diff --git a/integration/resources/expected/single/api_with_domain_ipaddresstype.json b/integration/resources/expected/single/api_with_domain_ipaddresstype.json new file mode 100644 index 000000000..daf4c48b4 --- /dev/null +++ b/integration/resources/expected/single/api_with_domain_ipaddresstype.json @@ -0,0 +1,22 @@ +[ + { + "LogicalResourceId": "MyApi", + "ResourceType": "AWS::ApiGateway::RestApi" + }, + { + "LogicalResourceId": "MyApiDeployment", + "ResourceType": "AWS::ApiGateway::Deployment" + }, + { + "LogicalResourceId": "MyApiProdStage", + "ResourceType": "AWS::ApiGateway::Stage" + }, + { + "LogicalResourceId": "ApiGatewayDomainName", + "ResourceType": "AWS::ApiGateway::DomainName" + }, + { + "LogicalResourceId": "MyApiBasePathMapping", + "ResourceType": "AWS::ApiGateway::BasePathMapping" + } +] diff --git a/integration/resources/expected/single/api_with_ipaddresstype.json b/integration/resources/expected/single/api_with_ipaddresstype.json new file mode 100644 index 000000000..30b334c23 --- /dev/null +++ b/integration/resources/expected/single/api_with_ipaddresstype.json @@ -0,0 +1,14 @@ +[ + { + "LogicalResourceId": "MyApi", + "ResourceType": "AWS::ApiGateway::RestApi" + }, + { + "LogicalResourceId": "MyApiDeployment", + "ResourceType": "AWS::ApiGateway::Deployment" + }, + { + "LogicalResourceId": "MyApiProdStage", + "ResourceType": "AWS::ApiGateway::Stage" + } +] diff --git a/integration/resources/templates/single/api_with_domain_ipaddresstype.yaml b/integration/resources/templates/single/api_with_domain_ipaddresstype.yaml new file mode 100644 index 000000000..8c2c5377b --- /dev/null +++ b/integration/resources/templates/single/api_with_domain_ipaddresstype.yaml @@ -0,0 +1,23 @@ +Parameters: + IpAddressType: + Type: String + Default: dualstack + DomainName: + Type: String + CertificateArn: + Type: String + +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionUri: ${definitionuri} + Domain: + DomainName: !Ref DomainName + CertificateArn: !Ref CertificateArn + EndpointConfiguration: REGIONAL + IpAddressType: !Ref IpAddressType + +Metadata: + SamTransformTest: true diff --git a/integration/resources/templates/single/api_with_ipaddresstype.yaml b/integration/resources/templates/single/api_with_ipaddresstype.yaml new file mode 100644 index 000000000..26f17d0ea --- /dev/null +++ b/integration/resources/templates/single/api_with_ipaddresstype.yaml @@ -0,0 +1,16 @@ +Parameters: + IpAddressType: + Type: String + Default: ipv4 + +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionUri: ${definitionuri} + EndpointConfiguration: + Type: REGIONAL + IpAddressType: !Ref IpAddressType +Metadata: + SamTransformTest: true diff --git a/integration/single/test_api_with_domain_ipaddresstype.py b/integration/single/test_api_with_domain_ipaddresstype.py new file mode 100644 index 000000000..24fd5e896 --- /dev/null +++ b/integration/single/test_api_with_domain_ipaddresstype.py @@ -0,0 +1,35 @@ +from unittest.case import skipIf + +from integration.config.service_names import REST_API +from integration.helpers.base_internal_test import BaseInternalTest +from integration.helpers.resource import current_region_does_not_support + + +@skipIf( + current_region_does_not_support([REST_API]), + "Rest API is not supported in this testing region", +) +class TestApiWithDomainIpAddressType(BaseInternalTest): + """ + Test AWS::Serverless::Api with IpAddressType in Domain configuration + """ + + def test_api_with_domain_ipaddresstype(self): + """ + Creates an API with custom domain and IpAddressType set to dualstack + """ + self.create_and_verify_stack("single/api_with_domain_ipaddresstype") + + # Verify the domain name resource + domain_name_id = self.get_physical_id_by_type("AWS::ApiGateway::DomainName") + api_gateway_client = self.client_provider.api_client + result = api_gateway_client.get_domain_name(domainName=domain_name_id) + + # Verify endpoint configuration + end_point_config = result["endpointConfiguration"] + end_point_types = end_point_config["types"] + self.assertEqual(1, len(end_point_types)) + self.assertEqual("REGIONAL", end_point_types[0]) + + # Verify IpAddressType is set correctly + self.assertEqual("dualstack", end_point_config["ipAddressType"]) diff --git a/integration/single/test_api_with_ipaddresstype.py b/integration/single/test_api_with_ipaddresstype.py new file mode 100644 index 000000000..553f17ed0 --- /dev/null +++ b/integration/single/test_api_with_ipaddresstype.py @@ -0,0 +1,25 @@ +from unittest.case import skipIf + +from integration.config.service_names import REST_API +from integration.helpers.base_test import BaseTest +from integration.helpers.resource import current_region_does_not_support + + +@skipIf(current_region_does_not_support([REST_API]), "Rest API is not supported in this testing region") +class TestApiWithIpAddressType(BaseTest): + """ + Test AWS::Serverless::Api with IpAddressType in EndpointConfiguration + """ + + def test_api_with_ipaddresstype(self): + """ + Creates an API with IpAddressType set to ipv4 + """ + parameters = [{"ParameterKey": "IpAddressType", "ParameterValue": "ipv4"}] + self.create_and_verify_stack("single/api_with_ipaddresstype", parameters) + + rest_api_id = self.get_physical_id_by_type("AWS::ApiGateway::RestApi") + rest_api = self.client_provider.api_client.get_rest_api(restApiId=rest_api_id) + + self.assertEqual(rest_api["endpointConfiguration"]["types"], ["REGIONAL"]) + self.assertEqual(rest_api["endpointConfiguration"]["ipAddressType"], "ipv4") diff --git a/samtranslator/internal/schema_source/aws_serverless_api.py b/samtranslator/internal/schema_source/aws_serverless_api.py index 316ffb9da..21e106a4b 100644 --- a/samtranslator/internal/schema_source/aws_serverless_api.py +++ b/samtranslator/internal/schema_source/aws_serverless_api.py @@ -175,6 +175,11 @@ class Domain(BaseModel): EndpointConfiguration: Optional[SamIntrinsicable[Literal["REGIONAL", "EDGE", "PRIVATE"]]] = domain( "EndpointConfiguration" ) + IpAddressType: Optional[PassThroughProp] = passthrough_prop( + DOMAIN_STEM, + "IpAddressType", + ["AWS::ApiGateway::DomainName.EndpointConfiguration", "IpAddressType"], + ) MutualTlsAuthentication: Optional[PassThroughProp] = passthrough_prop( DOMAIN_STEM, "MutualTlsAuthentication", @@ -223,6 +228,11 @@ class EndpointConfiguration(BaseModel): "VPCEndpointIds", ["AWS::ApiGateway::RestApi.EndpointConfiguration", "VpcEndpointIds"], ) + IpAddressType: Optional[PassThroughProp] = passthrough_prop( + ENDPOINT_CONFIGURATION_STEM, + "IpAddressType", + ["AWS::ApiGateway::RestApi.EndpointConfiguration", "IpAddressType"], + ) Name = Optional[PassThroughProp] diff --git a/samtranslator/internal/schema_source/sam-docs.json b/samtranslator/internal/schema_source/sam-docs.json index bafd04abc..9b5db688a 100644 --- a/samtranslator/internal/schema_source/sam-docs.json +++ b/samtranslator/internal/schema_source/sam-docs.json @@ -49,11 +49,13 @@ "NormalizeBasePath": "Indicates whether non\\-alphanumeric characters are allowed in basepaths defined by the `BasePath` property\\. When set to `True`, non\\-alphanumeric characters are removed from basepaths\\. \nUse `NormalizeBasePath` with the `BasePath` property\\. \n*Type*: Boolean \n*Required*: No \n*Default*: True \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", "OwnershipVerificationCertificateArn": "The ARN of the public certificate issued by ACM to validate ownership of your custom domain\\. Required only when you configure mutual TLS and you specify an ACM imported or private CA certificate ARN for the `CertificateArn`\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`OwnershipVerificationCertificateArn`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-ownershipverificationcertificatearn) property of an `AWS::ApiGateway::DomainName` resource\\.", "Route53": "Defines an Amazon Route\u00a053 configuration\\. \n*Type*: [Route53Configuration](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-route53configuration.html) \n*Required*: No \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", - "SecurityPolicy": "The TLS version plus cipher suite for this domain name\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`SecurityPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-securitypolicy) property of an `AWS::ApiGateway::DomainName` resource\\." + "SecurityPolicy": "The TLS version plus cipher suite for this domain name\\. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`SecurityPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-securitypolicy) property of an `AWS::ApiGateway::DomainName` resource\\.", + "IpAddressType": "The IP address types that can invoke this DomainName. Use `ipv4` to allow only IPv4 addresses to invoke this DomainName, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke this DomainName. For the `PRIVATE` endpoint type, only `dualstack` is supported. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`IpAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-domainname-endpointconfiguration.html#cfn-apigateway-domainname-endpointconfiguration-ipaddresstype) property of an `AWS::ApiGateway::DomainName.EndpointConfiguration` resource." }, "sam-property-api-endpointconfiguration": { "Type": "The endpoint type of a REST API\\. \n*Valid values*: `EDGE` or `REGIONAL` or `PRIVATE` \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Types`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-types) property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type\\.", - "VPCEndpointIds": "A list of VPC endpoint IDs of a REST API against which to create Route53 aliases\\. \n*Type*: List \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`VpcEndpointIds`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-vpcendpointids) property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type\\." + "VPCEndpointIds": "A list of VPC endpoint IDs of a REST API against which to create Route53 aliases\\. \n*Type*: List \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`VpcEndpointIds`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-vpcendpointids) property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type\\.", + "IpAddressType": "The IP address type for the API Gateway endpoint\\. \n*Valid values*: `ipv4` or `dualstack` \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`IpAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-ipaddresstype) property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type\\." }, "sam-property-api-lambdarequestauthorizationidentity": { "Context": "Converts the given context strings to the mapping expressions of format `context.contextString`\\. \n*Type*: List \n*Required*: No \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", @@ -799,4 +801,4 @@ "UseAliasAsEventTarget": "Indicate whether or not to pass the alias, created by using the `AutoPublishAlias` property, to the events source's target defined with [Events](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/#sam-statemachine-events.html#sam-statemachine-events)\\. \nSpecify `True` to use the alias as the events' target\\. \n*Type*: Boolean \n*Required*: No \n*Default*: `False` \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\." } } -} +} \ No newline at end of file diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index b9fe23e4d..9dd134447 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -471,7 +471,7 @@ def _construct_stage( return stage - def _construct_api_domain( # noqa: PLR0912, PLR0915 + def _construct_api_domain( # noqa: PLR0912, PLR0915 (too many branches/statements) self, rest_api: ApiGatewayRestApi, route53_record_set_groups: Any ) -> ApiDomainResponse: """ @@ -512,6 +512,11 @@ def _construct_api_domain( # noqa: PLR0912, PLR0915 domain.EndpointConfiguration = {"Types": [endpoint]} + # Handle IpAddressType if present + ip_address_type = self.domain.get("IpAddressType") + if ip_address_type: + domain.EndpointConfiguration["IpAddressType"] = ip_address_type + mutual_tls_auth = self.domain.get("MutualTlsAuthentication", None) if mutual_tls_auth: sam_expect(mutual_tls_auth, self.logical_id, "Domain.MutualTlsAuthentication").to_be_a_map() @@ -602,7 +607,7 @@ def _construct_api_domain( # noqa: PLR0912, PLR0915 return ApiDomainResponse(domain, basepath_resource_list, record_set_group) - def _construct_api_domain_v2( + def _construct_api_domain_v2( # noqa: PLR0915 self, rest_api: ApiGatewayRestApi, route53_record_set_groups: Any ) -> ApiDomainResponseV2: """ @@ -637,6 +642,11 @@ def _construct_api_domain_v2( domain.EndpointConfiguration = {"Types": [endpoint]} + # Handle IpAddressType if present + ip_address_type = self.domain.get("IpAddressType") + if ip_address_type: + domain.EndpointConfiguration["IpAddressType"] = ip_address_type + self._set_optional_domain_properties(domain) basepaths: Optional[List[str]] = self._get_basepaths() @@ -1537,6 +1547,10 @@ def _set_endpoint_configuration(self, rest_api: ApiGatewayRestApi, value: Union[ rest_api.EndpointConfiguration["VpcEndpointIds"] = value.get("VPCEndpointIds") or value.get( "VpcEndpointIds" ) + + # Handle IpAddressType if present + if "IpAddressType" in value: + rest_api.EndpointConfiguration["IpAddressType"] = value.get("IpAddressType") else: rest_api.EndpointConfiguration = {"Types": [value]} rest_api.Parameters = {"endpointConfigurationTypes": value} diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 4e0bcc39d..86e03b6f0 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -5622,6 +5622,11 @@ "AWS::ApiGateway::DomainName.EndpointConfiguration": { "additionalProperties": false, "properties": { + "IpAddressType": { + "markdownDescription": "The IP address types that can invoke this DomainName. Use `ipv4` to allow only IPv4 addresses to invoke this DomainName, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke this DomainName. For the `PRIVATE` endpoint type, only `dualstack` is supported.", + "title": "IpAddressType", + "type": "string" + }, "Types": { "items": { "type": "string" @@ -6478,6 +6483,11 @@ "AWS::ApiGateway::RestApi.EndpointConfiguration": { "additionalProperties": false, "properties": { + "IpAddressType": { + "markdownDescription": "The IP address types that can invoke an API (RestApi). Use `ipv4` to allow only IPv4 addresses to invoke an API, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke an API. For the `PRIVATE` endpoint type, only `dualstack` is supported.", + "title": "IpAddressType", + "type": "string" + }, "Types": { "items": { "type": "string" @@ -274565,6 +274575,11 @@ "EndpointConfiguration": { "additionalProperties": false, "properties": { + "IpAddressType": { + "markdownDescription": "The IP address type for the API Gateway endpoint\\. \n*Valid values*: `ipv4` or `dualstack` \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`IpAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-ipaddresstype) property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type\\.", + "title": "IpAddressType", + "type": "string" + }, "Type": { "items": { "type": "string" @@ -277056,6 +277071,11 @@ "markdownDescription": "Defines the type of API Gateway endpoint to map to the custom domain\\. The value of this property determines how the `CertificateArn` property is mapped in AWS CloudFormation\\. \n*Valid values*: `REGIONAL` or `EDGE` \n*Type*: String \n*Required*: No \n*Default*: `REGIONAL` \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", "title": "EndpointConfiguration" }, + "IpAddressType": { + "markdownDescription": "The IP address types that can invoke this DomainName. Use `ipv4` to allow only IPv4 addresses to invoke this DomainName, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke this DomainName. For the `PRIVATE` endpoint type, only `dualstack` is supported. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`IpAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-domainname-endpointconfiguration.html#cfn-apigateway-domainname-endpointconfiguration-ipaddresstype) property of an `AWS::ApiGateway::DomainName.EndpointConfiguration` resource.", + "title": "IpAddressType", + "type": "string" + }, "MutualTlsAuthentication": { "$ref": "#/definitions/AWS::ApiGateway::DomainName.MutualTlsAuthentication", "markdownDescription": "The mutual Transport Layer Security \\(TLS\\) authentication configuration for a custom domain name\\. \n*Type*: [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication) \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`MutualTlsAuthentication`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication) property of an `AWS::ApiGateway::DomainName` resource\\.", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index a90540b59..b85da2265 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -69,7 +69,7 @@ }, "ValidityNotBefore": { "$ref": "#/definitions/AWS::ACMPCA::Certificate.Validity", - "markdownDescription": "Information describing the start of the validity period of the certificate. This parameter sets the \u201cNot Before\" date for the certificate.\n\nBy default, when issuing a certificate, AWS Private CA sets the \"Not Before\" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The `ValidityNotBefore` parameter can be used to customize the \u201cNot Before\u201d value.\n\nUnlike the `Validity` parameter, the `ValidityNotBefore` parameter is optional.\n\nThe `ValidityNotBefore` value is expressed as an explicit date and time, using the `Validity` type value `ABSOLUTE` .", + "markdownDescription": "Information describing the start of the validity period of the certificate. This parameter sets the “Not Before\" date for the certificate.\n\nBy default, when issuing a certificate, AWS Private CA sets the \"Not Before\" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The `ValidityNotBefore` parameter can be used to customize the “Not Before” value.\n\nUnlike the `Validity` parameter, the `ValidityNotBefore` parameter is optional.\n\nThe `ValidityNotBefore` value is expressed as an explicit date and time, using the `Validity` type value `ABSOLUTE` .", "title": "ValidityNotBefore" } }, @@ -432,7 +432,7 @@ "items": { "$ref": "#/definitions/AWS::ACMPCA::Certificate.CustomAttribute" }, - "markdownDescription": "Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST\u2019s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .\n\n> Custom attributes cannot be used in combination with standard attributes.", + "markdownDescription": "Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .\n\n> Custom attributes cannot be used in combination with standard attributes.", "title": "CustomAttributes", "type": "array" }, @@ -943,7 +943,7 @@ "items": { "$ref": "#/definitions/AWS::ACMPCA::CertificateAuthority.CustomAttribute" }, - "markdownDescription": "Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST\u2019s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .\n\n> Custom attributes cannot be used in combination with standard attributes.", + "markdownDescription": "Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .\n\n> Custom attributes cannot be used in combination with standard attributes.", "title": "CustomAttributes", "type": "array" }, @@ -5629,6 +5629,11 @@ "markdownDescription": "A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is `\"EDGE\"` . For a regional API and its custom domain name, the endpoint type is `REGIONAL` . For a private API, the endpoint type is `PRIVATE` .", "title": "Types", "type": "array" + }, + "IpAddressType": { + "markdownDescription": "The IP address types that can invoke this DomainName. Use `ipv4` to allow only IPv4 addresses to invoke this DomainName, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke this DomainName. For the `PRIVATE` endpoint type, only `dualstack` is supported.", + "title": "IpAddressType", + "type": "string" } }, "type": "object" @@ -6471,6 +6476,11 @@ "AWS::ApiGateway::RestApi.EndpointConfiguration": { "additionalProperties": false, "properties": { + "IpAddressType": { + "markdownDescription": "The IP address types that can invoke an API (RestApi). Use `ipv4` to allow only IPv4 addresses to invoke an API, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke an API. For the `PRIVATE` endpoint type, only `dualstack` is supported.", + "title": "IpAddressType", + "type": "string" + }, "Types": { "items": { "type": "string" @@ -10370,7 +10380,7 @@ "type": "string" }, "ApplicationKey": { - "markdownDescription": "Application keys, in conjunction with your API key, give you full access to Datadog\u2019s programmatic API. Application keys are associated with the user account that created them. The application key is used to log all requests made to the API.", + "markdownDescription": "Application keys, in conjunction with your API key, give you full access to Datadog’s programmatic API. Application keys are associated with the user account that created them. The application key is used to log all requests made to the API.", "title": "ApplicationKey", "type": "string" } @@ -11206,7 +11216,7 @@ "type": "string" }, "FlowStatus": { - "markdownDescription": "Sets the status of the flow. You can specify one of the following values:\n\n- **Active** - The flow runs based on the trigger settings that you defined. Active scheduled flows run as scheduled, and active event-triggered flows run when the specified change event occurs. However, active on-demand flows run only when you manually start them by using Amazon AppFlow.\n- **Suspended** - You can use this option to deactivate an active flow. Scheduled and event-triggered flows will cease to run until you reactive them. This value only affects scheduled and event-triggered flows. It has no effect for on-demand flows.\n\nIf you omit the FlowStatus parameter, Amazon AppFlow creates the flow with a default status. The default status for on-demand flows is Active. The default status for scheduled and event-triggered flows is Draft, which means they\u2019re not yet active.", + "markdownDescription": "Sets the status of the flow. You can specify one of the following values:\n\n- **Active** - The flow runs based on the trigger settings that you defined. Active scheduled flows run as scheduled, and active event-triggered flows run when the specified change event occurs. However, active on-demand flows run only when you manually start them by using Amazon AppFlow.\n- **Suspended** - You can use this option to deactivate an active flow. Scheduled and event-triggered flows will cease to run until you reactive them. This value only affects scheduled and event-triggered flows. It has no effect for on-demand flows.\n\nIf you omit the FlowStatus parameter, Amazon AppFlow creates the flow with a default status. The default status for on-demand flows is Active. The default status for scheduled and event-triggered flows is Draft, which means they’re not yet active.", "title": "FlowStatus", "type": "string" }, @@ -13781,7 +13791,7 @@ "items": { "type": "string" }, - "markdownDescription": "Specify at least one of the following values.\n\n- *server-error* \u2013 HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511\n- *gateway-error* \u2013 HTTP status codes 502, 503, and 504\n- *client-error* \u2013 HTTP status code 409\n- *stream-error* \u2013 Retry on refused stream", + "markdownDescription": "Specify at least one of the following values.\n\n- *server-error* – HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511\n- *gateway-error* – HTTP status codes 502, 503, and 504\n- *client-error* – HTTP status code 409\n- *stream-error* – Retry on refused stream", "title": "HttpRetryEvents", "type": "array" }, @@ -14022,7 +14032,7 @@ "items": { "type": "string" }, - "markdownDescription": "Specify at least one of the following values.\n\n- *server-error* \u2013 HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511\n- *gateway-error* \u2013 HTTP status codes 502, 503, and 504\n- *client-error* \u2013 HTTP status code 409\n- *stream-error* \u2013 Retry on refused stream", + "markdownDescription": "Specify at least one of the following values.\n\n- *server-error* – HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511\n- *gateway-error* – HTTP status codes 502, 503, and 504\n- *client-error* – HTTP status code 409\n- *stream-error* – Retry on refused stream", "title": "HttpRetryEvents", "type": "array" }, @@ -14755,7 +14765,7 @@ "title": "Certificate" }, "Mode": { - "markdownDescription": "Specify one of the following modes.\n\n- ** STRICT \u2013 Listener only accepts connections with TLS enabled.\n- ** PERMISSIVE \u2013 Listener accepts connections with or without TLS enabled.\n- ** DISABLED \u2013 Listener only accepts connections without TLS.", + "markdownDescription": "Specify one of the following modes.\n\n- ** STRICT – Listener only accepts connections with TLS enabled.\n- ** PERMISSIVE – Listener accepts connections with or without TLS enabled.\n- ** DISABLED – Listener only accepts connections without TLS.", "title": "Mode", "type": "string" }, @@ -14850,7 +14860,7 @@ }, "Trust": { "$ref": "#/definitions/AWS::AppMesh::VirtualGateway.VirtualGatewayListenerTlsValidationContextTrust", - "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer\u2019s Transport Layer Security (TLS) certificate.", + "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.", "title": "Trust" } }, @@ -14943,7 +14953,7 @@ }, "Trust": { "$ref": "#/definitions/AWS::AppMesh::VirtualGateway.VirtualGatewayTlsValidationContextTrust", - "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer\u2019s Transport Layer Security (TLS) certificate.", + "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.", "title": "Trust" } }, @@ -15491,7 +15501,7 @@ "title": "Certificate" }, "Mode": { - "markdownDescription": "Specify one of the following modes.\n\n- ** STRICT \u2013 Listener only accepts connections with TLS enabled.\n- ** PERMISSIVE \u2013 Listener accepts connections with or without TLS enabled.\n- ** DISABLED \u2013 Listener only accepts connections without TLS.", + "markdownDescription": "Specify one of the following modes.\n\n- ** STRICT – Listener only accepts connections with TLS enabled.\n- ** PERMISSIVE – Listener accepts connections with or without TLS enabled.\n- ** DISABLED – Listener only accepts connections without TLS.", "title": "Mode", "type": "string" }, @@ -15586,7 +15596,7 @@ }, "Trust": { "$ref": "#/definitions/AWS::AppMesh::VirtualNode.ListenerTlsValidationContextTrust", - "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer\u2019s Transport Layer Security (TLS) certificate.", + "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.", "title": "Trust" } }, @@ -15758,7 +15768,7 @@ }, "Trust": { "$ref": "#/definitions/AWS::AppMesh::VirtualNode.TlsValidationContextTrust", - "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer\u2019s Transport Layer Security (TLS) certificate.", + "markdownDescription": "A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.", "title": "Trust" } }, @@ -16576,7 +16586,7 @@ "title": "CodeConfigurationValues" }, "ConfigurationSource": { - "markdownDescription": "The source of the App Runner configuration. Values are interpreted as follows:\n\n- `REPOSITORY` \u2013 App Runner reads configuration values from the `apprunner.yaml` file in the source code repository and ignores `CodeConfigurationValues` .\n- `API` \u2013 App Runner uses configuration values provided in `CodeConfigurationValues` and ignores the `apprunner.yaml` file in the source code repository.", + "markdownDescription": "The source of the App Runner configuration. Values are interpreted as follows:\n\n- `REPOSITORY` – App Runner reads configuration values from the `apprunner.yaml` file in the source code repository and ignores `CodeConfigurationValues` .\n- `API` – App Runner uses configuration values provided in `CodeConfigurationValues` and ignores the `apprunner.yaml` file in the source code repository.", "title": "ConfigurationSource", "type": "string" } @@ -16755,7 +16765,7 @@ "type": "array" }, "StartCommand": { - "markdownDescription": "An optional command that App Runner runs to start the application in the source image. If specified, this command overrides the Docker image\u2019s default start command.", + "markdownDescription": "An optional command that App Runner runs to start the application in the source image. If specified, this command overrides the Docker image’s default start command.", "title": "StartCommand", "type": "string" } @@ -17052,7 +17062,7 @@ "properties": { "IngressVpcConfiguration": { "$ref": "#/definitions/AWS::AppRunner::VpcIngressConnection.IngressVpcConfiguration", - "markdownDescription": "Specifications for the customer\u2019s Amazon VPC and the related AWS PrivateLink VPC endpoint that are used to create the VPC Ingress Connection resource.", + "markdownDescription": "Specifications for the customer’s Amazon VPC and the related AWS PrivateLink VPC endpoint that are used to create the VPC Ingress Connection resource.", "title": "IngressVpcConfiguration" }, "ServiceArn": { @@ -18183,7 +18193,7 @@ "type": "number" }, "DesiredSessions": { - "markdownDescription": "The desired capacity in terms of number of user sessions, for the multi-session fleet. This is not allowed for single-session fleets.\n\nWhen you create a fleet, you must set define either the DesiredSessions or DesiredInstances attribute, based on the type of fleet you create. You can\u2019t define both attributes or leave both attributes blank.", + "markdownDescription": "The desired capacity in terms of number of user sessions, for the multi-session fleet. This is not allowed for single-session fleets.\n\nWhen you create a fleet, you must set define either the DesiredSessions or DesiredInstances attribute, based on the type of fleet you create. You can’t define both attributes or leave both attributes blank.", "title": "DesiredSessions", "type": "number" } @@ -18615,7 +18625,7 @@ "type": "boolean" }, "SettingsGroup": { - "markdownDescription": "The path prefix for the S3 bucket where users\u2019 persistent application settings are stored. You can allow the same persistent application settings to be used across multiple stacks by specifying the same settings group for each stack.", + "markdownDescription": "The path prefix for the S3 bucket where users’ persistent application settings are stored. You can allow the same persistent application settings to be used across multiple stacks by specifying the same settings group for each stack.", "title": "SettingsGroup", "type": "string" } @@ -18896,7 +18906,7 @@ "type": "string" }, "MessageAction": { - "markdownDescription": "The action to take for the welcome email that is sent to a user after the user is created in the user pool. If you specify SUPPRESS, no email is sent. If you specify RESEND, do not specify the first name or last name of the user. If the value is null, the email is sent.\n\n> The temporary password in the welcome email is valid for only 7 days. If users don\u2019t set their passwords within 7 days, you must send them a new welcome email.", + "markdownDescription": "The action to take for the welcome email that is sent to a user after the user is created in the user pool. If you specify SUPPRESS, no email is sent. If you specify RESEND, do not specify the first name or last name of the user. If the value is null, the email is sent.\n\n> The temporary password in the welcome email is valid for only 7 days. If users don’t set their passwords within 7 days, you must send them a new welcome email.", "title": "MessageAction", "type": "string" }, @@ -18994,7 +19004,7 @@ "type": "boolean" }, "Ttl": { - "markdownDescription": "TTL in seconds for cache entries.\n\nValid values are 1\u20133,600 seconds.", + "markdownDescription": "TTL in seconds for cache entries.\n\nValid values are 1–3,600 seconds.", "title": "Ttl", "type": "number" }, @@ -20401,7 +20411,7 @@ "type": "array" }, "Ttl": { - "markdownDescription": "The TTL in seconds for a resolver that has caching activated.\n\nValid values are 1\u20133,600 seconds.", + "markdownDescription": "The TTL in seconds for a resolver that has caching activated.\n\nValid values are 1–3,600 seconds.", "title": "Ttl", "type": "number" } @@ -20776,7 +20786,7 @@ "type": "string" }, "PolicyType": { - "markdownDescription": "The scaling policy type.\n\nThe following policy types are supported:\n\n`TargetTrackingScaling` \u2014Not supported for Amazon EMR\n\n`StepScaling` \u2014Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.\n\n`PredictiveScaling` \u2014Only supported for Amazon ECS", + "markdownDescription": "The scaling policy type.\n\nThe following policy types are supported:\n\n`TargetTrackingScaling` —Not supported for Amazon EMR\n\n`StepScaling` —Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.\n\n`PredictiveScaling` —Only supported for Amazon ECS", "title": "PolicyType", "type": "string" }, @@ -22778,7 +22788,7 @@ }, "MixedInstancesPolicy": { "$ref": "#/definitions/AWS::AutoScaling::AutoScalingGroup.MixedInstancesPolicy", - "markdownDescription": "An embedded object that specifies a mixed instances policy.\n\nThe policy includes properties that not only define the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances (optional), and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacities, but also the properties that specify the instance configuration information\u2014the launch template and instance types. The policy can also include a weight for each instance type and different launch templates for individual instance types.\n\nFor more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide* .", + "markdownDescription": "An embedded object that specifies a mixed instances policy.\n\nThe policy includes properties that not only define the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances (optional), and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacities, but also the properties that specify the instance configuration information—the launch template and instance types. The policy can also include a weight for each instance type and different launch templates for individual instance types.\n\nFor more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide* .", "title": "MixedInstancesPolicy" }, "NewInstancesProtectedFromScaleIn": { @@ -22983,7 +22993,7 @@ }, "BaselineEbsBandwidthMbps": { "$ref": "#/definitions/AWS::AutoScaling::AutoScalingGroup.BaselineEbsBandwidthMbpsRequest", - "markdownDescription": "The minimum and maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", + "markdownDescription": "The minimum and maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", "title": "BaselineEbsBandwidthMbps" }, "BurstablePerformance": { @@ -23109,7 +23119,7 @@ "type": "string" }, "SpotInstancePools": { - "markdownDescription": "The number of Spot Instance pools across which to allocate your Spot Instances. The Spot pools are determined from the different instance types in the overrides. Valid only when the `SpotAllocationStrategy` is `lowest-price` . Value must be in the range of 1\u201320.\n\nDefault: 2", + "markdownDescription": "The number of Spot Instance pools across which to allocate your Spot Instances. The Spot pools are determined from the different instance types in the overrides. Valid only when the `SpotAllocationStrategy` is `lowest-price` . Value must be in the range of 1–20.\n\nDefault: 2", "title": "SpotInstancePools", "type": "number" }, @@ -28289,7 +28299,7 @@ "type": "string" }, "OperatingSystemFamily": { - "markdownDescription": "The operating system for the compute environment. Valid values are: `LINUX` (default), `WINDOWS_SERVER_2019_CORE` , `WINDOWS_SERVER_2019_FULL` , `WINDOWS_SERVER_2022_CORE` , and `WINDOWS_SERVER_2022_FULL` .\n\n> The following parameters can\u2019t be set for Windows containers: `linuxParameters` , `privileged` , `user` , `ulimits` , `readonlyRootFilesystem` , and `efsVolumeConfiguration` . > The AWS Batch Scheduler checks the compute environments that are attached to the job queue before registering a task definition with Fargate. In this scenario, the job queue is where the job is submitted. If the job requires a Windows container and the first compute environment is `LINUX` , the compute environment is skipped and the next compute environment is checked until a Windows-based compute environment is found. > Fargate Spot is not supported on Windows-based containers on Fargate. A job queue will be blocked if a Windows job is submitted to a job queue with only Fargate Spot compute environments. However, you can attach both `FARGATE` and `FARGATE_SPOT` compute environments to the same job queue.", + "markdownDescription": "The operating system for the compute environment. Valid values are: `LINUX` (default), `WINDOWS_SERVER_2019_CORE` , `WINDOWS_SERVER_2019_FULL` , `WINDOWS_SERVER_2022_CORE` , and `WINDOWS_SERVER_2022_FULL` .\n\n> The following parameters can’t be set for Windows containers: `linuxParameters` , `privileged` , `user` , `ulimits` , `readonlyRootFilesystem` , and `efsVolumeConfiguration` . > The AWS Batch Scheduler checks the compute environments that are attached to the job queue before registering a task definition with Fargate. In this scenario, the job queue is where the job is submitted. If the job requires a Windows container and the first compute environment is `LINUX` , the compute environment is skipped and the next compute environment is checked until a Windows-based compute environment is found. > Fargate Spot is not supported on Windows-based containers on Fargate. A job queue will be blocked if a Windows job is submitted to a job queue with only Fargate Spot compute environments. However, you can attach both `FARGATE` and `FARGATE_SPOT` compute environments to the same job queue.", "title": "OperatingSystemFamily", "type": "string" } @@ -29121,7 +29131,7 @@ "type": "string" }, "PromptState": { - "markdownDescription": "Specifies whether to allow the inline agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` \u2013 `ENABLED`\n- `ORCHESTRATION` \u2013 `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` \u2013 `ENABLED`\n- `POST_PROCESSING` \u2013 `DISABLED`", + "markdownDescription": "Specifies whether to allow the inline agent to carry out the step specified in the `promptType` . If you set this value to `DISABLED` , the agent skips that step. The default state for each `promptType` is as follows.\n\n- `PRE_PROCESSING` – `ENABLED`\n- `ORCHESTRATION` – `ENABLED`\n- `KNOWLEDGE_BASE_RESPONSE_GENERATION` – `ENABLED`\n- `POST_PROCESSING` – `DISABLED`", "title": "PromptState", "type": "string" }, @@ -29404,7 +29414,7 @@ "additionalProperties": false, "properties": { "ChunkingStrategy": { - "markdownDescription": "Knowledge base can split your source data into chunks. A *chunk* refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. You have the following options for chunking your data. If you opt for `NONE` , then you may want to pre-process your files by splitting them up such that each file corresponds to a chunk.\n\n- `FIXED_SIZE` \u2013 Amazon Bedrock splits your source data into chunks of the approximate size that you set in the `fixedSizeChunkingConfiguration` .\n- `HIERARCHICAL` \u2013 Split documents into layers of chunks where the first layer contains large chunks, and the second layer contains smaller chunks derived from the first layer.\n- `SEMANTIC` \u2013 Split documents into chunks based on groups of similar content derived with natural language processing.\n- `NONE` \u2013 Amazon Bedrock treats each file as one chunk. If you choose this option, you may want to pre-process your documents by splitting them into separate files.", + "markdownDescription": "Knowledge base can split your source data into chunks. A *chunk* refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. You have the following options for chunking your data. If you opt for `NONE` , then you may want to pre-process your files by splitting them up such that each file corresponds to a chunk.\n\n- `FIXED_SIZE` – Amazon Bedrock splits your source data into chunks of the approximate size that you set in the `fixedSizeChunkingConfiguration` .\n- `HIERARCHICAL` – Split documents into layers of chunks where the first layer contains large chunks, and the second layer contains smaller chunks derived from the first layer.\n- `SEMANTIC` – Split documents into chunks based on groups of similar content derived with natural language processing.\n- `NONE` – Amazon Bedrock treats each file as one chunk. If you choose this option, you may want to pre-process your documents by splitting them into separate files.", "title": "ChunkingStrategy", "type": "string" }, @@ -31539,7 +31549,7 @@ "type": "number" }, "ThresholdExpression": { - "markdownDescription": "An [Expression](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html) object in JSON string format used to specify the anomalies that you want to generate alerts for. This supports dimensions and nested expressions. The supported dimensions are `ANOMALY_TOTAL_IMPACT_ABSOLUTE` and `ANOMALY_TOTAL_IMPACT_PERCENTAGE` , corresponding to an anomaly\u2019s TotalImpact and TotalImpactPercentage, respectively (see [Impact](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Impact.html) for more details). The supported nested expression types are `AND` and `OR` . The match option `GREATER_THAN_OR_EQUAL` is required. Values must be numbers between 0 and 10,000,000,000 in string format.\n\nOne of Threshold or ThresholdExpression is required for `AWS::CE::AnomalySubscription` . You cannot specify both.\n\nFor further information, see the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ce-anomalysubscription.html#aws-resource-ce-anomalysubscription--examples) section of this page.", + "markdownDescription": "An [Expression](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html) object in JSON string format used to specify the anomalies that you want to generate alerts for. This supports dimensions and nested expressions. The supported dimensions are `ANOMALY_TOTAL_IMPACT_ABSOLUTE` and `ANOMALY_TOTAL_IMPACT_PERCENTAGE` , corresponding to an anomaly’s TotalImpact and TotalImpactPercentage, respectively (see [Impact](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Impact.html) for more details). The supported nested expression types are `AND` and `OR` . The match option `GREATER_THAN_OR_EQUAL` is required. Values must be numbers between 0 and 10,000,000,000 in string format.\n\nOne of Threshold or ThresholdExpression is required for `AWS::CE::AnomalySubscription` . You cannot specify both.\n\nFor further information, see the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ce-anomalysubscription.html#aws-resource-ce-anomalysubscription--examples) section of this page.", "title": "ThresholdExpression", "type": "string" } @@ -33063,7 +33073,7 @@ }, "PaymentConfiguration": { "$ref": "#/definitions/AWS::CleanRooms::Collaboration.PaymentConfiguration", - "markdownDescription": "The collaboration member's payment responsibilities set by the collaboration creator.\n\nIf the collaboration creator hasn't speci\ufb01ed anyone as the member paying for query compute costs, then the member who can query is the default payer.", + "markdownDescription": "The collaboration member's payment responsibilities set by the collaboration creator.