From 98cea434e275f855274acbfd9bc24e9d6c9dfe83 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Fri, 26 Jan 2024 10:31:13 -0500 Subject: [PATCH] feat: update L1 CloudFormation resource definitions (#28878) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-autoscaling │ └ resources │ └[~] resource AWS::AutoScaling::AutoScalingGroup │ └ types │ └[~] type InstanceRequirements │ └ properties │ └[+] MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: integer ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ ├ properties │ │ ├ ContainerProperties: - ContainerProperties (immutable) │ │ │ + ContainerProperties │ │ ├ EksProperties: - EksProperties (immutable) │ │ │ + EksProperties │ │ ├ NodeProperties: - NodeProperties (immutable) │ │ │ + NodeProperties │ │ ├ Parameters: - Map ⇐ json (immutable) │ │ │ + json │ │ ├ PlatformCapabilities: - Array (immutable) │ │ │ + Array │ │ ├ PropagateTags: - boolean (immutable) │ │ │ + boolean │ │ ├ RetryStrategy: - RetryStrategy (immutable) │ │ │ + RetryStrategy │ │ ├ SchedulingPriority: - integer (immutable) │ │ │ + integer │ │ ├ Tags: - Map ⇐ json (immutable) │ │ │ + json (immutable) │ │ ├ Timeout: - JobTimeout ⇐ Timeout (immutable) │ │ │ + Timeout │ │ └ Type: - string (required, immutable) │ │ + string (required) │ ├ attributes │ │ ├[-] ContainerOrchestrationType: string │ │ ├[+] Id: string │ │ ├[-] JobDefinitionArn: string │ │ ├[-] Revision: integer │ │ └[-] Status: string │ └ types │ ├[~] type AuthorizationConfig │ │ ├ - documentation: undefined │ │ │ + documentation: The authorization configuration details for the Amazon EFS file system. │ │ └ properties │ │ ├ AccessPointId: (documentation changed) │ │ └ Iam: (documentation changed) │ ├[~] type ContainerProperties │ │ └ properties │ │ ├ MountPoints: - Array ⇐ Array │ │ │ + Array │ │ └ Volumes: - Array ⇐ Array │ │ + Array │ ├[-] type EFSAuthorizationConfig │ │ ├ documentation: The authorization configuration details for the Amazon EFS file system. │ │ │ name: EFSAuthorizationConfig │ │ └ properties │ │ ├AccessPointId: string │ │ └Iam: string │ ├[~] type EfsVolumeConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ └ properties │ │ ├ AuthorizationConfig: (documentation changed) │ │ ├ FileSystemId: (documentation changed) │ │ ├ RootDirectory: (documentation changed) │ │ ├ TransitEncryption: (documentation changed) │ │ └ TransitEncryptionPort: (documentation changed) │ ├[-] type EFSVolumeConfiguration │ │ ├ documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ │ name: EFSVolumeConfiguration │ │ └ properties │ │ ├FileSystemId: string (required) │ │ ├RootDirectory: string │ │ ├TransitEncryption: string │ │ ├TransitEncryptionPort: integer │ │ └AuthorizationConfig: EFSAuthorizationConfig │ ├[-] type EksMetadata │ │ ├ documentation: Describes and uniquely identifies Kubernetes resources. For example, the compute environment that a pod runs in or the `jobID` for a job running in the pod. For more information, see [Understanding Kubernetes Objects](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) in the *Kubernetes documentation* . │ │ │ name: EksMetadata │ │ └ properties │ │ └Labels: Map │ ├[-] type EksPodProperties │ │ ├ documentation: The properties for the pod. │ │ │ name: EksPodProperties │ │ └ properties │ │ ├ServiceAccountName: string │ │ ├HostNetwork: boolean │ │ ├DnsPolicy: string │ │ ├Containers: Array │ │ ├Volumes: Array │ │ └Metadata: EksMetadata │ ├[~] type EksProperties │ │ └ properties │ │ └ PodProperties: - EksPodProperties ⇐ PodProperties │ │ + PodProperties │ ├[-] type Host │ │ ├ documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ │ │ name: Host │ │ └ properties │ │ └SourcePath: string │ ├[-] type JobTimeout │ │ ├ documentation: An object that represents a job timeout configuration. │ │ │ name: JobTimeout │ │ └ properties │ │ └AttemptDurationSeconds: integer │ ├[~] type LogConfiguration │ │ └ properties │ │ └ Options: - Map ⇐ json │ │ + json │ ├[-] type MountPoint │ │ ├ documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ │ name: MountPoint │ │ └ properties │ │ ├ContainerPath: string │ │ ├ReadOnly: boolean │ │ └SourceVolume: string │ ├[~] type MountPoints │ │ ├ - documentation: undefined │ │ │ + documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ └ properties │ │ ├ ContainerPath: (documentation changed) │ │ ├ ReadOnly: (documentation changed) │ │ └ SourceVolume: (documentation changed) │ ├[~] type Resources │ │ └ properties │ │ ├ Limits: - Map ⇐ json │ │ │ + json │ │ └ Requests: - Map ⇐ json │ │ + json │ ├[~] type Timeout │ │ ├ - documentation: undefined │ │ │ + documentation: An object that represents a job timeout configuration. │ │ └ properties │ │ └ AttemptDurationSeconds: (documentation changed) │ ├[-] type Volume │ │ ├ documentation: A data volume that's used in a job's container properties. │ │ │ name: Volume │ │ └ properties │ │ ├Host: Host │ │ ├EfsVolumeConfiguration: EFSVolumeConfiguration │ │ └Name: string │ ├[~] type Volumes │ │ ├ - documentation: undefined │ │ │ + documentation: A list of volumes that are associated with the job. │ │ └ properties │ │ ├ EfsVolumeConfiguration: (documentation changed) │ │ ├ Host: (documentation changed) │ │ └ Name: (documentation changed) │ └[~] type VolumesHost │ ├ - documentation: undefined │ │ + documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ └ properties │ └ SourcePath: (documentation changed) ├[~] service aws-cloud9 │ └ resources │ └[~] resource AWS::Cloud9::EnvironmentEC2 │ └ properties │ └ ImageId: (documentation changed) ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ types │ │ └[~] type AdvancedEventSelector │ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ │ - `readOnly` │ │ - `eventSource` │ │ - `eventName` │ │ - `eventCategory` │ │ - `resources.type` │ │ - `resources.ARN` │ │ You cannot apply both event selectors and advanced event selectors to a trail. │ │ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ │ You cannot apply both event selectors and advanced event selectors to a trail. │ │ *Supported CloudTrail event record fields for management events* │ │ - `eventCategory` (required) │ │ - `eventSource` │ │ - `readOnly` │ │ *Supported CloudTrail event record fields for data events* │ │ - `eventCategory` (required) │ │ - `resources.type` (required) │ │ - `readOnly` │ │ - `eventName` │ │ - `resources.ARN` │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . │ └[~] resource AWS::CloudTrail::Trail │ └ types │ └[~] type AdvancedEventSelector │ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ - `readOnly` │ - `eventSource` │ - `eventName` │ - `eventCategory` │ - `resources.type` │ - `resources.ARN` │ You cannot apply both event selectors and advanced event selectors to a trail. │ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ You cannot apply both event selectors and advanced event selectors to a trail. │ *Supported CloudTrail event record fields for management events* │ - `eventCategory` (required) │ - `eventSource` │ - `readOnly` │ *Supported CloudTrail event record fields for data events* │ - `eventCategory` (required) │ - `resources.type` (required) │ - `readOnly` │ - `eventName` │ - `resources.ARN` │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . ├[~] service aws-codebuild │ └ resources │ ├[+] resource AWS::CodeBuild::Fleet │ │ ├ name: Fleet │ │ │ cloudFormationType: AWS::CodeBuild::Fleet │ │ │ documentation: The `AWS::CodeBuild::Fleet` resource configures a compute fleet, a set of dedicated instances for your build environment. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├Name: string │ │ │ ├BaseCapacity: integer │ │ │ ├EnvironmentType: string │ │ │ ├ComputeType: string │ │ │ └Tags: Array │ │ └ attributes │ │ └Arn: string │ └[~] resource AWS::CodeBuild::Project │ └ types │ └[~] type Environment │ └ properties │ └ Type: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::IdentityPool │ │ └ attributes │ │ └ Id: (documentation changed) │ ├[~] resource AWS::Cognito::IdentityPoolRoleAttachment │ │ └ attributes │ │ └ Id: (documentation changed) │ └[~] resource AWS::Cognito::UserPoolIdentityProvider │ └ properties │ ├ AttributeMapping: - json │ │ + Map ⇐ json │ └ ProviderDetails: - json │ + Map ⇐ json (required) ├[~] service aws-connect │ └ resources │ └[~] resource AWS::Connect::Rule │ └ types │ └[~] type FieldValue │ └ - documentation: The value of the field. │ + documentation: Object for case field values. ├[~] service aws-datasync │ └ resources │ └[~] resource AWS::DataSync::LocationS3 │ ├ properties │ │ ├ Subdirectory: (documentation changed) │ │ └ Tags: (documentation changed) │ └ types │ └[~] type S3Config │ ├ - documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket. │ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) in the *AWS DataSync User Guide* . │ │ + documentation: Specifies the Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that DataSync uses to access your S3 bucket. │ │ For more information, see [Accessing S3 buckets](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#create-s3-location-access) . │ └ properties │ └ BucketAccessRoleArn: (documentation changed) ├[~] service aws-datazone │ └ resources │ ├[~] resource AWS::DataZone::DataSource │ │ ├ - documentation: Definition of AWS::DataZone::DataSource Resource Type │ │ │ + documentation: The `AWS::DataZone::DataSource` resource specifies an Amazon DataZone data source that is used to import technical metadata of assets (data) from the source databases or data warehouses into Amazon DataZone. │ │ ├ properties │ │ │ ├ AssetFormsInput: (documentation changed) │ │ │ ├ Configuration: (documentation changed) │ │ │ ├ ProjectIdentifier: (documentation changed) │ │ │ └ Recommendation: (documentation changed) │ │ ├ attributes │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ LastRunAssetCount: (documentation changed) │ │ │ ├ LastRunAt: (documentation changed) │ │ │ ├ LastRunStatus: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ ├[~] type DataSourceConfigurationInput │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The configuration of the data source. │ │ │ └ properties │ │ │ ├ GlueRunConfiguration: (documentation changed) │ │ │ └ RedshiftRunConfiguration: (documentation changed) │ │ ├[~] type FilterExpression │ │ │ ├ - documentation: The search filter expression. │ │ │ │ + documentation: A filter expression in Amazon DataZone. │ │ │ └ properties │ │ │ ├ Expression: (documentation changed) │ │ │ └ Type: (documentation changed) │ │ ├[~] type GlueRunConfigurationInput │ │ │ └ - documentation: undefined │ │ │ + documentation: The configuration details of the AWS Glue data source. │ │ ├[~] type RecommendationConfiguration │ │ │ └ - documentation: The recommendation to be updated as part of the UpdateDataSource action. │ │ │ + documentation: The recommendation configuration for the data source. │ │ ├[~] type RedshiftClusterStorage │ │ │ └ - documentation: The name of an Amazon Redshift cluster. │ │ │ + documentation: The details of the Amazon Redshift cluster storage. │ │ ├[~] type RedshiftCredentialConfiguration │ │ │ └ - documentation: The ARN of a secret manager for an Amazon Redshift cluster. │ │ │ + documentation: The details of the credentials required to access an Amazon Redshift cluster. │ │ ├[~] type RedshiftRunConfigurationInput │ │ │ ├ - documentation: The configuration details of the Amazon Redshift data source. │ │ │ │ + documentation: The relational filter configurations included in the configuration details of the Amazon Redshift data source. │ │ │ └ properties │ │ │ ├ DataAccessRole: (documentation changed) │ │ │ ├ RedshiftCredentialConfiguration: (documentation changed) │ │ │ └ RelationalFilterConfigurations: (documentation changed) │ │ ├[~] type RedshiftStorage │ │ │ ├ - documentation: The details of the Amazon Redshift cluster source. │ │ │ │ + documentation: The details of the Amazon Redshift storage as part of the configuration of an Amazon Redshift data source run. │ │ │ └ properties │ │ │ ├ RedshiftClusterSource: (documentation changed) │ │ │ └ RedshiftServerlessSource: (documentation changed) │ │ └[~] type ScheduleConfiguration │ │ ├ - documentation: The schedule of the data source runs. │ │ │ + documentation: The details of the schedule of the data source runs. │ │ └ properties │ │ └ Timezone: (documentation changed) │ ├[~] resource AWS::DataZone::Domain │ │ ├ - documentation: A domain is an organizing entity for connecting together assets, users, and their projects │ │ │ + documentation: The `AWS::DataZone::Domain` resource specifies an Amazon DataZone domain. You can use domains to organize your assets, users, and their projects. │ │ ├ properties │ │ │ └ SingleSignOn: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ LastUpdatedAt: (documentation changed) │ │ │ └ PortalUrl: (documentation changed) │ │ └ types │ │ └[~] type SingleSignOn │ │ └ - documentation: The single-sign on configuration of the Amazon DataZone domain. │ │ + documentation: The single sign-on details in Amazon DataZone. │ ├[~] resource AWS::DataZone::Environment │ │ ├ - documentation: Definition of AWS::DataZone::Environment Resource Type │ │ │ + documentation: The `AWS::DataZone::Environment` resource specifies an Amazon DataZone environment, which is a collection of zero or more configured resources with a given set of IAM principals who can operate on those resources. │ │ ├ properties │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnvironmentProfileIdentifier: (documentation changed) │ │ │ ├ GlossaryTerms: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ ProjectIdentifier: (documentation changed) │ │ │ └ UserParameters: (documentation changed) │ │ ├ attributes │ │ │ ├ AwsAccountId: (documentation changed) │ │ │ ├ AwsAccountRegion: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ ├ EnvironmentProfileId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ ├ Provider: (documentation changed) │ │ │ └ Status: (documentation changed) │ │ └ types │ │ └[~] type EnvironmentParameter │ │ ├ - documentation: The parameter details of an environment. │ │ │ + documentation: The parameter details of the environment. │ │ └ properties │ │ ├ Name: (documentation changed) │ │ └ Value: (documentation changed) │ ├[~] resource AWS::DataZone::EnvironmentBlueprintConfiguration │ │ ├ - documentation: Definition of AWS::DataZone::EnvironmentBlueprintConfiguration Resource Type │ │ │ + documentation: The configuration details of an environment blueprint. │ │ ├ properties │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnabledRegions: (documentation changed) │ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed) │ │ │ ├ ManageAccessRoleArn: (documentation changed) │ │ │ ├ ProvisioningRoleArn: (documentation changed) │ │ │ └ RegionalParameters: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ └[~] type RegionalParameter │ │ ├ - documentation: undefined │ │ │ + documentation: The regional parameters in the environment blueprint. │ │ └ properties │ │ ├ Parameters: (documentation changed) │ │ └ Region: (documentation changed) │ ├[~] resource AWS::DataZone::EnvironmentProfile │ │ ├ - documentation: AWS Datazone Environment Profile is pre-configured set of resources and blueprints that provide reusable templates for creating environments. │ │ │ + documentation: The details of an environment profile. │ │ ├ properties │ │ │ ├ AwsAccountId: - string │ │ │ │ + string (required) │ │ │ │ (documentation changed) │ │ │ ├ AwsAccountRegion: - string │ │ │ │ + string (required) │ │ │ │ (documentation changed) │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ └ ProjectIdentifier: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ CreatedBy: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ └[~] type EnvironmentParameter │ │ └ properties │ │ ├ Name: (documentation changed) │ │ └ Value: (documentation changed) │ ├[~] resource AWS::DataZone::Project │ │ ├ - documentation: Amazon DataZone projects are business use case–based groupings of people, assets (data), and tools used to simplify access to the AWS analytics. │ │ │ + documentation: The `AWS::DataZone::Project` resource specifies an Amazon DataZone project. Projects enable a group of users to collaborate on various business use cases that involve publishing, discovering, subscribing to, and consuming data in the Amazon DataZone catalog. Project members consume assets from the Amazon DataZone catalog and produce new assets using one or more analytical workflows. │ │ ├ properties │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ └ Name: (documentation changed) │ │ └ attributes │ │ ├ CreatedAt: (documentation changed) │ │ ├ DomainId: (documentation changed) │ │ └ Id: (documentation changed) │ └[~] resource AWS::DataZone::SubscriptionTarget │ ├ - documentation: Subscription targets enables one to access the data to which you have subscribed in your projects. │ │ + documentation: The `AWS::DataZone::SubscriptionTarget` resource specifies an Amazon DataZone subscription target. Subscription targets enable you to access the data to which you have subscribed in your projects. A subscription target specifies the location (for example, a database or a schema) and the required permissions (for example, an IAM role) that Amazon DataZone can use to establish a connection with the source data and to create the necessary grants so that members of the Amazon DataZone project can start querying the data to which they have subscribed. │ ├ properties │ │ ├ ApplicableAssetTypes: (documentation changed) │ │ ├ AuthorizedPrincipals: (documentation changed) │ │ ├ DomainIdentifier: (documentation changed) │ │ └ EnvironmentIdentifier: (documentation changed) │ └ attributes │ ├ DomainId: (documentation changed) │ ├ EnvironmentId: (documentation changed) │ └ Id: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::Instance │ │ └ properties │ │ └ ElasticGpuSpecifications: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ ├[~] type LaunchTemplateData │ │ │ └ properties │ │ │ └ ElasticGpuSpecifications: (documentation changed) │ │ └[~] type TagSpecification │ │ └ properties │ │ └ ResourceType: (documentation changed) │ ├[~] resource AWS::EC2::NetworkAclEntry │ │ ├ properties │ │ │ ├ CidrBlock: (documentation changed) │ │ │ ├ Icmp: (documentation changed) │ │ │ ├ Ipv6CidrBlock: (documentation changed) │ │ │ └ PortRange: (documentation changed) │ │ └ types │ │ └[~] type Icmp │ │ └ properties │ │ └ Code: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroup │ │ ├ properties │ │ │ └ VpcId: (documentation changed) │ │ └ types │ │ ├[~] type Egress │ │ │ ├ - documentation: Adds the specified egress rules to a security group for use with a VPC. │ │ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. │ │ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. │ │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` . │ │ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. │ │ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) . │ │ │ │ Use `SecurityGroup.Ingress` and `SecurityGroup.Egress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) . │ │ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type. │ │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ └ properties │ │ │ ├ FromPort: (documentation changed) │ │ │ └ ToPort: (documentation changed) │ │ └[~] type Ingress │ │ ├ - documentation: Adds an inbound rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group. │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` . │ │ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. │ │ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. │ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type. │ │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ FromPort: (documentation changed) │ │ ├ SourceSecurityGroupId: (documentation changed) │ │ └ ToPort: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupEgress │ │ ├ - documentation: Adds the specified egress rules to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. │ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` . │ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. │ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) . │ │ │ Use `AWS::EC2::SecurityGroupIngress` and `AWS::EC2::SecurityGroupEgress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) . │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ FromPort: (documentation changed) │ │ └ ToPort: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupIngress │ │ └ - documentation: Adds an inbound rule to a security group. │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group. │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` . │ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. │ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ You must specify only one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ ├[~] resource AWS::EC2::Subnet │ │ └ properties │ │ ├ AssignIpv6AddressOnCreation: (documentation changed) │ │ ├ Ipv6CidrBlock: (documentation changed) │ │ └ Ipv6CidrBlocks: (documentation changed) │ └[~] resource AWS::EC2::SubnetCidrBlock │ └ properties │ └ Ipv6CidrBlock: (documentation changed) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ ├[~] type AwsVpcConfiguration │ │ │ └ - documentation: An object representing the networking details for a task or service. │ │ │ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` │ │ ├[~] type DeploymentConfiguration │ │ │ └ properties │ │ │ └ MinimumHealthyPercent: (documentation changed) │ │ ├[~] type ServiceConnectService │ │ │ └ properties │ │ │ ├ Timeout: (documentation changed) │ │ │ └ Tls: (documentation changed) │ │ ├[~] type ServiceConnectTlsCertificateAuthority │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that represents the AWS Private Certificate Authority certificate. │ │ │ └ properties │ │ │ └ AwsPcaAuthorityArn: (documentation changed) │ │ ├[~] type ServiceConnectTlsConfiguration │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that represents the configuration for Service Connect TLS. │ │ │ └ properties │ │ │ ├ IssuerCertificateAuthority: (documentation changed) │ │ │ ├ KmsKey: (documentation changed) │ │ │ └ RoleArn: (documentation changed) │ │ └[~] type TimeoutConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: An object that represents the timeout configurations for Service Connect. │ │ │ > If `idleTimeout` is set to a time that is less than `perRequestTimeout` , the connection will close when the `idleTimeout` is reached and not the `perRequestTimeout` . │ │ └ properties │ │ ├ IdleTimeoutSeconds: (documentation changed) │ │ └ PerRequestTimeoutSeconds: (documentation changed) │ ├[~] resource AWS::ECS::TaskDefinition │ │ └ types │ │ ├[~] type ContainerDefinition │ │ │ └ properties │ │ │ └ SystemControls: (documentation changed) │ │ └[~] type Ulimit │ │ └ - documentation: The `ulimit` settings to pass to the container. │ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `4096` . │ │ You can specify the `ulimit` settings for a container in a task definition. │ │ + documentation: The `ulimit` settings to pass to the container. │ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `65535` . │ │ You can specify the `ulimit` settings for a container in a task definition. │ └[~] resource AWS::ECS::TaskSet │ ├ - documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ You can create a maximum of 5 tasks sets for a deployment. │ │ + documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* . │ └ types │ └[~] type AwsVpcConfiguration │ └ - documentation: An object representing the networking details for a task or service. │ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` ├[~] service aws-eks │ └ resources │ └[~] resource AWS::EKS::Cluster │ └ - documentation: Creates an Amazon EKS control plane. │ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. │ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). │ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. │ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . │ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . │ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . │ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Managing Cluster Authentication](https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . │ + documentation: Creates an Amazon EKS control plane. │ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. │ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). │ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. │ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . │ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . │ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . │ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Allowing users to access your cluster](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . ├[~] service aws-elasticache │ └ resources │ └[~] resource AWS::ElastiCache::ServerlessCache │ ├ attributes │ │ ├ Endpoint.Port: - integer │ │ │ + integer ⇐ string │ │ └ ReaderEndpoint.Port: - integer │ │ + integer ⇐ string │ └ types │ └[~] type Endpoint │ └ properties │ └ Port: - integer │ + integer ⇐ string ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer │ └ properties │ └ EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: (documentation changed) ├[~] service aws-fis │ └ resources │ └[~] resource AWS::FIS::ExperimentTemplate │ ├ - documentation: Specifies an experiment template. │ │ An experiment template includes the following components: │ │ - *Targets* : A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags. │ │ - *Actions* : The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment. │ │ - *Stop conditions* : If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm. │ │ For more information, see [Experiment templates](https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes an experiment template. │ └ types │ ├[~] type ExperimentTemplateAction │ │ └ - documentation: Specifies an action for an experiment template. │ │ For more information, see [Actions](https://docs.aws.amazon.com/fis/latest/userguide/actions.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes an action for an experiment template. │ ├[~] type ExperimentTemplateLogConfiguration │ │ ├ - documentation: Specifies the configuration for experiment logging. │ │ │ For more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Service User Guide* . │ │ │ + documentation: Describes the configuration for experiment logging. │ │ └ properties │ │ ├ CloudWatchLogsConfiguration: (documentation changed) │ │ └ S3Configuration: (documentation changed) │ ├[~] type ExperimentTemplateStopCondition │ │ └ - documentation: Specifies a stop condition for an experiment template. │ │ For more information, see [Stop conditions](https://docs.aws.amazon.com/fis/latest/userguide/stop-conditions.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes a stop condition for an experiment template. │ ├[~] type ExperimentTemplateTarget │ │ ├ - documentation: Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags. │ │ │ For more information, see [Targets](https://docs.aws.amazon.com/fis/latest/userguide/targets.html) in the *AWS Fault Injection Service User Guide* . │ │ │ + documentation: Describes a target for an experiment template. │ │ └ properties │ │ └ Parameters: (documentation changed) │ └[~] type ExperimentTemplateTargetFilter │ └ - documentation: Specifies a filter used for the target resource input in an experiment template. │ For more information, see [Resource filters](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters) in the *AWS Fault Injection Service User Guide* . │ + documentation: Describes a filter used for the target resources in an