feat: update L1 CloudFormation resource definitions #30182
Merged
+21
−28
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aws-cdk-automation
added
auto-approve
contribution/core
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
force-pushed
the
automation/spec-update
branch
from
bc292d8
to
e0ed64f
Compare
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
aws-cdk-automation
force-pushed
the
automation/spec-update
branch
from
e0ed64f
to
5c472e6
Compare
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
2 tasks
atanaspam
pushed a commit
to atanaspam/aws-cdk
that referenced
this pull request
Jun 3, 2024
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-amplify
│ └ resources
│ └[~] resource AWS::Amplify::Branch
│ ├ properties
│ │ └ Backend: (documentation changed)
│ └ types
│ └[~] type Backend
│ └ - documentation: Describes the backend properties associated with an Amplify `Branch` .
│ + documentation: Describes the backend associated with an Amplify `Branch` .
│ This property is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
├[~] service aws-backup
│ └ resources
│ └[~] resource AWS::Backup::BackupVault
│ └ properties
│ └ BackupVaultName: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│ ├[~] resource AWS::Bedrock::Agent
│ │ ├ properties
│ │ │ └ TestAliasTags: (documentation changed)
│ │ └ types
│ │ ├[~] type ActionGroupExecutor
│ │ │ ├ - documentation: Contains details about the Lambda function containing the business logic that is carried out upon invoking the action.
│ │ │ │ + documentation: Contains details about the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.
│ │ │ └ properties
│ │ │ ├[+] CustomControl: string
│ │ │ └ Lambda: - string (required)
│ │ │ + string
│ │ ├[~] type AgentActionGroup
│ │ │ └ properties
│ │ │ ├ ActionGroupExecutor: (documentation changed)
│ │ │ └[+] FunctionSchema: FunctionSchema
│ │ ├[+] type Function
│ │ │ ├ documentation: Defines parameters that the agent needs to invoke from the user to complete the function. Corresponds to an action in an action group.
│ │ │ │ This data type is used in the following API operations:
│ │ │ │ - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│ │ │ │ - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│ │ │ │ - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│ │ │ │ name: Function
│ │ │ └ properties
│ │ │ ├Name: string (required)
│ │ │ ├Description: string
│ │ │ └Parameters: Map<string, ParameterDetail>
│ │ ├[+] type FunctionSchema
│ │ │ ├ documentation: Defines functions that each define parameters that the agent needs to invoke from the user. Each function represents an action in an action group.
│ │ │ │ This data type is used in the following API operations:
│ │ │ │ - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│ │ │ │ - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│ │ │ │ - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│ │ │ │ name: FunctionSchema
│ │ │ └ properties
│ │ │ └Functions: Array<Function> (required)
│ │ └[+] type ParameterDetail
│ │ ├ documentation: Contains details about a parameter in a function for an action group.
│ │ │ This data type is used in the following API operations:
│ │ │ - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│ │ │ - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│ │ │ - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│ │ │ - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│ │ │ - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│ │ │ name: ParameterDetail
│ │ └ properties
│ │ ├Description: string
│ │ ├Type: string (required)
│ │ └Required: boolean
│ └[+] resource AWS::Bedrock::GuardrailVersion
│ ├ name: GuardrailVersion
│ │ cloudFormationType: AWS::Bedrock::GuardrailVersion
│ │ documentation: Creates a version of the guardrail. Use this API to create a snapshot of the guardrail when you are satisfied with a configuration, or to compare the configuration with another version.
│ ├ properties
│ │ ├Description: string (immutable)
│ │ └GuardrailIdentifier: string (required, immutable)
│ └ attributes
│ ├GuardrailArn: string
│ ├GuardrailId: string
│ └Version: string
├[~] service aws-budgets
│ └ resources
│ ├[~] resource AWS::Budgets::Budget
│ │ ├ properties
│ │ │ └[+] ResourceTags: Array<ResourceTag>
│ │ └ types
│ │ └[+] type ResourceTag
│ │ ├ documentation: The tag structure that contains a tag key and value.
│ │ │ name: ResourceTag
│ │ └ properties
│ │ ├Value: string
│ │ └Key: string (required)
│ └[~] resource AWS::Budgets::BudgetsAction
│ ├ - tagInformation: undefined
│ │ + tagInformation: {"tagPropertyName":"ResourceTags","variant":"standard"}
│ ├ properties
│ │ └[+] ResourceTags: Array<ResourceTag>
│ └ types
│ └[+] type ResourceTag
│ ├ documentation: The tag structure that contains a tag key and value.
│ │ name: ResourceTag
│ └ properties
│ ├Key: string (required)
│ └Value: string (required)
├[~] service aws-cloudtrail
│ └ resources
│ ├[~] resource AWS::CloudTrail::EventDataStore
│ │ └ types
│ │ └[~] type AdvancedFieldSelector
│ │ └ properties
│ │ └ Field: (documentation changed)
│ └[~] resource AWS::CloudTrail::Trail
│ └ types
│ └[~] type AdvancedFieldSelector
│ └ properties
│ └ Field: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│ └[~] resource AWS::CodePipeline::Pipeline
│ └ types
│ ├[+] type FailureConditions
│ │ ├ name: FailureConditions
│ │ └ properties
│ │ └Result: string (required)
│ └[~] type StageDeclaration
│ └ properties
│ └[+] OnFailure: FailureConditions
├[~] service aws-datazone
│ └ resources
│ ├[+] resource AWS::DataZone::GroupProfile
│ │ ├ name: GroupProfile
│ │ │ cloudFormationType: AWS::DataZone::GroupProfile
│ │ │ documentation: Group profiles represent groups of Amazon DataZone users. Groups can be manually created, or mapped to Active Directory groups of enterprise customers. In Amazon DataZone, groups serve two purposes. First, a group can map to a team of users in the organizational chart, and thus reduce the administrative work of a Amazon DataZone project owner when there are new employees joining or leaving a team. Second, corporate administrators use Active Directory groups to manage and update user statuses and so Amazon DataZone domain administrators can use these group memberships to implement Amazon DataZone domain policies.