\n\nIf the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer.", "title": "PaymentConfiguration" } }, @@ -35272,7 +35282,7 @@ "items": { "type": "string" }, - "markdownDescription": "The capabilities that are allowed in the StackSet. Some StackSet templates might include resources that can affect permissions in your AWS account \u2014for example, by creating new IAM users. For more information, see [Acknowledging IAM resources in CloudFormation templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html#using-iam-capabilities) in the *AWS CloudFormation User Guide* .", + "markdownDescription": "The capabilities that are allowed in the StackSet. Some StackSet templates might include resources that can affect permissions in your AWS account —for example, by creating new IAM users. For more information, see [Acknowledging IAM resources in CloudFormation templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html#using-iam-capabilities) in the *AWS CloudFormation User Guide* .", "title": "Capabilities", "type": "array" }, @@ -35888,7 +35898,7 @@ "additionalProperties": false, "properties": { "CookieBehavior": { - "markdownDescription": "Determines whether any cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` \u2013 No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to `none` , any cookies that are listed in an `OriginRequestPolicy` *are* included in origin requests.\n- `whitelist` \u2013 Only the cookies in viewer requests that are listed in the `CookieNames` type are included in the cache key and in requests that CloudFront sends to the origin.\n- `allExcept` \u2013 All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, **except** for those that are listed in the `CookieNames` type, which are not included.\n- `all` \u2013 All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.", + "markdownDescription": "Determines whether any cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` – No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to `none` , any cookies that are listed in an `OriginRequestPolicy` *are* included in origin requests.\n- `whitelist` – Only the cookies in viewer requests that are listed in the `CookieNames` type are included in the cache key and in requests that CloudFront sends to the origin.\n- `allExcept` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, **except** for those that are listed in the `CookieNames` type, which are not included.\n- `all` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.", "title": "CookieBehavior", "type": "string" }, @@ -35910,7 +35920,7 @@ "additionalProperties": false, "properties": { "HeaderBehavior": { - "markdownDescription": "Determines whether any HTTP headers are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` \u2013 No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to `none` , any headers that are listed in an `OriginRequestPolicy` *are* included in origin requests.\n- `whitelist` \u2013 Only the HTTP headers that are listed in the `Headers` type are included in the cache key and in requests that CloudFront sends to the origin.", + "markdownDescription": "Determines whether any HTTP headers are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` – No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to `none` , any headers that are listed in an `OriginRequestPolicy` *are* included in origin requests.\n- `whitelist` – Only the HTTP headers that are listed in the `Headers` type are included in the cache key and in requests that CloudFront sends to the origin.", "title": "HeaderBehavior", "type": "string" }, @@ -35969,7 +35979,7 @@ "additionalProperties": false, "properties": { "QueryStringBehavior": { - "markdownDescription": "Determines whether any URL query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` \u2013 No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to `none` , any query strings that are listed in an `OriginRequestPolicy` *are* included in origin requests.\n- `whitelist` \u2013 Only the query strings in viewer requests that are listed in the `QueryStringNames` type are included in the cache key and in requests that CloudFront sends to the origin.\n- `allExcept` \u2013 All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, **except** those that are listed in the `QueryStringNames` type, which are not included.\n- `all` \u2013 All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.", + "markdownDescription": "Determines whether any URL query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` – No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to `none` , any query strings that are listed in an `OriginRequestPolicy` *are* included in origin requests.\n- `whitelist` – Only the query strings in viewer requests that are listed in the `QueryStringNames` type are included in the cache key and in requests that CloudFront sends to the origin.\n- `allExcept` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, **except** those that are listed in the `QueryStringNames` type, which are not included.\n- `all` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.", "title": "QueryStringBehavior", "type": "string" }, @@ -36182,12 +36192,12 @@ "additionalProperties": false, "properties": { "IdleTTL": { - "markdownDescription": "The amount of time after which you want sessions to cease if no requests are received. Allowed values are 300\u20133600 seconds (5\u201360 minutes).", + "markdownDescription": "The amount of time after which you want sessions to cease if no requests are received. Allowed values are 300–3600 seconds (5–60 minutes).", "title": "IdleTTL", "type": "number" }, "MaximumTTL": { - "markdownDescription": "The maximum amount of time to consider requests from the viewer as being part of the same session. Allowed values are 300\u20133600 seconds (5\u201360 minutes).", + "markdownDescription": "The maximum amount of time to consider requests from the viewer as being part of the same session. Allowed values are 300–3600 seconds (5–60 minutes).", "title": "MaximumTTL", "type": "number" } @@ -36574,7 +36584,7 @@ "type": "number" }, "OriginProtocolPolicy": { - "markdownDescription": "Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are:\n\n- `http-only` \u2013 CloudFront always uses HTTP to connect to the origin.\n- `match-viewer` \u2013 CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.\n- `https-only` \u2013 CloudFront always uses HTTPS to connect to the origin.", + "markdownDescription": "Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are:\n\n- `http-only` – CloudFront always uses HTTP to connect to the origin.\n- `match-viewer` – CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.\n- `https-only` – CloudFront always uses HTTPS to connect to the origin.", "title": "OriginProtocolPolicy", "type": "string" }, @@ -36791,7 +36801,7 @@ "type": "string" }, "IPV6Enabled": { - "markdownDescription": "> To use this field for a multi-tenant distribution, use a connection group instead. For more information, see [ConnectionGroup](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ConnectionGroup.html) . \n\nIf you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify `true` . If you specify `false` , CloudFront responds to IPv6 DNS requests with the DNS response code `NOERROR` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.\n\nIn general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the `IpAddress` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide* .\n\nIf you're using an Amazon Route\u00a053 AWS Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:\n\n- You enable IPv6 for the distribution\n- You're using alternate domain names in the URLs for your objects\n\nFor more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Amazon Route\u00a053 AWS Integration Developer Guide* .\n\nIf you created a CNAME resource record set, either with Amazon Route\u00a053 AWS Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.", + "markdownDescription": "> To use this field for a multi-tenant distribution, use a connection group instead. For more information, see [ConnectionGroup](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ConnectionGroup.html) . \n\nIf you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify `true` . If you specify `false` , CloudFront responds to IPv6 DNS requests with the DNS response code `NOERROR` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.\n\nIn general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the `IpAddress` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide* .\n\nIf you're using an Amazon Route 53 AWS Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:\n\n- You enable IPv6 for the distribution\n- You're using alternate domain names in the URLs for your objects\n\nFor more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Amazon Route 53 AWS Integration Developer Guide* .\n\nIf you created a CNAME resource record set, either with Amazon Route 53 AWS Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.", "title": "IPV6Enabled", "type": "boolean" }, @@ -37296,7 +37306,7 @@ "type": "string" }, "SslSupportMethod": { - "markdownDescription": "> In CloudFormation, this field name is `SslSupportMethod` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.\n\n- `sni-only` \u2013 The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) . This is recommended. Most browsers and clients support SNI.\n- `vip` \u2013 The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.\n- `static-ip` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Support Center](https://docs.aws.amazon.com/support/home) .\n\nIf the distribution uses the CloudFront domain name such as `d111111abcdef8.cloudfront.net` , don't set a value for this field.", + "markdownDescription": "> In CloudFormation, this field name is `SslSupportMethod` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.\n\n- `sni-only` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) . This is recommended. Most browsers and clients support SNI.\n- `vip` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.\n- `static-ip` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Support Center](https://docs.aws.amazon.com/support/home) .\n\nIf the distribution uses the CloudFront domain name such as `d111111abcdef8.cloudfront.net` , don't set a value for this field.", "title": "SslSupportMethod", "type": "string" } @@ -37339,7 +37349,7 @@ "additionalProperties": false, "properties": { "AutoPublish": { - "markdownDescription": "A flag that determines whether to automatically publish the function to the `LIVE` stage when it\u2019s created. To automatically publish to the `LIVE` stage, set this property to `true` .", + "markdownDescription": "A flag that determines whether to automatically publish the function to the `LIVE` stage when it’s created. To automatically publish to the `LIVE` stage, set this property to `true` .", "title": "AutoPublish", "type": "boolean" }, @@ -37821,7 +37831,7 @@ "type": "string" }, "SigningBehavior": { - "markdownDescription": "Specifies which requests CloudFront signs (adds authentication information to). Specify `always` for the most common use case. For more information, see [origin access control advanced settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) in the *Amazon CloudFront Developer Guide* .\n\nThis field can have one of the following values:\n\n- `always` \u2013 CloudFront signs all origin requests, overwriting the `Authorization` header from the viewer request if one exists.\n- `never` \u2013 CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.\n- `no-override` \u2013 If the viewer request doesn't contain the `Authorization` header, then CloudFront signs the origin request. If the viewer request contains the `Authorization` header, then CloudFront doesn't sign the origin request and instead passes along the `Authorization` header from the viewer request. *WARNING: To pass along the `Authorization` header from the viewer request, you *must* add the `Authorization` header to a [cache policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) for all cache behaviors that use origins associated with this origin access control.*", + "markdownDescription": "Specifies which requests CloudFront signs (adds authentication information to). Specify `always` for the most common use case. For more information, see [origin access control advanced settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) in the *Amazon CloudFront Developer Guide* .\n\nThis field can have one of the following values:\n\n- `always` – CloudFront signs all origin requests, overwriting the `Authorization` header from the viewer request if one exists.\n- `never` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.\n- `no-override` – If the viewer request doesn't contain the `Authorization` header, then CloudFront signs the origin request. If the viewer request contains the `Authorization` header, then CloudFront doesn't sign the origin request and instead passes along the `Authorization` header from the viewer request. *WARNING: To pass along the `Authorization` header from the viewer request, you *must* add the `Authorization` header to a [cache policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) for all cache behaviors that use origins associated with this origin access control.*", "title": "SigningBehavior", "type": "string" }, @@ -37910,7 +37920,7 @@ "additionalProperties": false, "properties": { "CookieBehavior": { - "markdownDescription": "Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` \u2013 No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to `none` , any cookies that are listed in a `CachePolicy` *are* included in origin requests.\n- `whitelist` \u2013 Only the cookies in viewer requests that are listed in the `CookieNames` type are included in requests that CloudFront sends to the origin.\n- `all` \u2013 All cookies in viewer requests are included in requests that CloudFront sends to the origin.\n- `allExcept` \u2013 All cookies in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the `CookieNames` type, which are not included.", + "markdownDescription": "Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` – No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to `none` , any cookies that are listed in a `CachePolicy` *are* included in origin requests.\n- `whitelist` – Only the cookies in viewer requests that are listed in the `CookieNames` type are included in requests that CloudFront sends to the origin.\n- `all` – All cookies in viewer requests are included in requests that CloudFront sends to the origin.\n- `allExcept` – All cookies in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the `CookieNames` type, which are not included.", "title": "CookieBehavior", "type": "string" }, @@ -37932,7 +37942,7 @@ "additionalProperties": false, "properties": { "HeaderBehavior": { - "markdownDescription": "Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` \u2013 No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to `none` , any headers that are listed in a `CachePolicy` *are* included in origin requests.\n- `whitelist` \u2013 Only the HTTP headers that are listed in the `Headers` type are included in requests that CloudFront sends to the origin.\n- `allViewer` \u2013 All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.\n- `allViewerAndWhitelistCloudFront` \u2013 All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the `Headers` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront.\n- `allExcept` \u2013 All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the `Headers` type, which are not included.", + "markdownDescription": "Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` – No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to `none` , any headers that are listed in a `CachePolicy` *are* included in origin requests.\n- `whitelist` – Only the HTTP headers that are listed in the `Headers` type are included in requests that CloudFront sends to the origin.\n- `allViewer` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.\n- `allViewerAndWhitelistCloudFront` – All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the `Headers` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront.\n- `allExcept` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the `Headers` type, which are not included.", "title": "HeaderBehavior", "type": "string" }, @@ -37991,7 +38001,7 @@ "additionalProperties": false, "properties": { "QueryStringBehavior": { - "markdownDescription": "Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` \u2013 No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to `none` , any query strings that are listed in a `CachePolicy` *are* included in origin requests.\n- `whitelist` \u2013 Only the query strings in viewer requests that are listed in the `QueryStringNames` type are included in requests that CloudFront sends to the origin.\n- `all` \u2013 All query strings in viewer requests are included in requests that CloudFront sends to the origin.\n- `allExcept` \u2013 All query strings in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the `QueryStringNames` type, which are not included.", + "markdownDescription": "Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:\n\n- `none` – No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to `none` , any query strings that are listed in a `CachePolicy` *are* included in origin requests.\n- `whitelist` – Only the query strings in viewer requests that are listed in the `QueryStringNames` type are included in requests that CloudFront sends to the origin.\n- `all` – All query strings in viewer requests are included in requests that CloudFront sends to the origin.\n- `allExcept` – All query strings in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the `QueryStringNames` type, which are not included.", "title": "QueryStringBehavior", "type": "string" }, @@ -38658,7 +38668,7 @@ "type": "boolean" }, "SamplingRate": { - "markdownDescription": "A number 0\u2013100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the `Server-Timing` header to. When you set the sampling rate to 100, CloudFront adds the `Server-Timing` header to the HTTP response for every request that matches the cache behavior that this response headers policy is attached to. When you set it to 50, CloudFront adds the header to 50% of the responses for requests that match the cache behavior. You can set the sampling rate to any number 0\u2013100 with up to four decimal places.", + "markdownDescription": "A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the `Server-Timing` header to. When you set the sampling rate to 100, CloudFront adds the `Server-Timing` header to the HTTP response for every request that matches the cache behavior that this response headers policy is attached to. When you set it to 50, CloudFront adds the header to 50% of the responses for requests that match the cache behavior. You can set the sampling rate to any number 0–100 with up to four decimal places.", "title": "SamplingRate", "type": "number" } @@ -39205,7 +39215,7 @@ "type": "array" }, "Field": { - "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail management events, supported fields include `eventCategory` (required), `eventSource` , and `readOnly` . The following additional fields are available for event data stores: `eventName` , `eventType` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail data events, supported fields include `eventCategory` (required), `eventName` , `eventSource` , `eventType` , `resources.type` (required), `readOnly` , `resources.ARN` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail network activity events, supported fields include `eventCategory` (required), `eventSource` (required), `eventName` , `errorCode` , and `vpcEndpointId` .\n\nFor event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .\n\n> Selectors don't support the use of wildcards like `*` . To match multiple values with a single condition, you may use `StartsWith` , `EndsWith` , `NotStartsWith` , or `NotEndsWith` to explicitly match the beginning or end of the event field. \n\n- *`readOnly`* - This is an optional field that is only used for management events and data events. This field can be set to `Equals` with a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - This field is only used for management events, data events, and network activity events.\n\nFor management events for trails, this is an optional field that can be set to `NotEquals` `kms.amazonaws.com` to exclude KMS management events, or `NotEquals` `rdsdata.amazonaws.com` to exclude RDS management events.\n\nFor data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor network activity events, this is a required field that only uses the `Equals` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .\n- *`eventName`* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with `eventName` . You can use it to \ufb01lter in or \ufb01lter out specific events. You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This field is required and must be set to `Equals` .\n\n- For CloudTrail management events, the value must be `Management` .\n- For CloudTrail data events, the value must be `Data` .\n- For CloudTrail network activity events, the value must be `NetworkActivity` .\n\nThe following are used only for event data stores:\n\n- For CloudTrail Insights events, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For events outside of AWS , the value must be `ActivityAuditLog` .\n- *`eventType`* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see [CloudTrail record contents](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type) in the *AWS CloudTrail user guide* .\n- *`errorCode`* - This \ufb01eld is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid `errorCode` is `VpceAccessDenied` . `errorCode` can only use the `Equals` operator.\n- *`sessionCredentialFromConsole`* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. `sessionCredentialFromConsole` can only use the `Equals` and `NotEquals` operators.\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator.\n\nFor a list of available resource types for data events, see [Data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events) in the *AWS CloudTrail User Guide* .\n\nYou can have only one `resources.type` \ufb01eld per selector. To log events on more than one resource type, add another selector.\n- *`resources.ARN`* - The `resources.ARN` is an optional field for data events. You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nFor more information about the ARN formats of data event resources, see [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the *Service Authorization Reference* .\n\n> You can't use the `resources.ARN` field to filter resource types that do not have ARNs.\n- *`userIdentity.arn`* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with `userIdentity.arn` . For more information on the userIdentity element, see [CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html) in the *AWS CloudTrail User Guide* .\n- *`vpcEndpointId`* - This \ufb01eld is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with `vpcEndpointId` .", + "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail management events, supported fields include `eventCategory` (required), `eventSource` , and `readOnly` . The following additional fields are available for event data stores: `eventName` , `eventType` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail data events, supported fields include `eventCategory` (required), `eventName` , `eventSource` , `eventType` , `resources.type` (required), `readOnly` , `resources.ARN` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail network activity events, supported fields include `eventCategory` (required), `eventSource` (required), `eventName` , `errorCode` , and `vpcEndpointId` .\n\nFor event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .\n\n> Selectors don't support the use of wildcards like `*` . To match multiple values with a single condition, you may use `StartsWith` , `EndsWith` , `NotStartsWith` , or `NotEndsWith` to explicitly match the beginning or end of the event field. \n\n- *`readOnly`* - This is an optional field that is only used for management events and data events. This field can be set to `Equals` with a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - This field is only used for management events, data events, and network activity events.\n\nFor management events for trails, this is an optional field that can be set to `NotEquals` `kms.amazonaws.com` to exclude KMS management events, or `NotEquals` `rdsdata.amazonaws.com` to exclude RDS management events.\n\nFor data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor network activity events, this is a required field that only uses the `Equals` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .\n- *`eventName`* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with `eventName` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas.\n- *`eventCategory`* - This field is required and must be set to `Equals` .\n\n- For CloudTrail management events, the value must be `Management` .\n- For CloudTrail data events, the value must be `Data` .\n- For CloudTrail network activity events, the value must be `NetworkActivity` .\n\nThe following are used only for event data stores:\n\n- For CloudTrail Insights events, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For events outside of AWS , the value must be `ActivityAuditLog` .\n- *`eventType`* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see [CloudTrail record contents](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type) in the *AWS CloudTrail user guide* .\n- *`errorCode`* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid `errorCode` is `VpceAccessDenied` . `errorCode` can only use the `Equals` operator.\n- *`sessionCredentialFromConsole`* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. `sessionCredentialFromConsole` can only use the `Equals` and `NotEquals` operators.\n- *`resources.type`* - This field is required for CloudTrail data events. `resources.type` can only use the `Equals` operator.\n\nFor a list of available resource types for data events, see [Data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events) in the *AWS CloudTrail User Guide* .\n\nYou can have only one `resources.type` field per selector. To log events on more than one resource type, add another selector.\n- *`resources.ARN`* - The `resources.ARN` is an optional field for data events. You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nFor more information about the ARN formats of data event resources, see [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the *Service Authorization Reference* .\n\n> You can't use the `resources.ARN` field to filter resource types that do not have ARNs.\n- *`userIdentity.arn`* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with `userIdentity.arn` . For more information on the userIdentity element, see [CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html) in the *AWS CloudTrail User Guide* .\n- *`vpcEndpointId`* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with `vpcEndpointId` .", "title": "Field", "type": "string" }, @@ -39528,7 +39538,7 @@ "type": "array" }, "Field": { - "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail management events, supported fields include `eventCategory` (required), `eventSource` , and `readOnly` . The following additional fields are available for event data stores: `eventName` , `eventType` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail data events, supported fields include `eventCategory` (required), `eventName` , `eventSource` , `eventType` , `resources.type` (required), `readOnly` , `resources.ARN` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail network activity events, supported fields include `eventCategory` (required), `eventSource` (required), `eventName` , `errorCode` , and `vpcEndpointId` .\n\nFor event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .\n\n> Selectors don't support the use of wildcards like `*` . To match multiple values with a single condition, you may use `StartsWith` , `EndsWith` , `NotStartsWith` , or `NotEndsWith` to explicitly match the beginning or end of the event field. \n\n- *`readOnly`* - This is an optional field that is only used for management events and data events. This field can be set to `Equals` with a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - This field is only used for management events, data events, and network activity events.\n\nFor management events for trails, this is an optional field that can be set to `NotEquals` `kms.amazonaws.com` to exclude KMS management events, or `NotEquals` `rdsdata.amazonaws.com` to exclude RDS management events.\n\nFor data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor network activity events, this is a required field that only uses the `Equals` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .\n- *`eventName`* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with `eventName` . You can use it to \ufb01lter in or \ufb01lter out specific events. You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This field is required and must be set to `Equals` .\n\n- For CloudTrail management events, the value must be `Management` .\n- For CloudTrail data events, the value must be `Data` .\n- For CloudTrail network activity events, the value must be `NetworkActivity` .\n\nThe following are used only for event data stores:\n\n- For CloudTrail Insights events, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For events outside of AWS , the value must be `ActivityAuditLog` .\n- *`eventType`* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see [CloudTrail record contents](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type) in the *AWS CloudTrail user guide* .\n- *`errorCode`* - This \ufb01eld is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid `errorCode` is `VpceAccessDenied` . `errorCode` can only use the `Equals` operator.\n- *`sessionCredentialFromConsole`* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. `sessionCredentialFromConsole` can only use the `Equals` and `NotEquals` operators.\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator.\n\nFor a list of available resource types for data events, see [Data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events) in the *AWS CloudTrail User Guide* .\n\nYou can have only one `resources.type` \ufb01eld per selector. To log events on more than one resource type, add another selector.\n- *`resources.ARN`* - The `resources.ARN` is an optional field for data events. You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nFor more information about the ARN formats of data event resources, see [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the *Service Authorization Reference* .\n\n> You can't use the `resources.ARN` field to filter resource types that do not have ARNs.\n- *`userIdentity.arn`* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with `userIdentity.arn` . For more information on the userIdentity element, see [CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html) in the *AWS CloudTrail User Guide* .\n- *`vpcEndpointId`* - This \ufb01eld is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with `vpcEndpointId` .", + "markdownDescription": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail management events, supported fields include `eventCategory` (required), `eventSource` , and `readOnly` . The following additional fields are available for event data stores: `eventName` , `eventType` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail data events, supported fields include `eventCategory` (required), `eventName` , `eventSource` , `eventType` , `resources.type` (required), `readOnly` , `resources.ARN` , `sessionCredentialFromConsole` , and `userIdentity.arn` .\n\nFor CloudTrail network activity events, supported fields include `eventCategory` (required), `eventSource` (required), `eventName` , `errorCode` , and `vpcEndpointId` .\n\nFor event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .\n\n> Selectors don't support the use of wildcards like `*` . To match multiple values with a single condition, you may use `StartsWith` , `EndsWith` , `NotStartsWith` , or `NotEndsWith` to explicitly match the beginning or end of the event field. \n\n- *`readOnly`* - This is an optional field that is only used for management events and data events. This field can be set to `Equals` with a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - This field is only used for management events, data events, and network activity events.\n\nFor management events for trails, this is an optional field that can be set to `NotEquals` `kms.amazonaws.com` to exclude KMS management events, or `NotEquals` `rdsdata.amazonaws.com` to exclude RDS management events.\n\nFor data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator.\n\nFor network activity events, this is a required field that only uses the `Equals` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .\n- *`eventName`* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with `eventName` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas.\n- *`eventCategory`* - This field is required and must be set to `Equals` .\n\n- For CloudTrail management events, the value must be `Management` .\n- For CloudTrail data events, the value must be `Data` .\n- For CloudTrail network activity events, the value must be `NetworkActivity` .\n\nThe following are used only for event data stores:\n\n- For CloudTrail Insights events, the value must be `Insight` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For events outside of AWS , the value must be `ActivityAuditLog` .\n- *`eventType`* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see [CloudTrail record contents](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type) in the *AWS CloudTrail user guide* .\n- *`errorCode`* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid `errorCode` is `VpceAccessDenied` . `errorCode` can only use the `Equals` operator.\n- *`sessionCredentialFromConsole`* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. `sessionCredentialFromConsole` can only use the `Equals` and `NotEquals` operators.\n- *`resources.type`* - This field is required for CloudTrail data events. `resources.type` can only use the `Equals` operator.\n\nFor a list of available resource types for data events, see [Data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events) in the *AWS CloudTrail User Guide* .\n\nYou can have only one `resources.type` field per selector. To log events on more than one resource type, add another selector.\n- *`resources.ARN`* - The `resources.ARN` is an optional field for data events. You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nFor more information about the ARN formats of data event resources, see [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) in the *Service Authorization Reference* .\n\n> You can't use the `resources.ARN` field to filter resource types that do not have ARNs.\n- *`userIdentity.arn`* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with `userIdentity.arn` . For more information on the userIdentity element, see [CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html) in the *AWS CloudTrail User Guide* .\n- *`vpcEndpointId`* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with `vpcEndpointId` .", "title": "Field", "type": "string" }, @@ -39830,12 +39840,12 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of the dimension, from 1\u2013255 characters in length. This dimension name must have been included when the metric was published.", + "markdownDescription": "The name of the dimension, from 1–255 characters in length. This dimension name must have been included when the metric was published.", "title": "Name", "type": "string" }, "Value": { - "markdownDescription": "The value for the dimension, from 1\u2013255 characters in length.", + "markdownDescription": "The value for the dimension, from 1–255 characters in length.", "title": "Value", "type": "string" } @@ -41142,7 +41152,7 @@ "additionalProperties": false, "properties": { "BaseCapacity": { - "markdownDescription": "The initial number of machines allocated to the compute \ufb02eet, which de\ufb01nes the number of builds that can run in parallel.", + "markdownDescription": "The initial number of machines allocated to the compute fleet, which defines the number of builds that can run in parallel.", "title": "BaseCapacity", "type": "number" }, @@ -41152,7 +41162,7 @@ "type": "string" }, "EnvironmentType": { - "markdownDescription": "The environment type of the compute fleet.\n\n- The environment type `ARM_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), EU (Frankfurt), and South America (S\u00e3o Paulo).\n- The environment type `ARM_EC2` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (S\u00e3o Paulo), and Asia Pacific (Mumbai).\n- The environment type `LINUX_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (S\u00e3o Paulo), and Asia Pacific (Mumbai).\n- The environment type `LINUX_EC2` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (S\u00e3o Paulo), and Asia Pacific (Mumbai).\n- The environment type `LINUX_GPU_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Sydney).\n- The environment type `MAC_ARM` is available only in regions US East (Ohio), US East (N. Virginia), US West (Oregon), Europe (Frankfurt), and Asia Pacific (Sydney).\n- The environment type `WINDOWS_EC2` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (S\u00e3o Paulo), and Asia Pacific (Mumbai).\n- The environment type `WINDOWS_SERVER_2019_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Mumbai) and EU (Ireland).\n- The environment type `WINDOWS_SERVER_2022_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Tokyo), South America (S\u00e3o Paulo) and Asia Pacific (Mumbai).\n\nFor more information, see [Build environment compute types](https://docs.aws.amazon.com//codebuild/latest/userguide/build-env-ref-compute-types.html) in the *AWS CodeBuild user guide* .", + "markdownDescription": "The environment type of the compute fleet.\n\n- The environment type `ARM_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), EU (Frankfurt), and South America (São Paulo).\n- The environment type `ARM_EC2` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (São Paulo), and Asia Pacific (Mumbai).\n- The environment type `LINUX_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (São Paulo), and Asia Pacific (Mumbai).\n- The environment type `LINUX_EC2` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (São Paulo), and Asia Pacific (Mumbai).\n- The environment type `LINUX_GPU_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Sydney).\n- The environment type `MAC_ARM` is available only in regions US East (Ohio), US East (N. Virginia), US West (Oregon), Europe (Frankfurt), and Asia Pacific (Sydney).\n- The environment type `WINDOWS_EC2` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), South America (São Paulo), and Asia Pacific (Mumbai).\n- The environment type `WINDOWS_SERVER_2019_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Mumbai) and EU (Ireland).\n- The environment type `WINDOWS_SERVER_2022_CONTAINER` is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Tokyo), South America (São Paulo) and Asia Pacific (Mumbai).\n\nFor more information, see [Build environment compute types](https://docs.aws.amazon.com//codebuild/latest/userguide/build-env-ref-compute-types.html) in the *AWS CodeBuild user guide* .", "title": "EnvironmentType", "type": "string" }, @@ -44004,7 +44014,7 @@ "type": "number" }, "TimeoutInMinutes": { - "markdownDescription": "A timeout duration in minutes that can be applied against the ActionType\u2019s default timeout value specified in [Quotas for AWS CodePipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/limits.html) . This attribute is available only to the manual approval ActionType.", + "markdownDescription": "A timeout duration in minutes that can be applied against the ActionType’s default timeout value specified in [Quotas for AWS CodePipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/limits.html) . This attribute is available only to the manual approval ActionType.", "title": "TimeoutInMinutes", "type": "number" } @@ -45254,7 +45264,7 @@ "type": "string" }, "ServerSideTokenCheck": { - "markdownDescription": "TRUE if server-side token validation is enabled for the identity provider\u2019s token.\n\nAfter you set the `ServerSideTokenCheck` to TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.\n\nIf the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.", + "markdownDescription": "TRUE if server-side token validation is enabled for the identity provider’s token.\n\nAfter you set the `ServerSideTokenCheck` to TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.\n\nIf the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.", "title": "ServerSideTokenCheck", "type": "boolean" } @@ -45958,7 +45968,7 @@ "type": "string" }, "From": { - "markdownDescription": "Either the sender\u2019s email address or the sender\u2019s name with their email address. For example, `testuser@example.com` or `Test User ` . This address appears before the body of the email.", + "markdownDescription": "Either the sender’s email address or the sender’s name with their email address. For example, `testuser@example.com` or `Test User ` . This address appears before the body of the email.", "title": "From", "type": "string" }, @@ -46252,7 +46262,7 @@ "items": { "type": "string" }, - "markdownDescription": "Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn\u2019t change the value of the attribute until your user responds to the verification message and confirms the new value.\n\nWhen `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user\u2019s `email` or `phone_number` attribute.", + "markdownDescription": "Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.\n\nWhen `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute.", "title": "AttributesRequireVerificationBeforeUpdate", "type": "array" } @@ -46277,7 +46287,7 @@ "additionalProperties": false, "properties": { "CaseSensitive": { - "markdownDescription": "Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.\n\nValid values include:\n\n- **true** - Enables case sensitivity for all username input. When this option is set to `true` , users must sign in using the exact capitalization of their given username, such as \u201cUserName\u201d. This is the default value.\n- **false** - Enables case insensitivity for all username input. For example, when this option is set to `false` , users can sign in using `username` , `USERNAME` , or `UserName` . This option also enables both `preferred_username` and `email` alias to be case insensitive, in addition to the `username` attribute.", + "markdownDescription": "Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.\n\nValid values include:\n\n- **true** - Enables case sensitivity for all username input. When this option is set to `true` , users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.