experiment template. ├[~] service aws-guardduty │ └ resources │ └[~] resource AWS::GuardDuty::Filter │ ├ properties │ │ ├ Action: - string (required) │ │ │ + string │ │ ├ Description: - string (required) │ │ │ + string │ │ ├ DetectorId: - string (required, immutable) │ │ │ + string (immutable) │ │ ├ Name: - string (required, immutable) │ │ │ + string (immutable) │ │ ├ Rank: - integer (required) │ │ │ + integer │ │ └ Tags: - Array │ │ + Array ⇐ Array │ └ types │ ├[~] type FindingCriteria │ │ └ properties │ │ ├ Criterion: - json │ │ │ + Map ⇐ json │ │ └ ItemType: (documentation changed) │ └[+] type TagItem │ ├ name: TagItem │ └ properties │ ├Key: string (required) │ └Value: string (required) ├[~] service aws-internetmonitor │ └ resources │ └[~] resource AWS::InternetMonitor::Monitor │ └ types │ ├[~] type InternetMeasurementsLogDelivery │ │ └ properties │ │ └ S3Config: (documentation changed) │ └[~] type S3Config │ ├ - documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs. │ │ + documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) bucket prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` if you choose to deliver internet measurements to S3 logs, and `DISABLED` otherwise. │ │ The measurements are also published to Amazon CloudWatch Logs. │ └ properties │ ├ BucketName: (documentation changed) │ ├ BucketPrefix: (documentation changed) │ └ LogDeliveryStatus: (documentation changed) ├[~] service aws-ivs │ └ resources │ ├[~] resource AWS::IVS::Channel │ │ └ - documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/APIReference/API_CreateChannel.html) in the *Amazon Interactive Video Service API Reference* . │ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead. │ │ + documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_CreateChannel.html) in the *Amazon IVS Low-Latency Streaming API Reference* . │ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead. │ ├[~] resource AWS::IVS::PlaybackKeyPair │ │ └ - documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html) in the *Amazon Interactive Video Service User Guide* . │ │ + documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/private-channels.html) in the *Amazon IVS Low-Latency Streaming User Guide* . │ ├[~] resource AWS::IVS::RecordingConfiguration │ │ ├ - documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/APIReference/API_RecordingConfiguration.html) in the *Amazon Interactive Video Service API Reference* . │ │ │ + documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_RecordingConfiguration.html) in the *Amazon IVS Low-Latency Streaming API Reference* . │ │ └ types │ │ ├[~] type RenditionConfiguration │ │ │ └ properties │ │ │ └ Renditions: (documentation changed) │ │ └[~] type ThumbnailConfiguration │ │ └ properties │ │ ├ Resolution: (documentation changed) │ │ └ TargetIntervalSeconds: (documentation changed) │ └[~] resource AWS::IVS::Stage │ ├ - documentation: Resource Definition for type AWS::IVS::Stage. │ │ + documentation: The `AWS::IVS::Stage` resource specifies an stage. A stage is a virtual space where participants can exchange video in real time. For more information, see [CreateStage](https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_CreateStage.html) in the *Amazon IVS Real-Time Streaming API Reference* . │ ├ properties │ │ ├ Name: (documentation changed) │ │ └ Tags: (documentation changed) │ └ attributes │ ├ ActiveSessionId: (documentation changed) │ └ Arn: (documentation changed) ├[~] service aws-kendra │ └ resources │ └[~] resource AWS::Kendra::Faq │ └ properties │ └[+] LanguageCode: string ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ ├ properties │ │ └[+] SnowflakeDestinationConfiguration: SnowflakeDestinationConfiguration │ └ types │ ├[+] type SnowflakeDestinationConfiguration │ │ ├ name: SnowflakeDestinationConfiguration │ │ └ properties │ │ ├AccountUrl: string (required) │ │ ├PrivateKey: string (required) │ │ ├KeyPassphrase: string │ │ ├User: string (required) │ │ ├Database: string (required) │ │ ├Schema: string (required) │ │ ├Table: string (required) │ │ ├SnowflakeRoleConfiguration: SnowflakeRoleConfiguration │ │ ├DataLoadingOption: string │ │ ├MetaDataColumnName: string │ │ ├ContentColumnName: string │ │ ├SnowflakeVpcConfiguration: SnowflakeVpcConfiguration (immutable) │ │ ├CloudWatchLoggingOptions: CloudWatchLoggingOptions │ │ ├ProcessingConfiguration: ProcessingConfiguration │ │ ├RoleARN: string (required) │ │ ├RetryOptions: SnowflakeRetryOptions │ │ ├S3BackupMode: string │ │ └S3Configuration: S3DestinationConfiguration (required) │ ├[+] type SnowflakeRetryOptions │ │ ├ name: SnowflakeRetryOptions │ │ └ properties │ │ └DurationInSeconds: integer │ ├[+] type SnowflakeRoleConfiguration │ │ ├ name: SnowflakeRoleConfiguration │ │ └ properties │ │ ├Enabled: boolean │ │ └SnowflakeRole: string │ └[+] type SnowflakeVpcConfiguration │ ├ name: SnowflakeVpcConfiguration │ └ properties │ └PrivateLinkVpceId: string (required) ├[~] service aws-lakeformation │ └ resources │ └[~] resource AWS::LakeFormation::Resource │ └ properties │ └ HybridAccessEnabled: (documentation changed) ├[~] service aws-networkmanager │ └ resources │ └[~] resource AWS::NetworkManager::Device │ └ attributes │ └ CreatedAt: (documentation changed) ├[~] service aws-opensearchservice │ └ resources │ └[~] resource AWS::OpenSearchService::Domain │ └ types │ ├[~] type ClusterConfig │ │ └ properties │ │ └ ColdStorageOptions: (documentation changed) │ └[~] type ColdStorageOptions │ ├ - documentation: Specifies options for cold storage. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) . │ │ + documentation: Container for the parameters required to enable cold storage for an OpenSearch Service domain. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) . │ └ properties │ └ Enabled: (documentation changed) ├[~] service aws-route53 │ └ resources │ └[~] resource AWS::Route53::RecordSetGroup │ └ attributes │ └ Id: (documentation changed) ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::FirewallRuleGroup │ └ types │ └[~] type FirewallRule │ └ properties │ └[+] Qtype: string ├[~] service aws-servicecatalogappregistry │ └ resources │ └[~] resource AWS::ServiceCatalogAppRegistry::Application │ └ attributes │ ├ ApplicationTagKey: (documentation changed) │ └ ApplicationTagValue: (documentation changed) ├[+] service aws-ssmguiconnect │ ├ capitalized: SSMGuiConnect │ │ cloudFormationNamespace: AWS::SSMGuiConnect │ │ name: aws-ssmguiconnect │ │ shortName: ssmguiconnect │ └ resources │ └resource AWS::SSMGuiConnect::Preferences │ ├ name: Preferences │ │ cloudFormationType: AWS::SSMGuiConnect::Preferences │ │ documentation: Definition of AWS::SSMGuiConnect::Preferences Resource Type │ ├ properties │ │ └IdleConnection: Array │ ├ attributes │ │ └AccountId: string │ └ types │ ├type IdleConnectionPreferences │ │├ documentation: Idle Connection Preferences │ ││ name: IdleConnectionPreferences │ │└ properties │ │ ├Timeout: IdleConnectionTimeout │ │ └Alert: IdleConnectionAlert │ ├type IdleConnectionTimeout │ │├ name: IdleConnectionTimeout │ │└ properties │ │ ├Type: string │ │ └Value: integer (required, default=10) │ └type IdleConnectionAlert │ ├ name: IdleConnectionAlert │ └ properties │ ├Type: string │ └Value: integer (required, default=1) └[~] service aws-transfer └ resources └[~] resource AWS::Transfer::Connector └ types └[~] type SftpConfig └ properties └ TrustedHostKeys: (documentation changed) ``` --- .../@aws-cdk/cloudformation-diff/package.json | 4 +- packages/@aws-cdk/integ-runner/package.json | 2 +- .../aws-ssmguiconnect/.jsiirc.json | 13 +++++++ .../aws-cdk-lib/aws-ssmguiconnect/README.md | 39 +++++++++++++++++++ .../aws-cdk-lib/aws-ssmguiconnect/index.ts | 1 + .../aws-ssmguiconnect/lib/index.ts | 2 + packages/aws-cdk-lib/index.ts | 1 + packages/aws-cdk-lib/package.json | 3 +- packages/aws-cdk-lib/scripts/scope-map.json | 3 ++ tools/@aws-cdk/spec2cdk/package.json | 6 +-- yarn.lock | 28 ++++++------- 11 files changed, 81 insertions(+), 21 deletions(-) create mode 100644 packages/aws-cdk-lib/aws-ssmguiconnect/.jsiirc.json create mode 100644 packages/aws-cdk-lib/aws-ssmguiconnect/README.md create mode 100644 packages/aws-cdk-lib/aws-ssmguiconnect/index.ts create mode 100644 packages/aws-cdk-lib/aws-ssmguiconnect/lib/index.ts diff --git a/packages/@aws-cdk/cloudformation-diff/package.json b/packages/@aws-cdk/cloudformation-diff/package.json index 784725bf8d021..eeaa1bd22b5ad 100644 --- a/packages/@aws-cdk/cloudformation-diff/package.json +++ b/packages/@aws-cdk/cloudformation-diff/package.json @@ -23,8 +23,8 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.0.43", - "@aws-cdk/service-spec-types": "^0.0.43", + "@aws-cdk/aws-service-spec": "^0.0.44", + "@aws-cdk/service-spec-types": "^0.0.44", "chalk": "^4", "diff": "^5.1.0", "fast-deep-equal": "^3.1.3", diff --git a/packages/@aws-cdk/integ-runner/package.json b/packages/@aws-cdk/integ-runner/package.json index 62a5d951d931c..72ca7ea6f07c9 100644 --- a/packages/@aws-cdk/integ-runner/package.json +++ b/packages/@aws-cdk/integ-runner/package.json @@ -74,7 +74,7 @@ "@aws-cdk/cloud-assembly-schema": "0.0.0", "@aws-cdk/cloudformation-diff": "0.0.0", "@aws-cdk/cx-api": "0.0.0", - "@aws-cdk/aws-service-spec": "^0.0.43", + "@aws-cdk/aws-service-spec": "^0.0.44", "cdk-assets": "0.0.0", "@aws-cdk/cdk-cli-wrapper": "0.0.0", "aws-cdk": "0.0.0", diff --git a/packages/aws-cdk-lib/aws-ssmguiconnect/.jsiirc.json b/packages/aws-cdk-lib/aws-ssmguiconnect/.jsiirc.json new file mode 100644 index 0000000000000..359b4c67c845c --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmguiconnect/.jsiirc.json @@ -0,0 +1,13 @@ +{ + "targets": { + "java": { + "package": "software.amazon.awscdk.services.ssmguiconnect" + }, + "dotnet": { + "package": "Amazon.CDK.AWS.SSMGuiConnect" + }, + "python": { + "module": "aws_cdk.aws_ssmguiconnect" + } + } +} diff --git a/packages/aws-cdk-lib/aws-ssmguiconnect/README.md b/packages/aws-cdk-lib/aws-ssmguiconnect/README.md new file mode 100644 index 0000000000000..d1cceb7f197fd --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmguiconnect/README.md @@ -0,0 +1,39 @@ +# AWS::SSMGuiConnect Construct Library + + +--- + +![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) + +> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use. +> +> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib + +--- + + + +This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. + +```ts nofixture +import * as ssmguiconnect from 'aws-cdk-lib/aws-ssmguiconnect'; +``` + + + +There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed: + +- Search [Construct Hub for SSMGuiConnect construct libraries](https://constructs.dev/search?q=ssmguiconnect) +- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::SSMGuiConnect resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SSMGuiConnect.html) directly. + + + + +There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. +However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly. + +For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::SSMGuiConnect](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SSMGuiConnect.html). + +(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.) + + diff --git a/packages/aws-cdk-lib/aws-ssmguiconnect/index.ts b/packages/aws-cdk-lib/aws-ssmguiconnect/index.ts new file mode 100644 index 0000000000000..f41a696fd204d --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmguiconnect/index.ts @@ -0,0 +1 @@ +export * from './lib'; diff --git a/packages/aws-cdk-lib/aws-ssmguiconnect/lib/index.ts b/packages/aws-cdk-lib/aws-ssmguiconnect/lib/index.ts new file mode 100644 index 0000000000000..6947818ff2042 --- /dev/null +++ b/packages/aws-cdk-lib/aws-ssmguiconnect/lib/index.ts @@ -0,0 +1,2 @@ +// AWS::SSMGuiConnect Cloudformation Resources +export * from './ssmguiconnect.generated'; diff --git a/packages/aws-cdk-lib/index.ts b/packages/aws-cdk-lib/index.ts index 6d4c6de2974ec..a8457fc0d9e8b 100644 --- a/packages/aws-cdk-lib/index.ts +++ b/packages/aws-cdk-lib/index.ts @@ -241,6 +241,7 @@ export * as aws_sns_subscriptions from './aws-sns-subscriptions'; export * as aws_sqs from './aws-sqs'; export * as aws_ssm from './aws-ssm'; export * as aws_ssmcontacts from './aws-ssmcontacts'; +export * as aws_ssmguiconnect from './aws-ssmguiconnect'; export * as aws_ssmincidents from './aws-ssmincidents'; export * as aws_sso from './aws-sso'; export * as aws_stepfunctions from './aws-stepfunctions'; diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index ccf73497a6bfc..b04669dd9a659 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -133,7 +133,7 @@ "yaml": "1.10.2" }, "devDependencies": { - "@aws-cdk/aws-service-spec": "^0.0.43", + "@aws-cdk/aws-service-spec": "^0.0.44", "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/custom-resource-handlers": "0.0.0", "@aws-cdk/pkglint": "0.0.0", @@ -454,6 +454,7 @@ "./aws-sqs": "./aws-sqs/index.js", "./aws-ssm": "./aws-ssm/index.js", "./aws-ssmcontacts": "./aws-ssmcontacts/index.js", + "./aws-ssmguiconnect": "./aws-ssmguiconnect/index.js", "./aws-ssmincidents": "./aws-ssmincidents/index.js", "./aws-sso": "./aws-sso/index.js", "./aws-stepfunctions": "./aws-stepfunctions/index.js", diff --git a/packages/aws-cdk-lib/scripts/scope-map.json b/packages/aws-cdk-lib/scripts/scope-map.json index 758662cf020e9..19018f7aaba56 100644 --- a/packages/aws-cdk-lib/scripts/scope-map.json +++ b/packages/aws-cdk-lib/scripts/scope-map.json @@ -648,6 +648,9 @@ "aws-ssmcontacts": [ "AWS::SSMContacts" ], + "aws-ssmguiconnect": [ + "AWS::SSMGuiConnect" + ], "aws-ssmincidents": [ "AWS::SSMIncidents" ], diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index 1a927a668cd5d..1cfe6318943b7 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.0.43", - "@aws-cdk/service-spec-importers": "^0.0.16", - "@aws-cdk/service-spec-types": "^0.0.43", + "@aws-cdk/aws-service-spec": "^0.0.44", + "@aws-cdk/service-spec-importers": "^0.0.17", + "@aws-cdk/service-spec-types": "^0.0.44", "@cdklabs/tskb": "^0.0.3", "@cdklabs/typewriter": "^0.0.3", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index cfc2af0d81d04..d4e32c37e6375 100644 --- a/yarn.lock +++ b/yarn.lock @@ -56,12 +56,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac" integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg== -"@aws-cdk/aws-service-spec@^0.0.43": - version "0.0.43" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.43.tgz#7d0e0c3a2259426628dd552a7450299782513733" - integrity sha512-sir1+8H/xY85BJlVUgwUcRfV8mjnerEq24rcQ8vE5W7ae2BQCbWXQjUfhNMr5cyiMA4XKw59dBN3g4JHv1Gp0w== +"@aws-cdk/aws-service-spec@^0.0.44": + version "0.0.44" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.44.tgz#b19edab0af2b76320bc53bafe7757c0c377d7904" + integrity sha512-Br1XXJAdHsgxoImGsCrDJrITo0E0y88roGiCdDw16WsMKWWpWLz7z2+PtqGiMQ+X0GKHKaNQ8MGLJ+J8kjEk8A== dependencies: - "@aws-cdk/service-spec-types" "^0.0.43" + "@aws-cdk/service-spec-types" "^0.0.44" "@cdklabs/tskb" "^0.0.3" "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": @@ -69,12 +69,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v24/-/lambda-layer-kubectl-v24-2.0.242.tgz#4273a5ad7714f933a7eba155eb9280823086db71" integrity sha512-7/wIOo685tmrEe4hh6zqDELhBZh5OQGf3Hd2FU2Vnwy2ZubW8qTmEw5gqJCsCrGKeYDoa1BcVhDRZ/nzjkaqyA== -"@aws-cdk/service-spec-importers@^0.0.16": - version "0.0.16" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.16.tgz#897a7e2aa8ed08e3a12331e0f87484537f128405" - integrity sha512-YkJlFCNTF4sLJc2I7ePD9mDzy3R8p6xoypiPaQ7HgRIpVc0LbX/LCqBU0ml1pM9Qiy0gq1uOHjHxFNF4kYq9kQ== +"@aws-cdk/service-spec-importers@^0.0.17": + version "0.0.17" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.17.tgz#910b3c13d3491f881f1bc0991a25e33b64a22ec6" + integrity sha512-Hvkh7K0IEsdGsaavh2FXonWqfbp2q7bZR1WQGdyS9bWI4VRAMa33TciVO7KAFzmGqN86LM20kc3WXbDE0egkUQ== dependencies: - "@aws-cdk/service-spec-types" "^0.0.43" + "@aws-cdk/service-spec-types" "^0.0.44" "@cdklabs/tskb" "^0.0.3" ajv "^6" canonicalize "^2.0.0" @@ -85,10 +85,10 @@ glob "^8" sort-json "^2.0.1" -"@aws-cdk/service-spec-types@^0.0.43": - version "0.0.43" - resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.43.tgz#71a7555bd989650b711ec3ade943f239305ddf6f" - integrity sha512-jFPbTNsEKMVtnh87iUM6wnvbus2dxcPDZPCCmmmauln95O0iRd+cNoygsEzAzPFl9/Dk7Vg8PwHj+2nVN95bwg== +"@aws-cdk/service-spec-types@^0.0.44": + version "0.0.44" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.44.tgz#ef2b13f22c3d37347db29b09540680aeb08d4887" + integrity sha512-T7JKNmcQWLkt+wCreAfMcQkJ2C6eyGvoVAWeZHi8+XKHz1WTxyZfSkqk9BiI60+BSoISP9MSklCmzseQIgpYQQ== dependencies: "@cdklabs/tskb" "^0.0.3"