│ │ ├ properties
│ │ │ ├DomainIdentifier: string (required, immutable)
│ │ │ ├GroupIdentifier: string (required, immutable)
│ │ │ └Status: string
│ │ └ attributes
│ │ ├DomainId: string
│ │ ├GroupName: string
│ │ └Id: string
│ ├[+] resource AWS::DataZone::ProjectMembership
│ │ ├ name: ProjectMembership
│ │ │ cloudFormationType: AWS::DataZone::ProjectMembership
│ │ │ documentation: Definition of AWS::DataZone::ProjectMembership Resource Type
│ │ ├ properties
│ │ │ ├ProjectIdentifier: string (required, immutable)
│ │ │ ├Designation: string (required)
│ │ │ ├Member: Member (required, immutable)
│ │ │ └DomainIdentifier: string (required, immutable)
│ │ └ types
│ │ └type Member
│ │ ├ name: Member
│ │ └ properties
│ │ ├UserIdentifier: string
│ │ └GroupIdentifier: string
│ └[+] resource AWS::DataZone::UserProfile
│ ├ name: UserProfile
│ │ cloudFormationType: AWS::DataZone::UserProfile
│ │ documentation: A user profile represents Amazon DataZone users. Amazon DataZone supports both IAM roles and SSO identities to interact with the Amazon DataZone Management Console and the data portal for different purposes. Domain administrators use IAM roles to perform the initial administrative domain-related work in the Amazon DataZone Management Console, including creating new Amazon DataZone domains, configuring metadata form types, and implementing policies. Data workers use their SSO corporate identities via Identity Center to log into the Amazon DataZone Data Portal and access projects where they have memberships.
│ ├ properties
│ │ ├DomainIdentifier: string (required, immutable)
│ │ ├Status: string
│ │ ├UserIdentifier: string (required, immutable)
│ │ └UserType: string (immutable)
│ ├ attributes
│ │ ├DomainId: string
│ │ ├Type: string
│ │ ├Id: string
│ │ └Details: UserProfileDetails
│ └ types
│ ├type UserProfileDetails
│ │├ name: UserProfileDetails
│ │└ properties
│ │ ├Iam: IamUserProfileDetails
│ │ └Sso: SsoUserProfileDetails
│ ├type IamUserProfileDetails
│ │├ documentation: The details of the IAM User Profile.
│ ││ name: IamUserProfileDetails
│ │└ properties
│ │ └Arn: string
│ └type SsoUserProfileDetails
│ ├ documentation: The details of the SSO User Profile.
│ │ name: SsoUserProfileDetails
│ └ properties
│ ├Username: string
│ ├FirstName: string
│ └LastName: string
├[~] service aws-dynamodb
│ └ resources
│ ├[~] resource AWS::DynamoDB::GlobalTable
│ │ ├ properties
│ │ │ └ WriteOnDemandThroughputSettings: (documentation changed)
│ │ └ types
│ │ ├[~] type GlobalSecondaryIndex
│ │ │ └ properties
│ │ │ └ WriteOnDemandThroughputSettings: (documentation changed)
│ │ ├[~] type ReadOnDemandThroughputSettings
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Sets the read request settings for a replica table or a replica global secondary index. You must specify this setting if you set the `BillingMode` to `PAY_PER_REQUEST` .
│ │ │ └ properties
│ │ │ └ MaxReadRequestUnits: (documentation changed)
│ │ ├[~] type ReplicaGlobalSecondaryIndexSpecification
│ │ │ └ properties
│ │ │ └ ReadOnDemandThroughputSettings: (documentation changed)
│ │ ├[~] type ReplicaSpecification
│ │ │ └ properties
│ │ │ └ ReadOnDemandThroughputSettings: (documentation changed)
│ │ └[~] type WriteOnDemandThroughputSettings
│ │ ├ - documentation: undefined
│ │ │ + documentation: Sets the write request settings for a global table or a global secondary index. You must specify this setting if you set the `BillingMode` to `PAY_PER_REQUEST` .
│ │ └ properties
│ │ └ MaxWriteRequestUnits: (documentation changed)
│ └[~] resource AWS::DynamoDB::Table
│ ├ properties
│ │ └ OnDemandThroughput: (documentation changed)
│ └ types
│ ├[~] type GlobalSecondaryIndex
│ │ └ properties
│ │ └ OnDemandThroughput: (documentation changed)
│ └[~] type OnDemandThroughput
│ ├ - documentation: undefined
│ │ + documentation: Sets the maximum number of read and write units for the specified on-demand table. If you use this property, you must specify `MaxReadRequestUnits` , `MaxWriteRequestUnits` , or both.