\n- **false** - Enables case insensitivity for all username input. For example, when this option is set to `false` , users can sign in using `username` , `USERNAME` , or `UserName` . This option also enables both `preferred_username` and `email` alias to be case insensitive, in addition to the `username` attribute.", "title": "CaseSensitive", "type": "boolean" } @@ -46410,7 +46420,7 @@ "type": "string" }, "EnablePropagateAdditionalUserContextData": { - "markdownDescription": "When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don\u2019t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", + "markdownDescription": "When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.", "title": "EnablePropagateAdditionalUserContextData", "type": "boolean" }, @@ -47781,7 +47791,7 @@ "items": { "type": "string" }, - "markdownDescription": "The ID number for a security group on an instance of your private VPC. Security groups on your VPC function serve as a virtual firewall to control inbound and outbound traffic and provides security for the resources that you\u2019ll be accessing on the VPC. This ID number is preceded by \"sg-\", for instance: \"sg-03b388029b0a285ea\". For more information, see [Security Groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) .", + "markdownDescription": "The ID number for a security group on an instance of your private VPC. Security groups on your VPC function serve as a virtual firewall to control inbound and outbound traffic and provides security for the resources that you’ll be accessing on the VPC. This ID number is preceded by \"sg-\", for instance: \"sg-03b388029b0a285ea\". For more information, see [Security Groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) .", "title": "SecurityGroupIds", "type": "array" }, @@ -47789,7 +47799,7 @@ "items": { "type": "string" }, - "markdownDescription": "The ID for each subnet being used in your private VPC. This subnet is a subset of the a range of IPv4 addresses used by the VPC and is specific to a given availability zone in the VPC\u2019s Region. This ID number is preceded by \"subnet-\", for instance: \"subnet-04ccf456919e69055\". For more information, see [VPCs and Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) .", + "markdownDescription": "The ID for each subnet being used in your private VPC. This subnet is a subset of the a range of IPv4 addresses used by the VPC and is specific to a given availability zone in the VPC’s Region. This ID number is preceded by \"subnet-\", for instance: \"subnet-04ccf456919e69055\". For more information, see [VPCs and Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) .", "title": "Subnets", "type": "array" } @@ -48014,7 +48024,7 @@ "items": { "type": "string" }, - "markdownDescription": "The ID number for a security group on an instance of your private VPC. Security groups on your VPC function serve as a virtual firewall to control inbound and outbound traffic and provides security for the resources that you\u2019ll be accessing on the VPC. This ID number is preceded by \"sg-\", for instance: \"sg-03b388029b0a285ea\". For more information, see [Security Groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) .", + "markdownDescription": "The ID number for a security group on an instance of your private VPC. Security groups on your VPC function serve as a virtual firewall to control inbound and outbound traffic and provides security for the resources that you’ll be accessing on the VPC. This ID number is preceded by \"sg-\", for instance: \"sg-03b388029b0a285ea\". For more information, see [Security Groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) .", "title": "SecurityGroupIds", "type": "array" }, @@ -48022,7 +48032,7 @@ "items": { "type": "string" }, - "markdownDescription": "The ID for each subnet being used in your private VPC. This subnet is a subset of the a range of IPv4 addresses used by the VPC and is specific to a given availability zone in the VPC\u2019s Region. This ID number is preceded by \"subnet-\", for instance: \"subnet-04ccf456919e69055\". For more information, see [VPCs and Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) .", + "markdownDescription": "The ID for each subnet being used in your private VPC. This subnet is a subset of the a range of IPv4 addresses used by the VPC and is specific to a given availability zone in the VPC’s Region. This ID number is preceded by \"subnet-\", for instance: \"subnet-04ccf456919e69055\". For more information, see [VPCs and Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) .", "title": "Subnets", "type": "array" } @@ -48536,7 +48546,7 @@ }, "RecordingMode": { "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode", - "markdownDescription": "Specifies the default recording frequency for the configuration recorder. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> *Some resource types require continuous recording*\n> \n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", + "markdownDescription": "Specifies the default recording frequency for the configuration recorder. AWS Config supports *Continuous recording* and *Daily recording* .\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.\n\n> *Some resource types require continuous recording*\n> \n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. \n\nYou can also override the recording frequency for specific resource types.", "title": "RecordingMode" }, "RoleARN": { @@ -48653,7 +48663,7 @@ "type": "string" }, "RecordingFrequency": { - "markdownDescription": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it\u2019s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", + "markdownDescription": "The recording frequency that will be applied to all the resource types specified in the override.\n\n- Continuous recording allows you to record configuration changes continuously whenever a change occurs.\n- Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.\n\n> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.", "title": "RecordingFrequency", "type": "string" }, @@ -52854,12 +52864,12 @@ "additionalProperties": false, "properties": { "AttributeName": { - "markdownDescription": "The name of user\u2019s proficiency. You must use a predefined attribute name that is present in the Amazon Connect instance.", + "markdownDescription": "The name of user’s proficiency. You must use a predefined attribute name that is present in the Amazon Connect instance.", "title": "AttributeName", "type": "string" }, "AttributeValue": { - "markdownDescription": "The value of user\u2019s proficiency. You must use a predefined attribute value that is present in the Amazon Connect instance.", + "markdownDescription": "The value of user’s proficiency. You must use a predefined attribute value that is present in the Amazon Connect instance.", "title": "AttributeValue", "type": "string" }, @@ -54863,7 +54873,7 @@ "additionalProperties": false, "properties": { "AllowProfileCreation": { - "markdownDescription": "Indicates whether a profile should be created when data is received if one doesn\u2019t exist for an object of this type. The default is `FALSE` . If the AllowProfileCreation flag is set to `FALSE` , then the service tries to fetch a standard profile and associate this object with the profile. If it is set to `TRUE` , and if no match is found, then the service creates a new standard profile.", + "markdownDescription": "Indicates whether a profile should be created when data is received if one doesn’t exist for an object of this type. The default is `FALSE` . If the AllowProfileCreation flag is set to `FALSE` , then the service tries to fetch a standard profile and associate this object with the profile. If it is set to `TRUE` , and if no match is found, then the service creates a new standard profile.", "title": "AllowProfileCreation", "type": "boolean" }, @@ -54999,7 +55009,7 @@ "type": "string" }, "Source": { - "markdownDescription": "A field of a ProfileObject. For example: _source.FirstName, where \u201c_source\u201d is a ProfileObjectType of a Zendesk user and \u201cFirstName\u201d is a field in that ObjectType.", + "markdownDescription": "A field of a ProfileObject. For example: _source.FirstName, where “_source” is a ProfileObjectType of a Zendesk user and “FirstName” is a field in that ObjectType.", "title": "Source", "type": "string" }, @@ -55931,7 +55941,7 @@ "items": { "$ref": "#/definitions/AWS::DLM::LifecyclePolicy.Schedule" }, - "markdownDescription": "*[Custom snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules\u2014one mandatory schedule and up to three optional schedules.", + "markdownDescription": "*[Custom snapshot and AMI policies only]* The schedules of policy-defined actions for snapshot and AMI lifecycle policies. A policy can have up to four schedules—one mandatory schedule and up to three optional schedules.", "title": "Schedules", "type": "array" }, @@ -56054,7 +56064,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "*[AMI policies and snapshot policies that target instances only]* A collection of key/value pairs with values determined dynamically when the policy is executed. Keys may be any valid Amazon EC2 tag key. Values must be in one of the two following formats: `$(instance-id)` or `$(timestamp)` . Variable tags are only valid for EBS Snapshot Management \u2013 Instance policies.", + "markdownDescription": "*[AMI policies and snapshot policies that target instances only]* A collection of key/value pairs with values determined dynamically when the policy is executed. Keys may be any valid Amazon EC2 tag key. Values must be in one of the two following formats: `$(instance-id)` or `$(timestamp)` . Variable tags are only valid for EBS Snapshot Management – Instance policies.", "title": "VariableTags", "type": "array" } @@ -57672,7 +57682,7 @@ "type": "boolean" }, "EncryptionMode": { - "markdownDescription": "The type of server-side encryption that you want to use for your data. This encryption type is part of the endpoint settings or the extra connections attributes for Amazon S3. You can choose either `SSE_S3` (the default) or `SSE_KMS` .\n\n> For the `ModifyEndpoint` operation, you can change the existing value of the `EncryptionMode` parameter from `SSE_KMS` to `SSE_S3` . But you can\u2019t change the existing value from `SSE_S3` to `SSE_KMS` . \n\nTo use `SSE_S3` , create an AWS Identity and Access Management (IAM) role with a policy that allows `\"arn:aws:s3:::*\"` to use the following actions: `\"s3:PutObject\", \"s3:ListBucket\"`", + "markdownDescription": "The type of server-side encryption that you want to use for your data. This encryption type is part of the endpoint settings or the extra connections attributes for Amazon S3. You can choose either `SSE_S3` (the default) or `SSE_KMS` .\n\n> For the `ModifyEndpoint` operation, you can change the existing value of the `EncryptionMode` parameter from `SSE_KMS` to `SSE_S3` . But you can’t change the existing value from `SSE_S3` to `SSE_KMS` . \n\nTo use `SSE_S3` , create an AWS Identity and Access Management (IAM) role with a policy that allows `\"arn:aws:s3:::*\"` to use the following actions: `\"s3:PutObject\", \"s3:ListBucket\"`", "title": "EncryptionMode", "type": "string" }, @@ -57883,7 +57893,7 @@ "type": "string" }, "EncryptionMode": { - "markdownDescription": "The type of server-side encryption that you want to use for your data. This encryption type is part of the endpoint settings or the extra connections attributes for Amazon S3. You can choose either `SSE_S3` (the default) or `SSE_KMS` .\n\n> For the `ModifyEndpoint` operation, you can change the existing value of the `EncryptionMode` parameter from `SSE_KMS` to `SSE_S3` . But you can\u2019t change the existing value from `SSE_S3` to `SSE_KMS` . \n\nTo use `SSE_S3` , you need an IAM role with permission to allow `\"arn:aws:s3:::dms-*\"` to use the following actions:\n\n- `s3:CreateBucket`\n- `s3:ListBucket`\n- `s3:DeleteBucket`\n- `s3:GetBucketLocation`\n- `s3:GetObject`\n- `s3:PutObject`\n- `s3:DeleteObject`\n- `s3:GetObjectVersion`\n- `s3:GetBucketPolicy`\n- `s3:PutBucketPolicy`\n- `s3:DeleteBucketPolicy`", + "markdownDescription": "The type of server-side encryption that you want to use for your data. This encryption type is part of the endpoint settings or the extra connections attributes for Amazon S3. You can choose either `SSE_S3` (the default) or `SSE_KMS` .\n\n> For the `ModifyEndpoint` operation, you can change the existing value of the `EncryptionMode` parameter from `SSE_KMS` to `SSE_S3` . But you can’t change the existing value from `SSE_S3` to `SSE_KMS` . \n\nTo use `SSE_S3` , you need an IAM role with permission to allow `\"arn:aws:s3:::dms-*\"` to use the following actions:\n\n- `s3:CreateBucket`\n- `s3:ListBucket`\n- `s3:DeleteBucket`\n- `s3:GetBucketLocation`\n- `s3:GetObject`\n- `s3:PutObject`\n- `s3:DeleteObject`\n- `s3:GetObjectVersion`\n- `s3:GetBucketPolicy`\n- `s3:PutBucketPolicy`\n- `s3:DeleteBucketPolicy`", "title": "EncryptionMode", "type": "string" }, @@ -58814,7 +58824,7 @@ "additionalProperties": false, "properties": { "CdcStartPosition": { - "markdownDescription": "Indicates when you want a change data capture (CDC) operation to start. Use either `CdcStartPosition` or `CdcStartTime` to specify when you want a CDC operation to start. Specifying both values results in an error.\n\nThe value can be in date, checkpoint, log sequence number (LSN), or system change number (SCN) format.\n\nHere is a date example: `--cdc-start-position \"2018-03-08T12:12:12\"`\n\nHere is a checkpoint example: `--cdc-start-position \"checkpoint:V1#27#mysql-bin-changelog.157832:1975:-1:2002:677883278264080:mysql-bin-changelog.157832:1876#0#0#*#0#93\"`\n\nHere is an LSN example: `--cdc-start-position \u201cmysql-bin-changelog.000024:373\u201d`\n\n> When you use this task setting with a source PostgreSQL database, a logical replication slot should already be created and associated with the source endpoint. You can verify this by setting the `slotName` extra connection attribute to the name of this logical replication slot. For more information, see [Extra Connection Attributes When Using PostgreSQL as a Source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .", + "markdownDescription": "Indicates when you want a change data capture (CDC) operation to start. Use either `CdcStartPosition` or `CdcStartTime` to specify when you want a CDC operation to start. Specifying both values results in an error.\n\nThe value can be in date, checkpoint, log sequence number (LSN), or system change number (SCN) format.\n\nHere is a date example: `--cdc-start-position \"2018-03-08T12:12:12\"`\n\nHere is a checkpoint example: `--cdc-start-position \"checkpoint:V1#27#mysql-bin-changelog.157832:1975:-1:2002:677883278264080:mysql-bin-changelog.157832:1876#0#0#*#0#93\"`\n\nHere is an LSN example: `--cdc-start-position “mysql-bin-changelog.000024:373”`\n\n> When you use this task setting with a source PostgreSQL database, a logical replication slot should already be created and associated with the source endpoint. You can verify this by setting the `slotName` extra connection attribute to the name of this logical replication slot. For more information, see [Extra Connection Attributes When Using PostgreSQL as a Source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .", "title": "CdcStartPosition", "type": "string" }, @@ -59907,7 +59917,7 @@ "properties": { "Parameters": { "additionalProperties": true, - "markdownDescription": "A map that includes overrides of an evaluation\u2019s parameters.", + "markdownDescription": "A map that includes overrides of an evaluation’s parameters.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -59959,7 +59969,7 @@ "type": "string" }, "ValidationMode": { - "markdownDescription": "Mode of data quality validation. Default mode is \u201cCHECK_ALL\u201d which verifies all rules defined in the selected ruleset.", + "markdownDescription": "Mode of data quality validation. Default mode is “CHECK_ALL” which verifies all rules defined in the selected ruleset.", "title": "ValidationMode", "type": "string" } @@ -63240,7 +63250,7 @@ "type": "string" }, "SecurityDescriptorCopyFlags": { - "markdownDescription": "A value that determines which components of the SMB security descriptor are copied from source to destination objects.\n\nThis value is only used for transfers between SMB and Amazon FSx for Windows File Server locations, or between two Amazon FSx for Windows File Server locations. For more information about how DataSync handles metadata, see [How DataSync Handles Metadata and Special Files](https://docs.aws.amazon.com/datasync/latest/userguide/special-files.html) .\n\nDefault value: `OWNER_DACL`\n\n`OWNER_DACL` : For each copied object, DataSync copies the following metadata:\n\n- Object owner.\n- NTFS discretionary access control lists (DACLs), which determine whether to grant access to an object.\n\nWhen you use option, DataSync does NOT copy the NTFS system access control lists (SACLs), which are used by administrators to log attempts to access a secured object.\n\n`OWNER_DACL_SACL` : For each copied object, DataSync copies the following metadata:\n\n- Object owner.\n- NTFS discretionary access control lists (DACLs), which determine whether to grant access to an object.\n- NTFS system access control lists (SACLs), which are used by administrators to log attempts to access a secured object.\n\nCopying SACLs requires granting additional permissions to the Windows user that DataSync uses to access your SMB location. For information about choosing a user that ensures sufficient permissions to files, folders, and metadata, see [user](https://docs.aws.amazon.com/datasync/latest/userguide/create-smb-location.html#SMBuser) .\n\n`NONE` : None of the SMB security descriptor components are copied. Destination objects are owned by the user that was provided for accessing the destination location. DACLs and SACLs are set based on the destination server\u2019s configuration.", + "markdownDescription": "A value that determines which components of the SMB security descriptor are copied from source to destination objects.\n\nThis value is only used for transfers between SMB and Amazon FSx for Windows File Server locations, or between two Amazon FSx for Windows File Server locations. For more information about how DataSync handles metadata, see [How DataSync Handles Metadata and Special Files](https://docs.aws.amazon.com/datasync/latest/userguide/special-files.html) .\n\nDefault value: `OWNER_DACL`\n\n`OWNER_DACL` : For each copied object, DataSync copies the following metadata:\n\n- Object owner.\n- NTFS discretionary access control lists (DACLs), which determine whether to grant access to an object.\n\nWhen you use option, DataSync does NOT copy the NTFS system access control lists (SACLs), which are used by administrators to log attempts to access a secured object.\n\n`OWNER_DACL_SACL` : For each copied object, DataSync copies the following metadata:\n\n- Object owner.\n- NTFS discretionary access control lists (DACLs), which determine whether to grant access to an object.\n- NTFS system access control lists (SACLs), which are used by administrators to log attempts to access a secured object.\n\nCopying SACLs requires granting additional permissions to the Windows user that DataSync uses to access your SMB location. For information about choosing a user that ensures sufficient permissions to files, folders, and metadata, see [user](https://docs.aws.amazon.com/datasync/latest/userguide/create-smb-location.html#SMBuser) .\n\n`NONE` : None of the SMB security descriptor components are copied. Destination objects are owned by the user that was provided for accessing the destination location. DACLs and SACLs are set based on the destination server’s configuration.", "title": "SecurityDescriptorCopyFlags", "type": "string" }, @@ -66043,7 +66053,7 @@ }, "Sns": { "$ref": "#/definitions/AWS::DevOpsGuru::NotificationChannel.SnsChannelConfig", - "markdownDescription": "Information about a notification channel configured in DevOps Guru to send notifications when insights are created.\n\nIf you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to send it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. DevOps Guru only supports standard SNS topics. For more information, see [Permissions for Amazon SNS topics](https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html) .\n\nIf you use an Amazon SNS topic that is encrypted by an AWS Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see [Permissions for AWS KMS\u2013encrypted Amazon SNS topics](https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html) .", + "markdownDescription": "Information about a notification channel configured in DevOps Guru to send notifications when insights are created.\n\nIf you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to send it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. DevOps Guru only supports standard SNS topics. For more information, see [Permissions for Amazon SNS topics](https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html) .\n\nIf you use an Amazon SNS topic that is encrypted by an AWS Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see [Permissions for AWS KMS–encrypted Amazon SNS topics](https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html) .", "title": "Sns" } }, @@ -66587,7 +66597,7 @@ "type": "string" }, "StorageEncrypted": { - "markdownDescription": "Specifies whether the cluster is encrypted.\n\nIf you specify `SourceDBClusterIdentifier` or `SnapshotIdentifier` and don\u2019t specify `StorageEncrypted` , the encryption property is inherited from the source cluster or snapshot (unless `KMSKeyId` is specified, in which case the restored cluster will be encrypted with that KMS key). If the source is encrypted and `StorageEncrypted` is specified to be true, the restored cluster will be encrypted (if you want to use a different KMS key, specify the `KMSKeyId` property as well). If the source is unencrypted and `StorageEncrypted` is specified to be true, then the `KMSKeyId` property must be specified. If the source is encrypted, don\u2019t specify `StorageEncrypted` to be false as opting out of encryption is not allowed.", + "markdownDescription": "Specifies whether the cluster is encrypted.\n\nIf you specify `SourceDBClusterIdentifier` or `SnapshotIdentifier` and don’t specify `StorageEncrypted` , the encryption property is inherited from the source cluster or snapshot (unless `KMSKeyId` is specified, in which case the restored cluster will be encrypted with that KMS key). If the source is encrypted and `StorageEncrypted` is specified to be true, the restored cluster will be encrypted (if you want to use a different KMS key, specify the `KMSKeyId` property as well). If the source is unencrypted and `StorageEncrypted` is specified to be true, then the `KMSKeyId` property must be specified. If the source is encrypted, don’t specify `StorageEncrypted` to be false as opting out of encryption is not allowed.", "title": "StorageEncrypted", "type": "boolean" }, @@ -67532,7 +67542,7 @@ "properties": { "ContributorInsightsSpecification": { "$ref": "#/definitions/AWS::DynamoDB::GlobalTable.ContributorInsightsSpecification", - "markdownDescription": "Updates the status for contributor insights for a specific table or index. CloudWatch Contributor Insights for DynamoDB graphs display the partition key and (if applicable) sort key of frequently accessed items and frequently throttled items in plaintext. If you require the use of AWS Key Management Service (KMS) to encrypt this table\u2019s partition key and sort key data with an AWS managed key or customer managed key, you should not enable CloudWatch Contributor Insights for DynamoDB for this table.", + "markdownDescription": "Updates the status for contributor insights for a specific table or index. CloudWatch Contributor Insights for DynamoDB graphs display the partition key and (if applicable) sort key of frequently accessed items and frequently throttled items in plaintext. If you require the use of AWS Key Management Service (KMS) to encrypt this table’s partition key and sort key data with an AWS managed key or customer managed key, you should not enable CloudWatch Contributor Insights for DynamoDB for this table.", "title": "ContributorInsightsSpecification" }, "IndexName": { @@ -69783,7 +69793,7 @@ }, "BaselineEbsBandwidthMbps": { "$ref": "#/definitions/AWS::EC2::EC2Fleet.BaselineEbsBandwidthMbpsRequest", - "markdownDescription": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", + "markdownDescription": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", "title": "BaselineEbsBandwidthMbps" }, "BurstablePerformance": { @@ -72882,7 +72892,7 @@ }, "BaselineEbsBandwidthMbps": { "$ref": "#/definitions/AWS::EC2::LaunchTemplate.BaselineEbsBandwidthMbps", - "markdownDescription": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", + "markdownDescription": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", "title": "BaselineEbsBandwidthMbps" }, "BurstablePerformance": { @@ -76127,7 +76137,7 @@ "type": "number" }, "SpreadLevel": { - "markdownDescription": "Determines how placement groups spread instances.\n\n- Host \u2013 You can use `host` only with Outpost placement groups.\n- Rack \u2013 No usage restrictions.", + "markdownDescription": "Determines how placement groups spread instances.\n\n- Host – You can use `host` only with Outpost placement groups.\n- Rack – No usage restrictions.", "title": "SpreadLevel", "type": "string" }, @@ -77317,7 +77327,7 @@ "type": "array" }, "NetworkInterfaceId": { - "markdownDescription": "The ID of the network interface.\n\nIf you are creating a Spot Fleet, omit this parameter because you can\u2019t specify a network interface ID in a launch specification.", + "markdownDescription": "The ID of the network interface.\n\nIf you are creating a Spot Fleet, omit this parameter because you can’t specify a network interface ID in a launch specification.", "title": "NetworkInterfaceId", "type": "string" }, @@ -77330,7 +77340,7 @@ "type": "array" }, "SecondaryPrivateIpAddressCount": { - "markdownDescription": "The number of secondary private IPv4 addresses. You can\u2019t specify this parameter and also specify a secondary private IP address using the `PrivateIpAddress` parameter.", + "markdownDescription": "The number of secondary private IPv4 addresses. You can’t specify this parameter and also specify a secondary private IP address using the `PrivateIpAddress` parameter.", "title": "SecondaryPrivateIpAddressCount", "type": "number" }, @@ -77394,7 +77404,7 @@ }, "BaselineEbsBandwidthMbps": { "$ref": "#/definitions/AWS::EC2::SpotFleet.BaselineEbsBandwidthMbpsRequest", - "markdownDescription": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS\u2013optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", + "markdownDescription": "The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see [Amazon EBS–optimized instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html) in the *Amazon EC2 User Guide* .\n\nDefault: No minimum or maximum limits", "title": "BaselineEbsBandwidthMbps" }, "BurstablePerformance": { @@ -77849,7 +77859,7 @@ "type": "string" }, "OnDemandMaxTotalPrice": { - "markdownDescription": "The maximum amount per hour for On-Demand Instances that you're willing to pay. You can use the `onDemandMaxTotalPrice` parameter, the `spotMaxTotalPrice` parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you're willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops launching instances even if it hasn\u2019t met the target capacity.\n\n> If your fleet includes T instances that are configured as `unlimited` , and if their average CPU usage exceeds the baseline utilization, you will incur a charge for surplus credits. The `onDemandMaxTotalPrice` does not account for surplus credits, and, if you use surplus credits, your final cost might be higher than what you specified for `onDemandMaxTotalPrice` . For more information, see [Surplus credits can incur charges](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) in the *Amazon EC2 User Guide* .", + "markdownDescription": "The maximum amount per hour for On-Demand Instances that you're willing to pay. You can use the `onDemandMaxTotalPrice` parameter, the `spotMaxTotalPrice` parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you're willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.\n\n> If your fleet includes T instances that are configured as `unlimited` , and if their average CPU usage exceeds the baseline utilization, you will incur a charge for surplus credits. The `onDemandMaxTotalPrice` does not account for surplus credits, and, if you use surplus credits, your final cost might be higher than what you specified for `onDemandMaxTotalPrice` . For more information, see [Surplus credits can incur charges](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) in the *Amazon EC2 User Guide* .", "title": "OnDemandMaxTotalPrice", "type": "string" }, @@ -77869,7 +77879,7 @@ "title": "SpotMaintenanceStrategies" }, "SpotMaxTotalPrice": { - "markdownDescription": "The maximum amount per hour for Spot Instances that you're willing to pay. You can use the `spotMaxTotalPrice` parameter, the `onDemandMaxTotalPrice` parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you're willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops launching instances even if it hasn\u2019t met the target capacity.\n\n> If your fleet includes T instances that are configured as `unlimited` , and if their average CPU usage exceeds the baseline utilization, you will incur a charge for surplus credits. The `spotMaxTotalPrice` does not account for surplus credits, and, if you use surplus credits, your final cost might be higher than what you specified for `spotMaxTotalPrice` . For more information, see [Surplus credits can incur charges](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) in the *Amazon EC2 User Guide* .", + "markdownDescription": "The maximum amount per hour for Spot Instances that you're willing to pay. You can use the `spotMaxTotalPrice` parameter, the `onDemandMaxTotalPrice` parameter, or both parameters to ensure that your fleet cost does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances in your request, Spot Fleet will launch instances until it reaches the maximum amount you're willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.\n\n> If your fleet includes T instances that are configured as `unlimited` , and if their average CPU usage exceeds the baseline utilization, you will incur a charge for surplus credits. The `spotMaxTotalPrice` does not account for surplus credits, and, if you use surplus credits, your final cost might be higher than what you specified for `spotMaxTotalPrice` . For more information, see [Surplus credits can incur charges](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) in the *Amazon EC2 User Guide* .", "title": "SpotMaxTotalPrice", "type": "string" }, @@ -83696,7 +83706,7 @@ "type": "number" }, "MinimumHealthyPercent": { - "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nIf any tasks are unhealthy and if `maximumPercent` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one \u2014 using the `minimumHealthyPercent` as a constraint \u2014 to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", + "markdownDescription": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nIf any tasks are unhealthy and if `maximumPercent` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one — using the `minimumHealthyPercent` as a constraint — to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", "title": "MinimumHealthyPercent", "type": "number" } @@ -83777,7 +83787,7 @@ }, "Options": { "additionalProperties": true, - "markdownDescription": "The configuration options to send to the log driver.\n\nThe options you can specify depend on the log driver. Some of the options you can specify when you use the `awslogs` log driver to route logs to Amazon CloudWatch include the following:\n\n- **awslogs-create-group** - Required: No\n\nSpecify whether you want the log group to be created automatically. If this option isn't specified, it defaults to `false` .\n\n> Your IAM policy must include the `logs:CreateLogGroup` permission before you attempt to use `awslogs-create-group` .\n- **awslogs-region** - Required: Yes\n\nSpecify the AWS Region that the `awslogs` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.\n- **awslogs-group** - Required: Yes\n\nMake sure to specify a log group that the `awslogs` log driver sends its log streams to.\n- **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2.\n\nUse the `awslogs-stream-prefix` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format `prefix-name/container-name/ecs-task-id` .\n\nIf you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.\n\nFor Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.\n\nYou must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.\n- **awslogs-datetime-format** - Required: No\n\nThis option defines a multiline start pattern in Python `strftime` format. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages.\n\nOne example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.\n\nFor more information, see [awslogs-datetime-format](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format) .\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n- **awslogs-multiline-pattern** - Required: No\n\nThis option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages.\n\nFor more information, see [awslogs-multiline-pattern](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern) .\n\nThis option is ignored if `awslogs-datetime-format` is also configured.\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n\nThe following options apply to all supported log drivers.\n\n- **mode** - Required: No\n\nValid values: `non-blocking` | `blocking`\n\nThis option defines the delivery mode of log messages from the container to the log driver specified using `logDriver` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted.\n\nIf you use the `blocking` mode and the flow of logs is interrupted, calls from container code to write to the `stdout` and `stderr` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.\n\nIf you use the `non-blocking` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the `max-buffer-size` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see [Preventing log loss with non-blocking mode in the `awslogs` container log driver](https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/) .\n\nYou can set a default `mode` for all containers in a specific AWS Region by using the `defaultLogDriverMode` account setting. If you don't specify the `mode` option or configure the account setting, Amazon ECS will default to the `non-blocking` mode. For more information about the account setting, see [Default log driver mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode) in the *Amazon Elastic Container Service Developer Guide* .\n\n> On June 25, 2025, Amazon ECS changed the default log driver mode from `blocking` to `non-blocking` to prioritize task availability over logging. To continue using the `blocking` mode after this change, do one of the following:\n> \n> - Set the `mode` option in your container definition's `logConfiguration` as `blocking` .\n> - Set the `defaultLogDriverMode` account setting to `blocking` .\n- **max-buffer-size** - Required: No\n\nDefault value: `10m`\n\nWhen `non-blocking` mode is used, the `max-buffer-size` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.\n\nTo route logs using the `splunk` log router, you need to specify a `splunk-token` and a `splunk-url` .\n\nWhen you use the `awsfirelens` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the `log-driver-buffer-limit` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n\nOther options you can specify when using `awsfirelens` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with `region` and a name for the log stream with `delivery_stream` .\n\nWhen you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with `region` and a data stream name with `stream` .\n\nWhen you export logs to Amazon OpenSearch Service, you can specify options like `Name` , `Host` (OpenSearch Service endpoint without protocol), `Port` , `Index` , `Type` , `Aws_auth` , `Aws_region` , `Suppress_Type_Name` , and `tls` . For more information, see [Under the hood: FireLens for Amazon ECS Tasks](https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/) .\n\nWhen you export logs to Amazon S3, you can specify the bucket using the `bucket` option. You can also specify `region` , `total_file_size` , `upload_timeout` , and `use_put_object` as options.\n\nThis parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: `sudo docker version --format '{{.Server.APIVersion}}'`", + "markdownDescription": "The configuration options to send to the log driver.\n\nThe options you can specify depend on the log driver. Some of the options you can specify when you use the `awslogs` log driver to route logs to Amazon CloudWatch include the following:\n\n- **awslogs-create-group** - Required: No\n\nSpecify whether you want the log group to be created automatically. If this option isn't specified, it defaults to `false` .\n\n> Your IAM policy must include the `logs:CreateLogGroup` permission before you attempt to use `awslogs-create-group` .\n- **awslogs-region** - Required: Yes\n\nSpecify the AWS Region that the `awslogs` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.\n- **awslogs-group** - Required: Yes\n\nMake sure to specify a log group that the `awslogs` log driver sends its log streams to.\n- **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2.\n\nUse the `awslogs-stream-prefix` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format `prefix-name/container-name/ecs-task-id` .\n\nIf you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.\n\nFor Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.\n\nYou must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.\n- **awslogs-datetime-format** - Required: No\n\nThis option defines a multiline start pattern in Python `strftime` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.\n\nOne example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.\n\nFor more information, see [awslogs-datetime-format](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format) .\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n- **awslogs-multiline-pattern** - Required: No\n\nThis option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.\n\nFor more information, see [awslogs-multiline-pattern](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern) .\n\nThis option is ignored if `awslogs-datetime-format` is also configured.\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n\nThe following options apply to all supported log drivers.\n\n- **mode** - Required: No\n\nValid values: `non-blocking` | `blocking`\n\nThis option defines the delivery mode of log messages from the container to the log driver specified using `logDriver` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted.\n\nIf you use the `blocking` mode and the flow of logs is interrupted, calls from container code to write to the `stdout` and `stderr` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.\n\nIf you use the `non-blocking` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the `max-buffer-size` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see [Preventing log loss with non-blocking mode in the `awslogs` container log driver](https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/) .\n\nYou can set a default `mode` for all containers in a specific AWS Region by using the `defaultLogDriverMode` account setting. If you don't specify the `mode` option or configure the account setting, Amazon ECS will default to the `non-blocking` mode. For more information about the account setting, see [Default log driver mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode) in the *Amazon Elastic Container Service Developer Guide* .\n\n> On June 25, 2025, Amazon ECS changed the default log driver mode from `blocking` to `non-blocking` to prioritize task availability over logging. To continue using the `blocking` mode after this change, do one of the following:\n> \n> - Set the `mode` option in your container definition's `logConfiguration` as `blocking` .\n> - Set the `defaultLogDriverMode` account setting to `blocking` .\n- **max-buffer-size** - Required: No\n\nDefault value: `10m`\n\nWhen `non-blocking` mode is used, the `max-buffer-size` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.\n\nTo route logs using the `splunk` log router, you need to specify a `splunk-token` and a `splunk-url` .\n\nWhen you use the `awsfirelens` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the `log-driver-buffer-limit` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n\nOther options you can specify when using `awsfirelens` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with `region` and a name for the log stream with `delivery_stream` .\n\nWhen you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with `region` and a data stream name with `stream` .\n\nWhen you export logs to Amazon OpenSearch Service, you can specify options like `Name` , `Host` (OpenSearch Service endpoint without protocol), `Port` , `Index` , `Type` , `Aws_auth` , `Aws_region` , `Suppress_Type_Name` , and `tls` . For more information, see [Under the hood: FireLens for Amazon ECS Tasks](https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/) .\n\nWhen you export logs to Amazon S3, you can specify the bucket using the `bucket` option. You can also specify `region` , `total_file_size` , `upload_timeout` , and `use_put_object` as options.\n\nThis parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: `sudo docker version --format '{{.Server.APIVersion}}'`", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -84941,7 +84951,7 @@ }, "Options": { "additionalProperties": true, - "markdownDescription": "The configuration options to send to the log driver.\n\nThe options you can specify depend on the log driver. Some of the options you can specify when you use the `awslogs` log driver to route logs to Amazon CloudWatch include the following:\n\n- **awslogs-create-group** - Required: No\n\nSpecify whether you want the log group to be created automatically. If this option isn't specified, it defaults to `false` .\n\n> Your IAM policy must include the `logs:CreateLogGroup` permission before you attempt to use `awslogs-create-group` .\n- **awslogs-region** - Required: Yes\n\nSpecify the AWS Region that the `awslogs` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.\n- **awslogs-group** - Required: Yes\n\nMake sure to specify a log group that the `awslogs` log driver sends its log streams to.\n- **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2.\n\nUse the `awslogs-stream-prefix` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format `prefix-name/container-name/ecs-task-id` .\n\nIf you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.\n\nFor Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.\n\nYou must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.\n- **awslogs-datetime-format** - Required: No\n\nThis option defines a multiline start pattern in Python `strftime` format. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages.\n\nOne example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.\n\nFor more information, see [awslogs-datetime-format](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format) .\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n- **awslogs-multiline-pattern** - Required: No\n\nThis option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don\u2019t match the pattern. The matched line is the delimiter between log messages.\n\nFor more information, see [awslogs-multiline-pattern](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern) .