSpecification": { "$ref": "#/definitions/SourceAlgorithmSpecification" }, + "SourceUri": { + "$ref": "#/definitions/SourceUri" + }, "Tags": { "description": "An array of key-value pairs to apply to this resource.", "items": { @@ -1098,6 +1244,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sagemaker", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-sagemaker-modelpackagegroup.json b/src/schema/aws-sagemaker-modelpackagegroup.json index 53124f03..6df48088 100644 --- a/src/schema/aws-sagemaker-modelpackagegroup.json +++ b/src/schema/aws-sagemaker-modelpackagegroup.json @@ -146,5 +146,17 @@ "required": [ "ModelPackageGroupName" ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::SageMaker::ModelPackageGroup" } diff --git a/src/schema/aws-sagemaker-modelqualityjobdefinition.json b/src/schema/aws-sagemaker-modelqualityjobdefinition.json index 436e332d..755e9070 100644 --- a/src/schema/aws-sagemaker-modelqualityjobdefinition.json +++ b/src/schema/aws-sagemaker-modelqualityjobdefinition.json @@ -555,6 +555,7 @@ "sagemaker:CreateModelQualityJobDefinition", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:AddTags", + "sagemaker:ListTags", "iam:PassRole" ] }, @@ -571,7 +572,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeModelQualityJobDefinition" + "sagemaker:DescribeModelQualityJobDefinition", + "sagemaker:ListTags" ] } }, @@ -643,11 +645,19 @@ "JobResources", "RoleArn" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::SageMaker::ModelQualityJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/src/schema/aws-sagemaker-partnerapp.json b/src/schema/aws-sagemaker-partnerapp.json new file mode 100644 index 00000000..eeb93d84 --- /dev/null +++ b/src/schema/aws-sagemaker-partnerapp.json @@ -0,0 +1,254 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/Name", + "/properties/Type", + "/properties/ExecutionRoleArn", + "/properties/AuthType", + "/properties/KmsKeyId" + ], + "definitions": { + "PartnerAppAdminUserList": { + "additionalProperties": false, + "description": "A collection of AdminUsers for the PartnerApp", + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "PartnerAppConfig": { + "additionalProperties": false, + "description": "A collection of configuration settings for the PartnerApp.", + "properties": { + "AdminUsers": { + "description": "A list of users with administrator privileges for the PartnerApp.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PartnerAppAdminUserList" + }, + "maxItems": 5, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, + "Arguments": { + "additionalProperties": false, + "description": "A list of arguments to pass to the PartnerApp.", + "maxProperties": 5, + "patternProperties": { + "^(?!\\s*$).{1,256}$": { + "maxLength": 1024, + "pattern": "^.{0,1024}$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "PartnerAppMaintenanceConfig": { + "additionalProperties": false, + "description": "A collection of settings that specify the maintenance schedule for the PartnerApp.", + "properties": { + "MaintenanceWindowStart": { + "description": "The maintenance window start day and time for the PartnerApp.", + "maxLength": 9, + "pattern": "(Mon|Tue|Wed|Thu|Fri|Sat|Sun):([01]\\d|2[0-3]):([0-5]\\d)", + "type": "string" + } + }, + "required": [ + "MaintenanceWindowStart" + ], + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 128, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "deprecatedProperties": [ + "/properties/ClientToken" + ], + "description": "Resource Type definition for AWS::SageMaker::PartnerApp", + "handlers": { + "create": { + "permissions": [ + "sagemaker:CreatePartnerApp", + "sagemaker:DescribePartnerApp", + "sagemaker:AddTags", + "sagemaker:ListTags", + "iam:PassRole", + "kms:CreateGrant", + "kms:DescribeKey" + ], + "timeoutInMinutes": 180 + }, + "delete": { + "permissions": [ + "sagemaker:DeletePartnerApp", + "sagemaker:DescribePartnerApp", + "sagemaker:DeleteTags" + ], + "timeoutInMinutes": 240 + }, + "list": { + "permissions": [ + "sagemaker:ListPartnerApps", + "sagemaker:DescribePartnerApp", + "sagemaker:ListTags" + ] + }, + "read": { + "permissions": [ + "sagemaker:DescribePartnerApp", + "sagemaker:ListTags" + ] + }, + "update": { + "permissions": [ + "sagemaker:UpdatePartnerApp", + "sagemaker:DescribePartnerApp", + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags", + "kms:DescribeKey" + ], + "timeoutInMinutes": 180 + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "ApplicationConfig": { + "$ref": "#/definitions/PartnerAppConfig", + "description": "A collection of settings that specify the maintenance schedule for the PartnerApp." + }, + "Arn": { + "description": "The Amazon Resource Name (ARN) of the created PartnerApp.", + "maxLength": 128, + "minLength": 1, + "pattern": "arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:partner-app/app-[A-Z0-9]{12}$", + "type": "string" + }, + "AuthType": { + "description": "The Auth type of PartnerApp.", + "enum": [ + "IAM" + ], + "type": "string" + }, + "BaseUrl": { + "description": "The AppServerUrl based on app and account-info.", + "maxLength": 2048, + "type": "string" + }, + "ClientToken": { + "description": "The client token for the PartnerApp.", + "maxLength": 36, + "minLength": 1, + "pattern": "^[a-zA-Z0-9-]+$", + "type": "string" + }, + "EnableIamSessionBasedIdentity": { + "description": "Enables IAM Session based Identity for PartnerApp.", + "type": "boolean" + }, + "ExecutionRoleArn": { + "description": "The execution role for the user.", + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$", + "type": "string" + }, + "KmsKeyId": { + "description": "The AWS KMS customer managed key used to encrypt the data associated with the PartnerApp.", + "maxLength": 2048, + "pattern": ".*", + "type": "string" + }, + "MaintenanceConfig": { + "$ref": "#/definitions/PartnerAppMaintenanceConfig", + "description": "A collection of settings that specify the maintenance schedule for the PartnerApp." + }, + "Name": { + "description": "A name for the PartnerApp.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]+", + "type": "string" + }, + "Tags": { + "description": "A list of tags to apply to the PartnerApp.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": false + }, + "Tier": { + "description": "The tier of the PartnerApp.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, + "Type": { + "description": "The type of PartnerApp.", + "enum": [ + "lakera-guard", + "comet", + "deepchecks-llm-evaluation", + "fiddler" + ], + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/BaseUrl" + ], + "replacementStrategy": "delete_then_create", + "required": [ + "Name", + "Type", + "AuthType", + "ExecutionRoleArn", + "Tier" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags", + "sagemaker:ListTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::SageMaker::PartnerApp", + "writeOnlyProperties": [ + "/properties/ClientToken" + ] +} diff --git a/src/schema/aws-sagemaker-pipeline.json b/src/schema/aws-sagemaker-pipeline.json index 4479971a..9ac8584c 100644 --- a/src/schema/aws-sagemaker-pipeline.json +++ b/src/schema/aws-sagemaker-pipeline.json @@ -173,5 +173,17 @@ "PipelineDefinition", "RoleArn" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::SageMaker::Pipeline" } diff --git a/src/schema/aws-sagemaker-project.json b/src/schema/aws-sagemaker-project.json index 31f83686..00491bab 100644 --- a/src/schema/aws-sagemaker-project.json +++ b/src/schema/aws-sagemaker-project.json @@ -238,5 +238,17 @@ "ProjectName", "ServiceCatalogProvisioningDetails" ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::SageMaker::Project" } diff --git a/src/schema/aws-sagemaker-space.json b/src/schema/aws-sagemaker-space.json index 6a0e5173..dbbd6f42 100644 --- a/src/schema/aws-sagemaker-space.json +++ b/src/schema/aws-sagemaker-space.json @@ -39,6 +39,9 @@ "properties": { "EFSFileSystem": { "$ref": "#/definitions/EFSFileSystem" + }, + "FSxLustreFileSystem": { + "$ref": "#/definitions/FSxLustreFileSystem" } }, "type": "object" @@ -109,6 +112,21 @@ ], "type": "object" }, + "FSxLustreFileSystem": { + "additionalProperties": false, + "properties": { + "FileSystemId": { + "maxLength": 21, + "minLength": 11, + "pattern": "^(fs-[0-9a-f]{8,})$", + "type": "string" + } + }, + "required": [ + "FileSystemId" + ], + "type": "object" + }, "JupyterServerAppSettings": { "additionalProperties": false, "description": "The JupyterServer app settings.", @@ -267,10 +285,22 @@ }, "type": "object" }, + "SpaceAppLifecycleManagement": { + "additionalProperties": false, + "properties": { + "IdleSettings": { + "$ref": "#/definitions/SpaceIdleSettings" + } + }, + "type": "object" + }, "SpaceCodeEditorAppSettings": { "additionalProperties": false, "description": "The CodeEditor app settings.", "properties": { + "AppLifecycleManagement": { + "$ref": "#/definitions/SpaceAppLifecycleManagement" + }, "DefaultResourceSpec": { "$ref": "#/definitions/ResourceSpec" } @@ -282,10 +312,25 @@ "minimum": 5, "type": "integer" }, + "SpaceIdleSettings": { + "additionalProperties": false, + "properties": { + "IdleTimeoutInMinutes": { + "description": "The space idle timeout value set in minutes", + "maximum": 525600, + "minimum": 60, + "type": "integer" + } + }, + "type": "object" + }, "SpaceJupyterLabAppSettings": { "additionalProperties": false, "description": "The JupyterServer app settings.", "properties": { + "AppLifecycleManagement": { + "$ref": "#/definitions/SpaceAppLifecycleManagement" + }, "CodeRepositories": { "description": "A list of CodeRepositories available for use with JupyterLab apps.", "items": { @@ -392,29 +437,37 @@ "create": { "permissions": [ "sagemaker:CreateSpace", - "sagemaker:DescribeSpace" + "sagemaker:DescribeSpace", + "sagemaker:ListTags", + "sagemaker:AddTags" ] }, "delete": { "permissions": [ "sagemaker:DeleteSpace", - "sagemaker:DescribeSpace" + "sagemaker:DescribeSpace", + "sagemaker:DeleteTags" ] }, "list": { "permissions": [ - "sagemaker:ListSpaces" + "sagemaker:ListSpaces", + "sagemaker:ListTags" ] }, "read": { "permissions": [ - "sagemaker:DescribeSpace" + "sagemaker:DescribeSpace", + "sagemaker:ListTags" ] }, "update": { "permissions": [ "sagemaker:UpdateSpace", - "sagemaker:DescribeSpace" + "sagemaker:DescribeSpace", + "sagemaker:AddTags", + "sagemaker:DeleteTags", + "sagemaker:ListTags" ] } }, @@ -484,6 +537,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags", + "sagemaker:ListTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -491,7 +549,6 @@ }, "typeName": "AWS::SageMaker::Space", "writeOnlyProperties": [ - "/properties/SpaceSettings", - "/properties/Tags" + "/properties/SpaceSettings" ] } diff --git a/src/schema/aws-sagemaker-studiolifecycleconfig.json b/src/schema/aws-sagemaker-studiolifecycleconfig.json new file mode 100644 index 00000000..e4ff63ef --- /dev/null +++ b/src/schema/aws-sagemaker-studiolifecycleconfig.json @@ -0,0 +1,130 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/StudioLifecycleConfigAppType", + "/properties/StudioLifecycleConfigContent", + "/properties/StudioLifecycleConfigName", + "/properties/Tags" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 128, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Resource Type definition for AWS::SageMaker::StudioLifecycleConfig", + "handlers": { + "create": { + "permissions": [ + "sagemaker:CreateStudioLifecycleConfig", + "sagemaker:DescribeStudioLifecycleConfig", + "sagemaker:AddTags", + "sagemaker:ListTags" + ] + }, + "delete": { + "permissions": [ + "sagemaker:DeleteStudioLifecycleConfig", + "sagemaker:DescribeStudioLifecycleConfig", + "sagemaker:DeleteTags", + "sagemaker:ListTags" + ] + }, + "list": { + "permissions": [ + "sagemaker:ListStudioLifecycleConfigs", + "sagemaker:ListTags" + ] + }, + "read": { + "permissions": [ + "sagemaker:DescribeStudioLifecycleConfig", + "sagemaker:ListTags" + ] + } + }, + "primaryIdentifier": [ + "/properties/StudioLifecycleConfigName" + ], + "properties": { + "StudioLifecycleConfigAppType": { + "description": "The App type that the Lifecycle Configuration is attached to.", + "enum": [ + "JupyterServer", + "KernelGateway", + "CodeEditor", + "JupyterLab" + ], + "type": "string" + }, + "StudioLifecycleConfigArn": { + "description": "The Amazon Resource Name (ARN) of the Lifecycle Configuration.", + "maxLength": 256, + "minLength": 1, + "pattern": "arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:studio-lifecycle-config/.*", + "type": "string" + }, + "StudioLifecycleConfigContent": { + "description": "The content of your Amazon SageMaker Studio Lifecycle Configuration script. This content must be base64 encoded.", + "maxLength": 16384, + "minLength": 1, + "pattern": "[\\S\\s]+", + "type": "string" + }, + "StudioLifecycleConfigName": { + "description": "The name of the Amazon SageMaker Studio Lifecycle Configuration.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}", + "type": "string" + }, + "Tags": { + "description": "Tags to be associated with the Lifecycle Configuration. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": false + } + }, + "readOnlyProperties": [ + "/properties/StudioLifecycleConfigArn" + ], + "required": [ + "StudioLifecycleConfigAppType", + "StudioLifecycleConfigContent", + "StudioLifecycleConfigName" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::SageMaker::StudioLifecycleConfig" +} diff --git a/src/schema/aws-sagemaker-userprofile.json b/src/schema/aws-sagemaker-userprofile.json index 8ad8c3fc..2589ffc6 100644 --- a/src/schema/aws-sagemaker-userprofile.json +++ b/src/schema/aws-sagemaker-userprofile.json @@ -10,6 +10,15 @@ "/properties/Tags" ], "definitions": { + "AppLifecycleManagement": { + "additionalProperties": false, + "properties": { + "IdleSettings": { + "$ref": "#/definitions/IdleSettings" + } + }, + "type": "object" + }, "AppType": { "enum": [ "JupyterServer", @@ -26,12 +35,15 @@ "additionalProperties": false, "description": "The CodeEditor app settings.", "properties": { + "AppLifecycleManagement": { + "$ref": "#/definitions/AppLifecycleManagement" + }, "CustomImages": { "description": "A list of custom images for use for CodeEditor apps.", "items": { "$ref": "#/definitions/CustomImage" }, - "maxItems": 30, + "maxItems": 200, "minItems": 0, "type": "array", "uniqueItems": false @@ -73,6 +85,9 @@ "properties": { "EFSFileSystemConfig": { "$ref": "#/definitions/EFSFileSystemConfig" + }, + "FSxLustreFileSystemConfig": { + "$ref": "#/definitions/FSxLustreFileSystemConfig" } }, "type": "object" @@ -175,10 +190,58 @@ ], "type": "object" }, + "FSxLustreFileSystemConfig": { + "additionalProperties": false, + "properties": { + "FileSystemId": { + "maxLength": 21, + "minLength": 11, + "pattern": "^(fs-[0-9a-f]{8,})$", + "type": "string" + }, + "FileSystemPath": { + "maxLength": 256, + "minLength": 1, + "pattern": "^\\/\\S*$", + "type": "string" + } + }, + "required": [ + "FileSystemId" + ], + "type": "object" + }, + "IdleSettings": { + "additionalProperties": false, + "properties": { + "IdleTimeoutInMinutes": { + "$ref": "#/definitions/IdleTimeoutInMinutes" + }, + "LifecycleManagement": { + "$ref": "#/definitions/LifecycleManagement" + }, + "MaxIdleTimeoutInMinutes": { + "$ref": "#/definitions/MaxIdleTimeoutInMinutes" + }, + "MinIdleTimeoutInMinutes": { + "$ref": "#/definitions/MinIdleTimeoutInMinutes" + } + }, + "type": "object" + }, + "IdleTimeoutInMinutes": { + "description": "The idle timeout value set in minutes", + "maximum": 525600, + "minimum": 60, + "type": "integer" + }, "JupyterLabAppSettings": { "additionalProperties": false, "description": "The JupyterLab app settings.", "properties": { + "AppLifecycleManagement": { + "$ref": "#/definitions/AppLifecycleManagement" + }, "CodeRepositories": { "description": "A list of CodeRepositories available for use with JupyterLab apps.", "items": { @@ -194,7 +257,7 @@ "items": { "$ref": "#/definitions/CustomImage" }, - "maxItems": 30, + "maxItems": 200, "minItems": 0, "type": "array", "uniqueItems": false @@ -267,12 +330,32 @@ }, "type": "object" }, + "LifecycleManagement": { + "description": "A flag to enable/disable AppLifecycleManagement settings", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "MaxIdleTimeoutInMinutes": { + "description": "The maximum idle timeout value set in minutes", + "maximum": 525600, + "minimum": 60, + "type": "integer" + }, + "MinIdleTimeoutInMinutes": { + "description": "The minimum idle timeout value set in minutes", + "maximum": 525600, + "minimum": 60, + "type": "integer" + }, "MlTools": { "enum": [ "DataWrangler", "FeatureStore", "EmrClusters", - "AutoML", + "AutoMl", "Experiments", "Training", "ModelEvaluation", @@ -281,7 +364,14 @@ "JumpStart", "InferenceRecommender", "Endpoints", - "Projects" + "Projects", + "InferenceOptimization", + "HyperPodClusters", + "Comet", + "DeepchecksLLMEvaluation", + "Fiddler", + "LakeraGuard", + "PerformanceEvaluation" ], "type": "string" }, diff --git a/src/schema/aws-scheduler-schedule.json b/src/schema/aws-scheduler-schedule.json index 64ce92a6..368e3795 100644 --- a/src/schema/aws-scheduler-schedule.json +++ b/src/schema/aws-scheduler-schedule.json @@ -89,7 +89,7 @@ "description": "The ARN of the SQS queue specified as the target for the dead-letter queue.", "maxLength": 1600, "minLength": 1, - "pattern": "^arn:aws(-[a-z]+)?:sqs:[a-z0-9\\-]+:\\d{12}:[a-zA-Z0-9\\-_]+$", + "pattern": "^arn:aws[a-z-]*:sqs:[a-z0-9\\-]+:\\d{12}:[a-zA-Z0-9\\-_]+$", "type": "string" } }, @@ -454,7 +454,7 @@ "description": "The Amazon Resource Name (ARN) of the IAM role to be used for this target when the schedule is triggered.", "maxLength": 1600, "minLength": 1, - "pattern": "^arn:aws(-[a-z]+)?:iam::\\d{12}:role\\/[\\w+=,.@\\/-]+$", + "pattern": "^arn:aws[a-z-]*:iam::\\d{12}:role\\/[\\w+=,.@\\/-]+$", "type": "string" }, "SageMakerPipelineParameters": { @@ -512,7 +512,7 @@ "description": "The Amazon Resource Name (ARN) of the schedule.", "maxLength": 1224, "minLength": 1, - "pattern": "^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\\-]+:\\d{12}:schedule\\/[0-9a-zA-Z-_.]+\\/[0-9a-zA-Z-_.]+$", + "pattern": "^arn:aws[a-z-]*:scheduler:[a-z0-9\\-]+:\\d{12}:schedule\\/[0-9a-zA-Z-_.]+\\/[0-9a-zA-Z-_.]+$", "type": "string" }, "Description": { @@ -540,7 +540,7 @@ "description": "The ARN for a KMS Key that will be used to encrypt customer data.", "maxLength": 2048, "minLength": 1, - "pattern": "^arn:aws(-[a-z]+)?:kms:[a-z0-9\\-]+:\\d{12}:(key|alias)\\/[0-9a-zA-Z-_]*$", + "pattern": "^arn:aws[a-z-]*:kms:[a-z0-9\\-]+:\\d{12}:(key|alias)\\/[0-9a-zA-Z-_]*$", "type": "string" }, "Name": { diff --git a/src/schema/aws-scheduler-schedulegroup.json b/src/schema/aws-scheduler-schedulegroup.json index 5f811a54..697f23d8 100644 --- a/src/schema/aws-scheduler-schedulegroup.json +++ b/src/schema/aws-scheduler-schedulegroup.json @@ -81,7 +81,7 @@ "description": "The Amazon Resource Name (ARN) of the schedule group.", "maxLength": 1224, "minLength": 1, - "pattern": "^arn:aws(-[a-z]+)?:scheduler:[a-z0-9\\-]+:\\d{12}:schedule-group\\/[0-9a-zA-Z-_.]+$", + "pattern": "^arn:aws[a-z-]*:scheduler:[a-z0-9\\-]+:\\d{12}:schedule-group\\/[0-9a-zA-Z-_.]+$", "type": "string" }, "CreationDate": { @@ -122,6 +122,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "scheduler:UntagResource", + "scheduler:ListTagsForResource", + "scheduler:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-secretsmanager-rotationschedule.json b/src/schema/aws-secretsmanager-rotationschedule.json index b5a7e3fa..ba7d8b5c 100644 --- a/src/schema/aws-secretsmanager-rotationschedule.json +++ b/src/schema/aws-secretsmanager-rotationschedule.json @@ -8,36 +8,47 @@ "additionalProperties": false, "properties": { "ExcludeCharacters": { + "description": "A string of the characters that you don't want in the password.", "type": "string" }, "KmsKeyArn": { + "description": "The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.", "type": "string" }, "MasterSecretArn": { + "description": "The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.", "type": "string" }, "MasterSecretKmsKeyArn": { + "description": "The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.", "type": "string" }, "RotationLambdaName": { + "description": "The name of the Lambda rotation function.", "type": "string" }, "RotationType": { + "description": "The type of rotation template to use", "type": "string" }, "Runtime": { + "description": "The python runtime associated with the Lambda function", "type": "string" }, "SuperuserSecretArn": { + "description": "The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.", "type": "string" }, "SuperuserSecretKmsKeyArn": { + "description": "The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.", "type": "string" }, "VpcSecurityGroupIds": { + "description": "A comma-separated list of security group IDs applied to the target database.", "type": "string" }, "VpcSubnetIds": { + "description": "A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.", "type": "string" } }, @@ -50,12 +61,15 @@ "additionalProperties": false, "properties": { "AutomaticallyAfterDays": { + "description": "The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated.", "type": "integer" }, "Duration": { + "description": "The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration, for a ScheduleExpression in hours, the window automatically closes after one hour. For a ScheduleExpression in days, the window automatically closes at the end of the UTC day.", "type": "string" }, "ScheduleExpression": { + "description": "A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone.", "type": "string" } }, @@ -63,26 +77,65 @@ } }, "description": "Resource Type definition for AWS::SecretsManager::RotationSchedule", + "handlers": { + "create": { + "permissions": [ + "secretsmanager:RotateSecret", + "secretsmanager:DescribeSecret", + "lambda:InvokeFunction" + ] + }, + "delete": { + "permissions": [ + "secretsmanager:CancelRotateSecret", + "secretsmanager:DescribeSecret" + ] + }, + "list": { + "permissions": [ + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecrets" + ] + }, + "read": { + "permissions": [ + "secretsmanager:DescribeSecret" + ] + }, + "update": { + "permissions": [ + "secretsmanager:RotateSecret", + "secretsmanager:DescribeSecret", + "lambda:InvokeFunction" + ] + } + }, "primaryIdentifier": [ "/properties/Id" ], "properties": { "HostedRotationLambda": { - "$ref": "#/definitions/HostedRotationLambda" + "$ref": "#/definitions/HostedRotationLambda", + "description": "Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates. To use a rotation function that already exists, specify RotationLambdaARN instead." }, "Id": { + "description": "The ARN of the secret.", "type": "string" }, "RotateImmediatelyOnUpdate": { + "description": "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.", "type": "boolean" }, "RotationLambdaARN": { + "description": "The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function.", "type": "string" }, "RotationRules": { - "$ref": "#/definitions/RotationRules" + "$ref": "#/definitions/RotationRules", + "description": "A structure that defines the rotation configuration for this secret." }, "SecretId": { + "description": "The ARN or name of the secret to rotate.", "type": "string" } }, @@ -92,5 +145,24 @@ "required": [ "SecretId" ], - "typeName": "AWS::SecretsManager::RotationSchedule" + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-secretsmanager", + "tagging": { + "taggable": false + }, + "typeName": "AWS::SecretsManager::RotationSchedule", + "writeOnlyProperties": [ + "/properties/RotateImmediatelyOnUpdate", + "/properties/HostedRotationLambda", + "/properties/HostedRotationLambda/ExcludeCharacters", + "/properties/HostedRotationLambda/KmsKeyArn", + "/properties/HostedRotationLambda/MasterSecretArn", + "/properties/HostedRotationLambda/MasterSecretKmsKeyArn", + "/properties/HostedRotationLambda/RotationLambdaName", + "/properties/HostedRotationLambda/RotationType", + "/properties/HostedRotationLambda/Runtime", + "/properties/HostedRotationLambda/SuperuserSecretArn", + "/properties/HostedRotationLambda/SuperuserSecretKmsKeyArn", + "/properties/HostedRotationLambda/VpcSecurityGroupIds", + "/properties/HostedRotationLambda/VpcSubnetIds" + ] } diff --git a/src/schema/aws-secretsmanager-secret.json b/src/schema/aws-secretsmanager-secret.json index c499d9bd..03cb5c50 100644 --- a/src/schema/aws-secretsmanager-secret.json +++ b/src/schema/aws-secretsmanager-secret.json @@ -1,4 +1,5 @@ { + "$comment": "If you make any changes to this schema, be sure to also modify the regional schema template that generates schemas for contract tests: secret/templates/{region.region_name}_schema.json.erb", "$schema": "https://schema.cloudformation.us-east-1.amazonaws.com/provider.definition.schema.v1.json", "additionalProperties": false, "createOnlyProperties": [ @@ -90,7 +91,7 @@ "type": "object" } }, - "description": "Creates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager.\n For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html).\n To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html).\n A common scenario is to first create a secret with ``GenerateSecretString``, which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example *Creating a Redshift cluster and a secret for the admin credentials*.\n For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html).\n For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html).", + "description": "Creates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager.\n For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html).\n For RS admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html).\n To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html).\n For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html).\n For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html).", "handlers": { "create": { "permissions": [ @@ -184,6 +185,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-secretsmanager.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "secretsmanager:UntagResource", + "secretsmanager:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-secretsmanager-secrettargetattachment.json b/src/schema/aws-secretsmanager-secrettargetattachment.json index 46cfe60b..52f5f7e7 100644 --- a/src/schema/aws-secretsmanager-secrettargetattachment.json +++ b/src/schema/aws-secretsmanager-secrettargetattachment.json @@ -1,6 +1,53 @@ { + "$schema": "https://raw.githubusercontent.com/aws-cloudformation/cloudformation-resource-schema/blob/master/src/main/resources/schema/provider.definition.schema.v1.json", "additionalProperties": false, + "createOnlyProperties": [ + "/properties/SecretId" + ], "description": "Resource Type definition for AWS::SecretsManager::SecretTargetAttachment", + "handlers": { + "create": { + "permissions": [ + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "rds:DescribeDBInstances", + "redshift:DescribeClusters", + "rds:DescribeDBClusters", + "docdb-elastic:GetCluster", + "redshift-serverless:ListWorkgroups", + "redshift-serverless:GetNamespace" + ] + }, + "delete": { + "permissions": [ + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue" + ] + }, + "list": { + "permissions": [ + "secretsmanager:GetSecretValue", + "secretsmanager:ListSecrets" + ] + }, + "read": { + "permissions": [ + "secretsmanager:GetSecretValue" + ] + }, + "update": { + "permissions": [ + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "rds:DescribeDBInstances", + "redshift:DescribeClusters", + "rds:DescribeDBClusters", + "docdb-elastic:GetCluster", + "redshift-serverless:ListWorkgroups", + "redshift-serverless:GetNamespace" + ] + } + }, "primaryIdentifier": [ "/properties/Id" ], @@ -26,5 +73,8 @@ "TargetId", "SecretId" ], + "tagging": { + "taggable": false + }, "typeName": "AWS::SecretsManager::SecretTargetAttachment" } diff --git a/src/schema/aws-securityhub-automationrule.json b/src/schema/aws-securityhub-automationrule.json index faddc15c..6693a45d 100644 --- a/src/schema/aws-securityhub-automationrule.json +++ b/src/schema/aws-securityhub-automationrule.json @@ -2,14 +2,14 @@ "additionalProperties": false, "definitions": { "AutomationRulesAction": { - "description": "", + "description": "One or more actions that ASHlong takes when a finding matches the defined criteria of a rule.", "properties": { "FindingFieldsUpdate": { "$ref": "#/definitions/AutomationRulesFindingFieldsUpdate", - "description": "" + "description": "Specifies that the automation rule action is an update to a finding field." }, "Type": { - "description": "", + "description": "Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.", "enum": [ "FINDING_FIELDS_UPDATE" ], @@ -23,15 +23,15 @@ "type": "object" }, "AutomationRulesFindingFieldsUpdate": { - "description": "The rule action will update the ``Note`` field of a finding.", + "description": "Identifies the finding fields that the automation rule action updates when a finding matches the defined criteria.", "properties": { "Confidence": { "$ref": "#/definitions/int100", - "description": "" + "description": "The rule action updates the ``Confidence`` field of a finding." }, "Criticality": { "$ref": "#/definitions/int100", - "description": "" + "description": "The rule action updates the ``Criticality`` field of a finding." }, "Note": { "$ref": "#/definitions/NoteUpdate", @@ -53,7 +53,7 @@ "type": "object" }, "Types": { - "description": "", + "description": "The rule action updates the ``Types`` field of a finding.", "items": { "pattern": "^([^/]+)(/[^/]+){0,2}$", "type": "string" @@ -64,10 +64,10 @@ }, "UserDefinedFields": { "$ref": "#/definitions/map", - "description": "" + "description": "The rule action updates the ``UserDefinedFields`` field of a finding." }, "VerificationState": { - "description": "", + "description": "The rule action updates the ``VerificationState`` field of a finding.", "enum": [ "UNKNOWN", "TRUE_POSITIVE", @@ -86,10 +86,10 @@ }, "AutomationRulesFindingFilters": { "additionalProperties": false, - "description": "", + "description": "The criteria that determine which findings a rule applies to.", "properties": { "AwsAccountId": { - "description": "", + "description": "The AWS-account ID in which a finding was generated.\n Array Members: Minimum number of 1 item. Maximum number of 100 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -97,7 +97,7 @@ "type": "array" }, "CompanyName": { - "description": "", + "description": "The name of the company for the product that generated the finding. For control-based findings, the company is AWS. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -105,7 +105,7 @@ "type": "array" }, "ComplianceAssociatedStandardsId": { - "description": "", + "description": "The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API response.\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -113,7 +113,7 @@ "type": "array" }, "ComplianceSecurityControlId": { - "description": "", + "description": "The security control ID for which a finding was generated. Security control IDs are the same across standards.\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -121,7 +121,7 @@ "type": "array" }, "ComplianceStatus": { - "description": "", + "description": "The result of a security check. This field is only used for findings generated from controls. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -129,7 +129,7 @@ "type": "array" }, "Confidence": { - "description": "", + "description": "The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. ``Confidence`` is scored on a 0\u2013100 basis using a ratio scale. A value of ``0`` means 0 percent confidence, and a value of ``100`` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *User Guide*.\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/NumberFilter" }, @@ -137,7 +137,7 @@ "type": "array" }, "CreatedAt": { - "description": "", + "description": "A timestamp that indicates when this finding record was created. \n For more information about the validation and formatting of timestamp fields in ASHlong, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps).\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/DateFilter" }, @@ -145,7 +145,7 @@ "type": "array" }, "Criticality": { - "description": "", + "description": "The level of importance that is assigned to the resources that are associated with a finding. ``Criticality`` is scored on a 0\u2013100 basis, using a ratio scale that supports only full integers. A score of ``0`` means that the underlying resources have no criticality, and a score of ``100`` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the *User Guide*.\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/NumberFilter" }, @@ -153,7 +153,7 @@ "type": "array" }, "Description": { - "description": "", + "description": "A finding's description. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -161,7 +161,7 @@ "type": "array" }, "FirstObservedAt": { - "description": "", + "description": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. \n For more information about the validation and formatting of timestamp fields in ASHlong, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps).\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/DateFilter" }, @@ -169,7 +169,7 @@ "type": "array" }, "GeneratorId": { - "description": "", + "description": "The identifier for the solution-specific component that generated a finding. \n Array Members: Minimum number of 1 item. Maximum number of 100 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -177,7 +177,7 @@ "type": "array" }, "Id": { - "description": "", + "description": "The product-specific identifier for a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -185,7 +185,7 @@ "type": "array" }, "LastObservedAt": { - "description": "", + "description": "A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. \n For more information about the validation and formatting of timestamp fields in ASHlong, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps).\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/DateFilter" }, @@ -193,7 +193,7 @@ "type": "array" }, "NoteText": { - "description": "", + "description": "The text of a user-defined note that's added to a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -201,7 +201,7 @@ "type": "array" }, "NoteUpdatedAt": { - "description": "", + "description": "The timestamp of when the note was updated.\n For more information about the validation and formatting of timestamp fields in ASHlong, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps).\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/DateFilter" }, @@ -209,7 +209,7 @@ "type": "array" }, "NoteUpdatedBy": { - "description": "", + "description": "The principal that created a note. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -217,7 +217,7 @@ "type": "array" }, "ProductArn": { - "description": "", + "description": "The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -225,7 +225,7 @@ "type": "array" }, "ProductName": { - "description": "", + "description": "Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -233,7 +233,7 @@ "type": "array" }, "RecordState": { - "description": "", + "description": "Provides the current state of a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -241,7 +241,7 @@ "type": "array" }, "RelatedFindingsId": { - "description": "", + "description": "The product-generated identifier for a related finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -249,7 +249,7 @@ "type": "array" }, "RelatedFindingsProductArn": { - "description": "", + "description": "The ARN for the product that generated a related finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -257,7 +257,7 @@ "type": "array" }, "ResourceDetailsOther": { - "description": "", + "description": "Custom fields and values about the resource that a finding pertains to. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/MapFilter" }, @@ -265,7 +265,7 @@ "type": "array" }, "ResourceId": { - "description": "", + "description": "The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. \n Array Members: Minimum number of 1 item. Maximum number of 100 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -273,7 +273,7 @@ "type": "array" }, "ResourcePartition": { - "description": "", + "description": "The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -281,7 +281,7 @@ "type": "array" }, "ResourceRegion": { - "description": "", + "description": "The AWS-Region where the resource that a finding pertains to is located. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -289,7 +289,7 @@ "type": "array" }, "ResourceTags": { - "description": "", + "description": "A list of AWS tags associated with a resource at the time the finding was processed. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/MapFilter" }, @@ -297,7 +297,7 @@ "type": "array" }, "ResourceType": { - "description": "", + "description": "A finding's title. \n Array Members: Minimum number of 1 item. Maximum number of 100 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -305,7 +305,7 @@ "type": "array" }, "SeverityLabel": { - "description": "", + "description": "The severity value of the finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -313,7 +313,7 @@ "type": "array" }, "SourceUrl": { - "description": "", + "description": "Provides a URL that links to a page about the current finding in the finding product. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -321,7 +321,7 @@ "type": "array" }, "Title": { - "description": "", + "description": "A finding's title. \n Array Members: Minimum number of 1 item. Maximum number of 100 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -329,7 +329,7 @@ "type": "array" }, "Type": { - "description": "", + "description": "One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *User Guide*.\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -337,7 +337,7 @@ "type": "array" }, "UpdatedAt": { - "description": "", + "description": "A timestamp that indicates when the finding record was most recently updated. \n For more information about the validation and formatting of timestamp fields in ASHlong, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps).\n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/DateFilter" }, @@ -345,7 +345,7 @@ "type": "array" }, "UserDefinedFields": { - "description": "", + "description": "A list of user-defined name and value string pairs added to a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/MapFilter" }, @@ -353,7 +353,7 @@ "type": "array" }, "VerificationState": { - "description": "", + "description": "Provides the veracity of a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -361,7 +361,7 @@ "type": "array" }, "WorkflowStatus": { - "description": "", + "description": "Provides information about the status of the investigation into a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items.", "items": { "$ref": "#/definitions/StringFilter" }, @@ -387,7 +387,7 @@ }, "DateFilter": { "additionalProperties": false, - "description": "", + "description": "A date filter for querying findings.", "oneOf": [ { "required": [ @@ -412,32 +412,32 @@ "properties": { "DateRange": { "$ref": "#/definitions/DateRange", - "description": "" + "description": "A date range for the date filter." }, "End": { "$ref": "#/definitions/ISO8601DateString", - "description": "" + "description": "A timestamp that provides the end date for the date filter.\n For more information about the validation and formatting of timestamp fields in ASHlong, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps)." }, "Start": { "$ref": "#/definitions/ISO8601DateString", - "description": "" + "description": "A timestamp that provides the start date for the date filter.\n For more information about the validation and formatting of timestamp fields in ASHlong, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps)." } }, "type": "object" }, "DateRange": { "additionalProperties": false, - "description": "", + "description": "A date range for the date filter.", "properties": { "Unit": { - "description": "", + "description": "A date range unit for the date filter.", "enum": [ "DAYS" ], "type": "string" }, "Value": { - "description": "", + "description": "A date range value for the date filter.", "type": "number" } }, @@ -454,10 +454,10 @@ }, "MapFilter": { "additionalProperties": false, - "description": "", + "description": "A map filter for filtering ASHlong findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.", "properties": { "Comparison": { - "description": "", + "description": "The condition to apply to the key value when filtering Security Hub findings with a map filter.\n To search for values that have the filter value, use one of the following comparison operators:\n + To search for values that include the filter value, use ``CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match.\n + To search for values that exactly match the filter value, use ``EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag.\n \n ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR``. A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security``, ``Finance``, or both values.\n To search for values that don't have the filter value, use one of the following comparison operators:\n + To search for values that exclude the filter value, use ``NOT_CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag.\n + To search for values other than the filter value, use ``NOT_EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don\u2019t have the value ``Finance`` for the ``Department`` tag.\n \n ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND``. A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values.\n ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters.\n You can\u2019t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can\u2019t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. \n ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*.", "enum": [ "EQUALS", "NOT_EQUALS", @@ -467,11 +467,11 @@ "type": "string" }, "Key": { - "description": "", + "description": "The key of the map filter. For example, for ``ResourceTags``, ``Key`` identifies the name of the tag. For ``UserDefinedFields``, ``Key`` is the name of the field.", "type": "string" }, "Value": { - "description": "", + "description": "The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called ``Department`` might be ``Security``. If you provide ``security`` as the filter value, then there's no match.", "type": "string" } }, @@ -488,17 +488,17 @@ }, "NoteUpdate": { "additionalProperties": false, - "description": "", + "description": "The updated note.", "properties": { "Text": { - "description": "", + "description": "The updated note text.", "maxLength": 512, "minLength": 1, "type": "string" }, "UpdatedBy": { "$ref": "#/definitions/arnOrId", - "description": "" + "description": "The principal that updated the note." } }, "required": [ @@ -509,7 +509,7 @@ }, "NumberFilter": { "additionalProperties": false, - "description": "", + "description": "A number filter for querying findings.", "oneOf": [ { "required": [ @@ -533,15 +533,15 @@ ], "properties": { "Eq": { - "description": "", + "description": "The equal-to condition to be applied to a single field when querying for findings.", "type": "number" }, "Gte": { - "description": "", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings.", "type": "number" }, "Lte": { - "description": "", + "description": "The less-than-equal condition to be applied to a single field when querying for findings.", "type": "number" } }, @@ -553,7 +553,7 @@ "properties": { "Id": { "$ref": "#/definitions/arnOrId", - "description": "" + "description": "The product-generated identifier for a related finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "ProductArn": { "$ref": "#/definitions/arn", @@ -568,10 +568,10 @@ }, "SeverityUpdate": { "additionalProperties": false, - "description": "", + "description": "Updates to the severity information for a finding.", "properties": { "Label": { - "description": "", + "description": "The severity value of the finding. The allowed values are the following.\n + ``INFORMATIONAL`` - No issue was found.\n + ``LOW`` - The issue does not require action on its own.\n + ``MEDIUM`` - The issue must be addressed but not urgently.\n + ``HIGH`` - The issue must be addressed as a priority.\n + ``CRITICAL`` - The issue must be remediated immediately to avoid it escalating.", "enum": [ "INFORMATIONAL", "LOW", @@ -583,10 +583,10 @@ }, "Normalized": { "$ref": "#/definitions/int100", - "description": "" + "description": "The normalized severity for the finding. This attribute is to be deprecated in favor of ``Label``.\n If you provide ``Normalized`` and don't provide ``Label``, ``Label`` is set automatically as follows.\n + 0 - ``INFORMATIONAL`` \n + 1\u201339 - ``LOW`` \n + 40\u201369 - ``MEDIUM`` \n + 70\u201389 - ``HIGH`` \n + 90\u2013100 - ``CRITICAL``" }, "Product": { - "description": "", + "description": "The native severity as defined by the AWS service or integrated partner product that generated the finding.", "type": "number" } }, @@ -594,14 +594,14 @@ }, "StringFilter": { "additionalProperties": false, - "description": "", + "description": "A string filter for filtering ASHlong findings.", "properties": { "Comparison": { "$ref": "#/definitions/StringFilterComparison", - "description": "" + "description": "The condition to apply to a string value when filtering Security Hub findings.\n To search for values that have the filter value, use one of the following comparison operators:\n + To search for values that include the filter value, use ``CONTAINS``. For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront.\n + To search for values that exactly match the filter value, use ``EQUALS``. For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012``.\n + To search for values that start with the filter value, use ``PREFIX``. For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us``. A ``ResourceRegion`` that starts with a different value, such as ``af``, ``ap``, or ``ca``, doesn't match.\n \n ``CONTAINS``, ``EQUALS``, and ``PREFIX`` filters on the same field are joined by ``OR``. A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront``, ``CloudWatch``, or both strings in the title.\n To search for values that don\u2019t have the filter value, use one of the following comparison operators:\n + To search for values that exclude the filter value, use ``NOT_CONTAINS``. For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront.\n + To search for values other than the filter value, use ``NOT_EQUALS``. For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012``.\n + To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS``. For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us``.\n \n ``NOT_CONTAINS``, ``NOT_EQUALS``, and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND``. A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title.\n You can\u2019t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. \n You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters.\n For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2``. It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface``.\n + ``ResourceType PREFIX AwsIam`` \n + ``ResourceType PREFIX AwsEc2`` \n + ``ResourceType NOT_EQUALS AwsIamPolicy`` \n + ``ResourceType NOT_EQUALS AwsEc2NetworkInterface`` \n \n ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*." }, "Value": { - "description": "", + "description": "The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is ``Security Hub``. If you provide ``security hub`` as the filter value, there's no match.", "type": "string" } }, @@ -638,10 +638,10 @@ }, "WorkflowUpdate": { "additionalProperties": false, - "description": "", + "description": "Used to update information about the investigation into the finding.", "properties": { "Status": { - "description": "", + "description": "The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to ``SUPPRESSED`` or ``RESOLVED`` does not prevent a new finding for the same issue.\n The allowed values are the following.\n + ``NEW`` - The initial state of a finding, before it is reviewed.\n Security Hub also resets ``WorkFlowStatus`` from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases:\n + The record state changes from ``ARCHIVED`` to ``ACTIVE``.\n + The compliance status changes from ``PASSED`` to either ``WARNING``, ``FAILED``, or ``NOT_AVAILABLE``.\n \n + ``NOTIFIED`` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.\n + ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved.\n + ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.", "enum": [ "NEW", "NOTIFIED", @@ -745,7 +745,7 @@ ], "properties": { "Actions": { - "description": "", + "description": "One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria``.", "items": { "$ref": "#/definitions/AutomationRulesAction" }, @@ -768,13 +768,13 @@ "description": "A set of [Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding." }, "Description": { - "description": "", + "description": "A description of the rule.", "maxLength": 1024, "minLength": 1, "type": "string" }, "IsTerminal": { - "description": "", + "description": "Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.", "type": "boolean" }, "RuleArn": { @@ -783,13 +783,13 @@ "type": "string" }, "RuleName": { - "description": "", + "description": "The name of the rule.", "maxLength": 256, "minLength": 1, "type": "string" }, "RuleOrder": { - "description": "", + "description": "An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.", "maximum": 1000, "minimum": 1, "type": "integer" @@ -804,7 +804,7 @@ }, "Tags": { "$ref": "#/definitions/Tags", - "description": "" + "description": "User-defined tags associated with an automation rule." }, "UpdatedAt": { "$ref": "#/definitions/ISO8601DateString", @@ -817,9 +817,21 @@ "/properties/UpdatedAt", "/properties/CreatedBy" ], + "required": [ + "RuleOrder", + "RuleName", + "Description", + "Criteria", + "Actions" + ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securityhub", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "securityhub:ListTagsForResource", + "securityhub:TagResource", + "securityhub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-securityhub-configurationpolicy.json b/src/schema/aws-securityhub-configurationpolicy.json index 594598b9..e03eeef1 100644 --- a/src/schema/aws-securityhub-configurationpolicy.json +++ b/src/schema/aws-securityhub-configurationpolicy.json @@ -186,7 +186,7 @@ "additionalProperties": false, "description": "A key-value pair to associate with a resource.", "patternProperties": { - "^[a-zA-Z0-9]{1,128}$": { + "^(?!aws:)[a-zA-Z+-=._:/]{1,128}$": { "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, "minLength": 0, @@ -291,6 +291,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securityhub", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "securityhub:ListTagsForResource", + "securityhub:TagResource", + "securityhub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-securityhub-delegatedadmin.json b/src/schema/aws-securityhub-delegatedadmin.json index 414efe3b..91734065 100644 --- a/src/schema/aws-securityhub-delegatedadmin.json +++ b/src/schema/aws-securityhub-delegatedadmin.json @@ -3,7 +3,7 @@ "createOnlyProperties": [ "/properties/AdminAccountId" ], - "description": "The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId.", + "description": "The ``AWS::SecurityHub::DelegatedAdmin`` resource designates the delegated ASHlong administrator account for an organization. You must enable the integration between ASH and AOlong before you can designate a delegated ASH administrator. Only the management account for an organization can designate the delegated ASH administrator account. For more information, see [Designating the delegated administrator](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html#designate-admin-instructions) in the *User Guide*.\n To change the delegated administrator account, remove the current delegated administrator account, and then designate the new account.\n To designate multiple delegated administrators in different organizations and AWS-Regions, we recommend using [mappings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/mappings-section-structure.html).\n Tags aren't supported for this resource.", "handlers": { "create": { "permissions": [ @@ -37,17 +37,17 @@ ], "properties": { "AdminAccountId": { - "description": "The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account", + "description": "The AWS-account identifier of the account to designate as the Security Hub administrator account.", "pattern": "^[0-9]{12}$", "type": "string" }, "DelegatedAdminIdentifier": { - "description": "The identifier of the DelegatedAdmin being created and assigned as the unique identifier", + "description": "", "pattern": "^[0-9]{12}/[a-zA-Z0-9-]{1,32}$", "type": "string" }, "Status": { - "description": "The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator", + "description": "", "enum": [ "ENABLED", "DISABLE_IN_PROGRESS" diff --git a/src/schema/aws-securityhub-findingaggregator.json b/src/schema/aws-securityhub-findingaggregator.json index 4bacfed4..dc533d83 100644 --- a/src/schema/aws-securityhub-findingaggregator.json +++ b/src/schema/aws-securityhub-findingaggregator.json @@ -6,7 +6,7 @@ "type": "string" } }, - "description": "The AWS::SecurityHub::FindingAggregator resource represents the AWS Security Hub Finding Aggregator in your account. One finding aggregator resource is created for each account in non opt-in region in which you configure region linking mode.", + "description": "The ``AWS::SecurityHub::FindingAggregator`` resource enables cross-Region aggregation. When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see [Cross-Region aggregation](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html) in the *User Guide* \n This resource must be created in the Region that you want to designate as your aggregation Region.\n Cross-Region aggregation is also a prerequisite for using [central configuration](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html) in ASH.", "handlers": { "create": { "permissions": [ @@ -40,15 +40,15 @@ "properties": { "FindingAggregationRegion": { "$ref": "#/definitions/Region", - "description": "The aggregation Region of the FindingAggregator" + "description": "" }, "FindingAggregatorArn": { - "description": "The ARN of the FindingAggregator being created and assigned as the unique identifier", + "description": "", "pattern": "arn:aws\\S*:securityhub:\\S*", "type": "string" }, "RegionLinkingMode": { - "description": "Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions", + "description": "Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.\n The selected option also determines how to use the Regions provided in the Regions list.\n In CFN, the options for this property are as follows:\n + ``ALL_REGIONS`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. \n + ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. \n + ``SPECIFIED_REGIONS`` - Indicates to aggregate findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions.", "enum": [ "ALL_REGIONS", "ALL_REGIONS_EXCEPT_SPECIFIED", @@ -57,7 +57,7 @@ "type": "string" }, "Regions": { - "description": "The list of excluded Regions or included Regions", + "description": "If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED``, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.\n If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS``, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.", "insertionOrder": false, "items": { "$ref": "#/definitions/Region" diff --git a/src/schema/aws-securityhub-hub.json b/src/schema/aws-securityhub-hub.json index 8e40d423..0dae5a4d 100644 --- a/src/schema/aws-securityhub-hub.json +++ b/src/schema/aws-securityhub-hub.json @@ -5,7 +5,7 @@ "additionalProperties": false, "description": "A key-value pair to associate with a resource.", "patternProperties": { - "^[a-zA-Z0-9-_]{1,128}$": { + "^(?!aws:)[a-zA-Z+-=._:/]+$": { "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, "minLength": 0, @@ -89,6 +89,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securityhub", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "securityhub:ListTagsForResource", + "securityhub:TagResource", + "securityhub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-securityhub-policyassociation.json b/src/schema/aws-securityhub-policyassociation.json index 44375812..d7b7bff1 100644 --- a/src/schema/aws-securityhub-policyassociation.json +++ b/src/schema/aws-securityhub-policyassociation.json @@ -10,7 +10,8 @@ "permissions": [ "securityhub:StartConfigurationPolicyAssociation", "securityhub:GetConfigurationPolicyAssociation" - ] + ], + "timeoutInMinutes": 1440 }, "delete": { "permissions": [ @@ -33,7 +34,8 @@ "permissions": [ "securityhub:StartConfigurationPolicyAssociation", "securityhub:GetConfigurationPolicyAssociation" - ] + ], + "timeoutInMinutes": 1440 } }, "primaryIdentifier": [ diff --git a/src/schema/aws-securityhub-securitycontrol.json b/src/schema/aws-securityhub-securitycontrol.json index 0155c810..ee23ba5a 100644 --- a/src/schema/aws-securityhub-securitycontrol.json +++ b/src/schema/aws-securityhub-securitycontrol.json @@ -17,6 +17,9 @@ ] } ], + "createOnlyProperties": [ + "/properties/SecurityControlId" + ], "definitions": { "IntegerList": { "items": { diff --git a/src/schema/aws-securityhub-standard.json b/src/schema/aws-securityhub-standard.json index b434fa0f..279f1bb3 100644 --- a/src/schema/aws-securityhub-standard.json +++ b/src/schema/aws-securityhub-standard.json @@ -67,7 +67,7 @@ ], "properties": { "DisabledStandardsControls": { - "description": "Specifies which controls are to be disabled in a standard. \n *Maximum*: ``100``", + "description": "Specifies which controls are to be disabled in a standard. \n *Maximum*: ``100``", "insertionOrder": true, "items": { "$ref": "#/definitions/StandardsControl" diff --git a/src/schema/aws-securitylake-datalake.json b/src/schema/aws-securitylake-datalake.json index 3e6b02d5..4de6cf76 100644 --- a/src/schema/aws-securitylake-datalake.json +++ b/src/schema/aws-securitylake-datalake.json @@ -50,7 +50,7 @@ "description": "Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.", "insertionOrder": false, "items": { - "pattern": "^(af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$", + "pattern": "^(us(-gov)?|af|ap|ca|eu|me|sa)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\\d+$", "type": "string" }, "type": "array", @@ -213,6 +213,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securitylake.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "securitylake:TagResource", + "securitylake:UntagResource", + "securitylake:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-securitylake-subscriber.json b/src/schema/aws-securitylake-subscriber.json index 2ca401a1..7109fcbf 100644 --- a/src/schema/aws-securitylake-subscriber.json +++ b/src/schema/aws-securitylake-subscriber.json @@ -109,6 +109,7 @@ "securitylake:CreateDataLake", "securitylake:TagResource", "securitylake:GetSubscriber", + "securitylake:ListSubscribers", "securitylake:ListTagsForResource", "iam:GetRole", "iam:GetRolePolicy", @@ -298,6 +299,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securitylake.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "securitylake:TagResource", + "securitylake:UntagResource", + "securitylake:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-servicecatalog-cloudformationprovisionedproduct.json b/src/schema/aws-servicecatalog-cloudformationprovisionedproduct.json index e07e9339..3cb41104 100644 --- a/src/schema/aws-servicecatalog-cloudformationprovisionedproduct.json +++ b/src/schema/aws-servicecatalog-cloudformationprovisionedproduct.json @@ -103,23 +103,28 @@ "handlers": { "create": { "permissions": [ - "*" + "servicecatalog:provisionProduct", + "cloudformation:CreateStack" ], "timeoutInMinutes": 720 }, "delete": { "permissions": [ - "*" + "servicecatalog:terminateProvisionedProduct", + "servicecatalog:describeRecord", + "cloudformation:DeleteStack" ] }, "read": { "permissions": [ - "*" + "servicecatalog:describeProvisionedProduct", + "cloudformation:ListStacks" ] }, "update": { "permissions": [ - "*" + "servicecatalog:updateProvisionedProduct", + "cloudformation:UpdateStack" ], "timeoutInMinutes": 720 } diff --git a/src/schema/aws-servicediscovery-service.json b/src/schema/aws-servicediscovery-service.json index 349af038..b05364ca 100644 --- a/src/schema/aws-servicediscovery-service.json +++ b/src/schema/aws-servicediscovery-service.json @@ -118,6 +118,9 @@ "NamespaceId": { "type": "string" }, + "ServiceAttributes": { + "type": "object" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" diff --git a/src/schema/aws-ses-configurationset.json b/src/schema/aws-ses-configurationset.json index a5252759..0d1b9ef1 100644 --- a/src/schema/aws-ses-configurationset.json +++ b/src/schema/aws-ses-configurationset.json @@ -23,6 +23,12 @@ "additionalProperties": false, "description": "An object that defines the dedicated IP pool that is used to send emails that you send using the configuration set.", "properties": { + "MaxDeliverySeconds": { + "description": "Specifies the maximum time until which SES will retry sending emails", + "maximum": 50400, + "minimum": 300, + "type": "number" + }, "SendingPoolName": { "description": "The name of the dedicated IP pool to associate with the configuration set.", "type": "string" @@ -98,11 +104,13 @@ "CustomRedirectDomain": { "description": "The domain to use for tracking open and click events.", "type": "string" + }, + "HttpsPolicy": { + "description": "The https policy to use for tracking open and click events.", + "pattern": "REQUIRE|REQUIRE_OPEN_ONLY|OPTIONAL", + "type": "string" } }, - "required": [ - "CustomRedirectDomain" - ], "type": "object" }, "VdmOptions": { diff --git a/src/schema/aws-ses-mailmanageringresspoint.json b/src/schema/aws-ses-mailmanageringresspoint.json index 1fbbebc9..de43aa65 100644 --- a/src/schema/aws-ses-mailmanageringresspoint.json +++ b/src/schema/aws-ses-mailmanageringresspoint.json @@ -1,6 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ + "/properties/NetworkConfiguration", "/properties/Type" ], "definitions": { @@ -63,6 +64,75 @@ ], "type": "string" }, + "IpType": { + "enum": [ + "IPV4", + "DUAL_STACK" + ], + "type": "string" + }, + "NetworkConfiguration": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "PublicNetworkConfiguration": { + "$ref": "#/definitions/PublicNetworkConfiguration" + } + }, + "required": [ + "PublicNetworkConfiguration" + ], + "title": "PublicNetworkConfiguration", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "PrivateNetworkConfiguration": { + "$ref": "#/definitions/PrivateNetworkConfiguration" + } + }, + "required": [ + "PrivateNetworkConfiguration" + ], + "title": "PrivateNetworkConfiguration", + "type": "object" + } + ] + }, + "PrivateNetworkConfiguration": { + "additionalProperties": false, + "properties": { + "VpcEndpointId": { + "pattern": "^vpce-[a-zA-Z0-9]{17}$", + "type": "string" + } + }, + "required": [ + "VpcEndpointId" + ], + "type": "object" + }, + "PublicNetworkConfiguration": { + "additionalProperties": false, + "properties": { + "IpType": { + "allOf": [ + { + "$ref": "#/definitions/IpType" + }, + { + "default": "IPV4" + } + ] + } + }, + "required": [ + "IpType" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -94,7 +164,8 @@ "ses:ListTagsForResource", "ses:GetIngressPoint", "ses:CreateIngressPoint", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "ec2:DescribeVpcEndpoints" ] }, "delete": { @@ -148,6 +219,9 @@ "pattern": "^[A-Za-z0-9_\\-]+$", "type": "string" }, + "NetworkConfiguration": { + "$ref": "#/definitions/NetworkConfiguration" + }, "RuleSetId": { "maxLength": 100, "minLength": 1, diff --git a/src/schema/aws-ses-mailmanagerruleset.json b/src/schema/aws-ses-mailmanagerruleset.json index e2324cba..0a589127 100644 --- a/src/schema/aws-ses-mailmanagerruleset.json +++ b/src/schema/aws-ses-mailmanagerruleset.json @@ -39,7 +39,7 @@ "ResultField": { "maxLength": 256, "minLength": 1, - "pattern": "^[\\sa-zA-Z0-9_]+$", + "pattern": "^(addon\\.)?[\\sa-zA-Z0-9_]+$", "type": "string" } }, @@ -92,6 +92,38 @@ ], "type": "object" }, + "DeliverToQBusinessAction": { + "additionalProperties": false, + "properties": { + "ActionFailurePolicy": { + "$ref": "#/definitions/ActionFailurePolicy" + }, + "ApplicationId": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[a-z0-9-]+$", + "type": "string" + }, + "IndexId": { + "maxLength": 36, + "minLength": 36, + "pattern": "^[a-z0-9-]+$", + "type": "string" + }, + "RoleArn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^[a-zA-Z0-9:_/+=,@.#-]+$", + "type": "string" + } + }, + "required": [ + "ApplicationId", + "IndexId", + "RoleArn" + ], + "type": "object" + }, "DropAction": { "additionalProperties": false, "type": "object" @@ -286,6 +318,19 @@ ], "title": "DeliverToMailbox", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "DeliverToQBusiness": { + "$ref": "#/definitions/DeliverToQBusinessAction" + } + }, + "required": [ + "DeliverToQBusiness" + ], + "title": "DeliverToQBusiness", + "type": "object" } ] }, @@ -334,6 +379,19 @@ ], "title": "Attribute", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Analysis": { + "$ref": "#/definitions/Analysis" + } + }, + "required": [ + "Analysis" + ], + "title": "Analysis", + "type": "object" } ] }, @@ -472,9 +530,9 @@ }, "Values": { "items": { - "maxLength": 18, + "maxLength": 43, "minLength": 1, - "pattern": "^(([0-9]|.|/)*)$", + "pattern": "^(([0-9]|.|:|/)*)$", "type": "string" }, "maxItems": 10, @@ -631,6 +689,33 @@ ], "title": "Attribute", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "MimeHeaderAttribute": { + "pattern": "^X-[a-zA-Z0-9-]{1,256}$", + "type": "string" + } + }, + "required": [ + "MimeHeaderAttribute" + ], + "title": "MimeHeaderAttribute", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Analysis": { + "$ref": "#/definitions/Analysis" + } + }, + "required": [ + "Analysis" + ], + "title": "Analysis", + "type": "object" } ] }, diff --git a/src/schema/aws-ses-mailmanagertrafficpolicy.json b/src/schema/aws-ses-mailmanagertrafficpolicy.json index 5179c695..91240e82 100644 --- a/src/schema/aws-ses-mailmanagertrafficpolicy.json +++ b/src/schema/aws-ses-mailmanagertrafficpolicy.json @@ -18,7 +18,7 @@ "ResultField": { "maxLength": 256, "minLength": 1, - "pattern": "^[\\sa-zA-Z0-9_]+$", + "pattern": "^(addon\\.)?[\\sa-zA-Z0-9_]+$", "type": "string" } }, @@ -122,6 +122,54 @@ ], "type": "object" }, + "IngressIpv6Attribute": { + "enum": [ + "SENDER_IPV6" + ], + "type": "string" + }, + "IngressIpv6Expression": { + "additionalProperties": false, + "properties": { + "Evaluate": { + "$ref": "#/definitions/IngressIpv6ToEvaluate" + }, + "Operator": { + "$ref": "#/definitions/IngressIpOperator" + }, + "Values": { + "items": { + "maxLength": 49, + "pattern": "^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))\\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])$", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "Evaluate", + "Operator", + "Values" + ], + "type": "object" + }, + "IngressIpv6ToEvaluate": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Attribute": { + "$ref": "#/definitions/IngressIpv6Attribute" + } + }, + "required": [ + "Attribute" + ], + "title": "Attribute", + "type": "object" + } + ] + }, "IngressStringEmailAttribute": { "enum": [ "RECIPIENT" @@ -175,6 +223,19 @@ ], "title": "Attribute", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Analysis": { + "$ref": "#/definitions/IngressAnalysis" + } + }, + "required": [ + "Analysis" + ], + "title": "Analysis", + "type": "object" } ] }, @@ -263,6 +324,19 @@ "title": "IpExpression", "type": "object" }, + { + "additionalProperties": false, + "properties": { + "Ipv6Expression": { + "$ref": "#/definitions/IngressIpv6Expression" + } + }, + "required": [ + "Ipv6Expression" + ], + "title": "Ipv6Expression", + "type": "object" + }, { "additionalProperties": false, "properties": { diff --git a/src/schema/aws-ses-receiptrule.json b/src/schema/aws-ses-receiptrule.json index e3b07ebb..1d22ee21 100644 --- a/src/schema/aws-ses-receiptrule.json +++ b/src/schema/aws-ses-receiptrule.json @@ -13,6 +13,9 @@ "BounceAction": { "$ref": "#/definitions/BounceAction" }, + "ConnectAction": { + "$ref": "#/definitions/ConnectAction" + }, "LambdaAction": { "$ref": "#/definitions/LambdaAction" }, @@ -42,8 +45,8 @@ } }, "required": [ - "HeaderName", - "HeaderValue" + "HeaderValue", + "HeaderName" ], "type": "object" }, @@ -73,6 +76,22 @@ ], "type": "object" }, + "ConnectAction": { + "additionalProperties": false, + "properties": { + "IAMRoleARN": { + "type": "string" + }, + "InstanceARN": { + "type": "string" + } + }, + "required": [ + "InstanceARN", + "IAMRoleARN" + ], + "type": "object" + }, "LambdaAction": { "additionalProperties": false, "properties": { @@ -129,6 +148,9 @@ "BucketName": { "type": "string" }, + "IamRoleArn": { + "type": "string" + }, "KmsKeyArn": { "type": "string" }, @@ -209,8 +231,8 @@ "/properties/Id" ], "required": [ - "RuleSetName", - "Rule" + "Rule", + "RuleSetName" ], "typeName": "AWS::SES::ReceiptRule" } diff --git a/src/schema/aws-shield-protection.json b/src/schema/aws-shield-protection.json index f82bce5a..a5dd648b 100644 --- a/src/schema/aws-shield-protection.json +++ b/src/schema/aws-shield-protection.json @@ -193,7 +193,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-shield.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "shield:ListTagsForResource", + "shield:UntagResource", + "shield:TagResource" + ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Shield::Protection" diff --git a/src/schema/aws-shield-protectiongroup.json b/src/schema/aws-shield-protectiongroup.json index 507b7a7e..48637eb5 100644 --- a/src/schema/aws-shield-protectiongroup.json +++ b/src/schema/aws-shield-protectiongroup.json @@ -145,7 +145,9 @@ "shield:UntagResource", "shield:TagResource" ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Shield::ProtectionGroup" diff --git a/src/schema/aws-signer-profilepermission.json b/src/schema/aws-signer-profilepermission.json index c100d033..bc0cd44d 100644 --- a/src/schema/aws-signer-profilepermission.json +++ b/src/schema/aws-signer-profilepermission.json @@ -73,5 +73,11 @@ "StatementId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::Signer::ProfilePermission" } diff --git a/src/schema/aws-signer-signingprofile.json b/src/schema/aws-signer-signingprofile.json index 9a374d92..cf7b31fd 100644 --- a/src/schema/aws-signer-signingprofile.json +++ b/src/schema/aws-signer-signingprofile.json @@ -28,7 +28,7 @@ "ProfileName": { "maxLength": 64, "minLength": 2, - "pattern": "^[0-9a-zA-Z_]$", + "pattern": "^[0-9a-zA-Z_]{2,64}$", "type": "string" }, "ProfileVersion": { @@ -148,5 +148,17 @@ "PlatformId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "signer:TagResource", + "signer:UntagResource", + "signer:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Signer::SigningProfile" } diff --git a/src/schema/aws-sns-subscription.json b/src/schema/aws-sns-subscription.json index d63309be..599ec04e 100644 --- a/src/schema/aws-sns-subscription.json +++ b/src/schema/aws-sns-subscription.json @@ -1,58 +1,127 @@ { "additionalProperties": false, + "conditionalCreateOnlyProperties": [ + "/properties/Region" + ], "createOnlyProperties": [ "/properties/Endpoint", "/properties/Protocol", "/properties/TopicArn" ], "description": "Resource Type definition for AWS::SNS::Subscription", + "handlers": { + "create": { + "permissions": [ + "iam:GetRole", + "iam:PassRole", + "sns:Subscribe" + ] + }, + "delete": { + "permissions": [ + "sns:Unsubscribe", + "sns:GetSubscriptionAttributes" + ] + }, + "list": { + "permissions": [ + "sns:ListSubscriptions" + ] + }, + "read": { + "permissions": [ + "sns:GetSubscriptionAttributes" + ] + }, + "update": { + "permissions": [ + "iam:GetRole", + "iam:PassRole", + "sns:SetSubscriptionAttributes" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Arn" ], "properties": { + "Arn": { + "description": "Arn of the subscription", + "type": "string" + }, "DeliveryPolicy": { - "type": "object" + "description": "The delivery policy JSON assigned to the subscription. Enables the subscriber to define the message delivery retry strategy in the case of an HTTP/S endpoint subscribed to the topic.", + "type": [ + "object", + "string" + ] }, "Endpoint": { + "description": "The subscription's endpoint. The endpoint value depends on the protocol that you specify. ", "type": "string" }, "FilterPolicy": { - "type": "object" + "description": "The filter policy JSON assigned to the subscription. Enables the subscriber to filter out unwanted messages.", + "type": [ + "object", + "string" + ] }, "FilterPolicyScope": { - "type": "string" - }, - "Id": { + "description": "This attribute lets you choose the filtering scope by using one of the following string value types: MessageAttributes (default) and MessageBody.", "type": "string" }, "Protocol": { + "description": "The subscription's protocol.", "type": "string" }, "RawMessageDelivery": { + "description": "When set to true, enables raw message delivery. Raw messages don't contain any JSON formatting and can be sent to Amazon SQS and HTTP/S endpoints.", "type": "boolean" }, "RedrivePolicy": { - "type": "object" + "description": "When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors are held in the dead-letter queue for further analysis or reprocessing.", + "type": [ + "object", + "string" + ] }, "Region": { + "description": "For cross-region subscriptions, the region in which the topic resides.If no region is specified, AWS CloudFormation uses the region of the caller as the default.", "type": "string" }, "ReplayPolicy": { - "type": "object" + "description": "Specifies whether Amazon SNS resends the notification to the subscription when a message's attribute changes.", + "type": [ + "object", + "string" + ] }, "SubscriptionRoleArn": { + "description": "This property applies only to Amazon Data Firehose delivery stream subscriptions.", "type": "string" }, "TopicArn": { + "description": "The ARN of the topic to subscribe to.", "type": "string" } }, "readOnlyProperties": [ - "/properties/Id" + "/properties/Arn" ], "required": [ "TopicArn", "Protocol" ], - "typeName": "AWS::SNS::Subscription" + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sns", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::SNS::Subscription", + "writeOnlyProperties": [ + "/properties/Region" + ] } diff --git a/src/schema/aws-sns-topic.json b/src/schema/aws-sns-topic.json index cf014c6a..a41b5089 100644 --- a/src/schema/aws-sns-topic.json +++ b/src/schema/aws-sns-topic.json @@ -7,14 +7,14 @@ "definitions": { "LoggingConfig": { "additionalProperties": false, - "description": "", + "description": "The ``LoggingConfig`` property type specifies the ``Delivery`` status logging configuration for an [AWS::SNS::Topic](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topic.html).", "properties": { "FailureFeedbackRoleArn": { - "description": "", + "description": "The IAM role ARN to be used when logging failed message deliveries in Amazon CloudWatch.", "type": "string" }, "Protocol": { - "description": "", + "description": "Indicates one of the supported protocols for the Amazon SNS topic.\n At least one of the other three ``LoggingConfig`` properties is recommend along with ``Protocol``.", "enum": [ "http/s", "sqs", @@ -25,11 +25,11 @@ "type": "string" }, "SuccessFeedbackRoleArn": { - "description": "", + "description": "The IAM role ARN to be used when logging successful message deliveries in Amazon CloudWatch.", "type": "string" }, "SuccessFeedbackSampleRate": { - "description": "", + "description": "The percentage of successful message deliveries to be logged in Amazon CloudWatch. Valid percentage values range from 0 to 100.", "type": "string" } }, @@ -43,20 +43,6 @@ "description": "``Subscription`` is an embedded property that describes the subscription endpoints of an SNS topic.\n For full control over subscription behavior (for example, delivery policy, filtering, raw message delivery, and cross-region subscriptions), use the [AWS::SNS::Subscription](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html) resource.", "properties": { "Endpoint": { - "anyOf": [ - { - "relationshipRef": { - "propertyPath": "/properties/Arn", - "typeName": "AWS::Lambda::Function" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/Arn", - "typeName": "AWS::SQS::Queue" - } - } - ], "description": "The endpoint that receives notifications from the SNS topic. The endpoint value depends on the protocol that you specify. For more information, see the ``Endpoint`` parameter of the ``Subscribe`` action in the *API Reference*.", "type": "string" }, @@ -157,7 +143,7 @@ "type": "object" }, "DeliveryStatusLogging": { - "description": "", + "description": "The ``DeliveryStatusLogging`` configuration enables you to log the delivery status of messages sent from your Amazon SNS topic to subscribed endpoints with the following supported delivery protocols:\n + HTTP \n + Amazon Kinesis Data Firehose\n + AWS Lambda\n + Platform application endpoint\n + Amazon Simple Queue Service\n \n Once configured, log entries are sent to Amazon CloudWatch Logs.", "insertionOrder": false, "items": { "$ref": "#/definitions/LoggingConfig" @@ -169,31 +155,15 @@ "description": "The display name to use for an SNS topic with SMS subscriptions. The display name must be maximum 100 characters long, including hyphens (-), underscores (_), spaces, and tabs.", "type": "string" }, + "FifoThroughputScope": { + "description": "", + "type": "string" + }, "FifoTopic": { "description": "Set to true to create a FIFO topic.", "type": "boolean" }, "KmsMasterKeyId": { - "anyOf": [ - { - "relationshipRef": { - "propertyPath": "/properties/Arn", - "typeName": "AWS::KMS::Key" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/KeyId", - "typeName": "AWS::KMS::Key" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/AliasName", - "typeName": "AWS::KMS::Alias" - } - } - ], "description": "The ID of an AWS managed customer master key (CMK) for SNS or a custom CMK. For more information, see [Key terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms). For more examples, see ``KeyId`` in the *API Reference*.\n This property applies only to [server-side-encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html).", "type": "string" }, @@ -238,6 +208,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sns", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sns:TagResource", + "sns:UntagResource", + "sns:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-sqs-queue.json b/src/schema/aws-sqs-queue.json index b50ea352..197ea82f 100644 --- a/src/schema/aws-sqs-queue.json +++ b/src/schema/aws-sqs-queue.json @@ -25,7 +25,7 @@ "type": "object" } }, - "description": "The ``AWS::SQS::Queue`` resource creates an SQS standard or FIFO queue.\n Keep the following caveats in mind:\n + If you don't specify the ``FifoQueue`` property, SQS creates a standard queue.\n You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Developer Guide*. \n + If you don't provide a value for a property, the queue is created with the default value for the property.\n + If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name.\n + To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues.\n \n For more information about creating FIFO (first-in-first-out) queues, see [Creating an queue ()](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Developer Guide*.", + "description": "The ``AWS::SQS::Queue`` resource creates an SQS standard or FIFO queue.\n Keep the following caveats in mind:\n + If you don't specify the ``FifoQueue`` property, SQS creates a standard queue.\n You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Developer Guide*. \n + If you don't provide a value for a property, the queue is created with the default value for the property.\n + If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name.\n + To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues.\n \n For more information about creating FIFO (first-in-first-out) queues, see [Creating an queue ()](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/create-queue-cloudformation.html) in the *Developer Guide*.", "handlers": { "create": { "permissions": [ @@ -84,7 +84,7 @@ "type": "integer" }, "FifoQueue": { - "description": "If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*.", + "description": "If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*.", "type": "boolean" }, "FifoThroughputLimit": { @@ -96,7 +96,7 @@ "type": "integer" }, "KmsMasterKeyId": { - "description": "The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following:\n + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* \n + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* \n + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* \n + The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper", + "description": "The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (for example ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following:\n + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* \n + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* \n + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* \n + The Key Management Service (KMS) section of the [Security best practices for Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html) in the *Key Management Service Developer Guide*", "type": "string" }, "MaximumMessageSize": { @@ -108,7 +108,7 @@ "type": "integer" }, "QueueName": { - "description": "A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*.\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", + "description": "A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*.\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", "type": "string" }, "QueueUrl": { @@ -120,14 +120,14 @@ "type": "integer" }, "RedriveAllowPolicy": { - "description": "The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:\n + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:\n + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue.\n + ``denyAll``: No source queues can specify this queue as the dead-letter queue.\n + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue.\n \n + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``.", + "description": "The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:\n + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:\n + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue.\n + ``denyAll``: No source queues can specify this queue as the dead-letter queue.\n + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue.\n \n + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``.", "type": [ "object", "string" ] }, "RedrivePolicy": { - "description": "The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:\n + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded.\n + ``maxReceiveCount``: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue.\n \n The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.\n *JSON* \n ``{ \"deadLetterTargetArn\" : String, \"maxReceiveCount\" : Integer }`` \n *YAML* \n ``deadLetterTargetArn : String`` \n ``maxReceiveCount : Integer``", + "description": "The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:\n + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded.\n + ``maxReceiveCount``: The number of times a message is received by a consumer of the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue.\n \n The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.\n *JSON* \n ``{ \"deadLetterTargetArn\" : String, \"maxReceiveCount\" : Integer }`` \n *YAML* \n ``deadLetterTargetArn : String`` \n ``maxReceiveCount : Integer``", "type": [ "object", "string" diff --git a/src/schema/aws-sqs-queuepolicy.json b/src/schema/aws-sqs-queuepolicy.json index 0ac772b0..22d02407 100644 --- a/src/schema/aws-sqs-queuepolicy.json +++ b/src/schema/aws-sqs-queuepolicy.json @@ -37,20 +37,6 @@ "description": "The URLs of the queues to which you want to add the policy. You can use the ``Ref`` function to specify an ``AWS::SQS::Queue`` resource.", "insertionOrder": false, "items": { - "anyOf": [ - { - "relationshipRef": { - "propertyPath": "/properties/QueueUrl", - "typeName": "AWS::SQS::Queue" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/QueueName", - "typeName": "AWS::SQS::Queue" - } - } - ], "type": "string" }, "type": "array", diff --git a/src/schema/aws-ssm-document.json b/src/schema/aws-ssm-document.json index 729b25cb..da06447d 100644 --- a/src/schema/aws-ssm-document.json +++ b/src/schema/aws-ssm-document.json @@ -111,6 +111,7 @@ }, "read": { "permissions": [ + "ssm:DescribeDocument", "ssm:GetDocument", "ssm:ListTagsForResource" ] @@ -226,6 +227,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ssm", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ssm:AddTagsToResource", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::SSM::Document", diff --git a/src/schema/aws-ssm-patchbaseline.json b/src/schema/aws-ssm-patchbaseline.json index 2c37050f..cbe23247 100644 --- a/src/schema/aws-ssm-patchbaseline.json +++ b/src/schema/aws-ssm-patchbaseline.json @@ -361,6 +361,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ssm:AddTagsToResource", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ssm-resourcedatasync.json b/src/schema/aws-ssm-resourcedatasync.json index ef71453c..da59387a 100644 --- a/src/schema/aws-ssm-resourcedatasync.json +++ b/src/schema/aws-ssm-resourcedatasync.json @@ -174,9 +174,6 @@ "type": "string" } }, - "readOnlyProperties": [ - "/properties/SyncName" - ], "required": [ "SyncName" ], diff --git a/src/schema/aws-ssm-resourcepolicy.json b/src/schema/aws-ssm-resourcepolicy.json index 717f4233..e985a988 100644 --- a/src/schema/aws-ssm-resourcepolicy.json +++ b/src/schema/aws-ssm-resourcepolicy.json @@ -12,6 +12,7 @@ }, "delete": { "permissions": [ + "ssm:GetResourcePolicies", "ssm:DeleteResourcePolicy" ] }, @@ -27,6 +28,7 @@ }, "update": { "permissions": [ + "ssm:GetResourcePolicies", "ssm:PutResourcePolicy" ] } diff --git a/src/schema/aws-ssmincidents-replicationset.json b/src/schema/aws-ssmincidents-replicationset.json index 07a78be2..f2acedd0 100644 --- a/src/schema/aws-ssmincidents-replicationset.json +++ b/src/schema/aws-ssmincidents-replicationset.json @@ -16,7 +16,9 @@ "description": "The ReplicationSet regional configuration.", "properties": { "SseKmsKeyId": { - "$ref": "#/definitions/Arn" + "description": "The AWS Key Management Service key ID or Key Alias to use to encrypt your replication set.", + "maxLength": 2048, + "type": "string" } }, "required": [ @@ -155,6 +157,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ssm-incidents.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ssm-incidents:TagResource", + "ssm-incidents:UntagResource", + "ssm-incidents:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ssmincidents-responseplan.json b/src/schema/aws-ssmincidents-responseplan.json index a7fcd6fb..2813457d 100644 --- a/src/schema/aws-ssmincidents-responseplan.json +++ b/src/schema/aws-ssmincidents-responseplan.json @@ -452,6 +452,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ssm-incidents.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ssm-incidents:TagResource", + "ssm-incidents:UntagResource", + "ssm-incidents:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-ssmquicksetup-configurationmanager.json b/src/schema/aws-ssmquicksetup-configurationmanager.json new file mode 100644 index 00000000..3722634e --- /dev/null +++ b/src/schema/aws-ssmquicksetup-configurationmanager.json @@ -0,0 +1,325 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ConfigurationDefinitions/*/Type", + "/properties/ConfigurationDefinitions/*/TypeVersion" + ], + "definitions": { + "ConfigurationDefinition": { + "additionalProperties": false, + "properties": { + "LocalDeploymentAdministrationRoleArn": { + "type": "string" + }, + "LocalDeploymentExecutionRoleName": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Parameters": { + "$ref": "#/definitions/ConfigurationParametersMap" + }, + "Type": { + "pattern": "^[a-zA-Z0-9_\\-.:/]{3,200}$", + "type": "string" + }, + "TypeVersion": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "id": { + "type": "string" + } + }, + "required": [ + "Parameters", + "Type" + ], + "type": "object" + }, + "ConfigurationParametersMap": { + "additionalProperties": false, + "patternProperties": { + "^[A-Za-z0-9+=@_\\/\\s-]+$": { + "maxLength": 40960, + "type": "string" + } + }, + "type": "object" + }, + "Status": { + "enum": [ + "INITIALIZING", + "DEPLOYING", + "SUCCEEDED", + "DELETING", + "STOPPING", + "FAILED", + "STOPPED", + "DELETE_FAILED", + "STOP_FAILED", + "NONE" + ], + "type": "string" + }, + "StatusDetails": { + "additionalProperties": false, + "patternProperties": { + ".+": { + "type": "string" + } + }, + "type": "object" + }, + "StatusSummary": { + "additionalProperties": false, + "properties": { + "LastUpdatedAt": { + "type": "string" + }, + "Status": { + "$ref": "#/definitions/Status" + }, + "StatusDetails": { + "$ref": "#/definitions/StatusDetails" + }, + "StatusMessage": { + "type": "string" + }, + "StatusType": { + "$ref": "#/definitions/StatusType" + } + }, + "required": [ + "LastUpdatedAt", + "StatusType" + ], + "type": "object" + }, + "StatusType": { + "enum": [ + "Deployment", + "AsyncExecutions" + ], + "type": "string" + }, + "TagsMap": { + "additionalProperties": false, + "patternProperties": { + "^[A-Za-z0-9 +=@_\\/:.-]+$": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9 +=@_\\/:.-]+$", + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::SSMQuickSetup::ConfigurationManager Resource Type", + "handlers": { + "create": { + "permissions": [ + "iam:GetRole", + "iam:CreateServiceLinkedRole", + "iam:ListRoles", + "iam:PassRole", + "ssm-quicksetup:CreateConfigurationManager", + "ssm-quicksetup:GetConfigurationManager", + "ssm-quicksetup:TagResource", + "ssm-quicksetup:UntagResource", + "ssm-quicksetup:UpdateConfigurationManager", + "ssm:Describe*", + "ssm:Get*", + "ssm:List*", + "ssm:DeleteAssociation", + "ssm:CreateResourceDataSync", + "ssm:UpdateResourceDataSync", + "ssm:StartAutomationExecution", + "ssm:CreateAssociation", + "ssm:StartAssociationsOnce", + "cloudformation:List*", + "cloudformation:Describe*", + "cloudformation:CreateStack", + "cloudformation:CreateStackInstances", + "cloudformation:CreateStackSet", + "cloudformation:DeleteStack", + "cloudformation:DeleteStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:UpdateStack", + "cloudformation:UpdateStackSet", + "cloudformation:StopStackSetOperation", + "cloudformation:GetTemplate", + "cloudformation:RollbackStack", + "cloudformation:TagResource", + "cloudformation:UntagResource", + "organizations:Describe*", + "organizations:List*", + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator", + "organizations:EnableAWSServiceAccess" + ] + }, + "delete": { + "permissions": [ + "ssm-quicksetup:DeleteConfigurationManager", + "iam:GetRole", + "iam:CreateServiceLinkedRole", + "iam:ListRoles", + "iam:PassRole", + "ssm-quicksetup:GetConfigurationManager", + "ssm-quicksetup:ListConfigurationManagers", + "ssm-quicksetup:TagResource", + "ssm-quicksetup:UntagResource", + "ssm-quicksetup:UpdateConfigurationManager", + "ssm:Describe*", + "ssm:Get*", + "ssm:List*", + "ssm:DeleteAssociation", + "ssm:CreateResourceDataSync", + "ssm:UpdateResourceDataSync", + "ssm:StartAutomationExecution", + "ssm:CreateAssociation", + "ssm:StartAssociationsOnce", + "cloudformation:List*", + "cloudformation:Describe*", + "cloudformation:CreateStack", + "cloudformation:CreateStackInstances", + "cloudformation:CreateStackSet", + "cloudformation:DeleteStack", + "cloudformation:DeleteStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:UpdateStack", + "cloudformation:UpdateStackSet", + "cloudformation:StopStackSetOperation", + "cloudformation:GetTemplate", + "cloudformation:RollbackStack", + "cloudformation:TagResource", + "cloudformation:UntagResource", + "organizations:Describe*", + "organizations:List*", + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator", + "organizations:EnableAWSServiceAccess" + ] + }, + "list": { + "permissions": [ + "ssm-quicksetup:ListConfigurationManagers" + ] + }, + "read": { + "permissions": [ + "ssm-quicksetup:GetConfigurationManager", + "iam:GetRole", + "iam:PassRole", + "iam:ListRoles", + "ssm:DescribeDocument", + "ssm:GetDocument" + ] + }, + "update": { + "permissions": [ + "iam:GetRole", + "iam:CreateServiceLinkedRole", + "iam:ListRoles", + "iam:PassRole", + "ssm-quicksetup:GetConfigurationManager", + "ssm-quicksetup:TagResource", + "ssm-quicksetup:UntagResource", + "ssm-quicksetup:UpdateConfigurationManager", + "ssm-quicksetup:UpdateConfigurationDefinition", + "ssm:Describe*", + "ssm:Get*", + "ssm:List*", + "ssm:DeleteAssociation", + "ssm:CreateResourceDataSync", + "ssm:UpdateResourceDataSync", + "ssm:StartAutomationExecution", + "ssm:CreateAssociation", + "ssm:StartAssociationsOnce", + "cloudformation:List*", + "cloudformation:Describe*", + "cloudformation:CreateStack", + "cloudformation:CreateStackInstances", + "cloudformation:CreateStackSet", + "cloudformation:DeleteStack", + "cloudformation:DeleteStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:UpdateStack", + "cloudformation:UpdateStackSet", + "cloudformation:StopStackSetOperation", + "cloudformation:GetTemplate", + "cloudformation:RollbackStack", + "cloudformation:TagResource", + "cloudformation:UntagResource", + "organizations:Describe*", + "organizations:List*", + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator", + "organizations:EnableAWSServiceAccess" + ] + } + }, + "primaryIdentifier": [ + "/properties/ManagerArn" + ], + "properties": { + "ConfigurationDefinitions": { + "items": { + "$ref": "#/definitions/ConfigurationDefinition" + }, + "type": "array" + }, + "CreatedAt": { + "type": "string" + }, + "Description": { + "pattern": "^.{0,512}$", + "type": "string" + }, + "LastModifiedAt": { + "type": "string" + }, + "ManagerArn": { + "type": "string" + }, + "Name": { + "pattern": "^[ A-Za-z0-9_-]{1,50}$", + "type": "string" + }, + "StatusSummaries": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/StatusSummary" + }, + "type": "array" + }, + "Tags": { + "$ref": "#/definitions/TagsMap" + } + }, + "readOnlyProperties": [ + "/properties/CreatedAt", + "/properties/LastModifiedAt", + "/properties/ManagerArn", + "/properties/StatusSummaries", + "/properties/ConfigurationDefinitions/*/id" + ], + "required": [ + "ConfigurationDefinitions" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "ssm-quicksetup:TagResource", + "ssm-quicksetup:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::SSMQuickSetup::ConfigurationManager" +} diff --git a/src/schema/aws-sso-application.json b/src/schema/aws-sso-application.json index cf91eedb..e0452d22 100644 --- a/src/schema/aws-sso-application.json +++ b/src/schema/aws-sso-application.json @@ -80,7 +80,8 @@ "permissions": [ "sso:CreateApplication", "sso:DescribeApplication", - "sso:TagResource" + "sso:TagResource", + "sso:ListTagsForResource" ] }, "delete": { @@ -100,7 +101,8 @@ ] }, "permissions": [ - "sso:ListApplications" + "sso:ListApplications", + "sso:ListTagsForResource" ] }, "read": { @@ -191,6 +193,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/aws-sso-application", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sso:TagResource", + "sso:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-sso-instance.json b/src/schema/aws-sso-instance.json index 5d977c75..6f534c42 100644 --- a/src/schema/aws-sso-instance.json +++ b/src/schema/aws-sso-instance.json @@ -124,6 +124,12 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/aws-sso-instance", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sso:TagInstance", + "sso:TagResource", + "sso:UntagResource", + "sso:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-sso-permissionset.json b/src/schema/aws-sso-permissionset.json index 1ea0cb6a..217e079b 100644 --- a/src/schema/aws-sso-permissionset.json +++ b/src/schema/aws-sso-permissionset.json @@ -223,6 +223,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/aws-sso-permissionset", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sso:TagResource", + "sso:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-stepfunctions-activity.json b/src/schema/aws-stepfunctions-activity.json index bbac9649..4ce640bb 100644 --- a/src/schema/aws-stepfunctions-activity.json +++ b/src/schema/aws-stepfunctions-activity.json @@ -57,6 +57,7 @@ "create": { "permissions": [ "states:CreateActivity", + "states:DescribeActivity", "states:TagResource", "kms:DescribeKey" ] @@ -121,6 +122,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-stepfunctions.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "states:UntagResource", + "states:TagResource", + "states:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-stepfunctions-statemachine.json b/src/schema/aws-stepfunctions-statemachine.json index 7cecafc7..b5616a44 100644 --- a/src/schema/aws-stepfunctions-statemachine.json +++ b/src/schema/aws-stepfunctions-statemachine.json @@ -277,6 +277,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-stepfunctions.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "states:UntagResource", + "states:TagResource", + "states:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-stepfunctions-statemachineversion.json b/src/schema/aws-stepfunctions-statemachineversion.json index 5bbc54d3..4eb8d068 100644 --- a/src/schema/aws-stepfunctions-statemachineversion.json +++ b/src/schema/aws-stepfunctions-statemachineversion.json @@ -2,7 +2,8 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/StateMachineArn", - "/properties/StateMachineRevisionId" + "/properties/StateMachineRevisionId", + "/properties/Description" ], "definitions": {}, "description": "Resource schema for StateMachineVersion", diff --git a/src/schema/aws-synthetics-canary.json b/src/schema/aws-synthetics-canary.json index f49f5fc8..1ee59764 100644 --- a/src/schema/aws-synthetics-canary.json +++ b/src/schema/aws-synthetics-canary.json @@ -54,10 +54,6 @@ "type": "string" }, "S3Bucket": { - "relationshipRef": { - "propertyPath": "/properties/BucketName", - "typeName": "AWS::S3::Bucket" - }, "type": "string" }, "S3Key": { @@ -78,6 +74,13 @@ ], "type": "object" }, + "ResourceToTag": { + "description": "Specifies which resources canary tags should be replicated to.", + "enum": [ + "lambda-function" + ], + "type": "string" + }, "RunConfig": { "additionalProperties": false, "properties": { @@ -161,41 +164,23 @@ "VPCConfig": { "additionalProperties": false, "properties": { + "Ipv6AllowedForDualStack": { + "description": "Allow outbound IPv6 traffic on VPC canaries that are connected to dual-stack subnets if set to true", + "type": "boolean" + }, "SecurityGroupIds": { "items": { - "anyOf": [ - { - "relationshipRef": { - "propertyPath": "/properties/GroupId", - "typeName": "AWS::EC2::SecurityGroup" - } - }, - { - "relationshipRef": { - "propertyPath": "/properties/DefaultSecurityGroup", - "typeName": "AWS::EC2::VPC" - } - } - ], "type": "string" }, "type": "array" }, "SubnetIds": { "items": { - "relationshipRef": { - "propertyPath": "/properties/SubnetId", - "typeName": "AWS::EC2::Subnet" - }, "type": "string" }, "type": "array" }, "VpcId": { - "relationshipRef": { - "propertyPath": "/properties/VpcId", - "typeName": "AWS::EC2::VPC" - }, "type": "string" } }, @@ -246,11 +231,13 @@ "lambda:CreateFunction", "lambda:AddPermission", "lambda:PublishVersion", + "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:GetFunctionConfiguration", "lambda:GetLayerVersionByArn", "lambda:GetLayerVersion", "lambda:PublishLayerVersion", + "lambda:TagResource", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", @@ -260,7 +247,9 @@ "delete": { "permissions": [ "synthetics:DeleteCanary", - "synthetics:GetCanary" + "synthetics:GetCanary", + "lambda:DeleteFunction", + "lambda:DeleteLayerVersion" ] }, "list": { @@ -293,12 +282,19 @@ "s3:GetBucketLocation", "lambda:AddPermission", "lambda:PublishVersion", + "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:GetFunctionConfiguration", "lambda:GetLayerVersionByArn", "lambda:GetLayerVersion", "lambda:PublishLayerVersion", - "iam:PassRole" + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource", + "iam:PassRole", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" ] } }, @@ -337,9 +333,25 @@ }, "Name": { "description": "Name of the canary.", - "pattern": "^[0-9a-z_\\-]{1,21}$", + "pattern": "^[0-9a-z_\\-]{1,255}$", + "type": "string" + }, + "ProvisionedResourceCleanup": { + "description": "Setting to control if provisioned resources created by Synthetics are deleted alongside the canary. Default is AUTOMATIC.", + "enum": [ + "AUTOMATIC", + "OFF" + ], "type": "string" }, + "ResourcesToReplicateTags": { + "description": "List of resources which canary tags should be replicated to.", + "items": { + "$ref": "#/definitions/ResourceToTag" + }, + "type": "array", + "uniqueItems": true + }, "RunConfig": { "$ref": "#/definitions/RunConfig", "description": "Provide canary run configuration" @@ -395,6 +407,14 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-synthetics", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "synthetics:TagResource", + "synthetics:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Synthetics::Canary", @@ -405,6 +425,7 @@ "/properties/Code/Script", "/properties/DeleteLambdaResourcesOnCanaryDeletion", "/properties/StartCanaryAfterCreation", + "/properties/ResourcesToReplicateTags", "/properties/RunConfig/EnvironmentVariables", "/properties/VisualReference" ] diff --git a/src/schema/aws-synthetics-group.json b/src/schema/aws-synthetics-group.json index 20893f5d..6564f8dc 100644 --- a/src/schema/aws-synthetics-group.json +++ b/src/schema/aws-synthetics-group.json @@ -6,7 +6,7 @@ "definitions": { "ResourceArn": { "description": "Provide Canary Arn associated with the group.", - "pattern": "arn:(aws[a-zA-Z-]*)?:synthetics:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:canary:[0-9a-z_\\-]", + "pattern": "arn:(aws[a-zA-Z-]*)?:synthetics:[a-z]{2}((-gov)|(-iso(b|e|f?)))?-[a-z]+-\\d{1}:\\d{12}:canary:[0-9a-z_\\-]", "type": "string" }, "Tag": { @@ -112,6 +112,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-synthetics", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "synthetics:TagResource", + "synthetics:UntagResource", + "synthetics:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Synthetics::Group" diff --git a/src/schema/aws-systemsmanagersap-application.json b/src/schema/aws-systemsmanagersap-application.json index 35de4295..c6c6aee1 100644 --- a/src/schema/aws-systemsmanagersap-application.json +++ b/src/schema/aws-systemsmanagersap-application.json @@ -4,9 +4,37 @@ "/properties/Credentials", "/properties/Instances", "/properties/SapInstanceNumber", - "/properties/Sid" + "/properties/Sid", + "/properties/DatabaseArn", + "/properties/ComponentsInfo" ], "definitions": { + "ComponentInfo": { + "properties": { + "ComponentType": { + "enum": [ + "HANA", + "HANA_NODE", + "ABAP", + "ASCS", + "DIALOG", + "WEBDISP", + "WD", + "ERS" + ], + "type": "string" + }, + "Ec2InstanceId": { + "pattern": "^i-[\\w\\d]{8}$|^i-[\\w\\d]{17}$", + "type": "string" + }, + "Sid": { + "pattern": "[A-Z][A-Z0-9]{2}", + "type": "string" + } + }, + "type": "object" + }, "Credential": { "additionalProperties": false, "properties": { @@ -62,7 +90,8 @@ "ssm-sap:RegisterApplication", "ssm-sap:GetApplication", "ssm-sap:TagResource", - "ssm-sap:ListTagsForResource" + "ssm-sap:ListTagsForResource", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -96,20 +125,30 @@ ], "properties": { "ApplicationId": { - "pattern": "[\\w\\d]{1,50}", + "pattern": "[\\w\\d\\.-]{1,60}", "type": "string" }, "ApplicationType": { "enum": [ - "HANA" + "HANA", + "SAP_ABAP" ], "type": "string" }, "Arn": { - "description": "The ARN of the Helix application", + "description": "The ARN of the SSM-SAP application", "pattern": "^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\\/.+$", "type": "string" }, + "ComponentsInfo": { + "description": "This is an optional parameter for component details to which the SAP ABAP application is attached, such as Web Dispatcher.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ComponentInfo" + }, + "minItems": 1, + "type": "array" + }, "Credentials": { "insertionOrder": true, "items": { @@ -118,6 +157,11 @@ "minItems": 1, "type": "array" }, + "DatabaseArn": { + "description": "The ARN of the SAP HANA database", + "pattern": "^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\\/.+$", + "type": "string" + }, "Instances": { "insertionOrder": true, "items": { @@ -152,6 +196,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ssm-sap:UntagResource", + "ssm-sap:TagResource", + "ssm-sap:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -162,6 +211,8 @@ "/properties/Credentials", "/properties/Instances", "/properties/SapInstanceNumber", - "/properties/Sid" + "/properties/Sid", + "/properties/DatabaseArn", + "/properties/ComponentsInfo" ] } diff --git a/src/schema/aws-timestream-database.json b/src/schema/aws-timestream-database.json index e47c9edb..d4a9ad91 100644 --- a/src/schema/aws-timestream-database.json +++ b/src/schema/aws-timestream-database.json @@ -95,5 +95,17 @@ "/properties/Arn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "timestream:TagResource", + "timestream:ListTagsForResource", + "timestream:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Timestream::Database" } diff --git a/src/schema/aws-timestream-influxdbinstance.json b/src/schema/aws-timestream-influxdbinstance.json index 6571c54b..a0f364e2 100644 --- a/src/schema/aws-timestream-influxdbinstance.json +++ b/src/schema/aws-timestream-influxdbinstance.json @@ -6,13 +6,12 @@ "/properties/Password", "/properties/Organization", "/properties/Bucket", - "/properties/DbInstanceType", "/properties/VpcSubnetIds", "/properties/VpcSecurityGroupIds", "/properties/PubliclyAccessible", "/properties/DbStorageType", "/properties/AllocatedStorage", - "/properties/DeploymentType" + "/properties/NetworkType" ], "definitions": { "Tag": { @@ -88,7 +87,9 @@ "timestream-influxdb:UpdateDbInstance", "timestream-influxdb:TagResource", "timestream-influxdb:UntagResource", - "timestream-influxdb:ListTagsForResource" + "timestream-influxdb:ListTagsForResource", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" ], "timeoutInMinutes": 2160 } @@ -211,7 +212,15 @@ "description": "The unique name that is associated with the InfluxDB instance.", "maxLength": 40, "minLength": 3, - "pattern": "^[a-zA-z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$", + "pattern": "^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$", + "type": "string" + }, + "NetworkType": { + "description": "Network type of the InfluxDB Instance.", + "enum": [ + "IPV4", + "DUAL" + ], "type": "string" }, "Organization": { @@ -227,6 +236,12 @@ "pattern": "^[a-zA-Z0-9]+$", "type": "string" }, + "Port": { + "description": "The port number on which InfluxDB accepts connections.", + "maximum": 65535, + "minimum": 1024, + "type": "integer" + }, "PubliclyAccessible": { "default": false, "description": "Attach a public IP to the customer ENI.", @@ -244,6 +259,8 @@ "DELETING", "MODIFYING", "UPDATING", + "UPDATING_DEPLOYMENT_TYPE", + "UPDATING_INSTANCE_TYPE", "DELETED", "FAILED" ], @@ -299,6 +316,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "timestream-influxdb:TagResource", + "timestream-influxdb:ListTagsForResource", + "timestream-influxdb:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-timestream-scheduledquery.json b/src/schema/aws-timestream-scheduledquery.json index 7d4a8c55..f34eba79 100644 --- a/src/schema/aws-timestream-scheduledquery.json +++ b/src/schema/aws-timestream-scheduledquery.json @@ -542,5 +542,17 @@ "ErrorReportConfiguration" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "timestream:TagResource", + "timestream:ListTagsForResource", + "timestream:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Timestream::ScheduledQuery" } diff --git a/src/schema/aws-timestream-table.json b/src/schema/aws-timestream-table.json index 48b5c4a9..f9588235 100644 --- a/src/schema/aws-timestream-table.json +++ b/src/schema/aws-timestream-table.json @@ -236,5 +236,17 @@ "DatabaseName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "timestream:TagResource", + "timestream:ListTagsForResource", + "timestream:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Timestream::Table" } diff --git a/src/schema/aws-transfer-agreement.json b/src/schema/aws-transfer-agreement.json index 9438c05e..25062fe6 100644 --- a/src/schema/aws-transfer-agreement.json +++ b/src/schema/aws-transfer-agreement.json @@ -103,6 +103,45 @@ "pattern": "^(|/.*)$", "type": "string" }, + "CustomDirectories": { + "additionalProperties": false, + "description": "Specifies a separate directory for each type of file to store for an AS2 message.", + "properties": { + "FailedFilesDirectory": { + "description": "Specifies a location to store the failed files for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "MdnFilesDirectory": { + "description": "Specifies a location to store the MDN file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "PayloadFilesDirectory": { + "description": "Specifies a location to store the payload file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "StatusFilesDirectory": { + "description": "Specifies a location to store the status file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "TemporaryFilesDirectory": { + "description": "Specifies a location to store the temporary processing file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + } + }, + "required": [ + "FailedFilesDirectory", + "MdnFilesDirectory", + "PayloadFilesDirectory", + "StatusFilesDirectory", + "TemporaryFilesDirectory" + ], + "type": "object" + }, "Description": { "description": "A textual description for the agreement.", "maxLength": 200, @@ -110,6 +149,14 @@ "pattern": "^[\\u0021-\\u007E]+$", "type": "string" }, + "EnforceMessageSigning": { + "description": "Specifies whether to enforce an AS2 message is signed for this agreement.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "LocalProfileId": { "description": "A unique identifier for the local profile.", "maxLength": 19, @@ -124,6 +171,14 @@ "pattern": "^p-([0-9a-f]{17})$", "type": "string" }, + "PreserveFilename": { + "description": "Specifies whether to preserve the filename received for this agreement.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "ServerId": { "description": "A unique identifier for the server.", "maxLength": 19, @@ -158,12 +213,16 @@ "ServerId", "LocalProfileId", "PartnerProfileId", - "BaseDirectory", "AccessRole" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transfer", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-transfer-certificate.json b/src/schema/aws-transfer-certificate.json index d64515ce..28c73c20 100644 --- a/src/schema/aws-transfer-certificate.json +++ b/src/schema/aws-transfer-certificate.json @@ -182,6 +182,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-transfer-connector.json b/src/schema/aws-transfer-connector.json index 4b720e20..3b3fc17e 100644 --- a/src/schema/aws-transfer-connector.json +++ b/src/schema/aws-transfer-connector.json @@ -152,6 +152,14 @@ "pattern": "^p-([0-9a-f]{17})$", "type": "string" }, + "PreserveContentType": { + "description": "Specifies whether to use the AWS S3 object content-type as the content-type for the AS2 message.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "SigningAlgorithm": { "description": "Signing algorithm for this AS2 connector configuration.", "enum": [ @@ -245,6 +253,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-transfer-profile.json b/src/schema/aws-transfer-profile.json index f7b0b93e..b27fc2df 100644 --- a/src/schema/aws-transfer-profile.json +++ b/src/schema/aws-transfer-profile.json @@ -128,6 +128,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-transfer-server.json b/src/schema/aws-transfer-server.json index c26dac22..b76dc981 100644 --- a/src/schema/aws-transfer-server.json +++ b/src/schema/aws-transfer-server.json @@ -1,39 +1,71 @@ { + "additionalIdentifiers": [ + [ + "/properties/ServerId" + ] + ], "additionalProperties": false, + "conditionalCreateOnlyProperties": [ + "/properties/EndpointDetails", + "/properties/EndpointDetails/AddressAllocationIds" + ], "createOnlyProperties": [ - "/properties/IdentityProviderType", - "/properties/Domain" + "/properties/Domain", + "/properties/IdentityProviderType" ], "definitions": { "As2Transport": { - "additionalProperties": false, - "type": "object" + "enum": [ + "HTTP" + ], + "type": "string" + }, + "DirectoryListingOptimization": { + "description": "Indicates whether optimization to directory listing on S3 servers is used. Disabled by default for compatibility.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "Domain": { + "enum": [ + "S3", + "EFS" + ], + "type": "string" }, "EndpointDetails": { "additionalProperties": false, "properties": { "AddressAllocationIds": { + "insertionOrder": true, "items": { "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "SecurityGroupIds": { + "insertionOrder": false, "items": { + "maxLength": 20, + "minLength": 11, + "pattern": "^sg-[0-9a-f]{8,17}$", "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "SubnetIds": { + "insertionOrder": true, "items": { "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "VpcEndpointId": { + "maxLength": 22, + "minLength": 22, + "pattern": "^vpce-[0-9a-f]{17}$", "type": "string" }, "VpcId": { @@ -42,49 +74,86 @@ }, "type": "object" }, + "EndpointType": { + "enum": [ + "PUBLIC", + "VPC", + "VPC_ENDPOINT" + ], + "type": "string" + }, "IdentityProviderDetails": { "additionalProperties": false, "properties": { "DirectoryId": { + "maxLength": 12, + "minLength": 12, + "pattern": "^d-[0-9a-f]{10}$", "type": "string" }, "Function": { + "maxLength": 170, + "minLength": 1, + "pattern": "^arn:[a-z-]+:lambda:.*$", "type": "string" }, "InvocationRole": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:.*role/\\S+$", "type": "string" }, "SftpAuthenticationMethods": { - "type": "string" + "$ref": "#/definitions/SftpAuthenticationMethods" }, "Url": { + "maxLength": 255, + "minLength": 0, "type": "string" } }, "type": "object" }, + "IdentityProviderType": { + "enum": [ + "SERVICE_MANAGED", + "API_GATEWAY", + "AWS_DIRECTORY_SERVICE", + "AWS_LAMBDA" + ], + "type": "string" + }, "Protocol": { - "additionalProperties": false, - "type": "object" + "enum": [ + "SFTP", + "FTP", + "FTPS", + "AS2" + ], + "type": "string" }, "ProtocolDetails": { "additionalProperties": false, "properties": { "As2Transports": { + "insertionOrder": false, "items": { "$ref": "#/definitions/As2Transport" }, - "type": "array", - "uniqueItems": false + "maxItems": 1, + "minItems": 1, + "type": "array" }, "PassiveIp": { + "maxLength": 15, + "minLength": 0, "type": "string" }, "SetStatOption": { - "type": "string" + "$ref": "#/definitions/SetStatOption" }, "TlsSessionResumptionMode": { - "type": "string" + "$ref": "#/definitions/TlsSessionResumptionMode" } }, "type": "object" @@ -93,44 +162,85 @@ "additionalProperties": false, "properties": { "DirectoryListingOptimization": { - "type": "string" + "$ref": "#/definitions/DirectoryListingOptimization" } }, "type": "object" }, - "StructuredLogDestination": { - "additionalProperties": false, - "type": "object" + "SetStatOption": { + "enum": [ + "DEFAULT", + "ENABLE_NO_OP" + ], + "type": "string" + }, + "SftpAuthenticationMethods": { + "enum": [ + "PASSWORD", + "PUBLIC_KEY", + "PUBLIC_KEY_OR_PASSWORD", + "PUBLIC_KEY_AND_PASSWORD" + ], + "type": "string" + }, + "State": { + "enum": [ + "OFFLINE", + "ONLINE", + "STARTING", + "STOPPING", + "START_FAILED", + "STOP_FAILED" + ], + "type": "string" }, "Tag": { "additionalProperties": false, "properties": { "Key": { + "maxLength": 128, + "minLength": 0, "type": "string" }, "Value": { + "maxLength": 256, + "minLength": 0, "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" }, + "TlsSessionResumptionMode": { + "enum": [ + "DISABLED", + "ENABLED", + "ENFORCED" + ], + "type": "string" + }, "WorkflowDetail": { "additionalProperties": false, "properties": { "ExecutionRole": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:.*role/\\S+$", "type": "string" }, "WorkflowId": { + "maxLength": 19, + "minLength": 19, + "pattern": "^w-([a-z0-9]{17})$", "type": "string" } }, "required": [ - "WorkflowId", - "ExecutionRole" + "ExecutionRole", + "WorkflowId" ], "type": "object" }, @@ -138,98 +248,244 @@ "additionalProperties": false, "properties": { "OnPartialUpload": { + "insertionOrder": true, "items": { "$ref": "#/definitions/WorkflowDetail" }, - "type": "array", - "uniqueItems": false + "maxItems": 1, + "minItems": 0, + "type": "array" }, "OnUpload": { + "insertionOrder": true, "items": { "$ref": "#/definitions/WorkflowDetail" }, - "type": "array", - "uniqueItems": false + "maxItems": 1, + "minItems": 0, + "type": "array" } }, "type": "object" } }, - "description": "Resource Type definition for AWS::Transfer::Server", + "description": "Definition of AWS::Transfer::Server Resource Type", + "handlers": { + "create": { + "permissions": [ + "apigateway:GET", + "ds:AuthorizeApplication", + "ds:DescribeDirectories", + "ec2:AssociateAddress", + "ec2:CreateVpcEndpoint", + "ec2:DescribeAddresses", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcEndpoints", + "iam:PassRole", + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "transfer:CreateServer", + "transfer:DescribeServer", + "transfer:StartServer", + "transfer:StopServer", + "transfer:TagResource", + "transfer:UpdateServer" + ] + }, + "delete": { + "permissions": [ + "ds:DescribeDirectories", + "ds:UnauthorizeApplication", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAddresses", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcEndpoints", + "ec2:DisassociateAddress", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "transfer:DeleteServer" + ] + }, + "list": { + "permissions": [ + "transfer:ListServers" + ] + }, + "read": { + "permissions": [ + "ec2:DescribeVpcEndpoints", + "transfer:DescribeServer" + ] + }, + "update": { + "permissions": [ + "apigateway:GET", + "ec2:AssociateAddress", + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAddresses", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcEndpoints", + "ec2:DisassociateAddress", + "ec2:ModifyVpcEndpoint", + "iam:PassRole", + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "transfer:DescribeServer", + "transfer:StartServer", + "transfer:StopServer", + "transfer:TagResource", + "transfer:UnTagResource", + "transfer:UpdateServer" + ] + } + }, "primaryIdentifier": [ - "/properties/ServerId" + "/properties/Arn" ], "properties": { "Arn": { + "maxLength": 1600, + "minLength": 20, + "pattern": "^arn:\\S+$", "type": "string" }, + "As2ServiceManagedEgressIpAddresses": { + "description": "The list of egress IP addresses of this server. These IP addresses are only relevant for servers that use the AS2 protocol. They are used for sending asynchronous MDNs. These IP addresses are assigned automatically when you create an AS2 server. Additionally, if you update an existing server and add the AS2 protocol, static IP addresses are assigned as well.", + "insertionOrder": false, + "items": { + "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", + "type": "string" + }, + "type": "array" + }, "Certificate": { + "maxLength": 1600, + "minLength": 0, "type": "string" }, "Domain": { - "type": "string" + "$ref": "#/definitions/Domain" }, "EndpointDetails": { "$ref": "#/definitions/EndpointDetails" }, "EndpointType": { - "type": "string" + "$ref": "#/definitions/EndpointType" }, "IdentityProviderDetails": { "$ref": "#/definitions/IdentityProviderDetails" }, "IdentityProviderType": { - "type": "string" + "$ref": "#/definitions/IdentityProviderType" }, "LoggingRole": { + "maxLength": 2048, + "minLength": 0, + "pattern": "^(|arn:.*role/\\S+)$", "type": "string" }, "PostAuthenticationLoginBanner": { + "maxLength": 4096, + "minLength": 0, + "pattern": "^[\\x09-\\x0D\\x20-\\x7E]*$", "type": "string" }, "PreAuthenticationLoginBanner": { + "maxLength": 4096, + "minLength": 0, + "pattern": "^[\\x09-\\x0D\\x20-\\x7E]*$", "type": "string" }, "ProtocolDetails": { "$ref": "#/definitions/ProtocolDetails" }, "Protocols": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Protocol" }, - "type": "array", - "uniqueItems": false + "maxItems": 4, + "minItems": 1, + "type": "array" }, "S3StorageOptions": { "$ref": "#/definitions/S3StorageOptions" }, "SecurityPolicyName": { + "maxLength": 100, + "minLength": 0, + "pattern": "^TransferSecurityPolicy-.+$", "type": "string" }, "ServerId": { + "maxLength": 19, + "minLength": 19, + "pattern": "^s-([0-9a-f]{17})$", "type": "string" }, + "State": { + "$ref": "#/definitions/State" + }, "StructuredLogDestinations": { + "insertionOrder": false, "items": { - "$ref": "#/definitions/StructuredLogDestination" + "maxLength": 1600, + "minLength": 20, + "pattern": "^arn:\\S+$", + "type": "string" }, - "type": "array", - "uniqueItems": false + "maxItems": 1, + "minItems": 0, + "type": "array" }, "Tags": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" }, - "type": "array", - "uniqueItems": false + "maxItems": 50, + "minItems": 1, + "type": "array" }, "WorkflowDetails": { "$ref": "#/definitions/WorkflowDetails" } }, "readOnlyProperties": [ + "/properties/Arn", + "/properties/As2ServiceManagedEgressIpAddresses", "/properties/ServerId", - "/properties/Arn" + "/properties/State" ], - "typeName": "AWS::Transfer::Server" + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transfer", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "transfer:TagResource", + "transfer:UnTagResource", + "transfer:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Transfer::Server", + "writeOnlyProperties": [ + "/properties/IdentityProviderType" + ] } diff --git a/src/schema/aws-transfer-user.json b/src/schema/aws-transfer-user.json index fa756686..40804cbd 100644 --- a/src/schema/aws-transfer-user.json +++ b/src/schema/aws-transfer-user.json @@ -1,4 +1,10 @@ { + "additionalIdentifiers": [ + [ + "/properties/ServerId", + "/properties/UserName" + ] + ], "additionalProperties": false, "createOnlyProperties": [ "/properties/ServerId", @@ -9,13 +15,19 @@ "additionalProperties": false, "properties": { "Entry": { + "maxLength": 1024, + "minLength": 0, + "pattern": "^/.*$", "type": "string" }, "Target": { + "maxLength": 1024, + "minLength": 0, + "pattern": "^/.*$", "type": "string" }, "Type": { - "type": "string" + "$ref": "#/definitions/MapType" } }, "required": [ @@ -24,106 +36,196 @@ ], "type": "object" }, + "HomeDirectoryType": { + "enum": [ + "PATH", + "LOGICAL" + ], + "type": "string" + }, + "MapType": { + "enum": [ + "FILE", + "DIRECTORY" + ], + "type": "string" + }, "PosixProfile": { "additionalProperties": false, "properties": { "Gid": { + "maximum": 4294967295, + "minimum": 0, "type": "number" }, "SecondaryGids": { + "insertionOrder": false, "items": { + "maximum": 4294967295, + "minimum": 0, "type": "number" }, - "type": "array", - "uniqueItems": false + "maxItems": 16, + "minItems": 0, + "type": "array" }, "Uid": { + "maximum": 4294967295, + "minimum": 0, "type": "number" } }, "required": [ - "Uid", - "Gid" + "Gid", + "Uid" ], "type": "object" }, - "SshPublicKey": { - "additionalProperties": false, - "type": "object" - }, "Tag": { "additionalProperties": false, "properties": { "Key": { + "maxLength": 128, + "minLength": 0, "type": "string" }, "Value": { + "maxLength": 256, + "minLength": 0, "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::Transfer::User", + "description": "Definition of AWS::Transfer::User Resource Type", + "handlers": { + "create": { + "permissions": [ + "iam:PassRole", + "transfer:CreateUser", + "transfer:DescribeUser", + "transfer:ImportSshPublicKey", + "transfer:TagResource" + ] + }, + "delete": { + "permissions": [ + "transfer:DeleteUser" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "ServerId": { + "$ref": "resource-schema.json#/properties/ServerId" + } + }, + "required": [ + "ServerId" + ] + }, + "permissions": [ + "transfer:ListUsers" + ] + }, + "read": { + "permissions": [ + "transfer:DescribeUser" + ] + }, + "update": { + "permissions": [ + "iam:PassRole", + "transfer:DeleteSshPublicKey", + "transfer:DescribeUser", + "transfer:ImportSshPublicKey", + "transfer:TagResource", + "transfer:UnTagResource", + "transfer:UpdateUser" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Arn" ], "properties": { "Arn": { + "maxLength": 1600, + "minLength": 20, + "pattern": "^arn:\\S+$", "type": "string" }, "HomeDirectory": { + "maxLength": 1024, + "minLength": 0, + "pattern": "^(|/.*)$", "type": "string" }, "HomeDirectoryMappings": { + "insertionOrder": false, "items": { "$ref": "#/definitions/HomeDirectoryMapEntry" }, - "type": "array", - "uniqueItems": false + "maxItems": 50000, + "minItems": 1, + "type": "array" }, "HomeDirectoryType": { - "type": "string" - }, - "Id": { - "type": "string" + "$ref": "#/definitions/HomeDirectoryType" }, "Policy": { + "maxLength": 2048, + "minLength": 0, "type": "string" }, "PosixProfile": { "$ref": "#/definitions/PosixProfile" }, "Role": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:.*role/\\S+$", "type": "string" }, "ServerId": { + "maxLength": 19, + "minLength": 19, + "pattern": "^s-([0-9a-f]{17})$", "type": "string" }, "SshPublicKeys": { + "description": "This represents the SSH User Public Keys for CloudFormation resource", + "insertionOrder": false, "items": { - "$ref": "#/definitions/SshPublicKey" + "maxLength": 2048, + "minLength": 0, + "pattern": "^\\s*(ssh|ecdsa)-[a-z0-9-]+[ \\t]+(([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{1,3})?(={0,3})?)(\\s*|[ \\t]+[\\S \\t]*\\s*)$", + "type": "string" }, - "type": "array", - "uniqueItems": false + "type": "array" }, "Tags": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" }, - "type": "array", - "uniqueItems": false + "maxItems": 50, + "minItems": 1, + "type": "array" }, "UserName": { + "maxLength": 100, + "minLength": 3, + "pattern": "^[\\w][\\w@.-]{2,99}$", "type": "string" } }, "readOnlyProperties": [ - "/properties/Id", "/properties/Arn" ], "required": [ @@ -131,5 +233,18 @@ "ServerId", "UserName" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transfer", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "transfer:TagResource", + "transfer:UnTagResource", + "transfer:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Transfer::User" } diff --git a/src/schema/aws-transfer-webapp.json b/src/schema/aws-transfer-webapp.json new file mode 100644 index 00000000..2d0c2a4d --- /dev/null +++ b/src/schema/aws-transfer-webapp.json @@ -0,0 +1,240 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/WebAppId" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/WebAppEndpointPolicy", + "/properties/IdentityProviderDetails/InstanceArn" + ], + "definitions": { + "IdentityProviderDetails": { + "additionalProperties": false, + "description": "You can provide a structure that contains the details for the identity provider to use with your web app.", + "properties": { + "ApplicationArn": { + "maxLength": 1224, + "minLength": 10, + "pattern": "^arn:[\\w-]+:sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$", + "type": "string" + }, + "InstanceArn": { + "description": "The Amazon Resource Name (ARN) for the IAM Identity Center used for the web app.", + "maxLength": 1224, + "minLength": 10, + "pattern": "^arn:[\\w-]+:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$", + "type": "string" + }, + "Role": { + "description": "The IAM role in IAM Identity Center used for the web app.", + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[a-z-]+:iam::[0-9]{12}:role[:/]\\S+$", + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "Key-value pair that can be used to group and search for web apps.", + "properties": { + "Key": { + "maxLength": 128, + "minLength": 0, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "WebAppCustomization": { + "additionalProperties": false, + "properties": { + "FaviconFile": { + "description": "Specifies a favicon to display in the browser tab.", + "maxLength": 20960, + "minLength": 1, + "type": "string" + }, + "LogoFile": { + "description": "Specifies a logo to display on the web app.", + "maxLength": 51200, + "minLength": 1, + "type": "string" + }, + "Title": { + "description": "Specifies a title to display on the web app.", + "maxLength": 100, + "minLength": 0, + "type": "string" + } + }, + "type": "object" + }, + "WebAppEndpointPolicy": { + "enum": [ + "STANDARD", + "FIPS" + ], + "type": "string" + }, + "WebAppUnits": { + "oneOf": [ + { + "additionalProperties": false, + "description": "A union that contains the value for number of concurrent connections or the user sessions on your web app.", + "properties": { + "Provisioned": { + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "Provisioned" + ], + "title": "Provisioned", + "type": "object" + } + ] + } + }, + "description": "Resource Type definition for AWS::Transfer::WebApp", + "handlers": { + "create": { + "permissions": [ + "transfer:CreateWebApp", + "transfer:DescribeWebApp", + "transfer:DescribeWebAppCustomization", + "transfer:TagResource", + "transfer:UpdateWebAppCustomization", + "iam:PassRole", + "sso:CreateApplication", + "sso:DescribeApplication", + "sso:ListApplications", + "sso:PutApplicationGrant", + "sso:GetApplicationGrant", + "sso:ListApplicationGrants", + "sso:PutApplicationAuthenticationMethod", + "sso:GetApplicationAuthenticationMethod", + "sso:ListApplicationAuthenticationMethods", + "sso:PutApplicationAccessScope", + "sso:GetApplicationAccessScope", + "sso:ListApplicationAccessScopes" + ] + }, + "delete": { + "permissions": [ + "transfer:DeleteWebApp", + "sso:DescribeApplication", + "sso:DeleteApplication" + ] + }, + "list": { + "permissions": [ + "transfer:ListWebApps" + ] + }, + "read": { + "permissions": [ + "transfer:DescribeWebApp", + "transfer:DescribeWebAppCustomization" + ] + }, + "update": { + "permissions": [ + "transfer:DescribeWebApp", + "transfer:DescribeWebAppCustomization", + "transfer:UpdateWebApp", + "transfer:UpdateWebAppCustomization", + "transfer:DeleteWebAppCustomization", + "transfer:UnTagResource", + "transfer:TagResource", + "iam:PassRole", + "sso:PutApplicationGrant", + "sso:GetApplicationGrant", + "sso:ListApplicationGrants", + "sso:UpdateApplication", + "sso:DescribeApplication", + "sso:ListApplications" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "AccessEndpoint": { + "description": "The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "Arn": { + "description": "Specifies the unique Amazon Resource Name (ARN) for the web app.", + "maxLength": 1600, + "minLength": 20, + "pattern": "arn:.*", + "type": "string" + }, + "IdentityProviderDetails": { + "$ref": "#/definitions/IdentityProviderDetails" + }, + "Tags": { + "description": "Key-value pairs that can be used to group and search for web apps.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array" + }, + "WebAppCustomization": { + "$ref": "#/definitions/WebAppCustomization" + }, + "WebAppEndpointPolicy": { + "$ref": "#/definitions/WebAppEndpointPolicy" + }, + "WebAppId": { + "description": "A unique identifier for the web app.", + "maxLength": 24, + "minLength": 24, + "pattern": "^webapp-([0-9a-f]{17})$", + "type": "string" + }, + "WebAppUnits": { + "$ref": "#/definitions/WebAppUnits" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/WebAppId", + "/properties/IdentityProviderDetails/ApplicationArn" + ], + "required": [ + "IdentityProviderDetails" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "transfer:TagResource", + "transfer:UnTagResource", + "transfer:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Transfer::WebApp" +} diff --git a/src/schema/aws-transfer-workflow.json b/src/schema/aws-transfer-workflow.json index ae9255e3..86ea4787 100644 --- a/src/schema/aws-transfer-workflow.json +++ b/src/schema/aws-transfer-workflow.json @@ -391,6 +391,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-voiceid-domain.json b/src/schema/aws-voiceid-domain.json index 7b5a78fd..759e70a4 100644 --- a/src/schema/aws-voiceid-domain.json +++ b/src/schema/aws-voiceid-domain.json @@ -128,15 +128,14 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "voiceid:TagResource", + "voiceid:UntagResource" + ], "tagOnCreate": true, - "tagProperty": "#/properties/Tags", + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::VoiceID::Domain", - "writeOnlyProperties": [ - "/properties/Description", - "/properties/Name", - "/properties/ServerSideEncryptionConfiguration" - ] + "typeName": "AWS::VoiceID::Domain" } diff --git a/src/schema/aws-vpclattice-accesslogsubscription.json b/src/schema/aws-vpclattice-accesslogsubscription.json index ac1d47a7..36c67350 100644 --- a/src/schema/aws-vpclattice-accesslogsubscription.json +++ b/src/schema/aws-vpclattice-accesslogsubscription.json @@ -4,7 +4,9 @@ "/properties/Id" ], [ - "/properties/ResourceIdentifier" + "/properties/ResourceIdentifier", + "/properties/DestinationArn", + "/properties/ServiceNetworkLogType" ] ], "additionalProperties": false, @@ -89,7 +91,8 @@ ] }, "permissions": [ - "vpc-lattice:ListAccessLogSubscriptions" + "vpc-lattice:ListAccessLogSubscriptions", + "logs:GetLogDelivery" ] }, "read": { @@ -103,6 +106,7 @@ "permissions": [ "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:UpdateAccessLogSubscription", + "vpc-lattice:ListTagsForResource", "vpc-lattice:TagResource", "vpc-lattice:UntagResource", "logs:UpdateLogDelivery", @@ -161,8 +165,15 @@ }, "ResourceIdentifier": { "maxLength": 2048, - "minLength": 20, - "pattern": "^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$", + "minLength": 17, + "pattern": "^((((sn)|(svc)|(rcfg))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(resourceconfiguration/rcfg)|(service/svc))-[0-9a-z]{17}))$", + "type": "string" + }, + "ServiceNetworkLogType": { + "enum": [ + "SERVICE", + "RESOURCE" + ], "type": "string" }, "Tags": { @@ -187,6 +198,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-vpclattice-authpolicy.json b/src/schema/aws-vpclattice-authpolicy.json index 9bb7a393..b7a4c666 100644 --- a/src/schema/aws-vpclattice-authpolicy.json +++ b/src/schema/aws-vpclattice-authpolicy.json @@ -38,7 +38,7 @@ }, "ResourceIdentifier": { "maxLength": 200, - "minLength": 21, + "minLength": 17, "pattern": "^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$", "type": "string" }, diff --git a/src/schema/aws-vpclattice-listener.json b/src/schema/aws-vpclattice-listener.json index 1e1f8f73..502b2325 100644 --- a/src/schema/aws-vpclattice-listener.json +++ b/src/schema/aws-vpclattice-listener.json @@ -90,7 +90,7 @@ }, "Weight": { "maximum": 999, - "minimum": 1, + "minimum": 0, "type": "integer" } }, @@ -231,6 +231,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-vpclattice-resourceconfiguration.json b/src/schema/aws-vpclattice-resourceconfiguration.json new file mode 100644 index 00000000..574c3b44 --- /dev/null +++ b/src/schema/aws-vpclattice-resourceconfiguration.json @@ -0,0 +1,258 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/Id" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ResourceGatewayId", + "/properties/ResourceConfigurationType", + "/properties/ProtocolType", + "/properties/ResourceConfigurationAuthType" + ], + "definitions": { + "ArnResource": { + "maxLength": 1224, + "pattern": "^arn.*", + "type": "string" + }, + "DnsResource": { + "additionalProperties": false, + "properties": { + "DomainName": { + "maxLength": 255, + "minLength": 3, + "type": "string" + }, + "IpAddressType": { + "enum": [ + "IPV4", + "IPV6", + "DUALSTACK" + ], + "type": "string" + } + }, + "required": [ + "DomainName", + "IpAddressType" + ], + "type": "object" + }, + "Id": { + "maxLength": 22, + "minLength": 22, + "pattern": "^rcfg-[0-9a-z]{17}$", + "type": "string" + }, + "IpResource": { + "maxLength": 39, + "minLength": 4, + "type": "string" + }, + "PortRange": { + "maxLength": 11, + "minLength": 1, + "pattern": "^((\\d{1,5}\\-\\d{1,5})|(\\d+))$", + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + } + }, + "description": "VpcLattice ResourceConfiguration CFN resource", + "handlers": { + "create": { + "permissions": [ + "ec2:DescribeSubnets", + "vpc-lattice:CreateResourceConfiguration", + "vpc-lattice:GetResourceConfiguration", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "vpc-lattice:DeleteResourceConfiguration", + "vpc-lattice:GetResourceConfiguration", + "vpc-lattice:UntagResource" + ] + }, + "list": { + "permissions": [ + "vpc-lattice:ListResourceConfigurations" + ] + }, + "read": { + "permissions": [ + "vpc-lattice:GetResourceConfiguration", + "vpc-lattice:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "ec2:DescribeSubnets", + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource", + "vpc-lattice:ListTagsForResource", + "vpc-lattice:UpdateResourceConfiguration", + "vpc-lattice:GetResourceConfiguration" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "AllowAssociationToSharableServiceNetwork": { + "type": "boolean" + }, + "Arn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[a-z0-9f\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$", + "type": "string" + }, + "Id": { + "$ref": "#/definitions/Id" + }, + "Name": { + "maxLength": 40, + "minLength": 3, + "pattern": "^(?!rcfg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$", + "type": "string" + }, + "PortRanges": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/PortRange" + }, + "type": "array" + }, + "ProtocolType": { + "enum": [ + "TCP" + ], + "type": "string" + }, + "ResourceConfigurationAuthType": { + "enum": [ + "NONE", + "AWS_IAM" + ], + "type": "string" + }, + "ResourceConfigurationDefinition": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "IpResource": { + "$ref": "#/definitions/IpResource" + } + }, + "required": [ + "IpResource" + ], + "title": "IpResource", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "ArnResource": { + "$ref": "#/definitions/ArnResource" + } + }, + "required": [ + "ArnResource" + ], + "title": "ArnResource", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "DnsResource": { + "$ref": "#/definitions/DnsResource" + } + }, + "required": [ + "DnsResource" + ], + "title": "DnsResource", + "type": "object" + } + ], + "type": "object" + }, + "ResourceConfigurationGroupId": { + "$ref": "#/definitions/Id" + }, + "ResourceConfigurationType": { + "enum": [ + "GROUP", + "CHILD", + "SINGLE", + "ARN" + ], + "type": "string" + }, + "ResourceGatewayId": { + "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Arn" + ], + "required": [ + "Name", + "ResourceConfigurationType" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::VpcLattice::ResourceConfiguration", + "writeOnlyProperties": [ + "/properties/ResourceConfigurationAuthType", + "/properties/ResourceConfigurationGroupId" + ] +} diff --git a/src/schema/aws-vpclattice-resourcegateway.json b/src/schema/aws-vpclattice-resourcegateway.json new file mode 100644 index 00000000..48e4fef1 --- /dev/null +++ b/src/schema/aws-vpclattice-resourcegateway.json @@ -0,0 +1,189 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/Id" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/VpcIdentifier", + "/properties/SubnetIds", + "/properties/IpAddressType", + "/properties/Name" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + } + }, + "description": "Creates a resource gateway for a service. ", + "handlers": { + "create": { + "permissions": [ + "vpc-lattice:CreateResourceGateway", + "vpc-lattice:GetResourceGateway", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ] + }, + "delete": { + "permissions": [ + "vpc-lattice:DeleteResourceGateway", + "vpc-lattice:GetResourceGateway", + "vpc-lattice:UntagResource" + ] + }, + "list": { + "permissions": [ + "vpc-lattice:ListResourceGateways" + ] + }, + "read": { + "permissions": [ + "vpc-lattice:GetResourceGateway", + "vpc-lattice:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "vpc-lattice:UpdateResourceGateway", + "vpc-lattice:GetResourceGateway", + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource", + "vpc-lattice:ListTagsForResource", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}$", + "type": "string" + }, + "Id": { + "maxLength": 2048, + "minLength": 17, + "pattern": "^((rgw-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}))$", + "type": "string" + }, + "IpAddressType": { + "enum": [ + "IPV4", + "IPV6", + "DUALSTACK" + ], + "type": "string" + }, + "Name": { + "maxLength": 40, + "minLength": 3, + "pattern": "^(?!rgw-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$", + "type": "string" + }, + "SecurityGroupIds": { + "description": "The ID of one or more security groups to associate with the endpoint network interface.", + "insertionOrder": false, + "items": { + "anyOf": [ + { + "relationshipRef": { + "propertyPath": "/properties/GroupId", + "typeName": "AWS::EC2::SecurityGroup" + } + }, + { + "relationshipRef": { + "propertyPath": "/properties/Id", + "typeName": "AWS::EC2::SecurityGroup" + } + }, + { + "relationshipRef": { + "propertyPath": "/properties/DefaultSecurityGroup", + "typeName": "AWS::EC2::VPC" + } + } + ], + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, + "SubnetIds": { + "description": "The ID of one or more subnets in which to create an endpoint network interface.", + "insertionOrder": false, + "items": { + "relationshipRef": { + "propertyPath": "/properties/SubnetId", + "typeName": "AWS::EC2::Subnet" + }, + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, + "VpcIdentifier": { + "maxLength": 50, + "minLength": 5, + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Arn" + ], + "required": [ + "Name", + "VpcIdentifier", + "SubnetIds" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::VpcLattice::ResourceGateway" +} diff --git a/src/schema/aws-vpclattice-rule.json b/src/schema/aws-vpclattice-rule.json index c415bd0b..26fca78e 100644 --- a/src/schema/aws-vpclattice-rule.json +++ b/src/schema/aws-vpclattice-rule.json @@ -232,7 +232,8 @@ }, "delete": { "permissions": [ - "vpc-lattice:DeleteRule" + "vpc-lattice:DeleteRule", + "vpc-lattice:UntagResource" ] }, "list": { @@ -271,7 +272,8 @@ "vpc-lattice:UpdateRule", "vpc-lattice:GetRule", "vpc-lattice:TagResource", - "vpc-lattice:UntagResource" + "vpc-lattice:UntagResource", + "vpc-lattice:ListTagsForResource" ] } }, @@ -345,6 +347,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-vpclattice-service.json b/src/schema/aws-vpclattice-service.json index 2212ef82..f82f5a06 100644 --- a/src/schema/aws-vpclattice-service.json +++ b/src/schema/aws-vpclattice-service.json @@ -62,7 +62,8 @@ "delete": { "permissions": [ "vpc-lattice:DeleteService", - "vpc-lattice:GetService" + "vpc-lattice:GetService", + "vpc-lattice:UntagResource" ] }, "list": { @@ -167,6 +168,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-vpclattice-servicenetwork.json b/src/schema/aws-vpclattice-servicenetwork.json index c75c39a8..b29f40be 100644 --- a/src/schema/aws-vpclattice-servicenetwork.json +++ b/src/schema/aws-vpclattice-servicenetwork.json @@ -12,6 +12,18 @@ "/properties/Name" ], "definitions": { + "SharingConfig": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -46,7 +58,8 @@ }, "delete": { "permissions": [ - "vpc-lattice:DeleteServiceNetwork" + "vpc-lattice:DeleteServiceNetwork", + "vpc-lattice:UntagResource" ] }, "list": { @@ -65,7 +78,8 @@ "vpc-lattice:GetServiceNetwork", "vpc-lattice:UpdateServiceNetwork", "vpc-lattice:TagResource", - "vpc-lattice:UntagResource" + "vpc-lattice:UntagResource", + "vpc-lattice:ListTagsForResource" ] } }, @@ -105,6 +119,9 @@ "pattern": "^(?!servicenetwork-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$", "type": "string" }, + "SharingConfig": { + "$ref": "#/definitions/SharingConfig" + }, "Tags": { "insertionOrder": false, "items": { @@ -124,6 +141,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-vpclattice-servicenetworkresourceassociation.json b/src/schema/aws-vpclattice-servicenetworkresourceassociation.json new file mode 100644 index 00000000..195fc419 --- /dev/null +++ b/src/schema/aws-vpclattice-servicenetworkresourceassociation.json @@ -0,0 +1,129 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/Id" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ResourceConfigurationId", + "/properties/ServiceNetworkId" + ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "VpcLattice ServiceNetworkResourceAssociation CFN resource", + "handlers": { + "create": { + "permissions": [ + "vpc-lattice:CreateServiceNetworkResourceAssociation", + "vpc-lattice:GetServiceNetworkResourceAssociation", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ] + }, + "delete": { + "permissions": [ + "vpc-lattice:DeleteServiceNetworkResourceAssociation", + "vpc-lattice:GetServiceNetworkResourceAssociation", + "vpc-lattice:UntagResource" + ] + }, + "list": { + "permissions": [ + "vpc-lattice:ListServiceNetworkResourceAssociations" + ] + }, + "read": { + "permissions": [ + "vpc-lattice:GetServiceNetworkResourceAssociation", + "vpc-lattice:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "vpc-lattice:TagResource", + "vpc-lattice:UntagResource", + "vpc-lattice:GetServiceNetworkResourceAssociation", + "vpc-lattice:ListTagsForResource" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "maxLength": 2048, + "minLength": 22, + "pattern": "^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}$", + "type": "string" + }, + "Id": { + "maxLength": 22, + "minLength": 22, + "pattern": "^snra-[0-9a-f]{17}$", + "type": "string" + }, + "ResourceConfigurationId": { + "maxLength": 2048, + "minLength": 17, + "pattern": "^rcfg-[0-9a-z]{17}$", + "type": "string" + }, + "ServiceNetworkId": { + "maxLength": 2048, + "minLength": 3, + "pattern": "^((sn-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetwork/sn-[0-9a-z]{17}))$", + "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/Id", + "/properties/Arn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::VpcLattice::ServiceNetworkResourceAssociation" +} diff --git a/src/schema/aws-vpclattice-servicenetworkserviceassociation.json b/src/schema/aws-vpclattice-servicenetworkserviceassociation.json index 87a3971b..50624f1f 100644 --- a/src/schema/aws-vpclattice-servicenetworkserviceassociation.json +++ b/src/schema/aws-vpclattice-servicenetworkserviceassociation.json @@ -60,7 +60,8 @@ "delete": { "permissions": [ "vpc-lattice:DeleteServiceNetworkServiceAssociation", - "vpc-lattice:GetServiceNetworkServiceAssociation" + "vpc-lattice:GetServiceNetworkServiceAssociation", + "vpc-lattice:UntagResource" ] }, "list": { @@ -207,6 +208,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-vpclattice-servicenetworkvpcassociation.json b/src/schema/aws-vpclattice-servicenetworkvpcassociation.json index fa536de2..9a7c3630 100644 --- a/src/schema/aws-vpclattice-servicenetworkvpcassociation.json +++ b/src/schema/aws-vpclattice-servicenetworkvpcassociation.json @@ -51,7 +51,8 @@ "delete": { "permissions": [ "vpc-lattice:DeleteServiceNetworkVpcAssociation", - "vpc-lattice:GetServiceNetworkVpcAssociation" + "vpc-lattice:GetServiceNetworkVpcAssociation", + "vpc-lattice:UntagResource" ] }, "list": { @@ -193,6 +194,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-vpclattice-targetgroup.json b/src/schema/aws-vpclattice-targetgroup.json index 915f43f4..907d077e 100644 --- a/src/schema/aws-vpclattice-targetgroup.json +++ b/src/schema/aws-vpclattice-targetgroup.json @@ -328,6 +328,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "vpc-lattice:UntagResource", + "vpc-lattice:TagResource", + "vpc-lattice:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-wafv2-ipset.json b/src/schema/aws-wafv2-ipset.json index 08c23fe5..3d49bfc8 100644 --- a/src/schema/aws-wafv2-ipset.json +++ b/src/schema/aws-wafv2-ipset.json @@ -103,7 +103,9 @@ "permissions": [ "wafv2:UpdateIPSet", "wafv2:GetIPSet", - "wafv2:ListTagsForResource" + "wafv2:ListTagsForResource", + "wafv2:TagResource", + "wafv2:UntagResource" ] } }, @@ -157,10 +159,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-wafv2.git", "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::WAFv2::IPSet" } diff --git a/src/schema/aws-wafv2-regexpatternset.json b/src/schema/aws-wafv2-regexpatternset.json index 11ae6b17..db7c54b8 100644 --- a/src/schema/aws-wafv2-regexpatternset.json +++ b/src/schema/aws-wafv2-regexpatternset.json @@ -62,7 +62,9 @@ "permissions": [ "wafv2:UpdateRegexPatternSet", "wafv2:GetRegexPatternSet", - "wafv2:ListTagsForResource" + "wafv2:ListTagsForResource", + "wafv2:TagResource", + "wafv2:UntagResource" ] } }, @@ -123,10 +125,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-wafv2.git", "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::WAFv2::RegexPatternSet" } diff --git a/src/schema/aws-wafv2-rulegroup.json b/src/schema/aws-wafv2-rulegroup.json index fb1b37cb..dbdc65bf 100644 --- a/src/schema/aws-wafv2-rulegroup.json +++ b/src/schema/aws-wafv2-rulegroup.json @@ -336,6 +336,9 @@ "JA3Fingerprint": { "$ref": "#/definitions/JA3Fingerprint" }, + "JA4Fingerprint": { + "$ref": "#/definitions/JA4Fingerprint" + }, "JsonBody": { "$ref": "#/definitions/JsonBody" }, @@ -372,6 +375,9 @@ ], "type": "object" }, + "UriFragment": { + "$ref": "#/definitions/UriFragment" + }, "UriPath": { "description": "The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.", "type": "object" @@ -547,6 +553,23 @@ ], "type": "object" }, + "JA4Fingerprint": { + "additionalProperties": false, + "description": "Includes the JA4 fingerprint of a web request.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "JsonBody": { "additionalProperties": false, "description": "Inspect the request body as JSON. The request body immediately follows the request headers.", @@ -768,6 +791,12 @@ "IP": { "$ref": "#/definitions/RateLimitIP" }, + "JA3Fingerprint": { + "$ref": "#/definitions/RateLimitJA3Fingerprint" + }, + "JA4Fingerprint": { + "$ref": "#/definitions/RateLimitJA4Fingerprint" + }, "LabelNamespace": { "$ref": "#/definitions/RateLimitLabelNamespace" }, @@ -785,7 +814,7 @@ }, "RateLimit": { "maximum": 2000000000, - "minimum": 100, + "minimum": 10, "type": "integer" }, "RateLimitCookie": { @@ -848,6 +877,40 @@ "description": "Specifies the IP address in the web request as an aggregate key for a rate-based rule.", "type": "object" }, + "RateLimitJA3Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, + "RateLimitJA4Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "RateLimitLabelNamespace": { "additionalProperties": false, "description": "Specifies a label namespace to use as an aggregate key for a rate-based rule.", @@ -1290,6 +1353,20 @@ ], "type": "string" }, + "UriFragment": { + "additionalProperties": false, + "description": "The path component of the URI Fragment. This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "type": "object" + }, "VisibilityConfig": { "additionalProperties": false, "description": "Visibility Metric of the RuleGroup.", @@ -1372,6 +1449,8 @@ }, "update": { "permissions": [ + "wafv2:TagResource", + "wafv2:UntagResource", "wafv2:UpdateRuleGroup", "wafv2:GetRuleGroup", "wafv2:ListTagsForResource" @@ -1455,10 +1534,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-wafv2.git", "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::WAFv2::RuleGroup" } diff --git a/src/schema/aws-wafv2-webacl.json b/src/schema/aws-wafv2-webacl.json index 1832d5e6..10093142 100644 --- a/src/schema/aws-wafv2-webacl.json +++ b/src/schema/aws-wafv2-webacl.json @@ -374,6 +374,54 @@ ], "type": "object" }, + "DataProtect": { + "additionalProperties": false, + "properties": { + "Action": { + "$ref": "#/definitions/DataProtectionAction" + }, + "ExcludeRateBasedDetails": { + "type": "boolean" + }, + "ExcludeRuleMatchDetails": { + "type": "boolean" + }, + "Field": { + "$ref": "#/definitions/FieldToProtect" + } + }, + "required": [ + "Field", + "Action" + ], + "type": "object" + }, + "DataProtectionAction": { + "enum": [ + "SUBSTITUTION", + "HASH" + ], + "type": "string" + }, + "DataProtectionConfig": { + "additionalProperties": false, + "properties": { + "DataProtections": { + "$ref": "#/definitions/DataProtections" + } + }, + "required": [ + "DataProtections" + ], + "type": "object" + }, + "DataProtections": { + "items": { + "$ref": "#/definitions/DataProtect" + }, + "minItems": 1, + "type": "array" + }, "DefaultAction": { "additionalProperties": false, "description": "Default Action WebACL will take against ingress traffic when there is no matching Rule.", @@ -465,6 +513,9 @@ "JA3Fingerprint": { "$ref": "#/definitions/JA3Fingerprint" }, + "JA4Fingerprint": { + "$ref": "#/definitions/JA4Fingerprint" + }, "JsonBody": { "$ref": "#/definitions/JsonBody" }, @@ -501,6 +552,9 @@ ], "type": "object" }, + "UriFragment": { + "$ref": "#/definitions/UriFragment" + }, "UriPath": { "description": "The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.", "type": "object" @@ -508,6 +562,40 @@ }, "type": "object" }, + "FieldToProtect": { + "additionalProperties": false, + "description": "Field in log to protect.", + "properties": { + "FieldKeys": { + "description": "List of field keys to protect", + "items": { + "$ref": "#/definitions/FieldToProtectKeyName" + }, + "type": "array" + }, + "FieldType": { + "description": "Field type to protect", + "enum": [ + "SINGLE_HEADER", + "SINGLE_COOKIE", + "SINGLE_QUERY_ARGUMENT", + "QUERY_STRING", + "BODY" + ], + "type": "string" + } + }, + "required": [ + "FieldType" + ], + "type": "object" + }, + "FieldToProtectKeyName": { + "description": "Key of the field to protect.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, "ForwardedIPConfiguration": { "additionalProperties": false, "properties": { @@ -676,6 +764,23 @@ ], "type": "object" }, + "JA4Fingerprint": { + "additionalProperties": false, + "description": "Includes the JA4 fingerprint of a web request.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "JsonBody": { "additionalProperties": false, "description": "Inspect the request body as JSON. The request body immediately follows the request headers.", @@ -990,6 +1095,12 @@ "IP": { "$ref": "#/definitions/RateLimitIP" }, + "JA3Fingerprint": { + "$ref": "#/definitions/RateLimitJA3Fingerprint" + }, + "JA4Fingerprint": { + "$ref": "#/definitions/RateLimitJA4Fingerprint" + }, "LabelNamespace": { "$ref": "#/definitions/RateLimitLabelNamespace" }, @@ -1007,7 +1118,7 @@ }, "RateLimit": { "maximum": 2000000000, - "minimum": 100, + "minimum": 10, "type": "integer" }, "RateLimitCookie": { @@ -1070,6 +1181,40 @@ "description": "Specifies the IP address in the web request as an aggregate key for a rate-based rule.", "type": "object" }, + "RateLimitJA3Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, + "RateLimitJA4Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "RateLimitLabelNamespace": { "additionalProperties": false, "description": "Specifies a label namespace to use as an aggregate key for a rate-based rule.", @@ -1825,6 +1970,20 @@ }, "type": "array" }, + "UriFragment": { + "additionalProperties": false, + "description": "The path component of the URI Fragment. This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "type": "object" + }, "UriPath": { "type": "object" }, @@ -1912,7 +2071,9 @@ "permissions": [ "wafv2:UpdateWebACL", "wafv2:GetWebACL", - "wafv2:ListTagsForResource" + "wafv2:ListTagsForResource", + "wafv2:TagResource", + "wafv2:UntagResource" ] } }, @@ -1941,6 +2102,10 @@ "CustomResponseBodies": { "$ref": "#/definitions/CustomResponseBodies" }, + "DataProtectionConfig": { + "$ref": "#/definitions/DataProtectionConfig", + "description": "Collection of dataProtects." + }, "DefaultAction": { "$ref": "#/definitions/DefaultAction" }, @@ -1993,10 +2158,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-wafv2.git", "tagging": { - "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "cloudFormationSystemTags": true, + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::WAFv2::WebACL" } diff --git a/src/schema/aws-wafv2-webaclassociation.json b/src/schema/aws-wafv2-webaclassociation.json index bad6d967..b652b5bd 100644 --- a/src/schema/aws-wafv2-webaclassociation.json +++ b/src/schema/aws-wafv2-webaclassociation.json @@ -19,6 +19,8 @@ "wafv2:GetWebACLForResource", "wafv2:GetWebACL", "wafv2:DisassociateWebACL", + "wafv2:PutPermissionPolicy", + "wafv2:GetPermissionPolicy", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "appsync:SetWebACL", @@ -31,7 +33,9 @@ "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", - "ec2:GetVerifiedAccessInstanceWebAcl" + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:AssociateWebACL", + "amplify:GetWebACLForResource" ] }, "delete": { @@ -40,6 +44,7 @@ "wafv2:GetWebACLForResource", "wafv2:GetWebACL", "wafv2:DisassociateWebACL", + "wafv2:PutPermissionPolicy", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "appsync:SetWebACL", @@ -52,7 +57,9 @@ "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", - "ec2:GetVerifiedAccessInstanceWebAcl" + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:DisassociateWebACL", + "amplify:GetWebACLForResource" ] }, "read": { @@ -73,7 +80,8 @@ "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", - "ec2:GetVerifiedAccessInstanceWebAcl" + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:GetWebACLForResource" ] }, "update": { diff --git a/src/schema/aws-wisdom-aiagent.json b/src/schema/aws-wisdom-aiagent.json new file mode 100644 index 00000000..35fc8eaa --- /dev/null +++ b/src/schema/aws-wisdom-aiagent.json @@ -0,0 +1,432 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/AIAgentArn", + "/properties/AssistantArn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AssistantId", + "/properties/Name", + "/properties/Tags", + "/properties/Type" + ], + "definitions": { + "AIAgentAssociationConfigurationType": { + "enum": [ + "KNOWLEDGE_BASE" + ], + "type": "string" + }, + "AIAgentConfiguration": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "ManualSearchAIAgentConfiguration": { + "$ref": "#/definitions/ManualSearchAIAgentConfiguration" + } + }, + "required": [ + "ManualSearchAIAgentConfiguration" + ], + "title": "ManualSearchAIAgentConfiguration", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "AnswerRecommendationAIAgentConfiguration": { + "$ref": "#/definitions/AnswerRecommendationAIAgentConfiguration" + } + }, + "required": [ + "AnswerRecommendationAIAgentConfiguration" + ], + "title": "AnswerRecommendationAIAgentConfiguration", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "SelfServiceAIAgentConfiguration": { + "$ref": "#/definitions/SelfServiceAIAgentConfiguration" + } + }, + "required": [ + "SelfServiceAIAgentConfiguration" + ], + "title": "SelfServiceAIAgentConfiguration", + "type": "object" + } + ] + }, + "AIAgentType": { + "enum": [ + "MANUAL_SEARCH", + "ANSWER_RECOMMENDATION", + "SELF_SERVICE" + ], + "type": "string" + }, + "AnswerRecommendationAIAgentConfiguration": { + "additionalProperties": false, + "properties": { + "AnswerGenerationAIGuardrailId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AnswerGenerationAIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AssociationConfigurations": { + "items": { + "$ref": "#/definitions/AssociationConfiguration" + }, + "type": "array" + }, + "IntentLabelingGenerationAIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "Locale": { + "minLength": 1, + "type": "string" + }, + "QueryReformulationAIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + } + }, + "type": "object" + }, + "AssociationConfiguration": { + "additionalProperties": false, + "properties": { + "AssociationConfigurationData": { + "$ref": "#/definitions/AssociationConfigurationData" + }, + "AssociationId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "AssociationType": { + "$ref": "#/definitions/AIAgentAssociationConfigurationType" + } + }, + "type": "object" + }, + "AssociationConfigurationData": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "KnowledgeBaseAssociationConfigurationData": { + "$ref": "#/definitions/KnowledgeBaseAssociationConfigurationData" + } + }, + "required": [ + "KnowledgeBaseAssociationConfigurationData" + ], + "title": "KnowledgeBaseAssociationConfigurationData", + "type": "object" + } + ] + }, + "KnowledgeBaseAssociationConfigurationData": { + "additionalProperties": false, + "properties": { + "ContentTagFilter": { + "$ref": "#/definitions/TagFilter" + }, + "MaxResults": { + "maximum": 100, + "minimum": 1, + "type": "number" + }, + "OverrideKnowledgeBaseSearchType": { + "$ref": "#/definitions/KnowledgeBaseSearchType" + } + }, + "type": "object" + }, + "KnowledgeBaseSearchType": { + "enum": [ + "HYBRID", + "SEMANTIC" + ], + "type": "string" + }, + "ManualSearchAIAgentConfiguration": { + "additionalProperties": false, + "properties": { + "AnswerGenerationAIGuardrailId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AnswerGenerationAIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AssociationConfigurations": { + "items": { + "$ref": "#/definitions/AssociationConfiguration" + }, + "type": "array" + }, + "Locale": { + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "OrCondition": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "AndConditions": { + "items": { + "$ref": "#/definitions/TagCondition" + }, + "type": "array" + } + }, + "required": [ + "AndConditions" + ], + "title": "AndConditions", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "TagCondition": { + "$ref": "#/definitions/TagCondition" + } + }, + "required": [ + "TagCondition" + ], + "title": "TagCondition", + "type": "object" + } + ] + }, + "SelfServiceAIAgentConfiguration": { + "additionalProperties": false, + "properties": { + "AssociationConfigurations": { + "items": { + "$ref": "#/definitions/AssociationConfiguration" + }, + "type": "array" + }, + "SelfServiceAIGuardrailId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "SelfServiceAnswerGenerationAIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "SelfServicePreProcessingAIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + } + }, + "type": "object" + }, + "TagCondition": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)[a-zA-Z+-=._:/]+$", + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key" + ], + "type": "object" + }, + "TagFilter": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "TagCondition": { + "$ref": "#/definitions/TagCondition" + } + }, + "required": [ + "TagCondition" + ], + "title": "TagCondition", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "AndConditions": { + "items": { + "$ref": "#/definitions/TagCondition" + }, + "type": "array" + } + }, + "required": [ + "AndConditions" + ], + "title": "AndConditions", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "OrConditions": { + "items": { + "$ref": "#/definitions/OrCondition" + }, + "type": "array" + } + }, + "required": [ + "OrConditions" + ], + "title": "OrConditions", + "type": "object" + } + ] + }, + "Tags": { + "additionalProperties": false, + "patternProperties": { + "^(?!aws:)[a-zA-Z+-=._:/]+$": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::Wisdom::AIAgent Resource Type", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateAIAgent", + "wisdom:TagResource" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteAIAgent" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "AssistantId": { + "$ref": "resource-schema.json#/properties/AssistantId" + } + }, + "required": [ + "AssistantId" + ] + }, + "permissions": [ + "wisdom:ListAIAgents" + ] + }, + "read": { + "permissions": [ + "wisdom:GetAIAgent" + ] + }, + "update": { + "permissions": [ + "wisdom:UpdateAIAgent" + ] + } + }, + "primaryIdentifier": [ + "/properties/AIAgentId", + "/properties/AssistantId" + ], + "properties": { + "AIAgentArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "AIAgentId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AssistantArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "AssistantId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "Configuration": { + "$ref": "#/definitions/AIAgentConfiguration" + }, + "Description": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s_.,-]+", + "type": "string" + }, + "ModifiedTimeSeconds": { + "type": "number" + }, + "Name": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s_.,-]+", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/Tags" + }, + "Type": { + "$ref": "#/definitions/AIAgentType" + } + }, + "readOnlyProperties": [ + "/properties/AIAgentArn", + "/properties/AIAgentId", + "/properties/AssistantArn", + "/properties/ModifiedTimeSeconds" + ], + "required": [ + "AssistantId", + "Configuration", + "Type" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::Wisdom::AIAgent" +} diff --git a/src/schema/aws-wisdom-aiagentversion.json b/src/schema/aws-wisdom-aiagentversion.json new file mode 100644 index 00000000..44fb87c8 --- /dev/null +++ b/src/schema/aws-wisdom-aiagentversion.json @@ -0,0 +1,110 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/AIAgentArn", + "/properties/AssistantArn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AssistantId", + "/properties/AIAgentId", + "/properties/ModifiedTimeSeconds" + ], + "definitions": {}, + "description": "Definition of AWS::Wisdom::AIAgentVersion Resource Type", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateAIAgentVersion" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteAIAgentVersion" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "AIAgentId": { + "$ref": "resource-schema.json#/properties/AIAgentId" + }, + "AssistantId": { + "$ref": "resource-schema.json#/properties/AssistantId" + } + }, + "required": [ + "AssistantId", + "AIAgentId" + ] + }, + "permissions": [ + "wisdom:ListAIAgentVersions" + ] + }, + "read": { + "permissions": [ + "wisdom:GetAIAgent", + "wisdom:GetAIAgentVersion" + ] + }, + "update": { + "permissions": [ + "wisdom:GetAIAgent", + "wisdom:GetAIAgentVersion" + ] + } + }, + "primaryIdentifier": [ + "/properties/AssistantId", + "/properties/AIAgentId", + "/properties/VersionNumber" + ], + "properties": { + "AIAgentArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "AIAgentId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "AIAgentVersionId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AssistantArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "AssistantId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "ModifiedTimeSeconds": { + "type": "number" + }, + "VersionNumber": { + "type": "number" + } + }, + "readOnlyProperties": [ + "/properties/AIAgentVersionId", + "/properties/AIAgentArn", + "/properties/AssistantArn", + "/properties/VersionNumber" + ], + "required": [ + "AssistantId", + "AIAgentId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Wisdom::AIAgentVersion" +} diff --git a/src/schema/aws-wisdom-aiguardrail.json b/src/schema/aws-wisdom-aiguardrail.json new file mode 100644 index 00000000..e4df6e9e --- /dev/null +++ b/src/schema/aws-wisdom-aiguardrail.json @@ -0,0 +1,499 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/AIGuardrailArn", + "/properties/AssistantArn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AssistantId", + "/properties/Name", + "/properties/Tags" + ], + "definitions": { + "AIGuardrailContentPolicyConfig": { + "additionalProperties": false, + "description": "Content policy config for a guardrail.", + "properties": { + "FiltersConfig": { + "description": "List of content filter configs in content policy.", + "items": { + "$ref": "#/definitions/GuardrailContentFilterConfig" + }, + "maxItems": 6, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "FiltersConfig" + ], + "type": "object" + }, + "AIGuardrailContextualGroundingPolicyConfig": { + "additionalProperties": false, + "description": "Contextual grounding policy config for a guardrail.", + "properties": { + "FiltersConfig": { + "description": "List of contextual grounding filter configs.", + "items": { + "$ref": "#/definitions/GuardrailContextualGroundingFilterConfig" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "FiltersConfig" + ], + "type": "object" + }, + "AIGuardrailSensitiveInformationPolicyConfig": { + "additionalProperties": false, + "description": "Sensitive information policy config for a guardrail.", + "properties": { + "PiiEntitiesConfig": { + "description": "List of entities.", + "items": { + "$ref": "#/definitions/GuardrailPiiEntityConfig" + }, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "RegexesConfig": { + "description": "List of regex.", + "items": { + "$ref": "#/definitions/GuardrailRegexConfig" + }, + "minItems": 1, + "type": "array" + } + }, + "type": "object" + }, + "AIGuardrailTopicPolicyConfig": { + "additionalProperties": false, + "description": "Topic policy config for a guardrail.", + "properties": { + "TopicsConfig": { + "description": "List of topic configs in topic policy.", + "items": { + "$ref": "#/definitions/GuardrailTopicConfig" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "TopicsConfig" + ], + "type": "object" + }, + "AIGuardrailWordPolicyConfig": { + "additionalProperties": false, + "description": "Word policy config for a guardrail.", + "properties": { + "ManagedWordListsConfig": { + "description": "A config for the list of managed words.", + "items": { + "$ref": "#/definitions/GuardrailManagedWordsConfig" + }, + "type": "array" + }, + "WordsConfig": { + "description": "List of custom word configs.", + "items": { + "$ref": "#/definitions/GuardrailWordConfig" + }, + "minItems": 1, + "type": "array" + } + }, + "type": "object" + }, + "GuardrailContentFilterConfig": { + "additionalProperties": false, + "description": "Content filter config in content policy.", + "properties": { + "InputStrength": { + "$ref": "#/definitions/GuardrailFilterStrength" + }, + "OutputStrength": { + "$ref": "#/definitions/GuardrailFilterStrength" + }, + "Type": { + "$ref": "#/definitions/GuardrailContentFilterType" + } + }, + "required": [ + "InputStrength", + "OutputStrength", + "Type" + ], + "type": "object" + }, + "GuardrailContentFilterType": { + "description": "Type of text to text filter in content policy", + "enum": [ + "SEXUAL", + "VIOLENCE", + "HATE", + "INSULTS", + "MISCONDUCT", + "PROMPT_ATTACK" + ], + "type": "string" + }, + "GuardrailContextualGroundingFilterConfig": { + "additionalProperties": false, + "description": "A config for grounding filter.", + "properties": { + "Threshold": { + "default": 0, + "description": "The threshold for this filter.", + "minimum": 0, + "type": "number" + }, + "Type": { + "$ref": "#/definitions/GuardrailContextualGroundingFilterType" + } + }, + "required": [ + "Threshold", + "Type" + ], + "type": "object" + }, + "GuardrailContextualGroundingFilterType": { + "description": "Type of contextual grounding filter", + "enum": [ + "GROUNDING", + "RELEVANCE" + ], + "type": "string" + }, + "GuardrailFilterStrength": { + "description": "Strength for filters", + "enum": [ + "NONE", + "LOW", + "MEDIUM", + "HIGH" + ], + "type": "string" + }, + "GuardrailManagedWordsConfig": { + "additionalProperties": false, + "description": "A managed words config.", + "properties": { + "Type": { + "$ref": "#/definitions/GuardrailManagedWordsType" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "GuardrailManagedWordsType": { + "description": "Options for managed words.", + "enum": [ + "PROFANITY" + ], + "type": "string" + }, + "GuardrailPiiEntityConfig": { + "additionalProperties": false, + "description": "Pii entity configuration.", + "properties": { + "Action": { + "$ref": "#/definitions/GuardrailSensitiveInformationAction" + }, + "Type": { + "$ref": "#/definitions/GuardrailPiiEntityType" + } + }, + "required": [ + "Action", + "Type" + ], + "type": "object" + }, + "GuardrailPiiEntityType": { + "description": "The currently supported PII entities", + "enum": [ + "ADDRESS", + "AGE", + "AWS_ACCESS_KEY", + "AWS_SECRET_KEY", + "CA_HEALTH_NUMBER", + "CA_SOCIAL_INSURANCE_NUMBER", + "CREDIT_DEBIT_CARD_CVV", + "CREDIT_DEBIT_CARD_EXPIRY", + "CREDIT_DEBIT_CARD_NUMBER", + "DRIVER_ID", + "EMAIL", + "INTERNATIONAL_BANK_ACCOUNT_NUMBER", + "IP_ADDRESS", + "LICENSE_PLATE", + "MAC_ADDRESS", + "NAME", + "PASSWORD", + "PHONE", + "PIN", + "SWIFT_CODE", + "UK_NATIONAL_HEALTH_SERVICE_NUMBER", + "UK_NATIONAL_INSURANCE_NUMBER", + "UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER", + "URL", + "USERNAME", + "US_BANK_ACCOUNT_NUMBER", + "US_BANK_ROUTING_NUMBER", + "US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER", + "US_PASSPORT_NUMBER", + "US_SOCIAL_SECURITY_NUMBER", + "VEHICLE_IDENTIFICATION_NUMBER" + ], + "type": "string" + }, + "GuardrailRegexConfig": { + "additionalProperties": false, + "description": "A regex configuration.", + "properties": { + "Action": { + "$ref": "#/definitions/GuardrailSensitiveInformationAction" + }, + "Description": { + "description": "The regex description.", + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, + "Name": { + "description": "The regex name.", + "maxLength": 100, + "minLength": 1, + "type": "string" + }, + "Pattern": { + "description": "The regex pattern.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Action", + "Name", + "Pattern" + ], + "type": "object" + }, + "GuardrailSensitiveInformationAction": { + "description": "Options for sensitive information action.", + "enum": [ + "BLOCK", + "ANONYMIZE" + ], + "type": "string" + }, + "GuardrailTopicConfig": { + "additionalProperties": false, + "description": "Topic config in topic policy.", + "properties": { + "Definition": { + "description": "Definition of topic in topic policy", + "maxLength": 200, + "minLength": 1, + "type": "string" + }, + "Examples": { + "description": "List of text examples", + "items": { + "description": "Text example in topic policy", + "maxLength": 100, + "minLength": 1, + "type": "string" + }, + "minItems": 0, + "type": "array" + }, + "Name": { + "description": "Name of topic in topic policy", + "maxLength": 100, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_ !?.]+$", + "type": "string" + }, + "Type": { + "$ref": "#/definitions/GuardrailTopicType" + } + }, + "required": [ + "Definition", + "Name", + "Type" + ], + "type": "object" + }, + "GuardrailTopicType": { + "description": "Type of topic in a policy", + "enum": [ + "DENY" + ], + "type": "string" + }, + "GuardrailWordConfig": { + "additionalProperties": false, + "description": "A custom word config.", + "properties": { + "Text": { + "description": "The custom word text.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Text" + ], + "type": "object" + }, + "Tags": { + "additionalProperties": false, + "patternProperties": { + "^(?!aws:)[a-zA-Z+-=._:/]+$": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + } + }, + "description": "Definition of AWS::Wisdom::AIGuardrail Resource Type", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateAIGuardrail", + "wisdom:TagResource" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteAIGuardrail" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "AssistantId": { + "$ref": "resource-schema.json#/properties/AssistantId" + } + }, + "required": [ + "AssistantId" + ] + }, + "permissions": [ + "wisdom:ListAIGuardrails" + ] + }, + "read": { + "permissions": [ + "wisdom:GetAIGuardrail" + ] + }, + "update": { + "permissions": [ + "wisdom:UpdateAIGuardrail" + ] + } + }, + "primaryIdentifier": [ + "/properties/AIGuardrailId", + "/properties/AssistantId" + ], + "properties": { + "AIGuardrailArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "AIGuardrailId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AssistantArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "AssistantId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "BlockedInputMessaging": { + "description": "Messaging for when violations are detected in text", + "maxLength": 500, + "minLength": 1, + "type": "string" + }, + "BlockedOutputsMessaging": { + "description": "Messaging for when violations are detected in text", + "maxLength": 500, + "minLength": 1, + "type": "string" + }, + "ContentPolicyConfig": { + "$ref": "#/definitions/AIGuardrailContentPolicyConfig" + }, + "ContextualGroundingPolicyConfig": { + "$ref": "#/definitions/AIGuardrailContextualGroundingPolicyConfig" + }, + "Description": { + "description": "Description of the guardrail or its version", + "maxLength": 200, + "minLength": 1, + "type": "string" + }, + "Name": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s_.,-]+", + "type": "string" + }, + "SensitiveInformationPolicyConfig": { + "$ref": "#/definitions/AIGuardrailSensitiveInformationPolicyConfig" + }, + "Tags": { + "$ref": "#/definitions/Tags" + }, + "TopicPolicyConfig": { + "$ref": "#/definitions/AIGuardrailTopicPolicyConfig" + }, + "WordPolicyConfig": { + "$ref": "#/definitions/AIGuardrailWordPolicyConfig" + } + }, + "readOnlyProperties": [ + "/properties/AIGuardrailArn", + "/properties/AIGuardrailId", + "/properties/AssistantArn" + ], + "required": [ + "AssistantId", + "BlockedInputMessaging", + "BlockedOutputsMessaging" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::Wisdom::AIGuardrail" +} diff --git a/src/schema/aws-wisdom-aiguardrailversion.json b/src/schema/aws-wisdom-aiguardrailversion.json new file mode 100644 index 00000000..65bc22ac --- /dev/null +++ b/src/schema/aws-wisdom-aiguardrailversion.json @@ -0,0 +1,110 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/AIGuardrailArn", + "/properties/AssistantArn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AssistantId", + "/properties/AIGuardrailId", + "/properties/ModifiedTimeSeconds" + ], + "definitions": {}, + "description": "Definition of AWS::Wisdom::AIGuardrailVersion Resource Type", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateAIGuardrailVersion" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteAIGuardrailVersion" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "AIGuardrailId": { + "$ref": "resource-schema.json#/properties/AIGuardrailId" + }, + "AssistantId": { + "$ref": "resource-schema.json#/properties/AssistantId" + } + }, + "required": [ + "AssistantId", + "AIGuardrailId" + ] + }, + "permissions": [ + "wisdom:ListAIGuardrailVersions" + ] + }, + "read": { + "permissions": [ + "wisdom:GetAIGuardrail", + "wisdom:GetAIGuardrailVersion" + ] + }, + "update": { + "permissions": [ + "wisdom:GetAIGuardrail", + "wisdom:GetAIGuardrailVersion" + ] + } + }, + "primaryIdentifier": [ + "/properties/AssistantId", + "/properties/AIGuardrailId", + "/properties/VersionNumber" + ], + "properties": { + "AIGuardrailArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "AIGuardrailId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "AIGuardrailVersionId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AssistantArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "AssistantId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "ModifiedTimeSeconds": { + "type": "number" + }, + "VersionNumber": { + "type": "number" + } + }, + "readOnlyProperties": [ + "/properties/AIGuardrailVersionId", + "/properties/AIGuardrailArn", + "/properties/AssistantArn", + "/properties/VersionNumber" + ], + "required": [ + "AssistantId", + "AIGuardrailId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Wisdom::AIGuardrailVersion" +} diff --git a/src/schema/aws-wisdom-aiprompt.json b/src/schema/aws-wisdom-aiprompt.json new file mode 100644 index 00000000..95956fe8 --- /dev/null +++ b/src/schema/aws-wisdom-aiprompt.json @@ -0,0 +1,209 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/AIPromptArn", + "/properties/AssistantArn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/ApiFormat", + "/properties/AssistantId", + "/properties/ModelId", + "/properties/Name", + "/properties/Tags", + "/properties/TemplateType", + "/properties/Type" + ], + "definitions": { + "AIPromptAPIFormat": { + "enum": [ + "ANTHROPIC_CLAUDE_MESSAGES", + "ANTHROPIC_CLAUDE_TEXT_COMPLETIONS", + "MESSAGES", + "TEXT_COMPLETIONS" + ], + "type": "string" + }, + "AIPromptTemplateConfiguration": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "TextFullAIPromptEditTemplateConfiguration": { + "$ref": "#/definitions/TextFullAIPromptEditTemplateConfiguration" + } + }, + "required": [ + "TextFullAIPromptEditTemplateConfiguration" + ], + "title": "TextFullAIPromptEditTemplateConfiguration", + "type": "object" + } + ], + "type": "object" + }, + "AIPromptTemplateType": { + "enum": [ + "TEXT" + ], + "type": "string" + }, + "AIPromptType": { + "enum": [ + "ANSWER_GENERATION", + "INTENT_LABELING_GENERATION", + "QUERY_REFORMULATION", + "SELF_SERVICE_PRE_PROCESSING", + "SELF_SERVICE_ANSWER_GENERATION" + ], + "type": "string" + }, + "Tags": { + "additionalProperties": false, + "patternProperties": { + "^(?!aws:)[a-zA-Z+-=._:/]+$": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "TextFullAIPromptEditTemplateConfiguration": { + "additionalProperties": false, + "properties": { + "Text": { + "maxLength": 200000, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Text" + ], + "type": "object" + } + }, + "description": "Definition of AWS::Wisdom::AIPrompt Resource Type", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateAIPrompt", + "wisdom:TagResource" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteAIPrompt" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "AssistantId": { + "$ref": "resource-schema.json#/properties/AssistantId" + } + }, + "required": [ + "AssistantId" + ] + }, + "permissions": [ + "wisdom:ListAIPrompts" + ] + }, + "read": { + "permissions": [ + "wisdom:GetAIPrompt" + ] + }, + "update": { + "permissions": [ + "wisdom:UpdateAIPrompt" + ] + } + }, + "primaryIdentifier": [ + "/properties/AIPromptId", + "/properties/AssistantId" + ], + "properties": { + "AIPromptArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "AIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "ApiFormat": { + "$ref": "#/definitions/AIPromptAPIFormat" + }, + "AssistantArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "AssistantId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$", + "type": "string" + }, + "Description": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s_.,-]+", + "type": "string" + }, + "ModelId": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "ModifiedTimeSeconds": { + "type": "number" + }, + "Name": { + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\s_.,-]+", + "type": "string" + }, + "Tags": { + "$ref": "#/definitions/Tags" + }, + "TemplateConfiguration": { + "$ref": "#/definitions/AIPromptTemplateConfiguration" + }, + "TemplateType": { + "$ref": "#/definitions/AIPromptTemplateType" + }, + "Type": { + "$ref": "#/definitions/AIPromptType" + } + }, + "readOnlyProperties": [ + "/properties/AIPromptArn", + "/properties/AIPromptId", + "/properties/AssistantArn", + "/properties/ModifiedTimeSeconds" + ], + "required": [ + "ApiFormat", + "ModelId", + "TemplateConfiguration", + "TemplateType", + "Type" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, + "typeName": "AWS::Wisdom::AIPrompt" +} diff --git a/src/schema/aws-wisdom-aipromptversion.json b/src/schema/aws-wisdom-aipromptversion.json new file mode 100644 index 00000000..329c2d20 --- /dev/null +++ b/src/schema/aws-wisdom-aipromptversion.json @@ -0,0 +1,110 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/AIPromptArn", + "/properties/AssistantArn" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AssistantId", + "/properties/AIPromptId", + "/properties/ModifiedTimeSeconds" + ], + "definitions": {}, + "description": "Definition of AWS::Wisdom::AIPromptVersion Resource Type", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateAIPromptVersion" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteAIPromptVersion" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "AIPromptId": { + "$ref": "resource-schema.json#/properties/AIPromptId" + }, + "AssistantId": { + "$ref": "resource-schema.json#/properties/AssistantId" + } + }, + "required": [ + "AssistantId", + "AIPromptId" + ] + }, + "permissions": [ + "wisdom:ListAIPromptVersions" + ] + }, + "read": { + "permissions": [ + "wisdom:GetAIPrompt", + "wisdom:GetAIPromptVersion" + ] + }, + "update": { + "permissions": [ + "wisdom:GetAIPrompt", + "wisdom:GetAIPromptVersion" + ] + } + }, + "primaryIdentifier": [ + "/properties/AssistantId", + "/properties/AIPromptId", + "/properties/VersionNumber" + ], + "properties": { + "AIPromptArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "AIPromptId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "AIPromptVersionId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", + "type": "string" + }, + "AssistantArn": { + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "AssistantId": { + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "ModifiedTimeSeconds": { + "type": "number" + }, + "VersionNumber": { + "type": "number" + } + }, + "readOnlyProperties": [ + "/properties/AIPromptArn", + "/properties/AIPromptVersionId", + "/properties/AssistantArn", + "/properties/VersionNumber" + ], + "required": [ + "AssistantId", + "AIPromptId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, + "typeName": "AWS::Wisdom::AIPromptVersion" +} diff --git a/src/schema/aws-wisdom-assistant.json b/src/schema/aws-wisdom-assistant.json index 203eaf58..7bc50f9f 100644 --- a/src/schema/aws-wisdom-assistant.json +++ b/src/schema/aws-wisdom-assistant.json @@ -129,6 +129,15 @@ "Name", "Type" ], - "taggable": false, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::Wisdom::Assistant" } diff --git a/src/schema/aws-wisdom-assistantassociation.json b/src/schema/aws-wisdom-assistantassociation.json index 84ecafec..c2664fd3 100644 --- a/src/schema/aws-wisdom-assistantassociation.json +++ b/src/schema/aws-wisdom-assistantassociation.json @@ -141,6 +141,15 @@ "AssistantId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk", - "taggable": false, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::Wisdom::AssistantAssociation" } diff --git a/src/schema/aws-wisdom-knowledgebase.json b/src/schema/aws-wisdom-knowledgebase.json index 6322ad98..6714482b 100644 --- a/src/schema/aws-wisdom-knowledgebase.json +++ b/src/schema/aws-wisdom-knowledgebase.json @@ -40,13 +40,115 @@ ], "type": "object" }, + "BedrockFoundationModelConfiguration": { + "additionalProperties": false, + "properties": { + "ModelArn": { + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model\\/anthropic.claude-3-haiku-20240307-v1:0$", + "type": "string" + }, + "ParsingPrompt": { + "additionalProperties": false, + "properties": { + "ParsingPromptText": { + "maxLength": 10000, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "ParsingPromptText" + ], + "type": "object" + } + }, + "required": [ + "ModelArn" + ], + "type": "object" + }, + "FixedSizeChunkingConfiguration": { + "additionalProperties": false, + "properties": { + "MaxTokens": { + "minimum": 1, + "type": "number" + }, + "OverlapPercentage": { + "maximum": 99, + "minimum": 1, + "type": "number" + } + }, + "required": [ + "MaxTokens", + "OverlapPercentage" + ], + "type": "object" + }, + "HierarchicalChunkingConfiguration": { + "additionalProperties": false, + "properties": { + "LevelConfigurations": { + "items": { + "$ref": "#/definitions/HierarchicalChunkingLevelConfiguration" + }, + "maxItems": 2, + "minItems": 2, + "type": "array" + }, + "OverlapTokens": { + "minimum": 1, + "type": "number" + } + }, + "required": [ + "LevelConfigurations", + "OverlapTokens" + ], + "type": "object" + }, + "HierarchicalChunkingLevelConfiguration": { + "additionalProperties": false, + "properties": { + "MaxTokens": { + "maximum": 8192, + "minimum": 1, + "type": "number" + } + }, + "required": [ + "MaxTokens" + ], + "type": "object" + }, "KnowledgeBaseType": { "enum": [ "EXTERNAL", - "CUSTOM" + "CUSTOM", + "MESSAGE_TEMPLATES", + "MANAGED" ], "type": "string" }, + "ManagedSourceConfiguration": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "WebCrawlerConfiguration": { + "$ref": "#/definitions/WebCrawlerConfiguration" + } + }, + "required": [ + "WebCrawlerConfiguration" + ], + "type": "object" + } + ] + }, "RenderingConfiguration": { "additionalProperties": false, "properties": { @@ -58,6 +160,41 @@ }, "type": "object" }, + "SeedUrl": { + "additionalProperties": false, + "properties": { + "Url": { + "pattern": "^https?://[A-Za-z0-9][^\\s]*$", + "type": "string" + } + }, + "type": "object" + }, + "SemanticChunkingConfiguration": { + "additionalProperties": false, + "properties": { + "BreakpointPercentileThreshold": { + "maximum": 99, + "minimum": 50, + "type": "number" + }, + "BufferSize": { + "maximum": 1, + "minimum": 0, + "type": "number" + }, + "MaxTokens": { + "minimum": 1, + "type": "number" + } + }, + "required": [ + "MaxTokens", + "BufferSize", + "BreakpointPercentileThreshold" + ], + "type": "object" + }, "ServerSideEncryptionConfiguration": { "additionalProperties": false, "properties": { @@ -70,20 +207,34 @@ "type": "object" }, "SourceConfiguration": { - "additionalProperties": false, "oneOf": [ { + "additionalProperties": false, + "properties": { + "AppIntegrations": { + "$ref": "#/definitions/AppIntegrationsConfiguration" + } + }, "required": [ "AppIntegrations" - ] - } - ], - "properties": { - "AppIntegrations": { - "$ref": "#/definitions/AppIntegrationsConfiguration" + ], + "title": "AppIntegrationsConfiguration", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "ManagedSourceConfiguration": { + "$ref": "#/definitions/ManagedSourceConfiguration" + } + }, + "required": [ + "ManagedSourceConfiguration" + ], + "title": "ManagedSourceConfiguration", + "type": "object" } - }, - "type": "object" + ] }, "Tag": { "additionalProperties": false, @@ -105,6 +256,117 @@ "Value" ], "type": "object" + }, + "UrlFilterList": { + "items": { + "$ref": "#/definitions/UrlFilterPattern" + }, + "maxItems": 25, + "minItems": 1, + "type": "array" + }, + "UrlFilterPattern": { + "maxLength": 1000, + "minLength": 1, + "type": "string" + }, + "VectorIngestionConfiguration": { + "additionalProperties": false, + "properties": { + "ChunkingConfiguration": { + "additionalProperties": false, + "properties": { + "ChunkingStrategy": { + "enum": [ + "FIXED_SIZE", + "NONE", + "HIERARCHICAL", + "SEMANTIC" + ], + "type": "string" + }, + "FixedSizeChunkingConfiguration": { + "$ref": "#/definitions/FixedSizeChunkingConfiguration" + }, + "HierarchicalChunkingConfiguration": { + "$ref": "#/definitions/HierarchicalChunkingConfiguration" + }, + "SemanticChunkingConfiguration": { + "$ref": "#/definitions/SemanticChunkingConfiguration" + } + }, + "required": [ + "ChunkingStrategy" + ], + "type": "object" + }, + "ParsingConfiguration": { + "additionalProperties": false, + "properties": { + "BedrockFoundationModelConfiguration": { + "$ref": "#/definitions/BedrockFoundationModelConfiguration" + }, + "ParsingStrategy": { + "enum": [ + "BEDROCK_FOUNDATION_MODEL" + ], + "type": "string" + } + }, + "required": [ + "ParsingStrategy" + ], + "type": "object" + } + }, + "type": "object" + }, + "WebCrawlerConfiguration": { + "additionalProperties": false, + "properties": { + "CrawlerLimits": { + "additionalProperties": false, + "properties": { + "RateLimit": { + "maximum": 3000, + "minimum": 1, + "type": "number" + } + }, + "type": "object" + }, + "ExclusionFilters": { + "$ref": "#/definitions/UrlFilterList" + }, + "InclusionFilters": { + "$ref": "#/definitions/UrlFilterList" + }, + "Scope": { + "enum": [ + "HOST_ONLY", + "SUBDOMAINS" + ], + "type": "string" + }, + "UrlConfiguration": { + "additionalProperties": false, + "properties": { + "SeedUrls": { + "items": { + "$ref": "#/definitions/SeedUrl" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "UrlConfiguration" + ], + "type": "object" } }, "description": "Definition of AWS::Wisdom::KnowledgeBase Resource Type", @@ -190,6 +452,9 @@ }, "type": "array", "uniqueItems": true + }, + "VectorIngestionConfiguration": { + "$ref": "#/definitions/VectorIngestionConfiguration" } }, "readOnlyProperties": [ @@ -201,6 +466,15 @@ "KnowledgeBaseType", "Name" ], - "taggable": false, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::Wisdom::KnowledgeBase" } diff --git a/src/schema/aws-wisdom-messagetemplate.json b/src/schema/aws-wisdom-messagetemplate.json new file mode 100644 index 00000000..1eff4f0e --- /dev/null +++ b/src/schema/aws-wisdom-messagetemplate.json @@ -0,0 +1,777 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/KnowledgeBaseArn", + "/properties/ChannelSubtype" + ], + "definitions": { + "AgentAttributes": { + "additionalProperties": false, + "description": "The agent attributes that are used with the message template.", + "properties": { + "FirstName": { + "description": "The agent\u2019s first name as entered in their Amazon Connect user account.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "LastName": { + "description": "The agent\u2019s last name as entered in their Amazon Connect user account.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "ChannelSubtype": { + "description": "The channel subtype this message template applies to.", + "enum": [ + "EMAIL", + "SMS" + ], + "type": "string" + }, + "Content": { + "additionalProperties": false, + "description": "The content of the message template.", + "oneOf": [ + { + "required": [ + "EmailMessageTemplateContent" + ] + }, + { + "required": [ + "SmsMessageTemplateContent" + ] + } + ], + "properties": { + "EmailMessageTemplateContent": { + "$ref": "#/definitions/EmailMessageTemplateContent" + }, + "SmsMessageTemplateContent": { + "$ref": "#/definitions/SmsMessageTemplateContent" + } + }, + "type": "object" + }, + "CustomAttributes": { + "additionalProperties": false, + "description": "The custom attributes that are used with the message template.", + "patternProperties": { + "^[a-zA-Z0-9\\s._:/=+@-]*$": { + "description": "Value of a custom attribute.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "CustomerProfileAttributes": { + "additionalProperties": false, + "description": "The customer profile attributes that are used with the message template.", + "properties": { + "AccountNumber": { + "description": "A unique account number that you have given to the customer.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "AdditionalInformation": { + "description": "Any additional information relevant to the customer's profile.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Address1": { + "description": "The first line of a customer address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Address2": { + "description": "The second line of a customer address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Address3": { + "description": "The third line of a customer address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Address4": { + "description": "The fourth line of a customer address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingAddress1": { + "description": "The first line of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingAddress2": { + "description": "The second line of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingAddress3": { + "description": "The third line of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingAddress4": { + "description": "The fourth line of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingCity": { + "description": "The city of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingCountry": { + "description": "The country of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingCounty": { + "description": "The county of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingPostalCode": { + "description": "The postal code of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingProvince": { + "description": "The province of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BillingState": { + "description": "The state of a customer\u2019s billing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BirthDate": { + "description": "The customer's birth date.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BusinessEmailAddress": { + "description": "The customer's business email address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BusinessName": { + "description": "The name of the customer's business.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "BusinessPhoneNumber": { + "description": "The customer's business phone number.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "City": { + "description": "The city in which a customer lives.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Country": { + "description": "The country in which a customer lives.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "County": { + "description": "The county in which a customer lives.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Custom": { + "$ref": "#/definitions/CustomAttributes" + }, + "EmailAddress": { + "description": "The customer's email address, which has not been specified as a personal or business address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "FirstName": { + "description": "The customer's first name.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Gender": { + "description": "The customer's gender.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "HomePhoneNumber": { + "description": "The customer's home phone number.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "LastName": { + "description": "The customer's last name.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingAddress1": { + "description": "The first line of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingAddress2": { + "description": "The second line of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingAddress3": { + "description": "The third line of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingAddress4": { + "description": "The fourth line of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingCity": { + "description": "The city of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingCountry": { + "description": "The country of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingCounty": { + "description": "The county of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingPostalCode": { + "description": "The postal code of a customer\u2019s mailing address", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingProvince": { + "description": "The province of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MailingState": { + "description": "The state of a customer\u2019s mailing address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MiddleName": { + "description": "The customer's middle name.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "MobilePhoneNumber": { + "description": "The customer's mobile phone number.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "PartyType": { + "description": "The customer's party type.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "PhoneNumber": { + "description": "The customer's phone number, which has not been specified as a mobile, home, or business number.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "PostalCode": { + "description": "The postal code of a customer address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ProfileARN": { + "description": "The ARN of a customer profile.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ProfileId": { + "description": "The unique identifier of a customer profile.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "Province": { + "description": "The province in which a customer lives.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingAddress1": { + "description": "The first line of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingAddress2": { + "description": "The second line of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingAddress3": { + "description": "The third line of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingAddress4": { + "description": "The fourth line of a customer\u2019s shipping address", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingCity": { + "description": "The city of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingCountry": { + "description": "The country of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingCounty": { + "description": "The county of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingPostalCode": { + "description": "The postal code of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingProvince": { + "description": "The province of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "ShippingState": { + "description": "The state of a customer\u2019s shipping address.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "State": { + "description": "The state in which a customer lives.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "EmailMessageTemplateContent": { + "additionalProperties": false, + "description": "The content of message template that applies to email channel subtype.", + "properties": { + "Body": { + "$ref": "#/definitions/EmailMessageTemplateContentBody" + }, + "Headers": { + "description": "The email headers to include in email messages.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/EmailMessageTemplateHeader" + }, + "maxItems": 15, + "minItems": 0, + "type": "array", + "uniqueItems": true + }, + "Subject": { + "description": "The subject line, or title, to use in email messages.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Subject", + "Body", + "Headers" + ], + "type": "object" + }, + "EmailMessageTemplateContentBody": { + "additionalProperties": false, + "description": "The body to use in email messages.", + "properties": { + "Html": { + "$ref": "#/definitions/MessageTemplateBodyContentProvider", + "description": "The message body, in HTML format, to use in email messages that are based on the message template. We recommend using HTML format for email clients that render HTML content. You can include links, formatted text, and more in an HTML message." + }, + "PlainText": { + "$ref": "#/definitions/MessageTemplateBodyContentProvider", + "description": "The message body, in plain text format, to use in email messages that are based on the message template. We recommend using plain text format for email clients that don't render HTML content and clients that are connected to high-latency networks, such as mobile devices." + } + }, + "type": "object" + }, + "EmailMessageTemplateHeader": { + "additionalProperties": false, + "description": "The email header to include in email messages.", + "properties": { + "Name": { + "description": "The name of the email header.", + "maxLength": 126, + "minLength": 1, + "pattern": "^[!-9;-@A-~]+$", + "type": "string" + }, + "Value": { + "description": "The value of the email header.", + "maxLength": 870, + "minLength": 1, + "pattern": "[ -~]*", + "type": "string" + } + }, + "type": "object" + }, + "GroupingConfiguration": { + "additionalProperties": false, + "description": "The configuration information of the user groups that the message template is accessible to.", + "properties": { + "Criteria": { + "description": "The criteria used for grouping Amazon Q in Connect users.", + "maxLength": 100, + "minLength": 1, + "type": "string" + }, + "Values": { + "description": "The list of values that define different groups of Amazon Q in Connect users.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/GroupingValue" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "Criteria", + "Values" + ], + "type": "object" + }, + "GroupingValue": { + "description": "The value that define the group of Amazon Q in Connect users.", + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "MessageTemplateAttributes": { + "additionalProperties": false, + "description": "An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.", + "properties": { + "AgentAttributes": { + "$ref": "#/definitions/AgentAttributes" + }, + "CustomAttributes": { + "$ref": "#/definitions/CustomAttributes" + }, + "CustomerProfileAttributes": { + "$ref": "#/definitions/CustomerProfileAttributes" + }, + "SystemAttributes": { + "$ref": "#/definitions/SystemAttributes" + } + }, + "type": "object" + }, + "MessageTemplateBodyContentProvider": { + "additionalProperties": false, + "description": "The container of message template body.", + "properties": { + "Content": { + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "SmsMessageTemplateContent": { + "additionalProperties": false, + "description": "The content of message template that applies to SMS channel subtype.", + "properties": { + "Body": { + "$ref": "#/definitions/SmsMessageTemplateContentBody" + } + }, + "required": [ + "Body" + ], + "type": "object" + }, + "SmsMessageTemplateContentBody": { + "additionalProperties": false, + "description": "The body to use in SMS messages.", + "properties": { + "PlainText": { + "$ref": "#/definitions/MessageTemplateBodyContentProvider" + } + }, + "type": "object" + }, + "SystemAttributes": { + "additionalProperties": false, + "description": "The system attributes that are used with the message template.", + "properties": { + "CustomerEndpoint": { + "$ref": "#/definitions/SystemEndpointAttributes", + "description": "The CustomerEndpoint attribute." + }, + "Name": { + "description": "The name of the task.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + }, + "SystemEndpoint": { + "$ref": "#/definitions/SystemEndpointAttributes", + "description": "The SystemEndpoint attribute." + } + }, + "type": "object" + }, + "SystemEndpointAttributes": { + "additionalProperties": false, + "description": "The system endpoint attributes that are used with the message template.", + "properties": { + "Address": { + "description": "The customer's phone number if used with customerEndpoint, or the number the customer dialed to call your contact center if used with systemEndpoint.", + "maxLength": 32767, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -", + "maxLength": 128, + "minLength": 1, + "pattern": "^(?!aws:)[a-zA-Z+-=._:/]+$", + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -", + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Definition of AWS::Wisdom::MessageTemplate Resource Type", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateMessageTemplate", + "wisdom:GetMessageTemplate", + "wisdom:TagResource", + "connect:SearchRoutingProfiles", + "connect:DescribeRoutingProfile" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteMessageTemplate", + "wisdom:UntagResource" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "KnowledgeBaseArn": { + "$ref": "resource-schema.json#/properties/KnowledgeBaseArn" + } + }, + "required": [ + "KnowledgeBaseArn" + ] + }, + "permissions": [ + "wisdom:ListMessageTemplates" + ] + }, + "read": { + "permissions": [ + "wisdom:GetMessageTemplate" + ] + }, + "update": { + "permissions": [ + "wisdom:UpdateMessageTemplate", + "wisdom:UpdateMessageTemplateMetadata", + "wisdom:GetMessageTemplate", + "wisdom:TagResource", + "wisdom:UntagResource", + "connect:SearchRoutingProfiles", + "connect:DescribeRoutingProfile" + ] + } + }, + "primaryIdentifier": [ + "/properties/MessageTemplateArn" + ], + "properties": { + "ChannelSubtype": { + "$ref": "#/definitions/ChannelSubtype" + }, + "Content": { + "$ref": "#/definitions/Content" + }, + "DefaultAttributes": { + "$ref": "#/definitions/MessageTemplateAttributes" + }, + "Description": { + "description": "The description of the message template.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\\\s_.,-]+", + "type": "string" + }, + "GroupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration" + }, + "KnowledgeBaseArn": { + "description": "The Amazon Resource Name (ARN) of the knowledge base to which the message template belongs.", + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "Language": { + "description": "The language code value for the language in which the message template is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW", + "maxLength": 5, + "minLength": 2, + "type": "string" + }, + "MessageTemplateArn": { + "description": "The Amazon Resource Name (ARN) of the message template.", + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "MessageTemplateContentSha256": { + "description": "The content SHA256 of the message template.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, + "MessageTemplateId": { + "description": "The unique identifier of the message template.", + "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", + "type": "string" + }, + "Name": { + "description": "The name of the message template.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\\\s_.,-]+", + "type": "string" + }, + "Tags": { + "description": "The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true + } + }, + "readOnlyProperties": [ + "/properties/MessageTemplateId", + "/properties/MessageTemplateArn", + "/properties/MessageTemplateContentSha256" + ], + "replacementStrategy": "create_then_delete", + "required": [ + "KnowledgeBaseArn", + "ChannelSubtype", + "Name", + "Content" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-wisdom", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "wisdom:TagResource", + "wisdom:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Wisdom::MessageTemplate" +} diff --git a/src/schema/aws-wisdom-messagetemplateversion.json b/src/schema/aws-wisdom-messagetemplateversion.json new file mode 100644 index 00000000..6665e537 --- /dev/null +++ b/src/schema/aws-wisdom-messagetemplateversion.json @@ -0,0 +1,85 @@ +{ + "additionalProperties": false, + "conditionalCreateOnlyProperties": [ + "/properties/MessageTemplateContentSha256" + ], + "createOnlyProperties": [ + "/properties/MessageTemplateArn" + ], + "description": "A version for the specified customer-managed message template within the specified knowledge base.", + "handlers": { + "create": { + "permissions": [ + "wisdom:CreateMessageTemplateVersion", + "wisdom:ListMessageTemplateVersions" + ] + }, + "delete": { + "permissions": [ + "wisdom:DeleteMessageTemplate" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "MessageTemplateArn": { + "$ref": "resource-schema.json#/properties/MessageTemplateArn" + } + }, + "required": [ + "MessageTemplateArn" + ] + }, + "permissions": [ + "wisdom:ListMessageTemplateVersions" + ] + }, + "read": { + "permissions": [ + "wisdom:GetMessageTemplate" + ] + }, + "update": { + "permissions": [ + "wisdom:CreateMessageTemplateVersion" + ] + } + }, + "primaryIdentifier": [ + "/properties/MessageTemplateVersionArn" + ], + "properties": { + "MessageTemplateArn": { + "description": "The unqualified Amazon Resource Name (ARN) of the message template.", + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?$", + "type": "string" + }, + "MessageTemplateContentSha256": { + "description": "The content SHA256 of the message template.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, + "MessageTemplateVersionArn": { + "description": "The unqualified Amazon Resource Name (ARN) of the message template version.", + "pattern": "^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}):[0-9]+?$", + "type": "string" + }, + "MessageTemplateVersionNumber": { + "description": "Current version number of the message template.", + "type": "number" + } + }, + "readOnlyProperties": [ + "/properties/MessageTemplateVersionNumber", + "/properties/MessageTemplateVersionArn" + ], + "required": [ + "MessageTemplateArn" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "taggable": false + }, + "typeName": "AWS::Wisdom::MessageTemplateVersion" +} diff --git a/src/schema/aws-workspaces-connectionalias.json b/src/schema/aws-workspaces-connectionalias.json index 51cfba88..c7b4c585 100644 --- a/src/schema/aws-workspaces-connectionalias.json +++ b/src/schema/aws-workspaces-connectionalias.json @@ -57,17 +57,24 @@ "handlers": { "create": { "permissions": [ - "workspaces:CreateConnectionAlias" + "workspaces:CreateConnectionAlias", + "workspaces:CreateTags", + "workspaces:DescribeConnectionAliases", + "workspaces:DescribeTags" ] }, "delete": { "permissions": [ - "workspaces:DeleteConnectionAlias" + "workspaces:DeleteConnectionAlias", + "workspaces:DeleteTags", + "workspaces:DescribeTags", + "workspaces:DescribeConnectionAliases" ] }, "read": { "permissions": [ - "workspaces:DescribeConnectionAliases" + "workspaces:DescribeConnectionAliases", + "workspaces:DescribeTags" ] } }, @@ -82,6 +89,7 @@ "type": "string" }, "Associations": { + "insertionOrder": false, "items": { "$ref": "#/definitions/ConnectionAliasAssociation" }, @@ -104,6 +112,7 @@ "type": "string" }, "Tags": { + "insertionOrder": false, "items": { "$ref": "#/definitions/Tag" }, @@ -119,5 +128,16 @@ "required": [ "ConnectionString" ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "workspaces:CreateTags", + "workspaces:DescribeTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::WorkSpaces::ConnectionAlias" } diff --git a/src/schema/aws-workspaces-workspacespool.json b/src/schema/aws-workspaces-workspacespool.json index 9bc3cf69..1c0c4a61 100644 --- a/src/schema/aws-workspaces-workspacespool.json +++ b/src/schema/aws-workspaces-workspacespool.json @@ -81,6 +81,7 @@ } }, "deprecatedProperties": [ + "/properties/Tags", "/properties/Tags/TagKey", "/properties/Tags/TagValue" ], @@ -96,22 +97,29 @@ "delete": { "permissions": [ "workspaces:DescribeWorkspacesPools", - "workspaces:TerminateWorkspacesPool" + "workspaces:TerminateWorkspacesPool", + "workspaces:DeleteTags" ] }, "list": { "permissions": [ - "workspaces:DescribeWorkspacesPools" + "workspaces:DescribeWorkspacesPools", + "workspaces:DescribeTags" ] }, "read": { "permissions": [ - "workspaces:DescribeWorkspacesPools" + "workspaces:DescribeWorkspacesPools", + "workspaces:DescribeTags" ] }, "update": { "permissions": [ - "workspaces:UpdateWorkspacesPool" + "workspaces:UpdateWorkspacesPool", + "workspaces:CreateTags", + "workspaces:DeleteTags", + "workspaces:DescribeWorkspacesPools", + "workspaces:DescribeTags" ] } }, @@ -180,14 +188,16 @@ "Capacity" ], "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "workspaces:CreateTags", + "workspaces:DescribeTags", + "workspaces:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, "taggable": true }, - "typeName": "AWS::WorkSpaces::WorkspacesPool", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::WorkSpaces::WorkspacesPool" } diff --git a/src/schema/aws-workspacesthinclient-environment.json b/src/schema/aws-workspacesthinclient-environment.json index e6879490..844cd7e9 100644 --- a/src/schema/aws-workspacesthinclient-environment.json +++ b/src/schema/aws-workspacesthinclient-environment.json @@ -130,7 +130,7 @@ }, "list": { "permissions": [ - "thinclient:ListEnvironment", + "thinclient:ListEnvironments", "thinclient:ListTagsForResource", "kms:Decrypt" ] @@ -149,7 +149,6 @@ "workspaces-web:GetPortal", "workspaces-web:GetUserSettings", "thinclient:UpdateEnvironment", - "thinclient:ListTagsForResource", "thinclient:TagResource", "thinclient:UntagResource", "kms:Decrypt", @@ -310,6 +309,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "thinclient:UntagResource", + "thinclient:ListTagsForResource", + "thinclient:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-workspacesweb-browsersettings.json b/src/schema/aws-workspacesweb-browsersettings.json index 26a68390..b8195f62 100644 --- a/src/schema/aws-workspacesweb-browsersettings.json +++ b/src/schema/aws-workspacesweb-browsersettings.json @@ -48,10 +48,12 @@ "workspaces-web:GetBrowserSettings", "workspaces-web:ListTagsForResource", "workspaces-web:TagResource", - "kms:CreateGrant", "kms:DescribeKey", "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" ] }, "delete": { @@ -66,7 +68,9 @@ }, "list": { "permissions": [ - "workspaces-web:ListBrowserSettings" + "workspaces-web:ListBrowserSettings", + "kms:Decrypt", + "kms:DescribeKey" ] }, "read": { @@ -146,6 +150,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-workspacesweb-dataprotectionsettings.json b/src/schema/aws-workspacesweb-dataprotectionsettings.json new file mode 100644 index 00000000..743cbda7 --- /dev/null +++ b/src/schema/aws-workspacesweb-dataprotectionsettings.json @@ -0,0 +1,317 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/AdditionalEncryptionContext", + "/properties/CustomerManagedKey" + ], + "definitions": { + "CustomPattern": { + "additionalProperties": false, + "properties": { + "KeywordRegex": { + "maxLength": 300, + "minLength": 0, + "pattern": "^\\/((?:[^\\n])+)\\/([gimsuyvd]{0,8})$", + "type": "string" + }, + "PatternDescription": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[ _\\-\\d\\w]+$", + "type": "string" + }, + "PatternName": { + "maxLength": 20, + "minLength": 1, + "pattern": "^[_\\-\\d\\w]+$", + "type": "string" + }, + "PatternRegex": { + "maxLength": 300, + "minLength": 0, + "pattern": "^\\/((?:[^\\n])+)\\/([gimsuyvd]{0,8})$", + "type": "string" + } + }, + "required": [ + "PatternName", + "PatternRegex" + ], + "type": "object" + }, + "EncryptionContextMap": { + "additionalProperties": false, + "patternProperties": { + "^[\\s\\S]*$": { + "maxLength": 131072, + "minLength": 0, + "pattern": "^[\\s\\S]*$", + "type": "string" + } + }, + "type": "object" + }, + "InlineRedactionConfiguration": { + "additionalProperties": false, + "properties": { + "GlobalConfidenceLevel": { + "maximum": 3, + "minimum": 1, + "type": "number" + }, + "GlobalEnforcedUrls": { + "items": { + "pattern": "^((([a-zA-Z][a-zA-Z0-9+.-]*):\\/\\/(\\*|[\\w%._\\-\\+~#=@]+)?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?)|(\\*|[\\w%._\\-\\+~#=@]+\\.[\\w%._\\-\\+~#=@]+)(?::(\\d{1,5}))?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\\/\\/)?\\*))$", + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "GlobalExemptUrls": { + "items": { + "pattern": "^((([a-zA-Z][a-zA-Z0-9+.-]*):\\/\\/(\\*|[\\w%._\\-\\+~#=@]+)?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?)|(\\*|[\\w%._\\-\\+~#=@]+\\.[\\w%._\\-\\+~#=@]+)(?::(\\d{1,5}))?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\\/\\/)?\\*))$", + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "InlineRedactionPatterns": { + "items": { + "$ref": "#/definitions/InlineRedactionPattern" + }, + "maxItems": 150, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "InlineRedactionPatterns" + ], + "type": "object" + }, + "InlineRedactionPattern": { + "additionalProperties": false, + "properties": { + "BuiltInPatternId": { + "maxLength": 50, + "minLength": 1, + "pattern": "^[_\\-\\d\\w]+$", + "type": "string" + }, + "ConfidenceLevel": { + "maximum": 3, + "minimum": 1, + "type": "number" + }, + "CustomPattern": { + "$ref": "#/definitions/CustomPattern" + }, + "EnforcedUrls": { + "items": { + "pattern": "^((([a-zA-Z][a-zA-Z0-9+.-]*):\\/\\/(\\*|[\\w%._\\-\\+~#=@]+)?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?)|(\\*|[\\w%._\\-\\+~#=@]+\\.[\\w%._\\-\\+~#=@]+)(?::(\\d{1,5}))?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\\/\\/)?\\*))$", + "type": "string" + }, + "maxItems": 20, + "minItems": 1, + "type": "array" + }, + "ExemptUrls": { + "items": { + "pattern": "^((([a-zA-Z][a-zA-Z0-9+.-]*):\\/\\/(\\*|[\\w%._\\-\\+~#=@]+)?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?)|(\\*|[\\w%._\\-\\+~#=@]+\\.[\\w%._\\-\\+~#=@]+)(?::(\\d{1,5}))?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\\/\\/)?\\*))$", + "type": "string" + }, + "maxItems": 20, + "minItems": 1, + "type": "array" + }, + "RedactionPlaceHolder": { + "$ref": "#/definitions/RedactionPlaceHolder" + } + }, + "required": [ + "RedactionPlaceHolder" + ], + "type": "object" + }, + "RedactionPlaceHolder": { + "additionalProperties": false, + "properties": { + "RedactionPlaceHolderText": { + "maxLength": 20, + "minLength": 1, + "pattern": "^[*_\\-\\d\\w]+$", + "type": "string" + }, + "RedactionPlaceHolderType": { + "$ref": "#/definitions/RedactionPlaceHolderType" + } + }, + "required": [ + "RedactionPlaceHolderType" + ], + "type": "object" + }, + "RedactionPlaceHolderType": { + "enum": [ + "CustomText" + ], + "type": "string" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, + "description": "Definition of AWS::WorkSpacesWeb::DataProtectionSettings Resource Type", + "handlers": { + "create": { + "permissions": [ + "workspaces-web:CreateDataProtectionSettings", + "workspaces-web:GetDataProtectionSettings", + "workspaces-web:ListDataProtectionSettings", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" + ] + }, + "delete": { + "permissions": [ + "workspaces-web:GetDataProtectionSettings", + "workspaces-web:ListDataProtectionSettings", + "workspaces-web:DeleteDataProtectionSettings", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ] + }, + "list": { + "permissions": [ + "workspaces-web:ListDataProtectionSettings", + "kms:Decrypt", + "kms:DescribeKey" + ] + }, + "read": { + "permissions": [ + "workspaces-web:GetDataProtectionSettings", + "workspaces-web:ListDataProtectionSettings", + "workspaces-web:ListTagsForResource", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ] + }, + "update": { + "permissions": [ + "workspaces-web:UpdateDataProtectionSettings", + "workspaces-web:GetDataProtectionSettings", + "workspaces-web:ListDataProtectionSettings", + "workspaces-web:TagResource", + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:Decrypt" + ] + } + }, + "primaryIdentifier": [ + "/properties/DataProtectionSettingsArn" + ], + "properties": { + "AdditionalEncryptionContext": { + "$ref": "#/definitions/EncryptionContextMap" + }, + "AssociatedPortalArns": { + "items": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36})+$", + "type": "string" + }, + "type": "array" + }, + "CreationDate": { + "format": "date-time", + "type": "string" + }, + "CustomerManagedKey": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$", + "type": "string" + }, + "DataProtectionSettingsArn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36})+$", + "type": "string" + }, + "Description": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[ _\\-\\d\\w]+$", + "type": "string" + }, + "DisplayName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[ _\\-\\d\\w]+$", + "type": "string" + }, + "InlineRedactionConfiguration": { + "$ref": "#/definitions/InlineRedactionConfiguration" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" + } + }, + "readOnlyProperties": [ + "/properties/AssociatedPortalArns", + "/properties/CreationDate", + "/properties/DataProtectionSettingsArn" + ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::WorkSpacesWeb::DataProtectionSettings" +} diff --git a/src/schema/aws-workspacesweb-identityprovider.json b/src/schema/aws-workspacesweb-identityprovider.json index 54354663..fc4cfd42 100644 --- a/src/schema/aws-workspacesweb-identityprovider.json +++ b/src/schema/aws-workspacesweb-identityprovider.json @@ -26,6 +26,28 @@ "OIDC" ], "type": "string" + }, + "Tag": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" } }, "description": "Definition of AWS::WorkSpacesWeb::IdentityProvider Resource Type", @@ -104,6 +126,15 @@ "minLength": 20, "pattern": "^arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36})+$", "type": "string" + }, + "Tags": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 200, + "minItems": 0, + "type": "array" } }, "readOnlyProperties": [ @@ -117,9 +148,15 @@ "sourceUrl": "https://github.com/shivankgoel/aws-cloudformation-resource-providers-workspaces-web", "tagging": { "cloudFormationSystemTags": false, - "tagOnCreate": false, - "tagUpdatable": false, - "taggable": false + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true }, "typeName": "AWS::WorkSpacesWeb::IdentityProvider", "writeOnlyProperties": [ diff --git a/src/schema/aws-workspacesweb-ipaccesssettings.json b/src/schema/aws-workspacesweb-ipaccesssettings.json index 6073f98c..6d01fb10 100644 --- a/src/schema/aws-workspacesweb-ipaccesssettings.json +++ b/src/schema/aws-workspacesweb-ipaccesssettings.json @@ -69,10 +69,12 @@ "workspaces-web:ListIpAccessSettings", "workspaces-web:ListTagsForResource", "workspaces-web:TagResource", - "kms:CreateGrant", "kms:DescribeKey", "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" ] }, "delete": { @@ -88,7 +90,9 @@ }, "list": { "permissions": [ - "workspaces-web:ListIpAccessSettings" + "workspaces-web:ListIpAccessSettings", + "kms:Decrypt", + "kms:DescribeKey" ] }, "read": { @@ -191,6 +195,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-workspacesweb-networksettings.json b/src/schema/aws-workspacesweb-networksettings.json index 950f6eab..1dbbf15a 100644 --- a/src/schema/aws-workspacesweb-networksettings.json +++ b/src/schema/aws-workspacesweb-networksettings.json @@ -133,6 +133,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-workspacesweb-portal.json b/src/schema/aws-workspacesweb-portal.json index 7e50d3f8..3c26be7f 100644 --- a/src/schema/aws-workspacesweb-portal.json +++ b/src/schema/aws-workspacesweb-portal.json @@ -80,20 +80,22 @@ "create": { "permissions": [ "workspaces-web:CreatePortal", - "workspaces-web:GetPortal", - "workspaces-web:GetPortalServiceProviderMetadata", + "workspaces-web:GetPortal*", "workspaces-web:AssociateBrowserSettings", "workspaces-web:AssociateIpAccessSettings", "workspaces-web:AssociateNetworkSettings", "workspaces-web:AssociateTrustStore", "workspaces-web:AssociateUserAccessLoggingSettings", "workspaces-web:AssociateUserSettings", - "workspaces-web:ListTagsForResource", + "workspaces-web:AssociateDataProtectionSettings", + "workspaces-web:List*", "workspaces-web:TagResource", - "kms:CreateGrant", + "kms:DescribeKey", "kms:GenerateDataKey", "kms:Decrypt", - "kms:DescribeKey", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptTo", + "kms:ReEncryptFrom", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", @@ -101,14 +103,14 @@ "ec2:ModifyNetworkInterfaceAttribute", "kinesis:PutRecord", "kinesis:PutRecords", - "kinesis:DescribeStreamSummary", + "kinesis:Describe*", "sso:CreateManagedApplicationInstance", - "sso:DescribeRegisteredRegions" + "sso:Describe*" ] }, "delete": { "permissions": [ - "workspaces-web:GetPortal", + "workspaces-web:GetPortal*", "workspaces-web:DeletePortal", "workspaces-web:DisassociateBrowserSettings", "workspaces-web:DisassociateIpAccessSettings", @@ -116,6 +118,7 @@ "workspaces-web:DisassociateTrustStore", "workspaces-web:DisassociateUserAccessLoggingSettings", "workspaces-web:DisassociateUserSettings", + "workspaces-web:DisassociateDataProtectionSettings", "kms:Decrypt", "kms:DescribeKey", "sso:DeleteManagedApplicationInstance" @@ -123,24 +126,22 @@ }, "list": { "permissions": [ - "workspaces-web:ListPortals", + "workspaces-web:List*", "kms:Decrypt", "kms:DescribeKey" ] }, "read": { "permissions": [ - "workspaces-web:GetPortal", - "workspaces-web:GetPortalServiceProviderMetadata", - "workspaces-web:ListTagsForResource", + "workspaces-web:GetPortal*", + "workspaces-web:List*", "kms:Decrypt", "kms:DescribeKey" ] }, "update": { "permissions": [ - "workspaces-web:GetPortal", - "workspaces-web:GetPortalServiceProviderMetadata", + "workspaces-web:GetPortal*", "workspaces-web:UpdatePortal", "workspaces-web:AssociateBrowserSettings", "workspaces-web:AssociateIpAccessSettings", @@ -148,13 +149,15 @@ "workspaces-web:AssociateTrustStore", "workspaces-web:AssociateUserAccessLoggingSettings", "workspaces-web:AssociateUserSettings", + "workspaces-web:AssociateDataProtectionSettings", "workspaces-web:DisassociateBrowserSettings", "workspaces-web:DisassociateIpAccessSettings", "workspaces-web:DisassociateNetworkSettings", "workspaces-web:DisassociateTrustStore", "workspaces-web:DisassociateUserAccessLoggingSettings", "workspaces-web:DisassociateUserSettings", - "workspaces-web:ListTagsForResource", + "workspaces-web:DisassociateDataProtectionSettings", + "workspaces-web:List*", "workspaces-web:TagResource", "workspaces-web:UntagResource", "kms:CreateGrant", @@ -169,12 +172,12 @@ "ec2:ModifyNetworkInterfaceAttribute", "kinesis:PutRecord", "kinesis:PutRecords", - "kinesis:DescribeStreamSummary", + "kinesis:Describe*", "sso:CreateManagedApplicationInstance", "sso:DeleteManagedApplicationInstance", - "sso:DescribeRegisteredRegions", + "sso:Describe*", "sso:GetApplicationInstance", - "sso:ListApplicationInstances" + "sso:List*" ] } }, @@ -207,6 +210,12 @@ "pattern": "^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$", "type": "string" }, + "DataProtectionSettingsArn": { + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36})+$", + "type": "string" + }, "DisplayName": { "maxLength": 64, "minLength": 1, @@ -303,6 +312,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:List*", + "workspaces-web:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-workspacesweb-truststore.json b/src/schema/aws-workspacesweb-truststore.json index 66068e68..f0cd8a3a 100644 --- a/src/schema/aws-workspacesweb-truststore.json +++ b/src/schema/aws-workspacesweb-truststore.json @@ -115,6 +115,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-workspacesweb-useraccessloggingsettings.json b/src/schema/aws-workspacesweb-useraccessloggingsettings.json index d7bdf5cc..b32ffeb6 100644 --- a/src/schema/aws-workspacesweb-useraccessloggingsettings.json +++ b/src/schema/aws-workspacesweb-useraccessloggingsettings.json @@ -109,6 +109,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-workspacesweb-usersettings.json b/src/schema/aws-workspacesweb-usersettings.json index 9d4be494..95117e59 100644 --- a/src/schema/aws-workspacesweb-usersettings.json +++ b/src/schema/aws-workspacesweb-usersettings.json @@ -1,9 +1,5 @@ { "additionalProperties": false, - "createOnlyProperties": [ - "/properties/AdditionalEncryptionContext", - "/properties/CustomerManagedKey" - ], "definitions": { "CookieSpecification": { "additionalProperties": false, @@ -77,6 +73,19 @@ }, "type": "object" }, + "MaxDisplayResolution": { + "enum": [ + "size4096X2160", + "size3840X2160", + "size3440X1440", + "size2560X1440", + "size1920X1080", + "size1280X720", + "size1024X768", + "size800X600" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -98,6 +107,51 @@ "Value" ], "type": "object" + }, + "ToolbarConfiguration": { + "additionalProperties": false, + "properties": { + "HiddenToolbarItems": { + "items": { + "$ref": "#/definitions/ToolbarItem" + }, + "type": "array" + }, + "MaxDisplayResolution": { + "$ref": "#/definitions/MaxDisplayResolution" + }, + "ToolbarType": { + "$ref": "#/definitions/ToolbarType" + }, + "VisualMode": { + "$ref": "#/definitions/VisualMode" + } + }, + "type": "object" + }, + "ToolbarItem": { + "enum": [ + "Windows", + "DualMonitor", + "FullScreen", + "Webcam", + "Microphone" + ], + "type": "string" + }, + "ToolbarType": { + "enum": [ + "Floating", + "Docked" + ], + "type": "string" + }, + "VisualMode": { + "enum": [ + "Dark", + "Light" + ], + "type": "string" } }, "description": "Definition of AWS::WorkSpacesWeb::UserSettings Resource Type", @@ -108,10 +162,12 @@ "workspaces-web:GetUserSettings", "workspaces-web:ListTagsForResource", "workspaces-web:TagResource", - "kms:CreateGrant", "kms:DescribeKey", "kms:GenerateDataKey", - "kms:Decrypt" + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" ] }, "delete": { @@ -219,6 +275,9 @@ "minItems": 0, "type": "array" }, + "ToolbarConfiguration": { + "$ref": "#/definitions/ToolbarConfiguration" + }, "UploadAllowed": { "$ref": "#/definitions/EnabledType" }, @@ -242,6 +301,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "workspaces-web:UntagResource", + "workspaces-web:ListTagsForResource", + "workspaces-web:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-xray-group.json b/src/schema/aws-xray-group.json index 6dcc0992..0fa468da 100644 --- a/src/schema/aws-xray-group.json +++ b/src/schema/aws-xray-group.json @@ -112,6 +112,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "xray:TagResource", + "xray:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-xray-samplingrule.json b/src/schema/aws-xray-samplingrule.json index 29a91143..e602d483 100644 --- a/src/schema/aws-xray-samplingrule.json +++ b/src/schema/aws-xray-samplingrule.json @@ -282,6 +282,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "xray:TagResource", + "xray:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/src/schema/aws-xray-transactionsearchconfig.json b/src/schema/aws-xray-transactionsearchconfig.json new file mode 100644 index 00000000..f2ec336d --- /dev/null +++ b/src/schema/aws-xray-transactionsearchconfig.json @@ -0,0 +1,77 @@ +{ + "additionalProperties": false, + "definitions": { + "AccountId": { + "description": "User account id, used as the primary identifier for the resource", + "pattern": "^\\d{12}$", + "type": "string" + }, + "IndexingPercentage": { + "description": "Determines the percentage of traces indexed from CloudWatch Logs to X-Ray", + "maximum": 100, + "minimum": 0, + "type": "number" + } + }, + "description": "This schema provides construct and validation rules for AWS-XRay TransactionSearchConfig resource parameters.", + "handlers": { + "create": { + "permissions": [ + "application-signals:StartDiscovery", + "iam:CreateServiceLinkedRole", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutRetentionPolicy", + "xray:GetIndexingRules", + "xray:GetTraceSegmentDestination", + "xray:UpdateIndexingRule", + "xray:UpdateTraceSegmentDestination" + ] + }, + "delete": { + "permissions": [ + "xray:GetTraceSegmentDestination", + "xray:UpdateTraceSegmentDestination", + "xray:UpdateIndexingRule" + ] + }, + "list": { + "permissions": [ + "xray:GetTraceSegmentDestination", + "xray:GetIndexingRules" + ] + }, + "read": { + "permissions": [ + "xray:GetTraceSegmentDestination", + "xray:GetIndexingRules" + ] + }, + "update": { + "permissions": [ + "xray:GetIndexingRules", + "xray:GetTraceSegmentDestination", + "xray:UpdateIndexingRule" + ] + } + }, + "primaryIdentifier": [ + "/properties/AccountId" + ], + "properties": { + "AccountId": { + "$ref": "#/definitions/AccountId" + }, + "IndexingPercentage": { + "$ref": "#/definitions/IndexingPercentage" + } + }, + "readOnlyProperties": [ + "/properties/AccountId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "taggable": false + }, + "typeName": "AWS::XRay::TransactionSearchConfig" +} diff --git a/src/schema/find-permissions.ps1 b/src/schema/find-permissions.ps1 new file mode 100755 index 00000000..d16cf2d6 --- /dev/null +++ b/src/schema/find-permissions.ps1 @@ -0,0 +1,32 @@ +#!/usr/bin/env pwsh +$files = get-childitem -path .\*.json + +foreach ($file in $files) +{ + write-host $file.Name + $filecontent = get-content $file|ConvertFrom-Json + + if ($filecontent.typeName) + { + write-host $filecontent.typeName exists + } + + if (!(& "sato.exe" see -r $filecontent.typeName)) + { + write-host $filecontent.typeName missing + } + else + { + $tf = & "sato.exe" see -r $filecontent.typeName + write-host $tf exists + write-host $tf create + write-host $filecontent.handlers.create.permissions + write-host $tf delete + write-host $filecontent.handlers.delete.permissions + write-host $tf read + write-host $filecontent.handlers.read.permissions + write-host $tf update + write-host $filecontent.handlers.update.permissions + Pause + } +} diff --git a/src/schema/update.ps1 b/src/schema/update.ps1 new file mode 100755 index 00000000..5a388fb9 --- /dev/null +++ b/src/schema/update.ps1 @@ -0,0 +1,17 @@ +#!/usr/bin/env pwsh +Add-Type -AssemblyName System.IO.Compression.FileSystem +function Unzip +{ + param([string]$zipfile, [string]$outpath) + + [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) +} + +$root = "./"| Resolve-Path +$filepath = $root.Path + "\CloudformationSchema.zip" +write-host "path $filepath" +ls *.json| foreach {rm $_} + +invoke-webrequest https://schema.cloudformation.us-east-1.amazonaws.com/CloudformationSchema.zip -OutFile $filepath +Unzip $filepath $root +Remove-Item $filepath diff --git a/src/schema/update.sh b/src/schema/update.sh new file mode 100755 index 00000000..585921bf --- /dev/null +++ b/src/schema/update.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Set working directory +ROOT_DIR="$(pwd)" +SCHEMA_URL="https://schema.cloudformation.us-east-1.amazonaws.com/CloudformationSchema.zip" +FILEPATH="${ROOT_DIR}/CloudformationSchema.zip" + +# Function to cleanup on exit +cleanup() { + rm -f "${FILEPATH}" +} + +# Error handling +set -e +trap cleanup EXIT + +# Remove existing JSON files +rm -f ./*.json + +# Download schema +echo "Downloading schema..." +curl -L -o "${FILEPATH}" "${SCHEMA_URL}" || { + echo "Failed to download schema" + exit 1 +} + +# Extract zip file +echo "Extracting schema..." +unzip -o "${FILEPATH}" || { + echo "Failed to extract schema" + exit 1 +} diff --git a/src/secrets.go b/src/secrets.go index 01443c6a..d8707316 100644 --- a/src/secrets.go +++ b/src/secrets.go @@ -15,71 +15,77 @@ import ( "golang.org/x/oauth2" ) +type awsCredentialsError struct { + err error +} + +func (e *awsCredentialsError) Error() string { + return fmt.Sprintf("failed to get AWS credentials: %v", e.err) +} + // Remote updates a repo with AWS credentials. func Remote(target string, repository string, region string) error { iamRole, err := Make(target) + if err != nil { + return &makeRoleError{err} + } const magic = 5 time.Sleep(magic * time.Second) + Credentials, err := getAWSCredentials(*iamRole, region) if err != nil { - return err - } - - Creds, err2 := getAWSCredentials(*iamRole, region) - - if err2 != nil { - return err2 + return &awsCredentialsError{err} } - myCredentials := Creds.Credentials + myCredentials := Credentials.Credentials _, err = SetRepoSecret(repository, *myCredentials.AccessKeyId, "AWS_ACCESS_KEY_ID") - if err != nil { var response *github.ErrorResponse + errors.As(err, &response) - log.Printf("failed to set repo secrets: %s for repository %s", response.Message, repository) - return fmt.Errorf("failed to set repo secrets: %s for repository %s", response.Message, repository) + log.Info().Msgf("failed to set repo secrets: %s for repository %s", response.Message, repository) + + return &setRepoSecretError{repository, err} } _, err = SetRepoSecret(repository, *myCredentials.SecretAccessKey, "AWS_SECRET_ACCESS_KEY") if err != nil { - return err + return &setRepoSecretError{repository, err} } _, err = SetRepoSecret(repository, *myCredentials.SessionToken, "AWS_SESSION_TOKEN") - if err != nil { - return err + return &setRepoSecretError{repository, err} } return nil } -// SetRepoSecret sets an encrypted gitHub action secret. +// SetRepoSecret sets an encrypted GitHub action secret. func SetRepoSecret(repository string, keyText string, keyName string) (*github.Response, error) { - owner, repo, err2 := SplitHub(repository) - if err2 != nil { - return nil, err2 + owner, repo, err := SplitHub(repository) + if err != nil { + return nil, &splitHubError{err: err} } keyID, publicKey, err := GetPublicKeyDetails(owner, repo) if err != nil { - return nil, err + return nil, &getPublicKeyDetailsError{err} } encryptedBytes, err := EncryptPlaintext(keyText, publicKey) if err != nil { - return nil, err + return nil, &encryptPlaintextError{err: err} } encryptedValue := base64.StdEncoding.EncodeToString(encryptedBytes) // Create an EncryptedSecret and encrypt the plaintext value into it - eSecret := &github.EncryptedSecret{ + eSecret := &github.EncryptedSecret{ // permit Name: keyName, KeyID: keyID, EncryptedValue: encryptedValue, @@ -89,7 +95,7 @@ func SetRepoSecret(repository string, keyText string, keyName string) (*github.R response, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, eSecret) if err != nil { - return response, err + return response, &updateSecretError{err: err} } return response, nil @@ -115,8 +121,7 @@ func SplitHub(repository string) (string, string, error) { repo = Splitter[4] } default: - errString := fmt.Sprintf("repository not formatted correctly %s", repository) - return "", "", errors.New(errString) + return "", "", &repositoryFormatError{repository} } return owner, repo, nil @@ -132,7 +137,7 @@ func GetGithubClient() (context.Context, *github.Client) { ctx := context.Background() ts := oauth2.StaticTokenSource( - &oauth2.Token{AccessToken: token}, + &oauth2.Token{AccessToken: token}, // permit ) tc := oauth2.NewClient(ctx, ts) @@ -147,7 +152,7 @@ func GetPublicKeyDetails(owner string, repository string) (string, string, error publicKey, _, err := client.Actions.GetRepoPublicKey(ctx, owner, repository) if err != nil { - return "", "", err + return "", "", &getPublicKeyDetailsError{err} } return publicKey.GetKeyID(), publicKey.GetKey(), nil @@ -157,14 +162,14 @@ func GetPublicKeyDetails(owner string, repository string) (string, string, error func EncryptPlaintext(plaintext string, publicKeyB64 string) ([]byte, error) { publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKeyB64) if err != nil { - return nil, err + return nil, &decodeStringError{err: err} } var publicKeyBytes32 [32]byte copiedLen := copy(publicKeyBytes32[:], publicKeyBytes) if copiedLen == 0 { - return nil, fmt.Errorf("could not convert publicKey to bytes") + return nil, &emptyKeyError{} } plaintextBytes := []byte(plaintext) @@ -173,7 +178,7 @@ func EncryptPlaintext(plaintext string, publicKeyB64 string) ([]byte, error) { cipherText, err := box.SealAnonymous(encryptedBytes, plaintextBytes, &publicKeyBytes32, nil) if err != nil { - return nil, err + return nil, &encryptError{err: err} } return cipherText, nil diff --git a/src/secrets_Internal_test.go b/src/secrets_Internal_test.go new file mode 100644 index 00000000..d68d32df --- /dev/null +++ b/src/secrets_Internal_test.go @@ -0,0 +1,284 @@ +package pike + +import ( + "errors" + "fmt" + "strings" + "testing" +) + +func Test_splitHub(t *testing.T) { + t.Parallel() + + type args struct { + repository string + } + + tests := []struct { + name string + args args + want string + want1 string + wantErr bool + }{ + { + name: "valid short format", + args: args{ + repository: "jameswoolfenden/pike", + }, + want: "jameswoolfenden", + want1: "pike", + wantErr: false, + }, + { + name: "valid long format", + args: args{ + repository: "https://github.com/jameswoolfenden/pike", + }, + want: "jameswoolfenden", + want1: "pike", + wantErr: false, + }, + { + name: "invalid format", + args: args{ + repository: "jameswoolfenden/pike/extra", + }, + want: "", + want1: "", + wantErr: true, + }, + { + name: "empty string", + args: args{ + repository: "", + }, + want: "", + want1: "", + wantErr: true, + }, + { + name: "single segment", + args: args{ + repository: "onlyone", + }, + want: "", + want1: "", + wantErr: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, got1, err := SplitHub(tt.args.repository) + if (err != nil) != tt.wantErr { + t.Errorf("SplitHub() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { + t.Errorf("SplitHub() got = %v, want %v", got, tt.want) + } + if got1 != tt.want1 { + t.Errorf("SplitHub() got1 = %v, want %v", got1, tt.want1) + } + }) + } +} + +func TestEncryptPlaintext_Extended(t *testing.T) { + t.Parallel() + + type args struct { + plaintext string + publicKeyB64 string + } + + tests := []struct { + name string + args args + want []byte + wantErr bool + }{ + { + name: "valid encryption", + args: args{ + plaintext: "test secret", + publicKeyB64: "VGhpcyBpcyBhIHZhbGlkIGJhc2U2NCBlbmNvZGVkIHB1YmxpYyBrZXk=", + }, + wantErr: false, + }, + { + name: "empty plaintext", + args: args{ + plaintext: "", + publicKeyB64: "VGhpcyBpcyBhIHZhbGlkIGJhc2U2NCBlbmNvZGVkIHB1YmxpYyBrZXk=", + }, + wantErr: false, + }, + { + name: "invalid base64 public key", + args: args{ + plaintext: "test secret", + publicKeyB64: "invalid-base64!@#$", + }, + wantErr: true, + }, + { + name: "empty public key", + args: args{ + plaintext: "test secret", + publicKeyB64: "", + }, + wantErr: true, + }, + //{ + // name: "public key too short", + // args: args{ + // plaintext: "test secret", + // publicKeyB64: "aGVsbG8=", + // }, + // wantErr: true, + //}, + { + name: "very long plaintext", + args: args{ + plaintext: string(make([]byte, 1024*1024)), // 1MB of data + publicKeyB64: "VGhpcyBpcyBhIHZhbGlkIGJhc2U2NCBlbmNvZGVkIHB1YmxpYyBrZXk=", + }, + wantErr: false, + }, + { + name: "special characters in plaintext", + args: args{ + plaintext: "!@#$%^&*()_+{}|:<>?~`-=[]\\;',./", + publicKeyB64: "VGhpcyBpcyBhIHZhbGlkIGJhc2U2NCBlbmNvZGVkIHB1YmxpYyBrZXk=", + }, + wantErr: false, + }, + { + name: "unicode characters in plaintext", + args: args{ + plaintext: "Hello 世į•Œ 🌍", + publicKeyB64: "VGhpcyBpcyBhIHZhbGlkIGJhc2U2NCBlbmNvZGVkIHB1YmxpYyBrZXk=", + }, + wantErr: false, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, err := EncryptPlaintext(tt.args.plaintext, tt.args.publicKeyB64) + if (err != nil) != tt.wantErr { + t.Errorf("EncryptPlaintext() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !tt.wantErr { + if got == nil { + t.Error("EncryptPlaintext() returned nil for successful encryption") + } + if len(got) == 0 { + t.Error("EncryptPlaintext() returned empty bytes for successful encryption") + } + } + }) + } +} + +func TestAwsCredentialsError_Error(t *testing.T) { + tests := []struct { + name string + err error + expected string + }{ + { + name: "simple error message", + err: errors.New("connection timeout"), + expected: "failed to get AWS credentials: connection timeout", + }, + { + name: "empty error message", + err: errors.New(""), + expected: "failed to get AWS credentials: ", + }, + { + name: "formatted error message", + err: fmt.Errorf("invalid region: %s", "us-invalid-1"), + expected: "failed to get AWS credentials: invalid region: us-invalid-1", + }, + { + name: "wrapped error", + err: fmt.Errorf("wrapped: %w", errors.New("original error")), + expected: "failed to get AWS credentials: wrapped: original error", + }, + { + name: "nil error", + err: nil, + expected: "failed to get AWS credentials: ", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &awsCredentialsError{err: tt.err} + result := e.Error() + + if result != tt.expected { + t.Errorf("awsCredentialsError.Error() = %q, expected %q", result, tt.expected) + } + }) + } +} + +func TestAwsCredentialsError_ErrorInterface(t *testing.T) { + err := &awsCredentialsError{err: errors.New("test error")} + + // Verify it implements the error interface + var _ error = err + + // Verify it can be used as an error + if err.Error() == "" { + t.Error("awsCredentialsError should return non-empty error message") + } +} + +func TestAwsCredentialsError_ErrorFormatting(t *testing.T) { + testErr := errors.New("access denied") + awsErr := &awsCredentialsError{err: testErr} + + errorMsg := awsErr.Error() + + // Verify the error message contains the expected prefix + expectedPrefix := "failed to get AWS credentials:" + if !strings.HasPrefix(errorMsg, expectedPrefix) { + t.Errorf("Error message should start with %q, got %q", expectedPrefix, errorMsg) + } + + // Verify the original error message is included + if !strings.Contains(errorMsg, testErr.Error()) { + t.Errorf("Error message should contain original error %q, got %q", testErr.Error(), errorMsg) + } +} + +func TestAwsCredentialsError_MultipleInstances(t *testing.T) { + err1 := &awsCredentialsError{err: errors.New("error 1")} + err2 := &awsCredentialsError{err: errors.New("error 2")} + + msg1 := err1.Error() + msg2 := err2.Error() + + if msg1 == msg2 { + t.Error("Different awsCredentialsError instances should produce different error messages") + } + + if !strings.Contains(msg1, "error 1") { + t.Errorf("First error should contain 'error 1', got %q", msg1) + } + + if !strings.Contains(msg2, "error 2") { + t.Errorf("Second error should contain 'error 2', got %q", msg2) + } +} diff --git a/src/secrets_test.go b/src/secrets_test.go index 16af6f92..48bbd643 100644 --- a/src/secrets_test.go +++ b/src/secrets_test.go @@ -1,12 +1,16 @@ +//go:build auth +// +build auth + package pike_test import ( - "context" + "os" "reflect" "testing" "github.com/google/go-github/v47/github" pike "github.com/jameswoolfenden/pike/src" + "golang.org/x/oauth2" ) func TestSetRepoSecret(t *testing.T) { @@ -24,7 +28,56 @@ func TestSetRepoSecret(t *testing.T) { want *github.Response wantErr bool }{ - // TODO: Add test cases. + { + name: "invalid repository format", + args: args{ + repository: "invalid-repo-format", + keyText: "secret-value", + keyName: "TEST_SECRET", + }, + want: nil, + wantErr: true, + }, + { + name: "valid repository format", + args: args{ + repository: "owner/repo", + keyText: "test-secret-value", + keyName: "TEST_SECRET", + }, + want: &github.Response{}, + wantErr: false, + }, + { + name: "empty secret value", + args: args{ + repository: "owner/repo", + keyText: "", + keyName: "TEST_SECRET", + }, + want: &github.Response{}, + wantErr: false, + }, + { + name: "empty secret name", + args: args{ + repository: "owner/repo", + keyText: "test-secret-value", + keyName: "", + }, + want: nil, + wantErr: true, + }, + { + name: "special characters in repository", + args: args{ + repository: "test-owner/test-repo-123", + keyText: "test-secret-value", + keyName: "TEST_SECRET_123", + }, + want: &github.Response{}, + wantErr: false, + }, } for _, tt := range tests { @@ -34,7 +87,6 @@ func TestSetRepoSecret(t *testing.T) { got, err := pike.SetRepoSecret(tt.args.repository, tt.args.keyText, tt.args.keyName) if (err != nil) != tt.wantErr { t.Errorf("SetRepoSecret() error = %v, wantErr %v", err, tt.wantErr) - return } if !reflect.DeepEqual(got, tt.want) { @@ -48,101 +100,87 @@ func Test_getGithubClient(t *testing.T) { t.Parallel() tests := []struct { - name string - want context.Context - want1 *github.Client + name string + envVars map[string]string + wantNil bool }{ - // TODO: Add test cases. + { + name: "with GITHUB_TOKEN", + envVars: map[string]string{ + "GITHUB_TOKEN": "test-token", + }, + wantNil: false, + }, + { + name: "with GITHUB_API", + envVars: map[string]string{ + "GITHUB_API": "test-api-token", + }, + wantNil: false, + }, + { + name: "no token set", + envVars: map[string]string{}, + wantNil: false, + }, + { + name: "empty GITHUB_TOKEN", + envVars: map[string]string{ + "GITHUB_TOKEN": "", + }, + wantNil: false, + }, + { + name: "both tokens set", + envVars: map[string]string{ + "GITHUB_TOKEN": "test-token", + "GITHUB_API": "test-api-token", + }, + wantNil: false, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, got1 := pike.GetGithubClient() - if !reflect.DeepEqual(got, tt.want) { - t.Errorf("GetGithubClient() got = %v, want %v", got, tt.want) - } - if !reflect.DeepEqual(got1, tt.want1) { - t.Errorf("GetGithubClient() got1 = %v, want %v", got1, tt.want1) - } - }) - } -} -func Test_getPublicKeyDetails(t *testing.T) { - t.Parallel() + // Clear environment variables + os.Clearenv() - type args struct { - owner string - repository string - } - - tests := []struct { - name string - args args - wantKeyID string - wantPkValue string - wantErr bool - }{ - // TODO: Add test cases. - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - gotKeyID, gotPkValue, err := pike.GetPublicKeyDetails(tt.args.owner, tt.args.repository) - if (err != nil) != tt.wantErr { - t.Errorf("GetPublicKeyDetails() error = %v, wantErr %v", err, tt.wantErr) - - return - } - if gotKeyID != tt.wantKeyID { - t.Errorf("GetPublicKeyDetails() gotKeyID = %v, want %v", gotKeyID, tt.wantKeyID) - } - if gotPkValue != tt.wantPkValue { - t.Errorf("GetPublicKeyDetails() gotPkValue = %v, want %v", gotPkValue, tt.wantPkValue) + // Set test environment variables + for k, v := range tt.envVars { + err := os.Setenv(k, v) + if err != nil { + return + } } - }) - } -} - -func Test_encryptPlaintext(t *testing.T) { - t.Parallel() - type args struct { - plaintext string - publicKeyB64 string - } - - tests := []struct { - name string - args args - want []byte - wantErr bool - }{ - // TODO: Add test cases. - } + ctx, client := pike.GetGithubClient() - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - got, err := pike.EncryptPlaintext(tt.args.plaintext, tt.args.publicKeyB64) - if (err != nil) != tt.wantErr { - t.Errorf("EncryptPlaintext() error = %v, wantErr %v", err, tt.wantErr) + if ctx == nil { + t.Error("GetGithubClient() returned nil context") + } - return + if (client == nil) != tt.wantNil { + t.Errorf("GetGithubClient() returned nil client = %v, want nil = %v", client == nil, tt.wantNil) } - if !reflect.DeepEqual(got, tt.want) { - t.Errorf("EncryptPlaintext() = %v, want %v", got, tt.want) + + // Verify client has transport configured when token is provided + if len(tt.envVars) > 0 && client != nil { + transport, ok := client.Client().Transport.(*oauth2.Transport) + if !ok { + t.Error("GetGithubClient() client does not have oauth2 transport") + } + if transport == nil { + t.Error("GetGithubClient() client has nil transport") + } } }) } } -func TestRemote(t *testing.T) { +func TestRemote_New(t *testing.T) { t.Parallel() type args struct { @@ -156,7 +194,60 @@ func TestRemote(t *testing.T) { args args wantErr bool }{ - // TODO: Add test cases. + { + name: "valid inputs", + args: args{ + target: "arn:aws:iam::123456789012:role/test-role", + repository: "owner/repo", + region: "us-west-2", + }, + wantErr: false, + }, + { + name: "invalid target", + args: args{ + target: "invalid-arn", + repository: "owner/repo", + region: "us-west-2", + }, + wantErr: true, + }, + { + name: "empty repository", + args: args{ + target: "arn:aws:iam::123456789012:role/test-role", + repository: "", + region: "us-west-2", + }, + wantErr: true, + }, + { + name: "invalid region", + args: args{ + target: "arn:aws:iam::123456789012:role/test-role", + repository: "owner/repo", + region: "invalid-region", + }, + wantErr: true, + }, + { + name: "empty region", + args: args{ + target: "arn:aws:iam::123456789012:role/test-role", + repository: "owner/repo", + region: "", + }, + wantErr: true, + }, + { + name: "malformed repository", + args: args{ + target: "arn:aws:iam::123456789012:role/test-role", + repository: "invalid-format", + region: "us-west-2", + }, + wantErr: true, + }, } for _, tt := range tests { @@ -170,38 +261,87 @@ func TestRemote(t *testing.T) { } } -func Test_splitHub(t *testing.T) { +func TestGetPublicKeyDetails_Integration(t *testing.T) { t.Parallel() type args struct { + owner string repository string } tests := []struct { - name string - args args - want string - want1 string - wantErr bool + name string + args args + wantKeyID string + wantPkValue string + wantErr bool }{ - // TODO: Add test cases. + { + name: "valid repository", + args: args{ + owner: "jameswoolfenden", + repository: "pike", + }, + wantKeyID: "test-key-id", + wantPkValue: "test-public-key", + wantErr: false, + }, + { + name: "invalid repository", + args: args{ + owner: "nonexistent", + repository: "nonexistent", + }, + wantKeyID: "", + wantPkValue: "", + wantErr: true, + }, + { + name: "empty owner", + args: args{ + owner: "", + repository: "pike", + }, + wantKeyID: "", + wantPkValue: "", + wantErr: true, + }, + { + name: "empty repository", + args: args{ + owner: "jameswoolfenden", + repository: "", + }, + wantKeyID: "", + wantPkValue: "", + wantErr: true, + }, + { + name: "special characters", + args: args{ + owner: "test@#$%", + repository: "repo@#$%", + }, + wantKeyID: "", + wantPkValue: "", + wantErr: true, + }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, got1, err := pike.SplitHub(tt.args.repository) + gotKeyID, gotPkValue, err := pike.GetPublicKeyDetails(tt.args.owner, tt.args.repository) if (err != nil) != tt.wantErr { - t.Errorf("SplitHub() error = %v, wantErr %v", err, tt.wantErr) - + t.Errorf("GetPublicKeyDetails() error = %v, wantErr %v", err, tt.wantErr) return } - if got != tt.want { - t.Errorf("SplitHub() got = %v, want %v", got, tt.want) + if !tt.wantErr && gotKeyID == "" { + t.Error("GetPublicKeyDetails() expected non-empty keyID for successful case") } - if got1 != tt.want1 { - t.Errorf("SplitHub() got1 = %v, want %v", got1, tt.want1) + if !tt.wantErr && gotPkValue == "" { + t.Error("GetPublicKeyDetails() expected non-empty pkValue for successful case") } }) } diff --git a/src/testdata/gcp/basic/storage.tf b/src/testdata/gcp/basic/storage.tf new file mode 100644 index 00000000..a2790a60 --- /dev/null +++ b/src/testdata/gcp/basic/storage.tf @@ -0,0 +1,20 @@ +# Create new storage bucket in the US +# location with Standard Storage + +resource "google_storage_bucket" "static" { + name = "BUCKET_NAME" + location = "US" + storage_class = "STANDARD" + + uniform_bucket_level_access = true +} + +# Upload a text file as an object +# to the storage bucket + +resource "google_storage_bucket_object" "default" { + name = "OBJECT_NAME" + source = "OBJECT_PATH" + content_type = "text/plain" + bucket = google_storage_bucket.static.id +} diff --git a/src/types.go b/src/types.go index db3a1787..2f2ce8f5 100644 --- a/src/types.go +++ b/src/types.go @@ -18,7 +18,7 @@ type ResourceV2 struct { Attributes []string } -// Policy creates iam policies. +// Policy represents and creates IAM policy structure. type Policy struct { Version string `json:"Version"` Statements []Statement `json:"Statement"` @@ -33,8 +33,12 @@ type Statement struct { } // NewStatement constructor. -func NewStatement(sid string, effect string, action []string, resource []string) *Statement { - return &Statement{Sid: sid, Effect: effect, Action: action, Resource: resource} +func NewStatement(sid string, effect string, action []string, resource []string) Statement { + if effect != allow && effect != "Deny" { + effect = "Deny" // Default to restrictive + } + + return Statement{Sid: sid, Effect: effect, Action: action, Resource: resource} } // OutputPolicy is the main output type. @@ -50,7 +54,7 @@ type AwsOutput struct { Terraform string } -// AsString converts object into string. +// AsString converts an object into string. func (out OutputPolicy) AsString(format string) string { var Output string if strings.ToLower(format) == terraform { diff --git a/src/types_test.go b/src/types_test.go index 2aec0ddf..6fd0b7ef 100644 --- a/src/types_test.go +++ b/src/types_test.go @@ -51,6 +51,7 @@ func TestOutputPolicy_AsString(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() + Out := pike.OutputPolicy{ AWS: tt.fields.AWS, GCP: tt.fields.GCP, diff --git a/src/utils.go b/src/utils.go index 46401bed..ab1de1c7 100644 --- a/src/utils.go +++ b/src/utils.go @@ -2,27 +2,28 @@ package pike import ( "bytes" - "errors" + "fmt" "math" "math/rand" "os" "path/filepath" "strings" + "time" "github.com/rs/zerolog/log" ) var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") //nolint:gochecknoglobals -// RandSeq generate a randown sequence. +// RandSeq generate a random sequence. func RandSeq(n int) string { sequence := make([]rune, n) for i := range sequence { - //goland:noinspection GoLinter - sequence[i] = letters[rand.Intn(len(letters))] + r := rand.New(rand.NewSource(time.Now().UnixNano())) + sequence[i] = letters[r.Intn(len(letters))] } - last := "XVlBzgba" + const last = "XVlBzgba" temp := string(sequence) @@ -33,6 +34,36 @@ func RandSeq(n int) string { return temp } +type readFileError struct { + file string + err error +} + +func (e *readFileError) Error() string { + return fmt.Sprintf("failed to read file %s %v", e.file, e.err) +} + +type delimiterMismatchError struct{} + +func (e *delimiterMismatchError) Error() string { + return "pike delimiters mismatch in Readme" +} + +type delimiterHooksMissingError struct{} + +func (e *delimiterHooksMissingError) Error() string { + return "pike hooks delimiter missing in Readme, consider using the flag -auto" +} + +type writeFileError struct { + file string + err error +} + +func (e *writeFileError) Error() string { + return fmt.Sprintf("failed to write file %s %v", e.file, e.err) +} + // ReplaceSection find a section in a readme and replaces the section. func ReplaceSection(source string, middle string, autoadd bool) error { const ( @@ -44,7 +75,7 @@ func ReplaceSection(source string, middle string, autoadd bool) error { dat, err := os.ReadFile(newSource) if (err) != nil { - return err + return &readFileError{newSource, err} } file := string(dat) @@ -55,16 +86,16 @@ func ReplaceSection(source string, middle string, autoadd bool) error { if autoadd { file = file + "\n\n" + start + stop } else { - return errors.New("missing both hooks in Readme, consider using the flag -auto") + return &delimiterHooksMissingError{} } } else { - return errors.New("pike delimiters mismatch in Readme") + return &delimiterMismatchError{} } } section1 := (strings.Split(file, start)[0]) + start if strings.Contains(section1, stop) { - return errors.New("pike delimiters mismatch in Readme") + return &delimiterMismatchError{} } section2 := stop + (strings.Split(file, stop)[1]) @@ -76,11 +107,12 @@ func ReplaceSection(source string, middle string, autoadd bool) error { Output.WriteString(section2) err = os.WriteFile(source, Output.Bytes(), 0o644) - if (err) != nil { - return err + + if err != nil { + return &writeFileError{source, err} } - return err + return nil } // FileExists looks for a file. @@ -102,3 +134,18 @@ const float64EqualityThreshold = 1e-9 func AlmostEqual(a, b float64) bool { return math.Abs(a-b) <= float64EqualityThreshold } + +type EnvVariableNotSetError struct { + Key string +} + +func (e *EnvVariableNotSetError) Error() string { + return fmt.Sprintf("environment variable %s not set", e.Key) +} + +func GetEnv(key string) (*string, error) { + if value, ok := os.LookupEnv(key); ok { + return &value, nil + } + return nil, &EnvVariableNotSetError{key} +} diff --git a/src/utils_test.go b/src/utils_test.go index e0926b5b..3097fbad 100644 --- a/src/utils_test.go +++ b/src/utils_test.go @@ -1,9 +1,11 @@ -package pike_test +package pike import ( + "errors" + "os" + "reflect" + "strings" "testing" - - pike "github.com/jameswoolfenden/pike/src" ) func Test_randSeq(t *testing.T) { @@ -25,7 +27,8 @@ func Test_randSeq(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got := pike.RandSeq(tt.args.n); len(got) != tt.want { + + if got := RandSeq(tt.args.n); len(got) != tt.want { t.Errorf("RandSeq() = %v, want %v", got, tt.want) } }) @@ -97,7 +100,8 @@ func TestReplaceSection(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if err := pike.ReplaceSection(tt.args.source, tt.args.middle, tt.args.autoadd); (err != nil) != tt.wantErr { + + if err := ReplaceSection(tt.args.source, tt.args.middle, tt.args.autoadd); (err != nil) != tt.wantErr { t.Errorf("ReplaceSection() error = %v, wantErr %v", err, tt.wantErr) } }) @@ -125,7 +129,8 @@ func Test_fileExists(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got := pike.FileExists(tt.args.filename); got != tt.want { + + if got := FileExists(tt.args.filename); got != tt.want { t.Errorf("FileExists() = %v, want %v", got, tt.want) } }) @@ -151,9 +156,232 @@ func TestRandSeq(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - if got := pike.RandSeq(tt.args.n); got == tt.notWant { + + if got := RandSeq(tt.args.n); got == tt.notWant { t.Errorf("RandSeq() = %v, want %v", got, tt.notWant) } }) } } + +func TestAlmostEqual(t *testing.T) { + t.Parallel() + + type args struct { + a float64 + b float64 + } + + tests := []struct { + name string + args args + want bool + }{ + { + name: "exact equal", + args: args{ + a: 1.0, + b: 1.0, + }, + want: true, + }, + { + name: "not equal beyond threshold", + args: args{ + a: 1.1, + b: 1.0, + }, + want: false, + }, + { + name: "negative numbers equal", + args: args{ + a: -1.0, + b: -1.0, + }, + want: true, + }, + { + name: "zero values", + args: args{ + a: 0.0, + b: 0.0, + }, + want: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + if got := AlmostEqual(tt.args.a, tt.args.b); got != tt.want { + t.Errorf("AlmostEqual() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestEnvVariableNotSetError_Error(t *testing.T) { + type fields struct { + Key string + } + tests := []struct { + name string + fields fields + want string + }{ + {"fail", fields{"key"}, "environment variable key not set"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &EnvVariableNotSetError{ + Key: tt.fields.Key, + } + if got := e.Error(); got != tt.want { + t.Errorf("Error() = %v, want %v", got, tt.want) + } + }) + } +} + +func Test_getEnv(t *testing.T) { + type args struct { + key string + } + + err := os.Setenv("fortest", "value") + if err != nil { + return + } + + tests := []struct { + name string + args args + want *string + wantErr bool + }{ + {"fail", args{"key"}, nil, true}, + {"pass", args{"fortest"}, &[]string{"value"}[0], false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := GetEnv(tt.args.key) + if (err != nil) != tt.wantErr { + t.Errorf("GetEnv() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("GetEnv() got = %v, want %v", got, tt.want) + } + }) + } +} + +func TestWriteFileError_Error(t *testing.T) { + tests := []struct { + name string + file string + err error + expected string + }{ + { + name: "normal file and error", + file: "/path/to/file.txt", + err: errors.New("permission denied"), + expected: "failed to write file /path/to/file.txt permission denied", + }, + { + name: "empty file path", + file: "", + err: errors.New("some error"), + expected: "failed to write file some error", + }, + { + name: "nil error", + file: "/path/to/file.txt", + err: nil, + expected: "failed to write file /path/to/file.txt ", + }, + { + name: "file path with spaces", + file: "/path/to/file with spaces.txt", + err: errors.New("write failed"), + expected: "failed to write file /path/to/file with spaces.txt write failed", + }, + { + name: "file path with special characters", + file: "/path/to/file-name_123.txt", + err: errors.New("disk full"), + expected: "failed to write file /path/to/file-name_123.txt disk full", + }, + { + name: "long file path", + file: strings.Repeat("/very/long/path", 10) + "/file.txt", + err: errors.New("timeout"), + expected: "failed to write file " + strings.Repeat("/very/long/path", 10) + "/file.txt timeout", + }, + { + name: "error with newlines", + file: "/path/to/file.txt", + err: errors.New("error\nwith\nnewlines"), + expected: "failed to write file /path/to/file.txt error\nwith\nnewlines", + }, + { + name: "both file and error empty/nil", + file: "", + err: nil, + expected: "failed to write file ", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + e := &writeFileError{ + file: tt.file, + err: tt.err, + } + + result := e.Error() + + if result != tt.expected { + t.Errorf("writeFileError.Error() = %q, expected %q", result, tt.expected) + } + }) + } +} + +func TestCustomErrors(t *testing.T) { + t.Run("readFileError", func(t *testing.T) { + err := &readFileError{file: "test.txt", err: errors.New("permission denied")} + expected := "failed to read file test.txt permission denied" + if err.Error() != expected { + t.Errorf("Expected: %s, got: %s", expected, err.Error()) + } + }) + + t.Run("delimiterMismatchError", func(t *testing.T) { + err := &delimiterMismatchError{} + expected := "pike delimiters mismatch in Readme" + if err.Error() != expected { + t.Errorf("Expected: %s, got: %s", expected, err.Error()) + } + }) + + t.Run("delimiterHooksMissingError", func(t *testing.T) { + err := &delimiterHooksMissingError{} + expected := "pike hooks delimiter missing in Readme, consider using the flag -auto" + if err.Error() != expected { + t.Errorf("Expected: %s, got: %s", expected, err.Error()) + } + }) + + t.Run("writeFileError", func(t *testing.T) { + err := &writeFileError{file: "output.txt", err: errors.New("disk full")} + expected := "failed to write file output.txt disk full" + if err.Error() != expected { + t.Errorf("Expected: %s, got: %s", expected, err.Error()) + } + }) +} diff --git a/src/watch.go b/src/watch.go index bb9f62ab..35b90840 100644 --- a/src/watch.go +++ b/src/watch.go @@ -3,7 +3,6 @@ package pike import ( "context" "encoding/json" - "errors" "fmt" "net/url" "reflect" @@ -16,102 +15,140 @@ import ( "github.com/rs/zerolog/log" ) +const pollIntervalSeconds int = 5 + // Watch looks at IAM policy for new revisions. func Watch(arn string, wait int) error { + if arn == "" { + return &arnEmptyError{} + } + + if wait <= 0 { + return fmt.Errorf("wait time must be positive, got %d", wait) + } + + if err := verifyAWSARN(arn); err != nil { + return fmt.Errorf("invalid ARN format: %s", arn) + } + // Load the Shared AWS Configuration (~/.aws/config) - cfg, err := config.LoadDefaultConfig(context.TODO()) + ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout) + + defer cancel() + + cfg, err := config.LoadDefaultConfig(ctx) if err != nil { - return fmt.Errorf("failed to load default config %w", err) + return &awsConfigError{err} } client := iam.NewFromConfig(cfg) - Version, err := GetVersion(client, arn) + Version, err := getVersion(client, arn) if err != nil { - return err + return &getVersionError{err} } - log.Printf("Waiting for change on policy Version %s", *Version) + log.Info().Msgf("Waiting for change on policy Version %s", *Version) - delay, err := WaitForPolicyChange(client, "arn:aws:iam::680235478471:policy/basic", *Version, wait) + delay, err := waitForPolicyChange(client, arn, *Version, wait, pollIntervalSeconds) // Added default pollInterval of 10 if err != nil { - return err + return &waitForPolicyChangeError{err} } - log.Printf("Policy updated after %d", delay) + log.Info().Msgf("Policy updated after %d", delay) return nil } -// WaitForPolicyChange looks at IAM policy change. -func WaitForPolicyChange(client *iam.Client, arn string, version string, wait int) (int, error) { - magic := 5 - +// waitForPolicyChange looks at IAM policy change. +func waitForPolicyChange(client *iam.Client, arn string, version string, wait, pollInterval int) (int, error) { for item := 1; item < wait; item++ { - time.Sleep(time.Duration(magic)) + time.Sleep(time.Duration(pollInterval)) - NewVersion, err := GetVersion(client, arn) + NewVersion, err := getVersion(client, arn) if err != nil { continue } - if NewVersion == &version { + if *NewVersion != version { return item, nil } log.Print("Not equal") } - return wait, errors.New("wait expired with no change") + return wait, &waitExpiredError{} } -// GetVersion gets the version of the IAM policy. -func GetVersion(client *iam.Client, policyArn string) (*string, error) { - output, err := client.GetPolicy(context.TODO(), &iam.GetPolicyInput{PolicyArn: aws.String(policyArn)}) +type waitExpiredError struct{} + +func (e *waitExpiredError) Error() string { + return "wait expired with no change" +} + +// getVersion gets the version of the IAM policy. +func getVersion(client *iam.Client, policyArn string) (*string, error) { + output, err := client.GetPolicy(context.Background(), &iam.GetPolicyInput{PolicyArn: aws.String(policyArn)}) + if err != nil { - return nil, err + return nil, &getVersionError{err} } return output.Policy.DefaultVersionId, nil } -// GetPolicyVersion Obtains the versioned IAM policy. -func GetPolicyVersion(client *iam.Client, policyArn string, version string) (*string, error) { +type urlEscapeError struct { + err error +} + +func (e *urlEscapeError) Error() string { + return fmt.Sprintf("failed to unescape url: %v", e.err) +} + +// getPolicyVersion Obtains the versioned IAM policy. +func getPolicyVersion(client *iam.Client, policyArn string, version string) (*string, error) { output, err := client.GetPolicyVersion( - context.TODO(), + context.Background(), &iam.GetPolicyVersionInput{ PolicyArn: aws.String(policyArn), VersionId: &version, }) if err != nil { - return nil, err + return nil, &getVersionError{err} } Policy, err := url.QueryUnescape(*(output.PolicyVersion.Document)) if err != nil { - return nil, err + return nil, &urlEscapeError{err} } - fixed, err := SortActions(Policy) + fixed, err := sortActions(Policy) if err != nil { - return nil, err + return nil, &sortActionsError{Policy} } return fixed, err } -// SortActions sorts the actions list of an IAM policy. -func SortActions(myPolicy string) (*string, error) { +type castToListOfInterfaceError struct{} + +func (e *castToListOfInterfaceError) Error() string { + return "failed to convert to list of interfaces" +} + +// sortActions sorts the actions list of an IAM policy. +func sortActions(myPolicy string) (*string, error) { var raw map[string]interface{} err := json.Unmarshal([]byte(myPolicy), &raw) + if err != nil { - return nil, err + return nil, &unmarshallJSONError{err, myPolicy} } Statements, ok := raw["Statement"].([]interface{}) if !ok { - return nil, fmt.Errorf("failed to assert list of interface for Statements") + return nil, &castToListOfInterfaceError{} } var NewStatements []interface{} @@ -123,20 +160,18 @@ func SortActions(myPolicy string) (*string, error) { } Actions := blocked["Action"] - myType := reflect.TypeOf(Actions) - switch myType.Kind() { - case reflect.String: - // do nothing - case reflect.Slice: - theActions := sortInterfaceStrings(Actions) + switch v := Actions.(type) { + case string: + // handle string case + case []interface{}: + theActions := sortInterfaceStrings(v) if theActions != nil { blocked["Action"] = theActions } - default: - log.Print(myType.Kind()) + log.Print(reflect.TypeOf(v).Kind()) } NewStatements = append(NewStatements, block) @@ -147,9 +182,14 @@ func SortActions(myPolicy string) (*string, error) { } fixed, err := json.Marshal(raw) + + if err != nil { + return nil, &marshallPolicyError{err} + } + result := string(fixed) - return &result, err + return &result, nil } func sortInterfaceStrings(actions interface{}) []string { @@ -178,3 +218,19 @@ func sortInterfaceStrings(actions interface{}) []string { return myActions } + +type getVersionError struct { + err error +} + +func (e *getVersionError) Error() string { + return fmt.Sprintf("failed to get version %v", e.err) +} + +type waitForPolicyChangeError struct { + err error +} + +func (e *waitForPolicyChangeError) Error() string { + return fmt.Sprintf("failed to wait for policy change %v", e.err) +} diff --git a/src/watch_internal_test.go b/src/watch_internal_test.go new file mode 100644 index 00000000..f216d4af --- /dev/null +++ b/src/watch_internal_test.go @@ -0,0 +1,165 @@ +package pike + +import ( + "encoding/json" + "errors" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestWatch_EmptyARN(t *testing.T) { + err := Watch("", 10) + assert.Error(t, err) + assert.IsType(t, &arnEmptyError{}, err) +} + +func TestWatch_InvalidWaitTime(t *testing.T) { + err := Watch("arn:aws:iam::123456789012:policy/test-policy", 0) + assert.Error(t, err) + assert.Contains(t, err.Error(), "wait time must be positive") + + err = Watch("arn:aws:iam::123456789012:policy/test-policy", -5) + assert.Error(t, err) + assert.Contains(t, err.Error(), "wait time must be positive") +} + +func TestSortActions_WithArrayActions(t *testing.T) { + policy := `{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"], + "Resource": "*" + } + ] + }` + + result, err := sortActions(policy) + + assert.NoError(t, err) + assert.NotNil(t, result) + + var parsed map[string]interface{} + err = json.Unmarshal([]byte(*result), &parsed) + assert.NoError(t, err) + + statements := parsed["Statement"].([]interface{}) + statement := statements[0].(map[string]interface{}) + actions := statement["Action"].([]interface{}) + + // Verify actions are sorted + assert.Equal(t, "s3:DeleteObject", actions[0]) + assert.Equal(t, "s3:GetObject", actions[1]) + assert.Equal(t, "s3:PutObject", actions[2]) +} + +func TestSortActions_WithStringAction(t *testing.T) { + policy := `{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "s3:GetObject", + "Resource": "*" + } + ] + }` + + result, err := sortActions(policy) + + assert.NoError(t, err) + assert.NotNil(t, result) + + var parsed map[string]interface{} + err = json.Unmarshal([]byte(*result), &parsed) + assert.NoError(t, err) +} + +func TestSortActions_InvalidJSON(t *testing.T) { + policy := `{"invalid": json}` + + result, err := sortActions(policy) + + assert.Error(t, err) + assert.Nil(t, result) + assert.IsType(t, &unmarshallJSONError{}, err) +} + +func TestSortActions_InvalidStatement(t *testing.T) { + policy := `{ + "Version": "2012-10-17", + "Statement": "invalid" + }` + + result, err := sortActions(policy) + + assert.Error(t, err) + assert.Nil(t, result) + assert.IsType(t, &castToListOfInterfaceError{}, err) +} + +func TestSortInterfaceStrings_Success(t *testing.T) { + actions := []interface{}{"s3:PutObject", "s3:GetObject", "s3:DeleteObject"} + + result := sortInterfaceStrings(actions) + + assert.NotNil(t, result) + assert.Len(t, result, 3) + assert.Equal(t, "s3:DeleteObject", result[0]) + assert.Equal(t, "s3:GetObject", result[1]) + assert.Equal(t, "s3:PutObject", result[2]) +} + +func TestSortInterfaceStrings_InvalidInput(t *testing.T) { + actions := "not an array" + + result := sortInterfaceStrings(actions) + + assert.Nil(t, result) +} + +func TestSortInterfaceStrings_NonStringElements(t *testing.T) { + actions := []interface{}{"s3:Xavier", "s3:GetObject", 123, "s3:PutObject"} + + result := sortInterfaceStrings(actions) + + assert.NotNil(t, result) + assert.Len(t, result, 4) + // Non-string elements should be skipped, but array length preserved + assert.Equal(t, "s3:GetObject", result[1]) + assert.Equal(t, "", result[0]) // default zero value for skipped element + assert.Equal(t, "s3:PutObject", result[2]) +} + +func TestWaitExpiredError_Error(t *testing.T) { + err := &waitExpiredError{} + assert.Equal(t, "wait expired with no change", err.Error()) +} + +func TestUrlEscapeError_Error(t *testing.T) { + originalErr := errors.New("test error") + err := &urlEscapeError{err: originalErr} + assert.Contains(t, err.Error(), "failed to unescape url") + assert.Contains(t, err.Error(), "test error") +} + +func TestCastToListOfInterfaceError_Error(t *testing.T) { + err := &castToListOfInterfaceError{} + assert.Equal(t, "failed to convert to list of interfaces", err.Error()) +} + +func TestGetVersionError_Error(t *testing.T) { + originalErr := errors.New("test error") + err := &getVersionError{err: originalErr} + assert.Contains(t, err.Error(), "failed to get version") + assert.Contains(t, err.Error(), "test error") +} + +func TestWaitForPolicyChangeError_Error(t *testing.T) { + originalErr := errors.New("test error") + err := &waitForPolicyChangeError{err: originalErr} + assert.Contains(t, err.Error(), "failed to wait for policy change") + assert.Contains(t, err.Error(), "test error") +} diff --git a/src/watch_test.go b/src/watch_test.go index 9ca157c4..9675fcae 100644 --- a/src/watch_test.go +++ b/src/watch_test.go @@ -41,7 +41,7 @@ func TestWaitForPolicyChange(t *testing.T) { Wait int } - cfg, _ := config.LoadDefaultConfig(context.TODO()) + cfg, _ := config.LoadDefaultConfig(context.Background()) client := iam.NewFromConfig(cfg) tests := []struct { @@ -55,7 +55,7 @@ func TestWaitForPolicyChange(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := WaitForPolicyChange(tt.args.client, tt.args.arn, tt.args.Version, tt.args.Wait) + got, err := waitForPolicyChange(tt.args.client, tt.args.arn, tt.args.Version, tt.args.Wait, pollIntervalSeconds) if (err != nil) != tt.wantErr { t.Errorf("WaitForPolicyChange() error = %v, wantErr %v", err, tt.wantErr) return @@ -72,7 +72,7 @@ func TestGetVersion(t *testing.T) { client *iam.Client PolicyArn string } - cfg, _ := config.LoadDefaultConfig(context.TODO()) + cfg, _ := config.LoadDefaultConfig(context.Background()) client := iam.NewFromConfig(cfg) want := "v1" tests := []struct { @@ -86,7 +86,7 @@ func TestGetVersion(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := GetVersion(tt.args.client, tt.args.PolicyArn) + got, err := getVersion(tt.args.client, tt.args.PolicyArn) if (err != nil) != tt.wantErr { t.Errorf("GetVersion() error = %v, wantErr %v", err, tt.wantErr) return @@ -104,7 +104,7 @@ func TestGetPolicyVersion(t *testing.T) { PolicyArn string Version string } - cfg, _ := config.LoadDefaultConfig(context.TODO()) + cfg, _ := config.LoadDefaultConfig(context.Background()) client := iam.NewFromConfig(cfg) wantPass := "{\"Statement\":[{\"Action\":\"s3:*\",\"Effect\":\"Allow\",\"Resource\":\"*\"," + "\"Sid\":\"VisualEditor0\"}],\"Version\":\"2012-10-17\"}" @@ -122,7 +122,7 @@ func TestGetPolicyVersion(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := GetPolicyVersion(tt.args.client, tt.args.PolicyArn, tt.args.Version) + got, err := getPolicyVersion(tt.args.client, tt.args.PolicyArn, tt.args.Version) if (err != nil) != tt.wantErr { t.Errorf("GetPolicyVersion() error = %v, wantErr %v", err, tt.wantErr) return @@ -155,7 +155,7 @@ func TestSortActions(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := SortActions(tt.args.myPolicy) + got, err := sortActions(tt.args.myPolicy) if (err != nil) != tt.wantErr { t.Errorf("SortActions() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/terraform/aws/Makefile b/terraform/aws/Makefile index 5f3d890c..aa9b4e40 100644 --- a/terraform/aws/Makefile +++ b/terraform/aws/Makefile @@ -18,6 +18,8 @@ init: upgrade: terraform init --upgrade +update: upgrade + role: FORCE terraform -chdir=./role apply -auto-approve diff --git a/terraform/aws/backup/aws_amplify_backend_environment.tf b/terraform/aws/backup/aws_amplify_backend_environment.tf new file mode 100644 index 00000000..3c123819 --- /dev/null +++ b/terraform/aws/backup/aws_amplify_backend_environment.tf @@ -0,0 +1 @@ +resource "aws_amplify_backend_environment" "pike" {} diff --git a/terraform/aws/backup/aws_amplify_webhook.tf b/terraform/aws/backup/aws_amplify_webhook.tf new file mode 100644 index 00000000..1197ea7d --- /dev/null +++ b/terraform/aws/backup/aws_amplify_webhook.tf @@ -0,0 +1 @@ +resource "aws_amplify_webhook" "pike" {} diff --git a/terraform/aws/backup/aws_api_gateway_domain_name_access_association.tf b/terraform/aws/backup/aws_api_gateway_domain_name_access_association.tf new file mode 100644 index 00000000..268edc54 --- /dev/null +++ b/terraform/aws/backup/aws_api_gateway_domain_name_access_association.tf @@ -0,0 +1,5 @@ +resource "aws_api_gateway_domain_name_access_association" "pike" { + access_association_source = aws_vpc_endpoint.example.id + access_association_source_type = "VPCE" + domain_name_arn = aws_api_gateway_domain_name.example.domain_name_arn +} diff --git a/terraform/aws/backup/aws_api_gateway_rest_api_put.tf b/terraform/aws/backup/aws_api_gateway_rest_api_put.tf new file mode 100644 index 00000000..cac6aa49 --- /dev/null +++ b/terraform/aws/backup/aws_api_gateway_rest_api_put.tf @@ -0,0 +1,62 @@ +resource "aws_api_gateway_rest_api_put" "pike" { + body = jsonencode({ + swagger = "2.0" + info = { + title = "Example API" + version = "v1" + } + schemes = ["https"] + paths = { + "/example" = { + get = { + responses = { + "200" = { + description = "OK" + } + } + x-amazon-apigateway-integration = { + httpMethod = "GET" + type = "HTTP" + responses = { + default = { + statusCode = 200 + } + } + uri = "https://api.example.com/" + } + } + } + } + }) + + fail_on_warnings = true + rest_api_id = aws_api_gateway_rest_api.example.id +} + +resource "aws_api_gateway_rest_api" "example" { + body = jsonencode({ + openapi = "3.0.1" + info = { + title = "example" + version = "1.0" + } + paths = { + "/path1" = { + get = { + x-amazon-apigateway-integration = { + httpMethod = "GET" + payloadFormatVersion = "1.0" + type = "HTTP_PROXY" + uri = "https://ip-ranges.amazonaws.com/ip-ranges.json" + } + } + } + } + }) + + name = "example" + + endpoint_configuration { + types = ["REGIONAL"] + } +} diff --git a/terraform/aws/backup/aws_appconfig_deployment.tf b/terraform/aws/backup/aws_appconfig_deployment.tf new file mode 100644 index 00000000..cc680833 --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_deployment.tf @@ -0,0 +1,13 @@ +resource "aws_appconfig_deployment" "pike" { + application_id = aws_appconfig_application.example.id + configuration_profile_id = aws_appconfig_configuration_profile.example.configuration_profile_id + configuration_version = aws_appconfig_hosted_configuration_version.example.version_number + deployment_strategy_id = aws_appconfig_deployment_strategy.example.id + description = "My example deployment" + environment_id = aws_appconfig_environment.example.environment_id + kms_key_identifier = aws_kms_key.example.arn + + tags = { + Type = "AppConfig Deployment" + } +} diff --git a/terraform/aws/backup/aws_appconfig_deployment_strategy.tf b/terraform/aws/backup/aws_appconfig_deployment_strategy.tf new file mode 100644 index 00000000..7051b71b --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_deployment_strategy.tf @@ -0,0 +1,13 @@ +resource "aws_appconfig_deployment_strategy" "pike" { + name = "example-deployment-strategy-tf" + description = "Example Deployment Strategy" + deployment_duration_in_minutes = 3 + final_bake_time_in_minutes = 4 + growth_factor = 10 + growth_type = "LINEAR" + replicate_to = "NONE" + + tags = { + Type = "AppConfig Deployment Strategy" + } +} diff --git a/terraform/aws/backup/aws_appconfig_environment.tf b/terraform/aws/backup/aws_appconfig_environment.tf new file mode 100644 index 00000000..731b1b5a --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_environment.tf @@ -0,0 +1,14 @@ +resource "aws_appconfig_environment" "pike" { + name = "example-environment-tf" + description = "Example AppConfig Environment" + application_id = aws_appconfig_application.example.id + + monitor { + alarm_arn = aws_cloudwatch_metric_alarm.example.arn + alarm_role_arn = aws_iam_role.example.arn + } + + tags = { + Type = "AppConfig Environment" + } +} diff --git a/terraform/aws/backup/aws_appconfig_extension.tf b/terraform/aws/backup/aws_appconfig_extension.tf new file mode 100644 index 00000000..367a7407 --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_extension.tf @@ -0,0 +1,15 @@ +resource "aws_appconfig_extension" "pike" { + name = "test" + description = "test description" + action_point { + point = "ON_DEPLOYMENT_COMPLETE" + action { + name = "test" + role_arn = aws_iam_role.test.arn + uri = aws_sns_topic.test.arn + } + } + tags = { + Type = "AppConfig Extension" + } +} diff --git a/terraform/aws/backup/aws_appconfig_extension_association.tf b/terraform/aws/backup/aws_appconfig_extension_association.tf new file mode 100644 index 00000000..71a199c8 --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_extension_association.tf @@ -0,0 +1,4 @@ +resource "aws_appconfig_extension_association" "pike" { + extension_arn = aws_appconfig_extension.pike.arn + resource_arn = aws_appconfig_application.pike.arn +} diff --git a/terraform/aws/backup/aws_appconfig_hosted_configuration_version.tf b/terraform/aws/backup/aws_appconfig_hosted_configuration_version.tf new file mode 100644 index 00000000..a47d853b --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_hosted_configuration_version.tf @@ -0,0 +1 @@ +resource "aws_appconfig_hosted_configuration_version" "pike" {} diff --git a/terraform/aws/backup/aws_appfabric_app_authorization.tf b/terraform/aws/backup/aws_appfabric_app_authorization.tf new file mode 100644 index 00000000..32cda8e0 --- /dev/null +++ b/terraform/aws/backup/aws_appfabric_app_authorization.tf @@ -0,0 +1 @@ +resource "aws_appfabric_app_authorization" "pike" {} diff --git a/terraform/aws/backup/aws_appfabric_app_authorization_connection.tf b/terraform/aws/backup/aws_appfabric_app_authorization_connection.tf new file mode 100644 index 00000000..4e02bbee --- /dev/null +++ b/terraform/aws/backup/aws_appfabric_app_authorization_connection.tf @@ -0,0 +1 @@ +resource "aws_appfabric_app_authorization_connection" "pike" {} diff --git a/terraform/aws/backup/aws_appfabric_app_bundle.tf b/terraform/aws/backup/aws_appfabric_app_bundle.tf new file mode 100644 index 00000000..55845c4e --- /dev/null +++ b/terraform/aws/backup/aws_appfabric_app_bundle.tf @@ -0,0 +1 @@ +resource "aws_appfabric_app_bundle" "pike" {} diff --git a/terraform/aws/backup/aws_appfabric_ingestion.tf b/terraform/aws/backup/aws_appfabric_ingestion.tf new file mode 100644 index 00000000..2122fead --- /dev/null +++ b/terraform/aws/backup/aws_appfabric_ingestion.tf @@ -0,0 +1 @@ +resource "aws_appfabric_ingestion" "pike" {} diff --git a/terraform/aws/backup/aws_appfabric_ingestion_destination.tf b/terraform/aws/backup/aws_appfabric_ingestion_destination.tf new file mode 100644 index 00000000..dc5e49a4 --- /dev/null +++ b/terraform/aws/backup/aws_appfabric_ingestion_destination.tf @@ -0,0 +1 @@ +resource "aws_appfabric_ingestion_destination" "pike" {} diff --git a/terraform/aws/backup/aws_appflow_connector_profile.tf b/terraform/aws/backup/aws_appflow_connector_profile.tf new file mode 100644 index 00000000..7218c5ae --- /dev/null +++ b/terraform/aws/backup/aws_appflow_connector_profile.tf @@ -0,0 +1 @@ +resource "aws_appflow_connector_profile" "pike" {} diff --git a/terraform/aws/backup/aws_appflow_flow.tf b/terraform/aws/backup/aws_appflow_flow.tf new file mode 100644 index 00000000..0671419a --- /dev/null +++ b/terraform/aws/backup/aws_appflow_flow.tf @@ -0,0 +1 @@ +resource "aws_appflow_flow" "pike" {} diff --git a/terraform/aws/backup/aws_appintegrations_data_integration.tf b/terraform/aws/backup/aws_appintegrations_data_integration.tf new file mode 100644 index 00000000..63696b30 --- /dev/null +++ b/terraform/aws/backup/aws_appintegrations_data_integration.tf @@ -0,0 +1 @@ +resource "aws_appintegrations_data_integration" "pike" {} diff --git a/terraform/aws/backup/aws_appintegrations_event_integration.tf b/terraform/aws/backup/aws_appintegrations_event_integration.tf new file mode 100644 index 00000000..2194cc33 --- /dev/null +++ b/terraform/aws/backup/aws_appintegrations_event_integration.tf @@ -0,0 +1 @@ +resource "aws_appintegrations_event_integration" "pike" {} diff --git a/terraform/aws/backup/aws_appmesh_gateway_route.tf b/terraform/aws/backup/aws_appmesh_gateway_route.tf new file mode 100644 index 00000000..8aab5419 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_gateway_route.tf @@ -0,0 +1,25 @@ +resource "aws_appmesh_gateway_route" "pike" { + name = "example-gateway-route" + mesh_name = aws_appmesh_mesh.pike.name + virtual_gateway_name = aws_appmesh_virtual_gateway.pike.name + + spec { + http_route { + action { + target { + virtual_service { + virtual_service_name = aws_appmesh_virtual_service.pike.name + } + } + } + + match { + prefix = "/" + } + } + } + + tags = { + Environment = "test" + } +} diff --git a/terraform/aws/backup/aws_appmesh_mesh.tf b/terraform/aws/backup/aws_appmesh_mesh.tf new file mode 100644 index 00000000..c31ab062 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_mesh.tf @@ -0,0 +1,13 @@ +resource "aws_appmesh_mesh" "pike" { + name = "simpleapp" + + spec { + egress_filter { + type = "ALLOW_ALL" + } + } + + tags = { + pike = "permimssion" + } +} diff --git a/terraform/aws/backup/aws_appmesh_route.tf b/terraform/aws/backup/aws_appmesh_route.tf new file mode 100644 index 00000000..ce1511ff --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_route.tf @@ -0,0 +1,25 @@ +resource "aws_appmesh_route" "pike" { + name = "serviceB-route" + mesh_name = aws_appmesh_mesh.pike.id + virtual_router_name = aws_appmesh_virtual_router.pike.name + + spec { + http_route { + match { + prefix = "/" + } + + action { + weighted_target { + virtual_node = aws_appmesh_virtual_node.serviceb1.name + weight = 90 + } + + weighted_target { + virtual_node = aws_appmesh_virtual_node.serviceb2.name + weight = 10 + } + } + } + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_gateway.tf b/terraform/aws/backup/aws_appmesh_virtual_gateway.tf new file mode 100644 index 00000000..71f0c434 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_gateway.tf @@ -0,0 +1,17 @@ +resource "aws_appmesh_virtual_gateway" "pike" { + name = "example-virtual-gateway" + mesh_name = aws_appmesh_mesh.pike.name + + spec { + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + } + + tags = { + Environment = "test" + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_node.tf b/terraform/aws/backup/aws_appmesh_virtual_node.tf new file mode 100644 index 00000000..f438146b --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_node.tf @@ -0,0 +1,51 @@ +resource "aws_appmesh_virtual_node" "serviceb1" { + name = "serviceBv1" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + backend { + virtual_service { + virtual_service_name = "servicea.simpleapp.local" + } + } + + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + + service_discovery { + dns { + hostname = "serviceb.simpleapp.local" + } + } + } +} + +resource "aws_appmesh_virtual_node" "serviceb2" { + name = "serviceBv2" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + backend { + virtual_service { + virtual_service_name = "servicea.simpleapp.local" + } + } + + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + + service_discovery { + dns { + hostname = "serviceb2.simpleapp.local" + } + } + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_router.tf b/terraform/aws/backup/aws_appmesh_virtual_router.tf new file mode 100644 index 00000000..a16379c0 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_router.tf @@ -0,0 +1,16 @@ +resource "aws_appmesh_virtual_router" "pike" { + name = "serviceB" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + } + tags = { + pike = "permimssion" + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_service.tf b/terraform/aws/backup/aws_appmesh_virtual_service.tf new file mode 100644 index 00000000..8f03e1c2 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_service.tf @@ -0,0 +1,12 @@ +resource "aws_appmesh_virtual_service" "pike" { + name = "servicea.simpleapp.local" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + provider { + virtual_node { + virtual_node_name = aws_appmesh_virtual_node.serviceb1.name + } + } + } +} diff --git a/terraform/aws/backup/aws_apprunner_auto_scaling_configuration_version.tf b/terraform/aws/backup/aws_apprunner_auto_scaling_configuration_version.tf new file mode 100644 index 00000000..ba166df1 --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_auto_scaling_configuration_version.tf @@ -0,0 +1 @@ +resource "aws_apprunner_auto_scaling_configuration_version" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_connection.tf b/terraform/aws/backup/aws_apprunner_connection.tf new file mode 100644 index 00000000..6026c5e4 --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_connection.tf @@ -0,0 +1 @@ +resource "aws_apprunner_connection" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_custom_domain_association.tf b/terraform/aws/backup/aws_apprunner_custom_domain_association.tf new file mode 100644 index 00000000..62347de0 --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_custom_domain_association.tf @@ -0,0 +1 @@ +resource "aws_apprunner_custom_domain_association" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_default_auto_scaling_configuration_version.tf b/terraform/aws/backup/aws_apprunner_default_auto_scaling_configuration_version.tf new file mode 100644 index 00000000..e7739c2d --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_default_auto_scaling_configuration_version.tf @@ -0,0 +1 @@ +resource "aws_apprunner_default_auto_scaling_configuration_version" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_deployment.tf b/terraform/aws/backup/aws_apprunner_deployment.tf new file mode 100644 index 00000000..9d7c492e --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_deployment.tf @@ -0,0 +1 @@ +resource "aws_apprunner_deployment" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_observability_configuration.tf b/terraform/aws/backup/aws_apprunner_observability_configuration.tf new file mode 100644 index 00000000..e24478ec --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_observability_configuration.tf @@ -0,0 +1 @@ +resource "aws_apprunner_observability_configuration" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_service.tf b/terraform/aws/backup/aws_apprunner_service.tf new file mode 100644 index 00000000..a84ad84b --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_service.tf @@ -0,0 +1 @@ +resource "aws_apprunner_service" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_vpc_connector.tf b/terraform/aws/backup/aws_apprunner_vpc_connector.tf new file mode 100644 index 00000000..19367233 --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_vpc_connector.tf @@ -0,0 +1 @@ +resource "aws_apprunner_vpc_connector" "pike" {} diff --git a/terraform/aws/backup/aws_apprunner_vpc_ingress_connection.tf b/terraform/aws/backup/aws_apprunner_vpc_ingress_connection.tf new file mode 100644 index 00000000..0622f2e1 --- /dev/null +++ b/terraform/aws/backup/aws_apprunner_vpc_ingress_connection.tf @@ -0,0 +1 @@ +resource "aws_apprunner_vpc_ingress_connection" "pike" {} diff --git a/terraform/aws/backup/aws_appstream_directory_config.tf b/terraform/aws/backup/aws_appstream_directory_config.tf new file mode 100644 index 00000000..171a524d --- /dev/null +++ b/terraform/aws/backup/aws_appstream_directory_config.tf @@ -0,0 +1,9 @@ +resource "aws_appstream_directory_config" "pike" { + directory_name = "NAME OF DIRECTORY" + organizational_unit_distinguished_names = ["DISTINGUISHED NAME"] + + service_account_credentials { + account_name = "NAME OF ACCOUNT" + account_password = "PASSWORD OF ACCOUNT" + } +} diff --git a/terraform/aws/backup/aws_appstream_fleet.tf b/terraform/aws/backup/aws_appstream_fleet.tf new file mode 100644 index 00000000..bb209e74 --- /dev/null +++ b/terraform/aws/backup/aws_appstream_fleet.tf @@ -0,0 +1,9 @@ +resource "aws_appstream_fleet" "pike" { + name = "NAME" + image_name = "Amazon-AppStream2-Sample-Image-03-11-2023" + instance_type = "stream.standard.small" + + compute_capacity { + desired_instances = 1 + } +} diff --git a/terraform/aws/backup/aws_appstream_fleet_stack_association.tf b/terraform/aws/backup/aws_appstream_fleet_stack_association.tf new file mode 100644 index 00000000..fe75bc38 --- /dev/null +++ b/terraform/aws/backup/aws_appstream_fleet_stack_association.tf @@ -0,0 +1,4 @@ +resource "aws_appstream_fleet_stack_association" "pike" { + fleet_name = aws_appstream_fleet.pike.name + stack_name = aws_appstream_stack.pike.name +} diff --git a/terraform/aws/backup/aws_appstream_image_builder.tf b/terraform/aws/backup/aws_appstream_image_builder.tf new file mode 100644 index 00000000..d69fc868 --- /dev/null +++ b/terraform/aws/backup/aws_appstream_image_builder.tf @@ -0,0 +1 @@ +resource "aws_appstream_image_builder" "pike" {} diff --git a/terraform/aws/backup/aws_appstream_stack.tf b/terraform/aws/backup/aws_appstream_stack.tf new file mode 100644 index 00000000..a734428e --- /dev/null +++ b/terraform/aws/backup/aws_appstream_stack.tf @@ -0,0 +1,3 @@ +resource "aws_appstream_stack" "pike" { + name = "pike" +} diff --git a/terraform/aws/backup/aws_appstream_user.tf b/terraform/aws/backup/aws_appstream_user.tf new file mode 100644 index 00000000..2432112c --- /dev/null +++ b/terraform/aws/backup/aws_appstream_user.tf @@ -0,0 +1,6 @@ +resource "aws_appstream_user" "pike" { + authentication_type = "USERPOOL" + user_name = "james@bridgecrew.io" + first_name = "james" + last_name = "woolfenden" +} diff --git a/terraform/aws/backup/aws_appstream_user_stack_association.tf b/terraform/aws/backup/aws_appstream_user_stack_association.tf new file mode 100644 index 00000000..682712c8 --- /dev/null +++ b/terraform/aws/backup/aws_appstream_user_stack_association.tf @@ -0,0 +1,5 @@ +resource "aws_appstream_user_stack_association" "pike" { + authentication_type = aws_appstream_user.pike.authentication_type + stack_name = aws_appstream_stack.pike.name + user_name = aws_appstream_user.pike.user_name +} diff --git a/terraform/aws/backup/aws_appsync_api_cache.tf b/terraform/aws/backup/aws_appsync_api_cache.tf new file mode 100644 index 00000000..d1d8eaa7 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_api_cache.tf @@ -0,0 +1 @@ +resource "aws_appsync_api_cache" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_api_key.tf b/terraform/aws/backup/aws_appsync_api_key.tf new file mode 100644 index 00000000..72d2f2a3 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_api_key.tf @@ -0,0 +1 @@ +resource "aws_appsync_api_key" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_datasource.tf b/terraform/aws/backup/aws_appsync_datasource.tf new file mode 100644 index 00000000..c8b92aac --- /dev/null +++ b/terraform/aws/backup/aws_appsync_datasource.tf @@ -0,0 +1 @@ +resource "aws_appsync_datasource" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_domain_name.tf b/terraform/aws/backup/aws_appsync_domain_name.tf new file mode 100644 index 00000000..908e06d4 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_domain_name.tf @@ -0,0 +1 @@ +resource "aws_appsync_domain_name" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_domain_name_api_association.tf b/terraform/aws/backup/aws_appsync_domain_name_api_association.tf new file mode 100644 index 00000000..13e5ae3b --- /dev/null +++ b/terraform/aws/backup/aws_appsync_domain_name_api_association.tf @@ -0,0 +1 @@ +resource "aws_appsync_domain_name_api_association" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_function.tf b/terraform/aws/backup/aws_appsync_function.tf new file mode 100644 index 00000000..f35ecb83 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_function.tf @@ -0,0 +1 @@ +resource "aws_appsync_function" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_graphql_api.tf b/terraform/aws/backup/aws_appsync_graphql_api.tf new file mode 100644 index 00000000..6b16f435 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_graphql_api.tf @@ -0,0 +1,4 @@ +resource "aws_appsync_graphql_api" "pike" { + authentication_type = "AWS_IAM" + name = "example" +} diff --git a/terraform/aws/backup/aws_appsync_resolver.tf b/terraform/aws/backup/aws_appsync_resolver.tf new file mode 100644 index 00000000..7317e4f1 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_resolver.tf @@ -0,0 +1 @@ +resource "aws_appsync_resolver" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_source_api_association.tf b/terraform/aws/backup/aws_appsync_source_api_association.tf new file mode 100644 index 00000000..499df6ce --- /dev/null +++ b/terraform/aws/backup/aws_appsync_source_api_association.tf @@ -0,0 +1 @@ +resource "aws_appsync_source_api_association" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_type.tf b/terraform/aws/backup/aws_appsync_type.tf new file mode 100644 index 00000000..fb0b199f --- /dev/null +++ b/terraform/aws/backup/aws_appsync_type.tf @@ -0,0 +1 @@ +resource "aws_appsync_type" "pike" {} diff --git a/terraform/aws/backup/aws_athena_capacity_reservation.tf b/terraform/aws/backup/aws_athena_capacity_reservation.tf new file mode 100644 index 00000000..a9ada4ef --- /dev/null +++ b/terraform/aws/backup/aws_athena_capacity_reservation.tf @@ -0,0 +1,7 @@ +resource "aws_athena_capacity_reservation" "pike" { + name = "example-reservation" + target_dpus = 24 + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_athena_prepared_statement.tf b/terraform/aws/backup/aws_athena_prepared_statement.tf new file mode 100644 index 00000000..d8707256 --- /dev/null +++ b/terraform/aws/backup/aws_athena_prepared_statement.tf @@ -0,0 +1,5 @@ +resource "aws_athena_prepared_statement" "pike" { + name = "tf_test" + query_statement = "SELECT * FROM ${aws_athena_database.pike.name} WHERE x = ?" + workgroup = aws_athena_workgroup.pike.name +} diff --git a/terraform/aws/backup/aws_backup_logically_air_gapped_vault.tf b/terraform/aws/backup/aws_backup_logically_air_gapped_vault.tf new file mode 100644 index 00000000..44f8f391 --- /dev/null +++ b/terraform/aws/backup/aws_backup_logically_air_gapped_vault.tf @@ -0,0 +1 @@ +resource "aws_backup_logically_air_gapped_vault" "pike" {} diff --git a/terraform/aws/backup/aws_backup_restore_testing_plan.tf b/terraform/aws/backup/aws_backup_restore_testing_plan.tf new file mode 100644 index 00000000..ed1dcbe6 --- /dev/null +++ b/terraform/aws/backup/aws_backup_restore_testing_plan.tf @@ -0,0 +1 @@ +resource "aws_backup_restore_testing_plan" "pike" {} diff --git a/terraform/aws/backup/aws_bcmdataexports_export.tf b/terraform/aws/backup/aws_bcmdataexports_export.tf new file mode 100644 index 00000000..200fd320 --- /dev/null +++ b/terraform/aws/backup/aws_bcmdataexports_export.tf @@ -0,0 +1,33 @@ +resource "aws_bcmdataexports_export" "pike" { + export { + name = "testexample" + data_query { + query_statement = "SELECT identity_line_item_id, identity_time_interval, line_item_product_code,line_item_unblended_cost FROM COST_AND_USAGE_REPORT" + table_configurations = { + COST_AND_USAGE_REPORT = { + TIME_GRANULARITY = "HOURLY", + INCLUDE_RESOURCES = "FALSE", + INCLUDE_MANUAL_DISCOUNT_COMPATIBILITY = "FALSE", + INCLUDE_SPLIT_COST_ALLOCATION_DATA = "FALSE", + } + } + } + destination_configurations { + s3_destination { + s3_bucket = aws_s3_bucket.test.bucket + s3_prefix = aws_s3_bucket.test.bucket_prefix + s3_region = aws_s3_bucket.test.region + s3_output_configurations { + overwrite = "OVERWRITE_REPORT" + format = "TEXT_OR_CSV" + compression = "GZIP" + output_type = "CUSTOM" + } + } + } + + refresh_cadence { + frequency = "SYNCHRONOUS" + } + } +} diff --git a/terraform/aws/backup/aws_bedrock_guardrail.tf b/terraform/aws/backup/aws_bedrock_guardrail.tf new file mode 100644 index 00000000..d0877853 --- /dev/null +++ b/terraform/aws/backup/aws_bedrock_guardrail.tf @@ -0,0 +1 @@ +resource "aws_bedrock_guardrail" "pike" {} diff --git a/terraform/aws/backup/aws_bedrock_guardrail_version.tf b/terraform/aws/backup/aws_bedrock_guardrail_version.tf new file mode 100644 index 00000000..5561235f --- /dev/null +++ b/terraform/aws/backup/aws_bedrock_guardrail_version.tf @@ -0,0 +1 @@ +resource "aws_bedrock_guardrail_version" "pike" {} diff --git a/terraform/aws/backup/aws_bedrock_inference_profile.tf b/terraform/aws/backup/aws_bedrock_inference_profile.tf new file mode 100644 index 00000000..666d93b9 --- /dev/null +++ b/terraform/aws/backup/aws_bedrock_inference_profile.tf @@ -0,0 +1,17 @@ +resource "aws_bedrock_inference_profile" "pike" { + name = "Claude Sonnet for Project 123" + description = "Profile with tag for cost allocation tracking" + + model_source { + copy_from = "arn:aws:bedrock:us-west-2::foundation-model/anthropic.claude-3-5-sonnet-20241022-v2:0" + + # Include account ID to use inference profiles + # copy_from = "arn:aws:bedrock:eu-central-1:${data.aws_caller_identity.current.account_id}:inference-profile/eu.anthropic.claude-3-5-sonnet-20240620-v1:0" + } + + tags = { + ProjectID = "123" + } +} + +data "aws_caller_identity" "current" {} diff --git a/terraform/aws/backup/aws_bedrockagent_agent_collaborator.tf b/terraform/aws/backup/aws_bedrockagent_agent_collaborator.tf new file mode 100644 index 00000000..fce7006a --- /dev/null +++ b/terraform/aws/backup/aws_bedrockagent_agent_collaborator.tf @@ -0,0 +1 @@ +resource "aws_bedrockagent_agent_collaborator" "pike" {} diff --git a/terraform/aws/backup/aws_bedrockagent_agent_knowledge_base_association.tf b/terraform/aws/backup/aws_bedrockagent_agent_knowledge_base_association.tf new file mode 100644 index 00000000..8de1deb8 --- /dev/null +++ b/terraform/aws/backup/aws_bedrockagent_agent_knowledge_base_association.tf @@ -0,0 +1 @@ +resource "aws_bedrockagent_agent_knowledge_base_association" "pike" {} diff --git a/terraform/aws/backup/aws_bedrockagent_data_source.tf b/terraform/aws/backup/aws_bedrockagent_data_source.tf new file mode 100644 index 00000000..ee08bfd1 --- /dev/null +++ b/terraform/aws/backup/aws_bedrockagent_data_source.tf @@ -0,0 +1,10 @@ +resource "aws_bedrockagent_data_source" "pike" { + knowledge_base_id = "EMDPPAYPZI" + name = "example" + data_source_configuration { + type = "S3" + s3_configuration { + bucket_arn = "arn:aws:s3:::example-bucket" + } + } +} diff --git a/terraform/aws/backup/aws_bedrockagent_knowledge_base.tf b/terraform/aws/backup/aws_bedrockagent_knowledge_base.tf new file mode 100644 index 00000000..9901c17a --- /dev/null +++ b/terraform/aws/backup/aws_bedrockagent_knowledge_base.tf @@ -0,0 +1,22 @@ +resource "aws_bedrockagent_knowledge_base" "pike" { + name = "example" + role_arn = aws_iam_role.example.arn + knowledge_base_configuration { + vector_knowledge_base_configuration { + embedding_model_arn = "arn:aws:bedrock:us-west-2::foundation-model/ amazon. titan-embed-text-v1" + } + type = "VECTOR" + } + storage_configuration { + type = "OPENSEARCH_SERVERLESS" + opensearch_serverless_configuration { + collection_arn = "arn:aws:aoss:us-west-2:123456789012:collection/ 142bezjddq707i5stcrf" + vector_index_name = "bedrock-knowledge-base-default-index" + field_mapping { + vector_field = "bedrock-knowledge-base-default-vector" + text_field = "AMAZON_BEDROCK_TEXT_CHUNK" + metadata_field = "AMAZON_BEDROCK_METADATA" + } + } + } +} diff --git a/terraform/aws/backup/aws_bedrockagent_prompt.tf b/terraform/aws/backup/aws_bedrockagent_prompt.tf new file mode 100644 index 00000000..a142e68b --- /dev/null +++ b/terraform/aws/backup/aws_bedrockagent_prompt.tf @@ -0,0 +1,36 @@ +resource "aws_bedrockagent_prompt" "pike" { + name = "MakePlaylist" + description = "My first prompt." + default_variant = "Variant1" + + customer_encryption_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/2ec48faa-3591-481d-a1cb-fd400a404bf6" + + variant { + name = "Variant1" + model_id = "amazon.titan-text-express-v1" + + inference_configuration { + text { + temperature = 0.8 + } + } + + template_type = "TEXT" + template_configuration { + text { + text = "Make me a {{genre}} playlist consisting of the following number of songs: {{number}}." + + input_variable { + name = "genre" + } + input_variable { + name = "number" + } + } + } + } + + tags = { + pike = "permission" + } +} diff --git a/terraform/aws/backup/aws_chatbot_slack_channel_configuration.tf b/terraform/aws/backup/aws_chatbot_slack_channel_configuration.tf new file mode 100644 index 00000000..cbe5bbaa --- /dev/null +++ b/terraform/aws/backup/aws_chatbot_slack_channel_configuration.tf @@ -0,0 +1,10 @@ +resource "aws_chatbot_slack_channel_configuration" "pike" { + configuration_name = "min-slaka-kanal" + iam_role_arn = aws_iam_role.test.arn + slack_channel_id = "C07EZ1ABC23" + slack_team_id = "T07EA123LEP" + + tags = { + Name = "min-slaka-kanal" + } +} diff --git a/terraform/aws/backup/aws_chatbot_teams_channel_configuration.tf b/terraform/aws/backup/aws_chatbot_teams_channel_configuration.tf new file mode 100644 index 00000000..e6b7b194 --- /dev/null +++ b/terraform/aws/backup/aws_chatbot_teams_channel_configuration.tf @@ -0,0 +1,11 @@ +resource "aws_chatbot_teams_channel_configuration" "pike" { + channel_id = "C07EZ1ABC23" + configuration_name = "mitt-lags-kanal" + iam_role_arn = aws_iam_role.test.arn + team_id = "74361522-da01-538d-aa2e-ac7918c6bb92" + tenant_id = "1234" + + tags = { + Name = "mitt-lags-kanal" + } +} diff --git a/terraform/aws/backup/aws_cleanrooms_collaboration.tf b/terraform/aws/backup/aws_cleanrooms_collaboration.tf new file mode 100644 index 00000000..abae1589 --- /dev/null +++ b/terraform/aws/backup/aws_cleanrooms_collaboration.tf @@ -0,0 +1,25 @@ +resource "aws_cleanrooms_collaboration" "pike" { + name = "terraform-example-collaboration" + creator_member_abilities = ["CAN_QUERY", "CAN_RECEIVE_RESULTS"] + creator_display_name = "Creator " + description = "I made this collaboration with terraform!" + query_log_status = "DISABLED" + + data_encryption_metadata { + allow_clear_text = true + allow_duplicates = true + allow_joins_on_columns_with_different_names = true + preserve_nulls = false + } + + member { + account_id = 123456789012 + display_name = "Other member" + member_abilities = [] + } + + tags = { + Project = "Terraform" + } + +} diff --git a/terraform/aws/backup/aws_cleanrooms_configured_table.tf b/terraform/aws/backup/aws_cleanrooms_configured_table.tf new file mode 100644 index 00000000..457b40bb --- /dev/null +++ b/terraform/aws/backup/aws_cleanrooms_configured_table.tf @@ -0,0 +1,19 @@ +resource "aws_cleanrooms_configured_table" "pike" { + name = "terraform-example-table" + description = "I made this table with terraform!" + analysis_method = "DIRECT_QUERY" + allowed_columns = [ + "column1", + "column2", + "column3", + ] + + table_reference { + database_name = "example_database" + table_name = "example_table" + } + + tags = { + Project = "Terraform" + } +} diff --git a/terraform/aws/backup/aws_cleanrooms_membership.tf b/terraform/aws/backup/aws_cleanrooms_membership.tf new file mode 100644 index 00000000..83be55a6 --- /dev/null +++ b/terraform/aws/backup/aws_cleanrooms_membership.tf @@ -0,0 +1 @@ +resource "aws_cleanrooms_membership" "pike" {} diff --git a/terraform/aws/backup/aws_cloud9_environment_membership.tf b/terraform/aws/backup/aws_cloud9_environment_membership.tf new file mode 100644 index 00000000..28257272 --- /dev/null +++ b/terraform/aws/backup/aws_cloud9_environment_membership.tf @@ -0,0 +1 @@ +resource "aws_cloud9_environment_membership" "pike" {} diff --git a/terraform/aws/backup/aws_cloudcontrolapi_resource.tf b/terraform/aws/backup/aws_cloudcontrolapi_resource.tf new file mode 100644 index 00000000..8b52604d --- /dev/null +++ b/terraform/aws/backup/aws_cloudcontrolapi_resource.tf @@ -0,0 +1 @@ +resource "aws_cloudcontrolapi_resource" "pike" {} diff --git a/terraform/aws/backup/aws_cloudformation_stack_instances.tf b/terraform/aws/backup/aws_cloudformation_stack_instances.tf new file mode 100644 index 00000000..681b144e --- /dev/null +++ b/terraform/aws/backup/aws_cloudformation_stack_instances.tf @@ -0,0 +1 @@ +resource "aws_cloudformation_stack_instances" "pike" {} diff --git a/terraform/aws/backup/aws_cloudfront_key_value_store.tf b/terraform/aws/backup/aws_cloudfront_key_value_store.tf new file mode 100644 index 00000000..41f71d29 --- /dev/null +++ b/terraform/aws/backup/aws_cloudfront_key_value_store.tf @@ -0,0 +1,4 @@ +resource "aws_cloudfront_key_value_store" "pike" { + name = "ExampleKeyValueStore" + comment = "This is an example key value store" +} diff --git a/terraform/aws/backup/aws_cloudfront_realtime_log_config.tf b/terraform/aws/backup/aws_cloudfront_realtime_log_config.tf new file mode 100644 index 00000000..57e1e7ed --- /dev/null +++ b/terraform/aws/backup/aws_cloudfront_realtime_log_config.tf @@ -0,0 +1,15 @@ +resource "aws_cloudfront_realtime_log_config" "pike" { + name = "example" + sampling_rate = 75 + fields = ["timestamp", "c-ip"] + + endpoint { + stream_type = "Kinesis" + + kinesis_stream_config { + role_arn = aws_iam_role.example.arn + stream_arn = aws_kinesis_stream.example.arn + } + } + +} diff --git a/terraform/aws/backup/aws_cloudfront_vpc_origin.tf b/terraform/aws/backup/aws_cloudfront_vpc_origin.tf new file mode 100644 index 00000000..29b03e01 --- /dev/null +++ b/terraform/aws/backup/aws_cloudfront_vpc_origin.tf @@ -0,0 +1 @@ +resource "aws_cloudfront_vpc_origin" "pike" {} diff --git a/terraform/aws/backup/aws_cloudfrontkeyvaluestore_key.tf b/terraform/aws/backup/aws_cloudfrontkeyvaluestore_key.tf new file mode 100644 index 00000000..29248fc7 --- /dev/null +++ b/terraform/aws/backup/aws_cloudfrontkeyvaluestore_key.tf @@ -0,0 +1,10 @@ +resource "aws_cloudfront_key_value_store" "example" { + name = "ExampleKeyValueStore" + comment = "This is an example key value store" +} + +resource "aws_cloudfrontkeyvaluestore_key" "example" { + key_value_store_arn = aws_cloudfront_key_value_store.example.arn + key = "Test Key" + value = "Test Value" +} diff --git a/terraform/aws/backup/aws_cloudfrontkeyvaluestore_keys_exclusive.tf b/terraform/aws/backup/aws_cloudfrontkeyvaluestore_keys_exclusive.tf new file mode 100644 index 00000000..d47e235b --- /dev/null +++ b/terraform/aws/backup/aws_cloudfrontkeyvaluestore_keys_exclusive.tf @@ -0,0 +1,13 @@ +resource "aws_cloudfront_key_value_store" "pike" { + name = "ExampleKeyValueStore" + comment = "This is an example key value store" +} + +resource "aws_cloudfrontkeyvaluestore_keys_exclusive" "pike" { + key_value_store_arn = aws_cloudfront_key_value_store.pike.arn + + resource_key_value_pair { + key = "Test Key" + value = "Test Value" + } +} diff --git a/terraform/aws/backup/aws_cloudhsm_v2_cluster.tf b/terraform/aws/backup/aws_cloudhsm_v2_cluster.tf new file mode 100644 index 00000000..456bdda3 --- /dev/null +++ b/terraform/aws/backup/aws_cloudhsm_v2_cluster.tf @@ -0,0 +1 @@ +resource "aws_cloudhsm_v2_cluster" "pike" {} diff --git a/terraform/aws/backup/aws_cloudhsm_v2_hsm.tf b/terraform/aws/backup/aws_cloudhsm_v2_hsm.tf new file mode 100644 index 00000000..7a268669 --- /dev/null +++ b/terraform/aws/backup/aws_cloudhsm_v2_hsm.tf @@ -0,0 +1 @@ +resource "aws_cloudhsm_v2_hsm" "pike" {} diff --git a/terraform/aws/backup/aws_cloudtrail_organization_delegated_admin_account.tf b/terraform/aws/backup/aws_cloudtrail_organization_delegated_admin_account.tf new file mode 100644 index 00000000..1e0a59ba --- /dev/null +++ b/terraform/aws/backup/aws_cloudtrail_organization_delegated_admin_account.tf @@ -0,0 +1 @@ +resource "aws_cloudtrail_organization_delegated_admin_account" "pike" {} diff --git a/terraform/aws/backup/aws_cloudwatch_contributor_insight_rule.tf b/terraform/aws/backup/aws_cloudwatch_contributor_insight_rule.tf new file mode 100644 index 00000000..23a3368c --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_contributor_insight_rule.tf @@ -0,0 +1,33 @@ +resource "aws_cloudwatch_contributor_insight_rule" "pike" { + rule_name = "pike" + rule_definition = jsonencode({ + "Schema" : { + "Name" : "CloudWatchLogRule", + "Version" : 1 + }, + "LogGroupNames" : [ + "/aws/containerinsights/sample-cluster-name/flowlogs" + ], + "LogFormat" : "CLF", + "Fields" : { + "4" : "srcaddr", + "5" : "dstaddr", + "10" : "bytes" + }, + "Contribution" : { + "Keys" : [ + "srcaddr", + "dstaddr" + ], + "ValueOf" : "bytes", + "Filters" : [] + }, + "AggregateOn" : "Sum" + } + + ) + tags = { + pike = "permission" + # delete = "me" + } +} diff --git a/terraform/aws/backup/aws_cloudwatch_contributor_managed_insight_rule.tf b/terraform/aws/backup/aws_cloudwatch_contributor_managed_insight_rule.tf new file mode 100644 index 00000000..2c40fe64 --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_contributor_managed_insight_rule.tf @@ -0,0 +1,5 @@ +resource "aws_cloudwatch_contributor_managed_insight_rule" "pike" { + resource_arn = "arn:aws:logs:eu-west-2:680235478471:log-group:/aws/connect/pike2" + template_name = "VpcEndpointService-BytesByEndpointId-v2" + # rule_state = "DISABLED" +} diff --git a/terraform/aws/backup/aws_cloudwatch_event_connection.tf b/terraform/aws/backup/aws_cloudwatch_event_connection.tf index 17483fc8..28e084a1 100644 --- a/terraform/aws/backup/aws_cloudwatch_event_connection.tf +++ b/terraform/aws/backup/aws_cloudwatch_event_connection.tf @@ -1,12 +1,12 @@ -resource "aws_cloudwatch_event_connection" "pike" { - name = "ngrok-connection" - description = "A connection description update" - authorization_type = "API_KEY" - - auth_parameters { - api_key { - key = "x-signature" - value = "1234" - } - } -} +resource "aws_cloudwatch_event_connection" "pike" { + name = "ngrok-connection" + description = "A connection description update" + authorization_type = "API_KEY" + + auth_parameters { + api_key { + key = "x-signature" + value = "1234" + } + } +} diff --git a/terraform/aws/backup/aws_cloudwatch_log_account_policy.tf b/terraform/aws/backup/aws_cloudwatch_log_account_policy.tf new file mode 100644 index 00000000..edf8ed1b --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_log_account_policy.tf @@ -0,0 +1 @@ +resource "aws_cloudwatch_log_account_policy" "pike" {} diff --git a/terraform/aws/backup/aws_cloudwatch_log_anomaly_detector.tf b/terraform/aws/backup/aws_cloudwatch_log_anomaly_detector.tf new file mode 100644 index 00000000..bdf1b5bb --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_log_anomaly_detector.tf @@ -0,0 +1,12 @@ +resource "aws_cloudwatch_log_group" "test" { + count = 2 + name = "testing-${count.index}" +} + +resource "aws_cloudwatch_log_anomaly_detector" "test" { + detector_name = "testing" + log_group_arn_list = [aws_cloudwatch_log_group.test[0].arn] + anomaly_visibility_time = 7 + evaluation_frequency = "TEN_MIN" + enabled = "false" +} diff --git a/terraform/aws/backup/aws_cloudwatch_log_delivery.tf b/terraform/aws/backup/aws_cloudwatch_log_delivery.tf new file mode 100644 index 00000000..33162eb7 --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_log_delivery.tf @@ -0,0 +1,8 @@ +resource "aws_cloudwatch_log_delivery" "example" { + delivery_source_name = aws_cloudwatch_log_delivery_source.example.name + delivery_destination_arn = aws_cloudwatch_log_delivery_destination.example.arn + + field_delimiter = "," + + record_fields = ["event_timestamp", "event"] +} diff --git a/terraform/aws/backup/aws_cloudwatch_log_delivery_destination.tf b/terraform/aws/backup/aws_cloudwatch_log_delivery_destination.tf new file mode 100644 index 00000000..6fff8b37 --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_log_delivery_destination.tf @@ -0,0 +1,8 @@ +resource "aws_cloudwatch_log_delivery_destination" "example" { + name = "example" + + delivery_destination_configuration { + destination_resource_arn = aws_cloudwatch_log_group.test[0].arn + } + +} diff --git a/terraform/aws/backup/aws_cloudwatch_log_delivery_destination_policy.tf b/terraform/aws/backup/aws_cloudwatch_log_delivery_destination_policy.tf new file mode 100644 index 00000000..5317e1cb --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_log_delivery_destination_policy.tf @@ -0,0 +1,23 @@ +resource "aws_cloudwatch_log_delivery_destination_policy" "example" { + delivery_destination_name = aws_cloudwatch_log_delivery_destination.example.name + delivery_destination_policy = data.aws_iam_policy_document.example.json +} + + +data "aws_iam_policy_document" "example" { + statement { + sid = "1" + effect = "Allow" + actions = [ + "logs:CreateDelivery", + ] + + resources = [ + "*", + ] + principals { + identifiers = ["AWS"] + type = "arn:aws:iam::680235478471:root" + } + } +} diff --git a/terraform/aws/backup/aws_cloudwatch_log_delivery_source.tf b/terraform/aws/backup/aws_cloudwatch_log_delivery_source.tf new file mode 100644 index 00000000..5eed1cc1 --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_log_delivery_source.tf @@ -0,0 +1,28 @@ + +resource "aws_cloudwatch_log_delivery_source" "example" { + name = "example" + log_type = "APPLICATION_LOGS" + resource_arn = aws_instance.pike.arn +} + + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +resource "aws_instance" "pike" { + ami = data.aws_ami.ubuntu.id + instance_type = "t3.micro" +} diff --git a/terraform/aws/backup/aws_cloudwatch_log_index_policy.tf b/terraform/aws/backup/aws_cloudwatch_log_index_policy.tf new file mode 100644 index 00000000..0639f249 --- /dev/null +++ b/terraform/aws/backup/aws_cloudwatch_log_index_policy.tf @@ -0,0 +1,6 @@ +resource "aws_cloudwatch_log_index_policy" "pike" { + log_group_name = aws_cloudwatch_log_group.test[0].name + policy_document = jsonencode({ + Fields = ["eventName"] + }) +} diff --git a/terraform/aws/backup/aws_codebuild_fleet.tf b/terraform/aws/backup/aws_codebuild_fleet.tf new file mode 100644 index 00000000..3343a3bc --- /dev/null +++ b/terraform/aws/backup/aws_codebuild_fleet.tf @@ -0,0 +1 @@ +resource "aws_codebuild_fleet" "pike" {} diff --git a/terraform/aws/backup/aws_codeconnections_connection.tf b/terraform/aws/backup/aws_codeconnections_connection.tf new file mode 100644 index 00000000..90849333 --- /dev/null +++ b/terraform/aws/backup/aws_codeconnections_connection.tf @@ -0,0 +1 @@ +resource "aws_codeconnections_connection" "pike" {} diff --git a/terraform/aws/backup/aws_codeconnections_host.tf b/terraform/aws/backup/aws_codeconnections_host.tf new file mode 100644 index 00000000..928e59c4 --- /dev/null +++ b/terraform/aws/backup/aws_codeconnections_host.tf @@ -0,0 +1 @@ +resource "aws_codeconnections_host" "pike" {} diff --git a/terraform/aws/backup/aws_cognito_identity_pool_provider_principal_tag.tf b/terraform/aws/backup/aws_cognito_identity_pool_provider_principal_tag.tf new file mode 100644 index 00000000..b4184b15 --- /dev/null +++ b/terraform/aws/backup/aws_cognito_identity_pool_provider_principal_tag.tf @@ -0,0 +1,8 @@ +resource "aws_cognito_identity_pool_provider_principal_tag" "pike" { + identity_pool_id = aws_cognito_identity_pool.example.id + identity_provider_name = aws_cognito_user_pool.example.endpoint + use_defaults = false + principal_tags = { + test = "value" + } +} diff --git a/terraform/aws/backup/aws_cognito_identity_pool_roles_attachment.tf b/terraform/aws/backup/aws_cognito_identity_pool_roles_attachment.tf new file mode 100644 index 00000000..2610f46b --- /dev/null +++ b/terraform/aws/backup/aws_cognito_identity_pool_roles_attachment.tf @@ -0,0 +1,20 @@ +resource "aws_cognito_identity_pool_roles_attachment" "pike" { + identity_pool_id = aws_cognito_identity_pool.main.id + + role_mapping { + identity_provider = "graph.facebook.com" + ambiguous_role_resolution = "AuthenticatedRole" + type = "Rules" + + mapping_rule { + claim = "isAdmin" + match_type = "Equals" + role_arn = aws_iam_role.authenticated.arn + value = "paid" + } + } + + roles = { + "authenticated" = aws_iam_role.authenticated.arn + } +} diff --git a/terraform/aws/backup/aws_cognito_managed_user_pool_client.tf b/terraform/aws/backup/aws_cognito_managed_user_pool_client.tf new file mode 100644 index 00000000..36492c98 --- /dev/null +++ b/terraform/aws/backup/aws_cognito_managed_user_pool_client.tf @@ -0,0 +1 @@ +resource "aws_cognito_managed_user_pool_client" "pike" {} diff --git a/terraform/aws/backup/aws_comprehend_document_classifier.tf b/terraform/aws/backup/aws_comprehend_document_classifier.tf new file mode 100644 index 00000000..53cb499c --- /dev/null +++ b/terraform/aws/backup/aws_comprehend_document_classifier.tf @@ -0,0 +1,10 @@ +resource "aws_comprehend_document_classifier" "pike" { + name = "example" + + data_access_role_arn = aws_iam_role.example.arn + + language_code = "en" + input_data_config { + s3_uri = "s3://${aws_s3_bucket.test.bucket}/${aws_s3_object.documents.id}" + } +} diff --git a/terraform/aws/backup/aws_comprehend_entity_recognizer.tf b/terraform/aws/backup/aws_comprehend_entity_recognizer.tf new file mode 100644 index 00000000..64c84041 --- /dev/null +++ b/terraform/aws/backup/aws_comprehend_entity_recognizer.tf @@ -0,0 +1 @@ +resource "aws_comprehend_entity_recognizer" "pike" {} diff --git a/terraform/aws/backup/aws_computeoptimizer_enrollment_status.tf b/terraform/aws/backup/aws_computeoptimizer_enrollment_status.tf new file mode 100644 index 00000000..594578c6 --- /dev/null +++ b/terraform/aws/backup/aws_computeoptimizer_enrollment_status.tf @@ -0,0 +1 @@ +resource "aws_computeoptimizer_enrollment_status" "pike" {} diff --git a/terraform/aws/backup/aws_computeoptimizer_recommendation_preferences.tf b/terraform/aws/backup/aws_computeoptimizer_recommendation_preferences.tf new file mode 100644 index 00000000..c7938856 --- /dev/null +++ b/terraform/aws/backup/aws_computeoptimizer_recommendation_preferences.tf @@ -0,0 +1 @@ +resource "aws_computeoptimizer_recommendation_preferences" "pike" {} diff --git a/terraform/aws/backup/aws_config_aggregate_authorization.tf b/terraform/aws/backup/aws_config_aggregate_authorization.tf new file mode 100644 index 00000000..5b0366cd --- /dev/null +++ b/terraform/aws/backup/aws_config_aggregate_authorization.tf @@ -0,0 +1,4 @@ +resource "aws_config_aggregate_authorization" "pike" { + account_id = "123456789012" + region = "eu-west-2" +} diff --git a/terraform/aws/backup/aws_config_conformance_pack.tf b/terraform/aws/backup/aws_config_conformance_pack.tf new file mode 100644 index 00000000..f702f15b --- /dev/null +++ b/terraform/aws/backup/aws_config_conformance_pack.tf @@ -0,0 +1,22 @@ +resource "aws_config_conformance_pack" "pike" { + name = "example" + + input_parameter { + parameter_name = "AccessKeysRotatedParameterMaxAccessKeyAge" + parameter_value = "90" + } + + template_body = < diff --git a/terraform/aws/provider.aws.tf b/terraform/aws/provider.aws.tf index 3492b0e0..6f6fb5e9 100644 --- a/terraform/aws/provider.aws.tf +++ b/terraform/aws/provider.aws.tf @@ -27,3 +27,12 @@ provider "aws" { region = "eu-west-1" profile = "basic" } + +# terraform { +# required_providers { +# aws = { +# source = "hashicorp/aws" +# version = "6.0.0-beta1" +# } +# } +# } diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index a9f35b07..725dd39a 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -4,12 +4,20 @@ resource "aws_iam_policy" "basic" { "Version" : "2012-10-17", "Statement" : [ { - "Sid" : "0", + "Sid" : "VisualEditor0", "Effect" : "Allow", "Action" : [ - "ecr:DescribeRepositoryCreationTemplates" + //aws_vpn_connection + "ec2:DescribeVpnConnections", + //aws_rds_global_cluster + "rds:DescribeGlobalClusters", + //aws_ecrpublic_images + "ecr-public:DescribeImages" + ], - "Resource" : "*", + "Resource" : [ + "*" + ] } ] }) diff --git a/terraform/aws/role/output.tf b/terraform/aws/role/output.tf index 35074660..30bc2758 100644 --- a/terraform/aws/role/output.tf +++ b/terraform/aws/role/output.tf @@ -1,3 +1,3 @@ -output "role" { - value = aws_iam_role.basic -} +output "role" { + value = aws_iam_role.basic +} diff --git a/terraform/aws/role/terraform.tf b/terraform/aws/role/terraform.tf index 8e32a850..31b19a54 100644 --- a/terraform/aws/role/terraform.tf +++ b/terraform/aws/role/terraform.tf @@ -1,10 +1,10 @@ -terraform { - backend "s3" { - profile = "personal" - encrypt = true - bucket = "680235478471-terraform-state" - key = "pike-iam/terraform.tfstate" - dynamodb_table = "dynamodb-state-lock" - region = "eu-west-2" - } -} +terraform { + backend "s3" { + profile = "personal" + encrypt = true + bucket = "680235478471-terraform-state" + key = "pike-iam/terraform.tfstate" + dynamodb_table = "dynamodb-state-lock" + region = "eu-west-2" + } +} diff --git a/terraform/google/Makefile b/terraform/google/Makefile index d86687be..72076f5f 100644 --- a/terraform/google/Makefile +++ b/terraform/google/Makefile @@ -4,21 +4,27 @@ clean: -rm terraform.tfstate -rm terraform.tfstate.backup apply: init - terraform apply -auto-approve + tofu apply -auto-approve plan: init - terraform plan + tofu plan destroy: init - terraform destroy -auto-approve + tofu destroy -auto-approve init: - terraform init + tofu init + +upgrade: + tofu init --upgrade role: FORCE - GOOGLE_CLOUD_KEYFILE_JSON="" terraform -chdir=./role apply -auto-approve + GOOGLE_CLOUD_KEYFILE_JSON="" tofu -chdir=./role apply -auto-approve role_init: - GOOGLE_CLOUD_KEYFILE_JSON="" terraform -chdir=./role init + GOOGLE_CLOUD_KEYFILE_JSON="" tofu -chdir=./role init + +scan: + GCP_PROJECT=pike-412922 pike scan -w -i -e -d ./ -outfile "./role/google_project_iam_custom_role.tf" -policyName terraform_pike FORCE: diff --git a/terraform/google/backup/data.google_access_context_manager_access_policy.tf b/terraform/google/backup/data.google_access_context_manager_access_policy.tf new file mode 100644 index 00000000..95b91f53 --- /dev/null +++ b/terraform/google/backup/data.google_access_context_manager_access_policy.tf @@ -0,0 +1,6 @@ +data "google_access_context_manager_access_policy" "pike" { +} + +output "google_access_context_manager_access_policy" { + value = data.google_access_context_manager_access_policy.pike +} diff --git a/terraform/google/backup/data.google_alloydb_cluster.tf b/terraform/google/backup/data.google_alloydb_cluster.tf new file mode 100644 index 00000000..6d7ac115 --- /dev/null +++ b/terraform/google/backup/data.google_alloydb_cluster.tf @@ -0,0 +1,7 @@ +data "google_alloydb_cluster" "pike" { + cluster_id = "pike" +} + +output "google_alloydb_cluster" { + value = data.google_alloydb_cluster.pike +} diff --git a/terraform/google/backup/data.google_alloydb_instance.tf b/terraform/google/backup/data.google_alloydb_instance.tf new file mode 100644 index 00000000..23d87f94 --- /dev/null +++ b/terraform/google/backup/data.google_alloydb_instance.tf @@ -0,0 +1,9 @@ +data "google_alloydb_instance" "pike" { + instance_id = "pike" + location = "us-central1" + cluster_id = "pike" +} + +output "google_alloydb_instance" { + value = data.google_alloydb_instance.pike +} diff --git a/terraform/google/backup/data.google_apphub_application.tf b/terraform/google/backup/data.google_apphub_application.tf new file mode 100644 index 00000000..e23c0798 --- /dev/null +++ b/terraform/google/backup/data.google_apphub_application.tf @@ -0,0 +1,9 @@ +data "google_apphub_application" "pike" { + location = "us-central1" + application_id = "pike" + project = "pike-412922" +} + +output "google_apphub_application" { + value = data.google_apphub_application.pike +} diff --git a/terraform/google/backup/data.google_apphub_discovered_service.tf b/terraform/google/backup/data.google_apphub_discovered_service.tf new file mode 100644 index 00000000..e838ef6e --- /dev/null +++ b/terraform/google/backup/data.google_apphub_discovered_service.tf @@ -0,0 +1,8 @@ +data "google_apphub_discovered_service" "pike" { + location = "us-central1" + service_uri = "/compute.googleapis.com/projects/1/regions/us-east1/instanceGroups/id1" +} + +output "google_apphub_discovered_service" { + value = data.google_apphub_discovered_service.pike +} diff --git a/terraform/google/backup/data.google_apphub_discovered_workload.tf b/terraform/google/backup/data.google_apphub_discovered_workload.tf new file mode 100644 index 00000000..ac695f2d --- /dev/null +++ b/terraform/google/backup/data.google_apphub_discovered_workload.tf @@ -0,0 +1,8 @@ +data "google_apphub_discovered_workload" "pike" { + location = "us-central1" + workload_uri = "/compute.googleapis.com/projects/1/regions/us-east1/instanceGroups/id1" +} + +output "google_apphub_discovered_workload" { + value = data.google_apphub_discovered_workload.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_docker_image.tf b/terraform/google/backup/data.google_artifact_registry_docker_image.tf new file mode 100644 index 00000000..cbe6896e --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_docker_image.tf @@ -0,0 +1,9 @@ +data "google_artifact_registry_docker_image" "pike" { + location = "us-central1" + repository_id = "pike" + image_name = "pike" +} + +output "google_artifact_registry_docker_image" { + value = data.google_artifact_registry_docker_image.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_docker_images.tf b/terraform/google/backup/data.google_artifact_registry_docker_images.tf new file mode 100644 index 00000000..10f9e8eb --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_docker_images.tf @@ -0,0 +1,6 @@ +data "google_artifact_registry_docker_images" "pike" { +} + +output "google_artifact_registry_docker_images" { + value = data.google_artifact_registry_docker_images.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_locations.tf b/terraform/google/backup/data.google_artifact_registry_locations.tf new file mode 100644 index 00000000..cfe5de96 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_locations.tf @@ -0,0 +1,6 @@ +data "google_artifact_registry_locations" "pike" { +} + +output "google_artifact_registry_locations" { + value = data.google_artifact_registry_locations.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_maven_artifact.tf b/terraform/google/backup/data.google_artifact_registry_maven_artifact.tf new file mode 100644 index 00000000..d965f619 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_maven_artifact.tf @@ -0,0 +1,10 @@ +data "google_artifact_registry_maven_artifact" "pike" { + artifact_id = "pike" + group_id = "pike" + location = "pike" + repository_id = "pike" +} + +output "google_artifact_registry_maven_artifact" { + value = data.google_artifact_registry_maven_artifact.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_maven_artifacts.tf b/terraform/google/backup/data.google_artifact_registry_maven_artifacts.tf new file mode 100644 index 00000000..0195402d --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_maven_artifacts.tf @@ -0,0 +1,8 @@ +data "google_artifact_registry_maven_artifacts" "pike" { + repository_id = "pike" + location = "us-central1" +} + +output "google_artifact_registry_maven_artifacts" { + value = data.google_artifact_registry_maven_artifacts.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_npm_package.tf b/terraform/google/backup/data.google_artifact_registry_npm_package.tf new file mode 100644 index 00000000..c0bddb77 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_npm_package.tf @@ -0,0 +1,7 @@ +data "google_artifact_registry_npm_package" "pike" { + provider = google-beta +} + +output "google_artifact_registry_npm_package" { + value = data.google_artifact_registry_npm_package.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_npm_packages.tf b/terraform/google/backup/data.google_artifact_registry_npm_packages.tf new file mode 100644 index 00000000..2fcce935 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_npm_packages.tf @@ -0,0 +1,8 @@ +data "google_artifact_registry_npm_packages" "pike" { + repository_id = "pike" + location = "us-central1" +} + +output "google_artifact_registry_npm_packages" { + value = data.google_artifact_registry_npm_packages.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_packages.tf b/terraform/google/backup/data.google_artifact_registry_packages.tf new file mode 100644 index 00000000..c630d612 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_packages.tf @@ -0,0 +1,8 @@ +data "google_artifact_registry_packages" "pike" { + location = "us-central1" + repository_id = "pike" +} + +output "google_artifact_registry_packages" { + value = data.google_artifact_registry_packages.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_python_package.tf b/terraform/google/backup/data.google_artifact_registry_python_package.tf new file mode 100644 index 00000000..b50c5b18 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_python_package.tf @@ -0,0 +1,9 @@ +data "google_artifact_registry_python_package" "pike" { + package_name = "pike" + repository_id = "pike" + location = "us-central1" +} + +output "google_artifact_registry_python_package" { + value = data.google_artifact_registry_python_package.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_repositories.tf b/terraform/google/backup/data.google_artifact_registry_repositories.tf new file mode 100644 index 00000000..a88a0cab --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_repositories.tf @@ -0,0 +1,7 @@ +data "google_artifact_registry_repositories" "pike" { + location = "us-central1" +} + +output "google_artifact_registry_repositories" { + value = data.google_artifact_registry_repositories.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_tags.tf b/terraform/google/backup/data.google_artifact_registry_tags.tf new file mode 100644 index 00000000..66f107e8 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_tags.tf @@ -0,0 +1,9 @@ +data "google_artifact_registry_tags" "pike" { + location = "us-central1" + package_name = "pike" + repository_id = "pike" +} + +output "google_artifact_registry_tags" { + value = data.google_artifact_registry_tags.pike +} diff --git a/terraform/google/backup/data.google_artifact_registry_versions.tf b/terraform/google/backup/data.google_artifact_registry_versions.tf new file mode 100644 index 00000000..3dc2b3a1 --- /dev/null +++ b/terraform/google/backup/data.google_artifact_registry_versions.tf @@ -0,0 +1,10 @@ +data "google_artifact_registry_version" "pike" { + location = "us-central1" + repository_id = "pike" + package_name = "pike" + version_name = "pike" +} + +output "google_artifact_registry_version" { + value = data.google_artifact_registry_version.pike +} diff --git a/terraform/google/backup/data.google_backup_dr_backup.tf b/terraform/google/backup/data.google_backup_dr_backup.tf new file mode 100644 index 00000000..45aea388 --- /dev/null +++ b/terraform/google/backup/data.google_backup_dr_backup.tf @@ -0,0 +1,10 @@ +data "google_backup_dr_backup" "pike" { + location = "us-central1" + project = "pike-412922" + data_source_id = "pike" + backup_vault_id = "pike" +} + +output "google_backup_dr_backup" { + value = data.google_backup_dr_backup.pike +} diff --git a/terraform/google/backup/data.google_backup_dr_backup_plan_association.tf b/terraform/google/backup/data.google_backup_dr_backup_plan_association.tf new file mode 100644 index 00000000..47221cb7 --- /dev/null +++ b/terraform/google/backup/data.google_backup_dr_backup_plan_association.tf @@ -0,0 +1,8 @@ +data "google_backup_dr_backup_plan_association" "pike" { + location = "us-central1" + backup_plan_association_id = "pike" +} + +output "google_backup_dr_backup_plan_association" { + value = data.google_backup_dr_backup_plan_association.pike +} diff --git a/terraform/google/backup/data.google_backup_dr_backup_plan_associations.tf b/terraform/google/backup/data.google_backup_dr_backup_plan_associations.tf new file mode 100644 index 00000000..5a074e67 --- /dev/null +++ b/terraform/google/backup/data.google_backup_dr_backup_plan_associations.tf @@ -0,0 +1,8 @@ +data "google_backup_dr_backup_plan_associations" "pike" { + resource_type = "sqladmin.googleapis.com/Instance" + location = "us-central1" +} + +output "google_backup_dr_backup_plan_associations" { + value = data.google_backup_dr_backup_plan_associations.pike +} diff --git a/terraform/google/backup/data.google_backup_dr_backup_vault.tf b/terraform/google/backup/data.google_backup_dr_backup_vault.tf new file mode 100644 index 00000000..2f7d6873 --- /dev/null +++ b/terraform/google/backup/data.google_backup_dr_backup_vault.tf @@ -0,0 +1,8 @@ +data "google_backup_dr_backup_vault" "pike" { + location = "us-central1" + backup_vault_id = "pike" +} + +output "google_backup_dr_backup_vault" { + value = data.google_backup_dr_backup_vault.pike +} diff --git a/terraform/google/backup/data.google_backup_dr_data_source.tf b/terraform/google/backup/data.google_backup_dr_data_source.tf new file mode 100644 index 00000000..f55f5324 --- /dev/null +++ b/terraform/google/backup/data.google_backup_dr_data_source.tf @@ -0,0 +1,10 @@ +data "google_backup_dr_data_source" "pike" { + location = "us-central1" + project = "pike-412922" + data_source_id = "pike" + backup_vault_id = "pike" +} + +output "google_backup_dr_data_source" { + value = data.google_backup_dr_data_source.pike +} diff --git a/terraform/google/backup/data.google_backup_dr_data_source_reference.tf b/terraform/google/backup/data.google_backup_dr_data_source_reference.tf new file mode 100644 index 00000000..d10297bd --- /dev/null +++ b/terraform/google/backup/data.google_backup_dr_data_source_reference.tf @@ -0,0 +1,8 @@ +data "google_backup_dr_data_source_reference" "pike" { + data_source_reference_id = "pike" + location = "us-central1" +} + +output "google_backup_dr_data_source_reference" { + value = data.google_backup_dr_data_source_reference.pike +} diff --git a/terraform/google/backup/data.google_backup_dr_data_source_references.tf b/terraform/google/backup/data.google_backup_dr_data_source_references.tf new file mode 100644 index 00000000..a30403fd --- /dev/null +++ b/terraform/google/backup/data.google_backup_dr_data_source_references.tf @@ -0,0 +1,8 @@ +data "google_backup_dr_data_source_references" "pike" { + location = "us-central1" + resource_type = "sqladmin.googleapis.com/Instance" +} + +output "google_backup_dr_data_source_references" { + value = data.google_backup_dr_data_source_references.pike +} diff --git a/terraform/google/backup/data.google_beyondcorp_application_iam_policy.tf b/terraform/google/backup/data.google_beyondcorp_application_iam_policy.tf new file mode 100644 index 00000000..dcd9edc0 --- /dev/null +++ b/terraform/google/backup/data.google_beyondcorp_application_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_beyondcorp_application_iam_policy" "pike" { + security_gateways_id = "pike" + application_id = "pike" +} + +output "google_beyondcorp_application_iam_policy" { + value = data.google_beyondcorp_application_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_beyondcorp_security_gateway.tf b/terraform/google/backup/data.google_beyondcorp_security_gateway.tf new file mode 100644 index 00000000..7c596c30 --- /dev/null +++ b/terraform/google/backup/data.google_beyondcorp_security_gateway.tf @@ -0,0 +1,8 @@ +data "google_beyondcorp_security_gateway" "pike" { + security_gateway_id = "pike" + +} + +output "google_beyondcorp_security_gateway" { + value = data.google_beyondcorp_security_gateway.pike +} diff --git a/terraform/google/backup/data.google_beyondcorp_security_gateway_application_iam_policy.tf b/terraform/google/backup/data.google_beyondcorp_security_gateway_application_iam_policy.tf new file mode 100644 index 00000000..05aad362 --- /dev/null +++ b/terraform/google/backup/data.google_beyondcorp_security_gateway_application_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_beyondcorp_security_gateway_application_iam_policy" "pike" { + application_id = "pike" + security_gateway_id = "pike" +} + +output "google_beyondcorp_security_gateway_application_iam_policy" { + value = data.google_beyondcorp_security_gateway_application_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_beyondcorp_security_gateway_iam_policy.tf b/terraform/google/backup/data.google_beyondcorp_security_gateway_iam_policy.tf new file mode 100644 index 00000000..32dcb008 --- /dev/null +++ b/terraform/google/backup/data.google_beyondcorp_security_gateway_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_beyondcorp_security_gateway_iam_policy" "pike" { + security_gateway_id = "pike" + location = "us-central1" +} + +output "google_beyondcorp_security_gateway_iam_policy" { + value = data.google_beyondcorp_security_gateway_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_bigquery_datapolicyv2_data_policy_iam_policy.tf b/terraform/google/backup/data.google_bigquery_datapolicyv2_data_policy_iam_policy.tf new file mode 100644 index 00000000..8b59f726 --- /dev/null +++ b/terraform/google/backup/data.google_bigquery_datapolicyv2_data_policy_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_bigquery_datapolicyv2_data_policy_iam_policy" "pike" { + data_policy_id = "pike" +} + +output "google_bigquery_datapolicyv2_data_policy_iam_policy" { + value = data.google_bigquery_datapolicyv2_data_policy_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_bigquery_dataset.tf b/terraform/google/backup/data.google_bigquery_dataset.tf index 7274d5bb..3fba3de1 100644 --- a/terraform/google/backup/data.google_bigquery_dataset.tf +++ b/terraform/google/backup/data.google_bigquery_dataset.tf @@ -1,4 +1,4 @@ data "google_bigquery_dataset" "pike" { dataset_id = "my-bq-dataset" - project = "pike-gcp" + project = "pike" } diff --git a/terraform/google/backup/data.google_bigquery_datasets.tf b/terraform/google/backup/data.google_bigquery_datasets.tf new file mode 100644 index 00000000..f2b66eee --- /dev/null +++ b/terraform/google/backup/data.google_bigquery_datasets.tf @@ -0,0 +1,6 @@ +data "google_bigquery_datasets" "pike" { +} + +output "google_bigquery_datasets" { + value = data.google_bigquery_datasets.pike +} diff --git a/terraform/google/backup/data.google_bigquery_table.tf b/terraform/google/backup/data.google_bigquery_table.tf new file mode 100644 index 00000000..c83629b0 --- /dev/null +++ b/terraform/google/backup/data.google_bigquery_table.tf @@ -0,0 +1,8 @@ +data "google_bigquery_table" "pike" { + table_id = "pike" + dataset_id = "pike" +} + +output "google_bigquery_table" { + value = data.google_bigquery_table.pike +} diff --git a/terraform/google/backup/data.google_bigquery_tables.tf b/terraform/google/backup/data.google_bigquery_tables.tf new file mode 100644 index 00000000..f17ca9ae --- /dev/null +++ b/terraform/google/backup/data.google_bigquery_tables.tf @@ -0,0 +1,7 @@ +data "google_bigquery_tables" "pike" { + dataset_id = "pike" +} + +output "google_bigquery_tables" { + value = data.google_bigquery_tables.pike +} diff --git a/terraform/google/backup/data.google_certificate_manager_certificates.tf b/terraform/google/backup/data.google_certificate_manager_certificates.tf new file mode 100644 index 00000000..c43bfba8 --- /dev/null +++ b/terraform/google/backup/data.google_certificate_manager_certificates.tf @@ -0,0 +1,6 @@ +data "google_certificate_manager_certificates" "pike" { +} + +output "google_certificate_manager_certificates" { + value = data.google_certificate_manager_certificates.pike +} diff --git a/terraform/google/backup/data.google_certificate_manager_dns_authorization.tf b/terraform/google/backup/data.google_certificate_manager_dns_authorization.tf new file mode 100644 index 00000000..7f14e64e --- /dev/null +++ b/terraform/google/backup/data.google_certificate_manager_dns_authorization.tf @@ -0,0 +1,7 @@ +data "google_certificate_manager_dns_authorization" "pike" { + provider = google-beta +} + +output "google_certificate_manager_dns_authorization" { + value = data.google_certificate_manager_dns_authorization.pike +} diff --git a/terraform/google/backup/data.google_cloud_identity_group_transitive_memberships.tf b/terraform/google/backup/data.google_cloud_identity_group_transitive_memberships.tf new file mode 100644 index 00000000..7cd12094 --- /dev/null +++ b/terraform/google/backup/data.google_cloud_identity_group_transitive_memberships.tf @@ -0,0 +1,7 @@ +data "google_cloud_identity_group_transitive_memberships" "pike" { + group = "pike" +} + +output "google_cloud_identity_group_transitive_memberships" { + value = data.google_cloud_identity_group_transitive_memberships.pike +} diff --git a/terraform/google/backup/data.google_cloud_quotas_quota_info.tf b/terraform/google/backup/data.google_cloud_quotas_quota_info.tf new file mode 100644 index 00000000..511d0339 --- /dev/null +++ b/terraform/google/backup/data.google_cloud_quotas_quota_info.tf @@ -0,0 +1,9 @@ +data "google_cloud_quotas_quota_info" "pike" { + parent = "pike" + quota_id = "pike" + service = "pike" +} + +output "google_cloud_quotas_quota_info" { + value = data.google_cloud_quotas_quota_info.pike +} diff --git a/terraform/google/backup/data.google_cloud_quotas_quota_infos.tf b/terraform/google/backup/data.google_cloud_quotas_quota_infos.tf new file mode 100644 index 00000000..f7040373 --- /dev/null +++ b/terraform/google/backup/data.google_cloud_quotas_quota_infos.tf @@ -0,0 +1,8 @@ +data "google_cloud_quotas_quota_infos" "pike" { + service = "pike" + parent = "pike" +} + +output "google_cloud_quotas_quota_infos" { + value = data.google_cloud_quotas_quota_infos.pike +} diff --git a/terraform/google/backup/data.google_cloud_run_v2_job.tf b/terraform/google/backup/data.google_cloud_run_v2_job.tf index 3fe34617..8a538448 100644 --- a/terraform/google/backup/data.google_cloud_run_v2_job.tf +++ b/terraform/google/backup/data.google_cloud_run_v2_job.tf @@ -1,7 +1,7 @@ data "google_cloud_run_v2_job" "pike" { provider = google-beta name = "pike" - project = "pike-gcp" + project = "pike" location = "europe-west2" } diff --git a/terraform/google/backup/data.google_cloud_run_v2_service.tf b/terraform/google/backup/data.google_cloud_run_v2_service.tf index 45fc2b18..e0f517d3 100644 --- a/terraform/google/backup/data.google_cloud_run_v2_service.tf +++ b/terraform/google/backup/data.google_cloud_run_v2_service.tf @@ -1,7 +1,7 @@ data "google_cloud_run_v2_service" "pike" { provider = google-beta name = "pike" - project = "pike-gcp" + project = "pike" location = "europe-west2" } diff --git a/terraform/google/backup/data.google_cloud_run_v2_worker_pool.tf b/terraform/google/backup/data.google_cloud_run_v2_worker_pool.tf new file mode 100644 index 00000000..5b3f1cb7 --- /dev/null +++ b/terraform/google/backup/data.google_cloud_run_v2_worker_pool.tf @@ -0,0 +1,8 @@ +data "google_cloud_run_v2_worker_pool" "pike" { + name = "pike" + location = "us-central1" +} + +output "google_cloud_run_v2_worker_pool" { + value = data.google_cloud_run_v2_worker_pool.pike +} diff --git a/terraform/google/backup/data.google_cloud_run_v2_worker_pool_iam_policy.tf b/terraform/google/backup/data.google_cloud_run_v2_worker_pool_iam_policy.tf new file mode 100644 index 00000000..59766abb --- /dev/null +++ b/terraform/google/backup/data.google_cloud_run_v2_worker_pool_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_cloud_run_v2_worker_pool_iam_policy" "pike" { + name = "pike" +} + +output "google_cloud_run_v2_worker_pool_iam_policy" { + value = data.google_cloud_run_v2_worker_pool_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_cloudbuild_trigger.tf b/terraform/google/backup/data.google_cloudbuild_trigger.tf index d5596f8c..50127fd8 100644 --- a/terraform/google/backup/data.google_cloudbuild_trigger.tf +++ b/terraform/google/backup/data.google_cloudbuild_trigger.tf @@ -1,5 +1,5 @@ data "google_cloudbuild_trigger" "pike" { - project = "pike-gcp" + project = "pike" trigger_id = "9c1e342a-8e6d-47d5-b764-ad43a1e25acb" location = "global" } diff --git a/terraform/google/backup/data.google_clouddeploy_custom_target_type_iam_policy.tf b/terraform/google/backup/data.google_clouddeploy_custom_target_type_iam_policy.tf new file mode 100644 index 00000000..de1fdba1 --- /dev/null +++ b/terraform/google/backup/data.google_clouddeploy_custom_target_type_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_clouddeploy_custom_target_type_iam_policy" "pike" { + name = "pike" +} + +output "google_clouddeploy_custom_target_type_iam_policy" { + value = data.google_clouddeploy_custom_target_type_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_clouddeploy_delivery_pipeline_iam_policy.tf b/terraform/google/backup/data.google_clouddeploy_delivery_pipeline_iam_policy.tf new file mode 100644 index 00000000..4a397e8e --- /dev/null +++ b/terraform/google/backup/data.google_clouddeploy_delivery_pipeline_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_clouddeploy_delivery_pipeline_iam_policy" "pike" { + name = "pike" +} + +output "google_clouddeploy_delivery_pipeline_iam_policy" { + value = data.google_clouddeploy_delivery_pipeline_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_clouddeploy_target_iam_policy.tf b/terraform/google/backup/data.google_clouddeploy_target_iam_policy.tf new file mode 100644 index 00000000..cfadce82 --- /dev/null +++ b/terraform/google/backup/data.google_clouddeploy_target_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_clouddeploy_target_iam_policy" "pike" { + name = "pike" +} + +output "google_clouddeploy_target_iam_policy" { + value = data.google_clouddeploy_target_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_colab_runtime_template_iam_policy.tf b/terraform/google/backup/data.google_colab_runtime_template_iam_policy.tf new file mode 100644 index 00000000..8f3c80c1 --- /dev/null +++ b/terraform/google/backup/data.google_colab_runtime_template_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_colab_runtime_template_iam_policy" "pike" { + runtime_template = "pike" +} + +output "google_colab_runtime_template_iam_policy" { + value = data.google_colab_runtime_template_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_composer_user_workloads_config_map.tf b/terraform/google/backup/data.google_composer_user_workloads_config_map.tf new file mode 100644 index 00000000..4584fa31 --- /dev/null +++ b/terraform/google/backup/data.google_composer_user_workloads_config_map.tf @@ -0,0 +1,8 @@ +data "google_composer_user_workloads_config_map" "pike" { + name = "pike" + environment = "pike" +} + +output "google_composer_user_workloads_config_map" { + value = data.google_composer_user_workloads_config_map.pike +} diff --git a/terraform/google/backup/data.google_composer_user_workloads_secret.tf b/terraform/google/backup/data.google_composer_user_workloads_secret.tf new file mode 100644 index 00000000..0c7bd372 --- /dev/null +++ b/terraform/google/backup/data.google_composer_user_workloads_secret.tf @@ -0,0 +1,8 @@ +data "google_composer_user_workloads_secret" "pike" { + environment = "pike" + name = "pike" +} + +output "google_composer_user_workloads_secret" { + value = data.google_composer_user_workloads_secret.pike +} diff --git a/terraform/google/backup/data.google_compute_forwarding_rules.tf b/terraform/google/backup/data.google_compute_forwarding_rules.tf new file mode 100644 index 00000000..95ff9c3b --- /dev/null +++ b/terraform/google/backup/data.google_compute_forwarding_rules.tf @@ -0,0 +1,6 @@ +data "google_compute_forwarding_rules" "pike" { +} + +output "google_compute_forwarding_rules" { + value = data.google_compute_forwarding_rules.pike +} diff --git a/terraform/google/backup/data.google_compute_images.tf b/terraform/google/backup/data.google_compute_images.tf new file mode 100644 index 00000000..b9f99677 --- /dev/null +++ b/terraform/google/backup/data.google_compute_images.tf @@ -0,0 +1,6 @@ +data "google_compute_images" "pike" { +} + +output "google_compute_images" { + value = data.google_compute_images.pike +} diff --git a/terraform/google/backup/data.google_compute_instance_guest_attributes.tf b/terraform/google/backup/data.google_compute_instance_guest_attributes.tf new file mode 100644 index 00000000..cffc1d59 --- /dev/null +++ b/terraform/google/backup/data.google_compute_instance_guest_attributes.tf @@ -0,0 +1,8 @@ +data "google_compute_instance_guest_attributes" "pike" { + name = "pike" + zone = "us-central1-a" +} + +output "google_compute_instance_guest_attributes" { + value = data.google_compute_instance_guest_attributes.pike +} diff --git a/terraform/google/backup/data.google_compute_instance_template_iam_policy.tf b/terraform/google/backup/data.google_compute_instance_template_iam_policy.tf new file mode 100644 index 00000000..0eb2716e --- /dev/null +++ b/terraform/google/backup/data.google_compute_instance_template_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_compute_instance_template_iam_policy" "pike" { + name = "pike" +} + +output "google_compute_instance_template_iam_policy" { + value = data.google_compute_instance_template_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_compute_instant_snapshot_iam_policy.tf b/terraform/google/backup/data.google_compute_instant_snapshot_iam_policy.tf new file mode 100644 index 00000000..2954d7ba --- /dev/null +++ b/terraform/google/backup/data.google_compute_instant_snapshot_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_compute_instant_snapshot_iam_policy" "pike" { + name = "pike" + zone = "us-central1-a" +} + +output "google_compute_instant_snapshot_iam_policy" { + value = data.google_compute_instant_snapshot_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_compute_interconnect_location.tf b/terraform/google/backup/data.google_compute_interconnect_location.tf new file mode 100644 index 00000000..170fcb73 --- /dev/null +++ b/terraform/google/backup/data.google_compute_interconnect_location.tf @@ -0,0 +1,8 @@ +data "google_compute_interconnect_location" "pike" { + provider = google-beta + name = "pike" +} + +output "google_compute_interconnect_location" { + value = data.google_compute_interconnect_location.pike +} diff --git a/terraform/google/backup/data.google_compute_interconnect_locations.tf b/terraform/google/backup/data.google_compute_interconnect_locations.tf new file mode 100644 index 00000000..5062b1e8 --- /dev/null +++ b/terraform/google/backup/data.google_compute_interconnect_locations.tf @@ -0,0 +1,7 @@ +data "google_compute_interconnect_locations" "pike" { + provider = google-beta +} + +output "google_compute_interconnect_locations" { + value = data.google_compute_interconnect_locations.pike +} diff --git a/terraform/google/backup/data.google_compute_machine_types.tf b/terraform/google/backup/data.google_compute_machine_types.tf new file mode 100644 index 00000000..f76f7b31 --- /dev/null +++ b/terraform/google/backup/data.google_compute_machine_types.tf @@ -0,0 +1,7 @@ +data "google_compute_machine_types" "pike" { + zone = "us-central1-a" +} + +output "google_compute_machine_types" { + value = data.google_compute_machine_types.pike +} diff --git a/terraform/google/backup/data.google_compute_network_attachment.tf b/terraform/google/backup/data.google_compute_network_attachment.tf new file mode 100644 index 00000000..7d1e8105 --- /dev/null +++ b/terraform/google/backup/data.google_compute_network_attachment.tf @@ -0,0 +1,6 @@ +data "google_compute_network_attachment" "pike" { +} + +output "google_compute_network_attachment" { + value = data.google_compute_network_attachment.pike +} diff --git a/terraform/google/backup/data.google_compute_region_backend_service.tf b/terraform/google/backup/data.google_compute_region_backend_service.tf new file mode 100644 index 00000000..4ca6f29c --- /dev/null +++ b/terraform/google/backup/data.google_compute_region_backend_service.tf @@ -0,0 +1,7 @@ +data "google_compute_region_backend_service" "pike" { + name = "pike" +} + +output "google_compute_region_backend_service" { + value = data.google_compute_region_backend_service.pike +} diff --git a/terraform/google/backup/data.google_compute_region_instance_group_manager.tf b/terraform/google/backup/data.google_compute_region_instance_group_manager.tf new file mode 100644 index 00000000..50ac3bc8 --- /dev/null +++ b/terraform/google/backup/data.google_compute_region_instance_group_manager.tf @@ -0,0 +1,7 @@ +data "google_compute_region_instance_group_manager" "pike" { + name = "pike" +} + +output "google_compute_region_instance_group_manager" { + value = data.google_compute_region_instance_group_manager.pike +} diff --git a/terraform/google/backup/data.google_compute_security_policy.tf b/terraform/google/backup/data.google_compute_security_policy.tf new file mode 100644 index 00000000..aa4840a0 --- /dev/null +++ b/terraform/google/backup/data.google_compute_security_policy.tf @@ -0,0 +1,8 @@ +data "google_compute_security_policy" "pike" { + name = "pike" + +} + +output "google_compute_security_policy" { + value = data.google_compute_security_policy.pike +} diff --git a/terraform/google/backup/data.google_compute_storage_pool_iam_policy.tf b/terraform/google/backup/data.google_compute_storage_pool_iam_policy.tf new file mode 100644 index 00000000..8afe2762 --- /dev/null +++ b/terraform/google/backup/data.google_compute_storage_pool_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_compute_storage_pool_iam_policy" "pike" { + name = "pike" + zone = "us-central1-a" +} + +output "google_compute_storage_pool_iam_policy" { + value = data.google_compute_storage_pool_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_compute_storage_pool_types.tf b/terraform/google/backup/data.google_compute_storage_pool_types.tf new file mode 100644 index 00000000..a4a9fd7d --- /dev/null +++ b/terraform/google/backup/data.google_compute_storage_pool_types.tf @@ -0,0 +1,8 @@ +data "google_compute_storage_pool_types" "pike" { + storage_pool_type = "pike" + zone = "us-central1-a" +} + +output "google_compute_storage_pool_types" { + value = data.google_compute_storage_pool_types.pike +} diff --git a/terraform/google/backup/data.google_compute_subnetworks.tf b/terraform/google/backup/data.google_compute_subnetworks.tf new file mode 100644 index 00000000..89ce57da --- /dev/null +++ b/terraform/google/backup/data.google_compute_subnetworks.tf @@ -0,0 +1,6 @@ +data "google_compute_subnetworks" "pike" { +} + +output "google_compute_subnetworks" { + value = data.google_compute_subnetworks.pike +} diff --git a/terraform/google/backup/data.google_container_attached_install_manifest.tf b/terraform/google/backup/data.google_container_attached_install_manifest.tf new file mode 100644 index 00000000..518c3c88 --- /dev/null +++ b/terraform/google/backup/data.google_container_attached_install_manifest.tf @@ -0,0 +1,10 @@ +data "google_container_attached_install_manifest" "pike" { + cluster_id = "pike" + project = "pike-412922" + platform_version = "1234" + location = "us-central1" +} + +output "google_container_attached_install_manifest" { + value = data.google_container_attached_install_manifest.pike +} diff --git a/terraform/google/backup/data.google_container_aws_versions.tf b/terraform/google/backup/data.google_container_aws_versions.tf new file mode 100644 index 00000000..98798261 --- /dev/null +++ b/terraform/google/backup/data.google_container_aws_versions.tf @@ -0,0 +1,8 @@ +data "google_container_aws_versions" "pike" { + location = "us-west1" + project = "pike-412922" +} + +output "google_container_aws_versions" { + value = data.google_container_aws_versions.pike +} diff --git a/terraform/google/backup/data.google_container_azure_versions.tf b/terraform/google/backup/data.google_container_azure_versions.tf new file mode 100644 index 00000000..3d45ab9a --- /dev/null +++ b/terraform/google/backup/data.google_container_azure_versions.tf @@ -0,0 +1,8 @@ +data "google_container_azure_versions" "pike" { + location = "us-west1" + project = "pike-412922" +} + +output "google_container_azure_versions" { + value = data.google_container_azure_versions.pike +} diff --git a/terraform/google/backup/data.google_dataplex_aspect_type_iam_policy.tf b/terraform/google/backup/data.google_dataplex_aspect_type_iam_policy.tf new file mode 100644 index 00000000..5eb8da1c --- /dev/null +++ b/terraform/google/backup/data.google_dataplex_aspect_type_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_dataplex_aspect_type_iam_policy" "pike" { + aspect_type_id = "pike" +} + +output "google_dataplex_aspect_type_iam_policy" { + value = data.google_dataplex_aspect_type_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_dataplex_data_quality_rules.tf b/terraform/google/backup/data.google_dataplex_data_quality_rules.tf new file mode 100644 index 00000000..207a23f5 --- /dev/null +++ b/terraform/google/backup/data.google_dataplex_data_quality_rules.tf @@ -0,0 +1,9 @@ +data "google_dataplex_data_quality_rules" "pike" { + project = "pike-412922" + location = "us-central1" + data_scan_id = "pike" +} + +output "google_dataplex_data_quality_rules" { + value = data.google_dataplex_data_quality_rules.pike +} diff --git a/terraform/google/backup/data.google_dataplex_entry_group_iam_policy.tf b/terraform/google/backup/data.google_dataplex_entry_group_iam_policy.tf new file mode 100644 index 00000000..e9efa6b0 --- /dev/null +++ b/terraform/google/backup/data.google_dataplex_entry_group_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_dataplex_entry_group_iam_policy" "pike" { + entry_group_id = "pike" +} + +output "google_dataplex_entry_group_iam_policy" { + value = data.google_dataplex_entry_group_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_dataplex_entry_type_iam_policy.tf b/terraform/google/backup/data.google_dataplex_entry_type_iam_policy.tf new file mode 100644 index 00000000..a902655b --- /dev/null +++ b/terraform/google/backup/data.google_dataplex_entry_type_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_dataplex_entry_type_iam_policy" "pike" { + entry_type_id = "pike" +} + +output "google_dataplex_entry_type_iam_policy" { + value = data.google_dataplex_entry_type_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_dataplex_glossary_iam_policy.tf b/terraform/google/backup/data.google_dataplex_glossary_iam_policy.tf new file mode 100644 index 00000000..096ba905 --- /dev/null +++ b/terraform/google/backup/data.google_dataplex_glossary_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_dataplex_glossary_iam_policy" "pike" { + glossary_id = "pike" +} + +output "google_dataplex_glossary_iam_policy" { + value = data.google_dataplex_glossary_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_dataproc_metastore_database_iam_policy.tf b/terraform/google/backup/data.google_dataproc_metastore_database_iam_policy.tf new file mode 100644 index 00000000..d1ee8c71 --- /dev/null +++ b/terraform/google/backup/data.google_dataproc_metastore_database_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_dataproc_metastore_database_iam_policy" "pike" { + database = "pike" + service_id = "pike" +} + +output "google_dataproc_metastore_database_iam_policy" { + value = data.google_dataproc_metastore_database_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_dataproc_metastore_table_iam_policy.tf b/terraform/google/backup/data.google_dataproc_metastore_table_iam_policy.tf new file mode 100644 index 00000000..e2aac29b --- /dev/null +++ b/terraform/google/backup/data.google_dataproc_metastore_table_iam_policy.tf @@ -0,0 +1,10 @@ +data "google_dataproc_metastore_table_iam_policy" "pike" { + database_id = "pike" + table = "pike" + service_id = "pike" + +} + +output "google_dataproc_metastore_table_iam_policy" { + value = data.google_dataproc_metastore_table_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_dns_managed_zones.tf b/terraform/google/backup/data.google_dns_managed_zones.tf new file mode 100644 index 00000000..0346fb4d --- /dev/null +++ b/terraform/google/backup/data.google_dns_managed_zones.tf @@ -0,0 +1,6 @@ +data "google_dns_managed_zones" "pike" { +} + +output "google_dns_managed_zones" { + value = data.google_dns_managed_zones.pike +} diff --git a/terraform/google/backup/data.google_folder.tf b/terraform/google/backup/data.google_folder.tf new file mode 100644 index 00000000..18f73e83 --- /dev/null +++ b/terraform/google/backup/data.google_folder.tf @@ -0,0 +1,7 @@ +data "google_folder" "pike" { + folder = "pike" +} + +output "google_folder" { + value = data.google_folder.pike +} diff --git a/terraform/google/backup/data.google_folder_iam_policy.tf b/terraform/google/backup/data.google_folder_iam_policy.tf new file mode 100644 index 00000000..8f2591d5 --- /dev/null +++ b/terraform/google/backup/data.google_folder_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_folder_iam_policy" "pike" { + folder = "folders/pike" +} + +output "google_folder_iam_policy" { + value = data.google_folder_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_folders.tf b/terraform/google/backup/data.google_folders.tf new file mode 100644 index 00000000..05b1b3a5 --- /dev/null +++ b/terraform/google/backup/data.google_folders.tf @@ -0,0 +1,7 @@ +data "google_folders" "pike" { + parent_id = "organizations/12345" +} + +output "google_folders" { + value = data.google_folders.pike +} diff --git a/terraform/google/backup/data.google_gemini_repository_group_iam_policy.tf b/terraform/google/backup/data.google_gemini_repository_group_iam_policy.tf new file mode 100644 index 00000000..1049dad0 --- /dev/null +++ b/terraform/google/backup/data.google_gemini_repository_group_iam_policy.tf @@ -0,0 +1,9 @@ +data "google_gemini_repository_group_iam_policy" "pike" { + code_repository_index = "pike" + repository_group_id = "pike" + project = "pike-412922" +} + +output "google_gemini_repository_group_iam_policy" { + value = data.google_gemini_repository_group_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_gke_hub_feature.tf b/terraform/google/backup/data.google_gke_hub_feature.tf new file mode 100644 index 00000000..c0f58f8e --- /dev/null +++ b/terraform/google/backup/data.google_gke_hub_feature.tf @@ -0,0 +1,8 @@ +data "google_gke_hub_feature" "pike" { + name = "servicemesh" + location = "global" +} + +output "google_gke_hub_feature" { + value = data.google_gke_hub_feature.pike +} diff --git a/terraform/google/backup/data.google_gke_hub_membership.tf b/terraform/google/backup/data.google_gke_hub_membership.tf new file mode 100644 index 00000000..b0d02356 --- /dev/null +++ b/terraform/google/backup/data.google_gke_hub_membership.tf @@ -0,0 +1,8 @@ +data "google_gke_hub_membership" "pike" { + membership_id = "pike" + location = "us-central1" +} + +output "google_gke_hub_membership" { + value = data.google_gke_hub_membership.pike +} diff --git a/terraform/google/backup/data.google_iam_workforce_pool_iam_policy.tf b/terraform/google/backup/data.google_iam_workforce_pool_iam_policy.tf new file mode 100644 index 00000000..7b8a68e6 --- /dev/null +++ b/terraform/google/backup/data.google_iam_workforce_pool_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_iam_workforce_pool_iam_policy" "pike" { +} + +output "google_iam_workforce_pool_iam_policy" { + value = data.google_iam_workforce_pool_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_iam_workload_identity_pool_iam_policy.tf b/terraform/google/backup/data.google_iam_workload_identity_pool_iam_policy.tf new file mode 100644 index 00000000..d4f17d1a --- /dev/null +++ b/terraform/google/backup/data.google_iam_workload_identity_pool_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_iam_workload_identity_pool_iam_policy" "pike" { + provider = google-beta + workload_identity_pool_id = "gitlab" +} + +output "google_iam_workload_identity_pool_iam_policy" { + value = data.google_iam_workload_identity_pool_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_iap_tunnel_dest_group_iam_policy.tf b/terraform/google/backup/data.google_iap_tunnel_dest_group_iam_policy.tf new file mode 100644 index 00000000..25538a6f --- /dev/null +++ b/terraform/google/backup/data.google_iap_tunnel_dest_group_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_iap_tunnel_dest_group_iam_policy" "pike" { + dest_group = "pike" +} + +output "google_iap_tunnel_dest_group_iam_policy" { + value = data.google_iap_tunnel_dest_group_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_iap_web_cloud_run_service_iam_policy.tf b/terraform/google/backup/data.google_iap_web_cloud_run_service_iam_policy.tf new file mode 100644 index 00000000..78958854 --- /dev/null +++ b/terraform/google/backup/data.google_iap_web_cloud_run_service_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_iap_web_cloud_run_service_iam_policy" "pike" { + cloud_run_service_name = "pike" +} + +output "google_iap_web_cloud_run_service_iam_policy" { + value = data.google_iap_web_cloud_run_service_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_iap_web_forwarding_rule_service_iam_policy.tf b/terraform/google/backup/data.google_iap_web_forwarding_rule_service_iam_policy.tf new file mode 100644 index 00000000..3d3d06c3 --- /dev/null +++ b/terraform/google/backup/data.google_iap_web_forwarding_rule_service_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_iap_web_forwarding_rule_service_iam_policy" "pike" { + forwarding_rule_service_name = "pike" +} + +output "google_iap_web_forwarding_rule_service_iam_policy" { + value = data.google_iap_web_forwarding_rule_service_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_iap_web_region_forwarding_rule_service_iam_policy.tf b/terraform/google/backup/data.google_iap_web_region_forwarding_rule_service_iam_policy.tf new file mode 100644 index 00000000..16045650 --- /dev/null +++ b/terraform/google/backup/data.google_iap_web_region_forwarding_rule_service_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_iap_web_region_forwarding_rule_service_iam_policy" "pike" { + provider = google-beta + web_region_backend_service = "pike" +} + +output "google_iap_web_region_forwarding_rule_service_iam_policy" { + value = data.google_iap_web_region_forwarding_rule_service_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_kms_autokey_config.tf b/terraform/google/backup/data.google_kms_autokey_config.tf new file mode 100644 index 00000000..4f387289 --- /dev/null +++ b/terraform/google/backup/data.google_kms_autokey_config.tf @@ -0,0 +1,8 @@ +data "google_kms_autokey_config" "pike" { + provider = google-beta + folder = "pike" +} + +output "google_kms_autokey_config" { + value = data.google_kms_autokey_config.pike +} diff --git a/terraform/google/backup/data.google_kms_crypto_key_latest_version.tf b/terraform/google/backup/data.google_kms_crypto_key_latest_version.tf new file mode 100644 index 00000000..6fba8423 --- /dev/null +++ b/terraform/google/backup/data.google_kms_crypto_key_latest_version.tf @@ -0,0 +1,7 @@ +data "google_kms_crypto_key_latest_version" "pike" { + crypto_key = "pike/us-central1/pike/pike" +} + +output "google_kms_crypto_key_latest_version" { + value = data.google_kms_crypto_key_latest_version.pike +} diff --git a/terraform/google/backup/data.google_kms_crypto_key_versions.tf b/terraform/google/backup/data.google_kms_crypto_key_versions.tf new file mode 100644 index 00000000..c547fb49 --- /dev/null +++ b/terraform/google/backup/data.google_kms_crypto_key_versions.tf @@ -0,0 +1,7 @@ +data "google_kms_crypto_key_versions" "pike" { + crypto_key = "pike/us-central1/pike/pike" +} + +output "google_kms_crypto_key_versions" { + value = data.google_kms_crypto_key_versions.pike +} diff --git a/terraform/google/backup/data.google_kms_crypto_keys.tf b/terraform/google/backup/data.google_kms_crypto_keys.tf new file mode 100644 index 00000000..ec6edf88 --- /dev/null +++ b/terraform/google/backup/data.google_kms_crypto_keys.tf @@ -0,0 +1,7 @@ +data "google_kms_crypto_keys" "pike" { + key_ring = "us-central1/pike" +} + +output "google_kms_crypto_keys" { + value = data.google_kms_crypto_keys.pike +} diff --git a/terraform/google/backup/data.google_kms_ekm_connection_iam_policy.tf b/terraform/google/backup/data.google_kms_ekm_connection_iam_policy.tf new file mode 100644 index 00000000..b54b522e --- /dev/null +++ b/terraform/google/backup/data.google_kms_ekm_connection_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_kms_ekm_connection_iam_policy" "pike" { + name = "projects/pike/locations/us-central1/ekmConnections/pike" +} + +output "google_kms_ekm_connection_iam_policy" { + value = data.google_kms_ekm_connection_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_kms_key_handle.tf b/terraform/google/backup/data.google_kms_key_handle.tf new file mode 100644 index 00000000..247bc94c --- /dev/null +++ b/terraform/google/backup/data.google_kms_key_handle.tf @@ -0,0 +1,9 @@ +data "google_kms_key_handle" "pike" { + name = "pike" + location = "us-central1" + provider = google-beta +} + +output "google_kms_key_handle" { + value = data.google_kms_key_handle.pike +} diff --git a/terraform/google/backup/data.google_kms_key_handles.tf b/terraform/google/backup/data.google_kms_key_handles.tf new file mode 100644 index 00000000..198b7034 --- /dev/null +++ b/terraform/google/backup/data.google_kms_key_handles.tf @@ -0,0 +1,9 @@ +data "google_kms_key_handles" "pike" { + provider = google-beta + location = "us-central1" + resource_type_selector = "storage.googleapis.com/Bucket" +} + +output "google_kms_key_handles" { + value = data.google_kms_key_handles.pike +} diff --git a/terraform/google/backup/data.google_kms_key_rings.tf b/terraform/google/backup/data.google_kms_key_rings.tf new file mode 100644 index 00000000..f8fb10fe --- /dev/null +++ b/terraform/google/backup/data.google_kms_key_rings.tf @@ -0,0 +1,7 @@ +data "google_kms_key_rings" "pike" { + location = "us-central1" +} + +output "google_kms_key_rings" { + value = data.google_kms_key_rings.pike +} diff --git a/terraform/google/backup/data.google_logging_log_view_iam_policy.tf b/terraform/google/backup/data.google_logging_log_view_iam_policy.tf new file mode 100644 index 00000000..e48d0995 --- /dev/null +++ b/terraform/google/backup/data.google_logging_log_view_iam_policy.tf @@ -0,0 +1,9 @@ +data "google_logging_log_view_iam_policy" "pike" { + bucket = "anyoldshet" + parent = "pike" + name = "pike" +} + +output "google_logging_log_view_iam_policy" { + value = data.google_logging_log_view_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_lustre_instance.tf b/terraform/google/backup/data.google_lustre_instance.tf new file mode 100644 index 00000000..a829d693 --- /dev/null +++ b/terraform/google/backup/data.google_lustre_instance.tf @@ -0,0 +1,8 @@ +data "google_lustre_instance" "pike" { + instance_id = "pike" + zone = "us-central1-a" +} + +output "google_lustre_instance" { + value = data.google_lustre_instance.pike +} diff --git a/terraform/google/backup/data.google_memcache_instance.tf b/terraform/google/backup/data.google_memcache_instance.tf new file mode 100644 index 00000000..7f83eba9 --- /dev/null +++ b/terraform/google/backup/data.google_memcache_instance.tf @@ -0,0 +1,7 @@ +data "google_memcache_instance" "pike" { + name = "pike" +} + +output "google_memcache_instance" { + value = data.google_memcache_instance.pike +} diff --git a/terraform/google/backup/data.google_memorystore_instance.tf b/terraform/google/backup/data.google_memorystore_instance.tf new file mode 100644 index 00000000..860851dc --- /dev/null +++ b/terraform/google/backup/data.google_memorystore_instance.tf @@ -0,0 +1,7 @@ +data "google_memorystore_instance" "pike" { + instance_id = "pike" +} + +output "google_memorystore_instance" { + value = data.google_memorystore_instance.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_autonomous_database.tf b/terraform/google/backup/data.google_oracle_database_autonomous_database.tf new file mode 100644 index 00000000..c887c8d0 --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_autonomous_database.tf @@ -0,0 +1,8 @@ +data "google_oracle_database_autonomous_database" "pike" { + location = "us-central1" + autonomous_database_id = "pike" +} + +output "google_oracle_database_autonomous_database" { + value = data.google_oracle_database_autonomous_database.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_autonomous_databases.tf b/terraform/google/backup/data.google_oracle_database_autonomous_databases.tf new file mode 100644 index 00000000..79012aae --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_autonomous_databases.tf @@ -0,0 +1,7 @@ +data "google_oracle_database_autonomous_databases" "pike" { + location = "us-central1" +} + +output "google_oracle_database_autonomous_databases" { + value = data.google_oracle_database_autonomous_databases.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_cloud_exadata_infrastructure.tf b/terraform/google/backup/data.google_oracle_database_cloud_exadata_infrastructure.tf new file mode 100644 index 00000000..20c5ae49 --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_cloud_exadata_infrastructure.tf @@ -0,0 +1,8 @@ +data "google_oracle_database_cloud_exadata_infrastructure" "pike" { + location = "us-central1" + cloud_exadata_infrastructure_id = "pike" +} + +output "google_oracle_database_cloud_exadata_infrastructure" { + value = data.google_oracle_database_cloud_exadata_infrastructure.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_cloud_exadata_infrastructures.tf b/terraform/google/backup/data.google_oracle_database_cloud_exadata_infrastructures.tf new file mode 100644 index 00000000..6a99ee51 --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_cloud_exadata_infrastructures.tf @@ -0,0 +1,7 @@ +data "google_oracle_database_cloud_exadata_infrastructures" "pike" { + location = "us-central1" +} + +output "google_oracle_database_cloud_exadata_infrastructures" { + value = data.google_oracle_database_cloud_exadata_infrastructures.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_cloud_vm_cluster.tf b/terraform/google/backup/data.google_oracle_database_cloud_vm_cluster.tf new file mode 100644 index 00000000..5ca731af --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_cloud_vm_cluster.tf @@ -0,0 +1,8 @@ +data "google_oracle_database_cloud_vm_cluster" "pike" { + location = "us-central1" + cloud_vm_cluster_id = "pike" +} + +output "google_oracle_database_cloud_vm_cluster" { + value = data.google_oracle_database_cloud_vm_cluster.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_cloud_vm_clusters.tf b/terraform/google/backup/data.google_oracle_database_cloud_vm_clusters.tf new file mode 100644 index 00000000..0b395a80 --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_cloud_vm_clusters.tf @@ -0,0 +1,7 @@ +data "google_oracle_database_cloud_vm_clusters" "pike" { + location = "us-central1" +} + +output "google_oracle_database_cloud_vm_clusters" { + value = data.google_oracle_database_cloud_vm_clusters.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_db_nodes.tf b/terraform/google/backup/data.google_oracle_database_db_nodes.tf new file mode 100644 index 00000000..5fa14003 --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_db_nodes.tf @@ -0,0 +1,8 @@ +data "google_oracle_database_db_nodes" "pike" { + cloud_vm_cluster = "pike" + location = "us-central1" +} + +output "google_oracle_database_db_nodes" { + value = data.google_oracle_database_db_nodes.pike +} diff --git a/terraform/google/backup/data.google_oracle_database_db_servers.tf b/terraform/google/backup/data.google_oracle_database_db_servers.tf new file mode 100644 index 00000000..761f25a7 --- /dev/null +++ b/terraform/google/backup/data.google_oracle_database_db_servers.tf @@ -0,0 +1,8 @@ +data "google_oracle_database_db_servers" "pike" { + cloud_exadata_infrastructure = "pike" + location = "us-central1" +} + +output "google_oracle_database_db_servers" { + value = data.google_oracle_database_db_servers.pike +} diff --git a/terraform/google/backup/data.google_organization_iam_custom_role.tf b/terraform/google/backup/data.google_organization_iam_custom_role.tf new file mode 100644 index 00000000..13201877 --- /dev/null +++ b/terraform/google/backup/data.google_organization_iam_custom_role.tf @@ -0,0 +1,9 @@ +data "google_organization_iam_custom_role" "pike" { + role_id = "pike" + org_id = "123456789" +} + + +output "google_organization_iam_custom_role" { + value = data.google_organization_iam_custom_role.pike +} diff --git a/terraform/google/backup/data.google_organization_iam_custom_roles.tf b/terraform/google/backup/data.google_organization_iam_custom_roles.tf new file mode 100644 index 00000000..69f74eb3 --- /dev/null +++ b/terraform/google/backup/data.google_organization_iam_custom_roles.tf @@ -0,0 +1,9 @@ +data "google_organization_iam_custom_roles" "pike" { + org_id = "1234567890" + show_deleted = true + view = "FULL" +} + +output "google_organization_iam_custom_roles" { + value = data.google_organization_iam_custom_roles.pike +} diff --git a/terraform/google/backup/data.google_organization_iam_policy.tf b/terraform/google/backup/data.google_organization_iam_policy.tf new file mode 100644 index 00000000..b902468d --- /dev/null +++ b/terraform/google/backup/data.google_organization_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_organization_iam_policy" "pike" { +} + +output "google_organization_iam_policy" { + value = data.google_organization_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_organizations.tf b/terraform/google/backup/data.google_organizations.tf new file mode 100644 index 00000000..c8634fce --- /dev/null +++ b/terraform/google/backup/data.google_organizations.tf @@ -0,0 +1,6 @@ +data "google_organizations" "pike" { +} + +output "google_organizations" { + value = data.google_organizations.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_parameter.tf b/terraform/google/backup/data.google_parameter_manager_parameter.tf new file mode 100644 index 00000000..ae7e3e98 --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_parameter.tf @@ -0,0 +1,7 @@ +data "google_parameter_manager_parameter" "pike" { + parameter_id = "pike" +} + +output "google_parameter_manager_parameter" { + value = data.google_parameter_manager_parameter.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_parameter_version.tf b/terraform/google/backup/data.google_parameter_manager_parameter_version.tf new file mode 100644 index 00000000..11a45450 --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_parameter_version.tf @@ -0,0 +1,8 @@ +data "google_parameter_manager_parameter_version" "pike" { + parameter_version_id = "pike" + parameter = "pike" +} + +output "google_parameter_manager_parameter_version" { + value = data.google_parameter_manager_parameter_version.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_parameter_version_render.tf b/terraform/google/backup/data.google_parameter_manager_parameter_version_render.tf new file mode 100644 index 00000000..f7e54c94 --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_parameter_version_render.tf @@ -0,0 +1,8 @@ +data "google_parameter_manager_parameter_version_render" "pike" { + parameter_version_id = "pike" + parameter = "pike" +} + +output "google_parameter_manager_parameter_version_render" { + value = data.google_parameter_manager_parameter_version_render.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_parameters.tf b/terraform/google/backup/data.google_parameter_manager_parameters.tf new file mode 100644 index 00000000..5cc004ba --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_parameters.tf @@ -0,0 +1,6 @@ +data "google_parameter_manager_parameters" "pike" { +} + +output "google_parameter_manager_parameters" { + value = data.google_parameter_manager_parameters.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_regional_parameter.tf b/terraform/google/backup/data.google_parameter_manager_regional_parameter.tf new file mode 100644 index 00000000..25bbdf89 --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_regional_parameter.tf @@ -0,0 +1,8 @@ +data "google_parameter_manager_regional_parameter" "pike" { + location = "us-central1" + parameter_id = "pike" +} + +output "google_parameter_manager_regional_parameter" { + value = data.google_parameter_manager_regional_parameter.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_regional_parameter_version.tf b/terraform/google/backup/data.google_parameter_manager_regional_parameter_version.tf new file mode 100644 index 00000000..c06dd8a1 --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_regional_parameter_version.tf @@ -0,0 +1,9 @@ +data "google_parameter_manager_regional_parameter_version" "pike" { + parameter_version_id = "pike" + parameter = "pike" + location = "us-central1" +} + +output "google_parameter_manager_regional_parameter_version" { + value = data.google_parameter_manager_regional_parameter_version.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_regional_parameter_version_render.tf b/terraform/google/backup/data.google_parameter_manager_regional_parameter_version_render.tf new file mode 100644 index 00000000..5f2bc195 --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_regional_parameter_version_render.tf @@ -0,0 +1,9 @@ +data "google_parameter_manager_regional_parameter_version_render" "pike" { + parameter_version_id = "pike" + parameter = "pike" + location = "us-central1" +} + +output "google_parameter_manager_regional_parameter_version_render" { + value = data.google_parameter_manager_regional_parameter_version_render.pike +} diff --git a/terraform/google/backup/data.google_parameter_manager_regional_parameters.tf b/terraform/google/backup/data.google_parameter_manager_regional_parameters.tf new file mode 100644 index 00000000..7b21d83a --- /dev/null +++ b/terraform/google/backup/data.google_parameter_manager_regional_parameters.tf @@ -0,0 +1,7 @@ +data "google_parameter_manager_regional_parameters" "pike" { + location = "us-central1" +} + +output "google_parameter_manager_regional_parameters" { + value = data.google_parameter_manager_regional_parameters.pike +} diff --git a/terraform/google/backup/data.google_privateca_ca_pool_iam_policy.tf b/terraform/google/backup/data.google_privateca_ca_pool_iam_policy.tf new file mode 100644 index 00000000..e9cf9e53 --- /dev/null +++ b/terraform/google/backup/data.google_privateca_ca_pool_iam_policy.tf @@ -0,0 +1,20 @@ +data "google_privateca_ca_pool_iam_policy" "pike" { + ca_pool = google_privateca_ca_pool.default.id +} + +output "google_privateca_ca_pool_iam_policy" { + value = data.google_privateca_ca_pool_iam_policy.pike +} + +resource "google_privateca_ca_pool" "default" { + name = "my-pool" + location = "us-central1" + tier = "ENTERPRISE" + publishing_options { + publish_ca_cert = true + publish_crl = true + } + labels = { + foo = "bar" + } +} diff --git a/terraform/google/backup/data.google_privateca_certificate_authority.tf b/terraform/google/backup/data.google_privateca_certificate_authority.tf new file mode 100644 index 00000000..3ce5aba5 --- /dev/null +++ b/terraform/google/backup/data.google_privateca_certificate_authority.tf @@ -0,0 +1,9 @@ +data "google_privateca_certificate_authority" "pike" { + location = "us-central1" + pool = "pool-name" + certificate_authority_id = "ca-id" +} + +output "google_privateca_certificate_authority" { + value = data.google_privateca_certificate_authority.pike +} diff --git a/terraform/google/backup/data.google_privateca_certificate_template_iam_policy.tf b/terraform/google/backup/data.google_privateca_certificate_template_iam_policy.tf new file mode 100644 index 00000000..aba5cc65 --- /dev/null +++ b/terraform/google/backup/data.google_privateca_certificate_template_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_privateca_certificate_template_iam_policy" "pike" { + certificate_template = google_privateca_certificate_template.default.id +} + +output "google_privateca_certificate_template_iam_policy" { + value = data.google_privateca_certificate_template_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_privileged_access_manager_entitlement.tf b/terraform/google/backup/data.google_privileged_access_manager_entitlement.tf new file mode 100644 index 00000000..3da2fad7 --- /dev/null +++ b/terraform/google/backup/data.google_privileged_access_manager_entitlement.tf @@ -0,0 +1,12 @@ +data "google_privileged_access_manager_entitlement" "pike" { + parent = "projects/pike" + location = "global" + entitlement_id = "my-entitlement" + depends_on = [ + google_privileged_access_manager_entitlement.entitlement + ] +} + +output "google_privileged_access_manager_entitlement" { + value = data.google_privileged_access_manager_entitlement.pike +} diff --git a/terraform/google/backup/data.google_project_ancestry.tf b/terraform/google/backup/data.google_project_ancestry.tf new file mode 100644 index 00000000..ed3a559f --- /dev/null +++ b/terraform/google/backup/data.google_project_ancestry.tf @@ -0,0 +1,6 @@ +data "google_project_ancestry" "pike" { +} + +output "google_project_ancestry" { + value = data.google_project_ancestry.pike +} diff --git a/terraform/google/backup/data.google_project_iam_custom_role.tf b/terraform/google/backup/data.google_project_iam_custom_role.tf new file mode 100644 index 00000000..ec005668 --- /dev/null +++ b/terraform/google/backup/data.google_project_iam_custom_role.tf @@ -0,0 +1,7 @@ +data "google_project_iam_custom_role" "pike" { + role_id = "terraform_pike" +} + +output "google_project_iam_custom_role" { + value = data.google_project_iam_custom_role.pike +} diff --git a/terraform/google/backup/data.google_project_iam_custom_roles.tf b/terraform/google/backup/data.google_project_iam_custom_roles.tf new file mode 100644 index 00000000..2e2bfcec --- /dev/null +++ b/terraform/google/backup/data.google_project_iam_custom_roles.tf @@ -0,0 +1,7 @@ +data "google_project_iam_custom_roles" "pike" { + +} + +output "google_project_iam_custom_roles" { + value = data.google_project_iam_custom_roles.pike +} diff --git a/terraform/google/backup/data.google_project_iam_policy.tf b/terraform/google/backup/data.google_project_iam_policy.tf new file mode 100644 index 00000000..27cdad00 --- /dev/null +++ b/terraform/google/backup/data.google_project_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_project_iam_policy" "pike" { +} + +output "google_project_iam_policy" { + value = data.google_project_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_project_organization_policy.tf b/terraform/google/backup/data.google_project_organization_policy.tf new file mode 100644 index 00000000..0264539a --- /dev/null +++ b/terraform/google/backup/data.google_project_organization_policy.tf @@ -0,0 +1,6 @@ +data "google_project_organization_policy" "pike" { +} + +output "google_project_organization_policy" { + value = data.google_project_organization_policy.pike +} diff --git a/terraform/google/backup/data.google_pubsub_schema_iam_policy.tf b/terraform/google/backup/data.google_pubsub_schema_iam_policy.tf new file mode 100644 index 00000000..1f53da43 --- /dev/null +++ b/terraform/google/backup/data.google_pubsub_schema_iam_policy.tf @@ -0,0 +1,13 @@ +data "google_pubsub_schema_iam_policy" "pike" { + schema = google_pubsub_schema.example.id +} + +output "google_pubsub_schema_iam_policy" { + value = data.google_pubsub_schema_iam_policy.pike +} + +resource "google_pubsub_schema" "example" { + name = "example-schema" + type = "AVRO" + definition = "{\n \"type\" : \"record\",\n \"name\" : \"Avro\",\n \"fields\" : [\n {\n \"name\" : \"StringField\",\n \"type\" : \"string\"\n },\n {\n \"name\" : \"IntField\",\n \"type\" : \"int\"\n }\n ]\n}\n" +} diff --git a/terraform/google/backup/data.google_redis_cluster.tf b/terraform/google/backup/data.google_redis_cluster.tf new file mode 100644 index 00000000..7ac07fff --- /dev/null +++ b/terraform/google/backup/data.google_redis_cluster.tf @@ -0,0 +1,6 @@ +data "google_redis_cluster" "pike" { +} + +output "google_redis_cluster" { + value = data.google_redis_cluster.pike +} diff --git a/terraform/google/backup/data.google_runtimeconfig_config.tf b/terraform/google/backup/data.google_runtimeconfig_config.tf new file mode 100644 index 00000000..b9a56dc8 --- /dev/null +++ b/terraform/google/backup/data.google_runtimeconfig_config.tf @@ -0,0 +1,6 @@ +data "google_runtimeconfig_config" "pike" { +} + +output "google_runtimeconfig_config" { + value = data.google_runtimeconfig_config.pike +} diff --git a/terraform/google/backup/data.google_runtimeconfig_config_iam_policy.tf b/terraform/google/backup/data.google_runtimeconfig_config_iam_policy.tf new file mode 100644 index 00000000..152695b7 --- /dev/null +++ b/terraform/google/backup/data.google_runtimeconfig_config_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_runtimeconfig_config_iam_policy" "pike" { +} + +output "google_runtimeconfig_config_iam_policy" { + value = data.google_runtimeconfig_config_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_runtimeconfig_variable.tf b/terraform/google/backup/data.google_runtimeconfig_variable.tf new file mode 100644 index 00000000..99b31f5a --- /dev/null +++ b/terraform/google/backup/data.google_runtimeconfig_variable.tf @@ -0,0 +1,6 @@ +data "google_runtimeconfig_variable" "pike" { +} + +output "google_runtimeconfig_variable" { + value = data.google_runtimeconfig_variable.pike +} diff --git a/terraform/google/backup/data.google_scc_source_iam_policy.tf b/terraform/google/backup/data.google_scc_source_iam_policy.tf new file mode 100644 index 00000000..3bf30d91 --- /dev/null +++ b/terraform/google/backup/data.google_scc_source_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_scc_source_iam_policy" "pike" { +} + +output "google_scc_source_iam_policy" { + value = data.google_scc_source_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_scc_v2_organization_source_iam_policy.tf b/terraform/google/backup/data.google_scc_v2_organization_source_iam_policy.tf new file mode 100644 index 00000000..e69508b4 --- /dev/null +++ b/terraform/google/backup/data.google_scc_v2_organization_source_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_scc_v2_organization_source_iam_policy" "pike" { +} + +output "google_scc_v2_organization_source_iam_policy" { + value = data.google_scc_v2_organization_source_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_secret_manager_regional_secret.tf b/terraform/google/backup/data.google_secret_manager_regional_secret.tf new file mode 100644 index 00000000..8912e3f0 --- /dev/null +++ b/terraform/google/backup/data.google_secret_manager_regional_secret.tf @@ -0,0 +1,8 @@ +data "google_secret_manager_regional_secret" "pike" { + location = "us-central1" + secret_id = "secretname" +} + +output "google_secret_manager_regional_secret" { + value = data.google_secret_manager_regional_secret.pike +} diff --git a/terraform/google/backup/data.google_secret_manager_regional_secret_iam_policy.tf b/terraform/google/backup/data.google_secret_manager_regional_secret_iam_policy.tf new file mode 100644 index 00000000..99690860 --- /dev/null +++ b/terraform/google/backup/data.google_secret_manager_regional_secret_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_secret_manager_regional_secret_iam_policy" "pike" { + secret_id = "secretname" +} + +output "google_secret_manager_regional_secret_iam_policy" { + value = data.google_secret_manager_regional_secret_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_secret_manager_regional_secret_version.tf b/terraform/google/backup/data.google_secret_manager_regional_secret_version.tf new file mode 100644 index 00000000..3dd10c52 --- /dev/null +++ b/terraform/google/backup/data.google_secret_manager_regional_secret_version.tf @@ -0,0 +1,8 @@ +data "google_secret_manager_regional_secret_version" "pike" { + secret = "my-secret" + location = "us-central1" +} + +output "google_secret_manager_regional_secret_version" { + value = data.google_secret_manager_regional_secret_version.pike +} diff --git a/terraform/google/backup/data.google_secret_manager_regional_secret_version_access.tf b/terraform/google/backup/data.google_secret_manager_regional_secret_version_access.tf new file mode 100644 index 00000000..c999fb63 --- /dev/null +++ b/terraform/google/backup/data.google_secret_manager_regional_secret_version_access.tf @@ -0,0 +1,8 @@ +data "google_secret_manager_regional_secret_version_access" "pike" { + secret = "my-secret" + location = "us-central1" +} + +output "google_secret_manager_regional_secret_version_access" { + value = data.google_secret_manager_regional_secret_version_access.pike +} diff --git a/terraform/google/backup/data.google_secret_manager_regional_secrets.tf b/terraform/google/backup/data.google_secret_manager_regional_secrets.tf new file mode 100644 index 00000000..d8b5bd1a --- /dev/null +++ b/terraform/google/backup/data.google_secret_manager_regional_secrets.tf @@ -0,0 +1,7 @@ +data "google_secret_manager_regional_secrets" "pike" { + location = "us-central1" +} + +output "google_secret_manager_regional_secrets" { + value = data.google_secret_manager_regional_secrets.pike +} diff --git a/terraform/google/backup/data.google_secure_source_manager_instance_iam_policy.tf b/terraform/google/backup/data.google_secure_source_manager_instance_iam_policy.tf new file mode 100644 index 00000000..d01a38d8 --- /dev/null +++ b/terraform/google/backup/data.google_secure_source_manager_instance_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_secure_source_manager_instance_iam_policy" "pike" { +} + +output "google_secure_source_manager_instance_iam_policy" { + value = data.google_secure_source_manager_instance_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_secure_source_manager_repository_iam_policy.tf b/terraform/google/backup/data.google_secure_source_manager_repository_iam_policy.tf new file mode 100644 index 00000000..ad6135a4 --- /dev/null +++ b/terraform/google/backup/data.google_secure_source_manager_repository_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_secure_source_manager_repository_iam_policy" "pike" { +} + +output "google_secure_source_manager_repository_iam_policy" { + value = data.google_secure_source_manager_repository_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_service_accounts.tf b/terraform/google/backup/data.google_service_accounts.tf new file mode 100644 index 00000000..55f4038f --- /dev/null +++ b/terraform/google/backup/data.google_service_accounts.tf @@ -0,0 +1,6 @@ +data "google_service_accounts" "pike" { +} + +output "google_service_accounts" { + value = data.google_service_accounts.pike +} diff --git a/terraform/google/backup/data.google_site_verification_token.tf b/terraform/google/backup/data.google_site_verification_token.tf new file mode 100644 index 00000000..f3ad7ed2 --- /dev/null +++ b/terraform/google/backup/data.google_site_verification_token.tf @@ -0,0 +1,6 @@ +# data "google_site_verification_token" "pike" { +# } +# +# output "google_site_verification_token" { +# value = data.google_site_verification_token.pike +# } diff --git a/terraform/google/backup/data.google_spanner_database.tf b/terraform/google/backup/data.google_spanner_database.tf new file mode 100644 index 00000000..fbe1b898 --- /dev/null +++ b/terraform/google/backup/data.google_spanner_database.tf @@ -0,0 +1,8 @@ +data "google_spanner_database" "pike" { + instance = "pike" + name = "pike" +} + +output "google_spanner_database" { + value = data.google_spanner_database.pike +} diff --git a/terraform/google/backup/data.google_storage_bucket_objects.tf b/terraform/google/backup/data.google_storage_bucket_objects.tf new file mode 100644 index 00000000..7b93e4d9 --- /dev/null +++ b/terraform/google/backup/data.google_storage_bucket_objects.tf @@ -0,0 +1,7 @@ +data "google_storage_bucket_objects" "pike" { + bucket = "stuffidontwanttoshare" +} + +output "google_storage_bucket_objects" { + value = data.google_storage_bucket_objects.pike +} diff --git a/terraform/google/backup/data.google_storage_buckets.tf b/terraform/google/backup/data.google_storage_buckets.tf new file mode 100644 index 00000000..05516a84 --- /dev/null +++ b/terraform/google/backup/data.google_storage_buckets.tf @@ -0,0 +1,6 @@ +data "google_storage_buckets" "pike" { +} + +output "google_storage_buckets" { + value = data.google_storage_buckets.pike +} diff --git a/terraform/google/backup/data.google_storage_control_folder_intelligence_config.tf b/terraform/google/backup/data.google_storage_control_folder_intelligence_config.tf new file mode 100644 index 00000000..35bce2cc --- /dev/null +++ b/terraform/google/backup/data.google_storage_control_folder_intelligence_config.tf @@ -0,0 +1,7 @@ +data "google_storage_control_folder_intelligence_config" "pike" { + name = "pike-412922" +} + +output "google_storage_control_folder_intelligence_config" { + value = data.google_storage_control_folder_intelligence_config.pike +} diff --git a/terraform/google/backup/data.google_storage_control_organization_intelligence_config.tf b/terraform/google/backup/data.google_storage_control_organization_intelligence_config.tf new file mode 100644 index 00000000..78b5d285 --- /dev/null +++ b/terraform/google/backup/data.google_storage_control_organization_intelligence_config.tf @@ -0,0 +1,7 @@ +data "google_storage_control_organization_intelligence_config" "pike" { + name = "pike-412922" +} + +output "google_storage_control_organization_intelligence_config" { + value = data.google_storage_control_organization_intelligence_config.pike +} diff --git a/terraform/google/backup/data.google_storage_control_project_intelligence_config.tf b/terraform/google/backup/data.google_storage_control_project_intelligence_config.tf new file mode 100644 index 00000000..3fd111a0 --- /dev/null +++ b/terraform/google/backup/data.google_storage_control_project_intelligence_config.tf @@ -0,0 +1,7 @@ +data "google_storage_control_project_intelligence_config" "pike" { + name = "pike-412922" +} + +output "google_storage_control_project_intelligence_config" { + value = data.google_storage_control_project_intelligence_config.pike +} diff --git a/terraform/google/backup/data.google_storage_insights_dataset_config.tf b/terraform/google/backup/data.google_storage_insights_dataset_config.tf new file mode 100644 index 00000000..da26351e --- /dev/null +++ b/terraform/google/backup/data.google_storage_insights_dataset_config.tf @@ -0,0 +1,6 @@ +data "google_storage_insights_dataset_config" "pike" { +} + +output "google_storage_insights_dataset_config" { + value = data.google_storage_insights_dataset_config.pike +} diff --git a/terraform/google/backup/data.google_tags_tag_key_iam_policy.tf b/terraform/google/backup/data.google_tags_tag_key_iam_policy.tf new file mode 100644 index 00000000..a594c2f3 --- /dev/null +++ b/terraform/google/backup/data.google_tags_tag_key_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_tags_tag_key_iam_policy" "pike" { +} + +output "google_tags_tag_key_iam_policy" { + value = data.google_tags_tag_key_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_tags_tag_keys.tf b/terraform/google/backup/data.google_tags_tag_keys.tf new file mode 100644 index 00000000..ecb79935 --- /dev/null +++ b/terraform/google/backup/data.google_tags_tag_keys.tf @@ -0,0 +1,6 @@ +data "google_tags_tag_keys" "pike" { +} + +output "google_tags_tag_keys" { + value = data.google_tags_tag_keys.pike +} diff --git a/terraform/google/backup/data.google_tags_tag_value.tf b/terraform/google/backup/data.google_tags_tag_value.tf new file mode 100644 index 00000000..f34008e9 --- /dev/null +++ b/terraform/google/backup/data.google_tags_tag_value.tf @@ -0,0 +1,6 @@ +data "google_tags_tag_value" "pike" { +} + +output "google_tags_tag_value" { + value = data.google_tags_tag_value.pike +} diff --git a/terraform/google/backup/data.google_tags_tag_value_iam_policy.tf b/terraform/google/backup/data.google_tags_tag_value_iam_policy.tf new file mode 100644 index 00000000..129269b9 --- /dev/null +++ b/terraform/google/backup/data.google_tags_tag_value_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_tags_tag_value_iam_policy" "pike" { +} + +output "google_tags_tag_value_iam_policy" { + value = data.google_tags_tag_value_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_tags_tag_values.tf b/terraform/google/backup/data.google_tags_tag_values.tf new file mode 100644 index 00000000..45a02c22 --- /dev/null +++ b/terraform/google/backup/data.google_tags_tag_values.tf @@ -0,0 +1,6 @@ +data "google_tags_tag_values" "pike" { +} + +output "google_tags_tag_values" { + value = data.google_tags_tag_values.pike +} diff --git a/terraform/google/backup/data.google_vertex_ai_feature_group_iam_policy.tf b/terraform/google/backup/data.google_vertex_ai_feature_group_iam_policy.tf new file mode 100644 index 00000000..29ec7e63 --- /dev/null +++ b/terraform/google/backup/data.google_vertex_ai_feature_group_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_vertex_ai_feature_group_iam_policy" "pike" { +} + +output "google_vertex_ai_feature_group_iam_policy" { + value = data.google_vertex_ai_feature_group_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_vertex_ai_feature_online_store_featureview_iam_policy.tf b/terraform/google/backup/data.google_vertex_ai_feature_online_store_featureview_iam_policy.tf new file mode 100644 index 00000000..5e86a9c1 --- /dev/null +++ b/terraform/google/backup/data.google_vertex_ai_feature_online_store_featureview_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_vertex_ai_feature_online_store_featureview_iam_policy" "pike" { +} + +output "google_vertex_ai_feature_online_store_featureview_iam_policy" { + value = data.google_vertex_ai_feature_online_store_featureview_iam_policy.pike +} diff --git a/terraform/google/backup/data.google_vertex_ai_feature_online_store_iam_policy.tf b/terraform/google/backup/data.google_vertex_ai_feature_online_store_iam_policy.tf new file mode 100644 index 00000000..50952676 --- /dev/null +++ b/terraform/google/backup/data.google_vertex_ai_feature_online_store_iam_policy.tf @@ -0,0 +1,6 @@ +data "google_vertex_ai_feature_online_store_iam_policy" "pike" { +} + +output "google_vertex_ai_feature_online_store_iam_policy" { + value = data.google_vertex_ai_feature_online_store_iam_policy.pike +} diff --git a/terraform/google/backup/duff/data.google_access_context_manager_access_policy.tf b/terraform/google/backup/duff/data.google_access_context_manager_access_policy.tf new file mode 100644 index 00000000..1041e098 --- /dev/null +++ b/terraform/google/backup/duff/data.google_access_context_manager_access_policy.tf @@ -0,0 +1,7 @@ +data "google_access_context_manager_access_policy" "pike" { + parent = "organizations/213434" +} + +output "google_access_context_manager_access_policy" { + value = data.google_access_context_manager_access_policy.pike +} diff --git a/terraform/google/backup/duff/data.google_cloud_identity_group_transitive_memberships.tf b/terraform/google/backup/duff/data.google_cloud_identity_group_transitive_memberships.tf new file mode 100644 index 00000000..f63e3326 --- /dev/null +++ b/terraform/google/backup/duff/data.google_cloud_identity_group_transitive_memberships.tf @@ -0,0 +1,7 @@ +data "google_cloud_identity_group_transitive_memberships" "pike" { + group = "groups/123eab45c6defghi" +} + +output "google_cloud_identity_group_transitive_memberships" { + value = data.google_cloud_identity_group_transitive_memberships.pike +} diff --git a/terraform/google/duff/data.google_container_attached_install_manifest.tf b/terraform/google/backup/duff/data.google_container_attached_install_manifest.tf similarity index 100% rename from terraform/google/duff/data.google_container_attached_install_manifest.tf rename to terraform/google/backup/duff/data.google_container_attached_install_manifest.tf diff --git a/terraform/google/duff/data.google_container_aws_versions.tf b/terraform/google/backup/duff/data.google_container_aws_versions.tf similarity index 100% rename from terraform/google/duff/data.google_container_aws_versions.tf rename to terraform/google/backup/duff/data.google_container_aws_versions.tf diff --git a/terraform/google/duff/data.google_container_azure_versions.tf b/terraform/google/backup/duff/data.google_container_azure_versions.tf similarity index 100% rename from terraform/google/duff/data.google_container_azure_versions.tf rename to terraform/google/backup/duff/data.google_container_azure_versions.tf diff --git a/terraform/google/duff/data.google_dataform_repository_iam_policy.tf b/terraform/google/backup/duff/data.google_dataform_repository_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_dataform_repository_iam_policy.tf rename to terraform/google/backup/duff/data.google_dataform_repository_iam_policy.tf diff --git a/terraform/google/backup/duff/data.google_dns_managed_zones.tf b/terraform/google/backup/duff/data.google_dns_managed_zones.tf new file mode 100644 index 00000000..816ed4bb --- /dev/null +++ b/terraform/google/backup/duff/data.google_dns_managed_zones.tf @@ -0,0 +1,7 @@ +data "google_dns_managed_zones" "pike" { + # project="pike-412922" +} + +output "google_dns_managed_zones" { + value = data.google_dns_managed_zones.pike +} diff --git a/terraform/google/duff/data.google_endpoints_service_iam_policy.tf b/terraform/google/backup/duff/data.google_endpoints_service_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_endpoints_service_iam_policy.tf rename to terraform/google/backup/duff/data.google_endpoints_service_iam_policy.tf diff --git a/terraform/google/duff/data.google_firebase_web_app_config.tf b/terraform/google/backup/duff/data.google_firebase_web_app_config.tf similarity index 100% rename from terraform/google/duff/data.google_firebase_web_app_config.tf rename to terraform/google/backup/duff/data.google_firebase_web_app_config.tf diff --git a/terraform/google/duff/data.google_organization_iam_policy.tf b/terraform/google/backup/duff/data.google_organization_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_organization_iam_policy.tf rename to terraform/google/backup/duff/data.google_organization_iam_policy.tf diff --git a/terraform/google/duff/data.google_privateca_ca_pool_iam_policy.tf b/terraform/google/backup/duff/data.google_privateca_ca_pool_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_privateca_ca_pool_iam_policy.tf rename to terraform/google/backup/duff/data.google_privateca_ca_pool_iam_policy.tf diff --git a/terraform/google/duff/data.google_privateca_certificate_authority.tf b/terraform/google/backup/duff/data.google_privateca_certificate_authority.tf similarity index 100% rename from terraform/google/duff/data.google_privateca_certificate_authority.tf rename to terraform/google/backup/duff/data.google_privateca_certificate_authority.tf diff --git a/terraform/google/duff/data.google_privateca_certificate_template_iam_policy.tf b/terraform/google/backup/duff/data.google_privateca_certificate_template_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_privateca_certificate_template_iam_policy.tf rename to terraform/google/backup/duff/data.google_privateca_certificate_template_iam_policy.tf diff --git a/terraform/google/backup/duff/data.google_project_ancestry.tf b/terraform/google/backup/duff/data.google_project_ancestry.tf new file mode 100644 index 00000000..ed3a559f --- /dev/null +++ b/terraform/google/backup/duff/data.google_project_ancestry.tf @@ -0,0 +1,6 @@ +data "google_project_ancestry" "pike" { +} + +output "google_project_ancestry" { + value = data.google_project_ancestry.pike +} diff --git a/terraform/google/duff/data.google_project_iam_policy.tf b/terraform/google/backup/duff/data.google_project_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_project_iam_policy.tf rename to terraform/google/backup/duff/data.google_project_iam_policy.tf diff --git a/terraform/google/duff/data.google_project_organization_policy.tf b/terraform/google/backup/duff/data.google_project_organization_policy.tf similarity index 100% rename from terraform/google/duff/data.google_project_organization_policy.tf rename to terraform/google/backup/duff/data.google_project_organization_policy.tf diff --git a/terraform/google/duff/data.google_pubsub_schema_iam_policy.tf b/terraform/google/backup/duff/data.google_pubsub_schema_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_pubsub_schema_iam_policy.tf rename to terraform/google/backup/duff/data.google_pubsub_schema_iam_policy.tf diff --git a/terraform/google/duff/data.google_runtimeconfig_config.tf b/terraform/google/backup/duff/data.google_runtimeconfig_config.tf similarity index 100% rename from terraform/google/duff/data.google_runtimeconfig_config.tf rename to terraform/google/backup/duff/data.google_runtimeconfig_config.tf diff --git a/terraform/google/duff/data.google_runtimeconfig_config_iam_policy.tf b/terraform/google/backup/duff/data.google_runtimeconfig_config_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_runtimeconfig_config_iam_policy.tf rename to terraform/google/backup/duff/data.google_runtimeconfig_config_iam_policy.tf diff --git a/terraform/google/duff/data.google_runtimeconfig_variable.tf b/terraform/google/backup/duff/data.google_runtimeconfig_variable.tf similarity index 100% rename from terraform/google/duff/data.google_runtimeconfig_variable.tf rename to terraform/google/backup/duff/data.google_runtimeconfig_variable.tf diff --git a/terraform/google/backup/duff/data.google_scc_v2_organization_source_iam_policy.tf b/terraform/google/backup/duff/data.google_scc_v2_organization_source_iam_policy.tf new file mode 100644 index 00000000..0d3bb921 --- /dev/null +++ b/terraform/google/backup/duff/data.google_scc_v2_organization_source_iam_policy.tf @@ -0,0 +1,8 @@ +data "google_scc_v2_organization_source_iam_policy" "pike" { + source = google_scc_v2_organization_source.custom_source.name + organization = "pike" +} + +output "google_scc_v2_organization_source_iam_policy" { + value = data.google_scc_v2_organization_source_iam_policy.pike +} diff --git a/terraform/google/backup/duff/data.google_secure_source_manager_instance_iam_policy.tf b/terraform/google/backup/duff/data.google_secure_source_manager_instance_iam_policy.tf new file mode 100644 index 00000000..eb031cea --- /dev/null +++ b/terraform/google/backup/duff/data.google_secure_source_manager_instance_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_secure_source_manager_instance_iam_policy" "pike" { + instance_id = "pike" +} + +output "google_secure_source_manager_instance_iam_policy" { + value = data.google_secure_source_manager_instance_iam_policy.pike +} diff --git a/terraform/google/backup/duff/data.google_secure_source_manager_repository_iam_policy.tf b/terraform/google/backup/duff/data.google_secure_source_manager_repository_iam_policy.tf new file mode 100644 index 00000000..b67da1cf --- /dev/null +++ b/terraform/google/backup/duff/data.google_secure_source_manager_repository_iam_policy.tf @@ -0,0 +1,7 @@ +data "google_secure_source_manager_repository_iam_policy" "pike" { + repository_id = "pike" +} + +output "google_secure_source_manager_repository_iam_policy" { + value = data.google_secure_source_manager_repository_iam_policy.pike +} diff --git a/terraform/google/backup/duff/data.google_site_verification_token.tf b/terraform/google/backup/duff/data.google_site_verification_token.tf new file mode 100644 index 00000000..00dc1253 --- /dev/null +++ b/terraform/google/backup/duff/data.google_site_verification_token.tf @@ -0,0 +1,9 @@ +data "google_site_verification_token" "pike" { + type = "SITE" + verification_method = "META" + identifier = "https://www.example.com" +} + +output "google_site_verification_token" { + value = data.google_site_verification_token.pike +} diff --git a/terraform/google/backup/duff/data.google_storage_control_folder_intelligence_config.tf b/terraform/google/backup/duff/data.google_storage_control_folder_intelligence_config.tf new file mode 100644 index 00000000..1bef46cf --- /dev/null +++ b/terraform/google/backup/duff/data.google_storage_control_folder_intelligence_config.tf @@ -0,0 +1,7 @@ +data "google_storage_control_folder_intelligence_config" "pike" { + name = "pike" +} + +output "google_storage_control_folder_intelligence_config" { + value = data.google_storage_control_folder_intelligence_config.pike +} diff --git a/terraform/google/backup/duff/data.google_storage_control_organization_intelligence_config.tf b/terraform/google/backup/duff/data.google_storage_control_organization_intelligence_config.tf new file mode 100644 index 00000000..e8b06afd --- /dev/null +++ b/terraform/google/backup/duff/data.google_storage_control_organization_intelligence_config.tf @@ -0,0 +1,7 @@ +data "google_storage_control_organization_intelligence_config" "pike" { + name = "pike" +} + +output "google_storage_control_organization_intelligence_config" { + value = data.google_storage_control_organization_intelligence_config.pike +} diff --git a/terraform/google/backup/duff/data.google_storage_control_project_intelligence_config.tf b/terraform/google/backup/duff/data.google_storage_control_project_intelligence_config.tf new file mode 100644 index 00000000..40121bc3 --- /dev/null +++ b/terraform/google/backup/duff/data.google_storage_control_project_intelligence_config.tf @@ -0,0 +1,7 @@ +data "google_storage_control_project_intelligence_config" "pike" { + name = "pike" +} + +output "google_storage_control_project_intelligence_config" { + value = data.google_storage_control_project_intelligence_config.pike +} diff --git a/terraform/google/duff/data.google_tags_tag_key_iam_policy.tf b/terraform/google/backup/duff/data.google_tags_tag_key_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_tags_tag_key_iam_policy.tf rename to terraform/google/backup/duff/data.google_tags_tag_key_iam_policy.tf diff --git a/terraform/google/backup/duff/data.google_tags_tag_keys.tf b/terraform/google/backup/duff/data.google_tags_tag_keys.tf new file mode 100644 index 00000000..e72d1bd0 --- /dev/null +++ b/terraform/google/backup/duff/data.google_tags_tag_keys.tf @@ -0,0 +1,7 @@ +data "google_tags_tag_keys" "pike" { + parent = "pike" +} + +output "google_tags_tag_keys" { + value = data.google_tags_tag_keys.pike +} diff --git a/terraform/google/duff/data.google_tags_tag_value.tf b/terraform/google/backup/duff/data.google_tags_tag_value.tf similarity index 100% rename from terraform/google/duff/data.google_tags_tag_value.tf rename to terraform/google/backup/duff/data.google_tags_tag_value.tf diff --git a/terraform/google/duff/data.google_tags_tag_value_iam_policy.tf b/terraform/google/backup/duff/data.google_tags_tag_value_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_tags_tag_value_iam_policy.tf rename to terraform/google/backup/duff/data.google_tags_tag_value_iam_policy.tf diff --git a/terraform/google/backup/duff/data.google_tags_tag_values.tf b/terraform/google/backup/duff/data.google_tags_tag_values.tf new file mode 100644 index 00000000..55c985be --- /dev/null +++ b/terraform/google/backup/duff/data.google_tags_tag_values.tf @@ -0,0 +1,7 @@ +data "google_tags_tag_values" "pike" { + parent = "pike" +} + +output "google_tags_tag_values" { + value = data.google_tags_tag_values.pike +} diff --git a/terraform/google/duff/data.google_vertex_ai_endpoint_iam_policy.tf b/terraform/google/backup/duff/data.google_vertex_ai_endpoint_iam_policy.tf similarity index 100% rename from terraform/google/duff/data.google_vertex_ai_endpoint_iam_policy.tf rename to terraform/google/backup/duff/data.google_vertex_ai_endpoint_iam_policy.tf diff --git a/terraform/google/backup/duff/google_billing_account_iam_binding.tf b/terraform/google/backup/duff/google_billing_account_iam_binding.tf new file mode 100644 index 00000000..8cea6880 --- /dev/null +++ b/terraform/google/backup/duff/google_billing_account_iam_binding.tf @@ -0,0 +1 @@ +# resource "google_billing_account_iam_binding" "pike" {} diff --git a/terraform/google/backup/duff/google_billing_account_iam_member.tf b/terraform/google/backup/duff/google_billing_account_iam_member.tf new file mode 100644 index 00000000..2f39ba5e --- /dev/null +++ b/terraform/google/backup/duff/google_billing_account_iam_member.tf @@ -0,0 +1,5 @@ +# resource "google_billing_account_iam_member" "pike" { +# billing_account_id = data.google_billing_account.pike.id +# role = "roles/billing.user" +# member = "user:james.woolfenden@gmail.com" +# } diff --git a/terraform/google/backup/duff/google_billing_account_iam_policy.tf b/terraform/google/backup/duff/google_billing_account_iam_policy.tf new file mode 100644 index 00000000..23bbc08e --- /dev/null +++ b/terraform/google/backup/duff/google_billing_account_iam_policy.tf @@ -0,0 +1 @@ +# resource "google_billing_account_iam_policy" "pike" {} diff --git a/terraform/google/backup/duff/google_billing_budget.tf b/terraform/google/backup/duff/google_billing_budget.tf new file mode 100644 index 00000000..6be61945 --- /dev/null +++ b/terraform/google/backup/duff/google_billing_budget.tf @@ -0,0 +1,18 @@ +resource "google_billing_budget" "pike" { + billing_account = data.google_billing_account.pike.id + display_name = "Example Billing Budget" + amount { + specified_amount { + currency_code = "USD" + units = "100000" + } + } + threshold_rules { + threshold_percent = 0.5 + } +} + + +data "google_billing_account" "pike" { + billing_account = "013ED3-8B24F6-725D7E" +} diff --git a/terraform/google/backup/duff/google_billing_project_info.tf b/terraform/google/backup/duff/google_billing_project_info.tf new file mode 100644 index 00000000..4dc05cc0 --- /dev/null +++ b/terraform/google/backup/duff/google_billing_project_info.tf @@ -0,0 +1,9 @@ +# resource "google_billing_project_info" "pike" { +# # deletion_policy = "DELETE" +# billing_account = data.google_billing_account.pike.id +# +# +# lifecycle { +# ignore_changes = [billing_account] +# } +# } diff --git a/terraform/google/backup/duff/google_billing_subaccount.tf b/terraform/google/backup/duff/google_billing_subaccount.tf new file mode 100644 index 00000000..97575ca2 --- /dev/null +++ b/terraform/google/backup/duff/google_billing_subaccount.tf @@ -0,0 +1,4 @@ +# resource "google_billing_subaccount" "pike" { +# display_name = "My Billing Account" +# master_billing_account = data.google_billing_account.pike.id +# } diff --git a/terraform/google/backup/duff/google_project.tf b/terraform/google/backup/duff/google_project.tf new file mode 100644 index 00000000..013af218 --- /dev/null +++ b/terraform/google/backup/duff/google_project.tf @@ -0,0 +1,4 @@ +resource "google_project" "pike" { + name = "temp-project" + project_id = "temp-project" +} diff --git a/terraform/google/backup/duff/google_project_access_approval_settings.tf b/terraform/google/backup/duff/google_project_access_approval_settings.tf new file mode 100644 index 00000000..c43e2878 --- /dev/null +++ b/terraform/google/backup/duff/google_project_access_approval_settings.tf @@ -0,0 +1,9 @@ +resource "google_project_access_approval_settings" "pike" { + project_id = "pike-412922" + notification_emails = ["james.woolfenden@gmail.com"] + + enrolled_services { + cloud_product = "all" + enrollment_level = "BLOCK_ALL" + } +} diff --git a/terraform/google/backup/duff/google_project_iam_member_remove.tf b/terraform/google/backup/duff/google_project_iam_member_remove.tf new file mode 100644 index 00000000..44c7e509 --- /dev/null +++ b/terraform/google/backup/duff/google_project_iam_member_remove.tf @@ -0,0 +1,5 @@ +resource "google_project_iam_member_remove" "foo" { + role = "roles/editor" + project = "pike-412922" + member = "serviceAccount:dumbass@developer.gserviceaccount.com" +} diff --git a/terraform/google/backup/duff/google_project_organization_policy.tf b/terraform/google/backup/duff/google_project_organization_policy.tf new file mode 100644 index 00000000..17639828 --- /dev/null +++ b/terraform/google/backup/duff/google_project_organization_policy.tf @@ -0,0 +1,16 @@ +resource "google_project_organization_policy" "pike" { + resource "google_project_iam_policy" "project" { + project = "your-project-id" + policy_data = data.google_iam_policy.admin.policy_data + } + + data "google_iam_policy" "admin" { + binding { + role = "roles/editor" + + members = [ + "user:james.woolfenden@gmail.com", + ] + } + } +} diff --git a/terraform/google/backup/google_access_context_manager_service_perimeters.tf b/terraform/google/backup/google_access_context_manager_service_perimeters.tf index c74ddfc2..95bf3c5e 100644 --- a/terraform/google/backup/google_access_context_manager_service_perimeters.tf +++ b/terraform/google/backup/google_access_context_manager_service_perimeters.tf @@ -17,3 +17,13 @@ resource "google_access_context_manager_service_perimeters" "pike" { } } } + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = data.google_organization.this.id + title = "pike" +} + +data "google_organization" "this" { + organization = "12345354" +} diff --git a/terraform/google/backup/google_apigee_environment_iam_binding.tf b/terraform/google/backup/google_apigee_environment_iam_binding.tf new file mode 100644 index 00000000..028b6612 --- /dev/null +++ b/terraform/google/backup/google_apigee_environment_iam_binding.tf @@ -0,0 +1 @@ +resource "google_apigee_environment_iam_binding" "pike" {} diff --git a/terraform/google/backup/google_apigee_environment_iam_member.tf b/terraform/google/backup/google_apigee_environment_iam_member.tf new file mode 100644 index 00000000..45d200a8 --- /dev/null +++ b/terraform/google/backup/google_apigee_environment_iam_member.tf @@ -0,0 +1 @@ +resource "google_apigee_environment_iam_member" "pike" {} diff --git a/terraform/google/backup/google_apigee_environment_iam_policy.tf b/terraform/google/backup/google_apigee_environment_iam_policy.tf new file mode 100644 index 00000000..8cfdbfa1 --- /dev/null +++ b/terraform/google/backup/google_apigee_environment_iam_policy.tf @@ -0,0 +1 @@ +resource "google_apigee_environment_iam_policy" "pike" {} diff --git a/terraform/google/backup/google_apihub_api_hub_instance.tf b/terraform/google/backup/google_apihub_api_hub_instance.tf new file mode 100644 index 00000000..fb52632f --- /dev/null +++ b/terraform/google/backup/google_apihub_api_hub_instance.tf @@ -0,0 +1 @@ +resource "google_apihub_api_hub_instance" "pike" {} diff --git a/terraform/google/backup/google_apihub_curation.tf b/terraform/google/backup/google_apihub_curation.tf new file mode 100644 index 00000000..60d6e0a3 --- /dev/null +++ b/terraform/google/backup/google_apihub_curation.tf @@ -0,0 +1 @@ +resource "google_apihub_curation" "pike" {} diff --git a/terraform/google/backup/google_apihub_host_project_registration.tf b/terraform/google/backup/google_apihub_host_project_registration.tf new file mode 100644 index 00000000..1acfd428 --- /dev/null +++ b/terraform/google/backup/google_apihub_host_project_registration.tf @@ -0,0 +1 @@ +resource "google_apihub_host_project_registration" "pike" {} diff --git a/terraform/google/backup/google_apihub_plugin.tf b/terraform/google/backup/google_apihub_plugin.tf new file mode 100644 index 00000000..2f7b3fbf --- /dev/null +++ b/terraform/google/backup/google_apihub_plugin.tf @@ -0,0 +1 @@ +resource "google_apihub_plugin" "pike" {} diff --git a/terraform/google/backup/google_apihub_plugin_instance.tf b/terraform/google/backup/google_apihub_plugin_instance.tf new file mode 100644 index 00000000..c25f845e --- /dev/null +++ b/terraform/google/backup/google_apihub_plugin_instance.tf @@ -0,0 +1 @@ +resource "google_apihub_plugin_instance" "pike" {} diff --git a/terraform/google/backup/google_apphub_application.tf b/terraform/google/backup/google_apphub_application.tf new file mode 100644 index 00000000..cd723284 --- /dev/null +++ b/terraform/google/backup/google_apphub_application.tf @@ -0,0 +1 @@ +resource "google_apphub_application" "pike" {} diff --git a/terraform/google/backup/google_apphub_service.tf b/terraform/google/backup/google_apphub_service.tf new file mode 100644 index 00000000..c47a543b --- /dev/null +++ b/terraform/google/backup/google_apphub_service.tf @@ -0,0 +1 @@ +resource "google_apphub_service" "pike" {} diff --git a/terraform/google/backup/google_apphub_service_project_attachment.tf b/terraform/google/backup/google_apphub_service_project_attachment.tf new file mode 100644 index 00000000..45ded036 --- /dev/null +++ b/terraform/google/backup/google_apphub_service_project_attachment.tf @@ -0,0 +1 @@ +resource "google_apphub_service_project_attachment" "pike" {} diff --git a/terraform/google/backup/google_apphub_workload.tf b/terraform/google/backup/google_apphub_workload.tf new file mode 100644 index 00000000..ec6572d1 --- /dev/null +++ b/terraform/google/backup/google_apphub_workload.tf @@ -0,0 +1 @@ +resource "google_apphub_workload" "pike" {} diff --git a/terraform/google/backup/google_backup_dr_backup_plan.tf b/terraform/google/backup/google_backup_dr_backup_plan.tf new file mode 100644 index 00000000..c4926589 --- /dev/null +++ b/terraform/google/backup/google_backup_dr_backup_plan.tf @@ -0,0 +1 @@ +resource "google_backup_dr_backup_plan" "pike" {} diff --git a/terraform/google/backup/google_backup_dr_backup_plan_association.tf b/terraform/google/backup/google_backup_dr_backup_plan_association.tf new file mode 100644 index 00000000..1328ac40 --- /dev/null +++ b/terraform/google/backup/google_backup_dr_backup_plan_association.tf @@ -0,0 +1 @@ +resource "google_backup_dr_backup_plan_association" "pike" {} diff --git a/terraform/google/backup/google_backup_dr_backup_vault.tf b/terraform/google/backup/google_backup_dr_backup_vault.tf new file mode 100644 index 00000000..68a84dbd --- /dev/null +++ b/terraform/google/backup/google_backup_dr_backup_vault.tf @@ -0,0 +1 @@ +resource "google_backup_dr_backup_vault" "pike" {} diff --git a/terraform/google/backup/google_backup_dr_management_server.tf b/terraform/google/backup/google_backup_dr_management_server.tf new file mode 100644 index 00000000..a1270d8e --- /dev/null +++ b/terraform/google/backup/google_backup_dr_management_server.tf @@ -0,0 +1 @@ +resource "google_backup_dr_management_server" "pike" {} diff --git a/terraform/google/backup/google_backup_dr_service_config.tf b/terraform/google/backup/google_backup_dr_service_config.tf new file mode 100644 index 00000000..7a215de2 --- /dev/null +++ b/terraform/google/backup/google_backup_dr_service_config.tf @@ -0,0 +1,4 @@ +resource "google_backup_dr_service_config" "pike" { + location = "us-central1" + resource_type = "compute.googleapis.com/Instance" +} diff --git a/terraform/google/backup/google_beyondcorp_app_connection.tf b/terraform/google/backup/google_beyondcorp_app_connection.tf new file mode 100644 index 00000000..88b50d1e --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_app_connection.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_app_connection" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_app_connector.tf b/terraform/google/backup/google_beyondcorp_app_connector.tf new file mode 100644 index 00000000..1a3b1467 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_app_connector.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_app_connector" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_app_gateway.tf b/terraform/google/backup/google_beyondcorp_app_gateway.tf new file mode 100644 index 00000000..ad92f9e4 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_app_gateway.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_app_gateway" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_application.tf b/terraform/google/backup/google_beyondcorp_application.tf new file mode 100644 index 00000000..0e3144c4 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_application.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_application" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_application_iam_binding.tf b/terraform/google/backup/google_beyondcorp_application_iam_binding.tf new file mode 100644 index 00000000..da5b737b --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_application_iam_binding.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_application_iam_binding" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_application_iam_member.tf b/terraform/google/backup/google_beyondcorp_application_iam_member.tf new file mode 100644 index 00000000..891673e6 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_application_iam_member.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_application_iam_member" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_application_iam_policy.tf b/terraform/google/backup/google_beyondcorp_application_iam_policy.tf new file mode 100644 index 00000000..494c3a2d --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_application_iam_policy.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_application_iam_policy" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway.tf b/terraform/google/backup/google_beyondcorp_security_gateway.tf new file mode 100644 index 00000000..66d42f39 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway_application.tf b/terraform/google/backup/google_beyondcorp_security_gateway_application.tf new file mode 100644 index 00000000..07a53866 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway_application.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway_application" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_binding.tf b/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_binding.tf new file mode 100644 index 00000000..fe762aa0 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_binding.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway_application_iam_binding" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_member.tf b/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_member.tf new file mode 100644 index 00000000..e979cc49 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_member.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway_application_iam_member" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_policy.tf b/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_policy.tf new file mode 100644 index 00000000..51d206fe --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway_application_iam_policy.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway_application_iam_policy" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway_iam_binding.tf b/terraform/google/backup/google_beyondcorp_security_gateway_iam_binding.tf new file mode 100644 index 00000000..e9703043 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway_iam_binding.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway_iam_binding" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway_iam_member.tf b/terraform/google/backup/google_beyondcorp_security_gateway_iam_member.tf new file mode 100644 index 00000000..8366c3a3 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway_iam_member.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway_iam_member" "pike" {} diff --git a/terraform/google/backup/google_beyondcorp_security_gateway_iam_policy.tf b/terraform/google/backup/google_beyondcorp_security_gateway_iam_policy.tf new file mode 100644 index 00000000..da7378c7 --- /dev/null +++ b/terraform/google/backup/google_beyondcorp_security_gateway_iam_policy.tf @@ -0,0 +1 @@ +resource "google_beyondcorp_security_gateway_iam_policy" "pike" {} diff --git a/terraform/google/backup/google_biglake_catalog.tf b/terraform/google/backup/google_biglake_catalog.tf new file mode 100644 index 00000000..b5208111 --- /dev/null +++ b/terraform/google/backup/google_biglake_catalog.tf @@ -0,0 +1,4 @@ +resource "google_biglake_catalog" "pike" { + name = "pike" + location = "europe-west2" +} diff --git a/terraform/google/backup/google_biglake_database.tf b/terraform/google/backup/google_biglake_database.tf new file mode 100644 index 00000000..fc980ccb --- /dev/null +++ b/terraform/google/backup/google_biglake_database.tf @@ -0,0 +1,24 @@ +resource "google_storage_bucket" "bucket" { + name = "my_bucket_jgw_2025" + location = "eu" + force_destroy = true + uniform_bucket_level_access = true +} + +resource "google_storage_bucket_object" "metadata_folder" { + name = "metadata/" + content = " " + bucket = google_storage_bucket.bucket.name +} + +resource "google_biglake_database" "database" { + name = "pike" + catalog = google_biglake_catalog.catalog.id + type = "HIVE" + hive_options { + location_uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.metadata_folder.name}" + parameters = { + "owner" : "James Woolfenden" + } + } +} diff --git a/terraform/google/backup/google_biglake_table.tf b/terraform/google/backup/google_biglake_table.tf new file mode 100644 index 00000000..002393bc --- /dev/null +++ b/terraform/google/backup/google_biglake_table.tf @@ -0,0 +1,40 @@ +resource "google_biglake_table" "pike" { + name = "my_table" + database = google_biglake_database.database.id + type = "HIVE" + hive_options { + table_type = "MANAGED_TABLE" + storage_descriptor { + location_uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.data_folder.name}" + input_format = "org.apache.hadoop.mapred.SequenceFileInputFormat" + output_format = "org.apache.hadoop.hive.ql.io.HiveSequenceFileOutputFormat" + } + # Some Example Parameters. + parameters = { + "spark.sql.create.version" = "3.1.3" + "spark.sql.sources.schema.numParts" = "1" + "transient_lastDdlTime" = "1680894197" + "spark.sql.partitionProvider" = "catalog" + "owner" = "John Doe" + "spark.sql.sources.schema.part.0" = "{\"type\":\"struct\",\"fields\":[{\"name\":\"id\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}},{\"name\":\"name\",\"type\":\"string\",\"nullable\":true,\"metadata\":{}},{\"name\":\"age\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}}]}" + "spark.sql.sources.provider" = "iceberg" + "provider" = "iceberg" + } + } + +} + + +resource "google_biglake_catalog" "catalog" { + name = "my_catalog" + location = "US" +} + + + + +resource "google_storage_bucket_object" "data_folder" { + name = "data/" + content = " " + bucket = google_storage_bucket.bucket.name +} diff --git a/terraform/google/backup/google_bigquery_analytics_hub_listing_subscription.tf b/terraform/google/backup/google_bigquery_analytics_hub_listing_subscription.tf new file mode 100644 index 00000000..d4b8081b --- /dev/null +++ b/terraform/google/backup/google_bigquery_analytics_hub_listing_subscription.tf @@ -0,0 +1,43 @@ +resource "google_bigquery_analytics_hub_data_exchange" "subscription" { + location = "US" + data_exchange_id = "my_data_exchange" + display_name = "my_data_exchange" + description = "Test Description" +} + +resource "google_bigquery_analytics_hub_listing" "subscription" { + location = "US" + data_exchange_id = google_bigquery_analytics_hub_data_exchange.subscription.data_exchange_id + listing_id = "my_listing" + display_name = "my_listing" + description = "Test Description" + + bigquery_dataset { + dataset = google_bigquery_dataset.subscription.id + } +} + +resource "google_bigquery_dataset" "subscription" { + dataset_id = "my_listing" + friendly_name = "my_listing" + description = "Test Description" + location = "US" +} + +resource "google_bigquery_analytics_hub_listing_subscription" "subscription" { + location = "US" + data_exchange_id = google_bigquery_analytics_hub_data_exchange.subscription.data_exchange_id + listing_id = google_bigquery_analytics_hub_listing.subscription.listing_id + destination_dataset { + description = "A test subscription" + friendly_name = "👋" + labels = { + testing = "123" + } + location = "US" + dataset_reference { + dataset_id = "destination_dataset" + project_id = google_bigquery_dataset.subscription.project + } + } +} diff --git a/terraform/google/backup/google_bigquery_connection.tf b/terraform/google/backup/google_bigquery_connection.tf index da3d05d9..bddbe376 100644 --- a/terraform/google/backup/google_bigquery_connection.tf +++ b/terraform/google/backup/google_bigquery_connection.tf @@ -1,7 +1,7 @@ resource "google_bigquery_connection" "pike" { connection_id = "my-connection" location = "US" - friendly_name = "👋" + friendly_name = "something" description = "a riveting description" cloud_resource {} } diff --git a/terraform/google/backup/google_bigquery_datapolicy_data_policy.tf b/terraform/google/backup/google_bigquery_datapolicy_data_policy.tf new file mode 100644 index 00000000..64aa9b98 --- /dev/null +++ b/terraform/google/backup/google_bigquery_datapolicy_data_policy.tf @@ -0,0 +1,19 @@ +resource "google_bigquery_datapolicy_data_policy" "pike" { + location = "europe-west2" + data_policy_id = "data_policy" + policy_tag = google_data_catalog_policy_tag.pike.name + data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY" +} +# +# resource "google_data_catalog_policy_tag" "policy_tag" { +# taxonomy = google_data_catalog_taxonomy.taxonomy.id +# display_name = "Low security" +# description = "A policy tag normally associated with low security items" +# } +# +# resource "google_data_catalog_taxonomy" "taxonomy" { +# region = "us-central1" +# display_name = "taxonomy" +# description = "A collection of policy tags" +# activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"] +# } diff --git a/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_binding.tf b/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_binding.tf new file mode 100644 index 00000000..2b699748 --- /dev/null +++ b/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_binding.tf @@ -0,0 +1 @@ +resource "google_bigquery_datapolicy_data_policy_iam_binding" "pike" {} diff --git a/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_member.tf b/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_member.tf new file mode 100644 index 00000000..ddb968c6 --- /dev/null +++ b/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_member.tf @@ -0,0 +1 @@ +resource "google_bigquery_datapolicy_data_policy_iam_member" "pike" {} diff --git a/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_policy.tf b/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_policy.tf new file mode 100644 index 00000000..2653fe6b --- /dev/null +++ b/terraform/google/backup/google_bigquery_datapolicy_data_policy_iam_policy.tf @@ -0,0 +1,15 @@ +data "google_iam_policy" "admin4" { + binding { + role = "roles/viewer" + members = [ + "user:james.Woolfenden@gmail.com", + ] + } +} + +resource "google_bigquery_datapolicy_data_policy_iam_policy" "policy" { + project = google_bigquery_datapolicy_data_policy.pike.project + location = google_bigquery_datapolicy_data_policy.pike.location + data_policy_id = google_bigquery_datapolicy_data_policy.pike.data_policy_id + policy_data = data.google_iam_policy.admin4.policy_data +} diff --git a/terraform/google/backup/google_bigquery_dataset_access.tf b/terraform/google/backup/google_bigquery_dataset_access.tf new file mode 100644 index 00000000..efcdf738 --- /dev/null +++ b/terraform/google/backup/google_bigquery_dataset_access.tf @@ -0,0 +1,31 @@ +resource "google_bigquery_dataset" "dataset" { + dataset_id = "example_dataset2" + friendly_name = "test" + description = "This is a test description" + location = "EU" + default_table_expiration_ms = 3600000 + + labels = { + env = "default" + } + + access { + role = "OWNER" + user_by_email = google_service_account.bqowner.email + } + + access { + role = "READER" + domain = "hashicorp.com" + } +} + +resource "google_service_account" "bqowner" { + account_id = "bqowner" +} + +resource "google_bigquery_dataset_access" "access" { + dataset_id = google_bigquery_dataset.dataset.dataset_id + role = "OWNER" + user_by_email = "james.woolfenden@gmail.com" +} diff --git a/terraform/google/backup/google_bigquery_row_access_policy.tf b/terraform/google/backup/google_bigquery_row_access_policy.tf new file mode 100644 index 00000000..f508dcec --- /dev/null +++ b/terraform/google/backup/google_bigquery_row_access_policy.tf @@ -0,0 +1,22 @@ +resource "google_bigquery_dataset" "example" { + dataset_id = "dataset_id" + location = "US" +} + +resource "google_bigquery_table" "example" { + deletion_protection = false + + dataset_id = google_bigquery_dataset.example.dataset_id + table_id = "table_id" +} + +resource "google_bigquery_row_access_policy" "example" { + dataset_id = google_bigquery_dataset.example.dataset_id + table_id = google_bigquery_table.example.table_id + policy_id = "policy_id" + + filter_predicate = "nullable_field is not NULL" + grantees = [ + "domain:google.com" + ] +} diff --git a/terraform/google/backup/google_bigtable_authorized_view.tf b/terraform/google/backup/google_bigtable_authorized_view.tf new file mode 100644 index 00000000..50e381cd --- /dev/null +++ b/terraform/google/backup/google_bigtable_authorized_view.tf @@ -0,0 +1,60 @@ +resource "google_bigtable_instance" "instance" { + name = "tf-instance" + + cluster { + cluster_id = "tf-instance-cluster" + zone = "us-central1-b" + num_nodes = 3 + storage_type = "HDD" + } + deletion_protection = false + + # + # lifecycle { + # prevent_destroy = true + # } +} + +resource "google_bigtable_table" "table" { + name = "tf-table" + instance_name = google_bigtable_instance.instance.name + split_keys = ["a", "b", "c"] + + # lifecycle { + # prevent_destroy = true + # } + + column_family { + family = "family-first" + } + + column_family { + family = "family-second" + } + + change_stream_retention = "24h0m0s" +} + +resource "google_bigtable_authorized_view" "authorized_view" { + name = "tf-authorized-view" + instance_name = google_bigtable_instance.instance.name + table_name = google_bigtable_table.table.name + + # lifecycle { + # prevent_destroy = true + # } + + subset_view { + row_prefixes = [base64encode("prefix#")] + + family_subsets { + family_name = "family-first" + qualifiers = [base64encode("qualifier"), base64encode("qualifier-second")] + } + + family_subsets { + family_name = "family-second" + qualifier_prefixes = [""] + } + } +} diff --git a/terraform/google/backup/google_bigtable_logical_view.tf b/terraform/google/backup/google_bigtable_logical_view.tf new file mode 100644 index 00000000..4faf9f5a --- /dev/null +++ b/terraform/google/backup/google_bigtable_logical_view.tf @@ -0,0 +1,13 @@ +resource "google_bigtable_logical_view" "logical_view" { + logical_view_id = "btlogical" + instance = google_bigtable_instance.instance.name + deletion_protection = false + query = <Some example SSML XML + EOF + } + } + messages { + live_agent_handoff { + metadata = <Some example SSML XML + EOF + } + } + messages { + live_agent_handoff { + metadata = <Some example SSML XML + EOF + } + } + messages { + live_agent_handoff { + metadata = <Some example SSML XML + EOF + } + } + messages { + live_agent_handoff { + metadata = <Some example SSML XML + EOF + } + } + messages { + live_agent_handoff { + metadata = <Some example SSML XML + EOF + } + } + messages { + live_agent_handoff { + metadata = <