│ └ properties
│ ├ MaxReadRequestUnits: (documentation changed)
│ └ MaxWriteRequestUnits: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::LaunchTemplate
│ │ └ types
│ │ ├[~] type LaunchTemplateTagSpecification
│ │ │ └ properties
│ │ │ └ ResourceType: (documentation changed)
│ │ └[~] type TagSpecification
│ │ └ properties
│ │ └ ResourceType: (documentation changed)
│ └[~] resource AWS::EC2::SpotFleet
│ └ types
│ └[~] type SpotFleetRequestConfigData
│ └ properties
│ └ AllocationStrategy: (documentation changed)
├[~] service aws-ecs
│ └ resources
│ └[~] resource AWS::ECS::Service
│ ├ - documentation: The `AWS::ECS::Service` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
│ │ > The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect `ServiceConnectService` is configured. This is because AWS CloudFormation creates the replacement service first, but each `ServiceConnectService` must have a name that is unique in the namespace. > Starting April 15, 2023, AWS ; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS , or Amazon EC2 . However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
│ │ + documentation: The `AWS::ECS::Service` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
│ │ > The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect `ServiceConnectConfiguration` property the is configured. This is because AWS CloudFormation creates the replacement service first, but each `ServiceConnectService` must have a name that is unique in the namespace. > Starting April 15, 2023, AWS ; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS , or Amazon EC2 . However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
│ └ types
│ ├[~] type ServiceConnectTlsCertificateAuthority
│ │ └ - documentation: An object that represents the AWS Private Certificate Authority certificate.
│ │ + documentation: The certificate root authority that secures your service.
│ └[~] type ServiceConnectTlsConfiguration
│ └ - documentation: An object that represents the configuration for Service Connect TLS.
│ + documentation: The key that encrypts and decrypts your resources for Service Connect TLS.
├[~] service aws-elasticache
│ └ resources
│ └[~] resource AWS::ElastiCache::ParameterGroup
│ └ attributes
│ └[+] CacheParameterGroupName: string
├[~] service aws-events
│ └ resources
│ ├[~] resource AWS::Events::Archive
│ │ └ - documentation: Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
│ │ + documentation: Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
│ │ > Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:
│ │ >
│ │ > - You call `[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)` on an event bus set to use a customer managed key for encryption.
│ │ > - You call `[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)` on an event bus set to use a customer managed key for encryption.
│ │ > - You call `[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)` to set a customer managed key on an event bus with an archives or schema discovery enabled.
│ │ >
│ │ > To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see [Data encryption in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html) in the *Amazon EventBridge User Guide* .
│ ├[~] resource AWS::Events::Endpoint
│ │ └ - documentation: A global endpoint used to improve your application's availability by making it regional-fault tolerant. For more information about global endpoints, see [Making applications Regional-fault tolerant with global endpoints and event replication](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-global-endpoints.html) in the *Amazon EventBridge User Guide* .
│ │ + documentation: A global endpoint used to improve your application's availability by making it regional-fault tolerant. For more information about global endpoints, see [Making applications Regional-fault tolerant with global endpoints and event replication](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-global-endpoints.html) in the **Amazon EventBridge User Guide** .
│ ├[~] resource AWS::Events::EventBus
│ │ ├ properties
│ │ │ ├[+] DeadLetterConfig: DeadLetterConfig
│ │ │ ├[+] Description: string
│ │ │ └[+] KmsKeyIdentifier: string
│ │ └ types
│ │ └[+] type DeadLetterConfig
│ │ ├ documentation: Dead Letter Queue for the event bus.
│ │ │ name: DeadLetterConfig
│ │ └ properties
│ │ └Arn: string
│ ├[~] resource AWS::Events::EventBusPolicy
│ │ └ - documentation: Running `PutPermission` permits the specified AWS account or AWS organization to put events to the specified *event bus* . Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
│ │ For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
│ │ To enable multiple AWS accounts to put events to your event bus, run `PutPermission` once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run `PutPermission` once specifying `Principal` as "*" and specifying the AWS organization ID in `Condition` , to grant permissions to all accounts in that organization.
│ │ If you grant permissions using an organization, then accounts in that organization must specify a `RoleArn` with proper permissions when they use `PutTarget` to add your account's event bus as a target. For more information, see [Sending and Receiving Events Between AWS Accounts](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html) in the *Amazon EventBridge User Guide* .
│ │ The permission policy on the event bus cannot exceed 10 KB in size.
│ │ + documentation: Running `PutPermission` permits the specified AWS account or AWS organization to put events to the specified *event bus* . Amazon EventBridge rules in your account are triggered by these events arriving to an event bus in your account.
│ │ For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
│ │ To enable multiple AWS accounts to put events to your event bus, run `PutPermission` once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run `PutPermission` once specifying `Principal` as "*" and specifying the AWS organization ID in `Condition` , to grant permissions to all accounts in that organization.
│ │ If you grant permissions using an organization, then accounts in that organization must specify a `RoleArn` with proper permissions when they use `PutTarget` to add your account's event bus as a target. For more information, see [Sending and Receiving Events Between AWS Accounts](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html) in the *Amazon EventBridge User Guide* .
│ │ The permission policy on the event bus cannot exceed 10 KB in size.
│ └[~] resource AWS::Events::Rule
│ ├ properties
│ │ ├ EventPattern: (documentation changed)
│ │ ├ State: (documentation changed)
│ │ └ Targets: (documentation changed)
│ └ types
│ └[~] type DeadLetterConfig
│ └ - documentation: A `DeadLetterConfig` object that contains information about a dead-letter queue configuration.
│ + documentation: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
│ For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-dlq.html) in the *EventBridge User Guide* .