\n\nThis option is ignored if `awslogs-datetime-format` is also configured.\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n\nThe following options apply to all supported log drivers.\n\n- **mode** - Required: No\n\nValid values: `non-blocking` | `blocking`\n\nThis option defines the delivery mode of log messages from the container to the log driver specified using `logDriver` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted.\n\nIf you use the `blocking` mode and the flow of logs is interrupted, calls from container code to write to the `stdout` and `stderr` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.\n\nIf you use the `non-blocking` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the `max-buffer-size` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see [Preventing log loss with non-blocking mode in the `awslogs` container log driver](https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/) .\n\nYou can set a default `mode` for all containers in a specific AWS Region by using the `defaultLogDriverMode` account setting. If you don't specify the `mode` option or configure the account setting, Amazon ECS will default to the `non-blocking` mode. For more information about the account setting, see [Default log driver mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode) in the *Amazon Elastic Container Service Developer Guide* .\n\n> On June 25, 2025, Amazon ECS changed the default log driver mode from `blocking` to `non-blocking` to prioritize task availability over logging. To continue using the `blocking` mode after this change, do one of the following:\n> \n> - Set the `mode` option in your container definition's `logConfiguration` as `blocking` .\n> - Set the `defaultLogDriverMode` account setting to `blocking` .\n- **max-buffer-size** - Required: No\n\nDefault value: `10m`\n\nWhen `non-blocking` mode is used, the `max-buffer-size` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.\n\nTo route logs using the `splunk` log router, you need to specify a `splunk-token` and a `splunk-url` .\n\nWhen you use the `awsfirelens` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the `log-driver-buffer-limit` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n\nOther options you can specify when using `awsfirelens` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with `region` and a name for the log stream with `delivery_stream` .\n\nWhen you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with `region` and a data stream name with `stream` .\n\nWhen you export logs to Amazon OpenSearch Service, you can specify options like `Name` , `Host` (OpenSearch Service endpoint without protocol), `Port` , `Index` , `Type` , `Aws_auth` , `Aws_region` , `Suppress_Type_Name` , and `tls` . For more information, see [Under the hood: FireLens for Amazon ECS Tasks](https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/) .\n\nWhen you export logs to Amazon S3, you can specify the bucket using the `bucket` option. You can also specify `region` , `total_file_size` , `upload_timeout` , and `use_put_object` as options.\n\nThis parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: `sudo docker version --format '{{.Server.APIVersion}}'`", + "markdownDescription": "The configuration options to send to the log driver.\n\nThe options you can specify depend on the log driver. Some of the options you can specify when you use the `awslogs` log driver to route logs to Amazon CloudWatch include the following:\n\n- **awslogs-create-group** - Required: No\n\nSpecify whether you want the log group to be created automatically. If this option isn't specified, it defaults to `false` .\n\n> Your IAM policy must include the `logs:CreateLogGroup` permission before you attempt to use `awslogs-create-group` .\n- **awslogs-region** - Required: Yes\n\nSpecify the AWS Region that the `awslogs` log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.\n- **awslogs-group** - Required: Yes\n\nMake sure to specify a log group that the `awslogs` log driver sends its log streams to.\n- **awslogs-stream-prefix** - Required: Yes, when using Fargate.Optional when using EC2.\n\nUse the `awslogs-stream-prefix` option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format `prefix-name/container-name/ecs-task-id` .\n\nIf you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.\n\nFor Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.\n\nYou must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.\n- **awslogs-datetime-format** - Required: No\n\nThis option defines a multiline start pattern in Python `strftime` format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.\n\nOne example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.\n\nFor more information, see [awslogs-datetime-format](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-datetime-format) .\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n- **awslogs-multiline-pattern** - Required: No\n\nThis option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.\n\nFor more information, see [awslogs-multiline-pattern](https://docs.aws.amazon.com/https://docs.docker.com/config/containers/logging/awslogs/#awslogs-multiline-pattern) .\n\nThis option is ignored if `awslogs-datetime-format` is also configured.\n\nYou cannot configure both the `awslogs-datetime-format` and `awslogs-multiline-pattern` options.\n\n> Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.\n\nThe following options apply to all supported log drivers.\n\n- **mode** - Required: No\n\nValid values: `non-blocking` | `blocking`\n\nThis option defines the delivery mode of log messages from the container to the log driver specified using `logDriver` . The delivery mode you choose affects application availability when the flow of logs from container is interrupted.\n\nIf you use the `blocking` mode and the flow of logs is interrupted, calls from container code to write to the `stdout` and `stderr` streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.\n\nIf you use the `non-blocking` mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the `max-buffer-size` option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see [Preventing log loss with non-blocking mode in the `awslogs` container log driver](https://docs.aws.amazon.com/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/) .\n\nYou can set a default `mode` for all containers in a specific AWS Region by using the `defaultLogDriverMode` account setting. If you don't specify the `mode` option or configure the account setting, Amazon ECS will default to the `non-blocking` mode. For more information about the account setting, see [Default log driver mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#default-log-driver-mode) in the *Amazon Elastic Container Service Developer Guide* .\n\n> On June 25, 2025, Amazon ECS changed the default log driver mode from `blocking` to `non-blocking` to prioritize task availability over logging. To continue using the `blocking` mode after this change, do one of the following:\n> \n> - Set the `mode` option in your container definition's `logConfiguration` as `blocking` .\n> - Set the `defaultLogDriverMode` account setting to `blocking` .\n- **max-buffer-size** - Required: No\n\nDefault value: `10m`\n\nWhen `non-blocking` mode is used, the `max-buffer-size` log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.\n\nTo route logs using the `splunk` log router, you need to specify a `splunk-token` and a `splunk-url` .\n\nWhen you use the `awsfirelens` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the `log-driver-buffer-limit` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n\nOther options you can specify when using `awsfirelens` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with `region` and a name for the log stream with `delivery_stream` .\n\nWhen you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with `region` and a data stream name with `stream` .\n\nWhen you export logs to Amazon OpenSearch Service, you can specify options like `Name` , `Host` (OpenSearch Service endpoint without protocol), `Port` , `Index` , `Type` , `Aws_auth` , `Aws_region` , `Suppress_Type_Name` , and `tls` . For more information, see [Under the hood: FireLens for Amazon ECS Tasks](https://docs.aws.amazon.com/containers/under-the-hood-firelens-for-amazon-ecs-tasks/) .\n\nWhen you export logs to Amazon S3, you can specify the bucket using the `bucket` option. You can also specify `region` , `total_file_size` , `upload_timeout` , and `use_put_object` as options.\n\nThis parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: `sudo docker version --format '{{.Server.APIVersion}}'`", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -85830,7 +85840,7 @@ "additionalProperties": false, "properties": { "ReplicationOverwriteProtection": { - "markdownDescription": "The status of the file system's replication overwrite protection.\n\n- `ENABLED` \u2013 The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is `ENABLED` by default.\n- `DISABLED` \u2013 The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n- `REPLICATING` \u2013 The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.\n\nIf the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.", + "markdownDescription": "The status of the file system's replication overwrite protection.\n\n- `ENABLED` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is `ENABLED` by default.\n- `DISABLED` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n- `REPLICATING` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.\n\nIf the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.", "title": "ReplicationOverwriteProtection", "type": "string" } @@ -86195,7 +86205,7 @@ "type": "boolean" }, "ResolveConflicts": { - "markdownDescription": "How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose:\n\n- *None* \u2013 If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail.\n- *Overwrite* \u2013 If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value.\n- *Preserve* \u2013 This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see [`UpdateAddon`](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) .\n\nIf you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.", + "markdownDescription": "How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose:\n\n- *None* – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail.\n- *Overwrite* – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value.\n- *Preserve* – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see [`UpdateAddon`](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) .\n\nIf you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.", "title": "ResolveConflicts", "type": "string" }, @@ -87183,7 +87193,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.\n\nThe following basic restrictions apply to tags:\n\n- Maximum number of tags per resource \u2013 50\n- For each resource, each tag key must be unique, and each tag key can have only one value.\n- Maximum key length \u2013 128 Unicode characters in UTF-8\n- Maximum value length \u2013 256 Unicode characters in UTF-8\n- If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n- Tag keys and values are case-sensitive.\n- Do not use `aws:` , `AWS:` , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.", + "markdownDescription": "Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources.\n\nThe following basic restrictions apply to tags:\n\n- Maximum number of tags per resource – 50\n- For each resource, each tag key must be unique, and each tag key can have only one value.\n- Maximum key length – 128 Unicode characters in UTF-8\n- Maximum value length – 256 Unicode characters in UTF-8\n- If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n- Tag keys and values are case-sensitive.\n- Do not use `aws:` , `AWS:` , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.", "title": "Tags", "type": "array" } @@ -92180,7 +92190,7 @@ "type": "string" }, "ResourceName": { - "markdownDescription": "A unique resource name for the option setting. Use it for a time\u2013based scaling configuration option.", + "markdownDescription": "A unique resource name for the option setting. Use it for a time–based scaling configuration option.", "title": "ResourceName", "type": "string" }, @@ -92358,7 +92368,7 @@ "type": "string" }, "ResourceName": { - "markdownDescription": "A unique resource name for the option setting. Use it for a time\u2013based scaling configuration option.", + "markdownDescription": "A unique resource name for the option setting. Use it for a time–based scaling configuration option.", "title": "ResourceName", "type": "string" }, @@ -92378,12 +92388,12 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of this environment tier.\n\nValid values:\n\n- For *Web server tier* \u2013 `WebServer`\n- For *Worker tier* \u2013 `Worker`", + "markdownDescription": "The name of this environment tier.\n\nValid values:\n\n- For *Web server tier* – `WebServer`\n- For *Worker tier* – `Worker`", "title": "Name", "type": "string" }, "Type": { - "markdownDescription": "The type of this environment tier.\n\nValid values:\n\n- For *Web server tier* \u2013 `Standard`\n- For *Worker tier* \u2013 `SQS/HTTP`", + "markdownDescription": "The type of this environment tier.\n\nValid values:\n\n- For *Web server tier* – `Standard`\n- For *Worker tier* – `SQS/HTTP`", "title": "Type", "type": "string" }, @@ -92865,7 +92875,7 @@ "type": "number" }, "Protocol": { - "markdownDescription": "The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can\u2019t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.", + "markdownDescription": "The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.", "title": "Protocol", "type": "string" }, @@ -94092,7 +94102,7 @@ "type": "string" }, "HealthCheckTimeoutSeconds": { - "markdownDescription": "The amount of time, in seconds, during which no response from a target means a failed health check. The range is 2\u2013120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is `lambda` , the default is 30 seconds.", + "markdownDescription": "The amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is `lambda` , the default is 30 seconds.", "title": "HealthCheckTimeoutSeconds", "type": "number" }, @@ -94202,7 +94212,7 @@ "type": "string" }, "HttpCode": { - "markdownDescription": "For Application Load Balancers, you can specify values between 200 and 499, with the default value being 200. You can specify multiple values (for example, \"200,202\") or a range of values (for example, \"200-299\").\n\nFor Network Load Balancers, you can specify values between 200 and 599, with the default value being 200-399. You can specify multiple values (for example, \"200,202\") or a range of values (for example, \"200-299\").\n\nFor Gateway Load Balancers, this must be \"200\u2013399\".\n\nNote that when using shorthand syntax, some values such as commas need to be escaped.", + "markdownDescription": "For Application Load Balancers, you can specify values between 200 and 499, with the default value being 200. You can specify multiple values (for example, \"200,202\") or a range of values (for example, \"200-299\").\n\nFor Network Load Balancers, you can specify values between 200 and 599, with the default value being 200-399. You can specify multiple values (for example, \"200,202\") or a range of values (for example, \"200-299\").\n\nFor Gateway Load Balancers, this must be \"200–399\".\n\nNote that when using shorthand syntax, some values such as commas need to be escaped.", "title": "HttpCode", "type": "string" } @@ -94574,7 +94584,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the OpenSearch Service domain.", + "markdownDescription": "An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.", "title": "Tags", "type": "array" }, @@ -97173,7 +97183,7 @@ }, "RetryStrategy": { "$ref": "#/definitions/AWS::Events::Rule.BatchRetryStrategy", - "markdownDescription": "The retry strategy to use for failed jobs, if the target is an AWS Batch job. The retry strategy is the number of times to retry the failed job execution. Valid values are 1\u201310. When you specify a retry strategy here, it overrides the retry strategy defined in the job definition.", + "markdownDescription": "The retry strategy to use for failed jobs, if the target is an AWS Batch job. The retry strategy is the number of times to retry the failed job execution. Valid values are 1–10. When you specify a retry strategy here, it overrides the retry strategy defined in the job definition.", "title": "RetryStrategy" } }, @@ -97187,7 +97197,7 @@ "additionalProperties": false, "properties": { "Attempts": { - "markdownDescription": "The number of times to attempt to retry, if the job fails. Valid values are 1\u201310.", + "markdownDescription": "The number of times to attempt to retry, if the job fails. Valid values are 1–10.", "title": "Attempts", "type": "number" } @@ -99194,7 +99204,7 @@ }, "ExcludeMap": { "$ref": "#/definitions/AWS::FMS::Policy.IEMap", - "markdownDescription": "Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.\n\nYou can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` .\n\nYou can specify account IDs, OUs, or a combination:\n\n- Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{\u201cACCOUNT\u201d : [\u201caccountID1\u201d, \u201caccountID2\u201d]}` .\n- Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{\u201cORGUNIT\u201d : [\u201couid111\u201d, \u201couid112\u201d]}` .\n- Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{\u201cACCOUNT\u201d : [\u201caccountID1\u201d, \u201caccountID2\u201d], \u201cORGUNIT\u201d : [\u201couid111\u201d, \u201couid112\u201d]}` .", + "markdownDescription": "Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.\n\nYou can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` .\n\nYou can specify account IDs, OUs, or a combination:\n\n- Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` .\n- Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` .\n- Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` .", "title": "ExcludeMap" }, "ExcludeResourceTags": { @@ -99204,7 +99214,7 @@ }, "IncludeMap": { "$ref": "#/definitions/AWS::FMS::Policy.IEMap", - "markdownDescription": "Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.\n\nYou can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` .\n\nYou can specify account IDs, OUs, or a combination:\n\n- Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{\u201cACCOUNT\u201d : [\u201caccountID1\u201d, \u201caccountID2\u201d]}` .\n- Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{\u201cORGUNIT\u201d : [\u201couid111\u201d, \u201couid112\u201d]}` .\n- Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{\u201cACCOUNT\u201d : [\u201caccountID1\u201d, \u201caccountID2\u201d], \u201cORGUNIT\u201d : [\u201couid111\u201d, \u201couid112\u201d]}` .", + "markdownDescription": "Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.\n\nYou can specify inclusions or exclusions, but not both. If you specify an `IncludeMap` , AWS Firewall Manager applies the policy to all accounts specified by the `IncludeMap` , and does not evaluate any `ExcludeMap` specifications. If you do not specify an `IncludeMap` , then Firewall Manager applies the policy to all accounts except for those specified by the `ExcludeMap` .\n\nYou can specify account IDs, OUs, or a combination:\n\n- Specify account IDs by setting the key to `ACCOUNT` . For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”]}` .\n- Specify OUs by setting the key to `ORGUNIT` . For example, the following is a valid map: `{“ORGUNIT” : [“ouid111”, “ouid112”]}` .\n- Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: `{“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}` .", "title": "IncludeMap" }, "PolicyDescription": { @@ -99903,7 +99913,7 @@ "type": "string" }, "DeploymentType": { - "markdownDescription": "(Optional) Choose `SCRATCH_1` and `SCRATCH_2` deployment types when you need temporary storage and shorter-term processing of data. The `SCRATCH_2` deployment type provides in-transit encryption of data and higher burst throughput capacity than `SCRATCH_1` .\n\nChoose `PERSISTENT_1` for longer-term storage and for throughput-focused workloads that aren\u2019t latency-sensitive. `PERSISTENT_1` supports encryption of data in transit, and is available in all AWS Regions in which FSx for Lustre is available.\n\nChoose `PERSISTENT_2` for longer-term storage and for latency-sensitive workloads that require the highest levels of IOPS/throughput. `PERSISTENT_2` supports the SSD and Intelligent-Tiering storage classes. You can optionally specify a metadata configuration mode for `PERSISTENT_2` which supports increasing metadata performance. `PERSISTENT_2` is available in a limited number of AWS Regions . For more information, and an up-to-date list of AWS Regions in which `PERSISTENT_2` is available, see [Deployment and storage class options for FSx for Lustre file systems](https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-fsx-lustre.html) in the *Amazon FSx for Lustre User Guide* .\n\n> If you choose `PERSISTENT_2` , and you set `FileSystemTypeVersion` to `2.10` , the `CreateFileSystem` operation fails. \n\nEncryption of data in transit is automatically turned on when you access `SCRATCH_2` , `PERSISTENT_1` , and `PERSISTENT_2` file systems from Amazon EC2 instances that support automatic encryption in the AWS Regions where they are available. For more information about encryption in transit for FSx for Lustre file systems, see [Encrypting data in transit](https://docs.aws.amazon.com/fsx/latest/LustreGuide/encryption-in-transit-fsxl.html) in the *Amazon FSx for Lustre User Guide* .\n\n(Default = `SCRATCH_1` )", + "markdownDescription": "(Optional) Choose `SCRATCH_1` and `SCRATCH_2` deployment types when you need temporary storage and shorter-term processing of data. The `SCRATCH_2` deployment type provides in-transit encryption of data and higher burst throughput capacity than `SCRATCH_1` .\n\nChoose `PERSISTENT_1` for longer-term storage and for throughput-focused workloads that aren’t latency-sensitive. `PERSISTENT_1` supports encryption of data in transit, and is available in all AWS Regions in which FSx for Lustre is available.\n\nChoose `PERSISTENT_2` for longer-term storage and for latency-sensitive workloads that require the highest levels of IOPS/throughput. `PERSISTENT_2` supports the SSD and Intelligent-Tiering storage classes. You can optionally specify a metadata configuration mode for `PERSISTENT_2` which supports increasing metadata performance. `PERSISTENT_2` is available in a limited number of AWS Regions . For more information, and an up-to-date list of AWS Regions in which `PERSISTENT_2` is available, see [Deployment and storage class options for FSx for Lustre file systems](https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-fsx-lustre.html) in the *Amazon FSx for Lustre User Guide* .\n\n> If you choose `PERSISTENT_2` , and you set `FileSystemTypeVersion` to `2.10` , the `CreateFileSystem` operation fails. \n\nEncryption of data in transit is automatically turned on when you access `SCRATCH_2` , `PERSISTENT_1` , and `PERSISTENT_2` file systems from Amazon EC2 instances that support automatic encryption in the AWS Regions where they are available. For more information about encryption in transit for FSx for Lustre file systems, see [Encrypting data in transit](https://docs.aws.amazon.com/fsx/latest/LustreGuide/encryption-in-transit-fsxl.html) in the *Amazon FSx for Lustre User Guide* .\n\n(Default = `SCRATCH_1` )", "title": "DeploymentType", "type": "string" }, @@ -99928,7 +99938,7 @@ "type": "number" }, "PerUnitStorageThroughput": { - "markdownDescription": "Required with `PERSISTENT_1` and `PERSISTENT_2` deployment types, provisions the amount of read and write throughput for each 1 tebibyte (TiB) of file system storage capacity, in MB/s/TiB. File system throughput capacity is calculated by multiplying \ufb01le system storage capacity (TiB) by the `PerUnitStorageThroughput` (MB/s/TiB). For a 2.4-TiB \ufb01le system, provisioning 50 MB/s/TiB of `PerUnitStorageThroughput` yields 120 MB/s of \ufb01le system throughput. You pay for the amount of throughput that you provision.\n\nValid values:\n\n- For `PERSISTENT_1` SSD storage: 50, 100, 200 MB/s/TiB.\n- For `PERSISTENT_1` HDD storage: 12, 40 MB/s/TiB.\n- For `PERSISTENT_2` SSD storage: 125, 250, 500, 1000 MB/s/TiB.", + "markdownDescription": "Required with `PERSISTENT_1` and `PERSISTENT_2` deployment types, provisions the amount of read and write throughput for each 1 tebibyte (TiB) of file system storage capacity, in MB/s/TiB. File system throughput capacity is calculated by multiplying file system storage capacity (TiB) by the `PerUnitStorageThroughput` (MB/s/TiB). For a 2.4-TiB file system, provisioning 50 MB/s/TiB of `PerUnitStorageThroughput` yields 120 MB/s of file system throughput. You pay for the amount of throughput that you provision.\n\nValid values:\n\n- For `PERSISTENT_1` SSD storage: 50, 100, 200 MB/s/TiB.\n- For `PERSISTENT_1` HDD storage: 12, 40 MB/s/TiB.\n- For `PERSISTENT_2` SSD storage: 125, 250, 500, 1000 MB/s/TiB.", "title": "PerUnitStorageThroughput", "type": "number" }, @@ -99978,7 +99988,7 @@ "title": "DiskIopsConfiguration" }, "EndpointIpAddressRange": { - "markdownDescription": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC\u2019s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "markdownDescription": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC’s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", "title": "EndpointIpAddressRange", "type": "string" }, @@ -100763,7 +100773,7 @@ "additionalProperties": false, "properties": { "CopyTagsToSnapshots": { - "markdownDescription": "A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to `false` . If this value is set to `true` , and you do not specify any tags, all tags for the original volume are copied over to snapshots. If this value is\u00a0set to `true` , and you do specify one or more tags, only the specified tags for the original volume are copied over to snapshots. If you specify one or more tags when creating a new snapshot, no tags are copied over from the original volume, regardless of this value.", + "markdownDescription": "A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to `false` . If this value is set to `true` , and you do not specify any tags, all tags for the original volume are copied over to snapshots. If this value is set to `true` , and you do specify one or more tags, only the specified tags for the original volume are copied over to snapshots. If you specify one or more tags when creating a new snapshot, no tags are copied over from the original volume, regardless of this value.", "title": "CopyTagsToSnapshots", "type": "boolean" }, @@ -103126,7 +103136,7 @@ "title": "CertificateConfiguration" }, "ComputeType": { - "markdownDescription": "The type of compute resource used to host your game servers.\n\n- `EC2` \u2013 The game server build is deployed to Amazon EC2 instances for cloud hosting. This is the default setting.\n- `ANYWHERE` \u2013 Game servers and supporting software are deployed to compute resources that you provide and manage. With this compute type, you can also set the `AnywhereConfiguration` parameter.", + "markdownDescription": "The type of compute resource used to host your game servers.\n\n- `EC2` – The game server build is deployed to Amazon EC2 instances for cloud hosting. This is the default setting.\n- `ANYWHERE` – Game servers and supporting software are deployed to compute resources that you provide and manage. With this compute type, you can also set the `AnywhereConfiguration` parameter.", "title": "ComputeType", "type": "string" }, @@ -103611,7 +103621,7 @@ "type": "string" }, "DeleteOption": { - "markdownDescription": "The type of delete to perform. To delete a game server group, specify the `DeleteOption` . Options include the following:\n\n- `SAFE_DELETE` \u2013 (default) Terminates the game server group and Amazon EC2 Auto Scaling group only when it has no game servers that are in `UTILIZED` status.\n- `FORCE_DELETE` \u2013 Terminates the game server group, including all active game servers regardless of their utilization status, and the Amazon EC2 Auto Scaling group.\n- `RETAIN` \u2013 Does a safe delete of the game server group but retains the Amazon EC2 Auto Scaling group as is.", + "markdownDescription": "The type of delete to perform. To delete a game server group, specify the `DeleteOption` . Options include the following:\n\n- `SAFE_DELETE` – (default) Terminates the game server group and Amazon EC2 Auto Scaling group only when it has no game servers that are in `UTILIZED` status.\n- `FORCE_DELETE` – Terminates the game server group, including all active game servers regardless of their utilization status, and the Amazon EC2 Auto Scaling group.\n- `RETAIN` – Does a safe delete of the game server group but retains the Amazon EC2 Auto Scaling group as is.", "title": "DeleteOption", "type": "string" }, @@ -104653,7 +104663,7 @@ "type": "string" }, "HealthCheckIntervalSeconds": { - "markdownDescription": "The time\u201410 seconds or 30 seconds\u2014between health checks for each endpoint. The default value is 30.", + "markdownDescription": "The time—10 seconds or 30 seconds—between health checks for each endpoint. The default value is 30.", "title": "HealthCheckIntervalSeconds", "type": "number" }, @@ -104813,7 +104823,7 @@ "type": "string" }, "ClientAffinity": { - "markdownDescription": "Client affinity lets you direct all requests from a user to the same endpoint, if you have stateful applications, regardless of the port and protocol of the client request. Client affinity gives you control over whether to always route each client to the same specific endpoint.\n\nAWS Global Accelerator uses a consistent-flow hashing algorithm to choose the optimal endpoint for a connection. If client affinity is `NONE` , Global Accelerator uses the \"five-tuple\" (5-tuple) properties\u2014source IP address, source port, destination IP address, destination port, and protocol\u2014to select the hash value, and then chooses the best endpoint. However, with this setting, if someone uses different ports to connect to Global Accelerator, their connections might not be always routed to the same endpoint because the hash value changes.\n\nIf you want a given client to always be routed to the same endpoint, set client affinity to `SOURCE_IP` instead. When you use the `SOURCE_IP` setting, Global Accelerator uses the \"two-tuple\" (2-tuple) properties\u2014 source (client) IP address and destination IP address\u2014to select the hash value.\n\nThe default value is `NONE` .", + "markdownDescription": "Client affinity lets you direct all requests from a user to the same endpoint, if you have stateful applications, regardless of the port and protocol of the client request. Client affinity gives you control over whether to always route each client to the same specific endpoint.\n\nAWS Global Accelerator uses a consistent-flow hashing algorithm to choose the optimal endpoint for a connection. If client affinity is `NONE` , Global Accelerator uses the \"five-tuple\" (5-tuple) properties—source IP address, source port, destination IP address, destination port, and protocol—to select the hash value, and then chooses the best endpoint. However, with this setting, if someone uses different ports to connect to Global Accelerator, their connections might not be always routed to the same endpoint because the hash value changes.\n\nIf you want a given client to always be routed to the same endpoint, set client affinity to `SOURCE_IP` instead. When you use the `SOURCE_IP` setting, Global Accelerator uses the \"two-tuple\" (2-tuple) properties— source (client) IP address and destination IP address—to select the hash value.\n\nThe default value is `NONE` .", "title": "ClientAffinity", "type": "string" }, @@ -111380,7 +111390,7 @@ "additionalProperties": false, "properties": { "DependencyType": { - "markdownDescription": "The type of this dependency. Choose from the following options:\n\n- `SOFT` \u2013 The component doesn't restart if the dependency changes state.\n- `HARD` \u2013 The component restarts if the dependency changes state.\n\nDefault: `HARD`", + "markdownDescription": "The type of this dependency. Choose from the following options:\n\n- `SOFT` – The component doesn't restart if the dependency changes state.\n- `HARD` – The component restarts if the dependency changes state.\n\nDefault: `HARD`", "title": "DependencyType", "type": "string" }, @@ -111476,7 +111486,7 @@ "type": "string" }, "Type": { - "markdownDescription": "The type of event source. Choose from the following options:\n\n- `PUB_SUB` \u2013 Subscribe to local publish/subscribe messages. This event source type doesn't support MQTT wildcards ( `+` and `#` ) in the event source topic.\n- `IOT_CORE` \u2013 Subscribe to AWS IoT Core MQTT messages. This event source type supports MQTT wildcards ( `+` and `#` ) in the event source topic.", + "markdownDescription": "The type of event source. Choose from the following options:\n\n- `PUB_SUB` – Subscribe to local publish/subscribe messages. This event source type doesn't support MQTT wildcards ( `+` and `#` ) in the event source topic.\n- `IOT_CORE` – Subscribe to AWS IoT Core MQTT messages. This event source type supports MQTT wildcards ( `+` and `#` ) in the event source topic.", "title": "Type", "type": "string" } @@ -111817,7 +111827,7 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "Whether or not to notify components and wait for components to become safe to update. Choose from the following options:\n\n- `NOTIFY_COMPONENTS` \u2013 The deployment notifies each component before it stops and updates that component. Components can use the [SubscribeToComponentUpdates](https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html#ipc-operation-subscribetocomponentupdates) IPC operation to receive these notifications. Then, components can respond with the [DeferComponentUpdate](https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html#ipc-operation-defercomponentupdate) IPC operation. For more information, see the [Create deployments](https://docs.aws.amazon.com/greengrass/v2/developerguide/create-deployments.html) in the *AWS IoT Greengrass V2 Developer Guide* .\n- `SKIP_NOTIFY_COMPONENTS` \u2013 The deployment doesn't notify components or wait for them to be safe to update.\n\nDefault: `NOTIFY_COMPONENTS`", + "markdownDescription": "Whether or not to notify components and wait for components to become safe to update. Choose from the following options:\n\n- `NOTIFY_COMPONENTS` – The deployment notifies each component before it stops and updates that component. Components can use the [SubscribeToComponentUpdates](https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html#ipc-operation-subscribetocomponentupdates) IPC operation to receive these notifications. Then, components can respond with the [DeferComponentUpdate](https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html#ipc-operation-defercomponentupdate) IPC operation. For more information, see the [Create deployments](https://docs.aws.amazon.com/greengrass/v2/developerguide/create-deployments.html) in the *AWS IoT Greengrass V2 Developer Guide* .\n- `SKIP_NOTIFY_COMPONENTS` – The deployment doesn't notify components or wait for them to be safe to update.\n\nDefault: `NOTIFY_COMPONENTS`", "title": "Action", "type": "string" }, @@ -112666,7 +112676,7 @@ "additionalProperties": false, "properties": { "ContactPostPassDurationSeconds": { - "markdownDescription": "Amount of time in seconds after a contact ends that you\u2019d like to receive a Ground Station Contact State Change indicating the pass has finished.", + "markdownDescription": "Amount of time in seconds after a contact ends that you’d like to receive a Ground Station Contact State Change indicating the pass has finished.", "title": "ContactPostPassDurationSeconds", "type": "number" }, @@ -113835,7 +113845,7 @@ "additionalProperties": false, "properties": { "AuthorizationStrategy": { - "markdownDescription": "The authorization strategy selected when the HealthLake data store is created.\n\n> HealthLake provides support for both SMART on FHIR V1 and V2 as described below.\n> \n> - `SMART_ON_FHIR_V1` \u2013 Support for only SMART on FHIR V1, which includes `read` (read/search) and `write` (create/update/delete) permissions.\n> - `SMART_ON_FHIR` \u2013 Support for both SMART on FHIR V1 and V2, which includes `create` , `read` , `update` , `delete` , and `search` permissions.\n> - `AWS_AUTH` \u2013 The default HealthLake authorization strategy; not affiliated with SMART on FHIR.", + "markdownDescription": "The authorization strategy selected when the HealthLake data store is created.\n\n> HealthLake provides support for both SMART on FHIR V1 and V2 as described below.\n> \n> - `SMART_ON_FHIR_V1` – Support for only SMART on FHIR V1, which includes `read` (read/search) and `write` (create/update/delete) permissions.\n> - `SMART_ON_FHIR` – Support for both SMART on FHIR V1 and V2, which includes `create` , `read` , `update` , `delete` , and `search` permissions.\n> - `AWS_AUTH` – The default HealthLake authorization strategy; not affiliated with SMART on FHIR.", "title": "AuthorizationStrategy", "type": "string" }, @@ -116942,7 +116952,7 @@ "type": "string" }, "Throughput": { - "markdownDescription": "*For GP3 volumes only* \u2013 The throughput in MiB/s that the volume supports.", + "markdownDescription": "*For GP3 volumes only* – The throughput in MiB/s that the volume supports.", "title": "Throughput", "type": "number" }, @@ -117500,7 +117510,7 @@ "type": "array" }, "RepositoryName": { - "markdownDescription": "The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don\u2019t provide this information, Image Builder creates a repository in your account named `image-builder-image-scanning-repository` for vulnerability scans of your output container images.", + "markdownDescription": "The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don’t provide this information, Image Builder creates a repository in your account named `image-builder-image-scanning-repository` for vulnerability scans of your output container images.", "title": "RepositoryName", "type": "string" } @@ -117741,7 +117751,7 @@ "type": "array" }, "RepositoryName": { - "markdownDescription": "The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don\u2019t provide this information, Image Builder creates a repository in your account named `image-builder-image-scanning-repository` for vulnerability scans of your output container images.", + "markdownDescription": "The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don’t provide this information, Image Builder creates a repository in your account named `image-builder-image-scanning-repository` for vulnerability scans of your output container images.", "title": "RepositoryName", "type": "string" } @@ -118053,7 +118063,7 @@ "type": "string" }, "Throughput": { - "markdownDescription": "*For GP3 volumes only* \u2013 The throughput in MiB/s that the volume supports.", + "markdownDescription": "*For GP3 volumes only* – The throughput in MiB/s that the volume supports.", "title": "Throughput", "type": "number" }, @@ -118262,7 +118272,7 @@ "type": "number" }, "HttpTokens": { - "markdownDescription": "Indicates whether a signed token header is required for instance metadata retrieval requests. The values affect the response as follows:\n\n- *required* \u2013 When you retrieve the IAM role credentials, version 2.0 credentials are returned in all cases.\n- *optional* \u2013 You can include a signed token header in your request to retrieve instance metadata, or you can leave it out. If you include it, version 2.0 credentials are returned for the IAM role. Otherwise, version 1.0 credentials are returned.\n\nThe default setting is *optional* .", + "markdownDescription": "Indicates whether a signed token header is required for instance metadata retrieval requests. The values affect the response as follows:\n\n- *required* – When you retrieve the IAM role credentials, version 2.0 credentials are returned in all cases.\n- *optional* – You can include a signed token header in your request to retrieve instance metadata, or you can leave it out. If you include it, version 2.0 credentials are returned for the IAM role. Otherwise, version 1.0 credentials are returned.\n\nThe default setting is *optional* .", "title": "HttpTokens", "type": "string" } @@ -120870,7 +120880,7 @@ "type": "string" }, "MetricName": { - "markdownDescription": "The name of the custom metric. This will be used in the metric report submitted from the device/thing. The name can't begin with `aws:` . You can\u2019t change the name after you define it.", + "markdownDescription": "The name of the custom metric. This will be used in the metric report submitted from the device/thing. The name can't begin with `aws:` . You can’t change the name after you define it.", "title": "MetricName", "type": "string" }, @@ -121363,7 +121373,7 @@ "items": { "type": "string" }, - "markdownDescription": "The package version Amazon Resource Names (ARNs) that are installed on the device\u2019s reserved named shadow ( `$package` ) when the job successfully completes.\n\n*Note:* Up to 25 package version ARNS are allowed.", + "markdownDescription": "The package version Amazon Resource Names (ARNs) that are installed on the device’s reserved named shadow ( `$package` ) when the job successfully completes.\n\n*Note:* Up to 25 package version ARNS are allowed.", "title": "DestinationPackageVersions", "type": "array" }, @@ -122936,7 +122946,7 @@ "properties": { "Attributes": { "additionalProperties": true, - "markdownDescription": "Metadata that can be used to define a package version\u2019s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", + "markdownDescription": "Metadata that can be used to define a package version’s configuration. For example, the S3 file location, configuration options that are being sent to the device or fleet.\n\nThe combined size of all the attributes on a package version is limited to 3KB.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -129473,7 +129483,7 @@ "type": "array" }, "AssetModelType": { - "markdownDescription": "The type of asset model.\n\n- *ASSET_MODEL* \u2013 (default) An asset model that you can use to create assets. Can't be included as a component in another asset model.\n- *COMPONENT_MODEL* \u2013 A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.\n- *INTERFACE* \u2013 An interface is a type of model that defines a standard structure that can be applied to different asset models.", + "markdownDescription": "The type of asset model.\n\n- *ASSET_MODEL* – (default) An asset model that you can use to create assets. Can't be included as a component in another asset model.\n- *COMPONENT_MODEL* – A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.\n- *INTERFACE* – An interface is a type of model that defines a standard structure that can be applied to different asset models.", "title": "AssetModelType", "type": "string" }, @@ -130164,7 +130174,7 @@ "type": "string" }, "PortalAuthMode": { - "markdownDescription": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` \u2013 The portal uses AWS IAM Identity Center to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` \u2013 The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", + "markdownDescription": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` – The portal uses AWS IAM Identity Center to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` – The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", "title": "PortalAuthMode", "type": "string" }, @@ -135332,7 +135342,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of glob patterns (patterns that can expand a wildcard pattern into a list of path names that match the given pattern) for certain file names and file types to exclude from your index. If a document matches both an inclusion and exclusion prefix or pattern, the exclusion prefix takes precendence and the document is not indexed. Examples of glob patterns include:\n\n- */myapp/config/** \u2014All files inside config directory.\n- ***/*.png* \u2014All .png files in all directories.\n- ***/*.{png, ico, md}* \u2014All .png, .ico or .md files in all directories.\n- */myapp/src/**/*.ts* \u2014All .ts files inside src directory (and all its subdirectories).\n- ***/!(*.module).ts* \u2014All .ts files but not .module.ts\n- **.png , *.jpg* \u2014All PNG and JPEG image files in a directory (files with the extensions .png and .jpg).\n- **internal** \u2014All files in a directory that contain 'internal' in the file name, such as 'internal', 'internal_only', 'company_internal'.\n- ***/*internal** \u2014All internal-related files in a directory and its subdirectories.\n\nFor more examples, see [Use of Exclude and Include Filters](https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) in the AWS CLI Command Reference.", + "markdownDescription": "A list of glob patterns (patterns that can expand a wildcard pattern into a list of path names that match the given pattern) for certain file names and file types to exclude from your index. If a document matches both an inclusion and exclusion prefix or pattern, the exclusion prefix takes precendence and the document is not indexed. Examples of glob patterns include:\n\n- */myapp/config/** —All files inside config directory.\n- ***/*.png* —All .png files in all directories.\n- ***/*.{png, ico, md}* —All .png, .ico or .md files in all directories.\n- */myapp/src/**/*.ts* —All .ts files inside src directory (and all its subdirectories).\n- ***/!(*.module).ts* —All .ts files but not .module.ts\n- **.png , *.jpg* —All PNG and JPEG image files in a directory (files with the extensions .png and .jpg).\n- **internal** —All files in a directory that contain 'internal' in the file name, such as 'internal', 'internal_only', 'company_internal'.\n- ***/*internal** —All internal-related files in a directory and its subdirectories.\n\nFor more examples, see [Use of Exclude and Include Filters](https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) in the AWS CLI Command Reference.", "title": "ExclusionPatterns", "type": "array" }, @@ -135340,7 +135350,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of glob patterns (patterns that can expand a wildcard pattern into a list of path names that match the given pattern) for certain file names and file types to include in your index. If a document matches both an inclusion and exclusion prefix or pattern, the exclusion prefix takes precendence and the document is not indexed. Examples of glob patterns include:\n\n- */myapp/config/** \u2014All files inside config directory.\n- ***/*.png* \u2014All .png files in all directories.\n- ***/*.{png, ico, md}* \u2014All .png, .ico or .md files in all directories.\n- */myapp/src/**/*.ts* \u2014All .ts files inside src directory (and all its subdirectories).\n- ***/!(*.module).ts* \u2014All .ts files but not .module.ts\n- **.png , *.jpg* \u2014All PNG and JPEG image files in a directory (files with the extensions .png and .jpg).\n- **internal** \u2014All files in a directory that contain 'internal' in the file name, such as 'internal', 'internal_only', 'company_internal'.\n- ***/*internal** \u2014All internal-related files in a directory and its subdirectories.\n\nFor more examples, see [Use of Exclude and Include Filters](https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) in the AWS CLI Command Reference.", + "markdownDescription": "A list of glob patterns (patterns that can expand a wildcard pattern into a list of path names that match the given pattern) for certain file names and file types to include in your index. If a document matches both an inclusion and exclusion prefix or pattern, the exclusion prefix takes precendence and the document is not indexed. Examples of glob patterns include:\n\n- */myapp/config/** —All files inside config directory.\n- ***/*.png* —All .png files in all directories.\n- ***/*.{png, ico, md}* —All .png, .ico or .md files in all directories.\n- */myapp/src/**/*.ts* —All .ts files inside src directory (and all its subdirectories).\n- ***/!(*.module).ts* —All .ts files but not .module.ts\n- **.png , *.jpg* —All PNG and JPEG image files in a directory (files with the extensions .png and .jpg).\n- **internal** —All files in a directory that contain 'internal' in the file name, such as 'internal', 'internal_only', 'company_internal'.\n- ***/*internal** —All internal-related files in a directory and its subdirectories.\n\nFor more examples, see [Use of Exclude and Include Filters](https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) in the AWS CLI Command Reference.", "title": "InclusionPatterns", "type": "array" }, @@ -135914,7 +135924,7 @@ "type": "number" }, "MaxLinksPerPage": { - "markdownDescription": "The maximum number of URLs on a web page to include when crawling a website. This number is per web page.\n\nAs a website\u2019s web pages are crawled, any URLs the web pages link to are also crawled. URLs on a web page are crawled in order of appearance.\n\nThe default maximum links per page is 100.", + "markdownDescription": "The maximum number of URLs on a web page to include when crawling a website. This number is per web page.\n\nAs a website’s web pages are crawled, any URLs the web pages link to are also crawled. URLs on a web page are crawled in order of appearance.\n\nThe default maximum links per page is 100.", "title": "MaxLinksPerPage", "type": "number" }, @@ -135967,7 +135977,7 @@ "type": "array" }, "WebCrawlerMode": { - "markdownDescription": "You can choose one of the following modes:\n\n- `HOST_ONLY` \u2014crawl only the website host names. For example, if the seed URL is \"abc.example.com\", then only URLs with host name \"abc.example.com\" are crawled.\n- `SUBDOMAINS` \u2014crawl the website host names with subdomains. For example, if the seed URL is \"abc.example.com\", then \"a.abc.example.com\" and \"b.abc.example.com\" are also crawled.\n- `EVERYTHING` \u2014crawl the website host names with subdomains and other domains that the web pages link to.\n\nThe default mode is set to `HOST_ONLY` .", + "markdownDescription": "You can choose one of the following modes:\n\n- `HOST_ONLY` —crawl only the website host names. For example, if the seed URL is \"abc.example.com\", then only URLs with host name \"abc.example.com\" are crawled.\n- `SUBDOMAINS` —crawl the website host names with subdomains. For example, if the seed URL is \"abc.example.com\", then \"a.abc.example.com\" and \"b.abc.example.com\" are also crawled.\n- `EVERYTHING` —crawl the website host names with subdomains and other domains that the web pages link to.\n\nThe default mode is set to `HOST_ONLY` .", "title": "WebCrawlerMode", "type": "string" } @@ -136022,7 +136032,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of regular expression patterns to exclude certain files in your Amazon WorkDocs site repository. Files that match the patterns are excluded from the index. Files that don\u2019t match the patterns are included in the index. If a file matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the file isn't included in the index.", + "markdownDescription": "A list of regular expression patterns to exclude certain files in your Amazon WorkDocs site repository. Files that match the patterns are excluded from the index. Files that don’t match the patterns are included in the index. If a file matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the file isn't included in the index.", "title": "ExclusionPatterns", "type": "array" }, @@ -136689,7 +136699,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the Kinesis stream. For information about constraints for this property, see [Tag Restrictions](https://docs.aws.amazon.com/streams/latest/dev/tagging.html#tagging-restrictions) in the *Amazon Kinesis Developer Guide* .", + "markdownDescription": "An arbitrary set of tags (key–value pairs) to associate with the Kinesis stream. For information about constraints for this property, see [Tag Restrictions](https://docs.aws.amazon.com/streams/latest/dev/tagging.html#tagging-restrictions) in the *Amazon Kinesis Developer Guide* .", "title": "Tags", "type": "array" } @@ -142386,7 +142396,7 @@ "title": "AmazonManagedKafkaEventSourceConfig" }, "BatchSize": { - "markdownDescription": "The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).\n\n- *Amazon Kinesis* \u2013 Default 100. Max 10,000.\n- *Amazon DynamoDB Streams* \u2013 Default 100. Max 10,000.\n- *Amazon Simple Queue Service* \u2013 Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 Default 100. Max 10,000.\n- *Self-managed Apache Kafka* \u2013 Default 100. Max 10,000.\n- *Amazon MQ (ActiveMQ and RabbitMQ)* \u2013 Default 100. Max 10,000.\n- *DocumentDB* \u2013 Default 100. Max 10,000.", + "markdownDescription": "The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).\n\n- *Amazon Kinesis* – Default 100. Max 10,000.\n- *Amazon DynamoDB Streams* – Default 100. Max 10,000.\n- *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.\n- *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000.\n- *Self-managed Apache Kafka* – Default 100. Max 10,000.\n- *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000.\n- *DocumentDB* – Default 100. Max 10,000.", "title": "BatchSize", "type": "number" }, @@ -142411,7 +142421,7 @@ "type": "boolean" }, "EventSourceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* \u2013 The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* \u2013 The ARN of the stream.\n- *Amazon Simple Queue Service* \u2013 The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* \u2013 The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc) ).\n- *Amazon MQ* \u2013 The ARN of the broker.\n- *Amazon DocumentDB* \u2013 The ARN of the DocumentDB change stream.", + "markdownDescription": "The Amazon Resource Name (ARN) of the event source.\n\n- *Amazon Kinesis* – The ARN of the data stream or a stream consumer.\n- *Amazon DynamoDB Streams* – The ARN of the stream.\n- *Amazon Simple Queue Service* – The ARN of the queue.\n- *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc) ).\n- *Amazon MQ* – The ARN of the broker.\n- *Amazon DocumentDB* – The ARN of the DocumentDB change stream.", "title": "EventSourceArn", "type": "string" }, @@ -142421,7 +142431,7 @@ "title": "FilterCriteria" }, "FunctionName": { - "markdownDescription": "The name or ARN of the Lambda function.\n\n**Name formats** - *Function name* \u2013 `MyFunction` .\n- *Function ARN* \u2013 `arn:aws:lambda:us-west-2:123456789012:function:MyFunction` .\n- *Version or Alias ARN* \u2013 `arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD` .\n- *Partial ARN* \u2013 `123456789012:function:MyFunction` .\n\nThe length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.", + "markdownDescription": "The name or ARN of the Lambda function.\n\n**Name formats** - *Function name* – `MyFunction` .\n- *Function ARN* – `arn:aws:lambda:us-west-2:123456789012:function:MyFunction` .\n- *Version or Alias ARN* – `arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD` .\n- *Partial ARN* – `123456789012:function:MyFunction` .\n\nThe length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.", "title": "FunctionName", "type": "string" }, @@ -142664,7 +142674,7 @@ "additionalProperties": false, "properties": { "Type": { - "markdownDescription": "The type of authentication protocol, VPC components, or virtual host for your event source. For example: `\"Type\":\"SASL_SCRAM_512_AUTH\"` .\n\n- `BASIC_AUTH` \u2013 (Amazon MQ) The AWS Secrets Manager secret that stores your broker credentials.\n- `BASIC_AUTH` \u2013 (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.\n- `VPC_SUBNET` \u2013 (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.\n- `VPC_SECURITY_GROUP` \u2013 (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.\n- `SASL_SCRAM_256_AUTH` \u2013 (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.\n- `SASL_SCRAM_512_AUTH` \u2013 (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.\n- `VIRTUAL_HOST` \u2013- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.\n- `CLIENT_CERTIFICATE_TLS_AUTH` \u2013 (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.\n- `SERVER_ROOT_CA_CERTIFICATE` \u2013 (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.", + "markdownDescription": "The type of authentication protocol, VPC components, or virtual host for your event source. For example: `\"Type\":\"SASL_SCRAM_512_AUTH\"` .\n\n- `BASIC_AUTH` – (Amazon MQ) The AWS Secrets Manager secret that stores your broker credentials.\n- `BASIC_AUTH` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.\n- `VPC_SUBNET` – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.\n- `VPC_SECURITY_GROUP` – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.\n- `SASL_SCRAM_256_AUTH` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.\n- `SASL_SCRAM_512_AUTH` – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.\n- `VIRTUAL_HOST` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.\n- `CLIENT_CERTIFICATE_TLS_AUTH` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.\n- `SERVER_ROOT_CA_CERTIFICATE` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.", "title": "Type", "type": "string" }, @@ -143362,7 +143372,7 @@ "type": "string" }, "FunctionName": { - "markdownDescription": "The name or ARN of the Lambda function, version, or alias.\n\n**Name formats** - *Function name* \u2013 `my-function` (name-only), `my-function:v1` (with alias).\n- *Function ARN* \u2013 `arn:aws:lambda:us-west-2:123456789012:function:my-function` .\n- *Partial ARN* \u2013 `123456789012:function:my-function` .\n\nYou can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.", + "markdownDescription": "The name or ARN of the Lambda function, version, or alias.\n\n**Name formats** - *Function name* – `my-function` (name-only), `my-function:v1` (with alias).\n- *Function ARN* – `arn:aws:lambda:us-west-2:123456789012:function:my-function` .\n- *Partial ARN* – `123456789012:function:my-function` .\n\nYou can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.", "title": "FunctionName", "type": "string" }, @@ -143466,7 +143476,7 @@ "title": "Cors" }, "InvokeMode": { - "markdownDescription": "Use one of the following options:\n\n- `BUFFERED` \u2013 This is the default option. Lambda invokes your function using the `Invoke` API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.\n- `RESPONSE_STREAM` \u2013 Your function streams payload results as they become available. Lambda invokes your function using the `InvokeWithResponseStream` API operation. The maximum response payload size is 200 MB.", + "markdownDescription": "Use one of the following options:\n\n- `BUFFERED` – This is the default option. Lambda invokes your function using the `Invoke` API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.\n- `RESPONSE_STREAM` – Your function streams payload results as they become available. Lambda invokes your function using the `InvokeWithResponseStream` API operation. The maximum response payload size is 200 MB.", "title": "InvokeMode", "type": "string" }, @@ -145607,7 +145617,7 @@ "additionalProperties": false, "properties": { "Pattern": { - "markdownDescription": "A regular expression used to validate the value of a slot.\n\nUse a standard regular expression. Amazon Lex supports the following characters in the regular expression:\n\n- A-Z, a-z\n- 0-9\n- Unicode characters (\"\\\u2060u\")\n\nRepresent Unicode characters with four digits, for example \"\\\u2060u0041\" or \"\\\u2060u005A\".\n\nThe following regular expression operators are not supported:\n\n- Infinite repeaters: *, +, or {x,} with no upper bound.\n- Wild card (.)", + "markdownDescription": "A regular expression used to validate the value of a slot.\n\nUse a standard regular expression. Amazon Lex supports the following characters in the regular expression:\n\n- A-Z, a-z\n- 0-9\n- Unicode characters (\"\\⁠u\")\n\nRepresent Unicode characters with four digits, for example \"\\⁠u0041\" or \"\\⁠u005A\".\n\nThe following regular expression operators are not supported:\n\n- Infinite repeaters: *, +, or {x,} with no upper bound.\n- Wild card (.)", "title": "Pattern", "type": "string" } @@ -147172,7 +147182,7 @@ "type": "array" }, "Image": { - "markdownDescription": "The name of the image used for the container.\n\nContainer images that are sourced from (registered and stored on) your container service start with a colon ( `:` ). For example, if your container service name is `container-service-1` , the container image label is `mystaticsite` , and you want to use the third version ( `3` ) of the registered container image, then you should specify `:container-service-1.mystaticsite.3` . To use the latest version of a container image, specify `latest` instead of a version number (for example, `:container-service-1.mystaticsite.latest` ). Your container service will automatically use the highest numbered version of the registered container image.\n\nContainer images that are sourced from a public registry like Docker Hub don\u2019t start with a colon. For example, `nginx:latest` or `nginx` .", + "markdownDescription": "The name of the image used for the container.\n\nContainer images that are sourced from (registered and stored on) your container service start with a colon ( `:` ). For example, if your container service name is `container-service-1` , the container image label is `mystaticsite` , and you want to use the third version ( `3` ) of the registered container image, then you should specify `:container-service-1.mystaticsite.3` . To use the latest version of a container image, specify `latest` instead of a version number (for example, `:container-service-1.mystaticsite.latest` ). Your container service will automatically use the highest numbered version of the registered container image.\n\nContainer images that are sourced from a public registry like Docker Hub don’t start with a colon. For example, `nginx:latest` or `nginx` .", "title": "Image", "type": "string" }, @@ -147809,7 +147819,7 @@ "additionalProperties": false, "properties": { "Behavior": { - "markdownDescription": "The cache behavior of the distribution.\n\nThe following cache behaviors can be specified:\n\n- *`cache`* - This option is best for static sites. When specified, your distribution caches and serves your entire website as static content. This behavior is ideal for websites with static content that doesn't change depending on who views it, or for websites that don't use cookies, headers, or query strings to personalize content.\n- *`dont-cache`* - This option is best for sites that serve a mix of static and dynamic content. When specified, your distribution caches and serves only the content that is specified in the distribution\u2019s `CacheBehaviorPerPath` parameter. This behavior is ideal for websites or web applications that use cookies, headers, and query strings to personalize content for individual users.", + "markdownDescription": "The cache behavior of the distribution.\n\nThe following cache behaviors can be specified:\n\n- *`cache`* - This option is best for static sites. When specified, your distribution caches and serves your entire website as static content. This behavior is ideal for websites with static content that doesn't change depending on who views it, or for websites that don't use cookies, headers, or query strings to personalize content.\n- *`dont-cache`* - This option is best for sites that serve a mix of static and dynamic content. When specified, your distribution caches and serves only the content that is specified in the distribution’s `CacheBehaviorPerPath` parameter. This behavior is ideal for websites or web applications that use cookies, headers, and query strings to personalize content for individual users.", "title": "Behavior", "type": "string" } @@ -147890,7 +147900,7 @@ "type": "array" }, "Option": { - "markdownDescription": "Specifies which cookies to forward to the distribution's origin for a cache behavior.\n\nUse one of the following configurations for your distribution:\n\n- *`all`* - Forwards all cookies to your origin.\n- *`none`* - Doesn\u2019t forward cookies to your origin.\n- *`allow-list`* - Forwards only the cookies that you specify using the `CookiesAllowList` parameter.", + "markdownDescription": "Specifies which cookies to forward to the distribution's origin for a cache behavior.\n\nUse one of the following configurations for your distribution:\n\n- *`all`* - Forwards all cookies to your origin.\n- *`none`* - Doesn’t forward cookies to your origin.\n- *`allow-list`* - Forwards only the cookies that you specify using the `CookiesAllowList` parameter.", "title": "Option", "type": "string" } @@ -148659,7 +148669,7 @@ "type": "boolean" }, "KeyName": { - "markdownDescription": "A custom name for the API key resource.\n\nRequirements:\n\n- Contain only alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), hyphens (-), periods (.), and underscores (_).\n- Must be a unique API key name.\n- No spaces allowed. For example, `ExampleAPIKey` .", + "markdownDescription": "A custom name for the API key resource.\n\nRequirements:\n\n- Contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).\n- Must be a unique API key name.\n- No spaces allowed. For example, `ExampleAPIKey` .", "title": "KeyName", "type": "string" }, @@ -148724,7 +148734,7 @@ "items": { "type": "string" }, - "markdownDescription": "An optional list of allowed HTTP referers for which requests must originate from. Requests using this API key from other domains will not be allowed.\n\nRequirements:\n\n- Contain only alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139) or any symbols in this list `$\\-._+!*`(),;/?:@=&`\n- May contain a percent (%) if followed by 2 hexadecimal digits (A-F, a-f, 0-9); this is used for URL encoding purposes.\n- May contain wildcard characters question mark (?) and asterisk (*).\n\nQuestion mark (?) will replace any single character (including hexadecimal digits).\n\nAsterisk (*) will replace any multiple characters (including multiple hexadecimal digits).\n- No spaces allowed. For example, `https://example.com` .", + "markdownDescription": "An optional list of allowed HTTP referers for which requests must originate from. Requests using this API key from other domains will not be allowed.\n\nRequirements:\n\n- Contain only alphanumeric characters (A–Z, a–z, 0–9) or any symbols in this list `$\\-._+!*`(),;/?:@=&`\n- May contain a percent (%) if followed by 2 hexadecimal digits (A-F, a-f, 0-9); this is used for URL encoding purposes.\n- May contain wildcard characters question mark (?) and asterisk (*).\n\nQuestion mark (?) will replace any single character (including hexadecimal digits).\n\nAsterisk (*) will replace any multiple characters (including multiple hexadecimal digits).\n- No spaces allowed. For example, `https://example.com` .", "title": "AllowReferers", "type": "array" }, @@ -148779,7 +148789,7 @@ "additionalProperties": false, "properties": { "CollectionName": { - "markdownDescription": "A custom name for the geofence collection.\n\nRequirements:\n\n- Contain only alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), hyphens (-), periods (.), and underscores (_).\n- Must be a unique geofence collection name.\n- No spaces allowed. For example, `ExampleGeofenceCollection` .", + "markdownDescription": "A custom name for the geofence collection.\n\nRequirements:\n\n- Contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).\n- Must be a unique geofence collection name.\n- No spaces allowed. For example, `ExampleGeofenceCollection` .", "title": "CollectionName", "type": "string" }, @@ -148797,7 +148807,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.\n\nFormat: `\"key\" : \"value\"`\n\nRestrictions:\n\n- Maximum 50 tags per resource\n- Each resource tag must be unique with a maximum of one value.\n- Maximum key length: 128 Unicode characters in UTF-8\n- Maximum value length: 256 Unicode characters in UTF-8\n- Can use alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), and the following characters: + - = . _ : / @.\n- Cannot use \"aws:\" as a prefix for a key.", + "markdownDescription": "Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.\n\nFormat: `\"key\" : \"value\"`\n\nRestrictions:\n\n- Maximum 50 tags per resource\n- Each resource tag must be unique with a maximum of one value.\n- Maximum key length: 128 Unicode characters in UTF-8\n- Maximum value length: 256 Unicode characters in UTF-8\n- Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @.\n- Cannot use \"aws:\" as a prefix for a key.", "title": "Tags", "type": "array" } @@ -148874,7 +148884,7 @@ "type": "string" }, "MapName": { - "markdownDescription": "The name for the map resource.\n\nRequirements:\n\n- Must contain only alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), hyphens (-), periods (.), and underscores (_).\n- Must be a unique map resource name.\n- No spaces allowed. For example, `ExampleMap` .", + "markdownDescription": "The name for the map resource.\n\nRequirements:\n\n- Must contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).\n- Must be a unique map resource name.\n- No spaces allowed. For example, `ExampleMap` .", "title": "MapName", "type": "string" }, @@ -148887,7 +148897,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Applies one or more tags to the map resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.\n\nFormat: `\"key\" : \"value\"`\n\nRestrictions:\n\n- Maximum 50 tags per resource\n- Each resource tag must be unique with a maximum of one value.\n- Maximum key length: 128 Unicode characters in UTF-8\n- Maximum value length: 256 Unicode characters in UTF-8\n- Can use alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), and the following characters: + - = . _ : / @.\n- Cannot use \"aws:\" as a prefix for a key.", + "markdownDescription": "Applies one or more tags to the map resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.\n\nFormat: `\"key\" : \"value\"`\n\nRestrictions:\n\n- Maximum 50 tags per resource\n- Each resource tag must be unique with a maximum of one value.\n- Maximum key length: 128 Unicode characters in UTF-8\n- Maximum value length: 256 Unicode characters in UTF-8\n- Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @.\n- Cannot use \"aws:\" as a prefix for a key.", "title": "Tags", "type": "array" } @@ -148936,7 +148946,7 @@ "type": "string" }, "Style": { - "markdownDescription": "Specifies the map style selected from an available data provider.\n\nValid [Esri map styles](https://docs.aws.amazon.com/location/previous/developerguide/esri.html) :\n\n- `VectorEsriDarkGrayCanvas` \u2013 The Esri Dark Gray Canvas map style. A vector basemap with a dark gray, neutral background with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `RasterEsriImagery` \u2013 The Esri Imagery map style. A raster basemap that provides one meter or better satellite and aerial imagery in many parts of the world and lower resolution satellite imagery worldwide.\n- `VectorEsriLightGrayCanvas` \u2013 The Esri Light Gray Canvas map style, which provides a detailed vector basemap with a light gray, neutral background style with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `VectorEsriTopographic` \u2013 The Esri Light map style, which provides a detailed vector basemap with a classic Esri map style.\n- `VectorEsriStreets` \u2013 The Esri Street Map style, which provides a detailed vector basemap for the world symbolized with a classic Esri street map style. The vector tile layer is similar in content and style to the World Street Map raster map.\n- `VectorEsriNavigation` \u2013 The Esri Navigation map style, which provides a detailed basemap for the world symbolized with a custom navigation map style that's designed for use during the day in mobile devices.\n\nValid [HERE Technologies map styles](https://docs.aws.amazon.com/location/previous/developerguide/HERE.html) :\n\n- `VectorHereContrast` \u2013 The HERE Contrast (Berlin) map style is a high contrast detailed base map of the world that blends 3D and 2D rendering.\n\n> The `VectorHereContrast` style has been renamed from `VectorHereBerlin` . `VectorHereBerlin` has been deprecated, but will continue to work in applications that use it.\n- `VectorHereExplore` \u2013 A default HERE map style containing a neutral, global map and its features including roads, buildings, landmarks, and water features. It also now includes a fully designed map of Japan.\n- `VectorHereExploreTruck` \u2013 A global map containing truck restrictions and attributes (e.g. width / height / HAZMAT) symbolized with highlighted segments and icons on top of HERE Explore to support use cases within transport and logistics.\n- `RasterHereExploreSatellite` \u2013 A global map containing high resolution satellite imagery.\n- `HybridHereExploreSatellite` \u2013 A global map displaying the road network, street names, and city labels over satellite imagery. This style will automatically retrieve both raster and vector tiles, and your charges will be based on total tiles retrieved.\n\n> Hybrid styles use both vector and raster tiles when rendering the map that you see. This means that more tiles are retrieved than when using either vector or raster tiles alone. Your charges will include all tiles retrieved.\n\nValid [GrabMaps map styles](https://docs.aws.amazon.com/location/previous/developerguide/grab.html) :\n\n- `VectorGrabStandardLight` \u2013 The Grab Standard Light map style provides a basemap with detailed land use coloring, area names, roads, landmarks, and points of interest covering Southeast Asia.\n- `VectorGrabStandardDark` \u2013 The Grab Standard Dark map style provides a dark variation of the standard basemap covering Southeast Asia.\n\n> Grab provides maps only for countries in Southeast Asia, and is only available in the Asia Pacific (Singapore) Region ( `ap-southeast-1` ). For more information, see [GrabMaps countries and area covered](https://docs.aws.amazon.com/location/previous/developerguide/grab.html#grab-coverage-area) . \n\nValid [Open Data map styles](https://docs.aws.amazon.com/location/previous/developerguide/open-data.html) :\n\n- `VectorOpenDataStandardLight` \u2013 The Open Data Standard Light map style provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataStandardDark` \u2013 Open Data Standard Dark is a dark-themed map style that provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataVisualizationLight` \u2013 The Open Data Visualization Light map style is a light-themed style with muted colors and fewer features that aids in understanding overlaid data.\n- `VectorOpenDataVisualizationDark` \u2013 The Open Data Visualization Dark map style is a dark-themed style with muted colors and fewer features that aids in understanding overlaid data.", + "markdownDescription": "Specifies the map style selected from an available data provider.\n\nValid [Esri map styles](https://docs.aws.amazon.com/location/previous/developerguide/esri.html) :\n\n- `VectorEsriDarkGrayCanvas` – The Esri Dark Gray Canvas map style. A vector basemap with a dark gray, neutral background with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `RasterEsriImagery` – The Esri Imagery map style. A raster basemap that provides one meter or better satellite and aerial imagery in many parts of the world and lower resolution satellite imagery worldwide.\n- `VectorEsriLightGrayCanvas` – The Esri Light Gray Canvas map style, which provides a detailed vector basemap with a light gray, neutral background style with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `VectorEsriTopographic` – The Esri Light map style, which provides a detailed vector basemap with a classic Esri map style.\n- `VectorEsriStreets` – The Esri Street Map style, which provides a detailed vector basemap for the world symbolized with a classic Esri street map style. The vector tile layer is similar in content and style to the World Street Map raster map.\n- `VectorEsriNavigation` – The Esri Navigation map style, which provides a detailed basemap for the world symbolized with a custom navigation map style that's designed for use during the day in mobile devices.\n\nValid [HERE Technologies map styles](https://docs.aws.amazon.com/location/previous/developerguide/HERE.html) :\n\n- `VectorHereContrast` – The HERE Contrast (Berlin) map style is a high contrast detailed base map of the world that blends 3D and 2D rendering.\n\n> The `VectorHereContrast` style has been renamed from `VectorHereBerlin` . `VectorHereBerlin` has been deprecated, but will continue to work in applications that use it.\n- `VectorHereExplore` – A default HERE map style containing a neutral, global map and its features including roads, buildings, landmarks, and water features. It also now includes a fully designed map of Japan.\n- `VectorHereExploreTruck` – A global map containing truck restrictions and attributes (e.g. width / height / HAZMAT) symbolized with highlighted segments and icons on top of HERE Explore to support use cases within transport and logistics.\n- `RasterHereExploreSatellite` – A global map containing high resolution satellite imagery.\n- `HybridHereExploreSatellite` – A global map displaying the road network, street names, and city labels over satellite imagery. This style will automatically retrieve both raster and vector tiles, and your charges will be based on total tiles retrieved.\n\n> Hybrid styles use both vector and raster tiles when rendering the map that you see. This means that more tiles are retrieved than when using either vector or raster tiles alone. Your charges will include all tiles retrieved.\n\nValid [GrabMaps map styles](https://docs.aws.amazon.com/location/previous/developerguide/grab.html) :\n\n- `VectorGrabStandardLight` – The Grab Standard Light map style provides a basemap with detailed land use coloring, area names, roads, landmarks, and points of interest covering Southeast Asia.\n- `VectorGrabStandardDark` – The Grab Standard Dark map style provides a dark variation of the standard basemap covering Southeast Asia.\n\n> Grab provides maps only for countries in Southeast Asia, and is only available in the Asia Pacific (Singapore) Region ( `ap-southeast-1` ). For more information, see [GrabMaps countries and area covered](https://docs.aws.amazon.com/location/previous/developerguide/grab.html#grab-coverage-area) . \n\nValid [Open Data map styles](https://docs.aws.amazon.com/location/previous/developerguide/open-data.html) :\n\n- `VectorOpenDataStandardLight` – The Open Data Standard Light map style provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataStandardDark` – Open Data Standard Dark is a dark-themed map style that provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataVisualizationLight` – The Open Data Visualization Light map style is a light-themed style with muted colors and fewer features that aids in understanding overlaid data.\n- `VectorOpenDataVisualizationDark` – The Open Data Visualization Dark map style is a dark-themed style with muted colors and fewer features that aids in understanding overlaid data.", "title": "Style", "type": "string" } @@ -148982,7 +148992,7 @@ "additionalProperties": false, "properties": { "DataSource": { - "markdownDescription": "Specifies the geospatial data provider for the new place index.\n\n> This field is case-sensitive. Enter the valid values as shown. For example, entering `HERE` returns an error. \n\nValid values include:\n\n- `Esri` \u2013 For additional information about [Esri](https://docs.aws.amazon.com/location/previous/developerguide/esri.html) 's coverage in your region of interest, see [Esri details on geocoding coverage](https://docs.aws.amazon.com/https://developers.arcgis.com/rest/geocode/api-reference/geocode-coverage.htm) .\n- `Grab` \u2013 Grab provides place index functionality for Southeast Asia. For additional information about [GrabMaps](https://docs.aws.amazon.com/location/previous/developerguide/grab.html) ' coverage, see [GrabMaps countries and areas covered](https://docs.aws.amazon.com/location/previous/developerguide/grab.html#grab-coverage-area) .\n- `Here` \u2013 For additional information about [HERE Technologies](https://docs.aws.amazon.com/location/previous/developerguide/HERE.html) ' coverage in your region of interest, see [HERE details on goecoding coverage](https://docs.aws.amazon.com/https://developer.here.com/documentation/geocoder/dev_guide/topics/coverage-geocoder.html) .\n\n> If you specify HERE Technologies ( `Here` ) as the data provider, you may not [store results](https://docs.aws.amazon.com//location-places/latest/APIReference/API_DataSourceConfiguration.html) for locations in Japan. For more information, see the [AWS service terms](https://docs.aws.amazon.com/service-terms/) for Amazon Location Service.\n\nFor additional information , see [Data providers](https://docs.aws.amazon.com/location/previous/developerguide/what-is-data-provider.html) on the *Amazon Location Service developer guide* .", + "markdownDescription": "Specifies the geospatial data provider for the new place index.\n\n> This field is case-sensitive. Enter the valid values as shown. For example, entering `HERE` returns an error. \n\nValid values include:\n\n- `Esri` – For additional information about [Esri](https://docs.aws.amazon.com/location/previous/developerguide/esri.html) 's coverage in your region of interest, see [Esri details on geocoding coverage](https://docs.aws.amazon.com/https://developers.arcgis.com/rest/geocode/api-reference/geocode-coverage.htm) .\n- `Grab` – Grab provides place index functionality for Southeast Asia. For additional information about [GrabMaps](https://docs.aws.amazon.com/location/previous/developerguide/grab.html) ' coverage, see [GrabMaps countries and areas covered](https://docs.aws.amazon.com/location/previous/developerguide/grab.html#grab-coverage-area) .\n- `Here` – For additional information about [HERE Technologies](https://docs.aws.amazon.com/location/previous/developerguide/HERE.html) ' coverage in your region of interest, see [HERE details on goecoding coverage](https://docs.aws.amazon.com/https://developer.here.com/documentation/geocoder/dev_guide/topics/coverage-geocoder.html) .\n\n> If you specify HERE Technologies ( `Here` ) as the data provider, you may not [store results](https://docs.aws.amazon.com//location-places/latest/APIReference/API_DataSourceConfiguration.html) for locations in Japan. For more information, see the [AWS service terms](https://docs.aws.amazon.com/service-terms/) for Amazon Location Service.\n\nFor additional information , see [Data providers](https://docs.aws.amazon.com/location/previous/developerguide/what-is-data-provider.html) on the *Amazon Location Service developer guide* .", "title": "DataSource", "type": "string" }, @@ -148997,7 +149007,7 @@ "type": "string" }, "IndexName": { - "markdownDescription": "The name of the place index resource.\n\nRequirements:\n\n- Contain only alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139), hyphens (-), periods (.), and underscores (_).\n- Must be a unique place index resource name.\n- No spaces allowed. For example, `ExamplePlaceIndex` .", + "markdownDescription": "The name of the place index resource.\n\nRequirements:\n\n- Contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).\n- Must be a unique place index resource name.\n- No spaces allowed. For example, `ExamplePlaceIndex` .", "title": "IndexName", "type": "string" }, @@ -149089,12 +149099,12 @@ "additionalProperties": false, "properties": { "CalculatorName": { - "markdownDescription": "The name of the route calculator resource.\n\nRequirements:\n\n- Can use alphanumeric characters (A\u2013Z, a\u2013z, 0\u20139) , hyphens (-), periods (.), and underscores (_).\n- Must be a unique Route calculator resource name.\n- No spaces allowed. For example, `ExampleRouteCalculator` .", + "markdownDescription": "The name of the route calculator resource.\n\nRequirements:\n\n- Can use alphanumeric characters (A–Z, a–z, 0–9) , hyphens (-), periods (.), and underscores (_).\n- Must be a unique Route calculator resource name.\n- No spaces allowed. For example, `ExampleRouteCalculator` .", "title": "CalculatorName", "type": "string" }, "DataSource": { - "markdownDescription": "Specifies the data provider of traffic and road network data.\n\n> This field is case-sensitive. Enter the valid values as shown. For example, entering `HERE` returns an error. \n\nValid values include:\n\n- `Esri` \u2013 For additional information about [Esri](https://docs.aws.amazon.com/location/previous/developerguide/esri.html) 's coverage in your region of interest, see [Esri details on street networks and traffic coverage](https://docs.aws.amazon.com/https://doc.arcgis.com/en/arcgis-online/reference/network-coverage.htm) .\n\nRoute calculators that use Esri as a data source only calculate routes that are shorter than 400 km.\n- `Grab` \u2013 Grab provides routing functionality for Southeast Asia. For additional information about [GrabMaps](https://docs.aws.amazon.com/location/previous/developerguide/grab.html) ' coverage, see [GrabMaps countries and areas covered](https://docs.aws.amazon.com/location/previous/developerguide/grab.html#grab-coverage-area) .\n- `Here` \u2013 For additional information about [HERE Technologies](https://docs.aws.amazon.com/location/previous/developerguide/HERE.html) ' coverage in your region of interest, see [HERE car routing coverage](https://docs.aws.amazon.com/https://developer.here.com/documentation/routing-api/dev_guide/topics/coverage/car-routing.html) and [HERE truck routing coverage](https://docs.aws.amazon.com/https://developer.here.com/documentation/routing-api/dev_guide/topics/coverage/truck-routing.html) .\n\nFor additional information , see [Data providers](https://docs.aws.amazon.com/location/previous/developerguide/what-is-data-provider.html) on the *Amazon Location Service Developer Guide* .", + "markdownDescription": "Specifies the data provider of traffic and road network data.\n\n> This field is case-sensitive. Enter the valid values as shown. For example, entering `HERE` returns an error. \n\nValid values include:\n\n- `Esri` – For additional information about [Esri](https://docs.aws.amazon.com/location/previous/developerguide/esri.html) 's coverage in your region of interest, see [Esri details on street networks and traffic coverage](https://docs.aws.amazon.com/https://doc.arcgis.com/en/arcgis-online/reference/network-coverage.htm) .\n\nRoute calculators that use Esri as a data source only calculate routes that are shorter than 400 km.\n- `Grab` – Grab provides routing functionality for Southeast Asia. For additional information about [GrabMaps](https://docs.aws.amazon.com/location/previous/developerguide/grab.html) ' coverage, see [GrabMaps countries and areas covered](https://docs.aws.amazon.com/location/previous/developerguide/grab.html#grab-coverage-area) .\n- `Here` – For additional information about [HERE Technologies](https://docs.aws.amazon.com/location/previous/developerguide/HERE.html) ' coverage in your region of interest, see [HERE car routing coverage](https://docs.aws.amazon.com/https://developer.here.com/documentation/routing-api/dev_guide/topics/coverage/car-routing.html) and [HERE truck routing coverage](https://docs.aws.amazon.com/https://developer.here.com/documentation/routing-api/dev_guide/topics/coverage/truck-routing.html) .\n\nFor additional information , see [Data providers](https://docs.aws.amazon.com/location/previous/developerguide/what-is-data-provider.html) on the *Amazon Location Service Developer Guide* .", "title": "DataSource", "type": "string" }, @@ -152523,7 +152533,7 @@ "items": { "type": "string" }, - "markdownDescription": "The [versions of Apache Kafka](https://docs.aws.amazon.com/msk/latest/developerguide/supported-kafka-versions.html) with which you can use this MSK configuration.\n\nWhen you update the `KafkaVersionsList` property, AWS CloudFormation recreates a new configuration with the updated property before deleting the old configuration. Such an update requires a [resource replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) . To successfully update `KafkaVersionsList` , you must also update the `Name` property in the same operation.\n\nIf your configuration is attached with any clusters created using the AWS Management Console or AWS CLI , you'll need to manually delete the old configuration from the console after the update completes.\n\nFor more information, see [Can\u2019t update KafkaVersionsList in MSK configuration](https://docs.aws.amazon.com/msk/latest/developerguide/troubleshooting.html#troubleshoot-kafkaversionslist-cfn-update-failure) in the *Amazon MSK Developer Guide* .", + "markdownDescription": "The [versions of Apache Kafka](https://docs.aws.amazon.com/msk/latest/developerguide/supported-kafka-versions.html) with which you can use this MSK configuration.\n\nWhen you update the `KafkaVersionsList` property, AWS CloudFormation recreates a new configuration with the updated property before deleting the old configuration. Such an update requires a [resource replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) . To successfully update `KafkaVersionsList` , you must also update the `Name` property in the same operation.\n\nIf your configuration is attached with any clusters created using the AWS Management Console or AWS CLI , you'll need to manually delete the old configuration from the console after the update completes.\n\nFor more information, see [Can’t update KafkaVersionsList in MSK configuration](https://docs.aws.amazon.com/msk/latest/developerguide/troubleshooting.html#troubleshoot-kafkaversionslist-cfn-update-failure) in the *Amazon MSK Developer Guide* .", "title": "KafkaVersionsList", "type": "array" }, @@ -154068,7 +154078,7 @@ "additionalProperties": false, "properties": { "AdminPassword": { - "markdownDescription": "The password for the member's initial administrative user. The `AdminPassword` must be at least 8 characters long and no more than 32 characters. It must contain at least one uppercase letter, one lowercase letter, and one digit. It cannot have a single quotation mark (\u2018), a double quotation marks (\u201c), a forward slash(/), a backward slash(\\), @, or a space.", + "markdownDescription": "The password for the member's initial administrative user. The `AdminPassword` must be at least 8 characters long and no more than 32 characters. It must contain at least one uppercase letter, one lowercase letter, and one digit. It cannot have a single quotation mark (‘), a double quotation marks (“), a forward slash(/), a backward slash(\\), @, or a space.", "title": "AdminPassword", "type": "string" }, @@ -155078,7 +155088,7 @@ "type": "number" }, "MinLatency": { - "markdownDescription": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender\u2019s minimum latency and the receiver\u2019s minimum latency.", + "markdownDescription": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.", "title": "MinLatency", "type": "number" }, @@ -155216,7 +155226,7 @@ "title": "Encryption" }, "EntitlementStatus": { - "markdownDescription": "An indication of whether the new entitlement should be enabled or disabled as soon as it is created. If you don\u2019t specify the entitlementStatus field in your request, MediaConnect sets it to ENABLED.", + "markdownDescription": "An indication of whether the new entitlement should be enabled or disabled as soon as it is created. If you don’t specify the entitlementStatus field in your request, MediaConnect sets it to ENABLED.", "title": "EntitlementStatus", "type": "string" }, @@ -155392,7 +155402,7 @@ "type": "number" }, "MinLatency": { - "markdownDescription": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender\u2019s minimum latency and the receiver\u2019s minimum latency.", + "markdownDescription": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.", "title": "MinLatency", "type": "number" }, @@ -155576,7 +155586,7 @@ "type": "number" }, "MinLatency": { - "markdownDescription": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender\u2019s minimum latency and the receiver\u2019s minimum latency.", + "markdownDescription": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.", "title": "MinLatency", "type": "number" }, @@ -155586,7 +155596,7 @@ "type": "string" }, "Protocol": { - "markdownDescription": "The protocol that the source uses to deliver the content to MediaConnect. Adding additional sources to an existing flow requires Failover to be enabled. When you enable Failover, the additional source must use the same protocol as the existing source. Only the following protocols support failover: Zixi-push, RTP-FEC, RTP, RIST and SRT protocols.\n\nIf you use failover with SRT caller or listener, the `FailoverMode` property must be set to `FAILOVER` . The `FailoverMode` property\u00a0is found in\u00a0the `FailoverConfig` resource\u00a0of the same flow ARN you used for the source's `FlowArn` property. SRT caller/listener does not support\u00a0merge\u00a0mode failover.", + "markdownDescription": "The protocol that the source uses to deliver the content to MediaConnect. Adding additional sources to an existing flow requires Failover to be enabled. When you enable Failover, the additional source must use the same protocol as the existing source. Only the following protocols support failover: Zixi-push, RTP-FEC, RTP, RIST and SRT protocols.\n\nIf you use failover with SRT caller or listener, the `FailoverMode` property must be set to `FAILOVER` . The `FailoverMode` property is found in the `FailoverConfig` resource of the same flow ARN you used for the source's `FlowArn` property. SRT caller/listener does not support merge mode failover.", "title": "Protocol", "type": "string" }, @@ -157769,7 +157779,7 @@ "type": "string" }, "FontFamily": { - "markdownDescription": "Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if styleControl is set to include. If you leave this field empty, the font family is set to \"monospaced\". (If styleControl is set to exclude, the font family is always set to \"monospaced\".) You specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size. - Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as \u201cArial\u201d), or a generic font family (such as \u201cserif\u201d), or \u201cdefault\u201d (to let the downstream player choose the font).\n- Leave blank to set the family to \u201cmonospace\u201d.", + "markdownDescription": "Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if styleControl is set to include. If you leave this field empty, the font family is set to \"monospaced\". (If styleControl is set to exclude, the font family is always set to \"monospaced\".) You specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size. - Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as “Arial”), or a generic font family (such as “serif”), or “default” (to let the downstream player choose the font).\n- Leave blank to set the family to “monospace”.", "title": "FontFamily", "type": "string" }, @@ -162604,7 +162614,7 @@ "type": "array" }, "Url": { - "markdownDescription": "URL for the key provider\u2019s key retrieval API endpoint. Must start with https://.", + "markdownDescription": "URL for the key provider’s key retrieval API endpoint. Must start with https://.", "title": "Url", "type": "string" } @@ -164027,7 +164037,7 @@ "type": "boolean" }, "ContainerName": { - "markdownDescription": "The name for the container. The name must be from 1 to 255 characters. Container names must be unique to your AWS account within a specific region. As an example, you could create a container named `movies` in every region, as long as you don\u2019t have an existing container with that name.", + "markdownDescription": "The name for the container. The name must be from 1 to 255 characters. Container names must be unique to your AWS account within a specific region. As an example, you could create a container named `movies` in every region, as long as you don’t have an existing container with that name.", "title": "ContainerName", "type": "string" }, @@ -164800,7 +164810,7 @@ "type": "string" }, "ContentSegmentUrlPrefix": { - "markdownDescription": "A content delivery network (CDN) to cache content segments, so that content requests don\u2019t always have to go to the origin server. First, create a rule in your CDN for the content segment origin server. Then specify the rule's name in this `ContentSegmentUrlPrefix` . When AWS Elemental MediaTailor serves a manifest, it reports your CDN as the source for content segments.", + "markdownDescription": "A content delivery network (CDN) to cache content segments, so that content requests don’t always have to go to the origin server. First, create a rule in your CDN for the content segment origin server. Then specify the rule's name in this `ContentSegmentUrlPrefix` . When AWS Elemental MediaTailor serves a manifest, it reports your CDN as the source for content segments.", "title": "ContentSegmentUrlPrefix", "type": "string" } @@ -164969,7 +164979,7 @@ "additionalProperties": false, "properties": { "AccessType": { - "markdownDescription": "The type of authentication used to access content from `HttpConfiguration::BaseUrl` on your source location. Accepted value: `S3_SIGV4` .\n\n`S3_SIGV4` - AWS Signature Version 4 authentication for Amazon S3 hosted virtual-style access. If your source location base URL is an Amazon S3 bucket, MediaTailor can use AWS Signature Version 4 (SigV4) authentication to access the bucket where your source content is stored. Your MediaTailor source location baseURL must follow the S3 virtual hosted-style request URL format. For example, https://bucket-name.s3.Region.amazonaws.com/key-name.\n\nBefore you can use `S3_SIGV4` , you must meet these requirements:\n\n\u2022 You must allow MediaTailor to access your S3 bucket by granting mediatailor.amazonaws.com principal access in IAM. For information about configuring access in IAM, see Access management in the IAM User Guide.\n\n\u2022 The mediatailor.amazonaws.com service principal must have permissions to read all top level manifests referenced by the VodSource packaging configurations.\n\n\u2022 The caller of the API must have s3:GetObject IAM permissions to read all top level manifests referenced by your MediaTailor VodSource packaging configurations.", + "markdownDescription": "The type of authentication used to access content from `HttpConfiguration::BaseUrl` on your source location. Accepted value: `S3_SIGV4` .\n\n`S3_SIGV4` - AWS Signature Version 4 authentication for Amazon S3 hosted virtual-style access. If your source location base URL is an Amazon S3 bucket, MediaTailor can use AWS Signature Version 4 (SigV4) authentication to access the bucket where your source content is stored. Your MediaTailor source location baseURL must follow the S3 virtual hosted-style request URL format. For example, https://bucket-name.s3.Region.amazonaws.com/key-name.\n\nBefore you can use `S3_SIGV4` , you must meet these requirements:\n\n• You must allow MediaTailor to access your S3 bucket by granting mediatailor.amazonaws.com principal access in IAM. For information about configuring access in IAM, see Access management in the IAM User Guide.\n\n• The mediatailor.amazonaws.com service principal must have permissions to read all top level manifests referenced by the VodSource packaging configurations.\n\n• The caller of the API must have s3:GetObject IAM permissions to read all top level manifests referenced by your MediaTailor VodSource packaging configurations.", "title": "AccessType", "type": "string" }, @@ -166878,7 +166888,7 @@ "items": { "type": "string" }, - "markdownDescription": "The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe` .\n\nYou must specify one of the standard actions: `aws:pass` , `aws:drop` , or `aws:forward_to_sfe` . In addition, you can specify custom actions that are compatible with your standard section choice.\n\nFor example, you could specify `[\"aws:pass\"]` or you could specify `[\"aws:pass\", \u201ccustomActionName\u201d]` . For information about compatibility, see the custom action descriptions.", + "markdownDescription": "The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe` .\n\nYou must specify one of the standard actions: `aws:pass` , `aws:drop` , or `aws:forward_to_sfe` . In addition, you can specify custom actions that are compatible with your standard section choice.\n\nFor example, you could specify `[\"aws:pass\"]` or you could specify `[\"aws:pass\", “customActionName”]` . For information about compatibility, see the custom action descriptions.", "title": "StatelessDefaultActions", "type": "array" }, @@ -166886,7 +166896,7 @@ "items": { "type": "string" }, - "markdownDescription": "The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy. If you want non-matching fragmented packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe` .\n\nYou must specify one of the standard actions: `aws:pass` , `aws:drop` , or `aws:forward_to_sfe` . In addition, you can specify custom actions that are compatible with your standard section choice.\n\nFor example, you could specify `[\"aws:pass\"]` or you could specify `[\"aws:pass\", \u201ccustomActionName\u201d]` . For information about compatibility, see the custom action descriptions.", + "markdownDescription": "The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy. If you want non-matching fragmented packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe` .\n\nYou must specify one of the standard actions: `aws:pass` , `aws:drop` , or `aws:forward_to_sfe` . In addition, you can specify custom actions that are compatible with your standard section choice.\n\nFor example, you could specify `[\"aws:pass\"]` or you could specify `[\"aws:pass\", “customActionName”]` . For information about compatibility, see the custom action descriptions.", "title": "StatelessFragmentDefaultActions", "type": "array" }, @@ -166967,7 +166977,7 @@ "type": "string" }, "StreamExceptionPolicy": { - "markdownDescription": "Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.\n\n- `DROP` - Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is the default behavior.\n- `CONTINUE` - Network Firewall continues to apply rules to the subsequent traffic without context from traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you have a stateful rule to `drop http` traffic, Network Firewall won't match the traffic for this rule because the service won't have the context from session initialization defining the application layer protocol as HTTP. However, this behavior is rule dependent\u2014a TCP-layer rule using a `flow:stateless` rule would still match, as would the `aws:drop_strict` default action.\n- `REJECT` - Network Firewall fails closed and drops all subsequent traffic going to the firewall. Network Firewall also sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall will have context about the new session and will apply rules to the subsequent traffic.", + "markdownDescription": "Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.\n\n- `DROP` - Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is the default behavior.\n- `CONTINUE` - Network Firewall continues to apply rules to the subsequent traffic without context from traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you have a stateful rule to `drop http` traffic, Network Firewall won't match the traffic for this rule because the service won't have the context from session initialization defining the application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a `flow:stateless` rule would still match, as would the `aws:drop_strict` default action.\n- `REJECT` - Network Firewall fails closed and drops all subsequent traffic going to the firewall. Network Firewall also sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall will have context about the new session and will apply rules to the subsequent traffic.", "title": "StreamExceptionPolicy", "type": "string" } @@ -167510,7 +167520,7 @@ "items": { "type": "string" }, - "markdownDescription": "The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must specify a standard action and you can add custom actions.\n\n> Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the firewall policy. \n\nFor every rule, you must specify exactly one of the following standard actions.\n\n- *aws:pass* - Discontinues all inspection of the packet and permits it to go to its intended destination.\n- *aws:drop* - Discontinues all inspection of the packet and blocks it from going to its intended destination.\n- *aws:forward_to_sfe* - Discontinues stateless inspection of the packet and forwards it to the stateful rule engine for inspection.\n\nAdditionally, you can specify a custom action. To do this, you define a custom action by name and type, then provide the name you've assigned to the action in this `Actions` setting.\n\nTo provide more than one action in this setting, separate the settings with a comma. For example, if you have a publish metrics custom action that you've named `MyMetricsAction` , then you could specify the standard action `aws:pass` combined with the custom action using `[\u201caws:pass\u201d, \u201cMyMetricsAction\u201d]` .", + "markdownDescription": "The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must specify a standard action and you can add custom actions.\n\n> Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the firewall policy. \n\nFor every rule, you must specify exactly one of the following standard actions.\n\n- *aws:pass* - Discontinues all inspection of the packet and permits it to go to its intended destination.\n- *aws:drop* - Discontinues all inspection of the packet and blocks it from going to its intended destination.\n- *aws:forward_to_sfe* - Discontinues stateless inspection of the packet and forwards it to the stateful rule engine for inspection.\n\nAdditionally, you can specify a custom action. To do this, you define a custom action by name and type, then provide the name you've assigned to the action in this `Actions` setting.\n\nTo provide more than one action in this setting, separate the settings with a comma. For example, if you have a publish metrics custom action that you've named `MyMetricsAction` , then you could specify the standard action `aws:pass` combined with the custom action using `[“aws:pass”, “MyMetricsAction”]` .", "title": "Actions", "type": "array" }, @@ -171553,7 +171563,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the collection.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "markdownDescription": "An arbitrary set of tags (key–value pairs) to associate with the collection.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", "title": "Tags", "type": "array" }, @@ -172085,7 +172095,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the OpenSearch Service domain.", + "markdownDescription": "An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Service domain.", "title": "Tags", "type": "array" }, @@ -173353,7 +173363,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Specifies one or more sets of tags (key\u2013value pairs) to associate with this OpsWorks layer. Use tags to manage your resources.", + "markdownDescription": "Specifies one or more sets of tags (key–value pairs) to associate with this OpsWorks layer. Use tags to manage your resources.", "title": "Tags", "type": "array" }, @@ -174115,7 +174125,7 @@ "type": "number" }, "CustomCertificate": { - "markdownDescription": "Supported on servers running Chef Automate 2.0 only. A PEM-formatted HTTPS certificate. The value can be be a single, self-signed certificate, or a certificate chain. If you specify a custom certificate, you must also specify values for `CustomDomain` and `CustomPrivateKey` . The following are requirements for the `CustomCertificate` value:\n\n- You can provide either a self-signed, custom certificate, or the full certificate chain.\n- The certificate must be a valid X509 certificate, or a certificate chain in PEM format.\n- The certificate must be valid at the time of upload. A certificate can't be used before its validity period begins (the certificate's `NotBefore` date), or after it expires (the certificate's `NotAfter` date).\n- The certificate\u2019s common name or subject alternative names (SANs), if present, must match the value of `CustomDomain` .\n- The certificate must match the value of `CustomPrivateKey` .", + "markdownDescription": "Supported on servers running Chef Automate 2.0 only. A PEM-formatted HTTPS certificate. The value can be be a single, self-signed certificate, or a certificate chain. If you specify a custom certificate, you must also specify values for `CustomDomain` and `CustomPrivateKey` . The following are requirements for the `CustomCertificate` value:\n\n- You can provide either a self-signed, custom certificate, or the full certificate chain.\n- The certificate must be a valid X509 certificate, or a certificate chain in PEM format.\n- The certificate must be valid at the time of upload. A certificate can't be used before its validity period begins (the certificate's `NotBefore` date), or after it expires (the certificate's `NotAfter` date).\n- The certificate’s common name or subject alternative names (SANs), if present, must match the value of `CustomDomain` .\n- The certificate must match the value of `CustomPrivateKey` .", "title": "CustomCertificate", "type": "string" }, @@ -175065,7 +175075,7 @@ }, "ValidityPeriod": { "$ref": "#/definitions/AWS::PCAConnectorAD::Template.ValidityPeriod", - "markdownDescription": "Information describing the end of the validity period of the certificate. This parameter sets the \u201cNot After\u201d date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.", + "markdownDescription": "Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.", "title": "ValidityPeriod" } }, @@ -176556,7 +176566,7 @@ "type": "string" }, "KeyClass": { - "markdownDescription": "The type of AWS Payment Cryptography key to create, which determines the classi\ufb01cation of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.", + "markdownDescription": "The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.", "title": "KeyClass", "type": "string" }, @@ -176566,7 +176576,7 @@ "title": "KeyModesOfUse" }, "KeyUsage": { - "markdownDescription": "The cryptographic usage of an AWS Payment Cryptography key as de\ufb01ned in section A.5.2 of the TR-31 spec.", + "markdownDescription": "The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.", "title": "KeyUsage", "type": "string" } @@ -176583,32 +176593,32 @@ "additionalProperties": false, "properties": { "Decrypt": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key can be used to decrypt data.", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key can be used to decrypt data.", "title": "Decrypt", "type": "boolean" }, "DeriveKey": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key can be used to derive new keys.", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key can be used to derive new keys.", "title": "DeriveKey", "type": "boolean" }, "Encrypt": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key can be used to encrypt data.", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key can be used to encrypt data.", "title": "Encrypt", "type": "boolean" }, "Generate": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.", "title": "Generate", "type": "boolean" }, "NoRestrictions": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by `KeyUsage` .", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by `KeyUsage` .", "title": "NoRestrictions", "type": "boolean" }, "Sign": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key can be used for signing.", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key can be used for signing.", "title": "Sign", "type": "boolean" }, @@ -176618,12 +176628,12 @@ "type": "boolean" }, "Verify": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key can be used to verify signatures.", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key can be used to verify signatures.", "title": "Verify", "type": "boolean" }, "Wrap": { - "markdownDescription": "Speci\ufb01es whether an AWS Payment Cryptography key can be used to wrap other keys.", + "markdownDescription": "Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.", "title": "Wrap", "type": "boolean" } @@ -178317,7 +178327,7 @@ "type": "object" }, "Layout": { - "markdownDescription": "A string that describes how the in-app message will appear. You can specify one of the following:\n\n- `BOTTOM_BANNER` \u2013 a message that appears as a banner at the bottom of the page.\n- `TOP_BANNER` \u2013 a message that appears as a banner at the top of the page.\n- `OVERLAYS` \u2013 a message that covers entire screen.\n- `MOBILE_FEED` \u2013 a message that appears in a window in front of the page.\n- `MIDDLE_BANNER` \u2013 a message that appears as a banner in the middle of the page.\n- `CAROUSEL` \u2013 a scrollable layout of up to five unique messages.", + "markdownDescription": "A string that describes how the in-app message will appear. You can specify one of the following:\n\n- `BOTTOM_BANNER` – a message that appears as a banner at the bottom of the page.\n- `TOP_BANNER` – a message that appears as a banner at the top of the page.\n- `OVERLAYS` – a message that covers entire screen.\n- `MOBILE_FEED` – a message that appears in a window in front of the page.\n- `MIDDLE_BANNER` – a message that appears as a banner in the middle of the page.\n- `CAROUSEL` – a scrollable layout of up to five unique messages.", "title": "Layout", "type": "string" } @@ -178393,7 +178403,7 @@ "type": "number" }, "ButtonAction": { - "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` \u2013 A link to a web destination.\n- `DEEP_LINK` \u2013 A link to a specific page in an application.\n- `CLOSE` \u2013 Dismisses the message.", + "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` – A link to a web destination.\n- `DEEP_LINK` – A link to a specific page in an application.\n- `CLOSE` – Dismisses the message.", "title": "ButtonAction", "type": "string" }, @@ -178575,7 +178585,7 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action to occur if a recipient taps the push notification. Valid values are:\n\n- `OPEN_APP` \u2013 Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` \u2013 Your app opens and displays a designated user interface in the app. This setting uses the deep-linking features of iOS and Android.\n- `URL` \u2013 The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", + "markdownDescription": "The action to occur if a recipient taps the push notification. Valid values are:\n\n- `OPEN_APP` – Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` – Your app opens and displays a designated user interface in the app. This setting uses the deep-linking features of iOS and Android.\n- `URL` – The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", "title": "Action", "type": "string" }, @@ -178704,7 +178714,7 @@ "additionalProperties": false, "properties": { "ButtonAction": { - "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` \u2013 A link to a web destination.\n- `DEEP_LINK` \u2013 A link to a specific page in an application.\n- `CLOSE` \u2013 Dismisses the message.", + "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` – A link to a web destination.\n- `DEEP_LINK` – A link to a specific page in an application.\n- `CLOSE` – Dismisses the message.", "title": "ButtonAction", "type": "string" }, @@ -179291,7 +179301,7 @@ "type": "object" }, "Layout": { - "markdownDescription": "A string that determines the appearance of the in-app message. You can specify one of the following:\n\n- `BOTTOM_BANNER` \u2013 a message that appears as a banner at the bottom of the page.\n- `TOP_BANNER` \u2013 a message that appears as a banner at the top of the page.\n- `OVERLAYS` \u2013 a message that covers entire screen.\n- `MOBILE_FEED` \u2013 a message that appears in a window in front of the page.\n- `MIDDLE_BANNER` \u2013 a message that appears as a banner in the middle of the page.\n- `CAROUSEL` \u2013 a scrollable layout of up to five unique messages.", + "markdownDescription": "A string that determines the appearance of the in-app message. You can specify one of the following:\n\n- `BOTTOM_BANNER` – a message that appears as a banner at the bottom of the page.\n- `TOP_BANNER` – a message that appears as a banner at the top of the page.\n- `OVERLAYS` – a message that covers entire screen.\n- `MOBILE_FEED` – a message that appears in a window in front of the page.\n- `MIDDLE_BANNER` – a message that appears as a banner in the middle of the page.\n- `CAROUSEL` – a scrollable layout of up to five unique messages.", "title": "Layout", "type": "string" }, @@ -179398,7 +179408,7 @@ "type": "number" }, "ButtonAction": { - "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` \u2013 A link to a web destination.\n- `DEEP_LINK` \u2013 A link to a specific page in an application.\n- `CLOSE` \u2013 Dismisses the message.", + "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` – A link to a web destination.\n- `DEEP_LINK` – A link to a specific page in an application.\n- `CLOSE` – Dismisses the message.", "title": "ButtonAction", "type": "string" }, @@ -179481,7 +179491,7 @@ "additionalProperties": false, "properties": { "ButtonAction": { - "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` \u2013 A link to a web destination.\n- `DEEP_LINK` \u2013 A link to a specific page in an application.\n- `CLOSE` \u2013 Dismisses the message.", + "markdownDescription": "The action that occurs when a recipient chooses a button in an in-app message. You can specify one of the following:\n\n- `LINK` – A link to a web destination.\n- `DEEP_LINK` – A link to a specific page in an application.\n- `CLOSE` – Dismisses the message.", "title": "ButtonAction", "type": "string" }, @@ -179604,7 +179614,7 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action to occur if a recipient taps a push notification that's based on the message template. Valid values are:\n\n- `OPEN_APP` \u2013 Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` \u2013 Your app opens and displays a designated user interface in the app. This setting uses the deep-linking features of the iOS platform.\n- `URL` \u2013 The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", + "markdownDescription": "The action to occur if a recipient taps a push notification that's based on the message template. Valid values are:\n\n- `OPEN_APP` – Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` – Your app opens and displays a designated user interface in the app. This setting uses the deep-linking features of the iOS platform.\n- `URL` – The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", "title": "Action", "type": "string" }, @@ -179640,7 +179650,7 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action to occur if a recipient taps a push notification that's based on the message template. Valid values are:\n\n- `OPEN_APP` \u2013 Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` \u2013 Your app opens and displays a designated user interface in the app. This action uses the deep-linking features of the Android platform.\n- `URL` \u2013 The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", + "markdownDescription": "The action to occur if a recipient taps a push notification that's based on the message template. Valid values are:\n\n- `OPEN_APP` – Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` – Your app opens and displays a designated user interface in the app. This action uses the deep-linking features of the Android platform.\n- `URL` – The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", "title": "Action", "type": "string" }, @@ -179686,7 +179696,7 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action to occur if a recipient taps a push notification that's based on the message template. Valid values are:\n\n- `OPEN_APP` \u2013 Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` \u2013 Your app opens and displays a designated user interface in the app. This setting uses the deep-linking features of the iOS and Android platforms.\n- `URL` \u2013 The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", + "markdownDescription": "The action to occur if a recipient taps a push notification that's based on the message template. Valid values are:\n\n- `OPEN_APP` – Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.\n- `DEEP_LINK` – Your app opens and displays a designated user interface in the app. This setting uses the deep-linking features of the iOS and Android platforms.\n- `URL` – The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.", "title": "Action", "type": "string" }, @@ -180443,7 +180453,7 @@ "type": "string" }, "Value": { - "markdownDescription": "The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don\u2019t want a resource to have a specific tag value, don\u2019t specify a value for this parameter. Amazon Pinpoint will set the value to an empty string.", + "markdownDescription": "The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don’t want a resource to have a specific tag value, don’t specify a value for this parameter. Amazon Pinpoint will set the value to an empty string.", "title": "Value", "type": "string" } @@ -180557,12 +180567,12 @@ "additionalProperties": false, "properties": { "DefaultDimensionValue": { - "markdownDescription": "The default value of the dimension that is published to Amazon CloudWatch if you don't provide the value of the dimension when you send an email. This value has to meet the following criteria:\n\n- It can only contain ASCII letters (a\u2013z, A\u2013Z), numbers (0\u20139), underscores (_), or dashes (-).\n- It can contain no more than 256 characters.", + "markdownDescription": "The default value of the dimension that is published to Amazon CloudWatch if you don't provide the value of the dimension when you send an email. This value has to meet the following criteria:\n\n- It can only contain ASCII letters (a–z, A–Z), numbers (0–9), underscores (_), or dashes (-).\n- It can contain no more than 256 characters.", "title": "DefaultDimensionValue", "type": "string" }, "DimensionName": { - "markdownDescription": "The name of an Amazon CloudWatch dimension associated with an email sending metric. The name has to meet the following criteria:\n\n- It can only contain ASCII letters (a\u2013z, A\u2013Z), numbers (0\u20139), underscores (_), or dashes (-).\n- It can contain no more than 256 characters.", + "markdownDescription": "The name of an Amazon CloudWatch dimension associated with an email sending metric. The name has to meet the following criteria:\n\n- It can only contain ASCII letters (a–z, A–Z), numbers (0–9), underscores (_), or dashes (-).\n- It can contain no more than 256 characters.", "title": "DimensionName", "type": "string" }, @@ -180746,7 +180756,7 @@ "type": "string" }, "Value": { - "markdownDescription": "The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don\u2019t want a resource to have a specific tag value, don\u2019t specify a value for this parameter. Amazon Pinpoint will set the value to an empty string.", + "markdownDescription": "The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don’t want a resource to have a specific tag value, don’t specify a value for this parameter. Amazon Pinpoint will set the value to an empty string.", "title": "Value", "type": "string" } @@ -180868,7 +180878,7 @@ "type": "string" }, "Value": { - "markdownDescription": "The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don\u2019t want a resource to have a specific tag value, don\u2019t specify a value for this parameter. Amazon Pinpoint will set the value to an empty string.", + "markdownDescription": "The optional part of a key-value pair that defines a tag. The maximum length of a tag value is 256 characters. The minimum length is 0 characters. If you don’t want a resource to have a specific tag value, don’t specify a value for this parameter. Amazon Pinpoint will set the value to an empty string.", "title": "Value", "type": "string" } @@ -190754,7 +190764,7 @@ "additionalProperties": false, "properties": { "PercentileValue": { - "markdownDescription": "The percentile value. This value can be any numeric constant 0\u2013100. A percentile value of 50 computes the median value of the measure.", + "markdownDescription": "The percentile value. This value can be any numeric constant 0–100. A percentile value of 50 computes the median value of the measure.", "title": "PercentileValue", "type": "number" } @@ -203287,7 +203297,7 @@ "additionalProperties": false, "properties": { "PercentileValue": { - "markdownDescription": "The percentile value. This value can be any numeric constant 0\u2013100. A percentile value of 50 computes the median value of the measure.", + "markdownDescription": "The percentile value. This value can be any numeric constant 0–100. A percentile value of 50 computes the median value of the measure.", "title": "PercentileValue", "type": "number" } @@ -208215,7 +208225,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of static default values for a given date time parameter. The valid format for this property is `yyyy-MM-dd\u2019T\u2019HH:mm:ss\u2019Z\u2019` .", + "markdownDescription": "A list of static default values for a given date time parameter. The valid format for this property is `yyyy-MM-dd’T’HH:mm:ss’Z’` .", "title": "StaticValues", "type": "array" } @@ -208555,7 +208565,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of static default values for a given date time parameter. The valid format for this property is `yyyy-MM-dd\u2019T\u2019HH:mm:ss\u2019Z\u2019` .", + "markdownDescription": "A list of static default values for a given date time parameter. The valid format for this property is `yyyy-MM-dd’T’HH:mm:ss’Z’` .", "title": "DateTimeStaticValues", "type": "array" }, @@ -208838,7 +208848,7 @@ "type": "string" }, "MatchAllValue": { - "markdownDescription": "A string that you want to use to filter by all the values in a column in the dataset and don\u2019t want to list the values one by one. For example, you can use an asterisk as your match all value.", + "markdownDescription": "A string that you want to use to filter by all the values in a column in the dataset and don’t want to list the values one by one. For example, you can use an asterisk as your match all value.", "title": "MatchAllValue", "type": "string" }, @@ -217678,7 +217688,7 @@ "additionalProperties": false, "properties": { "PercentileValue": { - "markdownDescription": "The percentile value. This value can be any numeric constant 0\u2013100. A percentile value of 50 computes the median value of the measure.", + "markdownDescription": "The percentile value. This value can be any numeric constant 0–100. A percentile value of 50 computes the median value of the measure.", "title": "PercentileValue", "type": "number" } @@ -225158,7 +225168,7 @@ "type": "string" }, "ValidTill": { - "markdownDescription": "The expiration date of the DB instance\u2019s server certificate.", + "markdownDescription": "The expiration date of the DB instance’s server certificate.", "title": "ValidTill", "type": "string" } @@ -226273,7 +226283,7 @@ "properties": { "AdditionalEncryptionContext": { "additionalProperties": true, - "markdownDescription": "An optional set of non-secret key\u2013value pairs that contains additional contextual information about the data. For more information, see [Encryption context](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the *AWS Key Management Service Developer Guide* .\n\nYou can only include this parameter if you specify the `KMSKeyId` parameter.", + "markdownDescription": "An optional set of non-secret key–value pairs that contains additional contextual information about the data. For more information, see [Encryption context](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) in the *AWS Key Management Service Developer Guide* .\n\nYou can only include this parameter if you specify the `KMSKeyId` parameter.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -227294,7 +227304,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Specifies an arbitrary set of tags (key\u2013value pairs) to associate with this security group. Use tags to manage your resources.", + "markdownDescription": "Specifies an arbitrary set of tags (key–value pairs) to associate with this security group. Use tags to manage your resources.", "title": "Tags", "type": "array" } @@ -227459,7 +227469,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Specifies an arbitrary set of tags (key\u2013value pairs) to associate with this subnet group. Use tags to manage your resources.", + "markdownDescription": "Specifies an arbitrary set of tags (key–value pairs) to associate with this subnet group. Use tags to manage your resources.", "title": "Tags", "type": "array" } @@ -228898,7 +228908,7 @@ "additionalProperties": false, "properties": { "ActivationState": { - "markdownDescription": "If set to `ACTIVE` , traffic is forwarded to this route\u2019s service after the route is created.", + "markdownDescription": "If set to `ACTIVE` , traffic is forwarded to this route’s service after the route is created.", "title": "ActivationState", "type": "string" } @@ -228912,7 +228922,7 @@ "additionalProperties": false, "properties": { "ActivationState": { - "markdownDescription": "If set to `ACTIVE` , traffic is forwarded to this route\u2019s service after the route is created.", + "markdownDescription": "If set to `ACTIVE` , traffic is forwarded to this route’s service after the route is created.", "title": "ActivationState", "type": "string" }, @@ -228930,7 +228940,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list of HTTP methods to match. An empty list matches all values. If a method is present, only HTTP requests using that method are forwarded to this route\u2019s service.", + "markdownDescription": "A list of HTTP methods to match. An empty list matches all values. If a method is present, only HTTP requests using that method are forwarded to this route’s service.", "title": "Methods", "type": "array" }, @@ -232053,7 +232063,7 @@ }, "CidrRoutingConfig": { "$ref": "#/definitions/AWS::Route53::RecordSet.CidrRoutingConfig", - "markdownDescription": "The object that is specified in resource record set object when you are linking a resource record set to a CIDR location.\n\nA `LocationName` with an asterisk \u201c*\u201d can be used to create a default CIDR record. `CollectionId` is still required for default record.", + "markdownDescription": "The object that is specified in resource record set object when you are linking a resource record set to a CIDR location.\n\nA `LocationName` with an asterisk “*” can be used to create a default CIDR record. `CollectionId` is still required for default record.", "title": "CidrRoutingConfig" }, "Comment": { @@ -232073,7 +232083,7 @@ }, "GeoProximityLocation": { "$ref": "#/definitions/AWS::Route53::RecordSet.GeoProximityLocation", - "markdownDescription": "*GeoproximityLocation resource record sets only:* A complex type that lets you control how Route\u00a053 responds to DNS queries based on the geographic origin of the query and your resources.", + "markdownDescription": "*GeoproximityLocation resource record sets only:* A complex type that lets you control how Route 53 responds to DNS queries based on the geographic origin of the query and your resources.", "title": "GeoProximityLocation" }, "HealthCheckId": { @@ -232211,12 +232221,12 @@ "additionalProperties": false, "properties": { "Latitude": { - "markdownDescription": "Specifies a coordinate of the north\u2013south position of a geographic point on the surface of the Earth (-90 - 90).", + "markdownDescription": "Specifies a coordinate of the north–south position of a geographic point on the surface of the Earth (-90 - 90).", "title": "Latitude", "type": "string" }, "Longitude": { - "markdownDescription": "Specifies a coordinate of the east\u2013west position of a geographic point on the surface of the Earth (-180 - 180).", + "markdownDescription": "Specifies a coordinate of the east–west position of a geographic point on the surface of the Earth (-180 - 180).", "title": "Longitude", "type": "string" } @@ -232241,7 +232251,7 @@ "type": "string" }, "SubdivisionCode": { - "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two\u2013Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", + "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two–Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", "title": "SubdivisionCode", "type": "string" } @@ -232257,7 +232267,7 @@ "type": "string" }, "Bias": { - "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route\u00a053 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route\u00a053 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a negative bias of -1 to -99. Route\u00a053 expands the size of adjacent regions.", + "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route 53 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route 53 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route 53 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route 53 routes traffic to a resource, specify a negative bias of -1 to -99. Route 53 expands the size of adjacent regions.", "title": "Bias", "type": "number" }, @@ -232404,12 +232414,12 @@ "additionalProperties": false, "properties": { "Latitude": { - "markdownDescription": "Specifies a coordinate of the north\u2013south position of a geographic point on the surface of the Earth (-90 - 90).", + "markdownDescription": "Specifies a coordinate of the north–south position of a geographic point on the surface of the Earth (-90 - 90).", "title": "Latitude", "type": "string" }, "Longitude": { - "markdownDescription": "Specifies a coordinate of the east\u2013west position of a geographic point on the surface of the Earth (-180 - 180).", + "markdownDescription": "Specifies a coordinate of the east–west position of a geographic point on the surface of the Earth (-180 - 180).", "title": "Longitude", "type": "string" } @@ -232434,7 +232444,7 @@ "type": "string" }, "SubdivisionCode": { - "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two\u2013Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", + "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two–Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", "title": "SubdivisionCode", "type": "string" } @@ -232450,7 +232460,7 @@ "type": "string" }, "Bias": { - "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route\u00a053 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route\u00a053 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a negative bias of -1 to -99. Route\u00a053 expands the size of adjacent regions.", + "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route 53 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route 53 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route 53 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route 53 routes traffic to a resource, specify a negative bias of -1 to -99. Route 53 expands the size of adjacent regions.", "title": "Bias", "type": "number" }, @@ -234033,7 +234043,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A key value pair that helps you identify a Route\u00a053 Resolver .", + "markdownDescription": "A key value pair that helps you identify a Route 53 Resolver .", "title": "Tags", "type": "array" } @@ -234246,7 +234256,7 @@ "items": { "$ref": "#/definitions/AWS::Route53Resolver::ResolverEndpoint.IpAddressRequest" }, - "markdownDescription": "The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.\n\n> Even though the minimum is 1, Route\u00a053 requires that you create at least two.", + "markdownDescription": "The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC.\n\n> Even though the minimum is 1, Route 53 requires that you create at least two.", "title": "IpAddresses", "type": "array" }, @@ -234742,7 +234752,7 @@ "title": "Grantee" }, "Permission": { - "markdownDescription": "The type of access that you are granting to your S3 data, which can be set to one of the following values:\n\n- `READ` \u2013 Grant read-only access to the S3 data.\n- `WRITE` \u2013 Grant write-only access to the S3 data.\n- `READWRITE` \u2013 Grant both read and write access to the S3 data.", + "markdownDescription": "The type of access that you are granting to your S3 data, which can be set to one of the following values:\n\n- `READ` – Grant read-only access to the S3 data.\n- `WRITE` – Grant write-only access to the S3 data.\n- `READWRITE` – Grant both read and write access to the S3 data.", "title": "Permission", "type": "string" }, @@ -236388,7 +236398,7 @@ "additionalProperties": false, "properties": { "KMSMasterKeyID": { - "markdownDescription": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.\n\n> - *General purpose buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse` .\n> - *Directory buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` . \n\nYou can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n\n- Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key Alias: `alias/alias-name`\n\nIf you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy) .\n\n> - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester\u2019s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.\n> - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .", + "markdownDescription": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.\n\n> - *General purpose buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse` .\n> - *Directory buckets* - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` . \n\nYou can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n\n- Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key Alias: `alias/alias-name`\n\nIf you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy) .\n\n> - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.\n> - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .", "title": "KMSMasterKeyID", "type": "string" }, @@ -236937,7 +236947,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "A set of tags (key\u2013value pairs) to associate with the Storage Lens configuration.", + "markdownDescription": "A set of tags (key–value pairs) to associate with the Storage Lens configuration.", "title": "Tags", "type": "array" } @@ -238702,7 +238712,7 @@ "additionalProperties": false, "properties": { "EngagementMetrics": { - "markdownDescription": "Specifies the status of your VDM engagement metrics collection. Can be one of the following:\n\n- `ENABLED` \u2013 Amazon SES enables engagement metrics for the configuration set.\n- `DISABLED` \u2013 Amazon SES disables engagement metrics for the configuration set.", + "markdownDescription": "Specifies the status of your VDM engagement metrics collection. Can be one of the following:\n\n- `ENABLED` – Amazon SES enables engagement metrics for the configuration set.\n- `DISABLED` – Amazon SES disables engagement metrics for the configuration set.", "title": "EngagementMetrics", "type": "string" } @@ -238732,7 +238742,7 @@ "additionalProperties": false, "properties": { "OptimizedSharedDelivery": { - "markdownDescription": "Specifies the status of your VDM optimized shared delivery. Can be one of the following:\n\n- `ENABLED` \u2013 Amazon SES enables optimized shared delivery for the configuration set.\n- `DISABLED` \u2013 Amazon SES disables optimized shared delivery for the configuration set.", + "markdownDescription": "Specifies the status of your VDM optimized shared delivery. Can be one of the following:\n\n- `ENABLED` – Amazon SES enables optimized shared delivery for the configuration set.\n- `DISABLED` – Amazon SES disables optimized shared delivery for the configuration set.", "title": "OptimizedSharedDelivery", "type": "string" } @@ -238771,7 +238781,7 @@ "items": { "type": "string" }, - "markdownDescription": "A list that contains the reasons that email addresses are automatically added to the suppression list for your account. This list can contain any or all of the following:\n\n- `COMPLAINT` \u2013 Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a complaint.\n- `BOUNCE` \u2013 Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a hard bounce.", + "markdownDescription": "A list that contains the reasons that email addresses are automatically added to the suppression list for your account. This list can contain any or all of the following:\n\n- `COMPLAINT` – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a complaint.\n- `BOUNCE` – Amazon SES adds an email address to the suppression list for your account when a message sent to that address results in a hard bounce.", "title": "SuppressedReasons", "type": "array" } @@ -238896,12 +238906,12 @@ "additionalProperties": false, "properties": { "DefaultDimensionValue": { - "markdownDescription": "The default value of the dimension that is published to Amazon CloudWatch if you don't provide the value of the dimension when you send an email. This value has to meet the following criteria:\n\n- Can only contain ASCII letters (a\u2013z, A\u2013Z), numbers (0\u20139), underscores (_), or dashes (-), at signs (@), and periods (.).\n- It can contain no more than 256 characters.", + "markdownDescription": "The default value of the dimension that is published to Amazon CloudWatch if you don't provide the value of the dimension when you send an email. This value has to meet the following criteria:\n\n- Can only contain ASCII letters (a–z, A–Z), numbers (0–9), underscores (_), or dashes (-), at signs (@), and periods (.).\n- It can contain no more than 256 characters.", "title": "DefaultDimensionValue", "type": "string" }, "DimensionName": { - "markdownDescription": "The name of an Amazon CloudWatch dimension associated with an email sending metric. The name has to meet the following criteria:\n\n- It can only contain ASCII letters (a\u2013z, A\u2013Z), numbers (0\u20139), underscores (_), or dashes (-).\n- It can contain no more than 256 characters.", + "markdownDescription": "The name of an Amazon CloudWatch dimension associated with an email sending metric. The name has to meet the following criteria:\n\n- It can only contain ASCII letters (a–z, A–Z), numbers (0–9), underscores (_), or dashes (-).\n- It can contain no more than 256 characters.", "title": "DimensionName", "type": "string" }, @@ -238940,7 +238950,7 @@ "items": { "type": "string" }, - "markdownDescription": "The types of events that Amazon SES sends to the specified event destinations.\n\n- `SEND` - The send request was successful and SES will attempt to deliver the message to the recipient\u2019s mail server. (If account-level or global suppression is being used, SES will still count it as a send, but delivery is suppressed.)\n- `REJECT` - SES accepted the email, but determined that it contained a virus and didn\u2019t attempt to deliver it to the recipient\u2019s mail server.\n- `BOUNCE` - ( *Hard bounce* ) The recipient's mail server permanently rejected the email. ( *Soft bounces* are only included when SES fails to deliver the email after retrying for a period of time.)\n- `COMPLAINT` - The email was successfully delivered to the recipient\u2019s mail server, but the recipient marked it as spam.\n- `DELIVERY` - SES successfully delivered the email to the recipient's mail server.\n- `OPEN` - The recipient received the message and opened it in their email client.\n- `CLICK` - The recipient clicked one or more links in the email.\n- `RENDERING_FAILURE` - The email wasn't sent because of a template rendering issue. This event type can occur when template data is missing, or when there is a mismatch between template parameters and data. (This event type only occurs when you send email using the [`SendEmail`](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_SendEmail.html) or [`SendBulkEmail`](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_SendBulkEmail.html) API operations.)\n- `DELIVERY_DELAY` - The email couldn't be delivered to the recipient\u2019s mail server because a temporary issue occurred. Delivery delays can occur, for example, when the recipient's inbox is full, or when the receiving email server experiences a transient issue.\n- `SUBSCRIPTION` - The email was successfully delivered, but the recipient updated their subscription preferences by clicking on an *unsubscribe* link as part of your [subscription management](https://docs.aws.amazon.com/ses/latest/dg/sending-email-subscription-management.html) .", + "markdownDescription": "The types of events that Amazon SES sends to the specified event destinations.\n\n- `SEND` - The send request was successful and SES will attempt to deliver the message to the recipient’s mail server. (If account-level or global suppression is being used, SES will still count it as a send, but delivery is suppressed.)\n- `REJECT` - SES accepted the email, but determined that it contained a virus and didn’t attempt to deliver it to the recipient’s mail server.\n- `BOUNCE` - ( *Hard bounce* ) The recipient's mail server permanently rejected the email. ( *Soft bounces* are only included when SES fails to deliver the email after retrying for a period of time.)\n- `COMPLAINT` - The email was successfully delivered to the recipient’s mail server, but the recipient marked it as spam.\n- `DELIVERY` - SES successfully delivered the email to the recipient's mail server.\n- `OPEN` - The recipient received the message and opened it in their email client.\n- `CLICK` - The recipient clicked one or more links in the email.\n- `RENDERING_FAILURE` - The email wasn't sent because of a template rendering issue. This event type can occur when template data is missing, or when there is a mismatch between template parameters and data. (This event type only occurs when you send email using the [`SendEmail`](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_SendEmail.html) or [`SendBulkEmail`](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_SendBulkEmail.html) API operations.)\n- `DELIVERY_DELAY` - The email couldn't be delivered to the recipient’s mail server because a temporary issue occurred. Delivery delays can occur, for example, when the recipient's inbox is full, or when the receiving email server experiences a transient issue.\n- `SUBSCRIPTION` - The email was successfully delivered, but the recipient updated their subscription preferences by clicking on an *unsubscribe* link as part of your [subscription management](https://docs.aws.amazon.com/ses/latest/dg/sending-email-subscription-management.html) .", "title": "MatchingEventTypes", "type": "array" }, @@ -239568,7 +239578,7 @@ "additionalProperties": false, "properties": { "HeaderName": { - "markdownDescription": "The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric ( `a\u2013z, A\u2013Z, 0\u20139` ) characters and dashes.", + "markdownDescription": "The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric ( `a–z, A–Z, 0–9` ) characters and dashes.", "title": "HeaderName", "type": "string" }, @@ -239996,7 +240006,7 @@ "additionalProperties": false, "properties": { "EngagementMetrics": { - "markdownDescription": "Specifies the status of your VDM engagement metrics collection. Can be one of the following:\n\n- `ENABLED` \u2013 Amazon SES enables engagement metrics for your account.\n- `DISABLED` \u2013 Amazon SES disables engagement metrics for your account.", + "markdownDescription": "Specifies the status of your VDM engagement metrics collection. Can be one of the following:\n\n- `ENABLED` – Amazon SES enables engagement metrics for your account.\n- `DISABLED` – Amazon SES disables engagement metrics for your account.", "title": "EngagementMetrics", "type": "string" } @@ -240007,7 +240017,7 @@ "additionalProperties": false, "properties": { "OptimizedSharedDelivery": { - "markdownDescription": "Specifies the status of your VDM optimized shared delivery. Can be one of the following:\n\n- `ENABLED` \u2013 Amazon SES enables optimized shared delivery for your account.\n- `DISABLED` \u2013 Amazon SES disables optimized shared delivery for your account.", + "markdownDescription": "Specifies the status of your VDM optimized shared delivery. Can be one of the following:\n\n- `ENABLED` – Amazon SES enables optimized shared delivery for your account.\n- `DISABLED` – Amazon SES disables optimized shared delivery for your account.", "title": "OptimizedSharedDelivery", "type": "string" } @@ -240869,7 +240879,7 @@ "type": "array" }, "WaitForSuccessTimeoutSeconds": { - "markdownDescription": "The number of seconds the service should wait for the association status to show \"Success\" before proceeding with the stack execution. If the association status doesn't show \"Success\" after the specified number of seconds, then stack creation fails.\n\n> When you specify a value for the `WaitForSuccessTimeoutSeconds` , [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) for your AWS CloudFormation stack\u2019s configuration might yield inaccurate results. If drift detection is important in your scenario, we recommend that you don\u2019t include `WaitForSuccessTimeoutSeconds` in your template.", + "markdownDescription": "The number of seconds the service should wait for the association status to show \"Success\" before proceeding with the stack execution. If the association status doesn't show \"Success\" after the specified number of seconds, then stack creation fails.\n\n> When you specify a value for the `WaitForSuccessTimeoutSeconds` , [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html) for your AWS CloudFormation stack’s configuration might yield inaccurate results. If drift detection is important in your scenario, we recommend that you don’t include `WaitForSuccessTimeoutSeconds` in your template.", "title": "WaitForSuccessTimeoutSeconds", "type": "number" } @@ -242851,7 +242861,7 @@ "type": "array" }, "TimeZoneId": { - "markdownDescription": "The time zone to base the rotation\u2019s activity on, in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"UTC\", or \"Asia/Seoul\". For more information, see the [Time Zone Database](https://docs.aws.amazon.com/https://www.iana.org/time-zones) on the IANA website.\n\n> Designators for time zones that don\u2019t support Daylight Savings Time rules, such as Pacific Standard Time (PST), are not supported.", + "markdownDescription": "The time zone to base the rotation’s activity on, in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"UTC\", or \"Asia/Seoul\". For more information, see the [Time Zone Database](https://docs.aws.amazon.com/https://www.iana.org/time-zones) on the IANA website.\n\n> Designators for time zones that don’t support Daylight Savings Time rules, such as Pacific Standard Time (PST), are not supported.", "title": "TimeZoneId", "type": "string" } @@ -254793,7 +254803,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.NumberFilter" }, - "markdownDescription": "The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. `Confidence` is scored on a 0\u2013100 basis using a ratio scale. A value of `0` means 0 percent confidence, and a value of `100` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. `Confidence` is scored on a 0–100 basis using a ratio scale. A value of `0` means 0 percent confidence, and a value of `100` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "Confidence", "type": "array" }, @@ -254809,7 +254819,7 @@ "items": { "$ref": "#/definitions/AWS::SecurityHub::AutomationRule.NumberFilter" }, - "markdownDescription": "The level of importance that is assigned to the resources that are associated with a finding. `Criticality` is scored on a 0\u2013100 basis, using a ratio scale that supports only full integers. A score of `0` means that the underlying resources have no criticality, and a score of `100` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", + "markdownDescription": "The level of importance that is assigned to the resources that are associated with a finding. `Criticality` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of `0` means that the underlying resources have no criticality, and a score of `100` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items.", "title": "Criticality", "type": "array" }, @@ -255077,7 +255087,7 @@ "additionalProperties": false, "properties": { "Comparison": { - "markdownDescription": "The condition to apply to the key value when filtering Security Hub findings with a map filter.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, for the `ResourceTags` field, the filter `Department CONTAINS Security` matches findings that include the value `Security` for the `Department` tag. In the same example, a finding with a value of `Security team` for the `Department` tag is a match.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, for the `ResourceTags` field, the filter `Department EQUALS Security` matches findings that have the value `Security` for the `Department` tag.\n\n`CONTAINS` and `EQUALS` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Department CONTAINS Security OR Department CONTAINS Finance` match a finding that includes either `Security` , `Finance` , or both values.\n\nTo search for values that don't have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, for the `ResourceTags` field, the filter `Department NOT_CONTAINS Finance` matches findings that exclude the value `Finance` for the `Department` tag.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, for the `ResourceTags` field, the filter `Department NOT_EQUALS Finance` matches findings that don\u2019t have the value `Finance` for the `Department` tag.\n\n`NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance` match a finding that excludes both the `Security` and `Finance` values.\n\n`CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can\u2019t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can\u2019t have both an `EQUALS` filter and a `NOT_EQUALS` filter on the same field. Combining filters in this way returns an error.\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", + "markdownDescription": "The condition to apply to the key value when filtering Security Hub findings with a map filter.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, for the `ResourceTags` field, the filter `Department CONTAINS Security` matches findings that include the value `Security` for the `Department` tag. In the same example, a finding with a value of `Security team` for the `Department` tag is a match.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, for the `ResourceTags` field, the filter `Department EQUALS Security` matches findings that have the value `Security` for the `Department` tag.\n\n`CONTAINS` and `EQUALS` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Department CONTAINS Security OR Department CONTAINS Finance` match a finding that includes either `Security` , `Finance` , or both values.\n\nTo search for values that don't have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, for the `ResourceTags` field, the filter `Department NOT_CONTAINS Finance` matches findings that exclude the value `Finance` for the `Department` tag.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, for the `ResourceTags` field, the filter `Department NOT_EQUALS Finance` matches findings that don’t have the value `Finance` for the `Department` tag.\n\n`NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance` match a finding that excludes both the `Security` and `Finance` values.\n\n`CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t have both an `EQUALS` filter and a `NOT_EQUALS` filter on the same field. Combining filters in this way returns an error.\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", "title": "Comparison", "type": "string" }, @@ -255169,7 +255179,7 @@ "type": "string" }, "Normalized": { - "markdownDescription": "The normalized severity for the finding. This attribute is to be deprecated in favor of `Label` .\n\nIf you provide `Normalized` and don't provide `Label` , `Label` is set automatically as follows.\n\n- 0 - `INFORMATIONAL`\n- 1\u201339 - `LOW`\n- 40\u201369 - `MEDIUM`\n- 70\u201389 - `HIGH`\n- 90\u2013100 - `CRITICAL`", + "markdownDescription": "The normalized severity for the finding. This attribute is to be deprecated in favor of `Label` .\n\nIf you provide `Normalized` and don't provide `Label` , `Label` is set automatically as follows.\n\n- 0 - `INFORMATIONAL`\n- 1–39 - `LOW`\n- 40–69 - `MEDIUM`\n- 70–89 - `HIGH`\n- 90–100 - `CRITICAL`", "title": "Normalized", "type": "number" }, @@ -255185,7 +255195,7 @@ "additionalProperties": false, "properties": { "Comparison": { - "markdownDescription": "The condition to apply to a string value when filtering Security Hub findings.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` .\n- To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn't match.\n\n`CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title.\n\nTo search for values that don\u2019t have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` .\n- To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` .\n\n`NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title.\n\nYou can\u2019t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.\n\nFor example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .\n\n- `ResourceType PREFIX AwsIam`\n- `ResourceType PREFIX AwsEc2`\n- `ResourceType NOT_EQUALS AwsIamPolicy`\n- `ResourceType NOT_EQUALS AwsEc2NetworkInterface`\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", + "markdownDescription": "The condition to apply to a string value when filtering Security Hub findings.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` .\n- To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn't match.\n\n`CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title.\n\nTo search for values that don’t have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` .\n- To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` .\n\n`NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title.\n\nYou can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.\n\nFor example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .\n\n- `ResourceType PREFIX AwsIam`\n- `ResourceType PREFIX AwsEc2`\n- `ResourceType NOT_EQUALS AwsIamPolicy`\n- `ResourceType NOT_EQUALS AwsEc2NetworkInterface`\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", "title": "Comparison", "type": "string" }, @@ -256324,7 +256334,7 @@ "additionalProperties": false, "properties": { "Comparison": { - "markdownDescription": "The condition to apply to the key value when filtering Security Hub findings with a map filter.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, for the `ResourceTags` field, the filter `Department CONTAINS Security` matches findings that include the value `Security` for the `Department` tag. In the same example, a finding with a value of `Security team` for the `Department` tag is a match.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, for the `ResourceTags` field, the filter `Department EQUALS Security` matches findings that have the value `Security` for the `Department` tag.\n\n`CONTAINS` and `EQUALS` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Department CONTAINS Security OR Department CONTAINS Finance` match a finding that includes either `Security` , `Finance` , or both values.\n\nTo search for values that don't have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, for the `ResourceTags` field, the filter `Department NOT_CONTAINS Finance` matches findings that exclude the value `Finance` for the `Department` tag.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, for the `ResourceTags` field, the filter `Department NOT_EQUALS Finance` matches findings that don\u2019t have the value `Finance` for the `Department` tag.\n\n`NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance` match a finding that excludes both the `Security` and `Finance` values.\n\n`CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can\u2019t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can\u2019t have both an `EQUALS` filter and a `NOT_EQUALS` filter on the same field. Combining filters in this way returns an error.\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", + "markdownDescription": "The condition to apply to the key value when filtering Security Hub findings with a map filter.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, for the `ResourceTags` field, the filter `Department CONTAINS Security` matches findings that include the value `Security` for the `Department` tag. In the same example, a finding with a value of `Security team` for the `Department` tag is a match.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, for the `ResourceTags` field, the filter `Department EQUALS Security` matches findings that have the value `Security` for the `Department` tag.\n\n`CONTAINS` and `EQUALS` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Department CONTAINS Security OR Department CONTAINS Finance` match a finding that includes either `Security` , `Finance` , or both values.\n\nTo search for values that don't have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, for the `ResourceTags` field, the filter `Department NOT_CONTAINS Finance` matches findings that exclude the value `Finance` for the `Department` tag.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, for the `ResourceTags` field, the filter `Department NOT_EQUALS Finance` matches findings that don’t have the value `Finance` for the `Department` tag.\n\n`NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance` match a finding that excludes both the `Security` and `Finance` values.\n\n`CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t have both an `EQUALS` filter and a `NOT_EQUALS` filter on the same field. Combining filters in this way returns an error.\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", "title": "Comparison", "type": "string" }, @@ -256371,7 +256381,7 @@ "additionalProperties": false, "properties": { "Comparison": { - "markdownDescription": "The condition to apply to a string value when filtering Security Hub findings.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` .\n- To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn't match.\n\n`CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title.\n\nTo search for values that don\u2019t have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` .\n- To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` .\n\n`NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title.\n\nYou can\u2019t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.\n\nFor example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .\n\n- `ResourceType PREFIX AwsIam`\n- `ResourceType PREFIX AwsEc2`\n- `ResourceType NOT_EQUALS AwsIamPolicy`\n- `ResourceType NOT_EQUALS AwsEc2NetworkInterface`\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", + "markdownDescription": "The condition to apply to a string value when filtering Security Hub findings.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` .\n- To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn't match.\n\n`CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title.\n\nTo search for values that don’t have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` .\n- To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` .\n\n`NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title.\n\nYou can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.\n\nFor example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .\n\n- `ResourceType PREFIX AwsIam`\n- `ResourceType PREFIX AwsEc2`\n- `ResourceType NOT_EQUALS AwsIamPolicy`\n- `ResourceType NOT_EQUALS AwsEc2NetworkInterface`\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .", "title": "Comparison", "type": "string" }, @@ -257127,7 +257137,7 @@ }, "SourceConnection": { "$ref": "#/definitions/AWS::ServiceCatalog::CloudFormationProduct.SourceConnection", - "markdownDescription": "A top level `ProductViewDetail` response containing details about the product\u2019s connection. AWS Service Catalog returns this field for the `CreateProduct` , `UpdateProduct` , `DescribeProductAsAdmin` , and `SearchProductAsAdmin` APIs. This response contains the same fields as the `ConnectionParameters` request, with the addition of the `LastSync` response.", + "markdownDescription": "A top level `ProductViewDetail` response containing details about the product’s connection. AWS Service Catalog returns this field for the `CreateProduct` , `UpdateProduct` , `DescribeProductAsAdmin` , and `SearchProductAsAdmin` APIs. This response contains the same fields as the `ConnectionParameters` request, with the addition of the `LastSync` response.", "title": "SourceConnection" }, "SupportDescription": { @@ -257200,7 +257210,7 @@ "type": "string" }, "Repository": { - "markdownDescription": "The specific repository where the product\u2019s artifact-to-be-synced resides, formatted as \"Account/Repo.\"", + "markdownDescription": "The specific repository where the product’s artifact-to-be-synced resides, formatted as \"Account/Repo.\"", "title": "Repository", "type": "string" } @@ -257238,7 +257248,7 @@ "type": "boolean" }, "Info": { - "markdownDescription": "Specify the template source with one of the following options, but not both. Keys accepted: [ `LoadTemplateFromURL` , `ImportFromPhysicalId` ]\n\nThe URL of the AWS CloudFormation template in Amazon S3 in JSON format. Specify the URL in JSON format as follows:\n\n`\"LoadTemplateFromURL\": \"https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/...\"`\n\n`ImportFromPhysicalId` : The physical id of the resource that contains the template. Currently only supports AWS CloudFormation stack arn. Specify the physical id in JSON format as follows: `ImportFromPhysicalId: \u201carn:aws:cloudformation:[us-east-1]:[accountId]:stack/[StackName]/[resourceId]`", + "markdownDescription": "Specify the template source with one of the following options, but not both. Keys accepted: [ `LoadTemplateFromURL` , `ImportFromPhysicalId` ]\n\nThe URL of the AWS CloudFormation template in Amazon S3 in JSON format. Specify the URL in JSON format as follows:\n\n`\"LoadTemplateFromURL\": \"https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/...\"`\n\n`ImportFromPhysicalId` : The physical id of the resource that contains the template. Currently only supports AWS CloudFormation stack arn. Specify the physical id in JSON format as follows: `ImportFromPhysicalId: “arn:aws:cloudformation:[us-east-1]:[accountId]:stack/[StackName]/[resourceId]`", "title": "Info", "type": "object" }, @@ -259078,7 +259088,7 @@ "additionalProperties": false, "properties": { "InstanceAttributes": { - "markdownDescription": "A string map that contains the following information for the service that you specify in `ServiceId` :\n\n- The attributes that apply to the records that are defined in the service.\n- For each attribute, the applicable value.\n\nSupported attribute keys include the following:\n\n- **AWS_ALIAS_DNS_NAME** - If you want AWS Cloud Map to create a Route\u00a053 alias record that routes traffic to an Elastic Load Balancing load balancer, specify the DNS name that is associated with the load balancer. For information about how to get the DNS name, see [AliasTarget->DNSName](https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html#Route53-Type-AliasTarget-DNSName) in the *Route\u00a053 API Reference* .\n\nNote the following:\n\n- The configuration for the service that is specified by `ServiceId` must include settings for an `A` record, an `AAAA` record, or both.\n- In the service that is specified by `ServiceId` , the value of `RoutingPolicy` must be `WEIGHTED` .\n- If the service that is specified by `ServiceId` includes `HealthCheckConfig` settings, AWS Cloud Map will create the health check, but it won't associate the health check with the alias record.\n- Auto naming currently doesn't support creating alias records that route traffic to AWS resources other than ELB load balancers.\n- If you specify a value for `AWS_ALIAS_DNS_NAME` , don't specify values for any of the `AWS_INSTANCE` attributes.\n- **AWS_EC2_INSTANCE_ID** - *HTTP namespaces only.* The Amazon EC2 instance ID for the instance. The `AWS_INSTANCE_IPV4` attribute contains the primary private IPv4 address. When creating resources with a type of [AWS::ServiceDiscovery::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicediscovery-instance.html) , if the `AWS_EC2_INSTANCE_ID` attribute is specified, the only other attribute that can be specified is `AWS_INIT_HEALTH_STATUS` . After the resource has been created, the `AWS_INSTANCE_IPV4` attribute contains the primary private IPv4 address.\n- **AWS_INIT_HEALTH_STATUS** - If the service configuration includes `HealthCheckCustomConfig` , when creating resources with a type of [AWS::ServiceDiscovery::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicediscovery-instance.html) you can optionally use `AWS_INIT_HEALTH_STATUS` to specify the initial status of the custom health check, `HEALTHY` or `UNHEALTHY` . If you don't specify a value for `AWS_INIT_HEALTH_STATUS` , the initial status is `HEALTHY` . This attribute can only be used when creating resources and will not be seen on existing resources.\n- **AWS_INSTANCE_CNAME** - If the service configuration includes a `CNAME` record, the domain name that you want Route\u00a053 to return in response to DNS queries, for example, `example.com` .\n\nThis value is required if the service specified by `ServiceId` includes settings for an `CNAME` record.\n- **AWS_INSTANCE_IPV4** - If the service configuration includes an `A` record, the IPv4 address that you want Route\u00a053 to return in response to DNS queries, for example, `192.0.2.44` .\n\nThis value is required if the service specified by `ServiceId` includes settings for an `A` record. If the service includes settings for an `SRV` record, you must specify a value for `AWS_INSTANCE_IPV4` , `AWS_INSTANCE_IPV6` , or both.\n- **AWS_INSTANCE_IPV6** - If the service configuration includes an `AAAA` record, the IPv6 address that you want Route\u00a053 to return in response to DNS queries, for example, `2001:0db8:85a3:0000:0000:abcd:0001:2345` .\n\nThis value is required if the service specified by `ServiceId` includes settings for an `AAAA` record. If the service includes settings for an `SRV` record, you must specify a value for `AWS_INSTANCE_IPV4` , `AWS_INSTANCE_IPV6` , or both.\n- **AWS_INSTANCE_PORT** - If the service includes an `SRV` record, the value that you want Route\u00a053 to return for the port.\n\nIf the service includes `HealthCheckConfig` , the port on the endpoint that you want Route\u00a053 to send requests to.\n\nThis value is required if you specified settings for an `SRV` record or a Route\u00a053 health check when you created the service.", + "markdownDescription": "A string map that contains the following information for the service that you specify in `ServiceId` :\n\n- The attributes that apply to the records that are defined in the service.\n- For each attribute, the applicable value.\n\nSupported attribute keys include the following:\n\n- **AWS_ALIAS_DNS_NAME** - If you want AWS Cloud Map to create a Route 53 alias record that routes traffic to an Elastic Load Balancing load balancer, specify the DNS name that is associated with the load balancer. For information about how to get the DNS name, see [AliasTarget->DNSName](https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html#Route53-Type-AliasTarget-DNSName) in the *Route 53 API Reference* .\n\nNote the following:\n\n- The configuration for the service that is specified by `ServiceId` must include settings for an `A` record, an `AAAA` record, or both.\n- In the service that is specified by `ServiceId` , the value of `RoutingPolicy` must be `WEIGHTED` .\n- If the service that is specified by `ServiceId` includes `HealthCheckConfig` settings, AWS Cloud Map will create the health check, but it won't associate the health check with the alias record.\n- Auto naming currently doesn't support creating alias records that route traffic to AWS resources other than ELB load balancers.\n- If you specify a value for `AWS_ALIAS_DNS_NAME` , don't specify values for any of the `AWS_INSTANCE` attributes.\n- **AWS_EC2_INSTANCE_ID** - *HTTP namespaces only.* The Amazon EC2 instance ID for the instance. The `AWS_INSTANCE_IPV4` attribute contains the primary private IPv4 address. When creating resources with a type of [AWS::ServiceDiscovery::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicediscovery-instance.html) , if the `AWS_EC2_INSTANCE_ID` attribute is specified, the only other attribute that can be specified is `AWS_INIT_HEALTH_STATUS` . After the resource has been created, the `AWS_INSTANCE_IPV4` attribute contains the primary private IPv4 address.\n- **AWS_INIT_HEALTH_STATUS** - If the service configuration includes `HealthCheckCustomConfig` , when creating resources with a type of [AWS::ServiceDiscovery::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-servicediscovery-instance.html) you can optionally use `AWS_INIT_HEALTH_STATUS` to specify the initial status of the custom health check, `HEALTHY` or `UNHEALTHY` . If you don't specify a value for `AWS_INIT_HEALTH_STATUS` , the initial status is `HEALTHY` . This attribute can only be used when creating resources and will not be seen on existing resources.\n- **AWS_INSTANCE_CNAME** - If the service configuration includes a `CNAME` record, the domain name that you want Route 53 to return in response to DNS queries, for example, `example.com` .\n\nThis value is required if the service specified by `ServiceId` includes settings for an `CNAME` record.\n- **AWS_INSTANCE_IPV4** - If the service configuration includes an `A` record, the IPv4 address that you want Route 53 to return in response to DNS queries, for example, `192.0.2.44` .\n\nThis value is required if the service specified by `ServiceId` includes settings for an `A` record. If the service includes settings for an `SRV` record, you must specify a value for `AWS_INSTANCE_IPV4` , `AWS_INSTANCE_IPV6` , or both.\n- **AWS_INSTANCE_IPV6** - If the service configuration includes an `AAAA` record, the IPv6 address that you want Route 53 to return in response to DNS queries, for example, `2001:0db8:85a3:0000:0000:abcd:0001:2345` .\n\nThis value is required if the service specified by `ServiceId` includes settings for an `AAAA` record. If the service includes settings for an `SRV` record, you must specify a value for `AWS_INSTANCE_IPV4` , `AWS_INSTANCE_IPV6` , or both.\n- **AWS_INSTANCE_PORT** - If the service includes an `SRV` record, the value that you want Route 53 to return for the port.\n\nIf the service includes `HealthCheckConfig` , the port on the endpoint that you want Route 53 to send requests to.\n\nThis value is required if you specified settings for an `SRV` record or a Route 53 health check when you created the service.", "title": "InstanceAttributes", "type": "object" }, @@ -259161,7 +259171,7 @@ "type": "string" }, "Name": { - "markdownDescription": "The name that you want to assign to this namespace. When you create a private DNS namespace, AWS Cloud Map automatically creates an Amazon Route\u00a053 private hosted zone that has the same name as the namespace.", + "markdownDescription": "The name that you want to assign to this namespace. When you create a private DNS namespace, AWS Cloud Map automatically creates an Amazon Route 53 private hosted zone that has the same name as the namespace.", "title": "Name", "type": "string" }, @@ -259404,12 +259414,12 @@ }, "DnsConfig": { "$ref": "#/definitions/AWS::ServiceDiscovery::Service.DnsConfig", - "markdownDescription": "A complex type that contains information about the Route\u00a053 DNS records that you want AWS Cloud Map to create when you register an instance.\n\n> The record types of a service can only be changed by deleting the service and recreating it with a new `Dnsconfig` .", + "markdownDescription": "A complex type that contains information about the Route 53 DNS records that you want AWS Cloud Map to create when you register an instance.\n\n> The record types of a service can only be changed by deleting the service and recreating it with a new `Dnsconfig` .", "title": "DnsConfig" }, "HealthCheckConfig": { "$ref": "#/definitions/AWS::ServiceDiscovery::Service.HealthCheckConfig", - "markdownDescription": "*Public DNS and HTTP namespaces only.* A complex type that contains settings for an optional health check. If you specify settings for a health check, AWS Cloud Map associates the health check with the records that you specify in `DnsConfig` .\n\nFor information about the charges for health checks, see [Amazon Route\u00a053 Pricing](https://docs.aws.amazon.com/route53/pricing/) .", + "markdownDescription": "*Public DNS and HTTP namespaces only.* A complex type that contains settings for an optional health check. If you specify settings for a health check, AWS Cloud Map associates the health check with the records that you specify in `DnsConfig` .\n\nFor information about the charges for health checks, see [Amazon Route 53 Pricing](https://docs.aws.amazon.com/route53/pricing/) .", "title": "HealthCheckConfig" }, "HealthCheckCustomConfig": { @@ -259470,7 +259480,7 @@ "items": { "$ref": "#/definitions/AWS::ServiceDiscovery::Service.DnsRecord" }, - "markdownDescription": "An array that contains one `DnsRecord` object for each Route\u00a053 DNS record that you want AWS Cloud Map to create when you register an instance.\n\n> The record type of a service can't be updated directly and can only be changed by deleting the service and recreating it with a new `DnsConfig` .", + "markdownDescription": "An array that contains one `DnsRecord` object for each Route 53 DNS record that you want AWS Cloud Map to create when you register an instance.\n\n> The record type of a service can't be updated directly and can only be changed by deleting the service and recreating it with a new `DnsConfig` .", "title": "DnsRecords", "type": "array" }, @@ -259480,7 +259490,7 @@ "type": "string" }, "RoutingPolicy": { - "markdownDescription": "The routing policy that you want to apply to all Route\u00a053 DNS records that AWS Cloud Map creates when you register an instance and specify this service.\n\n> If you want to use this service to register instances that create alias records, specify `WEIGHTED` for the routing policy. \n\nYou can specify the following values:\n\n- **MULTIVALUE** - If you define a health check for the service and the health check is healthy, Route\u00a053 returns the applicable value for up to eight instances.\n\nFor example, suppose that the service includes configurations for one `A` record and a health check. You use the service to register 10 instances. Route\u00a053 responds to DNS queries with IP addresses for up to eight healthy instances. If fewer than eight instances are healthy, Route\u00a053 responds to every DNS query with the IP addresses for all of the healthy instances.\n\nIf you don't define a health check for the service, Route\u00a053 assumes that all instances are healthy and returns the values for up to eight instances.\n\nFor more information about the multivalue routing policy, see [Multivalue Answer Routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-multivalue) in the *Route\u00a053 Developer Guide* .\n- **WEIGHTED** - Route\u00a053 returns the applicable value from one randomly selected instance from among the instances that you registered using the same service. Currently, all records have the same weight, so you can't route more or less traffic to any instances.\n\nFor example, suppose that the service includes configurations for one `A` record and a health check. You use the service to register 10 instances. Route\u00a053 responds to DNS queries with the IP address for one randomly selected instance from among the healthy instances. If no instances are healthy, Route\u00a053 responds to DNS queries as if all of the instances were healthy.\n\nIf you don't define a health check for the service, Route\u00a053 assumes that all instances are healthy and returns the applicable value for one randomly selected instance.\n\nFor more information about the weighted routing policy, see [Weighted Routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-weighted) in the *Route\u00a053 Developer Guide* .", + "markdownDescription": "The routing policy that you want to apply to all Route 53 DNS records that AWS Cloud Map creates when you register an instance and specify this service.\n\n> If you want to use this service to register instances that create alias records, specify `WEIGHTED` for the routing policy. \n\nYou can specify the following values:\n\n- **MULTIVALUE** - If you define a health check for the service and the health check is healthy, Route 53 returns the applicable value for up to eight instances.\n\nFor example, suppose that the service includes configurations for one `A` record and a health check. You use the service to register 10 instances. Route 53 responds to DNS queries with IP addresses for up to eight healthy instances. If fewer than eight instances are healthy, Route 53 responds to every DNS query with the IP addresses for all of the healthy instances.\n\nIf you don't define a health check for the service, Route 53 assumes that all instances are healthy and returns the values for up to eight instances.\n\nFor more information about the multivalue routing policy, see [Multivalue Answer Routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-multivalue) in the *Route 53 Developer Guide* .\n- **WEIGHTED** - Route 53 returns the applicable value from one randomly selected instance from among the instances that you registered using the same service. Currently, all records have the same weight, so you can't route more or less traffic to any instances.\n\nFor example, suppose that the service includes configurations for one `A` record and a health check. You use the service to register 10 instances. Route 53 responds to DNS queries with the IP address for one randomly selected instance from among the healthy instances. If no instances are healthy, Route 53 responds to DNS queries as if all of the instances were healthy.\n\nIf you don't define a health check for the service, Route 53 assumes that all instances are healthy and returns the applicable value for one randomly selected instance.\n\nFor more information about the weighted routing policy, see [Weighted Routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-weighted) in the *Route 53 Developer Guide* .", "title": "RoutingPolicy", "type": "string" } @@ -259494,7 +259504,7 @@ "additionalProperties": false, "properties": { "TTL": { - "markdownDescription": "The amount of time, in seconds, that you want DNS resolvers to cache the settings for this record.\n\n> Alias records don't include a TTL because Route\u00a053 uses the TTL for the AWS resource that an alias record routes traffic to. If you include the `AWS_ALIAS_DNS_NAME` attribute when you submit a [RegisterInstance](https://docs.aws.amazon.com/cloud-map/latest/api/API_RegisterInstance.html) request, the `TTL` value is ignored. Always specify a TTL for the service; you can use a service to register instances that create either alias or non-alias records.", + "markdownDescription": "The amount of time, in seconds, that you want DNS resolvers to cache the settings for this record.\n\n> Alias records don't include a TTL because Route 53 uses the TTL for the AWS resource that an alias record routes traffic to. If you include the `AWS_ALIAS_DNS_NAME` attribute when you submit a [RegisterInstance](https://docs.aws.amazon.com/cloud-map/latest/api/API_RegisterInstance.html) request, the `TTL` value is ignored. Always specify a TTL for the service; you can use a service to register instances that create either alias or non-alias records.", "title": "TTL", "type": "number" }, @@ -259514,17 +259524,17 @@ "additionalProperties": false, "properties": { "FailureThreshold": { - "markdownDescription": "The number of consecutive health checks that an endpoint must pass or fail for Route\u00a053 to change the current status of the endpoint from unhealthy to healthy or the other way around. For more information, see [How Route\u00a053 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Route\u00a053 Developer Guide* .", + "markdownDescription": "The number of consecutive health checks that an endpoint must pass or fail for Route 53 to change the current status of the endpoint from unhealthy to healthy or the other way around. For more information, see [How Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Route 53 Developer Guide* .", "title": "FailureThreshold", "type": "number" }, "ResourcePath": { - "markdownDescription": "The path that you want Route\u00a053 to request when performing health checks. The path can be any value that your endpoint returns an HTTP status code of a 2xx or 3xx format for when the endpoint is healthy. An example file is `/docs/route53-health-check.html` . Route\u00a053 automatically adds the DNS name for the service. If you don't specify a value for `ResourcePath` , the default value is `/` .\n\nIf you specify `TCP` for `Type` , you must *not* specify a value for `ResourcePath` .", + "markdownDescription": "The path that you want Route 53 to request when performing health checks. The path can be any value that your endpoint returns an HTTP status code of a 2xx or 3xx format for when the endpoint is healthy. An example file is `/docs/route53-health-check.html` . Route 53 automatically adds the DNS name for the service. If you don't specify a value for `ResourcePath` , the default value is `/` .\n\nIf you specify `TCP` for `Type` , you must *not* specify a value for `ResourcePath` .", "title": "ResourcePath", "type": "string" }, "Type": { - "markdownDescription": "The type of health check that you want to create, which indicates how Route\u00a053 determines whether an endpoint is healthy.\n\n> You can't change the value of `Type` after you create a health check. \n\nYou can create the following types of health checks:\n\n- *HTTP* : Route\u00a053 tries to establish a TCP connection. If successful, Route\u00a053 submits an HTTP request and waits for an HTTP status code of 200 or greater and less than 400.\n- *HTTPS* : Route\u00a053 tries to establish a TCP connection. If successful, Route\u00a053 submits an HTTPS request and waits for an HTTP status code of 200 or greater and less than 400.\n\n> If you specify HTTPS for the value of `Type` , the endpoint must support TLS v1.0 or later.\n- *TCP* : Route\u00a053 tries to establish a TCP connection.\n\nIf you specify `TCP` for `Type` , don't specify a value for `ResourcePath` .\n\nFor more information, see [How Route\u00a053 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Route\u00a053 Developer Guide* .", + "markdownDescription": "The type of health check that you want to create, which indicates how Route 53 determines whether an endpoint is healthy.\n\n> You can't change the value of `Type` after you create a health check. \n\nYou can create the following types of health checks:\n\n- *HTTP* : Route 53 tries to establish a TCP connection. If successful, Route 53 submits an HTTP request and waits for an HTTP status code of 200 or greater and less than 400.\n- *HTTPS* : Route 53 tries to establish a TCP connection. If successful, Route 53 submits an HTTPS request and waits for an HTTP status code of 200 or greater and less than 400.\n\n> If you specify HTTPS for the value of `Type` , the endpoint must support TLS v1.0 or later.\n- *TCP* : Route 53 tries to establish a TCP connection.\n\nIf you specify `TCP` for `Type` , don't specify a value for `ResourcePath` .\n\nFor more information, see [How Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Route 53 Developer Guide* .", "title": "Type", "type": "string" } @@ -259764,7 +259774,7 @@ "items": { "type": "string" }, - "markdownDescription": "The ARN (Amazon Resource Name) of the health check to associate with the protection. Health-based detection provides improved responsiveness and accuracy in attack detection and mitigation.\n\nYou can use this option with any resource type except for Route\u00a053 hosted zones.\n\nFor more information, see [Configuring health-based detection using health checks](https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-health-checks.html) in the *AWS Shield Advanced Developer Guide* .", + "markdownDescription": "The ARN (Amazon Resource Name) of the health check to associate with the protection. Health-based detection provides improved responsiveness and accuracy in attack detection and mitigation.\n\nYou can use this option with any resource type except for Route 53 hosted zones.\n\nFor more information, see [Configuring health-based detection using health checks](https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-health-checks.html) in the *AWS Shield Advanced Developer Guide* .", "title": "HealthCheckArns", "type": "array" }, @@ -260747,7 +260757,7 @@ "type": "string" }, "StateMachineRevisionId": { - "markdownDescription": "Identifier for a state machine revision, which is an immutable, read-only snapshot of a state machine\u2019s definition and configuration.\n\nOnly publish the state machine version if the current state machine's revision ID matches the specified ID. Use this option to avoid publishing a version if the state machine has changed since you last updated it.\n\nTo specify the initial state machine revision, set the value as `INITIAL` .", + "markdownDescription": "Identifier for a state machine revision, which is an immutable, read-only snapshot of a state machine’s definition and configuration.\n\nOnly publish the state machine version if the current state machine's revision ID matches the specified ID. Use this option to avoid publishing a version if the state machine has changed since you last updated it.\n\nTo specify the initial state machine revision, set the value as `INITIAL` .", "title": "StateMachineRevisionId", "type": "string" } @@ -262430,7 +262440,7 @@ "additionalProperties": false, "properties": { "AccessRole": { - "markdownDescription": "Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use.\n\n*For AS2 connectors*\n\nWith AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file\u2019s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` .\n\nIf you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key.\n\n*For SFTP connectors*\n\nMake sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager .", + "markdownDescription": "Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use.\n\n*For AS2 connectors*\n\nWith AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` .\n\nIf you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key.\n\n*For SFTP connectors*\n\nMake sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager .", "title": "AccessRole", "type": "string" }, @@ -262645,7 +262655,7 @@ "additionalProperties": false, "properties": { "AccessRole": { - "markdownDescription": "Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use.\n\n*For AS2 connectors*\n\nWith AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file\u2019s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` .\n\nIf you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key.\n\n*For SFTP connectors*\n\nMake sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager .", + "markdownDescription": "Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use.\n\n*For AS2 connectors*\n\nWith AS2, you can send files by calling `StartFileTransfer` and specifying the file paths in the request parameter, `SendFilePaths` . We use the file’s parent directory (for example, for `--send-file-paths /bucket/dir/file.txt` , parent directory is `/bucket/dir/` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the `AccessRole` needs to provide read and write access to the parent directory of the file location used in the `StartFileTransfer` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with `StartFileTransfer` .\n\nIf you are using Basic authentication for your AS2 connector, the access role requires the `secretsmanager:GetSecretValue` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the `kms:Decrypt` permission for that key.\n\n*For SFTP connectors*\n\nMake sure that the access role provides read and write access to the parent directory of the file location that's used in the `StartFileTransfer` request. Additionally, make sure that the role provides `secretsmanager:GetSecretValue` permission to AWS Secrets Manager .", "title": "AccessRole", "type": "string" }, @@ -264066,7 +264076,7 @@ "additionalProperties": false, "properties": { "Mode": { - "markdownDescription": "The validation mode currently configured for this policy store. The valid values are:\n\n- *OFF* \u2013 Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.\n- *STRICT* \u2013 Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.\n\n> If `Mode=STRICT` and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.\n> \n> To submit a static policy or policy template without a schema, you must turn off validation.", + "markdownDescription": "The validation mode currently configured for this policy store. The valid values are:\n\n- *OFF* – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.\n- *STRICT* – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.\n\n> If `Mode=STRICT` and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.\n> \n> To submit a static policy or policy template without a schema, you must turn off validation.", "title": "Mode", "type": "string" } @@ -265395,17 +265405,17 @@ "type": "boolean" }, "HealthCheckIntervalSeconds": { - "markdownDescription": "The approximate amount of time, in seconds, between health checks of an individual target. The range is 5\u2013300 seconds. The default is 30 seconds.", + "markdownDescription": "The approximate amount of time, in seconds, between health checks of an individual target. The range is 5–300 seconds. The default is 30 seconds.", "title": "HealthCheckIntervalSeconds", "type": "number" }, "HealthCheckTimeoutSeconds": { - "markdownDescription": "The amount of time, in seconds, to wait before reporting a target as unhealthy. The range is 1\u2013120 seconds. The default is 5 seconds.", + "markdownDescription": "The amount of time, in seconds, to wait before reporting a target as unhealthy. The range is 1–120 seconds. The default is 5 seconds.", "title": "HealthCheckTimeoutSeconds", "type": "number" }, "HealthyThresholdCount": { - "markdownDescription": "The number of consecutive successful health checks required before considering an unhealthy target healthy. The range is 2\u201310. The default is 5.", + "markdownDescription": "The number of consecutive successful health checks required before considering an unhealthy target healthy. The range is 2–10. The default is 5.", "title": "HealthyThresholdCount", "type": "number" }, @@ -265435,7 +265445,7 @@ "type": "string" }, "UnhealthyThresholdCount": { - "markdownDescription": "The number of consecutive failed health checks required before considering a target unhealthy. The range is 2\u201310. The default is 2.", + "markdownDescription": "The number of consecutive failed health checks required before considering a target unhealthy. The range is 2–10. The default is 2.", "title": "UnhealthyThresholdCount", "type": "number" } @@ -272440,7 +272450,7 @@ "type": "object" }, "AuthenticationType": { - "markdownDescription": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`IAM Identity Center` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", + "markdownDescription": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser’s SP metadata with your IdP’s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`IAM Identity Center` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", "title": "AuthenticationType", "type": "string" }, @@ -277313,4 +277323,4 @@ "Resources" ], "type": "object" -} +} \ No newline at end of file diff --git a/schema_source/sam.schema.json b/schema_source/sam.schema.json index f1d47e9aa..4b8b2cde0 100644 --- a/schema_source/sam.schema.json +++ b/schema_source/sam.schema.json @@ -1164,6 +1164,23 @@ "EndpointConfiguration": { "additionalProperties": false, "properties": { + "IpAddressType": { + "__samPassThrough": { + "markdownDescriptionOverride": "The IP address type for the API Gateway endpoint\\. \n*Valid values*: `ipv4` or `dualstack` \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`IpAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-ipaddresstype) property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type\\.", + "schemaPath": [ + "definitions", + "AWS::ApiGateway::RestApi.EndpointConfiguration", + "properties", + "IpAddressType" + ] + }, + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ], + "title": "IpAddressType" + }, "Type": { "__samPassThrough": { "markdownDescriptionOverride": "The endpoint type of a REST API\\. \n*Valid values*: `EDGE` or `REGIONAL` or `PRIVATE` \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Types`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-types) property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type\\.", @@ -3652,6 +3669,23 @@ "markdownDescription": "Defines the type of API Gateway endpoint to map to the custom domain\\. The value of this property determines how the `CertificateArn` property is mapped in AWS CloudFormation\\. \n*Valid values*: `REGIONAL` or `EDGE` \n*Type*: String \n*Required*: No \n*Default*: `REGIONAL` \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", "title": "EndpointConfiguration" }, + "IpAddressType": { + "__samPassThrough": { + "markdownDescriptionOverride": "The IP address types that can invoke this DomainName. Use `ipv4` to allow only IPv4 addresses to invoke this DomainName, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke this DomainName. For the `PRIVATE` endpoint type, only `dualstack` is supported. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`IpAddressType`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-domainname-endpointconfiguration.html#cfn-apigateway-domainname-endpointconfiguration-ipaddresstype) property of an `AWS::ApiGateway::DomainName.EndpointConfiguration` resource.", + "schemaPath": [ + "definitions", + "AWS::ApiGateway::DomainName.EndpointConfiguration", + "properties", + "IpAddressType" + ] + }, + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ], + "title": "IpAddressType" + }, "MutualTlsAuthentication": { "__samPassThrough": { "markdownDescriptionOverride": "The mutual Transport Layer Security \\(TLS\\) authentication configuration for a custom domain name\\. \n*Type*: [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication) \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`MutualTlsAuthentication`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication) property of an `AWS::ApiGateway::DomainName` resource\\.", diff --git a/tests/translator/input/api_domain_ipaddresstype.yaml b/tests/translator/input/api_domain_ipaddresstype.yaml new file mode 100644 index 000000000..67c0bc5dc --- /dev/null +++ b/tests/translator/input/api_domain_ipaddresstype.yaml @@ -0,0 +1,27 @@ +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + Domain: + DomainName: api.example.com + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/example + EndpointConfiguration: REGIONAL + IpAddressType: dualstack + + MyFunction: + Type: AWS::Serverless::Function + Properties: + InlineCode: | + exports.handler = async (event) => { + return { statusCode: 200, body: 'Hello' }; + }; + Handler: index.handler + Runtime: nodejs18.x + Events: + ApiEvent: + Type: Api + Properties: + RestApiId: !Ref MyApi + Method: GET + Path: /test diff --git a/tests/translator/input/api_domain_ipaddresstype_private.yaml b/tests/translator/input/api_domain_ipaddresstype_private.yaml new file mode 100644 index 000000000..9379455f4 --- /dev/null +++ b/tests/translator/input/api_domain_ipaddresstype_private.yaml @@ -0,0 +1,38 @@ +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + EndpointConfiguration: + Type: PRIVATE + VPCEndpointIds: + - vpce-123456 + Domain: + DomainName: api.example.com + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/example + EndpointConfiguration: PRIVATE + IpAddressType: dualstack + Policy: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: '*' + Action: execute-api:Invoke + Resource: execute-api:/* + + MyFunction: + Type: AWS::Serverless::Function + Properties: + InlineCode: | + exports.handler = async (event) => { + return { statusCode: 200, body: 'Hello' }; + }; + Handler: index.handler + Runtime: nodejs18.x + Events: + ApiEvent: + Type: Api + Properties: + RestApiId: !Ref MyApi + Method: GET + Path: /test diff --git a/tests/translator/input/api_endpoint_configuration_with_ipaddresstype.yaml b/tests/translator/input/api_endpoint_configuration_with_ipaddresstype.yaml new file mode 100644 index 000000000..db751fc98 --- /dev/null +++ b/tests/translator/input/api_endpoint_configuration_with_ipaddresstype.yaml @@ -0,0 +1,39 @@ +Parameters: + EndpointConfigType: + Type: String + IpAddressType: + Type: String + Default: ipv4 + AllowedValues: + - ipv4 + - dualstack + +Globals: + Api: + # Overriding this property for Implicit API + EndpointConfiguration: + Type: {Ref: EndpointConfigType} + IpAddressType: {Ref: IpAddressType} + +Resources: + ImplicitApiFunction: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/member_portal.zip + Handler: index.gethtml + Runtime: nodejs12.x + Events: + GetHtml: + Type: Api + Properties: + Path: / + Method: get + + ExplicitApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionUri: s3://sam-demo-bucket/webpage_swagger.json + EndpointConfiguration: + Type: REGIONAL + IpAddressType: ipv4 diff --git a/tests/translator/output/api_domain_ipaddresstype.json b/tests/translator/output/api_domain_ipaddresstype.json new file mode 100644 index 000000000..05fd0289e --- /dev/null +++ b/tests/translator/output/api_domain_ipaddresstype.json @@ -0,0 +1,154 @@ +{ + "Resources": { + "ApiGatewayDomainName1bc412bb08": { + "Properties": { + "DomainName": "api.example.com", + "EndpointConfiguration": { + "IpAddressType": "dualstack", + "Types": [ + "REGIONAL" + ] + }, + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/example" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "MyApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/test": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "MyApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainName1bc412bb08" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "Stage": { + "Ref": "MyApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "MyApiDeployment3397e3e11c": { + "Properties": { + "Description": "RestApi deployment id: 3397e3e11c8d417d58357af9ff385e19ab953058", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "MyApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment3397e3e11c" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return { statusCode: 200, body: 'Hello' };\n};\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/test", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/api_domain_ipaddresstype_private.json b/tests/translator/output/api_domain_ipaddresstype_private.json new file mode 100644 index 000000000..bc11be976 --- /dev/null +++ b/tests/translator/output/api_domain_ipaddresstype_private.json @@ -0,0 +1,176 @@ +{ + "Resources": { + "ApiGatewayDomainNameV21bc412bb08": { + "Properties": { + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/example", + "DomainName": "api.example.com", + "EndpointConfiguration": { + "IpAddressType": "dualstack", + "Types": [ + "PRIVATE" + ] + }, + "Policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Effect": "Allow", + "Principal": "*", + "Resource": "execute-api:/*" + } + ], + "Version": "2012-10-17" + } + }, + "Type": "AWS::ApiGateway::DomainNameV2" + }, + "MyApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/test": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ], + "VpcEndpointIds": [ + "vpce-123456" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "PRIVATE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "MyApiBasePathMapping": { + "Properties": { + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV21bc412bb08" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "Stage": { + "Ref": "MyApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMappingV2" + }, + "MyApiDeploymente1bd5a5582": { + "Properties": { + "Description": "RestApi deployment id: e1bd5a55826e10fc1ba8b86b90372046f23b056d", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "MyApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeploymente1bd5a5582" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return { statusCode: 200, body: 'Hello' };\n};\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/test", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/api_endpoint_configuration_with_ipaddresstype.json b/tests/translator/output/api_endpoint_configuration_with_ipaddresstype.json new file mode 100644 index 000000000..1696db7bc --- /dev/null +++ b/tests/translator/output/api_endpoint_configuration_with_ipaddresstype.json @@ -0,0 +1,196 @@ +{ + "Parameters": { + "EndpointConfigType": { + "Type": "String" + }, + "IpAddressType": { + "AllowedValues": [ + "ipv4", + "dualstack" + ], + "Default": "ipv4", + "Type": "String" + } + }, + "Resources": { + "ExplicitApi": { + "Properties": { + "BodyS3Location": { + "Bucket": "sam-demo-bucket", + "Key": "webpage_swagger.json" + }, + "EndpointConfiguration": { + "IpAddressType": "ipv4", + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ExplicitApiDeploymentf117c932f7": { + "Properties": { + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ExplicitApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeploymentf117c932f7" + }, + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "ImplicitApiFunction": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ImplicitApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "ImplicitApiFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessRestApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "IpAddressType": { + "Ref": "IpAddressType" + }, + "Types": [ + { + "Ref": "EndpointConfigType" + } + ] + }, + "Parameters": { + "endpointConfigurationTypes": { + "Ref": "EndpointConfigType" + } + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ServerlessRestApiDeployment62b96c1a61": { + "Properties": { + "Description": "RestApi deployment id: 62b96c1a611878eefb13e8ef66dbc71b9ba3dd19", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ServerlessRestApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment62b96c1a61" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/aws-cn/api_domain_ipaddresstype.json b/tests/translator/output/aws-cn/api_domain_ipaddresstype.json new file mode 100644 index 000000000..df38fc6e8 --- /dev/null +++ b/tests/translator/output/aws-cn/api_domain_ipaddresstype.json @@ -0,0 +1,162 @@ +{ + "Resources": { + "ApiGatewayDomainName1bc412bb08": { + "Properties": { + "DomainName": "api.example.com", + "EndpointConfiguration": { + "IpAddressType": "dualstack", + "Types": [ + "REGIONAL" + ] + }, + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/example" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "MyApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/test": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "MyApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainName1bc412bb08" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "Stage": { + "Ref": "MyApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "MyApiDeploymentb0d2f95dd3": { + "Properties": { + "Description": "RestApi deployment id: b0d2f95dd38bf6bd8a6dbe910423d130b94d75df", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "MyApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeploymentb0d2f95dd3" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return { statusCode: 200, body: 'Hello' };\n};\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/test", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/aws-cn/api_domain_ipaddresstype_private.json b/tests/translator/output/aws-cn/api_domain_ipaddresstype_private.json new file mode 100644 index 000000000..2c7aade63 --- /dev/null +++ b/tests/translator/output/aws-cn/api_domain_ipaddresstype_private.json @@ -0,0 +1,176 @@ +{ + "Resources": { + "ApiGatewayDomainNameV21bc412bb08": { + "Properties": { + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/example", + "DomainName": "api.example.com", + "EndpointConfiguration": { + "IpAddressType": "dualstack", + "Types": [ + "PRIVATE" + ] + }, + "Policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Effect": "Allow", + "Principal": "*", + "Resource": "execute-api:/*" + } + ], + "Version": "2012-10-17" + } + }, + "Type": "AWS::ApiGateway::DomainNameV2" + }, + "MyApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/test": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ], + "VpcEndpointIds": [ + "vpce-123456" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "PRIVATE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "MyApiBasePathMapping": { + "Properties": { + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV21bc412bb08" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "Stage": { + "Ref": "MyApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMappingV2" + }, + "MyApiDeploymenta0422ec9d9": { + "Properties": { + "Description": "RestApi deployment id: a0422ec9d98138bf232d3cd10f2225fa4bb56090", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "MyApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeploymenta0422ec9d9" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return { statusCode: 200, body: 'Hello' };\n};\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/test", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/aws-cn/api_endpoint_configuration_with_ipaddresstype.json b/tests/translator/output/aws-cn/api_endpoint_configuration_with_ipaddresstype.json new file mode 100644 index 000000000..a0139fbf6 --- /dev/null +++ b/tests/translator/output/aws-cn/api_endpoint_configuration_with_ipaddresstype.json @@ -0,0 +1,196 @@ +{ + "Parameters": { + "EndpointConfigType": { + "Type": "String" + }, + "IpAddressType": { + "AllowedValues": [ + "ipv4", + "dualstack" + ], + "Default": "ipv4", + "Type": "String" + } + }, + "Resources": { + "ExplicitApi": { + "Properties": { + "BodyS3Location": { + "Bucket": "sam-demo-bucket", + "Key": "webpage_swagger.json" + }, + "EndpointConfiguration": { + "IpAddressType": "ipv4", + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ExplicitApiDeploymentf117c932f7": { + "Properties": { + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ExplicitApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeploymentf117c932f7" + }, + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "ImplicitApiFunction": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ImplicitApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "ImplicitApiFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessRestApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "IpAddressType": { + "Ref": "IpAddressType" + }, + "Types": [ + { + "Ref": "EndpointConfigType" + } + ] + }, + "Parameters": { + "endpointConfigurationTypes": { + "Ref": "EndpointConfigType" + } + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ServerlessRestApiDeploymentcb4fb12558": { + "Properties": { + "Description": "RestApi deployment id: cb4fb1255811b7b6a25dd35f23ee7ad133003b89", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ServerlessRestApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentcb4fb12558" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_domain_ipaddresstype.json b/tests/translator/output/aws-us-gov/api_domain_ipaddresstype.json new file mode 100644 index 000000000..ed32932d0 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_domain_ipaddresstype.json @@ -0,0 +1,162 @@ +{ + "Resources": { + "ApiGatewayDomainName1bc412bb08": { + "Properties": { + "DomainName": "api.example.com", + "EndpointConfiguration": { + "IpAddressType": "dualstack", + "Types": [ + "REGIONAL" + ] + }, + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/example" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "MyApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/test": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "MyApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainName1bc412bb08" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "Stage": { + "Ref": "MyApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "MyApiDeployment40b05f8308": { + "Properties": { + "Description": "RestApi deployment id: 40b05f8308a845bae46f8533064c760f37253eec", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "MyApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment40b05f8308" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return { statusCode: 200, body: 'Hello' };\n};\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/test", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_domain_ipaddresstype_private.json b/tests/translator/output/aws-us-gov/api_domain_ipaddresstype_private.json new file mode 100644 index 000000000..b00b66c9c --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_domain_ipaddresstype_private.json @@ -0,0 +1,176 @@ +{ + "Resources": { + "ApiGatewayDomainNameV21bc412bb08": { + "Properties": { + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/example", + "DomainName": "api.example.com", + "EndpointConfiguration": { + "IpAddressType": "dualstack", + "Types": [ + "PRIVATE" + ] + }, + "Policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Effect": "Allow", + "Principal": "*", + "Resource": "execute-api:/*" + } + ], + "Version": "2012-10-17" + } + }, + "Type": "AWS::ApiGateway::DomainNameV2" + }, + "MyApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/test": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ], + "VpcEndpointIds": [ + "vpce-123456" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "PRIVATE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "MyApiBasePathMapping": { + "Properties": { + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV21bc412bb08" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "Stage": { + "Ref": "MyApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMappingV2" + }, + "MyApiDeployment8f1c791534": { + "Properties": { + "Description": "RestApi deployment id: 8f1c791534c8eda5b36c71f410c2dde1ce0e51ff", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "MyApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment8f1c791534" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return { statusCode: 200, body: 'Hello' };\n};\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/test", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_endpoint_configuration_with_ipaddresstype.json b/tests/translator/output/aws-us-gov/api_endpoint_configuration_with_ipaddresstype.json new file mode 100644 index 000000000..51c521b64 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_endpoint_configuration_with_ipaddresstype.json @@ -0,0 +1,196 @@ +{ + "Parameters": { + "EndpointConfigType": { + "Type": "String" + }, + "IpAddressType": { + "AllowedValues": [ + "ipv4", + "dualstack" + ], + "Default": "ipv4", + "Type": "String" + } + }, + "Resources": { + "ExplicitApi": { + "Properties": { + "BodyS3Location": { + "Bucket": "sam-demo-bucket", + "Key": "webpage_swagger.json" + }, + "EndpointConfiguration": { + "IpAddressType": "ipv4", + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ExplicitApiDeploymentf117c932f7": { + "Properties": { + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ExplicitApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeploymentf117c932f7" + }, + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "ImplicitApiFunction": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ImplicitApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::Lambda::Function" + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "ImplicitApiFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessRestApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "IpAddressType": { + "Ref": "IpAddressType" + }, + "Types": [ + { + "Ref": "EndpointConfigType" + } + ] + }, + "Parameters": { + "endpointConfigurationTypes": { + "Ref": "EndpointConfigType" + } + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ServerlessRestApiDeployment5b2cb4ba8f": { + "Properties": { + "Description": "RestApi deployment id: 5b2cb4ba8fce8a9445b1914c6c6fbeef81a9075a", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ServerlessRestApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment5b2cb4ba8f" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +}