The configuration for input switching based on the media quality confidence score (MQCS) as provided from AWS Elemental MediaLive.
", + "properties": { + "MQCSInputSwitching": { + "description": "When true, AWS Elemental MediaPackage performs input switching based on the MQCS. Default is true. This setting is valid only when InputType is CMAF.
The settings for what common media server data (CMSD) headers AWS Elemental MediaPackage includes in responses to the CDN.
", + "properties": { + "PublishMQCS": { + "description": "When true, AWS Elemental MediaPackage includes the MQCS in responses to the CDN. This setting is valid only when InputType is CMAF.
The failover settings for the endpoint.
", "properties": { "EndpointErrorConditions": { - "description": "The failover settings for the endpoint. The options are:
\n\n STALE_MANIFEST - The manifest stalled and there a no new segments or parts.
\n INCOMPLETE_MANIFEST - There is a gap in the manifest.
\n MISSING_DRM_KEY - Key rotation is enabled but we're unable to fetch the key for the current key period.
The failover conditions for the endpoint. The options are:
\n\n STALE_MANIFEST - The manifest stalled and there are no new segments or parts.
\n INCOMPLETE_MANIFEST - There is a gap in the manifest.
\n MISSING_DRM_KEY - Key rotation is enabled but we're unable to fetch the key for the current key period.
\n SLATE_INPUT - The segments which contain slate content are considered to be missing content.
Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, \n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. \n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. \n ID3Timed metadata messages generate every 5 seconds whenever the content is ingested.
\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.
", + "description": "Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval,\n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest.\n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.
\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.
", "type": "integer" }, "ScteHls": { @@ -310,6 +310,10 @@ "Url": { "description": "The egress domain URL for stream delivery from MediaPackage.
", "type": "string" + }, + "UrlEncodeChildManifest": { + "description": "When enabled, MediaPackage URL-encodes the query string for API requests for HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol.\n For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.
", + "type": "boolean" } }, "required": [ @@ -343,7 +347,7 @@ "type": "integer" }, "ProgramDateTimeIntervalSeconds": { - "description": "Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, \n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. \n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player. \n ID3Timed metadata messages generate every 5 seconds whenever the content is ingested.
\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.
", + "description": "Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval,\n EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest.\n The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.
\nIrrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.
", "type": "integer" }, "ScteHls": { @@ -355,6 +359,10 @@ "Url": { "description": "The egress domain URL for stream delivery from MediaPackage.
", "type": "string" + }, + "UrlEncodeChildManifest": { + "description": "When enabled, MediaPackage URL-encodes the query string for API requests for LL-HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol.\n For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.
", + "type": "boolean" } }, "required": [ diff --git a/schema/aws-memorydb-acl.json b/schema/aws-memorydb-acl.json index d622166..fb0b282 100644 --- a/schema/aws-memorydb-acl.json +++ b/schema/aws-memorydb-acl.json @@ -36,7 +36,8 @@ "memorydb:CreateACL", "memorydb:DescribeACLs", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { diff --git a/schema/aws-memorydb-cluster.json b/schema/aws-memorydb-cluster.json index f4e6359..1791b73 100644 --- a/schema/aws-memorydb-cluster.json +++ b/schema/aws-memorydb-cluster.json @@ -9,7 +9,8 @@ "/properties/SubnetGroupName", "/properties/SnapshotArns", "/properties/MultiRegionClusterName", - "/properties/SnapshotName" + "/properties/SnapshotName", + "/properties/NetworkType" ], "definitions": { "DataTieringStatus": { @@ -33,6 +34,21 @@ }, "type": "object" }, + "SupportedIpDiscoveryTypes": { + "enum": [ + "ipv4", + "ipv6" + ], + "type": "string" + }, + "SupportedNetworkTypes": { + "enum": [ + "ipv4", + "ipv6", + "dual_stack" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -68,8 +84,10 @@ "memorydb:CreateCluster", "memorydb:DescribeClusters", "memorydb:TagResource", - "memorydb:ListTags" - ] + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" + ], + "timeoutInMinutes": 720 }, "delete": { "permissions": [ @@ -146,6 +164,11 @@ "description": "The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward.", "type": "string" }, + "IpDiscovery": { + "$ref": "#/definitions/SupportedIpDiscoveryTypes", + "description": "For clusters wth dual stack NetworkType, IpDiscovery controls the Ip protocol (ipv4 or ipv6) returned by the engine commands such as `cluster info` and `cluster nodes` which are used by clients to connect to the nodes in the cluster.", + "type": "object" + }, "KmsKeyId": { "description": "The ID of the KMS key used to encrypt the cluster.", "type": "string" @@ -158,6 +181,11 @@ "description": "The name of the Global Datastore, it is generated by MemoryDB adding a prefix to MultiRegionClusterNameSuffix.", "type": "string" }, + "NetworkType": { + "$ref": "#/definitions/SupportedNetworkTypes", + "description": "Must be either ipv4 | ipv6 | dual_stack.", + "type": "object" + }, "NodeType": { "description": "The compute and memory capacity of the nodes in the cluster.", "type": "string" diff --git a/schema/aws-memorydb-multiregioncluster.json b/schema/aws-memorydb-multiregioncluster.json index 44b2e38..63e430c 100644 --- a/schema/aws-memorydb-multiregioncluster.json +++ b/schema/aws-memorydb-multiregioncluster.json @@ -40,7 +40,8 @@ "memorydb:CreateMultiRegionCluster", "memorydb:DescribeMultiRegionClusters", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ], "timeoutInMinutes": 2160 }, diff --git a/schema/aws-memorydb-parametergroup.json b/schema/aws-memorydb-parametergroup.json index 913d3a3..569392e 100644 --- a/schema/aws-memorydb-parametergroup.json +++ b/schema/aws-memorydb-parametergroup.json @@ -39,7 +39,8 @@ "memorydb:CreateParameterGroup", "memorydb:DescribeParameterGroups", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { diff --git a/schema/aws-memorydb-subnetgroup.json b/schema/aws-memorydb-subnetgroup.json index 0cabd95..a5827cd 100644 --- a/schema/aws-memorydb-subnetgroup.json +++ b/schema/aws-memorydb-subnetgroup.json @@ -37,7 +37,8 @@ "memorydb:CreateSubnetGroup", "memorydb:DescribeSubnetGroups", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { @@ -93,6 +94,15 @@ "type": "array", "uniqueItems": true }, + "SupportedNetworkTypes": { + "description": "Supported network types would be a list of network types supported by subnet group and can be either [ipv4] or [ipv4, dual_stack] or [ipv6].", + "insertionOrder": false, + "items": { + "type": "string" + }, + "type": "array", + "uniqueItems": true + }, "Tags": { "description": "An array of key-value pairs to apply to this subnet group.", "insertionOrder": false, @@ -105,7 +115,8 @@ } }, "readOnlyProperties": [ - "/properties/ARN" + "/properties/ARN", + "/properties/SupportedNetworkTypes" ], "required": [ "SubnetGroupName", diff --git a/schema/aws-memorydb-user.json b/schema/aws-memorydb-user.json index 5912649..7577261 100644 --- a/schema/aws-memorydb-user.json +++ b/schema/aws-memorydb-user.json @@ -36,7 +36,8 @@ "memorydb:CreateUser", "memorydb:DescribeUsers", "memorydb:TagResource", - "memorydb:ListTags" + "memorydb:ListTags", + "iam:CreateServiceLinkedRole" ] }, "delete": { diff --git a/schema/aws-msk-replicator.json b/schema/aws-msk-replicator.json index 606e9a7..b6ea7d4 100644 --- a/schema/aws-msk-replicator.json +++ b/schema/aws-msk-replicator.json @@ -390,7 +390,8 @@ } }, "readOnlyProperties": [ - "/properties/ReplicatorArn" + "/properties/ReplicatorArn", + "/properties/CurrentVersion" ], "required": [ "ReplicatorName", diff --git a/schema/aws-msk-serverlesscluster.json b/schema/aws-msk-serverlesscluster.json index c5acdc8..4f24ff7 100644 --- a/schema/aws-msk-serverlesscluster.json +++ b/schema/aws-msk-serverlesscluster.json @@ -149,6 +149,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "kafka:TagResource", + "kafka:UntagResource", + "kafka:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/schema/aws-mwaa-environment.json b/schema/aws-mwaa-environment.json index f56fe31..b96676d 100644 --- a/schema/aws-mwaa-environment.json +++ b/schema/aws-mwaa-environment.json @@ -368,12 +368,40 @@ "handlers": { "create": { "permissions": [ - "airflow:CreateEnvironment" + "airflow:GetEnvironment", + "airflow:CreateEnvironment", + "airflow:TagResource", + "airflow:UntagResource", + "iam:PassRole", + "iam:ListRoles", + "iam:CreatePolicy", + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:CreateServiceLinkedRole", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:CreateBucket", + "s3:PutObject", + "s3:GetEncryptionConfiguration", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:CreateVpcEndpoint", + "ec2:CreateNetworkInterface", + "kms:CreateGrant", + "kms:DescribeKey", + "kms:ListAliases" ], "timeoutInMinutes": 180 }, "delete": { "permissions": [ + "airflow:GetEnvironment", "airflow:DeleteEnvironment" ] }, @@ -389,9 +417,23 @@ }, "update": { "permissions": [ + "airflow:GetEnvironment", "airflow:UpdateEnvironment", "airflow:TagResource", - "airflow:UntagResource" + "airflow:UntagResource", + "iam:PassRole", + "iam:ListRoles", + "iam:AttachRolePolicy", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetEncryptionConfiguration", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables", + "kms:DescribeKey", + "kms:ListAliases" ], "timeoutInMinutes": 480 } @@ -510,7 +552,7 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-mwaa.git", "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, "permissions": [ "airflow:UntagResource", "airflow:TagResource" diff --git a/schema/aws-neptune-dbcluster.json b/schema/aws-neptune-dbcluster.json index 0d2fb9c..1750055 100644 --- a/schema/aws-neptune-dbcluster.json +++ b/schema/aws-neptune-dbcluster.json @@ -320,6 +320,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-neptune-dbclusterparametergroup.json b/schema/aws-neptune-dbclusterparametergroup.json index 93eb530..74dcc78 100644 --- a/schema/aws-neptune-dbclusterparametergroup.json +++ b/schema/aws-neptune-dbclusterparametergroup.json @@ -1,63 +1,129 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Family", + "/properties/Name", "/properties/Description", - "/properties/Name" + "/properties/Family" ], "definitions": { "Tag": { "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::Neptune::DBClusterParameterGroup", + "description": "The AWS::Neptune::DBClusterParameterGroup resource creates a new Amazon Neptune DB cluster parameter group", + "handlers": { + "create": { + "permissions": [ + "rds:AddTagsToResource", + "rds:CreateDBClusterParameterGroup", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeEngineDefaultClusterParameters", + "rds:ListTagsForResource", + "rds:ModifyDBClusterParameterGroup", + "iam:CreateServiceLinkedRole" + ], + "timeoutInMinutes": 180 + }, + "delete": { + "permissions": [ + "rds:DeleteDBClusterParameterGroup", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ] + }, + "list": { + "permissions": [ + "rds:DescribeDBClusterParameterGroups", + "rds:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "rds:DescribeDBClusterParameterGroups", + "rds:ListTagsForResource", + "rds:DescribeDBClusterParameters" + ] + }, + "update": { + "permissions": [ + "rds:AddTagsToResource", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusters", + "rds:DescribeEngineDefaultClusterParameters", + "rds:ListTagsForResource", + "rds:ModifyDBClusterParameterGroup", + "rds:RemoveTagsFromResource", + "rds:ResetDBClusterParameterGroup" + ], + "timeoutInMinutes": 180 + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Name" ], "properties": { "Description": { + "description": "Provides the customer-specified description for this DB cluster parameter group.", "type": "string" }, "Family": { - "type": "string" - }, - "Id": { + "description": "Must be neptune1 for engine versions prior to 1.2.0.0, or neptune1.2 for engine version 1.2.0.0 and higher.", "type": "string" }, "Name": { + "description": "Provides the name of the DB cluster parameter group.", "type": "string" }, "Parameters": { + "description": "An array of parameters to be modified. A maximum of 20 parameters can be modified in a single request.", "type": "object" }, "Tags": { + "description": "The list of tags for the cluster parameter group.", "items": { "$ref": "#/definitions/Tag" }, - "type": "array", - "uniqueItems": false + "type": "array" } }, - "readOnlyProperties": [ - "/properties/Id" - ], + "propertyTransform": { + "/properties/Name": "$lowercase(Name)" + }, "required": [ - "Family", "Description", + "Family", "Parameters" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Neptune::DBClusterParameterGroup" } diff --git a/schema/aws-neptune-dbparametergroup.json b/schema/aws-neptune-dbparametergroup.json index 11f30ea..a202295 100644 --- a/schema/aws-neptune-dbparametergroup.json +++ b/schema/aws-neptune-dbparametergroup.json @@ -1,49 +1,101 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Family", + "/properties/Name", "/properties/Description", - "/properties/Name" + "/properties/Family" ], "definitions": { "Tag": { "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::Neptune::DBParameterGroup", + "description": "AWS::Neptune::DBParameterGroup creates a new DB parameter group. This type can be declared in a template and referenced in the DBParameterGroupName parameter of AWS::Neptune::DBInstance", + "handlers": { + "create": { + "permissions": [ + "rds:AddTagsToResource", + "rds:CreateDBParameterGroup", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeEngineDefaultParameters", + "rds:ModifyDBParameterGroup", + "rds:ListTagsForResource", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "rds:DeleteDBParameterGroup", + "rds:RemoveTagsFromResource" + ] + }, + "list": { + "permissions": [ + "rds:DescribeDBParameterGroups", + "rds:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "rds:DescribeDBParameterGroups", + "rds:ListTagsForResource", + "rds:DescribeDBParameters", + "rds:DescribeEngineDefaultParameters" + ] + }, + "update": { + "permissions": [ + "rds:AddTagsToResource", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeEngineDefaultParameters", + "rds:ListTagsForResource", + "rds:ModifyDBParameterGroup", + "rds:ResetDBParameterGroup", + "rds:RemoveTagsFromResource", + "rds:DescribeDBInstances" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/Name" ], "properties": { "Description": { + "description": "Provides the customer-specified description for this DB parameter group.", "type": "string" }, "Family": { - "type": "string" - }, - "Id": { + "description": "Must be `neptune1` for engine versions prior to 1.2.0.0, or `neptune1.2` for engine version `1.2.0.0` and higher.", "type": "string" }, "Name": { + "description": "Provides the name of the DB parameter group.", "type": "string" }, "Parameters": { + "description": "The parameters to set for this DB parameter group.\n\nThe parameters are expressed as a JSON object consisting of key-value pairs.\n\nChanges to dynamic parameters are applied immediately. During an update, if you have static parameters (whether they were changed or not), it triggers AWS CloudFormation to reboot the associated DB instance without failover.", "type": "object" }, "Tags": { + "description": "An optional array of key-value pairs to apply to this DB parameter group.", "items": { "$ref": "#/definitions/Tag" }, @@ -51,13 +103,26 @@ "uniqueItems": false } }, - "readOnlyProperties": [ - "/properties/Id" - ], + "propertyTransform": { + "/properties/Name": "$lowercase(Name)" + }, "required": [ "Family", "Description", "Parameters" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Neptune::DBParameterGroup" } diff --git a/schema/aws-neptune-dbsubnetgroup.json b/schema/aws-neptune-dbsubnetgroup.json index 3f81a2a..ddaa0ad 100644 --- a/schema/aws-neptune-dbsubnetgroup.json +++ b/schema/aws-neptune-dbsubnetgroup.json @@ -6,36 +6,79 @@ "definitions": { "Tag": { "additionalProperties": false, + "description": "An optional array of key-value pairs to apply to this DB subnet group.", "properties": { "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", "type": "string" }, "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", "type": "string" } }, "required": [ - "Value", - "Key" + "Key", + "Value" ], "type": "object" } }, - "description": "Resource Type definition for AWS::Neptune::DBSubnetGroup", + "description": "The AWS::Neptune::DBSubnetGroup type creates an Amazon Neptune DB subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same AWS Region.", + "handlers": { + "create": { + "permissions": [ + "rds:CreateDBSubnetGroup", + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource", + "rds:AddTagsToResource", + "iam:CreateServiceLinkedRole" + ] + }, + "delete": { + "permissions": [ + "rds:DeleteDBSubnetGroup", + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ] + }, + "list": { + "permissions": [ + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource" + ] + }, + "read": { + "permissions": [ + "rds:DescribeDBSubnetGroups", + "rds:ListTagsForResource" + ] + }, + "update": { + "permissions": [ + "rds:ModifyDBSubnetGroup", + "rds:DescribeDBSubnetGroups", + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource", + "rds:ListTagsForResource" + ] + } + }, "primaryIdentifier": [ - "/properties/Id" + "/properties/DBSubnetGroupName" ], "properties": { "DBSubnetGroupDescription": { + "description": "The description for the DB subnet group.", "type": "string" }, "DBSubnetGroupName": { - "type": "string" - }, - "Id": { + "description": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be \"Default\".\n\nExample: mysubnetgroup\n\n", "type": "string" }, "SubnetIds": { + "description": "The Amazon EC2 subnet IDs for the DB subnet group.", "items": { "type": "string" }, @@ -43,6 +86,7 @@ "uniqueItems": false }, "Tags": { + "description": "An optional array of key-value pairs to apply to this DB subnet group.", "items": { "$ref": "#/definitions/Tag" }, @@ -50,12 +94,25 @@ "uniqueItems": false } }, - "readOnlyProperties": [ - "/properties/Id" - ], + "propertyTransform": { + "/properties/DBSubnetGroupName": "$lowercase(DBSubnetGroupName)" + }, "required": [ "DBSubnetGroupDescription", "SubnetIds" ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-neptune", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Neptune::DBSubnetGroup" } diff --git a/schema/aws-neptunegraph-privategraphendpoint.json b/schema/aws-neptunegraph-privategraphendpoint.json index ab50fd9..bbb71ba 100644 --- a/schema/aws-neptunegraph-privategraphendpoint.json +++ b/schema/aws-neptunegraph-privategraphendpoint.json @@ -51,7 +51,8 @@ "list": { "permissions": [ "neptune-graph:GetPrivateGraphEndpoint", - "neptune-graph:ListPrivateGraphEndpoints" + "neptune-graph:ListPrivateGraphEndpoints", + "neptune-graph:ListGraphs" ], "timeoutInMinutes": 2160 }, diff --git a/schema/aws-networkfirewall-firewall.json b/schema/aws-networkfirewall-firewall.json index 6a73a76..6dadf45 100644 --- a/schema/aws-networkfirewall-firewall.json +++ b/schema/aws-networkfirewall-firewall.json @@ -132,6 +132,14 @@ "pattern": "^.*$", "type": "string" }, + "EnabledAnalysisTypes": { + "description": "The types of analysis to enable for the firewall. Can be TLS_SNI, HTTP_HOST, or both.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/EnabledAnalysisType" + }, + "type": "array" + }, "EndpointIds": { "insertionOrder": false, "items": { diff --git a/schema/aws-networkmanager-sitetositevpnattachment.json b/schema/aws-networkmanager-sitetositevpnattachment.json index b153fc4..8313c46 100644 --- a/schema/aws-networkmanager-sitetositevpnattachment.json +++ b/schema/aws-networkmanager-sitetositevpnattachment.json @@ -88,7 +88,7 @@ "ec2:DescribeRegions", "networkmanager:TagResource" ], - "timeoutInMinutes": 40 + "timeoutInMinutes": 120 }, "delete": { "permissions": [ diff --git a/schema/aws-nimblestudio-launchprofile.json b/schema/aws-nimblestudio-launchprofile.json deleted file mode 100644 index 9c94614..0000000 --- a/schema/aws-nimblestudio-launchprofile.json +++ /dev/null @@ -1,179 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/Ec2SubnetIds", - "/properties/StudioId", - "/properties/Tags" - ], - "definitions": { - "StreamConfiguration": { - "additionalProperties": false, - "properties": { - "AutomaticTerminationMode": { - "type": "string" - }, - "ClipboardMode": { - "type": "string" - }, - "Ec2InstanceTypes": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "MaxSessionLengthInMinutes": { - "type": "number" - }, - "MaxStoppedSessionLengthInMinutes": { - "type": "number" - }, - "SessionBackup": { - "$ref": "#/definitions/StreamConfigurationSessionBackup" - }, - "SessionPersistenceMode": { - "type": "string" - }, - "SessionStorage": { - "$ref": "#/definitions/StreamConfigurationSessionStorage" - }, - "StreamingImageIds": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "VolumeConfiguration": { - "$ref": "#/definitions/VolumeConfiguration" - } - }, - "required": [ - "ClipboardMode", - "StreamingImageIds", - "Ec2InstanceTypes" - ], - "type": "object" - }, - "StreamConfigurationSessionBackup": { - "additionalProperties": false, - "properties": { - "MaxBackupsToRetain": { - "type": "number" - }, - "Mode": { - "type": "string" - } - }, - "type": "object" - }, - "StreamConfigurationSessionStorage": { - "additionalProperties": false, - "properties": { - "Mode": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "Root": { - "$ref": "#/definitions/StreamingSessionStorageRoot" - } - }, - "required": [ - "Mode" - ], - "type": "object" - }, - "StreamingSessionStorageRoot": { - "additionalProperties": false, - "properties": { - "Linux": { - "type": "string" - }, - "Windows": { - "type": "string" - } - }, - "type": "object" - }, - "VolumeConfiguration": { - "additionalProperties": false, - "properties": { - "Iops": { - "type": "number" - }, - "Size": { - "type": "number" - }, - "Throughput": { - "type": "number" - } - }, - "type": "object" - } - }, - "description": "Resource Type definition for AWS::NimbleStudio::LaunchProfile", - "primaryIdentifier": [ - "/properties/LaunchProfileId" - ], - "properties": { - "Description": { - "type": "string" - }, - "Ec2SubnetIds": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "LaunchProfileId": { - "type": "string" - }, - "LaunchProfileProtocolVersions": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "Name": { - "type": "string" - }, - "StreamConfiguration": { - "$ref": "#/definitions/StreamConfiguration" - }, - "StudioComponentIds": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "StudioId": { - "type": "string" - }, - "Tags": { - "patternProperties": { - "[a-zA-Z0-9]+": { - "type": "string" - } - }, - "type": "object" - } - }, - "readOnlyProperties": [ - "/properties/LaunchProfileId" - ], - "required": [ - "Ec2SubnetIds", - "StudioComponentIds", - "StreamConfiguration", - "LaunchProfileProtocolVersions", - "StudioId", - "Name" - ], - "typeName": "AWS::NimbleStudio::LaunchProfile" -} diff --git a/schema/aws-nimblestudio-streamingimage.json b/schema/aws-nimblestudio-streamingimage.json deleted file mode 100644 index 52a1eab..0000000 --- a/schema/aws-nimblestudio-streamingimage.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/StudioId", - "/properties/Tags", - "/properties/Ec2ImageId" - ], - "definitions": { - "StreamingImageEncryptionConfiguration": { - "additionalProperties": false, - "properties": { - "KeyArn": { - "type": "string" - }, - "KeyType": { - "type": "string" - } - }, - "required": [ - "KeyType" - ], - "type": "object" - } - }, - "description": "Resource Type definition for AWS::NimbleStudio::StreamingImage", - "primaryIdentifier": [ - "/properties/StreamingImageId" - ], - "properties": { - "Description": { - "type": "string" - }, - "Ec2ImageId": { - "type": "string" - }, - "EncryptionConfiguration": { - "$ref": "#/definitions/StreamingImageEncryptionConfiguration" - }, - "EncryptionConfigurationKeyArn": { - "type": "string" - }, - "EncryptionConfigurationKeyType": { - "type": "string" - }, - "EulaIds": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "Name": { - "type": "string" - }, - "Owner": { - "type": "string" - }, - "Platform": { - "type": "string" - }, - "StreamingImageId": { - "type": "string" - }, - "StudioId": { - "type": "string" - }, - "Tags": { - "patternProperties": { - "[a-zA-Z0-9]+": { - "type": "string" - } - }, - "type": "object" - } - }, - "readOnlyProperties": [ - "/properties/Platform", - "/properties/EulaIds", - "/properties/Owner", - "/properties/EncryptionConfiguration.KeyArn", - "/properties/EncryptionConfiguration", - "/properties/EncryptionConfiguration.KeyType", - "/properties/StreamingImageId" - ], - "required": [ - "Ec2ImageId", - "StudioId", - "Name" - ], - "typeName": "AWS::NimbleStudio::StreamingImage" -} diff --git a/schema/aws-nimblestudio-studio.json b/schema/aws-nimblestudio-studio.json deleted file mode 100644 index a5bf2b0..0000000 --- a/schema/aws-nimblestudio-studio.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/StudioName", - "/properties/Tags" - ], - "definitions": { - "StudioEncryptionConfiguration": { - "additionalProperties": false, - "properties": { - "KeyArn": { - "type": "string" - }, - "KeyType": { - "type": "string" - } - }, - "required": [ - "KeyType" - ], - "type": "object" - } - }, - "description": "Resource Type definition for AWS::NimbleStudio::Studio", - "primaryIdentifier": [ - "/properties/StudioId" - ], - "properties": { - "AdminRoleArn": { - "type": "string" - }, - "DisplayName": { - "type": "string" - }, - "HomeRegion": { - "type": "string" - }, - "SsoClientId": { - "type": "string" - }, - "StudioEncryptionConfiguration": { - "$ref": "#/definitions/StudioEncryptionConfiguration" - }, - "StudioId": { - "type": "string" - }, - "StudioName": { - "type": "string" - }, - "StudioUrl": { - "type": "string" - }, - "Tags": { - "patternProperties": { - "[a-zA-Z0-9]+": { - "type": "string" - } - }, - "type": "object" - }, - "UserRoleArn": { - "type": "string" - } - }, - "readOnlyProperties": [ - "/properties/StudioId", - "/properties/HomeRegion", - "/properties/SsoClientId", - "/properties/StudioUrl" - ], - "required": [ - "UserRoleArn", - "DisplayName", - "StudioName", - "AdminRoleArn" - ], - "typeName": "AWS::NimbleStudio::Studio" -} diff --git a/schema/aws-nimblestudio-studiocomponent.json b/schema/aws-nimblestudio-studiocomponent.json deleted file mode 100644 index 3610d51..0000000 --- a/schema/aws-nimblestudio-studiocomponent.json +++ /dev/null @@ -1,196 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/Subtype", - "/properties/StudioId", - "/properties/Tags" - ], - "definitions": { - "ActiveDirectoryComputerAttribute": { - "additionalProperties": false, - "properties": { - "Name": { - "type": "string" - }, - "Value": { - "type": "string" - } - }, - "type": "object" - }, - "ActiveDirectoryConfiguration": { - "additionalProperties": false, - "properties": { - "ComputerAttributes": { - "items": { - "$ref": "#/definitions/ActiveDirectoryComputerAttribute" - }, - "type": "array", - "uniqueItems": false - }, - "DirectoryId": { - "type": "string" - }, - "OrganizationalUnitDistinguishedName": { - "type": "string" - } - }, - "type": "object" - }, - "ComputeFarmConfiguration": { - "additionalProperties": false, - "properties": { - "ActiveDirectoryUser": { - "type": "string" - }, - "Endpoint": { - "type": "string" - } - }, - "type": "object" - }, - "LicenseServiceConfiguration": { - "additionalProperties": false, - "properties": { - "Endpoint": { - "type": "string" - } - }, - "type": "object" - }, - "ScriptParameterKeyValue": { - "additionalProperties": false, - "properties": { - "Key": { - "type": "string" - }, - "Value": { - "type": "string" - } - }, - "type": "object" - }, - "SharedFileSystemConfiguration": { - "additionalProperties": false, - "properties": { - "Endpoint": { - "type": "string" - }, - "FileSystemId": { - "type": "string" - }, - "LinuxMountPoint": { - "type": "string" - }, - "ShareName": { - "type": "string" - }, - "WindowsMountDrive": { - "type": "string" - } - }, - "type": "object" - }, - "StudioComponentConfiguration": { - "additionalProperties": false, - "properties": { - "ActiveDirectoryConfiguration": { - "$ref": "#/definitions/ActiveDirectoryConfiguration" - }, - "ComputeFarmConfiguration": { - "$ref": "#/definitions/ComputeFarmConfiguration" - }, - "LicenseServiceConfiguration": { - "$ref": "#/definitions/LicenseServiceConfiguration" - }, - "SharedFileSystemConfiguration": { - "$ref": "#/definitions/SharedFileSystemConfiguration" - } - }, - "type": "object" - }, - "StudioComponentInitializationScript": { - "additionalProperties": false, - "properties": { - "LaunchProfileProtocolVersion": { - "type": "string" - }, - "Platform": { - "type": "string" - }, - "RunContext": { - "type": "string" - }, - "Script": { - "type": "string" - } - }, - "type": "object" - } - }, - "description": "Resource Type definition for AWS::NimbleStudio::StudioComponent", - "primaryIdentifier": [ - "/properties/StudioComponentId" - ], - "properties": { - "Configuration": { - "$ref": "#/definitions/StudioComponentConfiguration" - }, - "Description": { - "type": "string" - }, - "Ec2SecurityGroupIds": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": false - }, - "InitializationScripts": { - "items": { - "$ref": "#/definitions/StudioComponentInitializationScript" - }, - "type": "array", - "uniqueItems": false - }, - "Name": { - "type": "string" - }, - "ScriptParameters": { - "items": { - "$ref": "#/definitions/ScriptParameterKeyValue" - }, - "type": "array", - "uniqueItems": false - }, - "StudioComponentId": { - "type": "string" - }, - "StudioId": { - "type": "string" - }, - "Subtype": { - "type": "string" - }, - "Tags": { - "patternProperties": { - "[a-zA-Z0-9]+": { - "type": "string" - } - }, - "type": "object" - }, - "Type": { - "type": "string" - } - }, - "readOnlyProperties": [ - "/properties/StudioComponentId" - ], - "required": [ - "Type", - "StudioId", - "Name" - ], - "typeName": "AWS::NimbleStudio::StudioComponent" -} diff --git a/schema/aws-notificationscontacts-emailcontact.json b/schema/aws-notificationscontacts-emailcontact.json index 6a98634..680353b 100644 --- a/schema/aws-notificationscontacts-emailcontact.json +++ b/schema/aws-notificationscontacts-emailcontact.json @@ -90,6 +90,8 @@ "permissions": [ "notifications-contacts:CreateEmailContact", "notifications-contacts:GetEmailContact", + "notifications-contacts:SendActivationCode", + "notifications-contacts:ListEmailContacts", "notifications-contacts:TagResource", "notifications-contacts:UntagResource", "notifications-contacts:ListTagsForResource" diff --git a/schema/aws-oam-link.json b/schema/aws-oam-link.json index d7a1a32..adc5f8c 100644 --- a/schema/aws-oam-link.json +++ b/schema/aws-oam-link.json @@ -37,7 +37,9 @@ "AWS::Logs::LogGroup", "AWS::XRay::Trace", "AWS::ApplicationInsights::Application", - "AWS::InternetMonitor::Monitor" + "AWS::InternetMonitor::Monitor", + "AWS::ApplicationSignals::Service", + "AWS::ApplicationSignals::ServiceLevelObjective" ], "type": "string" } @@ -54,7 +56,8 @@ "logs:Link", "xray:Link", "applicationinsights:Link", - "internetmonitor:Link" + "internetmonitor:Link", + "application-signals:Link" ] }, "delete": { @@ -83,6 +86,7 @@ "xray:Link", "applicationinsights:Link", "internetmonitor:Link", + "application-signals:Link", "oam:TagResource", "oam:UntagResource", "oam:ListTagsForResource" diff --git a/schema/aws-omics-referencestore.json b/schema/aws-omics-referencestore.json index b2e2e24..0bc9149 100644 --- a/schema/aws-omics-referencestore.json +++ b/schema/aws-omics-referencestore.json @@ -133,8 +133,5 @@ "tagUpdatable": false, "taggable": true }, - "typeName": "AWS::Omics::ReferenceStore", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Omics::ReferenceStore" } diff --git a/schema/aws-omics-sequencestore.json b/schema/aws-omics-sequencestore.json index 20eb593..d4e0092 100644 --- a/schema/aws-omics-sequencestore.json +++ b/schema/aws-omics-sequencestore.json @@ -1,19 +1,34 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/Description", - "/properties/Name", - "/properties/FallbackLocation", - "/properties/SseConfig", - "/properties/Tags" + "/properties/ETagAlgorithmFamily", + "/properties/SseConfig" ], "definitions": { + "ETagAlgorithmFamily": { + "enum": [ + "MD5up", + "SHA256up", + "SHA512up" + ], + "type": "string" + }, "EncryptionType": { "enum": [ "KMS" ], "type": "string" }, + "SequenceStoreStatus": { + "enum": [ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "FAILED" + ], + "type": "string" + }, "SseConfig": { "additionalProperties": false, "description": "Server-side encryption (SSE) settings for a store.", @@ -46,11 +61,15 @@ "type": "object" } }, - "description": "Definition of AWS::Omics::SequenceStore Resource Type", + "description": "Resource Type definition for AWS::Omics::SequenceStore", "handlers": { "create": { "permissions": [ "omics:CreateSequenceStore", + "omics:GetSequenceStore", + "omics:GetS3AccessPolicy", + "omics:PutS3AccessPolicy", + "omics:ListTagsForResource", "omics:TagResource", "kms:DescribeKey" ] @@ -67,15 +86,33 @@ }, "read": { "permissions": [ + "omics:GetS3AccessPolicy", "omics:GetSequenceStore", "omics:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "omics:UpdateSequenceStore", + "omics:GetSequenceStore", + "omics:TagResource", + "omics:UntagResource", + "omics:ListTagsForResource", + "omics:GetS3AccessPolicy", + "omics:DeleteS3AccessPolicy", + "omics:PutS3AccessPolicy" + ] } }, "primaryIdentifier": [ "/properties/SequenceStoreId" ], "properties": { + "AccessLogLocation": { + "description": "Location of the access logs.", + "pattern": "^$|^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/?((.{1,800})/)?$", + "type": "string" + }, "Arn": { "description": "The store's ARN.", "maxLength": 127, @@ -95,10 +132,13 @@ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$", "type": "string" }, + "ETagAlgorithmFamily": { + "$ref": "#/definitions/ETagAlgorithmFamily" + }, "FallbackLocation": { - "description": "An S3 URI representing the bucket and folder to store failed read set uploads.", - "minLength": 1, - "pattern": "^s3:\\/\\/([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])\\/?((.{1,1024})\\/)?$", + "description": "An S3 location that is used to store files that have failed a direct upload.", + "minLength": 0, + "pattern": "^$|^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/?((.{1,1024})/)?$", "type": "string" }, "Name": { @@ -108,6 +148,33 @@ "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$", "type": "string" }, + "PropagatedSetLevelTags": { + "description": "The tags keys to propagate to the S3 objects associated with read sets in the sequence store.", + "items": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "maxItems": 50, + "minItems": 0, + "type": "array" + }, + "S3AccessPointArn": { + "description": "This is ARN of the access point associated with the S3 bucket storing read sets.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^arn:[^:]*:s3:[^:]*:[^:]*:accesspoint/.*$", + "type": "string" + }, + "S3AccessPolicy": { + "description": "The resource policy that controls S3 access on the store", + "type": "object" + }, + "S3Uri": { + "description": "The S3 URI of the sequence store.", + "pattern": "^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/(.{1,1024})$", + "type": "string" + }, "SequenceStoreId": { "maxLength": 36, "minLength": 10, @@ -117,14 +184,34 @@ "SseConfig": { "$ref": "#/definitions/SseConfig" }, + "Status": { + "$ref": "#/definitions/SequenceStoreStatus" + }, + "StatusMessage": { + "description": "The status message of the sequence store.", + "maxLength": 127, + "minLength": 1, + "pattern": "^[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+$", + "type": "string" + }, "Tags": { "$ref": "#/definitions/TagMap" + }, + "UpdateTime": { + "description": "The last-updated time of the sequence store.", + "format": "date-time", + "type": "string" } }, "readOnlyProperties": [ "/properties/Arn", "/properties/CreationTime", - "/properties/SequenceStoreId" + "/properties/S3AccessPointArn", + "/properties/S3Uri", + "/properties/SequenceStoreId", + "/properties/Status", + "/properties/StatusMessage", + "/properties/UpdateTime" ], "required": [ "Name" @@ -133,15 +220,13 @@ "cloudFormationSystemTags": true, "permissions": [ "omics:TagResource", - "omics:ListTagsForResource" + "omics:ListTagsForResource", + "omics:UntagResource" ], "tagOnCreate": true, "tagProperty": "/properties/Tags", - "tagUpdatable": false, + "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::Omics::SequenceStore", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::Omics::SequenceStore" } diff --git a/schema/aws-opensearchserverless-index.json b/schema/aws-opensearchserverless-index.json new file mode 100644 index 0000000..781e76e --- /dev/null +++ b/schema/aws-opensearchserverless-index.json @@ -0,0 +1,226 @@ +{ + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/IndexName", + "/properties/CollectionEndpoint" + ], + "definitions": { + "IndexSettings": { + "additionalProperties": false, + "properties": { + "Index": { + "additionalProperties": false, + "properties": { + "Knn": { + "description": "Enable/disable k-nearest neighbor search capability", + "type": "boolean" + }, + "KnnAlgoParamEfSearch": { + "description": "Size of the dynamic list for the nearest neighbors", + "type": "integer" + }, + "RefreshInterval": { + "description": "How often to perform refresh operation (e.g. '1s', '5s')", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "PropertyMapping": { + "additionalProperties": false, + "properties": { + "Dimension": { + "description": "Dimension size for vector fields, defines the number of dimensions in the vector", + "type": "integer" + }, + "Index": { + "description": "Whether a field should be indexed", + "type": "boolean" + }, + "Method": { + "additionalProperties": false, + "description": "Configuration for k-NN search method", + "properties": { + "Engine": { + "description": "The k-NN search engine to use", + "enum": [ + "nmslib", + "faiss", + "lucene" + ], + "type": "string" + }, + "Name": { + "description": "The algorithm name for k-NN search", + "enum": [ + "hnsw", + "ivf" + ], + "type": "string" + }, + "Parameters": { + "additionalProperties": false, + "description": "Additional parameters for the k-NN algorithm", + "properties": { + "EfConstruction": { + "description": "The size of the dynamic list used during k-NN graph creation", + "minimum": 1, + "type": "integer" + }, + "M": { + "description": "Number of neighbors to consider during k-NN search", + "maximum": 100, + "minimum": 2, + "type": "integer" + } + }, + "type": "object" + }, + "SpaceType": { + "description": "The distance function used for k-NN search", + "enum": [ + "l2", + "l1", + "linf", + "cosinesimil", + "innerproduct", + "hamming" + ], + "type": "string" + } + }, + "required": [ + "Name", + "Engine" + ], + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "description": "Nested fields within an object or nested field type", + "patternProperties": { + "^[A-Za-z0-9_.-]{1,64}$": { + "$ref": "#/definitions/PropertyMapping", + "description": "Nested field name and its mapping configuration" + } + }, + "type": "object" + }, + "Type": { + "description": "The field data type. Must be a valid OpenSearch field type.", + "enum": [ + "text", + "knn_vector" + ], + "type": "string" + }, + "Value": { + "description": "Default value for the field when not specified in a document", + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + } + }, + "description": "An OpenSearch Serverless index resource", + "handlers": { + "create": { + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "delete": { + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "list": { + "handlerSchema": { + "properties": { + "CollectionEndpoint": { + "$ref": "resource-schema.json#/properties/CollectionEndpoint" + } + }, + "required": [ + "CollectionEndpoint" + ] + }, + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "read": { + "permissions": [ + "aoss:APIAccessAll" + ] + }, + "update": { + "permissions": [ + "aoss:APIAccessAll" + ] + } + }, + "primaryIdentifier": [ + "/properties/IndexName", + "/properties/CollectionEndpoint" + ], + "properties": { + "CollectionEndpoint": { + "description": "The endpoint for the collection.", + "type": "string" + }, + "IndexName": { + "description": "The name of the OpenSearch Serverless index.", + "pattern": "^(?![_-])[a-z][a-z0-9_-]*$", + "type": "string" + }, + "Mappings": { + "additionalProperties": false, + "description": "Index Mappings", + "properties": { + "Properties": { + "additionalProperties": false, + "description": "Defines the fields within the mapping, including their types and configurations", + "patternProperties": { + "^[A-Za-z0-9_.-]{1,64}$": { + "$ref": "#/definitions/PropertyMapping", + "description": "Field name and its mapping configuration" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "Settings": { + "$ref": "#/definitions/IndexSettings", + "description": "Index settings" + }, + "Uuid": { + "description": "The unique identifier for the index.", + "type": "string" + } + }, + "readOnlyProperties": [ + "/properties/Uuid" + ], + "required": [ + "CollectionEndpoint", + "IndexName" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-opensearchserverless", + "tagging": { + "taggable": false + }, + "typeName": "AWS::OpenSearchServerless::Index", + "writeOnlyProperties": [ + "/properties/Settings/Index/RefreshInterval", + "/properties/Settings/Index/KnnAlgoParamEfSearch" + ] +} diff --git a/schema/aws-opensearchserverless-securityconfig.json b/schema/aws-opensearchserverless-securityconfig.json index 6fd6cb6..283c730 100644 --- a/schema/aws-opensearchserverless-securityconfig.json +++ b/schema/aws-opensearchserverless-securityconfig.json @@ -75,6 +75,13 @@ "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+", "type": "string" }, + "OpenSearchServerlessEntityId": { + "description": "Custom entity id attribute to override default entity id for this saml integration", + "maxLength": 1024, + "minLength": 1, + "pattern": "^aws:opensearch:[0-9]{12}:*", + "type": "string" + }, "SessionTimeout": { "description": "Defines the session timeout in minutes", "type": "integer" diff --git a/schema/aws-organizations-account.json b/schema/aws-organizations-account.json index fe3f3bc..497e616 100644 --- a/schema/aws-organizations-account.json +++ b/schema/aws-organizations-account.json @@ -34,6 +34,7 @@ "organizations:CreateAccount", "organizations:DescribeCreateAccountStatus", "organizations:MoveAccount", + "organizations:ListAccounts", "organizations:ListParents", "organizations:TagResource", "organizations:DescribeAccount", diff --git a/schema/aws-organizations-organizationalunit.json b/schema/aws-organizations-organizationalunit.json index 08d6919..1acd386 100644 --- a/schema/aws-organizations-organizationalunit.json +++ b/schema/aws-organizations-organizationalunit.json @@ -35,6 +35,7 @@ "organizations:CreateOrganizationalUnit", "organizations:DescribeOrganizationalUnit", "organizations:ListParents", + "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "organizations:TagResource" ] diff --git a/schema/aws-organizations-policy.json b/schema/aws-organizations-policy.json index 1fe6f54..c4b79f5 100644 --- a/schema/aws-organizations-policy.json +++ b/schema/aws-organizations-policy.json @@ -37,6 +37,7 @@ "organizations:CreatePolicy", "organizations:DescribePolicy", "organizations:AttachPolicy", + "organizations:ListPolicies", "organizations:ListTagsForResource", "organizations:ListTargetsForPolicy", "organizations:TagResource" diff --git a/schema/aws-panorama-applicationinstance.json b/schema/aws-panorama-applicationinstance.json index d3bbfbe..baa5a0c 100644 --- a/schema/aws-panorama-applicationinstance.json +++ b/schema/aws-panorama-applicationinstance.json @@ -312,7 +312,18 @@ "DefaultRuntimeContextDevice" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "panorama:ListTagsForResource", + "panorama:TagResource", + "panorama:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Panorama::ApplicationInstance", "writeOnlyProperties": [ "/properties/ApplicationInstanceIdToReplace" diff --git a/schema/aws-panorama-package.json b/schema/aws-panorama-package.json index 681961a..12387b8 100644 --- a/schema/aws-panorama-package.json +++ b/schema/aws-panorama-package.json @@ -186,6 +186,17 @@ "PackageName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", - "taggable": true, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "panorama:ListTagsForResource", + "panorama:TagResource", + "panorama:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Panorama::Package" } diff --git a/schema/aws-panorama-packageversion.json b/schema/aws-panorama-packageversion.json index f9afd3a..47bc8ca 100644 --- a/schema/aws-panorama-packageversion.json +++ b/schema/aws-panorama-packageversion.json @@ -172,7 +172,6 @@ "PatchVersion" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-panorama.git", - "taggable": false, "typeName": "AWS::Panorama::PackageVersion", "writeOnlyProperties": [ "/properties/UpdatedLatestPatchVersion" diff --git a/schema/aws-paymentcryptography-key.json b/schema/aws-paymentcryptography-key.json index c7f13a9..82a9158 100644 --- a/schema/aws-paymentcryptography-key.json +++ b/schema/aws-paymentcryptography-key.json @@ -1,6 +1,30 @@ { "additionalProperties": false, "definitions": { + "DeriveKeyUsage": { + "enum": [ + "TR31_B0_BASE_DERIVATION_KEY", + "TR31_C0_CARD_VERIFICATION_KEY", + "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", + "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", + "TR31_E1_EMV_MKEY_CONFIDENTIALITY", + "TR31_E2_EMV_MKEY_INTEGRITY", + "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", + "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", + "TR31_E6_EMV_MKEY_OTHER", + "TR31_K0_KEY_ENCRYPTION_KEY", + "TR31_K1_KEY_BLOCK_PROTECTION_KEY", + "TR31_M3_ISO_9797_3_MAC_KEY", + "TR31_M1_ISO_9797_1_MAC_KEY", + "TR31_M6_ISO_9797_5_CMAC_KEY", + "TR31_M7_HMAC_KEY", + "TR31_P0_PIN_ENCRYPTION_KEY", + "TR31_P1_PIN_GENERATION_KEY", + "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", + "TR31_V2_VISA_PIN_VERIFICATION_KEY" + ], + "type": "string" + }, "KeyAlgorithm": { "enum": [ "TDES_2KEY", @@ -8,11 +32,16 @@ "AES_128", "AES_192", "AES_256", + "HMAC_SHA256", + "HMAC_SHA384", + "HMAC_SHA512", + "HMAC_SHA224", "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", - "ECC_NIST_P384" + "ECC_NIST_P384", + "ECC_NIST_P521" ], "type": "string" }, @@ -43,7 +72,8 @@ "KeyCheckValueAlgorithm": { "enum": [ "CMAC", - "ANSI_X9_24" + "ANSI_X9_24", + "HMAC" ], "type": "string" }, @@ -206,6 +236,9 @@ "/properties/KeyIdentifier" ], "properties": { + "DeriveKeyUsage": { + "$ref": "#/definitions/DeriveKeyUsage" + }, "Enabled": { "type": "boolean" }, diff --git a/schema/aws-pcaconnectorad-connector.json b/schema/aws-pcaconnectorad-connector.json index 2a43aab..125afed 100644 --- a/schema/aws-pcaconnectorad-connector.json +++ b/schema/aws-pcaconnectorad-connector.json @@ -15,9 +15,20 @@ }, "type": "object" }, + "Unit": { + "additionalProperties": false, + "type": "object" + }, "VpcInformation": { "additionalProperties": false, "properties": { + "IpAddressType": { + "enum": [ + "IPV4", + "DUALSTACK" + ], + "type": "string" + }, "SecurityGroupIds": { "items": { "maxLength": 20, @@ -37,7 +48,7 @@ "type": "object" } }, - "description": "Definition of AWS::PCAConnectorAD::Connector Resource Type", + "description": "Represents a Connector that connects AWS PrivateCA and your directory", "handlers": { "create": { "permissions": [ @@ -89,13 +100,13 @@ "CertificateAuthorityArn": { "maxLength": 200, "minLength": 5, - "pattern": "^arn:[\\w-]+:acm-pca:[\\w-]+:[0-9]+:certificate-authority(\\/[\\w-]+)$", + "pattern": "^arn:[\\w-]+:acm-pca:[\\w-]+:[0-9]+:certificate-authority\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", "type": "string" }, "ConnectorArn": { "maxLength": 200, "minLength": 5, - "pattern": "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector(\\/[\\w-]+)$", + "pattern": "^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$", "type": "string" }, "DirectoryId": { diff --git a/schema/aws-pcs-cluster.json b/schema/aws-pcs-cluster.json index 3c3fb38..dc26e86 100644 --- a/schema/aws-pcs-cluster.json +++ b/schema/aws-pcs-cluster.json @@ -202,7 +202,6 @@ }, "Name": { "description": "The name that identifies the cluster.", - "pattern": "^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$", "type": "string" }, "Networking": { diff --git a/schema/aws-pcs-computenodegroup.json b/schema/aws-pcs-computenodegroup.json index e32f78a..4766986 100644 --- a/schema/aws-pcs-computenodegroup.json +++ b/schema/aws-pcs-computenodegroup.json @@ -170,7 +170,7 @@ "additionalProperties": false, "description": "An Amazon EC2 launch template AWS PCS uses to launch compute nodes.", "properties": { - "Id": { + "TemplateId": { "description": "The ID of the EC2 launch template to use to provision instances.", "type": "string" }, @@ -180,7 +180,6 @@ } }, "required": [ - "Id", "Version" ], "type": "object" @@ -212,7 +211,6 @@ }, "Name": { "description": "The name that identifies the compute node group.", - "pattern": "^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$", "type": "string" }, "PurchaseOption": { diff --git a/schema/aws-pcs-queue.json b/schema/aws-pcs-queue.json index d4659f0..4333d8b 100644 --- a/schema/aws-pcs-queue.json +++ b/schema/aws-pcs-queue.json @@ -126,7 +126,6 @@ }, "Name": { "description": "The name that identifies the queue.", - "pattern": "^(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+$", "type": "string" }, "Status": { diff --git a/schema/aws-proton-servicetemplate.json b/schema/aws-proton-servicetemplate.json index c552c1a..473f38d 100644 --- a/schema/aws-proton-servicetemplate.json +++ b/schema/aws-proton-servicetemplate.json @@ -129,7 +129,8 @@ }, "list": { "permissions": [ - "proton:ListServiceTemplates" + "proton:ListServiceTemplates", + "proton:ListTagsForResource" ] }, "read": { diff --git a/schema/aws-qbusiness-datasource.json b/schema/aws-qbusiness-datasource.json index 2aabee6..bc8a2ba 100644 --- a/schema/aws-qbusiness-datasource.json +++ b/schema/aws-qbusiness-datasource.json @@ -11,6 +11,25 @@ ], "type": "string" }, + "AudioExtractionConfiguration": { + "additionalProperties": false, + "properties": { + "AudioExtractionStatus": { + "$ref": "#/definitions/AudioExtractionStatus" + } + }, + "required": [ + "AudioExtractionStatus" + ], + "type": "object" + }, + "AudioExtractionStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "DataSourceStatus": { "enum": [ "PENDING_CREATION", @@ -268,8 +287,14 @@ "MediaExtractionConfiguration": { "additionalProperties": false, "properties": { + "AudioExtractionConfiguration": { + "$ref": "#/definitions/AudioExtractionConfiguration" + }, "ImageExtractionConfiguration": { "$ref": "#/definitions/ImageExtractionConfiguration" + }, + "VideoExtractionConfiguration": { + "$ref": "#/definitions/VideoExtractionConfiguration" } }, "type": "object" @@ -293,6 +318,25 @@ "Value" ], "type": "object" + }, + "VideoExtractionConfiguration": { + "additionalProperties": false, + "properties": { + "VideoExtractionStatus": { + "$ref": "#/definitions/VideoExtractionStatus" + } + }, + "required": [ + "VideoExtractionStatus" + ], + "type": "object" + }, + "VideoExtractionStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" } }, "description": "Definition of AWS::QBusiness::DataSource Resource Type", @@ -453,6 +497,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::DataSource" diff --git a/schema/aws-qbusiness-index.json b/schema/aws-qbusiness-index.json index bf712ab..5d4cb29 100644 --- a/schema/aws-qbusiness-index.json +++ b/schema/aws-qbusiness-index.json @@ -246,6 +246,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::Index" diff --git a/schema/aws-qbusiness-retriever.json b/schema/aws-qbusiness-retriever.json index d2dfb5d..a45d2a5 100644 --- a/schema/aws-qbusiness-retriever.json +++ b/schema/aws-qbusiness-retriever.json @@ -227,6 +227,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::Retriever" diff --git a/schema/aws-qbusiness-webexperience.json b/schema/aws-qbusiness-webexperience.json index b91d3b1..af1aedb 100644 --- a/schema/aws-qbusiness-webexperience.json +++ b/schema/aws-qbusiness-webexperience.json @@ -4,6 +4,32 @@ "/properties/ApplicationId" ], "definitions": { + "BrowserExtension": { + "enum": [ + "FIREFOX", + "CHROME" + ], + "type": "string" + }, + "BrowserExtensionConfiguration": { + "additionalProperties": false, + "properties": { + "EnabledBrowserExtensions": { + "insertionOrder": false, + "items": { + "$ref": "#/definitions/BrowserExtension" + }, + "maxItems": 2, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "EnabledBrowserExtensions" + ], + "type": "object" + }, "CustomizationConfiguration": { "additionalProperties": false, "properties": { @@ -209,6 +235,9 @@ "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{35}$", "type": "string" }, + "BrowserExtensionConfiguration": { + "$ref": "#/definitions/BrowserExtensionConfiguration" + }, "CreatedAt": { "format": "date-time", "type": "string" @@ -302,6 +331,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-qbusiness", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "qbusiness:UntagResource", + "qbusiness:TagResource", + "qbusiness:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::QBusiness::WebExperience" diff --git a/schema/aws-quicksight-analysis.json b/schema/aws-quicksight-analysis.json index 4e1b84a..2a8a678 100644 --- a/schema/aws-quicksight-analysis.json +++ b/schema/aws-quicksight-analysis.json @@ -538,6 +538,9 @@ "FieldWells": { "$ref": "#/definitions/BarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -724,6 +727,9 @@ "PageBreakConfiguration": { "$ref": "#/definitions/SectionPageBreakConfiguration" }, + "RepeatConfiguration": { + "$ref": "#/definitions/BodySectionRepeatConfiguration" + }, "SectionId": { "maxLength": 512, "minLength": 1, @@ -749,6 +755,105 @@ }, "type": "object" }, + "BodySectionDynamicCategoryDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionDynamicNumericDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionRepeatConfiguration": { + "additionalProperties": false, + "properties": { + "DimensionConfigurations": { + "items": { + "$ref": "#/definitions/BodySectionRepeatDimensionConfiguration" + }, + "maxItems": 3, + "minItems": 0, + "type": "array" + }, + "NonRepeatingVisuals": { + "items": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "PageBreakConfiguration": { + "$ref": "#/definitions/BodySectionRepeatPageBreakConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "DynamicCategoryDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicCategoryDimensionConfiguration" + }, + "DynamicNumericDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicNumericDimensionConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatPageBreakConfiguration": { + "additionalProperties": false, + "properties": { + "After": { + "$ref": "#/definitions/SectionAfterPageBreak" + } + }, + "type": "object" + }, "BoxPlotAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -786,6 +891,9 @@ "FieldWells": { "$ref": "#/definitions/BoxPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1394,6 +1502,9 @@ "FieldWells": { "$ref": "#/definitions/ComboChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1738,6 +1849,15 @@ ], "type": "object" }, + "ContextMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "ContributionAnalysisDefault": { "additionalProperties": false, "properties": { @@ -1897,6 +2017,9 @@ }, "ImageScaling": { "$ref": "#/definitions/CustomContentImageScalingConfiguration" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -2087,6 +2210,13 @@ ], "type": "object" }, + "DashboardBehavior": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "DataBarsOptions": { "additionalProperties": false, "properties": { @@ -2551,11 +2681,17 @@ "DateTimePickerControlDisplayOptions": { "additionalProperties": false, "properties": { + "DateIconVisibility": { + "$ref": "#/definitions/Visibility" + }, "DateTimeFormat": { "maxLength": 128, "minLength": 1, "type": "string" }, + "HelperTextVisibility": { + "$ref": "#/definitions/Visibility" + }, "InfoIconLabelOptions": { "$ref": "#/definitions/SheetControlInfoIconLabelOptions" }, @@ -2943,6 +3079,13 @@ }, "type": "object" }, + "DigitGroupingStyle": { + "enum": [ + "DEFAULT", + "LAKHS" + ], + "type": "string" + }, "DimensionField": { "additionalProperties": false, "properties": { @@ -3282,6 +3425,9 @@ "FieldWells": { "$ref": "#/definitions/FilledMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -3894,6 +4040,9 @@ "FontDecoration": { "$ref": "#/definitions/FontDecoration" }, + "FontFamily": { + "type": "string" + }, "FontSize": { "$ref": "#/definitions/FontSize" }, @@ -4232,6 +4381,9 @@ "FieldWells": { "$ref": "#/definitions/FunnelChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/FunnelChartSortConfiguration" }, @@ -4365,6 +4517,20 @@ }, "type": "object" }, + "GaugeChartColorConfiguration": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + }, + "ForegroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "type": "object" + }, "GaugeChartConditionalFormatting": { "additionalProperties": false, "properties": { @@ -4394,6 +4560,9 @@ "GaugeChartConfiguration": { "additionalProperties": false, "properties": { + "ColorConfiguration": { + "$ref": "#/definitions/GaugeChartColorConfiguration" + }, "DataLabels": { "$ref": "#/definitions/DataLabelOptions" }, @@ -4403,6 +4572,9 @@ "GaugeChartOptions": { "$ref": "#/definitions/GaugeChartOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "TooltipOptions": { "$ref": "#/definitions/TooltipOptions" }, @@ -4820,7 +4992,9 @@ "GeospatialLayerMapConfiguration": { "additionalProperties": false, "properties": { - "Interactions": {}, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -4926,7 +5100,9 @@ "FieldWells": { "$ref": "#/definitions/GeospatialMapFieldWells" }, - "Interactions": {}, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5430,6 +5606,9 @@ "FieldWells": { "$ref": "#/definitions/HeatMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5579,6 +5758,9 @@ "FieldWells": { "$ref": "#/definitions/HistogramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -5754,7 +5936,9 @@ "ImageMenuOption": { "additionalProperties": false, "properties": { - "AvailabilityStatus": {} + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } }, "type": "object" }, @@ -5798,6 +5982,9 @@ }, "CustomNarrative": { "$ref": "#/definitions/CustomNarrativeOptions" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -6007,6 +6194,9 @@ "FieldWells": { "$ref": "#/definitions/KPIFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "KPIOptions": { "$ref": "#/definitions/KPIOptions" }, @@ -6469,6 +6659,9 @@ "minItems": 0, "type": "array" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -7056,7 +7249,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -7912,6 +8107,9 @@ "FieldWells": { "$ref": "#/definitions/PieChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -8140,6 +8338,9 @@ "FieldWells": { "$ref": "#/definitions/PivotTableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/PivotTablePaginatedReportOptions" }, @@ -8809,6 +9010,9 @@ "FieldWells": { "$ref": "#/definitions/RadarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -9342,6 +9546,9 @@ "FieldWells": { "$ref": "#/definitions/SankeyDiagramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/SankeyDiagramSortConfiguration" } @@ -9469,9 +9676,15 @@ "FieldWells": { "$ref": "#/definitions/ScatterPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, + "SortConfiguration": { + "$ref": "#/definitions/ScatterPlotSortConfiguration" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -9505,6 +9718,15 @@ }, "type": "object" }, + "ScatterPlotSortConfiguration": { + "additionalProperties": false, + "properties": { + "ScatterPlotLimitConfiguration": { + "$ref": "#/definitions/ItemsLimitConfiguration" + } + }, + "type": "object" + }, "ScatterPlotUnaggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -9810,14 +10032,6 @@ "additionalProperties": false, "description": "A sheet, which is an object that contains a set of visuals that\n are viewed together on one page in Amazon QuickSight. Every analysis and dashboard\n contains at least one sheet. Each sheet contains at least one visualization widget, for\n example a chart, pivot table, or narrative insight. Sheets can be associated with other\n components, such as controls, filters, and so on.
", "properties": { - "Images": { - "items": { - "$ref": "#/definitions/SheetImage" - }, - "maxItems": 10, - "minItems": 0, - "type": "array" - }, "Name": { "description": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight\n console.
", "maxLength": 2048, @@ -10711,6 +10925,9 @@ "FieldWells": { "$ref": "#/definitions/TableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/TablePaginatedReportOptions" }, @@ -10853,6 +11070,14 @@ "maxItems": 100, "minItems": 0, "type": "array" + }, + "TransposedTableOptions": { + "items": { + "$ref": "#/definitions/TransposedTableOption" + }, + "maxItems": 10001, + "minItems": 0, + "type": "array" } }, "type": "object" @@ -11170,6 +11395,9 @@ "ThousandSeparatorOptions": { "additionalProperties": false, "properties": { + "GroupingStyle": { + "$ref": "#/definitions/DigitGroupingStyle" + }, "Symbol": { "$ref": "#/definitions/NumericSeparatorSymbol" }, @@ -11607,6 +11835,34 @@ }, "type": "object" }, + "TransposedColumnType": { + "enum": [ + "ROW_HEADER_COLUMN", + "VALUE_COLUMN" + ], + "type": "string" + }, + "TransposedTableOption": { + "additionalProperties": false, + "properties": { + "ColumnIndex": { + "maximum": 9999, + "minimum": 0, + "type": "number" + }, + "ColumnType": { + "$ref": "#/definitions/TransposedColumnType" + }, + "ColumnWidth": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + } + }, + "required": [ + "ColumnType" + ], + "type": "object" + }, "TreeMapAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -11655,6 +11911,9 @@ "GroupLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -11995,6 +12254,27 @@ ], "type": "string" }, + "VisualInteractionOptions": { + "additionalProperties": false, + "properties": { + "ContextMenuOption": { + "$ref": "#/definitions/ContextMenuOption" + }, + "VisualMenuOption": { + "$ref": "#/definitions/VisualMenuOption" + } + }, + "type": "object" + }, + "VisualMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "VisualPalette": { "additionalProperties": false, "properties": { @@ -12094,6 +12374,9 @@ "FieldWells": { "$ref": "#/definitions/WaterfallChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -12292,6 +12575,9 @@ "FieldWells": { "$ref": "#/definitions/WordCloudFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/WordCloudSortConfiguration" }, @@ -12631,6 +12917,18 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::Analysis", "writeOnlyProperties": [ "/properties/Definition", diff --git a/schema/aws-quicksight-dashboard.json b/schema/aws-quicksight-dashboard.json index 03ca3df..a89117e 100644 --- a/schema/aws-quicksight-dashboard.json +++ b/schema/aws-quicksight-dashboard.json @@ -402,6 +402,9 @@ "FieldWells": { "$ref": "#/definitions/BarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -588,6 +591,9 @@ "PageBreakConfiguration": { "$ref": "#/definitions/SectionPageBreakConfiguration" }, + "RepeatConfiguration": { + "$ref": "#/definitions/BodySectionRepeatConfiguration" + }, "SectionId": { "maxLength": 512, "minLength": 1, @@ -613,6 +619,105 @@ }, "type": "object" }, + "BodySectionDynamicCategoryDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionDynamicNumericDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionRepeatConfiguration": { + "additionalProperties": false, + "properties": { + "DimensionConfigurations": { + "items": { + "$ref": "#/definitions/BodySectionRepeatDimensionConfiguration" + }, + "maxItems": 3, + "minItems": 0, + "type": "array" + }, + "NonRepeatingVisuals": { + "items": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "PageBreakConfiguration": { + "$ref": "#/definitions/BodySectionRepeatPageBreakConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "DynamicCategoryDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicCategoryDimensionConfiguration" + }, + "DynamicNumericDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicNumericDimensionConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatPageBreakConfiguration": { + "additionalProperties": false, + "properties": { + "After": { + "$ref": "#/definitions/SectionAfterPageBreak" + } + }, + "type": "object" + }, "BoxPlotAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -650,6 +755,9 @@ "FieldWells": { "$ref": "#/definitions/BoxPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1258,6 +1366,9 @@ "FieldWells": { "$ref": "#/definitions/ComboChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1602,6 +1713,15 @@ ], "type": "object" }, + "ContextMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "ContributionAnalysisDefault": { "additionalProperties": false, "properties": { @@ -1761,6 +1881,9 @@ }, "ImageScaling": { "$ref": "#/definitions/CustomContentImageScalingConfiguration" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -2028,7 +2151,9 @@ "VisualAxisSortOption": { "$ref": "#/definitions/VisualAxisSortOption" }, - "VisualMenuOption": {}, + "VisualMenuOption": { + "$ref": "#/definitions/VisualMenuOption" + }, "VisualPublishOptions": { "$ref": "#/definitions/DashboardVisualPublishOptions" } @@ -2714,11 +2839,17 @@ "DateTimePickerControlDisplayOptions": { "additionalProperties": false, "properties": { + "DateIconVisibility": { + "$ref": "#/definitions/Visibility" + }, "DateTimeFormat": { "maxLength": 128, "minLength": 1, "type": "string" }, + "HelperTextVisibility": { + "$ref": "#/definitions/Visibility" + }, "InfoIconLabelOptions": { "$ref": "#/definitions/SheetControlInfoIconLabelOptions" }, @@ -3106,6 +3237,13 @@ }, "type": "object" }, + "DigitGroupingStyle": { + "enum": [ + "DEFAULT", + "LAKHS" + ], + "type": "string" + }, "DimensionField": { "additionalProperties": false, "properties": { @@ -3475,6 +3613,9 @@ "FieldWells": { "$ref": "#/definitions/FilledMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -4087,6 +4228,9 @@ "FontDecoration": { "$ref": "#/definitions/FontDecoration" }, + "FontFamily": { + "type": "string" + }, "FontSize": { "$ref": "#/definitions/FontSize" }, @@ -4425,6 +4569,9 @@ "FieldWells": { "$ref": "#/definitions/FunnelChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/FunnelChartSortConfiguration" }, @@ -4558,6 +4705,20 @@ }, "type": "object" }, + "GaugeChartColorConfiguration": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + }, + "ForegroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "type": "object" + }, "GaugeChartConditionalFormatting": { "additionalProperties": false, "properties": { @@ -4587,6 +4748,9 @@ "GaugeChartConfiguration": { "additionalProperties": false, "properties": { + "ColorConfiguration": { + "$ref": "#/definitions/GaugeChartColorConfiguration" + }, "DataLabels": { "$ref": "#/definitions/DataLabelOptions" }, @@ -4596,6 +4760,9 @@ "GaugeChartOptions": { "$ref": "#/definitions/GaugeChartOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "TooltipOptions": { "$ref": "#/definitions/TooltipOptions" }, @@ -5013,7 +5180,9 @@ "GeospatialLayerMapConfiguration": { "additionalProperties": false, "properties": { - "Interactions": {}, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5119,7 +5288,9 @@ "FieldWells": { "$ref": "#/definitions/GeospatialMapFieldWells" }, - "Interactions": {}, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5623,6 +5794,9 @@ "FieldWells": { "$ref": "#/definitions/HeatMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5772,6 +5946,9 @@ "FieldWells": { "$ref": "#/definitions/HistogramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -5993,6 +6170,9 @@ }, "CustomNarrative": { "$ref": "#/definitions/CustomNarrativeOptions" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -6202,6 +6382,9 @@ "FieldWells": { "$ref": "#/definitions/KPIFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "KPIOptions": { "$ref": "#/definitions/KPIOptions" }, @@ -6664,6 +6847,9 @@ "minItems": 0, "type": "array" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -7265,7 +7451,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -8121,6 +8309,9 @@ "FieldWells": { "$ref": "#/definitions/PieChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -8349,6 +8540,9 @@ "FieldWells": { "$ref": "#/definitions/PivotTableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/PivotTablePaginatedReportOptions" }, @@ -9002,6 +9196,9 @@ "FieldWells": { "$ref": "#/definitions/RadarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -9535,6 +9732,9 @@ "FieldWells": { "$ref": "#/definitions/SankeyDiagramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/SankeyDiagramSortConfiguration" } @@ -9662,9 +9862,15 @@ "FieldWells": { "$ref": "#/definitions/ScatterPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, + "SortConfiguration": { + "$ref": "#/definitions/ScatterPlotSortConfiguration" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -9698,6 +9904,15 @@ }, "type": "object" }, + "ScatterPlotSortConfiguration": { + "additionalProperties": false, + "properties": { + "ScatterPlotLimitConfiguration": { + "$ref": "#/definitions/ItemsLimitConfiguration" + } + }, + "type": "object" + }, "ScatterPlotUnaggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -10003,14 +10218,6 @@ "additionalProperties": false, "description": "A sheet, which is an object that contains a set of visuals that\n are viewed together on one page in Amazon QuickSight. Every analysis and dashboard\n contains at least one sheet. Each sheet contains at least one visualization widget, for\n example a chart, pivot table, or narrative insight. Sheets can be associated with other\n components, such as controls, filters, and so on.
", "properties": { - "Images": { - "items": { - "$ref": "#/definitions/SheetImage" - }, - "maxItems": 10, - "minItems": 0, - "type": "array" - }, "Name": { "description": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight\n console.
", "maxLength": 2048, @@ -10924,6 +11131,9 @@ "FieldWells": { "$ref": "#/definitions/TableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/TablePaginatedReportOptions" }, @@ -11066,6 +11276,14 @@ "maxItems": 100, "minItems": 0, "type": "array" + }, + "TransposedTableOptions": { + "items": { + "$ref": "#/definitions/TransposedTableOption" + }, + "maxItems": 10001, + "minItems": 0, + "type": "array" } }, "type": "object" @@ -11383,6 +11601,9 @@ "ThousandSeparatorOptions": { "additionalProperties": false, "properties": { + "GroupingStyle": { + "$ref": "#/definitions/DigitGroupingStyle" + }, "Symbol": { "$ref": "#/definitions/NumericSeparatorSymbol" }, @@ -11820,6 +12041,34 @@ }, "type": "object" }, + "TransposedColumnType": { + "enum": [ + "ROW_HEADER_COLUMN", + "VALUE_COLUMN" + ], + "type": "string" + }, + "TransposedTableOption": { + "additionalProperties": false, + "properties": { + "ColumnIndex": { + "maximum": 9999, + "minimum": 0, + "type": "number" + }, + "ColumnType": { + "$ref": "#/definitions/TransposedColumnType" + }, + "ColumnWidth": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + } + }, + "required": [ + "ColumnType" + ], + "type": "object" + }, "TreeMapAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -11868,6 +12117,9 @@ "GroupLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -12217,6 +12469,18 @@ ], "type": "string" }, + "VisualInteractionOptions": { + "additionalProperties": false, + "properties": { + "ContextMenuOption": { + "$ref": "#/definitions/ContextMenuOption" + }, + "VisualMenuOption": { + "$ref": "#/definitions/VisualMenuOption" + } + }, + "type": "object" + }, "VisualMenuOption": { "additionalProperties": false, "properties": { @@ -12325,6 +12589,9 @@ "FieldWells": { "$ref": "#/definitions/WaterfallChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -12523,6 +12790,9 @@ "FieldWells": { "$ref": "#/definitions/WordCloudFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/WordCloudSortConfiguration" }, @@ -12864,6 +13134,18 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::Dashboard", "writeOnlyProperties": [ "/properties/DashboardPublishOptions", diff --git a/schema/aws-quicksight-dataset.json b/schema/aws-quicksight-dataset.json index fca7232..705c942 100644 --- a/schema/aws-quicksight-dataset.json +++ b/schema/aws-quicksight-dataset.json @@ -157,13 +157,10 @@ "$ref": "#/definitions/CalculatedColumn" }, "maxItems": 128, - "minItems": 1, + "minItems": 0, "type": "array" } }, - "required": [ - "Columns" - ], "type": "object" }, "CustomSql": { @@ -214,6 +211,9 @@ "additionalProperties": false, "description": "The refresh properties of a dataset.
", "properties": { + "FailureConfiguration": { + "$ref": "#/definitions/RefreshFailureConfiguration" + }, "RefreshConfiguration": { "$ref": "#/definitions/RefreshConfiguration" } @@ -237,6 +237,12 @@ }, "type": "object" }, + "DataSetUseAs": { + "enum": [ + "RLS_RULES" + ], + "type": "string" + }, "DatasetParameter": { "additionalProperties": false, "description": "A dataset parameter.
", @@ -902,7 +908,7 @@ "type": "string" }, "maxItems": 2000, - "minItems": 1, + "minItems": 0, "type": "array" } }, @@ -924,6 +930,31 @@ ], "type": "object" }, + "RefreshFailureAlertStatus": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, + "RefreshFailureConfiguration": { + "additionalProperties": false, + "properties": { + "EmailAlert": { + "$ref": "#/definitions/RefreshFailureEmailAlert" + } + }, + "type": "object" + }, + "RefreshFailureEmailAlert": { + "additionalProperties": false, + "properties": { + "AlertStatus": { + "$ref": "#/definitions/RefreshFailureAlertStatus" + } + }, + "type": "object" + }, "RelationalTable": { "additionalProperties": false, "description": "A physical table type for relational data sources.
", @@ -984,8 +1015,7 @@ } }, "required": [ - "ColumnName", - "NewColumnName" + "ColumnName" ], "type": "object" }, @@ -1148,11 +1178,12 @@ "minItems": 1, "type": "array" }, - "UploadSettings": {} + "UploadSettings": { + "$ref": "#/definitions/UploadSettings" + } }, "required": [ - "DataSourceArn", - "InputColumns" + "DataSourceArn" ], "type": "object" }, @@ -1582,6 +1613,9 @@ "maxItems": 200, "minItems": 1, "type": "array" + }, + "UseAs": { + "$ref": "#/definitions/DataSetUseAs" } }, "readOnlyProperties": [ @@ -1593,6 +1627,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-quicksight-datasource.json b/schema/aws-quicksight-datasource.json index c034a36..e3e43d5 100644 --- a/schema/aws-quicksight-datasource.json +++ b/schema/aws-quicksight-datasource.json @@ -1158,6 +1158,18 @@ "Type" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::DataSource", "writeOnlyProperties": [ "/properties/Credentials", diff --git a/schema/aws-quicksight-template.json b/schema/aws-quicksight-template.json index ea982ea..5104466 100644 --- a/schema/aws-quicksight-template.json +++ b/schema/aws-quicksight-template.json @@ -388,6 +388,9 @@ "FieldWells": { "$ref": "#/definitions/BarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -574,6 +577,9 @@ "PageBreakConfiguration": { "$ref": "#/definitions/SectionPageBreakConfiguration" }, + "RepeatConfiguration": { + "$ref": "#/definitions/BodySectionRepeatConfiguration" + }, "SectionId": { "maxLength": 512, "minLength": 1, @@ -599,6 +605,105 @@ }, "type": "object" }, + "BodySectionDynamicCategoryDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionDynamicNumericDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "Column": { + "$ref": "#/definitions/ColumnIdentifier" + }, + "Limit": { + "maximum": 1000, + "minimum": 1, + "type": "number" + }, + "SortByMetrics": { + "items": { + "$ref": "#/definitions/ColumnSort" + }, + "maxItems": 100, + "minItems": 0, + "type": "array" + } + }, + "required": [ + "Column" + ], + "type": "object" + }, + "BodySectionRepeatConfiguration": { + "additionalProperties": false, + "properties": { + "DimensionConfigurations": { + "items": { + "$ref": "#/definitions/BodySectionRepeatDimensionConfiguration" + }, + "maxItems": 3, + "minItems": 0, + "type": "array" + }, + "NonRepeatingVisuals": { + "items": { + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\w\\-]+$", + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, + "PageBreakConfiguration": { + "$ref": "#/definitions/BodySectionRepeatPageBreakConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatDimensionConfiguration": { + "additionalProperties": false, + "properties": { + "DynamicCategoryDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicCategoryDimensionConfiguration" + }, + "DynamicNumericDimensionConfiguration": { + "$ref": "#/definitions/BodySectionDynamicNumericDimensionConfiguration" + } + }, + "type": "object" + }, + "BodySectionRepeatPageBreakConfiguration": { + "additionalProperties": false, + "properties": { + "After": { + "$ref": "#/definitions/SectionAfterPageBreak" + } + }, + "type": "object" + }, "BoxPlotAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -636,6 +741,9 @@ "FieldWells": { "$ref": "#/definitions/BoxPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1284,6 +1392,9 @@ "FieldWells": { "$ref": "#/definitions/ComboChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -1628,6 +1739,15 @@ ], "type": "object" }, + "ContextMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "ContributionAnalysisDefault": { "additionalProperties": false, "properties": { @@ -1787,6 +1907,9 @@ }, "ImageScaling": { "$ref": "#/definitions/CustomContentImageScalingConfiguration" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -1977,6 +2100,13 @@ ], "type": "object" }, + "DashboardBehavior": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "DataBarsOptions": { "additionalProperties": false, "properties": { @@ -2427,11 +2557,13 @@ "DateTimePickerControlDisplayOptions": { "additionalProperties": false, "properties": { + "DateIconVisibility": {}, "DateTimeFormat": { "maxLength": 128, "minLength": 1, "type": "string" }, + "HelperTextVisibility": {}, "InfoIconLabelOptions": { "$ref": "#/definitions/SheetControlInfoIconLabelOptions" }, @@ -2795,6 +2927,13 @@ }, "type": "object" }, + "DigitGroupingStyle": { + "enum": [ + "DEFAULT", + "LAKHS" + ], + "type": "string" + }, "DimensionField": { "additionalProperties": false, "properties": { @@ -3126,6 +3265,9 @@ "FieldWells": { "$ref": "#/definitions/FilledMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -3738,6 +3880,9 @@ "FontDecoration": { "$ref": "#/definitions/FontDecoration" }, + "FontFamily": { + "type": "string" + }, "FontSize": { "$ref": "#/definitions/FontSize" }, @@ -3760,6 +3905,10 @@ "FontSize": { "additionalProperties": false, "properties": { + "Absolute": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + }, "Relative": { "$ref": "#/definitions/RelativeFontSize" } @@ -4066,6 +4215,9 @@ "FieldWells": { "$ref": "#/definitions/FunnelChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/FunnelChartSortConfiguration" }, @@ -4193,6 +4345,20 @@ }, "type": "object" }, + "GaugeChartColorConfiguration": { + "additionalProperties": false, + "properties": { + "BackgroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + }, + "ForegroundColor": { + "pattern": "^#[A-F0-9]{6}$", + "type": "string" + } + }, + "type": "object" + }, "GaugeChartConditionalFormatting": { "additionalProperties": false, "properties": { @@ -4222,6 +4388,9 @@ "GaugeChartConfiguration": { "additionalProperties": false, "properties": { + "ColorConfiguration": { + "$ref": "#/definitions/GaugeChartColorConfiguration" + }, "DataLabels": { "$ref": "#/definitions/DataLabelOptions" }, @@ -4231,6 +4400,9 @@ "GaugeChartOptions": { "$ref": "#/definitions/GaugeChartOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "TooltipOptions": { "$ref": "#/definitions/TooltipOptions" }, @@ -4897,6 +5069,9 @@ "FieldWells": { "$ref": "#/definitions/HeatMapFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -5046,6 +5221,9 @@ "FieldWells": { "$ref": "#/definitions/HistogramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -5221,7 +5399,9 @@ "ImageMenuOption": { "additionalProperties": false, "properties": { - "AvailabilityStatus": {} + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } }, "type": "object" }, @@ -5265,6 +5445,9 @@ }, "CustomNarrative": { "$ref": "#/definitions/CustomNarrativeOptions" + }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" } }, "type": "object" @@ -5450,6 +5633,9 @@ "FieldWells": { "$ref": "#/definitions/KPIFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "KPIOptions": { "$ref": "#/definitions/KPIOptions" }, @@ -5902,6 +6088,9 @@ "minItems": 0, "type": "array" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -6475,7 +6664,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -7280,6 +7471,9 @@ "FieldWells": { "$ref": "#/definitions/PieChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -7508,6 +7702,9 @@ "FieldWells": { "$ref": "#/definitions/PivotTableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/PivotTablePaginatedReportOptions" }, @@ -8153,6 +8350,9 @@ "FieldWells": { "$ref": "#/definitions/RadarChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -8684,6 +8884,9 @@ "FieldWells": { "$ref": "#/definitions/SankeyDiagramFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/SankeyDiagramSortConfiguration" } @@ -8811,9 +9014,15 @@ "FieldWells": { "$ref": "#/definitions/ScatterPlotFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, + "SortConfiguration": { + "$ref": "#/definitions/ScatterPlotSortConfiguration" + }, "Tooltip": { "$ref": "#/definitions/TooltipOptions" }, @@ -8847,6 +9056,15 @@ }, "type": "object" }, + "ScatterPlotSortConfiguration": { + "additionalProperties": false, + "properties": { + "ScatterPlotLimitConfiguration": { + "$ref": "#/definitions/ItemsLimitConfiguration" + } + }, + "type": "object" + }, "ScatterPlotUnaggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -9148,14 +9366,6 @@ "additionalProperties": false, "description": "A sheet, which is an object that contains a set of visuals that\n are viewed together on one page in Amazon QuickSight. Every analysis and dashboard\n contains at least one sheet. Each sheet contains at least one visualization widget, for\n example a chart, pivot table, or narrative insight. Sheets can be associated with other\n components, such as controls, filters, and so on.
", "properties": { - "Images": { - "items": { - "$ref": "#/definitions/SheetImage" - }, - "maxItems": 10, - "minItems": 0, - "type": "array" - }, "Name": { "description": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight\n console.
", "maxLength": 2048, @@ -10016,6 +10226,9 @@ "FieldWells": { "$ref": "#/definitions/TableFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "PaginatedReportOptions": { "$ref": "#/definitions/TablePaginatedReportOptions" }, @@ -10156,6 +10369,14 @@ "maxItems": 100, "minItems": 0, "type": "array" + }, + "TransposedTableOptions": { + "items": { + "$ref": "#/definitions/TransposedTableOption" + }, + "maxItems": 10001, + "minItems": 0, + "type": "array" } }, "type": "object" @@ -10676,6 +10897,9 @@ "ThousandSeparatorOptions": { "additionalProperties": false, "properties": { + "GroupingStyle": { + "$ref": "#/definitions/DigitGroupingStyle" + }, "Symbol": { "$ref": "#/definitions/NumericSeparatorSymbol" }, @@ -11107,6 +11331,34 @@ }, "type": "object" }, + "TransposedColumnType": { + "enum": [ + "ROW_HEADER_COLUMN", + "VALUE_COLUMN" + ], + "type": "string" + }, + "TransposedTableOption": { + "additionalProperties": false, + "properties": { + "ColumnIndex": { + "maximum": 9999, + "minimum": 0, + "type": "number" + }, + "ColumnType": { + "$ref": "#/definitions/TransposedColumnType" + }, + "ColumnWidth": { + "description": "String based length that is composed of value and unit in px", + "type": "string" + } + }, + "required": [ + "ColumnType" + ], + "type": "object" + }, "TreeMapAggregatedFieldWells": { "additionalProperties": false, "properties": { @@ -11155,6 +11407,9 @@ "GroupLabelOptions": { "$ref": "#/definitions/ChartAxisLabelOptions" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -11490,6 +11745,27 @@ ], "type": "string" }, + "VisualInteractionOptions": { + "additionalProperties": false, + "properties": { + "ContextMenuOption": { + "$ref": "#/definitions/ContextMenuOption" + }, + "VisualMenuOption": { + "$ref": "#/definitions/VisualMenuOption" + } + }, + "type": "object" + }, + "VisualMenuOption": { + "additionalProperties": false, + "properties": { + "AvailabilityStatus": { + "$ref": "#/definitions/DashboardBehavior" + } + }, + "type": "object" + }, "VisualPalette": { "additionalProperties": false, "properties": { @@ -11585,6 +11861,9 @@ "FieldWells": { "$ref": "#/definitions/WaterfallChartFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "Legend": { "$ref": "#/definitions/LegendOptions" }, @@ -11783,6 +12062,9 @@ "FieldWells": { "$ref": "#/definitions/WordCloudFieldWells" }, + "Interactions": { + "$ref": "#/definitions/VisualInteractionOptions" + }, "SortConfiguration": { "$ref": "#/definitions/WordCloudSortConfiguration" }, @@ -12074,6 +12356,18 @@ "TemplateId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::QuickSight::Template", "writeOnlyProperties": [ "/properties/Definition", diff --git a/schema/aws-quicksight-theme.json b/schema/aws-quicksight-theme.json index 2df8683..8f35348 100644 --- a/schema/aws-quicksight-theme.json +++ b/schema/aws-quicksight-theme.json @@ -517,10 +517,17 @@ "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-quicksight", - "typeName": "AWS::QuickSight::Theme", - "writeOnlyProperties": [ - "/properties/BaseThemeId", - "/properties/Configuration", - "/properties/VersionDescription" - ] + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::QuickSight::Theme" } diff --git a/schema/aws-quicksight-topic.json b/schema/aws-quicksight-topic.json index 0f76d13..3b91c33 100644 --- a/schema/aws-quicksight-topic.json +++ b/schema/aws-quicksight-topic.json @@ -2,6 +2,7 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/AwsAccountId", + "/properties/FolderArns", "/properties/TopicId" ], "definitions": { @@ -390,7 +391,9 @@ "THOUSANDS", "MILLIONS", "BILLIONS", - "TRILLIONS" + "TRILLIONS", + "LAKHS", + "CRORES" ], "type": "string" }, @@ -684,6 +687,16 @@ ], "type": "object" }, + "TopicConfigOptions": { + "additionalProperties": false, + "description": "Model for configuration of a Topic", + "properties": { + "QBusinessInsightsEnabled": { + "type": "boolean" + } + }, + "type": "object" + }, "TopicDateRangeFilter": { "additionalProperties": false, "properties": { @@ -700,6 +713,9 @@ "TopicDetails": { "additionalProperties": false, "properties": { + "ConfigOptions": { + "$ref": "#/definitions/TopicConfigOptions" + }, "DataSets": { "items": { "$ref": "#/definitions/DatasetMetadata" @@ -983,6 +999,9 @@ "pattern": "^[0-9]{12}$", "type": "string" }, + "ConfigOptions": { + "$ref": "#/definitions/TopicConfigOptions" + }, "DataSets": { "items": { "$ref": "#/definitions/DatasetMetadata" @@ -994,6 +1013,14 @@ "minLength": 0, "type": "string" }, + "FolderArns": { + "items": { + "type": "string" + }, + "maxItems": 20, + "minItems": 0, + "type": "array" + }, "Name": { "maxLength": 128, "minLength": 1, @@ -1018,5 +1045,8 @@ "tagUpdatable": false, "taggable": false }, - "typeName": "AWS::QuickSight::Topic" + "typeName": "AWS::QuickSight::Topic", + "writeOnlyProperties": [ + "/properties/FolderArns" + ] } diff --git a/schema/aws-quicksight-vpcconnection.json b/schema/aws-quicksight-vpcconnection.json index 2e0f38b..b5dc487 100644 --- a/schema/aws-quicksight-vpcconnection.json +++ b/schema/aws-quicksight-vpcconnection.json @@ -249,6 +249,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "quicksight:TagResource", + "quicksight:UntagResource", + "quicksight:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-ram-permission.json b/schema/aws-ram-permission.json index c6126c8..9c9dfa3 100644 --- a/schema/aws-ram-permission.json +++ b/schema/aws-ram-permission.json @@ -121,7 +121,12 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ram", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ram:TagResource", + "ram:UntagResource" + ], "tagOnCreate": true, + "tagProperty": "/properties/Tags", "tagUpdatable": true, "taggable": true }, diff --git a/schema/aws-rds-dbcluster.json b/schema/aws-rds-dbcluster.json index 20a38cc..2bd3711 100644 --- a/schema/aws-rds-dbcluster.json +++ b/schema/aws-rds-dbcluster.json @@ -306,7 +306,7 @@ "type": "string" }, "DatabaseInsightsMode": { - "description": "The mode of Database Insights to enable for the DB cluster.\n If you set this value to ``advanced``, you must also set the ``PerformanceInsightsEnabled`` parameter to ``true`` and the ``PerformanceInsightsRetentionPeriod`` parameter to 465.\n Valid for Cluster Type: Aurora DB clusters only", + "description": "The mode of Database Insights to enable for the DB cluster.\n If you set this value to ``advanced``, you must also set the ``PerformanceInsightsEnabled`` parameter to ``true`` and the ``PerformanceInsightsRetentionPeriod`` parameter to 465.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" }, "DatabaseName": { @@ -423,7 +423,7 @@ "type": "string" }, "PerformanceInsightsRetentionPeriod": { - "description": "The number of days to retain Performance Insights data.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS issues an error.", + "description": "The number of days to retain Performance Insights data. When creating a DB cluster without enabling Performance Insights, you can't specify the parameter ``PerformanceInsightsRetentionPeriod``.\n Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS issues an error.", "type": "integer" }, "Port": { @@ -435,7 +435,7 @@ "type": "string" }, "PreferredMaintenanceWindow": { - "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Cluster Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) in the *Amazon Aurora User Guide.* \n Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.\n Constraints: Minimum 30-minute window.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", + "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Maintaining an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) in the *Amazon Aurora User Guide.* \n Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.\n Constraints: Minimum 30-minute window.\n Valid for: Aurora DB clusters and Multi-AZ DB clusters", "type": "string" }, "PubliclyAccessible": { @@ -444,7 +444,7 @@ }, "ReadEndpoint": { "$ref": "#/definitions/ReadEndpoint", - "description": "This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions:\n + ``CreateDBInstance`` \n + ``DescribeDBInstances`` \n + ``DeleteDBInstance`` \n \n For the data structure that represents Amazon Aurora DB cluster endpoints, see ``DBClusterEndpoint``." + "description": "" }, "ReplicationSourceIdentifier": { "description": "The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.\n Valid for: Aurora DB clusters only", @@ -535,6 +535,7 @@ "/properties/Endpoint", "/properties/Endpoint/Address", "/properties/Endpoint/Port", + "/properties/ReadEndpoint", "/properties/ReadEndpoint/Address", "/properties/MasterUserSecret/SecretArn", "/properties/StorageThroughput" diff --git a/schema/aws-rds-dbinstance.json b/schema/aws-rds-dbinstance.json index 7abf315..005e539 100644 --- a/schema/aws-rds-dbinstance.json +++ b/schema/aws-rds-dbinstance.json @@ -234,6 +234,7 @@ "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", + "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeEvents", "rds:ModifyDBInstance", "rds:PromoteReadReplica", @@ -261,6 +262,10 @@ "description": "A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.", "type": "boolean" }, + "ApplyImmediately": { + "description": "Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the ``PreferredMaintenanceWindow`` setting. If set to ``false``, changes are applied during the next maintenance window. Until RDS applies the changes, the DB instance remains in a drift state. As a result, the configuration doesn't fully reflect the requested modifications and temporarily diverges from the intended state.\n In addition to the settings described in [Modifying a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html), this property also determines whether the DB instance reboots when a static parameter is modified in the associated DB parameter group.\n Default: ``true``", + "type": "boolean" + }, "AssociatedRoles": { "description": "The IAMlong (IAM) roles associated with the DB instance. \n *Amazon Aurora* \n Not applicable. The associated roles are managed by the DB cluster.", "items": { @@ -280,6 +285,11 @@ "description": "The AWS-Region associated with the automated backup.", "type": "string" }, + "AutomaticBackupReplicationRetentionPeriod": { + "description": "The retention period for automated backups in a different AWS Region. Use this parameter to set a unique retention period that only applies to cross-Region automated backups. To enable automated backups in a different Region, specify a positive value for the ``AutomaticBackupReplicationRegion`` parameter. \n If not specified, this parameter defaults to the value of the ``BackupRetentionPeriod`` parameter. The maximum allowed value is 35.", + "minimum": 1, + "type": "integer" + }, "AvailabilityZone": { "description": "The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html).\n For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one.\n Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region.\n Constraints:\n + The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment.\n + The specified Availability Zone must be in the same AWS-Region as the current endpoint.\n \n Example: ``us-east-1d``", "type": "string" @@ -295,7 +305,7 @@ }, "CertificateDetails": { "$ref": "#/definitions/CertificateDetails", - "description": "The details of the DB instance's server certificate." + "description": "" }, "CertificateRotationRestart": { "description": "Specifies whether the DB instance is restarted when you rotate your SSL/TLS certificate.\n By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted.\n Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance.\n If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate:\n + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* \n + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*.\n \n This setting doesn't apply to RDS Custom DB instances.", @@ -353,11 +363,11 @@ "uniqueItems": true }, "DBSnapshotIdentifier": { - "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an unencrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster.", + "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties, and the point-in-time recovery properties ``RestoreTime`` and ``UseLatestRestorableTime``. For information about the properties that you can specify, see the [RestoreDBInstanceFromDBSnapshot](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html) action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an unencrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster.", "type": "string" }, "DBSubnetGroupName": { - "description": "A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. \n If there's no DB subnet group, then the DB instance isn't a VPC DB instance.\n For more information about using Amazon RDS in a VPC, see [Amazon VPC and Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. \n This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.", + "description": "A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. \n If you don't specify a DB subnet group, RDS uses the default DB subnet group if one exists. If a default DB subnet group does not exist, and you don't specify a ``DBSubnetGroupName``, the DB instance fails to launch. \n For more information about using Amazon RDS in a VPC, see [Amazon VPC and Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. \n This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.", "type": "string" }, "DBSystemId": { @@ -428,7 +438,7 @@ }, "Endpoint": { "$ref": "#/definitions/Endpoint", - "description": "The connection endpoint for the DB instance.\n The endpoint might not be shown for instances with the status of ``creating``." + "description": "" }, "Engine": { "description": "The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region.\n This property is required when creating a DB instance.\n You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb``. Converting to the CDB architecture requires an interruption.\n Valid Values:\n + ``aurora-mysql`` (for Aurora MySQL DB instances)\n + ``aurora-postgresql`` (for Aurora PostgreSQL DB instances)\n + ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances)\n + ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances)\n + ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances)\n + ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances)\n + ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances)\n + ``db2-ae`` \n + ``db2-se`` \n + ``mariadb`` \n + ``mysql`` \n + ``oracle-ee`` \n + ``oracle-ee-cdb`` \n + ``oracle-se2`` \n + ``oracle-se2-cdb`` \n + ``postgres`` \n + ``sqlserver-ee`` \n + ``sqlserver-se`` \n + ``sqlserver-ex`` \n + ``sqlserver-web``", @@ -506,7 +516,7 @@ "type": "string" }, "PerformanceInsightsRetentionPeriod": { - "description": "The number of days to retain Performance Insights data.\n This setting doesn't apply to RDS Custom DB instances.\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error.", + "description": "The number of days to retain Performance Insights data. When creating a DB instance without enabling Performance Insights, you can't specify the parameter ``PerformanceInsightsRetentionPeriod``.\n This setting doesn't apply to RDS Custom DB instances.\n Valid Values:\n + ``7`` \n + *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31)\n + ``731`` \n \n Default: ``7`` days\n If you specify a retention period that isn't valid, such as ``94``, Amazon RDS returns an error.", "type": "integer" }, "Port": { @@ -519,7 +529,7 @@ "type": "string" }, "PreferredMaintenanceWindow": { - "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* \n This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.\n Constraints: Minimum 30-minute window.", + "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n Format: ``ddd:hh24:mi-ddd:hh24:mi`` \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Maintaining a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* \n This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.\n Constraints: Minimum 30-minute window.", "type": "string" }, "ProcessorFeatures": { @@ -572,11 +582,11 @@ "type": "boolean" }, "StorageThroughput": { - "description": "Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. \n This setting doesn't apply to RDS Custom or Amazon Aurora.", + "description": "Specifies the storage throughput value, in mebibyte per second (MiBps), for the DB instance. This setting applies only to the ``gp3`` storage type. \n This setting doesn't apply to RDS Custom or Amazon Aurora.", "type": "integer" }, "StorageType": { - "description": "The storage type to associate with the DB instance.\n If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter.\n This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.\n Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` \n Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp2``.", + "description": "The storage type to associate with the DB instance.\n If you specify ``io1``, ``io2``, or ``gp3``, you must also include a value for the ``Iops`` parameter.\n This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.\n Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` \n Default: ``io1``, if the ``Iops`` parameter is specified. Otherwise, ``gp3``.", "type": "string" }, "Tags": { @@ -639,15 +649,16 @@ "/properties/StorageType": "$lowercase(StorageType)" }, "readOnlyProperties": [ + "/properties/Endpoint", "/properties/Endpoint/Address", "/properties/Endpoint/Port", "/properties/Endpoint/HostedZoneId", "/properties/DbiResourceId", "/properties/DBInstanceArn", "/properties/MasterUserSecret/SecretArn", + "/properties/CertificateDetails", "/properties/CertificateDetails/CAIdentifier", - "/properties/CertificateDetails/ValidTill", - "/properties/DatabaseInsightsMode" + "/properties/CertificateDetails/ValidTill" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { @@ -676,6 +687,7 @@ "/properties/SourceRegion", "/properties/TdeCredentialPassword", "/properties/UseDefaultProcessorFeatures", - "/properties/UseLatestRestorableTime" + "/properties/UseLatestRestorableTime", + "/properties/ApplyImmediately" ] } diff --git a/schema/aws-rds-dbparametergroup.json b/schema/aws-rds-dbparametergroup.json index f472e98..c397df7 100644 --- a/schema/aws-rds-dbparametergroup.json +++ b/schema/aws-rds-dbparametergroup.json @@ -93,7 +93,7 @@ "type": "string" }, "Parameters": { - "description": "An array of parameter names and values for the parameter update. You must specify at least one parameter name and value.\n For more information about parameter groups, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*, or [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.\n AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.", + "description": "A mapping of parameter names and values for the parameter update. You must specify at least one parameter name and value.\n For more information about parameter groups, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*, or [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.\n AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.", "type": "object" }, "Tags": { diff --git a/schema/aws-rds-dbproxy.json b/schema/aws-rds-dbproxy.json index be20059..84cfb40 100644 --- a/schema/aws-rds-dbproxy.json +++ b/schema/aws-rds-dbproxy.json @@ -195,6 +195,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource", + "rds:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-rds-dbproxyendpoint.json b/schema/aws-rds-dbproxyendpoint.json index 8db2f30..efd2899 100644 --- a/schema/aws-rds-dbproxyendpoint.json +++ b/schema/aws-rds-dbproxyendpoint.json @@ -139,6 +139,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource", + "rds:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-rds-globalcluster.json b/schema/aws-rds-globalcluster.json index 3e0e94c..958180e 100644 --- a/schema/aws-rds-globalcluster.json +++ b/schema/aws-rds-globalcluster.json @@ -153,6 +153,9 @@ "propertyTransform": { "/properties/GlobalClusterIdentifier": "$lowercase(GlobalClusterIdentifier)" }, + "readOnlyProperties": [ + "/properties/GlobalEndpoint" + ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds", "tagging": { "cloudFormationSystemTags": true, diff --git a/schema/aws-redshift-cluster.json b/schema/aws-redshift-cluster.json index e699ac0..5e0195d 100644 --- a/schema/aws-redshift-cluster.json +++ b/schema/aws-redshift-cluster.json @@ -388,7 +388,7 @@ "type": "object" }, "NodeType": { - "description": "The node type to be provisioned for the cluster.Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.4xlarge | ra3.16xlarge", + "description": "The node type to be provisioned for the cluster.Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.large | ra3.4xlarge | ra3.16xlarge", "type": "string" }, "NumberOfNodes": { diff --git a/schema/aws-redshift-clusterparametergroup.json b/schema/aws-redshift-clusterparametergroup.json index 6ba4f11..83ae82b 100644 --- a/schema/aws-redshift-clusterparametergroup.json +++ b/schema/aws-redshift-clusterparametergroup.json @@ -73,6 +73,7 @@ "delete": { "permissions": [ "redshift:DescribeTags", + "redshift:DeleteTags", "redshift:DescribeClusterParameterGroups", "redshift:DeleteClusterParameterGroup", "redshift:DescribeClusterParameters", @@ -147,12 +148,16 @@ "ParameterGroupFamily" ], "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "redshift:DescribeTags", + "redshift:CreateTags", + "redshift:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::Redshift::ClusterParameterGroup", - "writeOnlyProperties": [ - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" - ] + "typeName": "AWS::Redshift::ClusterParameterGroup" } diff --git a/schema/aws-redshift-clustersubnetgroup.json b/schema/aws-redshift-clustersubnetgroup.json index 5aaadeb..840ee55 100644 --- a/schema/aws-redshift-clustersubnetgroup.json +++ b/schema/aws-redshift-clustersubnetgroup.json @@ -159,7 +159,7 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-redshift", "tagging": { - "taggable": true + "taggable": false }, "typeName": "AWS::Redshift::ClusterSubnetGroup", "writeOnlyProperties": [ diff --git a/schema/aws-redshift-eventsubscription.json b/schema/aws-redshift-eventsubscription.json index 8cc1cfb..1018e93 100644 --- a/schema/aws-redshift-eventsubscription.json +++ b/schema/aws-redshift-eventsubscription.json @@ -188,7 +188,7 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-redshift", "tagging": { - "taggable": true + "taggable": false }, "typeName": "AWS::Redshift::EventSubscription", "writeOnlyProperties": [ diff --git a/schema/aws-redshiftserverless-namespace.json b/schema/aws-redshiftserverless-namespace.json index e2fadee..e53f887 100644 --- a/schema/aws-redshiftserverless-namespace.json +++ b/schema/aws-redshiftserverless-namespace.json @@ -1,8 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ - "/properties/NamespaceName", - "/properties/Tags" + "/properties/NamespaceName" ], "definitions": { "LogExport": { diff --git a/schema/aws-redshiftserverless-workgroup.json b/schema/aws-redshiftserverless-workgroup.json index 46813cc..43cafa8 100644 --- a/schema/aws-redshiftserverless-workgroup.json +++ b/schema/aws-redshiftserverless-workgroup.json @@ -179,6 +179,12 @@ }, "type": "array" }, + "TrackName": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_]+$", + "type": "string" + }, "WorkgroupArn": { "type": "string" }, @@ -220,7 +226,9 @@ "redshift-serverless:GetWorkgroup", "redshift-serverless:GetNamespace", "redshift-serverless:ListTagsForResource", - "redshift-serverless:TagResource" + "redshift-serverless:TagResource", + "redshift-serverless:RestoreFromSnapshot", + "redshift-serverless:RestoreFromRecoveryPoint" ] }, "delete": { @@ -281,7 +289,9 @@ "redshift-serverless:UpdateWorkgroup", "redshift-serverless:ListTagsForResource", "redshift-serverless:TagResource", - "redshift-serverless:UntagResource" + "redshift-serverless:UntagResource", + "redshift-serverless:RestoreFromSnapshot", + "redshift-serverless:RestoreFromRecoveryPoint" ] } }, @@ -333,6 +343,10 @@ "description": "A value that specifies whether the workgroup can be accessible from a public network.", "type": "boolean" }, + "RecoveryPointId": { + "description": "The recovery point id to restore from.", + "type": "string" + }, "SecurityGroupIds": { "description": "A list of security group IDs to associate with the workgroup.", "insertionOrder": false, @@ -346,6 +360,18 @@ "minItems": 1, "type": "array" }, + "SnapshotArn": { + "description": "The Amazon Resource Name (ARN) of the snapshot to restore from.", + "type": "string" + }, + "SnapshotName": { + "description": "The snapshot name to restore from.", + "type": "string" + }, + "SnapshotOwnerAccount": { + "description": "The Amazon Web Services account that owns the snapshot.", + "type": "string" + }, "SubnetIds": { "description": "A list of subnet IDs the workgroup is associated with.", "insertionOrder": false, @@ -369,6 +395,12 @@ "minItems": 0, "type": "array" }, + "TrackName": { + "maxLength": 256, + "minLength": 1, + "pattern": "^[a-zA-Z0-9_]+$", + "type": "string" + }, "Workgroup": { "$ref": "#/definitions/Workgroup", "description": "Definition for workgroup resource" @@ -382,7 +414,6 @@ } }, "readOnlyProperties": [ - "/properties/Workgroup", "/properties/Workgroup/WorkgroupId", "/properties/Workgroup/WorkgroupArn", "/properties/Workgroup/WorkgroupName", @@ -394,6 +425,7 @@ "/properties/Workgroup/ConfigParameters/*/ParameterValue", "/properties/Workgroup/SecurityGroupIds", "/properties/Workgroup/SubnetIds", + "/properties/Workgroup/TrackName", "/properties/Workgroup/Status", "/properties/Workgroup/Endpoint/Address", "/properties/Workgroup/Endpoint/Port", @@ -424,10 +456,12 @@ }, "typeName": "AWS::RedshiftServerless::Workgroup", "writeOnlyProperties": [ - "/properties/BaseCapacity", - "/properties/MaxCapacity", "/properties/ConfigParameters", "/properties/SecurityGroupIds", - "/properties/SubnetIds" + "/properties/SubnetIds", + "/properties/SnapshotArn", + "/properties/SnapshotName", + "/properties/SnapshotOwnerAccount", + "/properties/RecoveryPointId" ] } diff --git a/schema/aws-resiliencehub-app.json b/schema/aws-resiliencehub-app.json index b7ec92a..14c2706 100644 --- a/schema/aws-resiliencehub-app.json +++ b/schema/aws-resiliencehub-app.json @@ -290,11 +290,6 @@ "PermissionModel": { "$ref": "#/definitions/PermissionModel" }, - "RegulatoryPolicyArn": { - "description": "Amazon Resource Name (ARN) of the Regulatory Policy.", - "pattern": "^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$", - "type": "string" - }, "ResiliencyPolicyArn": { "description": "Amazon Resource Name (ARN) of the Resiliency Policy.", "pattern": "^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$", diff --git a/schema/aws-resourcegroups-group.json b/schema/aws-resourcegroups-group.json index 31a7592..4d940f1 100644 --- a/schema/aws-resourcegroups-group.json +++ b/schema/aws-resourcegroups-group.json @@ -202,7 +202,8 @@ "cloudFormationSystemTags": true, "permissions": [ "resource-groups:Tag", - "resource-groups:Untag" + "resource-groups:Untag", + "resource-groups:GetTags" ], "tagOnCreate": true, "tagProperty": "/properties/Tags", diff --git a/schema/aws-rolesanywhere-crl.json b/schema/aws-rolesanywhere-crl.json index 1809412..3274bf4 100644 --- a/schema/aws-rolesanywhere-crl.json +++ b/schema/aws-rolesanywhere-crl.json @@ -27,8 +27,7 @@ "create": { "permissions": [ "rolesanywhere:ImportCrl", - "rolesanywhere:TagResource", - "rolesanywhere:ListTagsForResource" + "rolesanywhere:TagResource" ] }, "delete": { diff --git a/schema/aws-rolesanywhere-profile.json b/schema/aws-rolesanywhere-profile.json index 9142746..d20423d 100644 --- a/schema/aws-rolesanywhere-profile.json +++ b/schema/aws-rolesanywhere-profile.json @@ -73,7 +73,6 @@ "iam:PassRole", "rolesanywhere:CreateProfile", "rolesanywhere:TagResource", - "rolesanywhere:ListTagsForResource", "rolesanywhere:PutAttributeMapping", "rolesanywhere:DeleteAttributeMapping" ] diff --git a/schema/aws-rolesanywhere-trustanchor.json b/schema/aws-rolesanywhere-trustanchor.json index 6c38cae..e2f5f9e 100644 --- a/schema/aws-rolesanywhere-trustanchor.json +++ b/schema/aws-rolesanywhere-trustanchor.json @@ -115,8 +115,7 @@ "permissions": [ "iam:CreateServiceLinkedRole", "rolesanywhere:CreateTrustAnchor", - "rolesanywhere:TagResource", - "rolesanywhere:ListTagsForResource" + "rolesanywhere:TagResource" ] }, "delete": { diff --git a/schema/aws-route53-cidrcollection.json b/schema/aws-route53-cidrcollection.json index 27866ce..0567d1f 100644 --- a/schema/aws-route53-cidrcollection.json +++ b/schema/aws-route53-cidrcollection.json @@ -30,7 +30,7 @@ "type": "object" } }, - "description": "Resource schema for AWS::Route53::CidrCollection.", + "description": "Resource Type definition for AWS::Route53::CidrCollection.", "handlers": { "create": { "permissions": [ diff --git a/schema/aws-route53recoverycontrol-cluster.json b/schema/aws-route53recoverycontrol-cluster.json index d10ecce..ad2e9a3 100644 --- a/schema/aws-route53recoverycontrol-cluster.json +++ b/schema/aws-route53recoverycontrol-cluster.json @@ -67,6 +67,13 @@ "route53-recovery-control-config:DescribeCluster", "route53-recovery-control-config:ListTagsForResource" ] + }, + "update": { + "permissions": [ + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-control-config:UpdateCluster" + ] } }, "primaryIdentifier": [ @@ -94,6 +101,14 @@ "minLength": 1, "type": "string" }, + "NetworkType": { + "description": "Cluster supports IPv4 endpoints and Dual-stack IPv4 and IPv6 endpoints. NetworkType can be IPV4 or DUALSTACK.", + "enum": [ + "IPV4", + "DUALSTACK" + ], + "type": "string" + }, "Status": { "description": "Deployment status of a resource. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.", "enum": [ diff --git a/schema/aws-route53recoveryreadiness-readinesscheck.json b/schema/aws-route53recoveryreadiness-readinesscheck.json index fbd0149..2ad4494 100644 --- a/schema/aws-route53recoveryreadiness-readinesscheck.json +++ b/schema/aws-route53recoveryreadiness-readinesscheck.json @@ -103,7 +103,7 @@ "permissions": [ "route53-recovery-readiness:TagResource", "route53-recovery-readiness:UntagResource", - "route53-recovery-readiness:ListTagsForResource" + "route53-recovery-readiness:ListTagsForResources" ], "tagOnCreate": true, "tagProperty": "/properties/Tags", diff --git a/schema/aws-route53resolver-outpostresolver.json b/schema/aws-route53resolver-outpostresolver.json index c89198f..fd5f578 100644 --- a/schema/aws-route53resolver-outpostresolver.json +++ b/schema/aws-route53resolver-outpostresolver.json @@ -34,6 +34,7 @@ "permissions": [ "route53resolver:CreateOutpostResolver", "route53resolver:GetOutpostResolver", + "route53resolver:ListOutpostResolvers", "route53resolver:ListTagsForResource", "outposts:GetOutpost", "route53resolver:TagResource" diff --git a/schema/aws-route53resolver-resolverqueryloggingconfig.json b/schema/aws-route53resolver-resolverqueryloggingconfig.json index b6dbbc5..e3f8ffc 100644 --- a/schema/aws-route53resolver-resolverqueryloggingconfig.json +++ b/schema/aws-route53resolver-resolverqueryloggingconfig.json @@ -2,8 +2,34 @@ "additionalProperties": false, "createOnlyProperties": [ "/properties/Name", - "/properties/DestinationArn" + "/properties/DestinationArn", + "/properties/Tags" ], + "definitions": { + "Tag": { + "additionalProperties": false, + "description": "A key-value pair to associate with a resource.", + "properties": { + "Key": { + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + } + }, "description": "Resource schema for AWS::Route53Resolver::ResolverQueryLoggingConfig.", "handlers": { "create": { @@ -20,7 +46,10 @@ "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "route53resolver:ListTagsForResource", + "route53resolver:TagResource", + "route53resolver:ListResolverQueryLogConfigs" ] }, "delete": { @@ -28,19 +57,24 @@ "resolverquerylogging:DeleteConfig", "resolverquerylogging:ListConfig", "route53resolver:DeleteResolverQueryLogConfig", - "route53resolver:ListResolverQueryLogConfigs" + "route53resolver:ListResolverQueryLogConfigs", + "route53resolver:UntagResource", + "route53resolver:ListTagsForResource" ] }, "list": { "permissions": [ "resolverquerylogging:ListConfig", - "route53resolver:ListResolverQueryLogConfigs" + "route53resolver:ListResolverQueryLogConfigs", + "route53resolver:ListTagsForResource" ] }, "read": { "permissions": [ "resolverquerylogging:GetConfig", - "route53resolver:GetResolverQueryLogConfig" + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:ListTagsForResource", + "route53resolver:ListResolverQueryLogConfigs" ] } }, @@ -113,6 +147,15 @@ "FAILED" ], "type": "string" + }, + "Tags": { + "description": "An array of key-value pairs to apply to this resource.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array", + "uniqueItems": true } }, "readOnlyProperties": [ @@ -125,6 +168,16 @@ "/properties/CreationTime", "/properties/Id" ], - "taggable": false, + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "route53resolver:TagResource", + "route53resolver:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::Route53Resolver::ResolverQueryLoggingConfig" } diff --git a/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json b/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json index aac1c0e..eb268fa 100644 --- a/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json +++ b/schema/aws-route53resolver-resolverqueryloggingconfigassociation.json @@ -98,5 +98,8 @@ "/properties/CreationTime", "/properties/Id" ], + "tagging": { + "taggable": false + }, "typeName": "AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation" } diff --git a/schema/aws-route53resolver-resolverruleassociation.json b/schema/aws-route53resolver-resolverruleassociation.json index 0c26a4d..0f7c3dc 100644 --- a/schema/aws-route53resolver-resolverruleassociation.json +++ b/schema/aws-route53resolver-resolverruleassociation.json @@ -22,7 +22,8 @@ }, "list": { "permissions": [ - "route53resolver:ListResolverRuleAssociations" + "route53resolver:ListResolverRuleAssociations", + "ec2:DescribeVpcs" ] }, "read": { diff --git a/schema/aws-rum-appmonitor.json b/schema/aws-rum-appmonitor.json index 92e1dd0..84d89ae 100644 --- a/schema/aws-rum-appmonitor.json +++ b/schema/aws-rum-appmonitor.json @@ -95,6 +95,36 @@ ], "type": "string" }, + "DeobfuscationConfiguration": { + "additionalProperties": false, + "description": "A structure that contains the configuration for how an app monitor can deobfuscate stack traces.", + "properties": { + "JavaScriptSourceMaps": { + "additionalProperties": false, + "description": "A structure that contains the configuration for how an app monitor can unminify JavaScript error stack traces using source maps.", + "properties": { + "S3Uri": { + "description": "The S3Uri of the bucket or folder that stores the source map files. It is required if status is ENABLED.", + "pattern": "^s3://[a-z0-9][-.a-z0-9]{1,61}(?:/[-!_*'().a-z0-9A-Z]+(?:/[-!_*'().a-z0-9A-Z]+)*)?/?$", + "type": "string" + }, + "Status": { + "description": "Specifies whether JavaScript error stack traces should be unminified for this app monitor. The default is for JavaScript error stack trace unminification to be DISABLED", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + } + }, + "required": [ + "Status" + ], + "type": "object" + } + }, + "type": "object" + }, "FavoritePages": { "description": "List of favorite pages", "insertionOrder": false, @@ -209,6 +239,26 @@ "minItems": 0, "type": "array" }, + "ResourcePolicy": { + "additionalProperties": false, + "description": "A structure that defines resource policy attached to your app monitor.", + "properties": { + "PolicyDocument": { + "description": "The JSON to use as the resource policy. The document can be up to 4 KB in size. ", + "type": "string" + }, + "PolicyRevisionId": { + "description": "A string value that you can use to conditionally update your policy. You can provide the revision ID of your existing policy to make mutating requests against that policy. \n\n When you assign a policy revision ID, then later requests about that policy will be rejected with an InvalidPolicyRevisionIdException error if they don't provide the correct current revision ID.", + "maxLength": 255, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "PolicyDocument" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "description": "A key-value pair to associate with a resource.", @@ -287,7 +337,9 @@ "rum:PutRumMetricsDestination", "rum:BatchCreateRumMetricDefinitions", "rum:ListRumMetricsDestinations", - "rum:BatchGetRumMetricDefinitions" + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy" ] }, "delete": { @@ -304,7 +356,10 @@ "rum:DeleteRumMetricsDestination", "rum:BatchDeleteRumMetricDefinitions", "rum:ListRumMetricsDestinations", - "rum:BatchGetRumMetricDefinitions" + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy", + "rum:DeleteResourcePolicy" ] }, "list": { @@ -331,7 +386,8 @@ "s3:GetObjectAcl", "rum:ListTagsForResource", "rum:ListRumMetricsDestinations", - "rum:BatchGetRumMetricDefinitions" + "rum:BatchGetRumMetricDefinitions", + "rum:GetResourcePolicy" ] }, "update": { @@ -366,10 +422,25 @@ "rum:BatchCreateRumMetricDefinitions", "rum:BatchDeleteRumMetricDefinitions", "rum:BatchGetRumMetricDefinitions", - "rum:UpdateRumMetricDefinition" + "rum:UpdateRumMetricDefinition", + "rum:GetResourcePolicy", + "rum:PutResourcePolicy", + "rum:DeleteResourcePolicy" ] } }, + "oneOf": [ + { + "required": [ + "Domain" + ] + }, + { + "required": [ + "DomainList" + ] + } + ], "primaryIdentifier": [ "/properties/Name" ], @@ -384,13 +455,28 @@ "description": "Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to CWLlong in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur CWLlong charges. If you omit this parameter, the default is false", "type": "boolean" }, + "DeobfuscationConfiguration": { + "$ref": "#/definitions/DeobfuscationConfiguration" + }, "Domain": { - "description": "The top-level internet domain name for which your application has administrative authority.", + "description": "The top-level internet domain name for which your application has administrative authority. The CreateAppMonitor requires either the domain or the domain list.", "maxLength": 253, "minLength": 1, "pattern": "^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\\*\\.)(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))", "type": "string" }, + "DomainList": { + "description": "The top-level internet domain names for which your application has administrative authority. The CreateAppMonitor requires either the domain or the domain list.", + "items": { + "maxLength": 253, + "minLength": 1, + "pattern": "^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\\*\\.)(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))", + "type": "string" + }, + "maxItems": 5, + "minItems": 1, + "type": "array" + }, "Id": { "description": "The unique ID of the new app monitor.", "maxLength": 36, @@ -405,6 +491,9 @@ "pattern": "[\\.\\-_/#A-Za-z0-9]+", "type": "string" }, + "ResourcePolicy": { + "$ref": "#/definitions/ResourcePolicy" + }, "Tags": { "$ref": "#/definitions/TagDef" } @@ -413,11 +502,19 @@ "/properties/Id" ], "required": [ - "Name", - "Domain" + "Name" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "rum:UntagResource", + "rum:TagResource", + "rum:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::RUM::AppMonitor" diff --git a/schema/aws-s3-accessgrantsinstance.json b/schema/aws-s3-accessgrantsinstance.json index f07bc10..004684e 100644 --- a/schema/aws-s3-accessgrantsinstance.json +++ b/schema/aws-s3-accessgrantsinstance.json @@ -34,12 +34,15 @@ "create": { "permissions": [ "s3:CreateAccessGrantsInstance", + "s3:AssociateAccessGrantsIdentityCenter", "s3:TagResource" ] }, "delete": { "permissions": [ - "s3:DeleteAccessGrantsInstance" + "s3:GetAccessGrantsInstance", + "s3:DeleteAccessGrantsInstance", + "s3:DissociateAccessGrantsIdentityCenter" ] }, "list": { @@ -109,8 +112,5 @@ "tagUpdatable": true, "taggable": true }, - "typeName": "AWS::S3::AccessGrantsInstance", - "writeOnlyProperties": [ - "/properties/Tags" - ] + "typeName": "AWS::S3::AccessGrantsInstance" } diff --git a/schema/aws-s3-accesspoint.json b/schema/aws-s3-accesspoint.json index fc82dcc..da63f95 100644 --- a/schema/aws-s3-accesspoint.json +++ b/schema/aws-s3-accesspoint.json @@ -51,6 +51,7 @@ "permissions": [ "s3:CreateAccessPoint", "s3:PutAccessPointPolicy", + "s3:GetAccessPoint", "s3:PutAccessPointPublicAccessBlock" ] }, diff --git a/schema/aws-s3-bucket.json b/schema/aws-s3-bucket.json index b0af9a0..1f1e629 100644 --- a/schema/aws-s3-bucket.json +++ b/schema/aws-s3-bucket.json @@ -485,7 +485,7 @@ "uniqueItems": true }, "TransitionDefaultMinimumObjectSize": { - "description": "", + "description": "Indicates which default minimum object size behavior is applied to the lifecycle configuration.\n This parameter applies to general purpose buckets only. It isn't supported for directory bucket lifecycle configurations.\n + ``all_storage_classes_128K`` - Objects smaller than 128 KB will not transition to any storage class by default.\n + ``varies_by_storage_class`` - Objects smaller than 128 KB will transition to Glacier Flexible Retrieval or Glacier Deep Archive storage classes. By default, all other storage classes will prevent transitions smaller than 128 KB. \n \n To customize the minimum object size for any transition you can add a filter that specifies a custom ``ObjectSizeGreaterThan`` or ``ObjectSizeLessThan`` in the body of your transition rule. Custom filters always take precedence over the default transition behavior.", "enum": [ "varies_by_storage_class", "all_storage_classes_128K" @@ -517,6 +517,20 @@ }, "type": "object" }, + "MetadataTableConfiguration": { + "additionalProperties": false, + "description": "The metadata table configuration of an S3 general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) and [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html).", + "properties": { + "S3TablesDestination": { + "$ref": "#/definitions/S3TablesDestination", + "description": "The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket." + } + }, + "required": [ + "S3TablesDestination" + ], + "type": "object" + }, "Metrics": { "additionalProperties": false, "description": "A container specifying replication metrics-related settings enabling replication metrics and events.", @@ -1215,9 +1229,36 @@ ], "type": "object" }, + "S3TablesDestination": { + "additionalProperties": false, + "description": "The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.", + "properties": { + "TableArn": { + "description": "The Amazon Resource Name (ARN) for the metadata table in the metadata table configuration. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.", + "type": "string" + }, + "TableBucketArn": { + "description": "The Amazon Resource Name (ARN) for the table bucket that's specified as the destination in the metadata table configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket.", + "type": "string" + }, + "TableName": { + "description": "The name for the metadata table in your metadata table configuration. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.", + "type": "string" + }, + "TableNamespace": { + "description": "The table bucket namespace for the metadata table in your metadata table configuration. This value is always ``aws_s3_metadata``.", + "type": "string" + } + }, + "required": [ + "TableBucketArn", + "TableName" + ], + "type": "object" + }, "ServerSideEncryptionByDefault": { "additionalProperties": false, - "description": "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html).\n + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. \n + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. \n + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.", + "description": "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html).\n + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. \n + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket's lifetime. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. \n + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.", "properties": { "KMSMasterKeyID": { "description": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. \n + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.\n \n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester\u2019s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.\n \n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.", @@ -1321,7 +1362,7 @@ }, "TagFilter": { "additionalProperties": false, - "description": "Specifies tags to use to identify a subset of objects for an Amazon S3 bucket.", + "description": "Specifies tags to use to identify a subset of objects for an Amazon S3 bucket. For more information, see [Categorizing your storage using tags](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html) in the *Amazon Simple Storage Service User Guide*.", "properties": { "Key": { "description": "The tag key.", @@ -1436,7 +1477,7 @@ "description": "Indicates when objects are transitioned to the specified storage class. The date value must be in ISO 8601 format. The time is always midnight UTC." }, "TransitionInDays": { - "description": "Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.", + "description": "Indicates the number of days after creation when objects are transitioned to the specified storage class. If the specified storage class is ``INTELLIGENT_TIERING``, ``GLACIER_IR``, ``GLACIER``, or ``DEEP_ARCHIVE``, valid values are ``0`` or positive integers. If the specified storage class is ``STANDARD_IA`` or ``ONEZONE_IA``, valid values are positive integers greater than ``30``. Be aware that some storage classes have a minimum storage duration and that you're charged for transitioning objects before their minimum storage duration. For more information, see [Constraints and considerations for transitions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html#lifecycle-configuration-constraints) in the *Amazon S3 User Guide*.", "type": "integer" } }, @@ -1525,7 +1566,15 @@ "s3:PutBucketVersioning", "s3:PutObjectLockConfiguration", "s3:PutBucketOwnershipControls", - "s3:PutIntelligentTieringConfiguration" + "s3:PutIntelligentTieringConfiguration", + "s3:GetBucketMetadataTableConfiguration", + "s3:CreateBucketMetadataTableConfiguration", + "s3tables:CreateNamespace", + "s3tables:CreateTable", + "s3tables:GetTable", + "s3tables:PutTablePolicy", + "s3tables:GetTableMetadataLocation", + "s3tables:UpdateTableMetadataLocation" ] }, "delete": { @@ -1559,6 +1608,7 @@ "s3:GetBucketTagging", "s3:GetBucketOwnershipControls", "s3:GetIntelligentTieringConfiguration", + "s3:GetBucketMetadataTableConfiguration", "s3:ListBucket" ] }, @@ -1576,6 +1626,15 @@ "s3:PutBucketReplication", "s3:PutBucketWebsite", "s3:PutAccelerateConfiguration", + "s3:GetBucketMetadataTableConfiguration", + "s3:DeleteBucketMetadataTableConfiguration", + "s3:CreateBucketMetadataTableConfiguration", + "s3tables:CreateNamespace", + "s3tables:CreateTable", + "s3tables:GetTable", + "s3tables:PutTablePolicy", + "s3tables:GetTableMetadataLocation", + "s3tables:UpdateTableMetadataLocation", "s3:PutBucketPublicAccessBlock", "s3:PutReplicationConfiguration", "s3:PutBucketOwnershipControls", @@ -1639,7 +1698,7 @@ "description": "Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*." }, "BucketName": { - "description": "A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", + "description": "A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) in the *Amazon S3 User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", "type": "string" }, "CorsConfiguration": { @@ -1686,6 +1745,10 @@ "$ref": "#/definitions/LoggingConfiguration", "description": "Settings that define where logs are stored." }, + "MetadataTableConfiguration": { + "$ref": "#/definitions/MetadataTableConfiguration", + "description": "The metadata table configuration of an S3 general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) and [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html)." + }, "MetricsConfigurations": { "description": "Specifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html).", "insertionOrder": true, @@ -1701,7 +1764,7 @@ }, "ObjectLockConfiguration": { "$ref": "#/definitions/ObjectLockConfiguration", - "description": "This operation is not supported by directory buckets.\n Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). \n + The ``DefaultRetention`` settings require both a mode and a period.\n + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time.\n + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html)." + "description": "This operation is not supported for directory buckets.\n Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). \n + The ``DefaultRetention`` settings require both a mode and a period.\n + The ``DefaultRetention`` period can be either ``Days`` or ``Years`` but you must select one. You cannot specify ``Days`` and ``Years`` at the same time.\n + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html)." }, "ObjectLockEnabled": { "description": "Indicates whether this bucket has an Object Lock configuration enabled. Enable ``ObjectLockEnabled`` when you apply ``ObjectLockConfiguration`` to a bucket.", @@ -1762,10 +1825,17 @@ "/properties/DomainName", "/properties/DualStackDomainName", "/properties/RegionalDomainName", + "/properties/MetadataTableConfiguration/S3TablesDestination/TableNamespace", + "/properties/MetadataTableConfiguration/S3TablesDestination/TableArn", "/properties/WebsiteURL" ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "s3:PutBucketTagging", + "s3:GetBucketTagging", + "s3:DeleteBucketTagging" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-s3-bucketpolicy.json b/schema/aws-s3-bucketpolicy.json index c20f837..3bc15f7 100644 --- a/schema/aws-s3-bucketpolicy.json +++ b/schema/aws-s3-bucketpolicy.json @@ -3,7 +3,7 @@ "createOnlyProperties": [ "/properties/Bucket" ], - "description": "Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS-account that owns the bucket, the calling identity must have the ``PutBucketPolicy`` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.\n If you don't have ``PutBucketPolicy`` permissions, Amazon S3 returns a ``403 Access Denied`` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a ``405 Method Not Allowed`` error.\n As a security precaution, the root user of the AWS-account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action. \n For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).\n The following operations are related to ``PutBucketPolicy``:\n + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) \n + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)", + "description": "Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS-account that owns the bucket, the calling identity must have the ``PutBucketPolicy`` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.\n If you don't have ``PutBucketPolicy`` permissions, Amazon S3 returns a ``403 Access Denied`` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a ``405 Method Not Allowed`` error.\n As a security precaution, the root user of the AWS-account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action. \n When using the ``AWS::S3::BucketPolicy`` resource, you can create, update, and delete bucket policies for S3 buckets located in regions different from the stack's region. This cross-region bucket policy modification functionality is supported for backward compatibility with existing workflows.\n If the [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) is not specified or set to ``Delete``, the bucket policy will be removed when the stack is deleted. If set to ``Retain``, the bucket policy will be preserved even after the stack is deleted.\n For example, a CloudFormation stack in ``us-east-1`` can use the ``AWS::S3::BucketPolicy`` resource to manage the bucket policy for an S3 bucket in ``us-west-2``. The retention or removal of the bucket policy during the stack deletion is determined by the ``DeletionPolicy`` attribute specified in the stack template.\n For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).\n The following operations are related to ``PutBucketPolicy``:\n + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) \n + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)", "handlers": { "create": { "permissions": [ diff --git a/schema/aws-s3-multiregionaccesspoint.json b/schema/aws-s3-multiregionaccesspoint.json index 7d0d746..e3033a1 100644 --- a/schema/aws-s3-multiregionaccesspoint.json +++ b/schema/aws-s3-multiregionaccesspoint.json @@ -122,5 +122,8 @@ "required": [ "Regions" ], + "tagging": { + "taggable": false + }, "typeName": "AWS::S3::MultiRegionAccessPoint" } diff --git a/schema/aws-s3-multiregionaccesspointpolicy.json b/schema/aws-s3-multiregionaccesspointpolicy.json index 40dbfc5..c9494aa 100644 --- a/schema/aws-s3-multiregionaccesspointpolicy.json +++ b/schema/aws-s3-multiregionaccesspointpolicy.json @@ -75,5 +75,8 @@ "Policy", "MrapName" ], + "tagging": { + "taggable": false + }, "typeName": "AWS::S3::MultiRegionAccessPointPolicy" } diff --git a/schema/aws-s3tables-tablebucket.json b/schema/aws-s3tables-tablebucket.json index 20d61ca..2b01ca9 100644 --- a/schema/aws-s3tables-tablebucket.json +++ b/schema/aws-s3tables-tablebucket.json @@ -4,6 +4,25 @@ "/properties/TableBucketName" ], "definitions": { + "EncryptionConfiguration": { + "additionalProperties": false, + "description": "Specifies encryption settings for the table bucket", + "properties": { + "KMSKeyArn": { + "description": "ARN of the KMS key to use for encryption", + "type": "string" + }, + "SSEAlgorithm": { + "description": "Server-side encryption algorithm", + "enum": [ + "AES256", + "aws:kms" + ], + "type": "string" + } + }, + "type": "object" + }, "TableBucketARN": { "description": "The Amazon Resource Name (ARN) of the specified table bucket.", "examples": [ @@ -49,8 +68,11 @@ "permissions": [ "s3tables:CreateTableBucket", "s3tables:PutTableBucketMaintenanceConfiguration", + "s3tables:PutTableBucketEncryption", "s3tables:GetTableBucket", - "s3tables:GetTableBucketMaintenanceConfiguration" + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption", + "kms:DescribeKey" ] }, "delete": { @@ -66,14 +88,18 @@ "read": { "permissions": [ "s3tables:GetTableBucket", - "s3tables:GetTableBucketMaintenanceConfiguration" + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption" ] }, "update": { "permissions": [ "s3tables:PutTableBucketMaintenanceConfiguration", + "s3tables:PutTableBucketEncryption", + "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketEncryption", "s3tables:GetTableBucket", - "s3tables:GetTableBucketMaintenanceConfiguration" + "kms:DescribeKey" ] } }, @@ -81,6 +107,9 @@ "/properties/TableBucketARN" ], "properties": { + "EncryptionConfiguration": { + "$ref": "#/definitions/EncryptionConfiguration" + }, "TableBucketARN": { "$ref": "#/definitions/TableBucketARN" }, diff --git a/schema/aws-sagemaker-dataqualityjobdefinition.json b/schema/aws-sagemaker-dataqualityjobdefinition.json index edc6d1c..0747107 100644 --- a/schema/aws-sagemaker-dataqualityjobdefinition.json +++ b/schema/aws-sagemaker-dataqualityjobdefinition.json @@ -493,6 +493,7 @@ "sagemaker:CreateDataQualityJobDefinition", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:AddTags", + "sagemaker:ListTags", "iam:PassRole" ] }, @@ -509,7 +510,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeDataQualityJobDefinition" + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:ListTags" ] } }, @@ -594,9 +596,6 @@ }, "typeName": "AWS::SageMaker::DataQualityJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/schema/aws-sagemaker-endpointconfig.json b/schema/aws-sagemaker-endpointconfig.json index 9202741..e216253 100644 --- a/schema/aws-sagemaker-endpointconfig.json +++ b/schema/aws-sagemaker-endpointconfig.json @@ -304,6 +304,9 @@ "EnableSSMAccess": { "type": "boolean" }, + "InferenceAmiVersion": { + "type": "string" + }, "InitialInstanceCount": { "type": "integer" }, diff --git a/schema/aws-sagemaker-featuregroup.json b/schema/aws-sagemaker-featuregroup.json index 21b7596..5473bcc 100644 --- a/schema/aws-sagemaker-featuregroup.json +++ b/schema/aws-sagemaker-featuregroup.json @@ -350,6 +350,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/schema/aws-sagemaker-image.json b/schema/aws-sagemaker-image.json index 8ce5558..13b00cd 100644 --- a/schema/aws-sagemaker-image.json +++ b/schema/aws-sagemaker-image.json @@ -143,6 +143,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-sagemaker-inferencecomponent.json b/schema/aws-sagemaker-inferencecomponent.json index 112605f..b574a04 100644 --- a/schema/aws-sagemaker-inferencecomponent.json +++ b/schema/aws-sagemaker-inferencecomponent.json @@ -1,12 +1,48 @@ { "additionalProperties": false, "definitions": { + "Alarm": { + "additionalProperties": false, + "properties": { + "AlarmName": { + "maxLength": 255, + "minLength": 1, + "pattern": "^(?!\\s*$).+", + "type": "string" + } + }, + "required": [ + "AlarmName" + ], + "type": "object" + }, + "AutoRollbackConfiguration": { + "additionalProperties": false, + "properties": { + "Alarms": { + "items": { + "$ref": "#/definitions/Alarm" + }, + "maxItems": 10, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "Alarms" + ], + "type": "object" + }, "BaseInferenceComponentName": { "description": "The name of the base inference component", "maxLength": 63, "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", "type": "string" }, + "CapacitySizeValue": { + "description": "The number of copies for the inference component", + "type": "integer" + }, "ContainerImage": { "description": "The image to use for the container that will be materialized for the inference component", "maxLength": 255, @@ -65,6 +101,30 @@ "minLength": 1, "type": "string" }, + "InferenceComponentCapacitySize": { + "additionalProperties": false, + "description": "Capacity size configuration for the inference component", + "properties": { + "Type": { + "$ref": "#/definitions/InferenceComponentCapacitySizeType" + }, + "Value": { + "$ref": "#/definitions/CapacitySizeValue" + } + }, + "required": [ + "Type", + "Value" + ], + "type": "object" + }, + "InferenceComponentCapacitySizeType": { + "enum": [ + "COPY_COUNT", + "CAPACITY_PERCENT" + ], + "type": "string" + }, "InferenceComponentComputeResourceRequirements": { "additionalProperties": false, "description": "", @@ -108,12 +168,44 @@ "minimum": 0, "type": "integer" }, + "InferenceComponentDeploymentConfig": { + "additionalProperties": false, + "description": "The deployment config for the inference component", + "properties": { + "AutoRollbackConfiguration": { + "$ref": "#/definitions/AutoRollbackConfiguration" + }, + "RollingUpdatePolicy": { + "$ref": "#/definitions/InferenceComponentRollingUpdatePolicy" + } + }, + "type": "object" + }, "InferenceComponentName": { "description": "The name of the inference component", "maxLength": 63, "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", "type": "string" }, + "InferenceComponentRollingUpdatePolicy": { + "additionalProperties": false, + "description": "The rolling update policy for the inference component", + "properties": { + "MaximumBatchSize": { + "$ref": "#/definitions/InferenceComponentCapacitySize" + }, + "MaximumExecutionTimeoutInSeconds": { + "$ref": "#/definitions/MaximumExecutionTimeoutInSeconds" + }, + "RollbackMaximumBatchSize": { + "$ref": "#/definitions/InferenceComponentCapacitySize" + }, + "WaitIntervalInSeconds": { + "$ref": "#/definitions/WaitIntervalInSeconds" + } + }, + "type": "object" + }, "InferenceComponentRuntimeConfig": { "additionalProperties": false, "description": "The runtime config for the inference component", @@ -175,6 +267,11 @@ ], "type": "string" }, + "MaximumExecutionTimeoutInSeconds": { + "maximum": 28800, + "minimum": 600, + "type": "integer" + }, "MemoryInMb": { "minimum": 128, "type": "integer" @@ -242,6 +339,11 @@ "maxLength": 63, "pattern": "^[a-zA-Z0-9](-*[a-zA-Z0-9])*$", "type": "string" + }, + "WaitIntervalInSeconds": { + "maximum": 3600, + "minimum": 0, + "type": "integer" } }, "description": "Resource Type definition for AWS::SageMaker::InferenceComponent", @@ -292,6 +394,9 @@ "CreationTime": { "$ref": "#/definitions/Timestamp" }, + "DeploymentConfig": { + "$ref": "#/definitions/InferenceComponentDeploymentConfig" + }, "EndpointArn": { "$ref": "#/definitions/EndpointArn" }, @@ -342,6 +447,11 @@ ], "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, @@ -350,6 +460,7 @@ "typeName": "AWS::SageMaker::InferenceComponent", "writeOnlyProperties": [ "/properties/Specification/Container/Image", - "/properties/RuntimeConfig/CopyCount" + "/properties/RuntimeConfig/CopyCount", + "/properties/DeploymentConfig" ] } diff --git a/schema/aws-sagemaker-mlflowtrackingserver.json b/schema/aws-sagemaker-mlflowtrackingserver.json index 30696c9..caaad79 100644 --- a/schema/aws-sagemaker-mlflowtrackingserver.json +++ b/schema/aws-sagemaker-mlflowtrackingserver.json @@ -41,14 +41,14 @@ "sagemaker:ListTags", "iam:PassRole" ], - "timeoutInMinutes": 65 + "timeoutInMinutes": 95 }, "delete": { "permissions": [ "sagemaker:DeleteMlflowTrackingServer", "sagemaker:DescribeMlflowTrackingServer" ], - "timeoutInMinutes": 65 + "timeoutInMinutes": 95 }, "list": { "permissions": [ diff --git a/schema/aws-sagemaker-modelbiasjobdefinition.json b/schema/aws-sagemaker-modelbiasjobdefinition.json index 1b42007..752712c 100644 --- a/schema/aws-sagemaker-modelbiasjobdefinition.json +++ b/schema/aws-sagemaker-modelbiasjobdefinition.json @@ -529,7 +529,8 @@ "sagemaker:CreateModelBiasJobDefinition", "sagemaker:DescribeModelBiasJobDefinition", "iam:PassRole", - "sagemaker:AddTags" + "sagemaker:AddTags", + "sagemaker:ListTags" ] }, "delete": { @@ -545,7 +546,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeModelBiasJobDefinition" + "sagemaker:DescribeModelBiasJobDefinition", + "sagemaker:ListTags" ] } }, @@ -630,9 +632,6 @@ }, "typeName": "AWS::SageMaker::ModelBiasJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/schema/aws-sagemaker-modelexplainabilityjobdefinition.json b/schema/aws-sagemaker-modelexplainabilityjobdefinition.json index 7895bbc..4d9ece4 100644 --- a/schema/aws-sagemaker-modelexplainabilityjobdefinition.json +++ b/schema/aws-sagemaker-modelexplainabilityjobdefinition.json @@ -483,7 +483,8 @@ "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "iam:PassRole", - "sagemaker:AddTags" + "sagemaker:AddTags", + "sagemaker:ListTags" ] }, "delete": { @@ -499,7 +500,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeModelExplainabilityJobDefinition" + "sagemaker:DescribeModelExplainabilityJobDefinition", + "sagemaker:ListTags" ] } }, @@ -584,9 +586,6 @@ }, "typeName": "AWS::SageMaker::ModelExplainabilityJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/schema/aws-sagemaker-modelqualityjobdefinition.json b/schema/aws-sagemaker-modelqualityjobdefinition.json index 7e69ea9..755e907 100644 --- a/schema/aws-sagemaker-modelqualityjobdefinition.json +++ b/schema/aws-sagemaker-modelqualityjobdefinition.json @@ -555,6 +555,7 @@ "sagemaker:CreateModelQualityJobDefinition", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:AddTags", + "sagemaker:ListTags", "iam:PassRole" ] }, @@ -571,7 +572,8 @@ }, "read": { "permissions": [ - "sagemaker:DescribeModelQualityJobDefinition" + "sagemaker:DescribeModelQualityJobDefinition", + "sagemaker:ListTags" ] } }, @@ -656,9 +658,6 @@ }, "typeName": "AWS::SageMaker::ModelQualityJobDefinition", "writeOnlyProperties": [ - "/properties/EndpointName", - "/properties/Tags", - "/properties/Tags/*/Key", - "/properties/Tags/*/Value" + "/properties/EndpointName" ] } diff --git a/schema/aws-sagemaker-partnerapp.json b/schema/aws-sagemaker-partnerapp.json index dbb3ae4..eeb93d8 100644 --- a/schema/aws-sagemaker-partnerapp.json +++ b/schema/aws-sagemaker-partnerapp.json @@ -4,7 +4,8 @@ "/properties/Name", "/properties/Type", "/properties/ExecutionRoleArn", - "/properties/AuthType" + "/properties/AuthType", + "/properties/KmsKeyId" ], "definitions": { "PartnerAppAdminUserList": { @@ -93,7 +94,9 @@ "sagemaker:DescribePartnerApp", "sagemaker:AddTags", "sagemaker:ListTags", - "iam:PassRole" + "iam:PassRole", + "kms:CreateGrant", + "kms:DescribeKey" ], "timeoutInMinutes": 180 }, @@ -124,7 +127,8 @@ "sagemaker:DescribePartnerApp", "sagemaker:AddTags", "sagemaker:ListTags", - "sagemaker:DeleteTags" + "sagemaker:DeleteTags", + "kms:DescribeKey" ], "timeoutInMinutes": 180 } @@ -174,6 +178,12 @@ "pattern": "^arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$", "type": "string" }, + "KmsKeyId": { + "description": "The AWS KMS customer managed key used to encrypt the data associated with the PartnerApp.", + "maxLength": 2048, + "pattern": ".*", + "type": "string" + }, "MaintenanceConfig": { "$ref": "#/definitions/PartnerAppMaintenanceConfig", "description": "A collection of settings that specify the maintenance schedule for the PartnerApp." diff --git a/schema/aws-sagemaker-pipeline.json b/schema/aws-sagemaker-pipeline.json index 4479971..9ac8584 100644 --- a/schema/aws-sagemaker-pipeline.json +++ b/schema/aws-sagemaker-pipeline.json @@ -173,5 +173,17 @@ "PipelineDefinition", "RoleArn" ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sagemaker:AddTags", + "sagemaker:ListTags", + "sagemaker:DeleteTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::SageMaker::Pipeline" } diff --git a/schema/aws-sagemaker-userprofile.json b/schema/aws-sagemaker-userprofile.json index 219115d..2589ffc 100644 --- a/schema/aws-sagemaker-userprofile.json +++ b/schema/aws-sagemaker-userprofile.json @@ -43,7 +43,7 @@ "items": { "$ref": "#/definitions/CustomImage" }, - "maxItems": 30, + "maxItems": 200, "minItems": 0, "type": "array", "uniqueItems": false @@ -257,7 +257,7 @@ "items": { "$ref": "#/definitions/CustomImage" }, - "maxItems": 30, + "maxItems": 200, "minItems": 0, "type": "array", "uniqueItems": false diff --git a/schema/aws-securityhub-automationrule.json b/schema/aws-securityhub-automationrule.json index c06877e..6693a45 100644 --- a/schema/aws-securityhub-automationrule.json +++ b/schema/aws-securityhub-automationrule.json @@ -827,6 +827,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securityhub", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "securityhub:ListTagsForResource", + "securityhub:TagResource", + "securityhub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-securityhub-configurationpolicy.json b/schema/aws-securityhub-configurationpolicy.json index cf0e580..e03eeef 100644 --- a/schema/aws-securityhub-configurationpolicy.json +++ b/schema/aws-securityhub-configurationpolicy.json @@ -291,6 +291,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securityhub", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "securityhub:ListTagsForResource", + "securityhub:TagResource", + "securityhub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-securityhub-hub.json b/schema/aws-securityhub-hub.json index 8e40d42..0dae5a4 100644 --- a/schema/aws-securityhub-hub.json +++ b/schema/aws-securityhub-hub.json @@ -5,7 +5,7 @@ "additionalProperties": false, "description": "A key-value pair to associate with a resource.", "patternProperties": { - "^[a-zA-Z0-9-_]{1,128}$": { + "^(?!aws:)[a-zA-Z+-=._:/]+$": { "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", "maxLength": 256, "minLength": 0, @@ -89,6 +89,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-securityhub", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "securityhub:ListTagsForResource", + "securityhub:TagResource", + "securityhub:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-servicecatalog-cloudformationprovisionedproduct.json b/schema/aws-servicecatalog-cloudformationprovisionedproduct.json index e07e933..3cb4110 100644 --- a/schema/aws-servicecatalog-cloudformationprovisionedproduct.json +++ b/schema/aws-servicecatalog-cloudformationprovisionedproduct.json @@ -103,23 +103,28 @@ "handlers": { "create": { "permissions": [ - "*" + "servicecatalog:provisionProduct", + "cloudformation:CreateStack" ], "timeoutInMinutes": 720 }, "delete": { "permissions": [ - "*" + "servicecatalog:terminateProvisionedProduct", + "servicecatalog:describeRecord", + "cloudformation:DeleteStack" ] }, "read": { "permissions": [ - "*" + "servicecatalog:describeProvisionedProduct", + "cloudformation:ListStacks" ] }, "update": { "permissions": [ - "*" + "servicecatalog:updateProvisionedProduct", + "cloudformation:UpdateStack" ], "timeoutInMinutes": 720 } diff --git a/schema/aws-ses-mailmanageringresspoint.json b/schema/aws-ses-mailmanageringresspoint.json index 1fbbebc..de43aa6 100644 --- a/schema/aws-ses-mailmanageringresspoint.json +++ b/schema/aws-ses-mailmanageringresspoint.json @@ -1,6 +1,7 @@ { "additionalProperties": false, "createOnlyProperties": [ + "/properties/NetworkConfiguration", "/properties/Type" ], "definitions": { @@ -63,6 +64,75 @@ ], "type": "string" }, + "IpType": { + "enum": [ + "IPV4", + "DUAL_STACK" + ], + "type": "string" + }, + "NetworkConfiguration": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "PublicNetworkConfiguration": { + "$ref": "#/definitions/PublicNetworkConfiguration" + } + }, + "required": [ + "PublicNetworkConfiguration" + ], + "title": "PublicNetworkConfiguration", + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "PrivateNetworkConfiguration": { + "$ref": "#/definitions/PrivateNetworkConfiguration" + } + }, + "required": [ + "PrivateNetworkConfiguration" + ], + "title": "PrivateNetworkConfiguration", + "type": "object" + } + ] + }, + "PrivateNetworkConfiguration": { + "additionalProperties": false, + "properties": { + "VpcEndpointId": { + "pattern": "^vpce-[a-zA-Z0-9]{17}$", + "type": "string" + } + }, + "required": [ + "VpcEndpointId" + ], + "type": "object" + }, + "PublicNetworkConfiguration": { + "additionalProperties": false, + "properties": { + "IpType": { + "allOf": [ + { + "$ref": "#/definitions/IpType" + }, + { + "default": "IPV4" + } + ] + } + }, + "required": [ + "IpType" + ], + "type": "object" + }, "Tag": { "additionalProperties": false, "properties": { @@ -94,7 +164,8 @@ "ses:ListTagsForResource", "ses:GetIngressPoint", "ses:CreateIngressPoint", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "ec2:DescribeVpcEndpoints" ] }, "delete": { @@ -148,6 +219,9 @@ "pattern": "^[A-Za-z0-9_\\-]+$", "type": "string" }, + "NetworkConfiguration": { + "$ref": "#/definitions/NetworkConfiguration" + }, "RuleSetId": { "maxLength": 100, "minLength": 1, diff --git a/schema/aws-ses-mailmanagerruleset.json b/schema/aws-ses-mailmanagerruleset.json index 6362cf4..0a58912 100644 --- a/schema/aws-ses-mailmanagerruleset.json +++ b/schema/aws-ses-mailmanagerruleset.json @@ -39,7 +39,7 @@ "ResultField": { "maxLength": 256, "minLength": 1, - "pattern": "^[\\sa-zA-Z0-9_]+$", + "pattern": "^(addon\\.)?[\\sa-zA-Z0-9_]+$", "type": "string" } }, @@ -379,6 +379,19 @@ ], "title": "Attribute", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Analysis": { + "$ref": "#/definitions/Analysis" + } + }, + "required": [ + "Analysis" + ], + "title": "Analysis", + "type": "object" } ] }, @@ -517,9 +530,9 @@ }, "Values": { "items": { - "maxLength": 18, + "maxLength": 43, "minLength": 1, - "pattern": "^(([0-9]|.|/)*)$", + "pattern": "^(([0-9]|.|:|/)*)$", "type": "string" }, "maxItems": 10, @@ -690,6 +703,19 @@ ], "title": "MimeHeaderAttribute", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Analysis": { + "$ref": "#/definitions/Analysis" + } + }, + "required": [ + "Analysis" + ], + "title": "Analysis", + "type": "object" } ] }, diff --git a/schema/aws-ses-mailmanagertrafficpolicy.json b/schema/aws-ses-mailmanagertrafficpolicy.json index 5179c69..91240e8 100644 --- a/schema/aws-ses-mailmanagertrafficpolicy.json +++ b/schema/aws-ses-mailmanagertrafficpolicy.json @@ -18,7 +18,7 @@ "ResultField": { "maxLength": 256, "minLength": 1, - "pattern": "^[\\sa-zA-Z0-9_]+$", + "pattern": "^(addon\\.)?[\\sa-zA-Z0-9_]+$", "type": "string" } }, @@ -122,6 +122,54 @@ ], "type": "object" }, + "IngressIpv6Attribute": { + "enum": [ + "SENDER_IPV6" + ], + "type": "string" + }, + "IngressIpv6Expression": { + "additionalProperties": false, + "properties": { + "Evaluate": { + "$ref": "#/definitions/IngressIpv6ToEvaluate" + }, + "Operator": { + "$ref": "#/definitions/IngressIpOperator" + }, + "Values": { + "items": { + "maxLength": 49, + "pattern": "^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))\\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])$", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "Evaluate", + "Operator", + "Values" + ], + "type": "object" + }, + "IngressIpv6ToEvaluate": { + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "Attribute": { + "$ref": "#/definitions/IngressIpv6Attribute" + } + }, + "required": [ + "Attribute" + ], + "title": "Attribute", + "type": "object" + } + ] + }, "IngressStringEmailAttribute": { "enum": [ "RECIPIENT" @@ -175,6 +223,19 @@ ], "title": "Attribute", "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "Analysis": { + "$ref": "#/definitions/IngressAnalysis" + } + }, + "required": [ + "Analysis" + ], + "title": "Analysis", + "type": "object" } ] }, @@ -263,6 +324,19 @@ "title": "IpExpression", "type": "object" }, + { + "additionalProperties": false, + "properties": { + "Ipv6Expression": { + "$ref": "#/definitions/IngressIpv6Expression" + } + }, + "required": [ + "Ipv6Expression" + ], + "title": "Ipv6Expression", + "type": "object" + }, { "additionalProperties": false, "properties": { diff --git a/schema/aws-shield-protection.json b/schema/aws-shield-protection.json index f82bce5..a5dd648 100644 --- a/schema/aws-shield-protection.json +++ b/schema/aws-shield-protection.json @@ -193,7 +193,14 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-shield.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "shield:ListTagsForResource", + "shield:UntagResource", + "shield:TagResource" + ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Shield::Protection" diff --git a/schema/aws-shield-protectiongroup.json b/schema/aws-shield-protectiongroup.json index 507b7a7..48637eb 100644 --- a/schema/aws-shield-protectiongroup.json +++ b/schema/aws-shield-protectiongroup.json @@ -145,7 +145,9 @@ "shield:UntagResource", "shield:TagResource" ], + "tagOnCreate": true, "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Shield::ProtectionGroup" diff --git a/schema/aws-signer-profilepermission.json b/schema/aws-signer-profilepermission.json index c100d03..bc0cd44 100644 --- a/schema/aws-signer-profilepermission.json +++ b/schema/aws-signer-profilepermission.json @@ -73,5 +73,11 @@ "StatementId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": false, + "tagOnCreate": false, + "tagUpdatable": false, + "taggable": false + }, "typeName": "AWS::Signer::ProfilePermission" } diff --git a/schema/aws-signer-signingprofile.json b/schema/aws-signer-signingprofile.json index fdde75a..cf7b31f 100644 --- a/schema/aws-signer-signingprofile.json +++ b/schema/aws-signer-signingprofile.json @@ -148,5 +148,17 @@ "PlatformId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "signer:TagResource", + "signer:UntagResource", + "signer:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Signer::SigningProfile" } diff --git a/schema/aws-sns-topic.json b/schema/aws-sns-topic.json index 3ec91a3..a41b508 100644 --- a/schema/aws-sns-topic.json +++ b/schema/aws-sns-topic.json @@ -208,6 +208,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sns", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sns:TagResource", + "sns:UntagResource", + "sns:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-ssm-document.json b/schema/aws-ssm-document.json index 729b25c..da06447 100644 --- a/schema/aws-ssm-document.json +++ b/schema/aws-ssm-document.json @@ -111,6 +111,7 @@ }, "read": { "permissions": [ + "ssm:DescribeDocument", "ssm:GetDocument", "ssm:ListTagsForResource" ] @@ -226,6 +227,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ssm", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "ssm:AddTagsToResource", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::SSM::Document", diff --git a/schema/aws-ssm-patchbaseline.json b/schema/aws-ssm-patchbaseline.json index 2c37050..cbe2324 100644 --- a/schema/aws-ssm-patchbaseline.json +++ b/schema/aws-ssm-patchbaseline.json @@ -361,6 +361,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "ssm:AddTagsToResource", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-ssm-resourcedatasync.json b/schema/aws-ssm-resourcedatasync.json index ef71453..da59387 100644 --- a/schema/aws-ssm-resourcedatasync.json +++ b/schema/aws-ssm-resourcedatasync.json @@ -174,9 +174,6 @@ "type": "string" } }, - "readOnlyProperties": [ - "/properties/SyncName" - ], "required": [ "SyncName" ], diff --git a/schema/aws-ssmincidents-replicationset.json b/schema/aws-ssmincidents-replicationset.json index 07a78be..f2acedd 100644 --- a/schema/aws-ssmincidents-replicationset.json +++ b/schema/aws-ssmincidents-replicationset.json @@ -16,7 +16,9 @@ "description": "The ReplicationSet regional configuration.", "properties": { "SseKmsKeyId": { - "$ref": "#/definitions/Arn" + "description": "The AWS Key Management Service key ID or Key Alias to use to encrypt your replication set.", + "maxLength": 2048, + "type": "string" } }, "required": [ @@ -155,6 +157,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ssm-incidents.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ssm-incidents:TagResource", + "ssm-incidents:UntagResource", + "ssm-incidents:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-ssmincidents-responseplan.json b/schema/aws-ssmincidents-responseplan.json index a7fcd6f..2813457 100644 --- a/schema/aws-ssmincidents-responseplan.json +++ b/schema/aws-ssmincidents-responseplan.json @@ -452,6 +452,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ssm-incidents.git", "tagging": { "cloudFormationSystemTags": false, + "permissions": [ + "ssm-incidents:TagResource", + "ssm-incidents:UntagResource", + "ssm-incidents:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-sso-application.json b/schema/aws-sso-application.json index cf91eed..e0452d2 100644 --- a/schema/aws-sso-application.json +++ b/schema/aws-sso-application.json @@ -80,7 +80,8 @@ "permissions": [ "sso:CreateApplication", "sso:DescribeApplication", - "sso:TagResource" + "sso:TagResource", + "sso:ListTagsForResource" ] }, "delete": { @@ -100,7 +101,8 @@ ] }, "permissions": [ - "sso:ListApplications" + "sso:ListApplications", + "sso:ListTagsForResource" ] }, "read": { @@ -191,6 +193,10 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/aws-sso-application", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sso:TagResource", + "sso:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-sso-instance.json b/schema/aws-sso-instance.json index 5d977c7..6f534c4 100644 --- a/schema/aws-sso-instance.json +++ b/schema/aws-sso-instance.json @@ -124,6 +124,12 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/aws-sso-instance", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "sso:TagInstance", + "sso:TagResource", + "sso:UntagResource", + "sso:ListTagsForResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-sso-permissionset.json b/schema/aws-sso-permissionset.json index 1ea0cb6..217e079 100644 --- a/schema/aws-sso-permissionset.json +++ b/schema/aws-sso-permissionset.json @@ -223,6 +223,11 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/aws-sso-permissionset", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "sso:TagResource", + "sso:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-synthetics-canary.json b/schema/aws-synthetics-canary.json index dea35b6..1ee5976 100644 --- a/schema/aws-synthetics-canary.json +++ b/schema/aws-synthetics-canary.json @@ -407,6 +407,14 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-synthetics", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "synthetics:TagResource", + "synthetics:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Synthetics::Canary", diff --git a/schema/aws-synthetics-group.json b/schema/aws-synthetics-group.json index 4d00aba..6564f8d 100644 --- a/schema/aws-synthetics-group.json +++ b/schema/aws-synthetics-group.json @@ -112,6 +112,15 @@ ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-synthetics", "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "synthetics:TagResource", + "synthetics:UntagResource", + "synthetics:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, "taggable": true }, "typeName": "AWS::Synthetics::Group" diff --git a/schema/aws-systemsmanagersap-application.json b/schema/aws-systemsmanagersap-application.json index 8586d84..c6c6aee 100644 --- a/schema/aws-systemsmanagersap-application.json +++ b/schema/aws-systemsmanagersap-application.json @@ -5,9 +5,36 @@ "/properties/Instances", "/properties/SapInstanceNumber", "/properties/Sid", - "/properties/DatabaseArn" + "/properties/DatabaseArn", + "/properties/ComponentsInfo" ], "definitions": { + "ComponentInfo": { + "properties": { + "ComponentType": { + "enum": [ + "HANA", + "HANA_NODE", + "ABAP", + "ASCS", + "DIALOG", + "WEBDISP", + "WD", + "ERS" + ], + "type": "string" + }, + "Ec2InstanceId": { + "pattern": "^i-[\\w\\d]{8}$|^i-[\\w\\d]{17}$", + "type": "string" + }, + "Sid": { + "pattern": "[A-Z][A-Z0-9]{2}", + "type": "string" + } + }, + "type": "object" + }, "Credential": { "additionalProperties": false, "properties": { @@ -113,6 +140,15 @@ "pattern": "^arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\\/.+$", "type": "string" }, + "ComponentsInfo": { + "description": "This is an optional parameter for component details to which the SAP ABAP application is attached, such as Web Dispatcher.", + "insertionOrder": true, + "items": { + "$ref": "#/definitions/ComponentInfo" + }, + "minItems": 1, + "type": "array" + }, "Credentials": { "insertionOrder": true, "items": { @@ -176,6 +212,7 @@ "/properties/Instances", "/properties/SapInstanceNumber", "/properties/Sid", - "/properties/DatabaseArn" + "/properties/DatabaseArn", + "/properties/ComponentsInfo" ] } diff --git a/schema/aws-timestream-database.json b/schema/aws-timestream-database.json index e47c9ed..d4a9ad9 100644 --- a/schema/aws-timestream-database.json +++ b/schema/aws-timestream-database.json @@ -95,5 +95,17 @@ "/properties/Arn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "timestream:TagResource", + "timestream:ListTagsForResource", + "timestream:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Timestream::Database" } diff --git a/schema/aws-timestream-influxdbinstance.json b/schema/aws-timestream-influxdbinstance.json index 6571c54..a0f364e 100644 --- a/schema/aws-timestream-influxdbinstance.json +++ b/schema/aws-timestream-influxdbinstance.json @@ -6,13 +6,12 @@ "/properties/Password", "/properties/Organization", "/properties/Bucket", - "/properties/DbInstanceType", "/properties/VpcSubnetIds", "/properties/VpcSecurityGroupIds", "/properties/PubliclyAccessible", "/properties/DbStorageType", "/properties/AllocatedStorage", - "/properties/DeploymentType" + "/properties/NetworkType" ], "definitions": { "Tag": { @@ -88,7 +87,9 @@ "timestream-influxdb:UpdateDbInstance", "timestream-influxdb:TagResource", "timestream-influxdb:UntagResource", - "timestream-influxdb:ListTagsForResource" + "timestream-influxdb:ListTagsForResource", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" ], "timeoutInMinutes": 2160 } @@ -211,7 +212,15 @@ "description": "The unique name that is associated with the InfluxDB instance.", "maxLength": 40, "minLength": 3, - "pattern": "^[a-zA-z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$", + "pattern": "^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$", + "type": "string" + }, + "NetworkType": { + "description": "Network type of the InfluxDB Instance.", + "enum": [ + "IPV4", + "DUAL" + ], "type": "string" }, "Organization": { @@ -227,6 +236,12 @@ "pattern": "^[a-zA-Z0-9]+$", "type": "string" }, + "Port": { + "description": "The port number on which InfluxDB accepts connections.", + "maximum": 65535, + "minimum": 1024, + "type": "integer" + }, "PubliclyAccessible": { "default": false, "description": "Attach a public IP to the customer ENI.", @@ -244,6 +259,8 @@ "DELETING", "MODIFYING", "UPDATING", + "UPDATING_DEPLOYMENT_TYPE", + "UPDATING_INSTANCE_TYPE", "DELETED", "FAILED" ], @@ -299,6 +316,11 @@ "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "timestream-influxdb:TagResource", + "timestream-influxdb:ListTagsForResource", + "timestream-influxdb:UntagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-timestream-scheduledquery.json b/schema/aws-timestream-scheduledquery.json index 7d4a8c5..f34eba7 100644 --- a/schema/aws-timestream-scheduledquery.json +++ b/schema/aws-timestream-scheduledquery.json @@ -542,5 +542,17 @@ "ErrorReportConfiguration" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "timestream:TagResource", + "timestream:ListTagsForResource", + "timestream:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Timestream::ScheduledQuery" } diff --git a/schema/aws-timestream-table.json b/schema/aws-timestream-table.json index 48b5c4a..f958823 100644 --- a/schema/aws-timestream-table.json +++ b/schema/aws-timestream-table.json @@ -236,5 +236,17 @@ "DatabaseName" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-timestream.git", + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "timestream:TagResource", + "timestream:ListTagsForResource", + "timestream:UntagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, "typeName": "AWS::Timestream::Table" } diff --git a/schema/aws-transfer-agreement.json b/schema/aws-transfer-agreement.json index 9438c05..25062fe 100644 --- a/schema/aws-transfer-agreement.json +++ b/schema/aws-transfer-agreement.json @@ -103,6 +103,45 @@ "pattern": "^(|/.*)$", "type": "string" }, + "CustomDirectories": { + "additionalProperties": false, + "description": "Specifies a separate directory for each type of file to store for an AS2 message.", + "properties": { + "FailedFilesDirectory": { + "description": "Specifies a location to store the failed files for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "MdnFilesDirectory": { + "description": "Specifies a location to store the MDN file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "PayloadFilesDirectory": { + "description": "Specifies a location to store the payload file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "StatusFilesDirectory": { + "description": "Specifies a location to store the status file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + }, + "TemporaryFilesDirectory": { + "description": "Specifies a location to store the temporary processing file for an AS2 message.", + "pattern": "(|/.*)", + "type": "string" + } + }, + "required": [ + "FailedFilesDirectory", + "MdnFilesDirectory", + "PayloadFilesDirectory", + "StatusFilesDirectory", + "TemporaryFilesDirectory" + ], + "type": "object" + }, "Description": { "description": "A textual description for the agreement.", "maxLength": 200, @@ -110,6 +149,14 @@ "pattern": "^[\\u0021-\\u007E]+$", "type": "string" }, + "EnforceMessageSigning": { + "description": "Specifies whether to enforce an AS2 message is signed for this agreement.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "LocalProfileId": { "description": "A unique identifier for the local profile.", "maxLength": 19, @@ -124,6 +171,14 @@ "pattern": "^p-([0-9a-f]{17})$", "type": "string" }, + "PreserveFilename": { + "description": "Specifies whether to preserve the filename received for this agreement.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "ServerId": { "description": "A unique identifier for the server.", "maxLength": 19, @@ -158,12 +213,16 @@ "ServerId", "LocalProfileId", "PartnerProfileId", - "BaseDirectory", "AccessRole" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-transfer", "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-transfer-certificate.json b/schema/aws-transfer-certificate.json index d64515c..28c73c2 100644 --- a/schema/aws-transfer-certificate.json +++ b/schema/aws-transfer-certificate.json @@ -182,6 +182,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-transfer-connector.json b/schema/aws-transfer-connector.json index 4b720e2..3b3fc17 100644 --- a/schema/aws-transfer-connector.json +++ b/schema/aws-transfer-connector.json @@ -152,6 +152,14 @@ "pattern": "^p-([0-9a-f]{17})$", "type": "string" }, + "PreserveContentType": { + "description": "Specifies whether to use the AWS S3 object content-type as the content-type for the AS2 message.", + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + }, "SigningAlgorithm": { "description": "Signing algorithm for this AS2 connector configuration.", "enum": [ @@ -245,6 +253,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-transfer-profile.json b/schema/aws-transfer-profile.json index f7b0b93..b27fc2d 100644 --- a/schema/aws-transfer-profile.json +++ b/schema/aws-transfer-profile.json @@ -128,6 +128,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-transfer-webapp.json b/schema/aws-transfer-webapp.json new file mode 100644 index 0000000..2d0c2a4 --- /dev/null +++ b/schema/aws-transfer-webapp.json @@ -0,0 +1,240 @@ +{ + "additionalIdentifiers": [ + [ + "/properties/WebAppId" + ] + ], + "additionalProperties": false, + "createOnlyProperties": [ + "/properties/WebAppEndpointPolicy", + "/properties/IdentityProviderDetails/InstanceArn" + ], + "definitions": { + "IdentityProviderDetails": { + "additionalProperties": false, + "description": "You can provide a structure that contains the details for the identity provider to use with your web app.", + "properties": { + "ApplicationArn": { + "maxLength": 1224, + "minLength": 10, + "pattern": "^arn:[\\w-]+:sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$", + "type": "string" + }, + "InstanceArn": { + "description": "The Amazon Resource Name (ARN) for the IAM Identity Center used for the web app.", + "maxLength": 1224, + "minLength": 10, + "pattern": "^arn:[\\w-]+:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$", + "type": "string" + }, + "Role": { + "description": "The IAM role in IAM Identity Center used for the web app.", + "maxLength": 2048, + "minLength": 20, + "pattern": "^arn:[a-z-]+:iam::[0-9]{12}:role[:/]\\S+$", + "type": "string" + } + }, + "type": "object" + }, + "Tag": { + "additionalProperties": false, + "description": "Key-value pair that can be used to group and search for web apps.", + "properties": { + "Key": { + "maxLength": 128, + "minLength": 0, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, + "WebAppCustomization": { + "additionalProperties": false, + "properties": { + "FaviconFile": { + "description": "Specifies a favicon to display in the browser tab.", + "maxLength": 20960, + "minLength": 1, + "type": "string" + }, + "LogoFile": { + "description": "Specifies a logo to display on the web app.", + "maxLength": 51200, + "minLength": 1, + "type": "string" + }, + "Title": { + "description": "Specifies a title to display on the web app.", + "maxLength": 100, + "minLength": 0, + "type": "string" + } + }, + "type": "object" + }, + "WebAppEndpointPolicy": { + "enum": [ + "STANDARD", + "FIPS" + ], + "type": "string" + }, + "WebAppUnits": { + "oneOf": [ + { + "additionalProperties": false, + "description": "A union that contains the value for number of concurrent connections or the user sessions on your web app.", + "properties": { + "Provisioned": { + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "Provisioned" + ], + "title": "Provisioned", + "type": "object" + } + ] + } + }, + "description": "Resource Type definition for AWS::Transfer::WebApp", + "handlers": { + "create": { + "permissions": [ + "transfer:CreateWebApp", + "transfer:DescribeWebApp", + "transfer:DescribeWebAppCustomization", + "transfer:TagResource", + "transfer:UpdateWebAppCustomization", + "iam:PassRole", + "sso:CreateApplication", + "sso:DescribeApplication", + "sso:ListApplications", + "sso:PutApplicationGrant", + "sso:GetApplicationGrant", + "sso:ListApplicationGrants", + "sso:PutApplicationAuthenticationMethod", + "sso:GetApplicationAuthenticationMethod", + "sso:ListApplicationAuthenticationMethods", + "sso:PutApplicationAccessScope", + "sso:GetApplicationAccessScope", + "sso:ListApplicationAccessScopes" + ] + }, + "delete": { + "permissions": [ + "transfer:DeleteWebApp", + "sso:DescribeApplication", + "sso:DeleteApplication" + ] + }, + "list": { + "permissions": [ + "transfer:ListWebApps" + ] + }, + "read": { + "permissions": [ + "transfer:DescribeWebApp", + "transfer:DescribeWebAppCustomization" + ] + }, + "update": { + "permissions": [ + "transfer:DescribeWebApp", + "transfer:DescribeWebAppCustomization", + "transfer:UpdateWebApp", + "transfer:UpdateWebAppCustomization", + "transfer:DeleteWebAppCustomization", + "transfer:UnTagResource", + "transfer:TagResource", + "iam:PassRole", + "sso:PutApplicationGrant", + "sso:GetApplicationGrant", + "sso:ListApplicationGrants", + "sso:UpdateApplication", + "sso:DescribeApplication", + "sso:ListApplications" + ] + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "AccessEndpoint": { + "description": "The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "Arn": { + "description": "Specifies the unique Amazon Resource Name (ARN) for the web app.", + "maxLength": 1600, + "minLength": 20, + "pattern": "arn:.*", + "type": "string" + }, + "IdentityProviderDetails": { + "$ref": "#/definitions/IdentityProviderDetails" + }, + "Tags": { + "description": "Key-value pairs that can be used to group and search for web apps.", + "insertionOrder": false, + "items": { + "$ref": "#/definitions/Tag" + }, + "maxItems": 50, + "type": "array" + }, + "WebAppCustomization": { + "$ref": "#/definitions/WebAppCustomization" + }, + "WebAppEndpointPolicy": { + "$ref": "#/definitions/WebAppEndpointPolicy" + }, + "WebAppId": { + "description": "A unique identifier for the web app.", + "maxLength": 24, + "minLength": 24, + "pattern": "^webapp-([0-9a-f]{17})$", + "type": "string" + }, + "WebAppUnits": { + "$ref": "#/definitions/WebAppUnits" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/WebAppId", + "/properties/IdentityProviderDetails/ApplicationArn" + ], + "required": [ + "IdentityProviderDetails" + ], + "tagging": { + "cloudFormationSystemTags": true, + "permissions": [ + "transfer:TagResource", + "transfer:UnTagResource", + "transfer:ListTagsForResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": true, + "taggable": true + }, + "typeName": "AWS::Transfer::WebApp" +} diff --git a/schema/aws-transfer-workflow.json b/schema/aws-transfer-workflow.json index ae9255e..86ea478 100644 --- a/schema/aws-transfer-workflow.json +++ b/schema/aws-transfer-workflow.json @@ -391,6 +391,11 @@ ], "tagging": { "cloudFormationSystemTags": true, + "permissions": [ + "transfer:ListTagsForResource", + "transfer:UnTagResource", + "transfer:TagResource" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": true, diff --git a/schema/aws-vpclattice-accesslogsubscription.json b/schema/aws-vpclattice-accesslogsubscription.json index 45fa3e1..36c6735 100644 --- a/schema/aws-vpclattice-accesslogsubscription.json +++ b/schema/aws-vpclattice-accesslogsubscription.json @@ -91,7 +91,8 @@ ] }, "permissions": [ - "vpc-lattice:ListAccessLogSubscriptions" + "vpc-lattice:ListAccessLogSubscriptions", + "logs:GetLogDelivery" ] }, "read": { diff --git a/schema/aws-vpclattice-listener.json b/schema/aws-vpclattice-listener.json index 3ca86e0..502b232 100644 --- a/schema/aws-vpclattice-listener.json +++ b/schema/aws-vpclattice-listener.json @@ -90,7 +90,7 @@ }, "Weight": { "maximum": 999, - "minimum": 1, + "minimum": 0, "type": "integer" } }, diff --git a/schema/aws-vpclattice-resourceconfiguration.json b/schema/aws-vpclattice-resourceconfiguration.json index ef7f86f..574c3b4 100644 --- a/schema/aws-vpclattice-resourceconfiguration.json +++ b/schema/aws-vpclattice-resourceconfiguration.json @@ -233,7 +233,10 @@ "/properties/Id", "/properties/Arn" ], - "required": [], + "required": [ + "Name", + "ResourceConfigurationType" + ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "tagging": { "cloudFormationSystemTags": true, diff --git a/schema/aws-vpclattice-resourcegateway.json b/schema/aws-vpclattice-resourcegateway.json index f74167a..48e4fef 100644 --- a/schema/aws-vpclattice-resourcegateway.json +++ b/schema/aws-vpclattice-resourcegateway.json @@ -48,7 +48,8 @@ "delete": { "permissions": [ "vpc-lattice:DeleteResourceGateway", - "vpc-lattice:GetResourceGateway" + "vpc-lattice:GetResourceGateway", + "vpc-lattice:UntagResource" ] }, "list": { @@ -167,8 +168,13 @@ "/properties/Id", "/properties/Arn" ], + "required": [ + "Name", + "VpcIdentifier", + "SubnetIds" + ], "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, "permissions": [ "vpc-lattice:UntagResource", "vpc-lattice:TagResource", diff --git a/schema/aws-wafv2-rulegroup.json b/schema/aws-wafv2-rulegroup.json index 87c223d..dbdc65b 100644 --- a/schema/aws-wafv2-rulegroup.json +++ b/schema/aws-wafv2-rulegroup.json @@ -336,6 +336,9 @@ "JA3Fingerprint": { "$ref": "#/definitions/JA3Fingerprint" }, + "JA4Fingerprint": { + "$ref": "#/definitions/JA4Fingerprint" + }, "JsonBody": { "$ref": "#/definitions/JsonBody" }, @@ -372,6 +375,9 @@ ], "type": "object" }, + "UriFragment": { + "$ref": "#/definitions/UriFragment" + }, "UriPath": { "description": "The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.", "type": "object" @@ -547,6 +553,23 @@ ], "type": "object" }, + "JA4Fingerprint": { + "additionalProperties": false, + "description": "Includes the JA4 fingerprint of a web request.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "JsonBody": { "additionalProperties": false, "description": "Inspect the request body as JSON. The request body immediately follows the request headers.", @@ -768,6 +791,12 @@ "IP": { "$ref": "#/definitions/RateLimitIP" }, + "JA3Fingerprint": { + "$ref": "#/definitions/RateLimitJA3Fingerprint" + }, + "JA4Fingerprint": { + "$ref": "#/definitions/RateLimitJA4Fingerprint" + }, "LabelNamespace": { "$ref": "#/definitions/RateLimitLabelNamespace" }, @@ -848,6 +877,40 @@ "description": "Specifies the IP address in the web request as an aggregate key for a rate-based rule.", "type": "object" }, + "RateLimitJA3Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, + "RateLimitJA4Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "RateLimitLabelNamespace": { "additionalProperties": false, "description": "Specifies a label namespace to use as an aggregate key for a rate-based rule.", @@ -1290,6 +1353,20 @@ ], "type": "string" }, + "UriFragment": { + "additionalProperties": false, + "description": "The path component of the URI Fragment. This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "type": "object" + }, "VisibilityConfig": { "additionalProperties": false, "description": "Visibility Metric of the RuleGroup.", diff --git a/schema/aws-wafv2-webacl.json b/schema/aws-wafv2-webacl.json index e2334e4..1009314 100644 --- a/schema/aws-wafv2-webacl.json +++ b/schema/aws-wafv2-webacl.json @@ -374,6 +374,54 @@ ], "type": "object" }, + "DataProtect": { + "additionalProperties": false, + "properties": { + "Action": { + "$ref": "#/definitions/DataProtectionAction" + }, + "ExcludeRateBasedDetails": { + "type": "boolean" + }, + "ExcludeRuleMatchDetails": { + "type": "boolean" + }, + "Field": { + "$ref": "#/definitions/FieldToProtect" + } + }, + "required": [ + "Field", + "Action" + ], + "type": "object" + }, + "DataProtectionAction": { + "enum": [ + "SUBSTITUTION", + "HASH" + ], + "type": "string" + }, + "DataProtectionConfig": { + "additionalProperties": false, + "properties": { + "DataProtections": { + "$ref": "#/definitions/DataProtections" + } + }, + "required": [ + "DataProtections" + ], + "type": "object" + }, + "DataProtections": { + "items": { + "$ref": "#/definitions/DataProtect" + }, + "minItems": 1, + "type": "array" + }, "DefaultAction": { "additionalProperties": false, "description": "Default Action WebACL will take against ingress traffic when there is no matching Rule.", @@ -465,6 +513,9 @@ "JA3Fingerprint": { "$ref": "#/definitions/JA3Fingerprint" }, + "JA4Fingerprint": { + "$ref": "#/definitions/JA4Fingerprint" + }, "JsonBody": { "$ref": "#/definitions/JsonBody" }, @@ -501,6 +552,9 @@ ], "type": "object" }, + "UriFragment": { + "$ref": "#/definitions/UriFragment" + }, "UriPath": { "description": "The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.", "type": "object" @@ -508,6 +562,40 @@ }, "type": "object" }, + "FieldToProtect": { + "additionalProperties": false, + "description": "Field in log to protect.", + "properties": { + "FieldKeys": { + "description": "List of field keys to protect", + "items": { + "$ref": "#/definitions/FieldToProtectKeyName" + }, + "type": "array" + }, + "FieldType": { + "description": "Field type to protect", + "enum": [ + "SINGLE_HEADER", + "SINGLE_COOKIE", + "SINGLE_QUERY_ARGUMENT", + "QUERY_STRING", + "BODY" + ], + "type": "string" + } + }, + "required": [ + "FieldType" + ], + "type": "object" + }, + "FieldToProtectKeyName": { + "description": "Key of the field to protect.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, "ForwardedIPConfiguration": { "additionalProperties": false, "properties": { @@ -676,6 +764,23 @@ ], "type": "object" }, + "JA4Fingerprint": { + "additionalProperties": false, + "description": "Includes the JA4 fingerprint of a web request.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "JsonBody": { "additionalProperties": false, "description": "Inspect the request body as JSON. The request body immediately follows the request headers.", @@ -990,6 +1095,12 @@ "IP": { "$ref": "#/definitions/RateLimitIP" }, + "JA3Fingerprint": { + "$ref": "#/definitions/RateLimitJA3Fingerprint" + }, + "JA4Fingerprint": { + "$ref": "#/definitions/RateLimitJA4Fingerprint" + }, "LabelNamespace": { "$ref": "#/definitions/RateLimitLabelNamespace" }, @@ -1070,6 +1181,40 @@ "description": "Specifies the IP address in the web request as an aggregate key for a rate-based rule.", "type": "object" }, + "RateLimitJA3Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, + "RateLimitJA4Fingerprint": { + "additionalProperties": false, + "description": "Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "required": [ + "FallbackBehavior" + ], + "type": "object" + }, "RateLimitLabelNamespace": { "additionalProperties": false, "description": "Specifies a label namespace to use as an aggregate key for a rate-based rule.", @@ -1825,6 +1970,20 @@ }, "type": "array" }, + "UriFragment": { + "additionalProperties": false, + "description": "The path component of the URI Fragment. This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction", + "properties": { + "FallbackBehavior": { + "enum": [ + "MATCH", + "NO_MATCH" + ], + "type": "string" + } + }, + "type": "object" + }, "UriPath": { "type": "object" }, @@ -1943,6 +2102,10 @@ "CustomResponseBodies": { "$ref": "#/definitions/CustomResponseBodies" }, + "DataProtectionConfig": { + "$ref": "#/definitions/DataProtectionConfig", + "description": "Collection of dataProtects." + }, "DefaultAction": { "$ref": "#/definitions/DefaultAction" }, diff --git a/schema/aws-wafv2-webaclassociation.json b/schema/aws-wafv2-webaclassociation.json index bad6d96..b652b5b 100644 --- a/schema/aws-wafv2-webaclassociation.json +++ b/schema/aws-wafv2-webaclassociation.json @@ -19,6 +19,8 @@ "wafv2:GetWebACLForResource", "wafv2:GetWebACL", "wafv2:DisassociateWebACL", + "wafv2:PutPermissionPolicy", + "wafv2:GetPermissionPolicy", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "appsync:SetWebACL", @@ -31,7 +33,9 @@ "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", - "ec2:GetVerifiedAccessInstanceWebAcl" + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:AssociateWebACL", + "amplify:GetWebACLForResource" ] }, "delete": { @@ -40,6 +44,7 @@ "wafv2:GetWebACLForResource", "wafv2:GetWebACL", "wafv2:DisassociateWebACL", + "wafv2:PutPermissionPolicy", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "appsync:SetWebACL", @@ -52,7 +57,9 @@ "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", - "ec2:GetVerifiedAccessInstanceWebAcl" + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:DisassociateWebACL", + "amplify:GetWebACLForResource" ] }, "read": { @@ -73,7 +80,8 @@ "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", - "ec2:GetVerifiedAccessInstanceWebAcl" + "ec2:GetVerifiedAccessInstanceWebAcl", + "amplify:GetWebACLForResource" ] }, "update": { diff --git a/schema/aws-wisdom-aiagent.json b/schema/aws-wisdom-aiagent.json index 3776657..35fc8ea 100644 --- a/schema/aws-wisdom-aiagent.json +++ b/schema/aws-wisdom-aiagent.json @@ -91,6 +91,10 @@ "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", "type": "string" }, + "Locale": { + "minLength": 1, + "type": "string" + }, "QueryReformulationAIPromptId": { "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$", "type": "string" @@ -171,6 +175,10 @@ "$ref": "#/definitions/AssociationConfiguration" }, "type": "array" + }, + "Locale": { + "minLength": 1, + "type": "string" } }, "type": "object" diff --git a/schema/aws-wisdom-aiprompt.json b/schema/aws-wisdom-aiprompt.json index 3769926..95956fe 100644 --- a/schema/aws-wisdom-aiprompt.json +++ b/schema/aws-wisdom-aiprompt.json @@ -19,7 +19,9 @@ "AIPromptAPIFormat": { "enum": [ "ANTHROPIC_CLAUDE_MESSAGES", - "ANTHROPIC_CLAUDE_TEXT_COMPLETIONS" + "ANTHROPIC_CLAUDE_TEXT_COMPLETIONS", + "MESSAGES", + "TEXT_COMPLETIONS" ], "type": "string" }, diff --git a/schema/aws-wisdom-assistant.json b/schema/aws-wisdom-assistant.json index 203eaf5..7bc50f9 100644 --- a/schema/aws-wisdom-assistant.json +++ b/schema/aws-wisdom-assistant.json @@ -129,6 +129,15 @@ "Name", "Type" ], - "taggable": false, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::Wisdom::Assistant" } diff --git a/schema/aws-wisdom-assistantassociation.json b/schema/aws-wisdom-assistantassociation.json index 84ecafe..c2664fd 100644 --- a/schema/aws-wisdom-assistantassociation.json +++ b/schema/aws-wisdom-assistantassociation.json @@ -141,6 +141,15 @@ "AssistantId" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk", - "taggable": false, + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "wisdom:TagResource" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::Wisdom::AssistantAssociation" } diff --git a/schema/aws-workspaces-connectionalias.json b/schema/aws-workspaces-connectionalias.json index 415c713..c7b4c58 100644 --- a/schema/aws-workspaces-connectionalias.json +++ b/schema/aws-workspaces-connectionalias.json @@ -128,5 +128,16 @@ "required": [ "ConnectionString" ], + "tagging": { + "cloudFormationSystemTags": false, + "permissions": [ + "workspaces:CreateTags", + "workspaces:DescribeTags" + ], + "tagOnCreate": true, + "tagProperty": "/properties/Tags", + "tagUpdatable": false, + "taggable": true + }, "typeName": "AWS::WorkSpaces::ConnectionAlias" } diff --git a/schema/aws-workspaces-workspacespool.json b/schema/aws-workspaces-workspacespool.json index 9c45ccd..1c0c4a6 100644 --- a/schema/aws-workspaces-workspacespool.json +++ b/schema/aws-workspaces-workspacespool.json @@ -90,28 +90,36 @@ "create": { "permissions": [ "workspaces:CreateWorkspacesPool", - "workspaces:DescribeWorkspacesPools" + "workspaces:DescribeWorkspacesPools", + "workspaces:CreateTags" ] }, "delete": { "permissions": [ "workspaces:DescribeWorkspacesPools", - "workspaces:TerminateWorkspacesPool" + "workspaces:TerminateWorkspacesPool", + "workspaces:DeleteTags" ] }, "list": { "permissions": [ - "workspaces:DescribeWorkspacesPools" + "workspaces:DescribeWorkspacesPools", + "workspaces:DescribeTags" ] }, "read": { "permissions": [ - "workspaces:DescribeWorkspacesPools" + "workspaces:DescribeWorkspacesPools", + "workspaces:DescribeTags" ] }, "update": { "permissions": [ - "workspaces:UpdateWorkspacesPool" + "workspaces:UpdateWorkspacesPool", + "workspaces:CreateTags", + "workspaces:DeleteTags", + "workspaces:DescribeWorkspacesPools", + "workspaces:DescribeTags" ] } }, @@ -180,7 +188,12 @@ "Capacity" ], "tagging": { - "cloudFormationSystemTags": false, + "cloudFormationSystemTags": true, + "permissions": [ + "workspaces:CreateTags", + "workspaces:DescribeTags", + "workspaces:DeleteTags" + ], "tagOnCreate": true, "tagProperty": "/properties/Tags", "tagUpdatable": false, diff --git a/schema/aws-workspacesthinclient-environment.json b/schema/aws-workspacesthinclient-environment.json index bdb6c05..844cd7e 100644 --- a/schema/aws-workspacesthinclient-environment.json +++ b/schema/aws-workspacesthinclient-environment.json @@ -149,7 +149,6 @@ "workspaces-web:GetPortal", "workspaces-web:GetUserSettings", "thinclient:UpdateEnvironment", - "thinclient:ListTagsForResource", "thinclient:TagResource", "thinclient:UntagResource", "kms:Decrypt", diff --git a/schema/aws-workspacesweb-usersettings.json b/schema/aws-workspacesweb-usersettings.json index c1208af..95117e5 100644 --- a/schema/aws-workspacesweb-usersettings.json +++ b/schema/aws-workspacesweb-usersettings.json @@ -73,6 +73,19 @@ }, "type": "object" }, + "MaxDisplayResolution": { + "enum": [ + "size4096X2160", + "size3840X2160", + "size3440X1440", + "size2560X1440", + "size1920X1080", + "size1280X720", + "size1024X768", + "size800X600" + ], + "type": "string" + }, "Tag": { "additionalProperties": false, "properties": { @@ -94,6 +107,51 @@ "Value" ], "type": "object" + }, + "ToolbarConfiguration": { + "additionalProperties": false, + "properties": { + "HiddenToolbarItems": { + "items": { + "$ref": "#/definitions/ToolbarItem" + }, + "type": "array" + }, + "MaxDisplayResolution": { + "$ref": "#/definitions/MaxDisplayResolution" + }, + "ToolbarType": { + "$ref": "#/definitions/ToolbarType" + }, + "VisualMode": { + "$ref": "#/definitions/VisualMode" + } + }, + "type": "object" + }, + "ToolbarItem": { + "enum": [ + "Windows", + "DualMonitor", + "FullScreen", + "Webcam", + "Microphone" + ], + "type": "string" + }, + "ToolbarType": { + "enum": [ + "Floating", + "Docked" + ], + "type": "string" + }, + "VisualMode": { + "enum": [ + "Dark", + "Light" + ], + "type": "string" } }, "description": "Definition of AWS::WorkSpacesWeb::UserSettings Resource Type", @@ -217,6 +275,9 @@ "minItems": 0, "type": "array" }, + "ToolbarConfiguration": { + "$ref": "#/definitions/ToolbarConfiguration" + }, "UploadAllowed": { "$ref": "#/definitions/EnabledType" }, diff --git a/schema/aws-xray-transactionsearchconfig.json b/schema/aws-xray-transactionsearchconfig.json new file mode 100644 index 0000000..f2ec336 --- /dev/null +++ b/schema/aws-xray-transactionsearchconfig.json @@ -0,0 +1,77 @@ +{ + "additionalProperties": false, + "definitions": { + "AccountId": { + "description": "User account id, used as the primary identifier for the resource", + "pattern": "^\\d{12}$", + "type": "string" + }, + "IndexingPercentage": { + "description": "Determines the percentage of traces indexed from CloudWatch Logs to X-Ray", + "maximum": 100, + "minimum": 0, + "type": "number" + } + }, + "description": "This schema provides construct and validation rules for AWS-XRay TransactionSearchConfig resource parameters.", + "handlers": { + "create": { + "permissions": [ + "application-signals:StartDiscovery", + "iam:CreateServiceLinkedRole", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutRetentionPolicy", + "xray:GetIndexingRules", + "xray:GetTraceSegmentDestination", + "xray:UpdateIndexingRule", + "xray:UpdateTraceSegmentDestination" + ] + }, + "delete": { + "permissions": [ + "xray:GetTraceSegmentDestination", + "xray:UpdateTraceSegmentDestination", + "xray:UpdateIndexingRule" + ] + }, + "list": { + "permissions": [ + "xray:GetTraceSegmentDestination", + "xray:GetIndexingRules" + ] + }, + "read": { + "permissions": [ + "xray:GetTraceSegmentDestination", + "xray:GetIndexingRules" + ] + }, + "update": { + "permissions": [ + "xray:GetIndexingRules", + "xray:GetTraceSegmentDestination", + "xray:UpdateIndexingRule" + ] + } + }, + "primaryIdentifier": [ + "/properties/AccountId" + ], + "properties": { + "AccountId": { + "$ref": "#/definitions/AccountId" + }, + "IndexingPercentage": { + "$ref": "#/definitions/IndexingPercentage" + } + }, + "readOnlyProperties": [ + "/properties/AccountId" + ], + "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging": { + "taggable": false + }, + "typeName": "AWS::XRay::TransactionSearchConfig" +} diff --git a/src/arm/helpers.go b/src/arm/helpers.go index 1db2d4b..0e03f4a 100644 --- a/src/arm/helpers.go +++ b/src/arm/helpers.go @@ -188,9 +188,9 @@ func ArrayToString(defaultValue []interface{}) string { for count, value := range defaultValue { if count == len(defaultValue)-1 { - newValue += "\"" + value.(string) + "\"" + newValue += "\"" + EscapeQuote(value.(string)) + "\"" } else { - newValue += "\"" + value.(string) + "\"" + "," + newValue += "\"" + EscapeQuote(value.(string)) + "\"" + "," } } diff --git a/src/see/lookup_test.go b/src/see/lookup_test.go index 2ae2d2e..4a8c25a 100644 --- a/src/see/lookup_test.go +++ b/src/see/lookup_test.go @@ -170,7 +170,7 @@ func TestLookupAll(t *testing.T) { s.WriteString(typeName) s.WriteString("\": \"\",") fmt.Println(s.String()) - t.Errorf("Lookup incomplete") + t.Errorf("Lookup incomplete %s", typeName) } } } diff --git a/src/see/resource_mapping.go b/src/see/resource_mapping.go index 5d7411c..eb63e8b 100644 --- a/src/see/resource_mapping.go +++ b/src/see/resource_mapping.go @@ -69,6 +69,7 @@ var lookupMapping = map[string]string{ "aws::applicationautoscaling::scalabletarget": "aws_appautoscaling_target", "aws::applicationautoscaling::scalingpolicy": "aws_appAutoscaling_policy", "aws::applicationinsights::application": "aws_applicationinsights_application", + "aws::applicationsignals::discovery": none, "aws::applicationsignals::servicelevelobjective": none, "aws::appmesh::gatewayroute": "aws_appmesh_gateway_route", "aws::appmesh::mesh": "aws_appmesh_mesh", @@ -140,6 +141,7 @@ var lookupMapping = map[string]string{ "aws::backup::restoretestingselection": none, "aws::backupgateway::hypervisor": none, "aws::batch::computeenvironment": "aws_batch_compute_environment", + "aws::batch::consumableresource": none, "aws::batch::jobdefinition": "aws_batch_job_definition", "aws::batch::jobqueue": "aws_batch_job_queue", "aws::batch::schedulingpolicy": "aws_batch_scheduling_policy", @@ -147,6 +149,8 @@ var lookupMapping = map[string]string{ "aws::bedrock::agent": "aws_bedrockagent_agent", "aws::bedrock::agentalias": "aws_bedrockagent_agent_alias", "aws::bedrock::applicationinferenceprofile": none, + "aws::bedrock::blueprint": none, + "aws::bedrock::dataautomationproject": none, "aws::bedrock::datasource": "aws_bedrockagent_data_source", "aws::bedrock::flow": none, "aws::bedrock::flowalias": none, @@ -216,6 +220,7 @@ var lookupMapping = map[string]string{ "aws::cloudfront::realtimelogconfig": "aws_cloudfront_realtime_log_config", "aws::cloudfront::responseheaderspolicy": "aws_cloudfront_response_headers_policy", "aws::cloudfront::streamingdistribution": none, + "aws::cloudfront::vpcorigin": "aws_cloudfront_vpc_origin", "aws::cloudtrail::channel": none, "aws::cloudtrail::dashboard": none, "aws::cloudtrail::eventdatastore": "aws_cloudtrail_event_data_store", @@ -280,6 +285,7 @@ var lookupMapping = map[string]string{ "aws::connect::approvedorigin": none, "aws::connect::contactflow": "aws_connect_contact_flow", "aws::connect::contactflowmodule": "aws_connect_contact_flow_module", + "aws::connect::contactflowversion": "aws_connect_contact_flow", "aws::connect::emailaddress": none, "aws::connect::evaluationform": none, "aws::connect::hoursofoperation": "aws_connect_hours_of_operation", @@ -336,6 +342,7 @@ var lookupMapping = map[string]string{ "aws::datasync::locationsmb": "aws_datasync_location_smb", "aws::datasync::storagesystem": none, "aws::datasync::task": "aws_datasync_task", + "aws::datazone::connection": none, "aws::datazone::datasource": none, "aws::datazone::domain": "aws_datazone_domain", "aws::datazone::environment": none, @@ -353,11 +360,13 @@ var lookupMapping = map[string]string{ "aws::deadline::farm": none, "aws::deadline::fleet": none, "aws::deadline::licenseendpoint": none, + "aws::deadline::limit": none, "aws::deadline::meteredproduct": none, "aws::deadline::monitor": none, "aws::deadline::queue": none, "aws::deadline::queueenvironment": none, "aws::deadline::queuefleetassociation": none, + "aws::deadline::queuelimitassociation": none, "aws::deadline::storageprofile": none, "aws::detective::graph": "aws_detective_graph", "aws::detective::memberinvitation": "aws_detective_invitation_accepter", @@ -644,6 +653,7 @@ var lookupMapping = map[string]string{ "aws::guardduty::malwareprotectionplan": "aws_guardduty_malware_protection_plan", "aws::guardduty::master": none, "aws::guardduty::member": "aws_guardduty_member", + "aws::guardduty::publishingdestination": "aws_guardduty_publishing_destination", "aws::guardduty::threatintelset": "aws_guardduty_threatintelset", "aws::healthimaging::datastore": none, "aws::healthlake::fhirdatastore": none, @@ -965,6 +975,7 @@ var lookupMapping = map[string]string{ "aws::omics::workflow": none, "aws::opensearchserverless::accesspolicy": "aws_opensearchserverless_access_policy", "aws::opensearchserverless::collection": "aws_opensearchserverless_collection", + "aws::opensearchserverless::index": none, "aws::opensearchserverless::lifecyclepolicy": "aws_opensearchserverless_lifecycle_policy", "aws::opensearchserverless::securityconfig": "aws_opensearchserverless_security_config", "aws::opensearchserverless::securitypolicy": "aws_opensearchserverless_security_policy", @@ -1042,6 +1053,7 @@ var lookupMapping = map[string]string{ "aws::qldb::ledger": "aws_qldb_ledger", "aws::qldb::stream": "aws_qldb_stream", "aws::quicksight::analysis": "aws_quicksight_analysis", + "aws::quicksight::custompermissions": none, "aws::quicksight::dashboard": "aws_quicksight_dashboard", "aws::quicksight::dataset": "aws_quicksight_data_set", "aws::quicksight::datasource": "aws_quicksight_data_source", @@ -1181,7 +1193,7 @@ var lookupMapping = map[string]string{ "aws::sagemaker::monitoringschedule": "aws_sagemaker_monitoring_schedule", "aws::sagemaker::notebookinstance": "aws_sagemaker_notebook_instance", "aws::sagemaker::notebookinstancelifecycleconfig": "aws_sagemaker_notebook_instance_lifecycle_configuration", - "aws::sagemaker::partnerapp:": none, + "aws::sagemaker::partnerapp": none, "aws::sagemaker::pipeline": "aws_sagemaker_pipeline", "aws::sagemaker::project": "aws_sagemaker_project", "aws::sagemaker::space": none, @@ -1308,6 +1320,7 @@ var lookupMapping = map[string]string{ "aws::transfer::profile": "aws_transfer_profile", "aws::transfer::server": "aws_transfer_server", "aws::transfer::user": "aws_transfer_user", + "aws::transfer::webapp": none, "aws::transfer::workflow": "aws_transfer_workflow", "aws::verifiedpermissions::identitysource": "aws_verifiedpermissions_identity_source", "aws::verifiedpermissions::policy": "aws_verifiedpermissions_policy", @@ -1378,6 +1391,17 @@ var lookupMapping = map[string]string{ "aws::xray::group": "aws_xray_group", "aws::xray::resourcepolicy": none, "aws::xray::samplingrule": "aws_xray_sampling_rule", + "aws::xray::transactionsearchconfig": none, + "aws::cloudfront::connectiongroup": none, + "aws::cloudfront::distributiontenant": none, + "aws::dsql::cluster": none, + "aws::ec2::routeserver": none, + "aws::ec2::routeserverassociation": none, + "aws::ec2::routeserverendpoint": none, + "aws::ec2::routeserverpeer": none, + "aws::ec2::routeserverpropagation": none, + "aws::ecr::registryscanningconfiguration": "aws_ecr_registry_scanning_configuration", + "aws::iotsitewise::dataset": none, // add more "microsoft.aad/domainservices": "azurerm_active_directory_domain_service",