├[~] service aws-fms
│ └ resources
│ ├[~] resource AWS::FMS::Policy
│ │ ├ - documentation: An AWS Firewall Manager policy.
│ │ │ Firewall Manager provides the following types of policies:
│ │ │ - An AWS Shield Advanced policy, which applies Shield Advanced protection to specified accounts and resources.
│ │ │ - An AWS WAF policy (type WAFV2), which defines rule groups to run first in the corresponding AWS WAF web ACL and rule groups to run last in the web ACL.
│ │ │ - An AWS WAF Classic policy, which defines a rule group. AWS WAF Classic doesn't support rule groups in Amazon CloudFront , so, to create AWS WAF Classic policies through CloudFront , you first need to create your rule groups outside of CloudFront .
│ │ │ - A security group policy, which manages VPC security groups across your AWS organization.
│ │ │ - An AWS Network Firewall policy, which provides firewall rules to filter network traffic in specified Amazon VPCs.
│ │ │ - A DNS Firewall policy, which provides Amazon Route 53 Resolver DNS Firewall rules to filter DNS queries for specified Amazon VPCs.
│ │ │ - A third-party firewall policy, which manages a third-party firewall service.
│ │ │ Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.
│ │ │ These policies require some setup to use. For more information, see the sections on prerequisites and getting started under [AWS Firewall Manager](https://docs.aws.amazon.com/waf/latest/developerguide/fms-prereq.html) .
│ │ │ + documentation: An AWS Firewall Manager policy.
│ │ │ A Firewall Manager policy is specific to the individual policy type. If you want to enforce multiple policy types across accounts, you can create multiple policies. You can create more than one policy for each type.
│ │ │ If you add a new account to an organization that you created with AWS Organizations , Firewall Manager automatically applies the policy to the resources in that account that are within scope of the policy.
│ │ │ Policies require some setup to use. For more information, see the sections on prerequisites and getting started under [Firewall Manager prerequisites](https://docs.aws.amazon.com/waf/latest/developerguide/fms-prereq.html) .
│ │ │ Firewall Manager provides the following types of policies:
│ │ │ - *AWS WAF policy* - This policy applies AWS WAF web ACL protections to specified accounts and resources.
│ │ │ - *Shield Advanced policy* - This policy applies Shield Advanced protection to specified accounts and resources.
│ │ │ - *Security Groups policy* - This type of policy gives you control over security groups that are in use throughout your organization in AWS Organizations and lets you enforce a baseline set of rules across your organization.
│ │ │ - *Network ACL policy* - This type of policy gives you control over the network ACLs that are in use throughout your organization in AWS Organizations and lets you enforce a baseline set of first and last network ACL rules across your organization.
│ │ │ - *Network Firewall policy* - This policy applies Network Firewall protection to your organization's VPCs.
│ │ │ - *DNS Firewall policy* - This policy applies Amazon Route 53 Resolver DNS Firewall protections to your organization's VPCs.
│ │ │ - *Third-party firewall policy* - This policy applies third-party firewall protections. Third-party firewalls are available by subscription through the AWS Marketplace console at [AWS Marketplace](https://docs.aws.amazon.com/marketplace) .
│ │ │ - *Palo Alto Networks Cloud NGFW policy* - This policy applies Palo Alto Networks Cloud Next Generation Firewall (NGFW) protections and Palo Alto Networks Cloud NGFW rulestacks to your organization's VPCs.
│ │ │ - *Fortigate CNF policy* - This policy applies Fortigate Cloud Native Firewall (CNF) protections. Fortigate CNF is a cloud-centered solution that blocks Zero-Day threats and secures cloud infrastructures with industry-leading advanced threat prevention, smart web application firewalls (WAF), and API protection.
│ │ ├ properties
│ │ │ ├ ResourceType: (documentation changed)
│ │ │ └ SecurityServicePolicyData: (documentation changed)
│ │ └ types
│ │ └[~] type SecurityServicePolicyData
│ │ └ properties
│ │ └ ManagedServiceData: (documentation changed)
│ └[~] resource AWS::FMS::ResourceSet
│ └ attributes
│ └ Id: (documentation changed)
├[~] service aws-fsx
│ └ resources
│ └[~] resource AWS::FSx::FileSystem
│ └ properties
│ └ StorageCapacity: (documentation changed)
├[~] service aws-identitystore
│ └ resources
│ ├[~] resource AWS::IdentityStore::Group
│ │ └ properties
│ │ └ DisplayName: (documentation changed)
│ └[~] resource AWS::IdentityStore::GroupMembership
│ ├ properties
│ │ └ GroupId: (documentation changed)
│ └ types
│ └[~] type MemberId
│ └ properties
│ └ UserId: (documentation changed)
├[~] service aws-lambda
│ └ resources
│ └[~] resource AWS::Lambda::Version
│ └ properties
│ └[+] Policy: json
├[~] service aws-lightsail
│ └ resources
│ └[~] resource AWS::Lightsail::Instance
│ └ attributes
│ └[+] Ipv6Addresses: Array<string>
├[~] service aws-location
│ └ resources
│ └[~] resource AWS::Location::Tracker
│ └ properties
│ └ PricingPlanDataSource: (documentation changed)
├[~] service aws-mediaconnect
│ └ resources
│ ├[~] resource AWS::MediaConnect::Flow
│ │ ├ properties
│ │ │ ├[+] Maintenance: Maintenance
│ │ │ ├[+] MediaStreams: Array<MediaStream>
│ │ │ └[+] VpcInterfaces: Array<VpcInterface>
│ │ ├ attributes
│ │ │ └[+] EgressIp: string
│ │ └ types
│ │ ├[+] type Fmtp
│ │ │ ├ documentation: A set of parameters that define the media stream.
│ │ │ │ name: Fmtp
│ │ │ └ properties
│ │ │ ├ExactFramerate: string
│ │ │ ├Colorimetry: string
│ │ │ ├ScanMode: string
│ │ │ ├Tcs: string
│ │ │ ├Range: string
│ │ │ ├Par: string
│ │ │ └ChannelOrder: string
│ │ ├[+] type InputConfiguration
│ │ │ ├ documentation: The transport parameters associated with an incoming media stream.
│ │ │ │ name: InputConfiguration
│ │ │ └ properties
│ │ │ ├InputPort: integer (required)
│ │ │ └Interface: Interface (required)
│ │ ├[+] type Interface
│ │ │ ├ documentation: The VPC interface that you want to use for the media stream associated with the output.
│ │ │ │ name: Interface
│ │ │ └ properties
│ │ │ └Name: string (required)
│ │ ├[+] type Maintenance
│ │ │ ├ documentation: The maintenance setting of a flow. MediaConnect routinely performs maintenance on underlying systems for security, reliability, and operational performance. The maintenance activities include actions such as patching the operating system, updating drivers, or installing software and patches.
│ │ │ │ You can select the day and time that maintenance events occur. This is called a maintenance window and is used every time a maintenance event is required. To change the day and time, you can edit the maintenance window using `MaintenanceDay` and `MaintenanceStartHour` .
│ │ │ │ name: Maintenance
│ │ │ └ properties
│ │ │ ├MaintenanceDay: string (required)
│ │ │ └MaintenanceStartHour: string (required)
│ │ ├[+] type MediaStream
│ │ │ ├ documentation: A single track or stream of media that contains video, audio, or ancillary data. After you add a media stream to a flow, you can associate it with sources and outputs on that flow, as long as they use the CDI protocol or the ST 2110 JPEG XS protocol. Each source or output can consist of one or many media streams.
│ │ │ │ name: MediaStream
│ │ │ └ properties
│ │ │ ├MediaStreamId: integer (required)
│ │ │ ├MediaStreamType: string (required)
│ │ │ ├VideoFormat: string
│ │ │ ├MediaStreamName: string (required)
│ │ │ ├Description: string
│ │ │ ├Attributes: MediaStreamAttributes
│ │ │ ├ClockRate: integer
│ │ │ └Fmt: integer
│ │ ├[+] type MediaStreamAttributes
│ │ │ ├ documentation: Attributes that are related to the media stream.
│ │ │ │ name: MediaStreamAttributes
│ │ │ └ properties
│ │ │ ├Fmtp: Fmtp
│ │ │ └Lang: string
│ │ ├[+] type MediaStreamSourceConfiguration
│ │ │ ├ documentation: The media stream that is associated with the source, and the parameters for that association.
│ │ │ │ name: MediaStreamSourceConfiguration
│ │ │ └ properties
│ │ │ ├EncodingName: string (required)
│ │ │ ├InputConfigurations: Array<InputConfiguration>
│ │ │ └MediaStreamName: string (required)
│ │ ├[~] type Source
│ │ │ └ properties
│ │ │ ├[+] MaxSyncBuffer: integer
│ │ │ └[+] MediaStreamSourceConfigurations: Array<MediaStreamSourceConfiguration>
│ │ └[+] type VpcInterface
│ │ ├ documentation: The details of a VPC interface.
│ │ │ name: VpcInterface
│ │ └ properties
│ │ ├Name: string (required)
│ │ ├NetworkInterfaceType: string
│ │ ├RoleArn: string (required)
│ │ ├SecurityGroupIds: Array<string> (required)
│ │ ├SubnetId: string (required)
│ │ └NetworkInterfaceIds: Array<string>
│ ├[~] resource AWS::MediaConnect::FlowOutput
│ │ ├ properties
│ │ │ └[+] MediaStreamOutputConfigurations: Array<MediaStreamOutputConfiguration>
│ │ └ types
│ │ ├[+] type DestinationConfiguration
│ │ │ ├ documentation: The definition of a media stream that is associated with the output.
│ │ │ │ name: DestinationConfiguration
│ │ │ └ properties
│ │ │ ├DestinationIp: string (required)
│ │ │ ├DestinationPort: integer (required)
│ │ │ └Interface: Interface (required)
│ │ ├[+] type EncodingParameters
│ │ │ ├ documentation: A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.
│ │ │ │ name: EncodingParameters
│ │ │ └ properties
│ │ │ ├CompressionFactor: number (required)
│ │ │ └EncoderProfile: string
│ │ ├[+] type Interface
│ │ │ ├ documentation: The VPC interface that you want to use for the media stream associated with the output.
│ │ │ │ name: Interface
│ │ │ └ properties
│ │ │ └Name: string (required)
│ │ └[+] type MediaStreamOutputConfiguration
│ │ ├ documentation: The media stream that is associated with the output, and the parameters for that association.
│ │ │ name: MediaStreamOutputConfiguration
│ │ └ properties
│ │ ├EncodingName: string (required)
│ │ ├DestinationConfigurations: Array<DestinationConfiguration>
│ │ ├MediaStreamName: string (required)
│ │ └EncodingParameters: EncodingParameters
│ └[~] resource AWS::MediaConnect::FlowVpcInterface
│ └ - documentation: The AWS::MediaConnect::FlowVpcInterface resource is a connection between your AWS Elemental MediaConnect flow and a virtual private cloud (VPC) that you created using the Amazon Virtual Private Cloud service.
│ To avoid streaming your content over the public internet, you can add up to two VPC interfaces to your flow and use those connections to transfer content between your VPC and MediaConnect.
│ You can update an existing flow to add a VPC interface. If you haven’t created the flow yet, you must create the flow with a temporary standard source by doing the following:
│ - Use CloudFormation to create a flow with a standard source that uses to the flow’s public IP address.
│ - Use CloudFormation to create a VPC interface to add to this flow. This can also be done as part of the previous step.
│ - After CloudFormation has created the flow and the VPC interface, update the source to point to the VPC interface that you created.
│ + documentation: The AWS::MediaConnect::FlowVpcInterface resource is a connection between your AWS Elemental MediaConnect flow and a virtual private cloud (VPC) that you created using the Amazon Virtual Private Cloud service.
│ To avoid streaming your content over the public internet, you can add up to two VPC interfaces to your flow and use those connections to transfer content between your VPC and MediaConnect.
│ You can update an existing flow to add a VPC interface. If you haven’t created the flow yet, you must create the flow with a temporary standard source by doing the following:
│ - Use CloudFormation to create a flow with a standard source that uses to the flow’s public IP address.
│ - Use CloudFormation to create a VPC interface to add to this flow. This can also be done as part of the previous step.
│ - After CloudFormation has created the flow and the VPC interface, update the source to point to the VPC interface that you created.
│ > The previous steps must be undone before the CloudFormation stack can be deleted. Because the source is manually updated in step 3, CloudFormation is not aware of this change. The source must be returned to a standard source before CloudFormation stack deletion.
├[~] service aws-mediatailor
│ └ resources
│ └[~] resource AWS::MediaTailor::PlaybackConfiguration
│ └ types
│ └[~] type AvailSuppression
│ └ properties
│ └[+] FillPolicy: string
├[~] service aws-mwaa
│ └ resources
│ └[~] resource AWS::MWAA::Environment
│ └ properties
│ ├[+] MaxWebservers: integer
│ └[+] MinWebservers: integer
├[~] service aws-neptune
│ └ resources
│ └[+] resource AWS::Neptune::EventSubscription
│ ├ name: EventSubscription
│ │ cloudFormationType: AWS::Neptune::EventSubscription
│ │ documentation: Creates an event notification subscription. This action requires a topic ARN (Amazon Resource Name) created by either the Neptune console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.
│ │ You can specify the type of source (SourceType) you want to be notified of, provide a list of Neptune sources (SourceIds) that triggers the events, and provide a list of event categories (EventCategories) for events you want to be notified of. For example, you can specify SourceType = db-instance, SourceIds = mydbinstance1, mydbinstance2 and EventCategories = Availability, Backup.
│ │ If you specify both the SourceType and SourceIds, such as SourceType = db-instance and SourceIdentifier = myDBInstance1, you are notified of all the db-instance events for the specified source. If you specify a SourceType but do not specify a SourceIdentifier, you receive notice of the events for that source type for all your Neptune sources. If you do not specify either the SourceType nor the SourceIdentifier, you are notified of events generated from all Neptune sources belonging to your customer account.
│ ├ properties
│ │ ├Enabled: boolean
│ │ ├EventCategories: Array<string>
│ │ ├SnsTopicArn: string (immutable)
│ │ ├SourceIds: Array<string>
│ │ └SourceType: string
│ └ attributes
│ └Id: string
├[~] service aws-personalize
│ └ resources
│ └[~] resource AWS::Personalize::Dataset
│ └ types
│ └[~] type DataSource
│ ├ - documentation: Describes the data source that contains the data to upload to a dataset.
│ │ + documentation: Describes the data source that contains the data to upload to a dataset, or the list of records to delete from Amazon Personalize.
│ └ properties
│ └ DataLocation: (documentation changed)
├[~] service aws-pipes
│ └ resources
│ └[~] resource AWS::Pipes::Pipe
│ └ types
│ ├[~] type EcsEphemeralStorage
│ │ └ - documentation: The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate . For more information, see [Fargate task storage](https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) in the *Amazon ECS User Guide for Fargate* .
│ │ > This parameter is only supported for tasks hosted on Fargate using Linux platform version `1.4.0` or later. This parameter is not supported for Windows containers on Fargate .
│ │ + documentation: The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see [Fargate task storage](https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) in the *Amazon ECS User Guide for Fargate* .
│ │ > This parameter is only supported for tasks hosted on Fargate using Linux platform version `1.4.0` or later. This parameter is not supported for Windows containers on Fargate.
│ ├[~] type PipeSourceParameters
│ │ └ properties
│ │ └ SelfManagedKafkaParameters: (documentation changed)
│ ├[~] type PipeSourceSelfManagedKafkaParameters
│ │ └ - documentation: The parameters for using a stream as a source.
│ │ A *self managed* cluster refers to any Apache Kafka cluster not hosted by AWS . This includes both clusters you manage yourself, as well as those hosted by a third-party provider, such as [Confluent Cloud](https://docs.aws.amazon.com/https://www.confluent.io/) , [CloudKarafka](https://docs.aws.amazon.com/https://www.cloudkarafka.com/) , or [Redpanda](https://docs.aws.amazon.com/https://redpanda.com/) . For more information, see [Apache Kafka streams as a source](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-kafka.html) in the *Amazon EventBridge User Guide* .
│ │ + documentation: The parameters for using a self-managed Apache Kafka stream as a source.
│ │ A *self managed* cluster refers to any Apache Kafka cluster not hosted by AWS . This includes both clusters you manage yourself, as well as those hosted by a third-party provider, such as [Confluent Cloud](https://docs.aws.amazon.com/https://www.confluent.io/) , [CloudKarafka](https://docs.aws.amazon.com/https://www.cloudkarafka.com/) , or [Redpanda](https://docs.aws.amazon.com/https://redpanda.com/) . For more information, see [Apache Kafka streams as a source](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-kafka.html) in the *Amazon EventBridge User Guide* .
│ └[~] type PipeTargetRedshiftDataParameters
│ └ properties
│ └ SecretManagerArn: (documentation changed)
├[~] service aws-quicksight
│ └ resources
│ ├[~] resource AWS::QuickSight::DataSet
│ │ └ types
│ │ ├[~] type DataSetRefreshProperties
│ │ │ └ properties
│ │ │ └ RefreshConfiguration: - RefreshConfiguration
│ │ │ + RefreshConfiguration (required)
│ │ ├[~] type DataSetUsageConfiguration
│ │ │ └ properties
│ │ │ ├ DisableUseAsDirectQuerySource: - boolean
│ │ │ │ + boolean (default=false)
│ │ │ └ DisableUseAsImportedSource: - boolean
│ │ │ + boolean (default=false)
│ │ ├[~] type DateTimeDatasetParameterDefaultValues
│ │ │ └ - documentation: <p>List of default values defined for a given string date time parameter type. Currently only static values are supported.</p>
│ │ │ + documentation: <p>The default values of a date time parameter.</p>
│ │ ├[~] type IncrementalRefresh
│ │ │ └ properties
│ │ │ └ LookbackWindow: - LookbackWindow
│ │ │ + LookbackWindow (required)
│ │ ├[~] type LookbackWindow
│ │ │ └ properties
│ │ │ ├ ColumnName: - string
│ │ │ │ + string (required)
│ │ │ ├ Size: - number
│ │ │ │ + number (required, default=0)
│ │ │ └ SizeUnit: - string
│ │ │ + string (required)
│ │ ├[~] type RefreshConfiguration
│ │ │ └ properties
│ │ │ └ IncrementalRefresh: - IncrementalRefresh
│ │ │ + IncrementalRefresh (required)
│ │ ├[~] type TransformOperation
│ │ │ └ properties
│ │ │ ├ OverrideDatasetParameterOperation: (documentation changed)
│ │ │ └[+] UntagColumnOperation: UntagColumnOperation
│ │ └[+] type UntagColumnOperation
│ │ ├ documentation: A transform operation that removes tags associated with a column.
│ │ │ name: UntagColumnOperation
│ │ └ properties
│ │ ├ColumnName: string (required)
│ │ └TagNames: Array<string> (required)
│ ├[~] resource AWS::QuickSight::DataSource
│ │ ├ properties
│ │ │ ├ Name: - string
│ │ │ │ + string (required)
│ │ │ └ Type: - string (immutable)
│ │ │ + string (required, immutable)
│ │ └ types
│ │ ├[~] type AuroraParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type AuroraPostgreSqlParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type DatabricksParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[+] type IdentityCenterConfiguration
│ │ │ ├ documentation: The parameters for an IAM Identity Center configuration.
│ │ │ │ name: IdentityCenterConfiguration
│ │ │ └ properties
│ │ │ └EnableIdentityPropagation: boolean
│ │ ├[~] type MariaDbParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type MySqlParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type OracleParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type PostgreSqlParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type PrestoParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[+] type RedshiftIAMParameters
│ │ │ ├ documentation: <p>A structure that grants Amazon QuickSight access to your cluster and make a call to the <code>redshift:GetClusterCredentials</code> API. For more information on the <code>redshift:GetClusterCredentials</code> API, see <a href="https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html">
│ │ │ │ <code>GetClusterCredentials</code>
│ │ │ │ </a>.</p>
│ │ │ │ name: RedshiftIAMParameters
│ │ │ └ properties
│ │ │ ├RoleArn: string (required)
│ │ │ ├DatabaseUser: string
│ │ │ ├DatabaseGroups: Array<string>
│ │ │ └AutoCreateDatabaseUser: boolean (default=false)
│ │ ├[~] type RedshiftParameters
│ │ │ └ properties
│ │ │ ├[+] IAMParameters: RedshiftIAMParameters
│ │ │ ├[+] IdentityCenterConfiguration: IdentityCenterConfiguration
│ │ │ └ Port: - number
│ │ │ + number (default=0)
│ │ ├[~] type ResourcePermission
│ │ │ └ properties
│ │ │ └[+] Resource: string
│ │ ├[~] type SparkParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type SqlServerParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type SslProperties
│ │ │ └ properties
│ │ │ └ DisableSsl: - boolean
│ │ │ + boolean (default=false)
│ │ ├[~] type StarburstParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type TeradataParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ └[~] type TrinoParameters
│ │ └ properties
│ │ └ Port: - number (required)
│ │ + number (required, default=0)
│ └[~] resource AWS::QuickSight::Topic
│ └ types
│ ├[~] type TopicCalculatedField
│ │ └ properties
│ │ └ DisableIndexing: (documentation changed)
│ └[~] type TopicColumn
│ └ properties
│ └ DisableIndexing: (documentation changed)
├[~] service aws-redshift
│ └ resources
│ └[~] resource AWS::Redshift::Cluster
│ └ properties
│ └[-] MasterPasswordSecretKmsKeyId: string
├[~] service aws-route53resolver
│ └ resources
│ └[~] resource AWS::Route53Resolver::FirewallRuleGroup
│ └ types
│ └[~] type FirewallRule
│ └ properties
│ └[+] FirewallDomainRedirectionAction: string
├[~] service aws-s3
│ └ resources
│ └[~] resource AWS::S3::Bucket
│ └ types
│ └[~] type DefaultRetention
│ └ - documentation: The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket.
│ > - The `DefaultRetention` settings require both a mode and a period.
│ > - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.
│ + documentation: The container element for optionally specifying the default Object Lock retention settings for new objects placed in the specified bucket.
│ > - The `DefaultRetention` settings require both a mode and a period.
│ > - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.
├[~] service aws-sagemaker
│ └ resources
│ ├[~] resource AWS::SageMaker::Domain
│ │ └ types
│ │ └[~] type DefaultSpaceSettings
│ │ └ properties
│ │ ├[+] CustomFileSystemConfigs: Array<CustomFileSystemConfig>
│ │ ├[+] CustomPosixUserConfig: CustomPosixUserConfig
│ │ ├[+] JupyterLabAppSettings: JupyterLabAppSettings
│ │ └[+] SpaceStorageSettings: DefaultSpaceStorageSettings
│ └[~] resource AWS::SageMaker::Space
│ └ - documentation: Creates a space used for real time collaboration in a domain.
│ + documentation: Creates a private space or a space used for real time collaboration in a domain.
├[~] service aws-securityhub
│ └ resources
│ ├[~] resource AWS::SecurityHub::Insight
│ │ └ types
│ │ └[~] type AwsSecurityFindingFilters
│ │ └ properties
│ │ └ SeverityNormalized: (documentation changed)
│ └[+] resource AWS::SecurityHub::SecurityControl
│ ├ name: SecurityControl
│ │ cloudFormationType: AWS::SecurityHub::SecurityControl
│ │ documentation: A security control in Security Hub describes a security best practice related to a specific resource.
│ ├ properties
│ │ ├SecurityControlId: string
│ │ ├SecurityControlArn: string
│ │ ├LastUpdateReason: string
│ │ └Parameters: Map<string, ParameterConfiguration> (required)
│ └ types
│ └type ParameterConfiguration
│ ├ name: ParameterConfiguration
│ └ properties
│ └ValueType: string (required)
├[~] service aws-ssm
│ └ resources
│ └[~] resource AWS::SSM::MaintenanceWindowTask
│ ├ properties
│ │ └ ServiceRoleArn: (documentation changed)
│ └ types
│ └[~] type MaintenanceWindowRunCommandParameters
│ └ properties
│ └ ServiceRoleArn: (documentation changed)
└[~] service aws-sso
└ resources
├[+] resource AWS::SSO::Application
│ ├ name: Application
│ │ cloudFormationType: AWS::SSO::Application
│ │ documentation: Creates an application in IAM Identity Center for the given application provider.
│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ ├ properties
│ │ ├Name: string (required)
│ │ ├Description: string
│ │ ├InstanceArn: string (required, immutable)
│ │ ├ApplicationProviderArn: string (required, immutable)
│ │ ├Status: string
│ │ ├PortalOptions: PortalOptionsConfiguration
│ │ └Tags: Array<tag>
│ ├ attributes
│ │ └ApplicationArn: string
│ └ types
│ ├type PortalOptionsConfiguration
│ │├ documentation: A structure that describes the options for the portal associated with an application.
│ ││ name: PortalOptionsConfiguration
│ │└ properties
│ │ ├Visibility: string
│ │ └SignInOptions: SignInOptions
│ └type SignInOptions
│ ├ documentation: A structure that describes the sign-in options for an application portal.
│ │ name: SignInOptions
│ └ properties
│ ├Origin: string (required)
│ └ApplicationUrl: string
├[+] resource AWS::SSO::ApplicationAssignment
│ ├ name: ApplicationAssignment
│ │ cloudFormationType: AWS::SSO::ApplicationAssignment
│ │ documentation: A structure that describes an assignment of a principal to an application.
│ └ properties
│ ├ApplicationArn: string (required, immutable)
│ ├PrincipalType: string (required, immutable)
│ └PrincipalId: string (required, immutable)
└[+] resource AWS::SSO::Instance
├ name: Instance
│ cloudFormationType: AWS::SSO::Instance
│ documentation: Creates an instance of IAM Identity Center for a standalone AWS account that is not managed by AWS Organizations or a member AWS account in an organization. You can create only one instance per account and across all AWS Regions .
│ The CreateInstance request is rejected if the following apply:
│ - The instance is created within the organization management account.
│ - An instance already exists in the same account.
│ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
├ properties
│ ├Name: string
│ └Tags: Array<tag>
└ attributes
├InstanceArn: string
├OwnerAccountId: string
├IdentityStoreId: string
└Status: string
```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the L1 CloudFormation resource definitions with the latest changes from
@aws-cdk/aws-service-specL1 CloudFormation resource definition changes: